Date: Sun, 02 Jan 94 08:45:19 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#012
Computer Privacy Digest Sun, 02 Jan 94 Volume 4 : Issue: 012
Today's Topics: Moderator: Leonard P. Levine
Privacy with Credit Card Transactions
Re: Driver Protection Act
Ludwig's book on viruses forbid in France
CBC Newsworld Documentary - US Communication Interception
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Justin Fidler <jfidler@cap.gwu.edu>
Date: Sun, 26 Dec 1993 18:31:46 -0500 (EST)
Subject: Privacy with Credit Card Transactions
There was an interesting article in the Washington Post on 26 December
1993 by Jane Bryant Quinn that discusses what information a consumer
making a credit card purchase must provide. Excerpts below:
>[...] They must check your signature and the card-- electronically or
by telephone-- to be sure it's valid. Once an answer comes up yes,
they can go ahead and charge.
>They can't ask you for any further identification-- not a license
plate number, Social Security number, proof of address, phone number
nor picture ID.
>Your personal ID isn't needed, because Visa, MasterCard and American
Express guarantee payment on cards that have been properly checked. If
[...]
The article then goes on to detail the problem one consumer had at a
gas station where the gas station employees insisted on writing down
his license plate number. It then lists the conditions under which a
merchant may ask for ID:
>The card holder's signature on the back of the card is the only ID
necessary-- even if the merchant has some reason to be suspicious.
[...] You can be asked for identification only if you proffer a card
that isn't signed on the back (and how often I have forgotten to sign a
new card when it comes in the mail!). Then, the merchant can ask for
identification and require you to sign the card immediately.
The article then states that some companies, like MasterCard, will come
down hard on offending merchants, to the point of assessing them with a
fine of as much as $2,000. The article goes on to mention that in the
case of Visa and MasterCard, there is no minimum purchase amount
required for a consumer to use a card. American Express DOES allow for
a purchase minimum, provided the merchant extends it to all other cards
being accepted at that store (so if a merchant accepts Visa or MC as
well, there can be no AmEx minimum, because no minimum can be placed on
Visa or MC).
>[...] A merchant can ask for your address when you order by telephone,
however. There it's used to authorize the card, absent a signature.
The privacy issues here? Lots of them. I have made numerous credit
card purchases where the merchant has asked for a driver's license or
some other type of identification. It appears the best revenge is not
to argue at the store if the merchant is insistent, but rather to
notify the credit card company, who will really come down hard on the
merchant. The credit cards mentioned in this article with the policies
I've listed above are Visa, American Express, and MasterCard. The
Discover card does allow the merchant to ask for ID and to set a
minimum purchase limit (maybe this is why so many merchants were eager
to accept the Discover card?). The article ends with a list of
contacts if you have had problems with merchants, I've listed them
below.
>[...] MASTERCARD: Send the name and address of the store, and an
account of what happened, to MasterCard International, c/o Radio City
Station, P.O. Box 1288, New York, NY 10101.
>VISA: To report a merchant, send a letter to the bank that issued your
Visa card.
>AMERICAN EXPRESS: If a merchant does anything to hinder your use of an
American Express card-- such as requesting identification or asking for
a Visa or MasterCard even though the American Express logo is in the
window-- report the incident to American Express at 1-800-YES-CARD.
------------------------------
From: geoff@ficus.CS.UCLA.EDU (Geoff Kuenning)
Date: Mon, 27 Dec 93 20:58:40 GMT
Subject: Re: Driver Protection Act
Organization: UCLA, Computer Science Department
> "(7) For use in marketing activities, if the motor vehicle
> department-
...
> "(C) has received assurances that each entity that
This is a loophole big enough to drive the Space Shuttle (with
boosters) through. Note that there are no penalties specified for
people who buy the list under false "assurances" and then misbehave.
"Oh sure, Mr. Bureaucrat, I'm not going to misuse this list. BTW, can
you tell me where the nearest gun shop is? Let's
see...Sanders...Saldana. Aha, here she is!"
(For those who don't know, Theresa Saldana is an actress who was
viciously attacked by a person who stalked her.)
I'd be a *lot* happier with this bill if it prohibited selling lists
entirely. Otherwise it's a toothless sham. Why does the DMV need to
sell my name, anyway? I can't believe it's going to be making a
significant amount of money. I doubt that mailing lists are worth a
lot more than the per-name postage; even if we assume $1.00 per name,
that wouldn't even pay for my fancy new ha-ha-forgery-proof license
with the hologram and mag stripe. --
Geoff Kuenning geoff@ficus.cs.ucla.edu geoff@ITcorp.com
------------------------------
From: cccf <cccf@altern.com>
Date: Wed, 29 Dec 93 7:00:31 EST
Subject: Ludwig's book on viruses forbid in France
Translated in French language by Jean-Bernard Condat, Mark A. Ludwig's
book "The Little Black Book of Computer Viruses" is actually available
in all bookstores for 198 FF. The editor of this event is
Addison-Wesley France (41 rue de Turbigo, 75003 paris, France; Phone:
+33 1 48879797, Fax: +33 1 48879799).
Yesterday, Addison-Wesley France receive a legal pursuit to stop the
diffusion of all issues of "Naissance d'un Virus" immediately. The
judgement will be definitive on Dec. 30th at 11:00 at the Tribunal de
Grande Instance in Paris.
Followed the increadible text, piece of humor :-)
[I have chosen to remove the remainder of this posting. It was the
legal judgement in French and had signinficant parts lost in
transmission. MODERATOR]
------------------------------
From: ua602@freenet.victoria.bc.ca (Kelly Bert Manning)
Date: Thu, 30 Dec 93 00:43:22 PST
Subject: CBC Newsworld Documentary - US Communication Interception
This aired Dec 28 on the broadcast CBC network and will be repeated at
18:00 Pacific Time Sun/Jan/2 and 01:00 PST Mon/Jan/3 on the CBC
Newsworld satellite/ cable channel. "Satellite Entertainment Guide"
lists this as KU-band channel 31 on the Anik E1 satellite, located at
111 degrees west. This particular story takes up the last half hour of
the hour long show.
The bulk of the article dealt with the "Menwith Hill" listening station
in southern England and left me with the impression that the US
intercepts all satellite transmissions it can on a regular basis, both
voice and data. The long range shots showed a very large area covered
with scores of weather domes concealing scores of large and small
antennas.
At one point it showed a speaker identified as "Abdeen Jebarah"
(phonetic spelling) who was described as a US civil rights lawyer who
was said to have won a unique case against the NSA forcing it to admit
to intercepting his foreign communications. The show gave the
impression that many other individuals are being targeted by having key
words and names included in computerized "watch lists". Apparently it
is perfectly legal for the US to intercept these communications outside
the US, even if they originate in the US from US citizens or companies,
without specific authorization from a court.
A man identified as "Stansfield Turner" (phonetic spelling) and said to
be a former director of the CIA(circa 1979) described how he had gotten
the CIA involved in the business of economic warfare after hearing a
station chief describe how he had not forwarded intercepted bids from
three foreign companies to the single US company bidding on a "major
contract" because there was "no policy" about this. Mr. Turner said
that he was "not impressed" by this and arranged for a new "Office of
Intelligence Liason" organization to be set up inside the US Dept. of
Commerce which is known to pass along information from stations like
Menwith Hill as a way of "lending a hand" to US companies facing
international competition.
This leaves me with the impression that US spy agencies would quickly
find themselves with a full set of Skipjack/Clipper keys for use
outside the US without specific authorization if the proposals were
ever implemented. These keys would be used to routinely monitor any
communciations that could be intercepted.
If all of this is true it seems like it would hasten the move towards
satellites becoming a specialized service for broadcasting to multiple
receivers at once time, rather than being a reliable secure form of
point to point communication. The only error I could spot in the
broadcast was a claim that "all" overseas traffic goes by satellite. I
have the impression that the satellite belt is already saturated and
losing out in favor of fiber optic land lines for point to point
service where fiber access is readily available.
At one point the journalists set up a small domestic satellite dish
outside the fence at Menwith Hill and used a total of $3,000 of
consumer satellite electronics to monitor phone conversations,
broadcasting an audio sequence in which a female voice instructed
"dear" about closing out a bank account before travelling to join her.
This illustrates that satellite communication without secure encryption
is really open to interception by anyone. Private individuals or
companies may not have the resources(or the voice recognition and AI
technology) to match Menwith Hill, let alone build a worldwide network
of such listening posts, but they may be able to target specific
communications if they have enough information to narrow down the
satellite and the band.
The article also showed documents obtained by a group of local
residents who oppose the presence of Menwith Hill and who routinely
climb over the fence and go whereever they can inside to gather as much
"intelligence" as they can about the activities and what is going on.
One retired physicist said that she had been over the fence at least
500 times and had stopped counting long ago. Apparently they do not
break any British laws, even the trespassing law, as long as they leave
at once whenever they are found by the guards. The 30 minute show
included several minutes of footage of people climbing over the fence,
and guards walking by a few feet away in the winter darkness and later
finding them inside a building and ordering them off the station. The
physicist also pointed out the electronic monitors that seemed quite
ineffective at alterting the guards to people who simply climbed over
the fences instead of trying to dig under them or cut through them.
------------------------------
From: Lane Lenard <72621.2241@CompuServe.COM> Date: 01 Jan 94 17:50:36
EST Subject: Interested in Privacy experiences
I am working on a book on privacy issues, especially as they relate to
electronic communications and abuse of personal information in
databases. If you have had any personal experiences in these areas or
have knowledge of such experiences by others, including various forms
of eavesdropping, prying by government or private agencies, etc, I'd be
interested in hearing them. Please contact me via e-mail or leave a
message on the forum.
Thanks for your help.
Virtually yours,
Lane Lenard
------------------------------
End of Computer Privacy Digest V4 #012
******************************
.