Date: Thu, 06 Jan 94 08:58:03 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#014
Computer Privacy Digest Thu, 06 Jan 94 Volume 4 : Issue: 014
Today's Topics: Moderator: Leonard P. Levine
Phone company selling forwarding addresses.
Autoland Credit Scam
RE: Horror Stories
Meeting with Gore and Brown
Access to privacy information
Postal Privacy
Re: Maryland to introduce high-tech drivers' license
Re: CBC Newsworld Documentary - US Communication Interception
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Dave Ptasnik <davep@cac.washington.edu>
Date: Tue, 4 Jan 1994 09:59:03 -0800 (PST)
Subject: Phone company selling forwarding addresses.
This comes as no great surprise to me, but was a little irritating.
About four months ago my mother-in-law moved in with us (believe it or
not this is not the irritating part) in Seattle. Before she moved, we
had her name listed in the local phone directory (Lincoln, IL) as Del
Murphy, short for Delores Murphy. We figured that this masculine
contraction of her name would discourage prank callers and other
miscreants who pick on ladies names in the phone book. The phone
company (GTE what a surprise) was the only place she used this
contraction. When she moved in with us, we decided to give GTE our
business PO box as a forwarding address. It seemed safer to us than
giving our home address. (We are paranoid about break ins. Telling
someone in Lincoln that we were moving a household to Seattle implies
that the household in Seattle is vacant at that moment. Using the PO
box would not allow Normal low lifes to call Seattle burglers for a
quick raid on our place.)
Sure enough, we are getting mail bombed by insurance agencies, siding
sales reps, etc, looking for Del Murphy at the PO Box address (Welcome
to town...). The only way they could have gotten that name/place
combination would have been if GTE had sold it. At least we recycle.
All of the above is nothing more than the personal opinion of -
Dave Ptasnik davep@u.washington.edu
------------------------------
From: szabo@netcom.com (Nick Szabo)
Date: Thu, 23 Dec 1993 16:04:09 -0800
Subject: Autoland Credit Scam
Forwarded from Usenet:
Early this month, Secret Service agents descended upon Autoland, a
large auto dealership in Springfield New Jersey, and arrested 15
salesman who had been ilegally accessing thousands of credit histories
on the dealership's computers. Credit information, including credit
lines, account numbers, and balances were distributed to accomplices of
these salesmen and used to fraudulently obtain home-equity loans, cash
advances, and merchandise worth well over US$300,000.
Wary consumers and an unusually conscientious manager at Autoland
cooperated to bring these theives to the attention of the Secret
Service. Individuals in Alaska and Washington State called Autoland to
question credit report requests they noticed on their credit reports.
(My guess is that these people subscribed to one of those
pay-for-our-secret-info-about-you extortion services like TRW's
CreditWatch). The manager at Autoland, instead of quietly dismissing
the offending employees and upgrading security procedures, notified
Springfield police who in turn notified the Secret Service. The Secret
Service came in and set up video cameras surveilling one of the many
computer terminals at the dealer. They also installed a software system
to monitor which salesmen inquired about which individuals. Currently
the SS is supposedly notifying every person living outside of NY and NJ
whose credit history was accessed by Autoland.
Interestingly enough, an Autoland credit inquiry appeared on my recent
TRW report which I requested after I found out that someone, who knew
my social security number, mother's maiden name, and other intimate
details of my personal and financial life. I had not lost my wallet or
been robbed in several years and so could not figure out what was going
on. I'm a graduate student and my wife is a low-paid professional, so
I couldn't think of anything about us that would warrant such
extravagant attention by a thief. On my second round of frantic phone
calls to all of my credit card issuers, after finding out that people
were changing my address, asking for PIN's and new cards, one of the
larger Visa/MC providers called me back and told me that my case
sounded a lot like an "Autoland" case. She explained to me some of what
I explained above (mostly, it comes from the NY Times, 12/9/93, p.
A18). Since then, I have had to redirect several card issuers to
change my address back to the original, to replace missent invoices, to
wave late fees and interest charges, etc. The only loss I know of
resulting from these people's work is one charge for about $800.00 in a
New York area clothing store. Yet they have messed with at least 6 of
my cards and applied for at least four more. I have been reassured by
the card issuers that I am not responsible for fraudulent charges.
Despite the lack of financial impact, this experience has been
chilling. It underscores the extortionist nature of the entire
credit/banking/financial establishment in this country. In order to
use a credit card in our society, (or to carry a student loan, a
mortgage, or to use any other source of credit), one must display
sensitive information for ANY merchant or enterprising thief to
peruse. Why the hell are the account numbers of my credit cards on a
report that details my creditworthiness and goes out to anyone who
wants to pay TRW, TransUnion, or Equifax the small fee? How can anyone
prevent such things from happening again except to cancel one's cards
and go to a paper cash only economy? Should I then go to the 7-11
every month with a few hundred dollars in cash to buy money orders to
send to my landlord and the utility companies? Even this wouldn't
prevent others from impersonating me and applying for new cards.
The only way I can think of to alleviate the current tyranny of the
TRWs is to develop the digital tools that will allow the individual to
protect his identity and his property. If I had digital cash or credit
that required TRULY SECRET passwords (known ONLY to me) to use, then
impersonation would cease to be a worry. Ultimately, I would like
anonymity in my financial transactions as well. Why should any hacker
with a modem be able to track my financial dealings?
In the meantime, I see no alternative but to pay one of these monster
extortion machines the $15.00 or so per year to get a list of everyone
who accesses my credit report and then call each inquirer and tell them
to cut it out. Do they have to listen? I don't think so...
David M. Berman <images@netcom.com>
------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: Tue, 4 Jan 94 16:45 EST
Subject: RE: Horror Stories
Lane Leonard on Jan 2 asked about sources of personal experiences, or
privacy "horror stories." PRIVACY JOURNAL newsletter publishes such a
compilation, called "WAR STORIES." The book describes more than 500
verified instances of privacy invasions, alon g with the source of the
story. The accounts are categorized by Employment, Credit, Electronic
Communications, Drug Testing, etc. The price is $17.50, from PRIVACY
JOURNAL, PO Box 28577, Providence RI 02908. You may order by credit
card, by phone, 401/ 274-7861, or by e-mail, rsmith, MCI Mail
510-1719. There is a 20 percent discount on all our publications for
people who mention Computer Privacy Digest. Robert Ellis Smith,
Publisher, Privacy Journal
------------------------------
From: Marc Rotenberg <Marc_Rotenberg@washofc.cpsr.org>
Date: Tue, 4 Jan 1994 15:00:56 -0800
Subject: Meeting with Gore and Brown
Meeting with Gore and Brown
We just received an invitation to meet tomorrow with Vice President
Gore and Secretary Brown at the Old Executive Office Building to
discuss the NII. There will be about 20 industry CEOs and a couple of
public interest people.
I am bringing copies of the CPSR NII report and the most recent CPSR
Newsletter.
------------------------------
From: Christian ALT <catcim@eig.unige.ch>
Date: Thu, 6 Jan 1994 09:38:31 +0100
Subject: Access to privacy information
Organization: University of Geneva, Switzerland
Hi flk,
I read in a french magazine called "Actuel", that in the US any body
could request information on anybody at certain center. That is to say
that all information available on a person could be accessed through
the net or requested. The information can be details on the person like
birthday, insurances, incomes, credits, taxes ...
This seems to me incredible, to know that a service exists where I can
request information on any of you.
I would like to if this is true and then how to access it. I want to
know what you think about violation of your privacy.
We had enormous debat in Germany about the simple fact that with ISDN
you could know in advance who is calling you. So it seems to me
terrible debat in perspective if we want to allow such a general
service in Europe.
All feedbacks are appreciated
Christian ALT
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Wed, 5 Jan 1994 11:22:15 -0600 (CST)
Subject: Postal Privacy
According to an AP story quoted in the Milwaukee Sentinel (1/5/94), the
Post Office is changing the mail forwarding system to help protect
people who are under court protection, such as battered women.
Presently, for $3, a person can go to the post office of someone who
has moved and obtain that person's new address. By sometime in the
spring changes in the rules will permit forwarding of mail, but not
address correction services for protected people. Postmaster General
Marvin Runyon is asking for comments and suggestions from the public.
He stated that the changes will require new computer programs which
would take up to 6 months to implement.
[This story was a part of the story about the postal rate change and
might not have been headlined. My personal comments follow.]
Not covered in the story, but of interest to this forum might be the
question as to why only people protected by a court order should have
their right to privacy protected. Why are the rest of us not so
served? If I want to leave no trail, why not require a court order to
get my new address, if I have left as a deadbeat. I have heard that
missing persons bureaus of police departments sometimes report back
that the person (of age and in good mental health) is not in danger and
does not wish to be found. Is that the norm or just an artifact of TV
programs like "Missing Persons"?
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: tale@ten.uu.net (David C Lawrence)
Date: 5 Jan 1994 00:38:53 GMT
Subject: Re: Maryland to introduce high-tech drivers' license
Organization: UUNET Communications
In article <comp-privacy4.10.1@cs.uwm.edu>
Paul Robinson <PAUL@TDR.COM> writes:
> The signature and photo will be digitized and stored on a computer
> data base. This is in response to a 1992 incident in which a man
> murdered another, then had the license of the man he killed reissued
> with his face on it, even though the murderer was not even the same
> race as the decedent.
I hope they do it a little better than Virginia. VDOT still succeeded
in wasting an hour of my day for taking another picture and getting
another signature when I went for a replacement license after my wallet
had been stolen. I thought it quite odd that they didn't simply print
a new license since they had everything they needed digitized and
supposedly floating around in their system. I still had to have a new
photograph and give a new signature sample.
Security-wise, I don't recall what ID I had to provide to get the
replacement, but as I recall it wasn't anything that would have been
hard to forge.
------------------------------
From: ua602@freenet.victoria.bc.ca (Kelly Bert Manning)
Date: Wed, 5 Jan 94 21:31:34 PST
Subject: Re: CBC Newsworld Documentary - US Communication Interception
In a previous article, charlesv@aupair.cs.athabascau.ca
(Charles van Duren) says:
>About two weeks ago CBC Prime Time did a feature on war crimes in
Bosnia, specifically on the possibility of prosecuting the higher-ups
who gave the orders. The interviewer confronted Serbian leader Slobodan
Milosevic with verbatim evidence, implicating Serbian leadership in war
crimes committed by Serbian irregulars, which he said came from
satellite transmission intercepts.
>I believe from what I've read that the US gov't also had very reliable
knowledge about the August attempted coup in Moscow.
>No electronic communication is safe from prying eyes, Get used to it.
I'm not sure what you mean. Are you saying that using private
non-shared fiber and encryption is not going to make any difference?
It seems to me that the use of broadcast technology(radio
phone/cellular, long distance via microwave relay, or satellite) or
going through an enencrypted shared network introduces a lot of
exposure. Here in the provincial capital the government has an
enclusive non-shared metropolitan area network on private fiber. It
also has a province wide network to regional network centers SPAN/BC
which again is implemented on private non shared fiber.
At a recent meeting of IEEE Victoria Section a BC Tel spokesman talked
about how the Vancouver Island fiber ring connects the BC mainland with
a transatlantic Y connection on the west coast that goes south to San
Franciso and across the straight to Vancouver. How is this going to be
intercepted? BC Tel uses modified dispersion fiber and has no trouble
running 100 km links without having to put in a signal regenerator.
This cuts down on the number of locations at which someone could snoop
at the traffic as it gets digitally regenerated or switched.
It was interesting to hear that Teleglobe Canada, nominally a satellite
communications company, was a partner with BC Tel in building this link
because it is also heavily involved in transoceanic fiber.
One thing I didn't mention in the earlier post was that Menwith Hill
and similar stations do more than just listen to geo synchronous
communication satelites. They also pick up the intelligence gathered
from low orbiting satellites specifically designed to snoop on radio
communications, such as walkie talkies, military and civilian radio,
microwave telephone system links, and cellular and similar wireless
phones. These satellites pass over most of the earth, including the US.
I doubt that the agencies involved bother to stop listening when they
are out of range of the USSR, China or other nominal enemies of the US.
They probably just listen to whatever else is in range, even if it
originates in the US.
------------------------------
End of Computer Privacy Digest V4 #014
******************************
.