Date: Tue, 11 Jan 94 08:27:11 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#016
Computer Privacy Digest Tue, 11 Jan 94 Volume 4 : Issue: 016
Today's Topics: Moderator: Leonard P. Levine
Credit Card Fraud
What happened to VA driver's license changes?
Re: Privacy with Credit Card Transactions
Freedom and Privacy Conference
Ask Rat Dog
Re: Access to privacy information
Re: SSN reqd by public schools; DL reqd with credit card
Re: Maryland to introduce high-tech drivers' license
Re: SSN reqd by public schools; DL reqd with credit card
Anonymous Posting and Remailing (long)
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: agrosso@world.std.com (Andrew Grosso)
Subject: Credit Card Fraud
Organization: The World Public Access UNIX, Brookline, MA
Date: Sat, 8 Jan 1994 15:05:34 GMT
With regard to the credit card fraud problem, law enforcement
*is* interested in these types of crimes, even where the amount of money
is under $10,000 for one victim. Often the loss to all victims, in the
aggregate, exceeds this. Different agencies, and jurisdictions of
those agencies, have different work loads and priorities, and some will
take the case while others won't.
In the instance where the perpetrator is in Houston and his
victims are in other states, I would contact, in writing, with copies of
relevant documents enclosed, the following agencies in Houston, Texas:
the FBI, the Secret Service, and the Postal Inspectors for the Postal
Service. The Sercret Service has explicit co-jurisdiction, with the FBI,
over credit card and computer fraud. The Postal Service investigates any
fraud where the mails are used.
As a federal prosecutor, I have handled at least two credit card
fraud cases, and the amount in one was less than $10,000, while in the
other it was not much higher.
People like these need to be stopped, because you are not the
only victim they are abusing.
------------------------------
From: "Michael T. Palmer" <palmer@chmsr.isye.gatech.edu>
Date: 8 Jan 1994 15:21:55 GMT
Subject: What happened to VA driver's license changes?
Organization: Georgia Institute of Technology
Whatever happened to the effort to change VA driver's licenses
to remove the SSN as the DL number? I believe it was almost two
years ago that initial hearings were held.
What is going on? What committees are involved? Who should I
send letters to? Are any *bills* out there to make this change
into law?
Thanks for any info you can provide.
Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available
Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng
Georgia Institute of Technology, Atlanta, Georgia 30332-0205
------------------------------
From: ygoland@hurricane.seas.ucla.edu (The Jester)
Date: Sun, 9 Jan 1994 06:59:09 GMT
Subject: Re: Privacy with Credit Card Transactions
Organization: School of Engineering & Applied Science, UCLA.
Do the rules regarding visa and mastercard usage hold for international
customers? Further what if the customer is not a resident of the country in
which the card is being used? I am currently living in Israel for the year
and whwnever I use my credit cards I am asked for a phone number. Just
curious.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Mon, 10 Jan 1994 07:41:38 -0600 (CST)
Subject: Freedom and Privacy Conference
Dave Banisar <cpsr@access.digex.net> has announced a conference,
"CFP '94 THE FOURTH CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY",
MARCH 23-26, 1994 CHICAGO PALMER HOUSE HILTON
"CYBERSPACE SUPERHIGHWAYS: ACCESS, ETHICS and CONTROL"
The description of the conference includes the following:
Cyberspace, Information Superhighway, National Information
Infrastructure, Open Platforms, Computer and Communications
Revolution, Electronic Networks, Digital Data Bases and Information
Society are words and phrases common to the rhetoric of our modern
era. The relationships between and among individuals, society,
nations, government entities and business organizations are in
constant flux as new stresses and alliances change the old "rules
of the game." Today's challenges are to define what is the "game,"
who owns the "franchises," who can play, what are the rules and who
calls the shots. Information and communications technology raise
new issues for freedom and privacy in this new era. Such questions
are on the agenda as the participants in CFP'94 consider the
alternatives and seek some solutions. Come, join in the dialogue
that will help to shape the world's future!
A copy of the complete document (about 860 lines long) is available via
ftp by the following process:
ftp ftp.cs.uwm.edu (on your system)
ftp (answer to login request)
your_userid@your_site (answer to password request)
cd pub/comp-privacy/library (at ftp prompt)
get cfp94 (move document to your filespace)
quit (back to your system)
or if ftp is unavailable or difficult to use, send a request for cfp94
to:
comp-privacy-request@uwm.edu
----------------------------------+------------------------------------------
Leonard P. Levine | Moderator of Computer Privacy Digest and
Professor of Computer Science | comp.society.privacy.
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
----------------------------------+------------------------------------------
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Tue, 11 Jan 1994 07:57:47 -0600 (CST)
Subject: Ask Rat Dog
My local newspaper, The Milwaukee Journal, carries a syndicated
column called "Ask Rat Dog" which addresses various means of
searching for people who have been lost. The January 10, 1994
issue discusses a person from Anchorage Alaska who is looking for
her father who left home with his dental assistant in 1961.
Rat dog discusses using the Massachusetts Dental Board, Motor
Vehicles Department records, Social Security records and the
like. Her articles generally deal with techniques for finding
people who, for whatever reason, want to maintain their privacy.
In the current number is one item of some special interest. She
says: "Without your father's birthdate, or even age, we could not
make use of the national death index, nor whatever Motor Vehicle
Department licensing records are still available to the public."
It seems like this people searcher is beginning to have problems
with states closing down their MVD records for open searching.
It is, after all, a zero sum game, and her difficulties are
linked with the privacy needs of someone else. I recommend that,
if your local paper carries the feature, you read it. Its level
is good, she discusses her technique, and lets me see the holes
in the system.
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: elisheva@access.netaxs.com (Jon Held)
Date: 11 Jan 1994 00:19:53 GMT
Subject: Re: Access to privacy information
Organization: Net Access - Philadelphia's Internet Connection
Christian ALT (catcim@eig.unige.ch) wrote:
: Hi flk,
: I read in a french magazine called "Actuel", that in the US any body
: could request information on anybody at certain center. That is to say
: that all information available on a person could be accessed through
: the net or requested. The information can be details on the person like
: birthday, insurances, incomes, credits, taxes ...
: This seems to me incredible, to know that a service exists where I can
: request information on any of you.
: I would like to if this is true and then how to access it. I want to
: know what you think about violation of your privacy.
: We had enormous debat in Germany about the simple fact that with ISDN
: you could know in advance who is calling you. So it seems to me
: terrible debat in perspective if we want to allow such a general
: service in Europe.
: All feedbacks are appreciated
: Christian ALT
SOME information can be legally obtained on most people, thru the "Freedom
of Information Act" - like address, phone number. Alot of other more
personal information can be obtained semi-legally or illegally, through
snooping or by hiring a private investigator.
o__ Jon Held
_.>/ _ elisheva@netaxs.com
(_) \(_) (don't eat flowers)
------------------------------
From: kelly@nashua.hp.com (Kelly Hoffman)
Date: 7 Jan 1994 21:47:14 GMT
Subject: Re: SSN reqd by public schools; DL reqd with credit card
Organization: Hewlett-Packard
In article <comp-privacy4.15.4@cs.uwm.edu>,
Wm. Randolph U Franklin <wrf@ecse.rpi.edu> wrote:
>The local Service Merchandise requires the driver's licence for some
>people paying by credit card, like those who refuse to give an
>address ... Then they write the DL number on the slip.
I see that you're posting from Troy, NY...
I thought it was against New York State law to require an address or
phone number for a credit card purchase, and I seem to recall that the
law allowed for corroborating identification, but that the vendor
couldn't copy info from the ID. Perhaps you should notify the state
attorney general's office?
Of course, my memory's not what it used to be, so I may simply be
confused. :-)
Kelly K. Hoffman kelly@nashua.hp.com
Learning Products Engineer
Hewlett-Packard, Network Test Division "Reading the manual is
One Tara Blvd., Nashua, NH USA 03062 admitting defeat."
------------------------------
From: chi@netcom.com (Curt Hagenlocher)
Date: Sat, 8 Jan 1994 04:38:22 GMT
Subject: Re: Maryland to introduce high-tech drivers' license
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
tale@ten.uu.net (David C Lawrence) writes:
>I hope they do it a little better than Virginia. VDOT still succeeded
>in wasting an hour of my day for taking another picture and getting
>another signature when I went for a replacement license after my wallet
>had been stolen.
>...
>Security-wise, I don't recall what ID I had to provide to get the
>replacement, but as I recall it wasn't anything that would have been
>hard to forge.
I recently lost my wallet here in California, including my driver's
license, which was the old paper type. When I went to get a replacement,
I was not asked for ANY id. I came prepared with a birth certificate
(admittedly pictureless and worthless as a "real" id), an expired
American passport and a current European one. They took my name, my
address, my license number and my $10. They then took my picture and
my fingerprints.
Regardless of who the state of California thought that Curt Hagenlocher
was before this; now, they think I'm him.
------------------------------
From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr)
Date: Sat, 8 Jan 94 08:12:10 EST
Subject: Re: SSN reqd by public schools; DL reqd with credit card
wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes:
>The local grade schools are now advertising the times the new parents
>in the district can register their kids. The required documentation
>includes in addition to the medical record etc, the kid's SSN.
>
>Not having kids, I've not tried to see how hard it is to waive that,
>but it sounds illegal.
>
> ----------------
>
>The local Service Merchandise requires the driver's licence for some
>people paying by credit card, like those who refuse to give an
>address. (They're tougher than Radio Shack at wanting addresses and
>phones.) Then they write the DL number on the slip. I called them
>later, and this is their policy when the card is not signed or they
>suspect fraud. Apparently not giving your address is a badge of
>criminality to them.
I'd check with the Attorney General's Office if I were you. I seem
to remember that a few years back, the State passed a law that said
that nothing can appear on a credit card receipt except a signature;
no driver's liscense, nothing.
As for a check, no credit card info can be required but a driver's
liscense can since it is a public record.
Visa and MasterCard regs state that once the transaction is given
an approval code, nothing more is needed to complete the sale.
Discover, on the other hand, is an "anything goes" type of card
unless prohibited by state law. AMEX follows the procedure of
doing whatever other cards do which raises the question when
a merchant accepts all four.
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: hh@soda.berkeley.edu (Eric Hollander)
Date: 9 Jan 1994 10:40:57 GMT
Subject: Anonymous Posting and Remailing (long)
Organization: University of California, Berkeley
How to use the hh@soda.berkeley.edu Usenet poster and Anonymous Remailer
by Eric Hollander
This document describes some of the special features of the
hh@soda.berkeley.edu remailer. Because this remailer is essentially just a
modification of the standard Cypherpunk's Remailer, I recomend that you also
read soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz.
= What does this remailer do?
This remailer allows anyone who can send mail to post to Usenet newsgroups,
and also to send mail to anyone else on the Internet. Both of these
functions can be anonymous (the identity of the sender is hidden from the
recipient) or non-anonymous (the identity of the sender is known to the
recipient).
= Why is this remailer different from the standard Cypherpunks remailers?
The main difference between this remailer and the other Cypherpunk remailers
is that this remailer allows posting to all Usenet newsgroups, either
anonymously, or non-anonymously. It also has the regular remailer functions
of forwarding mail, either anonymously or non-anonymously (nonymously?).
The other minor difference is that this remailer adds a random time delay
for anonymous mail and posting.
= A note about header fields
This remailer/poster looks at the header of the mail you send it to decide
what to do. Some mail programs don't allow easy editting of the header. If
your program doesn't allow editting of the header, you can still use the
remailer. To do this, send mail in the normal way, but start your message
like this:
::
Anon-Post-To: rec.fish
leaving no blank lines before the :: and a blank line after the header field
to be inserted. The remailer will consider the line after the :: to be a
part of the header. All of the instructions bellow can be used with actual
header fields or the :: format.
= How do I use this remailer to anonymously post to Usenet?
Send mail to hh@soda.berkeley.edu with a header like this:
To: hh@soda.berkeley.edu
Anon-Post-To: rec.fish
Subject: I flushed a fish on Friday
On Friday, I did a terrible thing, so I'm posting
this anonymously...
This message will be posted to rec.fish, with nothing to indicate who was
the original sender. Only the Subject field will be retained; everything
else in the header will be discarded.
= How do I post non-anonymously?
Send mail like this:
To: hh@soda.berkeley.edu
Post-To: rec.fish
Subject: flushing fish
How despicable of you to flush a fish!
This will be posted to rec.fish non-anonymously; the From and Subject fields
will be retained in the post.
= Crossposting
To crosspost, simply list the newsgroups, separated by commas, with no
spaces, like this:
Anon-Post-To: rec.fish,alt.ketchup
Note that excessive crossposting is an abuse of the net. Some people have
to pay for their news, and they don't want to read "how to make money fast"
in rec.fish.
= Testing
I recomend that you post test messages to make sure you are using the
remailer properly. Please post these messages to the appropriate test
groups (alt.test, rec.test, etc). Also, if you post non-anonymously to a
test group, many sites will send you mail confirming that they have received
the post. To avoid this, put the word "ignore" in the subject line.
= Anonymous mail
This remailer is capable of sending anonymous mail. To send mail to
foo@bar.com, send a message like this:
To: hh@soda.berkeley.edu
Anon-Send-To: foo@bar.com
Subject: Ronald Sukenick
I think you should read something by Ronald Sukenick.
and foo@bar.com will recieve the message, without knowing who sent it.
= Non-anonymous mail forwarding
This remailer supports non-anonymous mail forwarding. To use this feature,
send mail like this:
To: hh@soda.berkeley.edu
Send-To: foo@bar.com
Subject: you know who I am
This mail is from me!
= Testing mail
Please test the anonymous remailer functions before you use it "for real" by
sending mail to yourself or a friend.
= Chaining, encryption, and other issues
These features are discussed in detail in
soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. While you're
looking at that file, you might also want to check out PGP in
/pub/cypherpunks/pgp. If you haven't installed PGP on your machine yet, you
should try it out. This remailer doesn't yet support encryption, but it's
coming soon.
= Remailer abuse
This remailer has been abused in the past, mostly by users hiding behind
anonymity to harass other users. I will take steps to squish users who do
this. Let's keep the net a friendly and productive place.
= A note to ucb users
This remailer allows posting to ucb.* newsgroups.
= If you have other questions or problems
send normal mail (without any of the above headers) to hh@soda.berkeley.edu.
= Disclaimer
This remailer is not endorsed in any way by the University of California.
I, Eric Hollander, take no responsibility for the content of posts or
messages, and I take no responsibility for the consequences of using my
remailer. For example, if you post anonymously, and someone manages to
trace it back to you, I am not responsible.
= Copyright
This file is copyright 1994 Eric Hollander, all rights reserved. You are
free to distribute this information in electronic format provided that the
contents are unchanged and this copyright notice remains attached.
Welcome to the Computer Privacy Digest. This forum is gatewayed into
the USENET news group comp.society.privacy. This forum was set up to
discuss the effect that technology has on privacy. The forum is sent
out in a digest format. Submissions to the digest should be sent to
comp-privacy@uwm.edu and trivia to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp from ftp.cs.uwm.edu
(129.89.9.18). login as "ftp" with yourname-siteid as a password.
Files are in directory "pub/comp-privacy". Come in and look around.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
------------------------------
End of Computer Privacy Digest V4 #016
******************************
.