Date: Sat, 15 Jan 94 14:25:24 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#018
Computer Privacy Digest Sat, 15 Jan 94 Volume 4 : Issue: 018
Today's Topics: Moderator: Leonard P. Levine
Form 1040
FOIA and Copyright
INMAC using mailing list derived from internet materials
FBI Pushes for Enhanced Wiretap Capabilities
Re: What happened to VA driver's license changes?
Re: Autoland Credit Scam
Re: SSN reqd by public schools; DL reqd with credit card
CPSR Address
re: California Drivers license
GAO Data Matching Report
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Sat, 15 Jan 1994 10:50:57 -0600 (CST)
Subject: Form 1040
Organization: University of Wisconsin-Milwaukee
Those of you who pay US taxes might want to look at the front of the
book that arrived a few days ago.
There is a hole in the cover through which your name and address
appears with NO Social Security Number showing. When you open the
cover, there is a label to affix to your return that has the SSN.
Last year the mailing label showed the SSN. Is it possible that
someone is actually listening?
By the way, Form 1 from the State of Wisconsin (the equivalent to
1040) has still got the old style exposed SSN.
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: reed@interval.com (David P. Reed)
Date: Fri, 14 Jan 1994 09:54:28 -0500
Subject: FOIA and Copyright
The recent note by James Love of Nader's Taxpayer's Assets Project attempt
to break West's control of the Juris database raises interesting issues
related to the use of FOIA to allow one taxpayer to seize another's
property. (Let me make it clear that I'm not commenting on the dispute
about Juris, instead I'm extending the argument Love makes).
FOIA is apparently being used to request a free copy of the contents of
West's Juris database from the gov't. Apparently the cost of purchasing it
from West is considered a barrier, and FOIA is being used to get it
cheaper. [The general issue of whether the gov't should make judicial
opinions available through channels other than West is more complex, but
the FOIA approach tries to bypass those issues]
Now suppose that I sell the government a copyrighted work (a book, play,
computer program, whatever). If a citizen decides that the gov't cost to
make a copy of that work is less than it costs to buy it in the commercial
marketplace, he/she can bypass the commercial source, and ask the gov't to
give it to them under the FOIA, since it is a taxpayer asset. There is an
exemption when it is in a library (obviously since the Lib of Congress gets
copies of all books, this would be a problem). But where does it cross
between a library and a taxpayer asset?
If a gov't employee in the course of doing his job records a movie on HBO
for later viewing under fair use (this is clearly not a library function),
one might argue the FOIA gives an entrepreneur the right to request it for
distribution to taxpayers free. Looks like a new business opportunity,
especially if you can get the FCC to do so on a regular basis.
------------------------------
From: paul@vix.com (Paul A Vixie)
Date: 14 Jan 94 20:18:10
Subject: INMAC using mailing list derived from internet materials
Organization: Vixie Enterprises
today i got three copies of the INMAC catalogue, sent to myself and two others
at my address. the others do not live here, but one of them has an account on
my internet-connected computer and posts a fair number of netnews articles.
someone had to cross-reference "From:" field information against the NIC's
"whois" domain database to get the particular combination of company name,
street address, and user full name that was used on this mailing label.
i am outraged. i'm going to call "Ken Campbell", the VP+GM of north america,
to try to find out where he bought this mailing list. i don't expect him to
want to tell me, and since he has broken no laws there's not a lot i can sue
him for. the best i realistically expect is to cause him to stop buying this
particular mailing list in the interests of protecting inmac's public image.
my immediate goal is to find the company that sold inmac the list, and then
ultimately trace it back to the people who created it, and then try to talk
some sense into them.
my overall goal is to see to it that "commercializing the internet" does not
translate to "bombarding people with electronic and physical junk mail since
all of their name and address information is so easy to find." if we don't
draw a line in the sand and vigorously enforce a non-junkmail culture, we
will shortly see a time when "netfind" and other tools no longer operate
because noone will give out any information about their users.
al gore's information superhighway, whose technology level will no doubt
resemble the internet's in the same way that DOS resembles UNIX, is going to
magnify whatever problems we have. i don't want this to be one of the problems
we have.
help? how can i approach this issue?
--
Paul Vixie
Redwood City, CA Also: <comp-sources-unix@uunet.uu.net>, <vixie@bsdi.com>,
decwrl!vixie!paul <ftpmail-admin@pa.dec.com>, <vixie@sony.com>,
<paul@vix.com> <{bind-workers,objectivism}-request@vix.com>
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Sat, 15 Jan 1994 10:18:36 -0600 (CST)
Subject: FBI Pushes for Enhanced Wiretap Capabilities
Organization: University of Wisconsin-Milwaukee
The following was taken from the CPSR Alert, issue 3.01, Thu, 13 Jan
1994 15:42:37 EST, Dave Banisar <banisar@washofc.cpsr.org>, CPSR
Washington Office
In the past month, FBI officials have indicated publicly that they are
continuing to push for enactment of legislation to mandate the building
in of electronic surveillance capabilities into most telecommunications
equipment. In addition, there are also reports that the Department of
Justice is investigating the possibility of recommending changes in the
law to allow for military personnel and equipment to be used by law
enforcement for electronic surveillance of Asian speakers.
On December 8, FBI Director Louis Freeh spoke at the National Press
Club where he stated:
In order to keep up with the criminals and to protect our
national security, the solution is clear. We need legislation
to ensure that telephone companies and other carriers provide
law enforcement with access to this new technology.
Communications Daily reported that the FBI and the telecommunications
carriers have formed a working group to discuss the problem and that
the companies might implement the capabilities voluntarily. This
working group has met several times.
Scripps Howard News Service reported on December 5 that the Department
of Justice is considering proposing new legislation to allow the
military to assist with wiretaps of Asian suspects. Currently the
military is prohibited by the 1878 Posse Comitatus Act, which prohibits
the use of military personal and resources in civilian law enforcement
activities. It was amended in 1981 to allow for use of military
personal and equipment for advice and assistance in drug interdiction.
Freeh reportedly told Scripts Howard that "I think that if we had
access to 50 or 100 qualified linguists in the Asian language[s] we
could probably monitor by ten times our ability to do court-authorized
surveillances of Asian organized crime groups."
Civil liberties groups are concerned about the military conducting
domestic electronic surveillance, especially in light of the recent
disclosures by CPSR of the National Security Agency's role in the
development of the Digital Signature Standard and the Digital Telephony
Proposal.
Sources inside the administration indicate that the long awaited
inter-agency review of government encryption policy, including Clipper,
the Digital Telephony Proposal and export control is due out by the end
of January. The report is expected to be classified.
------------------------------
From: news@cbnewsh.att.com
Date: Fri, 14 Jan 94 02:43:10 GMT
Subject: Re: What happened to VA driver's license changes?
Organization: NCR, an AT&T Company, Pleasanton CA
"Bayardo Alvarez" <balvarez@mason1.gmu.edu> writes:
I live in Virginia and recently had my license renewed. Not only is
the SSN still the DL number, but know it has a magnetic strip. I
didn't have a chance to ask the attendant what is stored in that
strip. Does someone have any information?
Sorry, officer, I don't know why my driver's license won't read.
I keep it nice and safe in this magnetic badge holder along with my ID
for the cyclotron lab! It did get bent once, but I ironed it, so it's
nice and flat again. :-) :-)
Some state, maybe CA, has a magnetic strip on the back of their
license that uses the standard credit-card industry mag-stripe formats.
I don't know how much of the data was on it (I think the article was
in comp.society.privacy or alt.privacy; maybe it's archived?),
but I think it was basically the same information as on the front.
I've heard they don't put anything there now.
# Bill Stewart NCR Corp, 6870 Koll Center Pkwy, Pleasanton CA 94566
# Email: bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# Phone: 1-510-484-6204 Beeper: 1-510-224-7043
# If people were required to *know* all the laws, and not just to obey them,
# the government would be overthrown tomorrow! (From a button by Nancy Lebovitz)
------------------------------
From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr)
Date: Fri, 14 Jan 94 07:55:32 EST
Subject: Re: Autoland Credit Scam
>From: news@cbnewsh.cb.att.com (NetNews Administrator)
bill.stewart@pleasantonca.ncr.com billstewart@attmail.com writes:
>More to the point, are you sure it isn't the street address of the
>local mail-box company? Most of them are perfectly happy to take mail
>with addresses like
> 123 Main St. #432
>and the post office will deliver them.
One of my daughters asked me if I would co-sign a car loan for her and
when the salesman called me and asked for some very basic information,
one of the questions was "can I have a credit card account number?" I
told him that I'd prefer not to give it due to the Autoland scam and
that anyway, it would be made known during a credit check.
His reply: "Don't blame you, I'll leave it blank."
My daughter decided not to get the car due to the deal the salesman
proposed so it was a moot issue (I hope).
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr)
Date: Fri, 14 Jan 94 08:00:22 EST
Subject: Re: SSN reqd by public schools; DL reqd with credit card
>From: news@cbnewsh.cb.att.com (NetNews Administrator)
bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
>Apparently, Visa allows them to ask for other id when the credit card
isn't signed on the back.
Both MasterCard and Visa allow a merchant to check for identification
if a credit card isn't signed.
One of the best ones that happened to me was a few years ago in a J. C.
Penny's store on Long Island. I'd forgotten to sign my card and went
to use it for paying for a purchase.
The clerk checked the back, noticed that it was unsigned and asked me
to sign it then and there which I did. She *never* asked for further
proof of ID.
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: kec@stubbs.ucop.edu
Date: Fri, 14 Jan 94 12:07:20 PST
Subject: CPSR Address
Organization: University of California, Berkeley
<salomon@seas.gwu.edu> writes:
> I understand that there is a
group Computer Professionals for Social Responsibility: i would also
like to get in touch with them.
CPSR can be reached at cpsr@cpsr.org.
Karen Coyle CPSR/Berkeley Chapter
------------------------------
From: reb@ingres.com (Phydeaux)
Date: Fri, 14 Jan 1994 13:57:55 -0800
Subject: re: California Drivers license
>They took my name, my address, my license number and my $10. They
then took my picture and my fingerprints.
What legal right do they have to take copies of your fingerprints --
and for that matter, your photograph? What's next, cavity searches
and drug screening? What happens if you refuse to submit to
fingerprinting?
It's supposed to be a license to drive a motor vehicle, not a
centralized repository for personal information.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Sat, 15 Jan 1994 10:15:09 -0600 (CST)
Subject: GAO Data Matching Report
Organization: University of Wisconsin-Milwaukee
The following was taken from the Computer underground Digest, Thu Jan
13 1994 Volume 6 Issue 06 ISSN 1004-042X Editors: Jim Thomas and Gordon
Meyer (TK0JUT2@NIU.BITNET). The report was posted there by Dave
Banisar <banisar@WASHOFC.CPSR.ORG>
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302) or
U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
ONE HUNDRED THIRD CONGRESS
CONGRESS OF THE UNITED STATES
HOUSE OF REPRESENTATIVES
COMMITTEE ON GOVERNMENT OPERATIONS
2157 RAYBURN HOUSE OFFICE BUILDING
WASHINGTON, DC 20515-8143
PRIVACY CONTROLS OVER COMPUTER MATCHING LARGELY IGNORED
Rep. Condit Releases New GAO Report
A new General Accounting Office (GAO) report found serious deficiencies
in implementation of the 1988 Computer Matching and Privacy Protection
Act. The report was released today by Rep. Gary A. Condit (D-CA),
chairman of the Subcommittee on Information, Justice, Transportation,
and Agriculture.
Computer matching is the identification of similarities or
dissimilarities in data found in two or more computer files. Matching
is frequently used to identify delinquent debtors or ineligible program
recipients. Computer matching has been criticized as an invasion of
privacy, and the Computer Matching and Privacy Protection Act was
passed to regulate the use of computer matching by federal agencies.
In releasing the report, Rep. Condit said: "Most federal agencies have
done a lousy job of complying with the Computer Matching Act. Agencies
ignore the law or interpret it to suit their own bureaucratic
convenience, without regard for the privacy interests that the law was
designed to protect.
"As a result, we don't have any idea when computer matching is a
cost-effective technique for preventing fraud, waste, and abuse. I
support reasonable computer matching that saves money. But if we are
losing money, wasting resources, and invading privacy, then it makes no
sense.
"A broader issue is whether agencies can be expected to police their
own operations that affect the privacy of the average citizen.
Certainly OMB has done little to assist. We may need a different
approach to overseeing federal privacy-related activities."
GAO found numerous problems with the implementation of the Act's
requirements.
Cost-Benefit Analyses: The Act requires that matching programs include
an analysis of the costs and benefits of the matching. One of the
purposes of the Act was to limit the use of matching to instances where
the technique was cost effective. GAO found many problems with
implementation of this requirement, including poor quality or
non-existent analyses. In 41% of cases, no attempt was made to
estimate costs or benefits or both.
In 59% of cases whem costs and benefits were esfimted, GAO found that
not all reasonable costs and benefits were considered; that inadequate
analyses were provided to support savings claims; and that no effort
was made after the match to validate estimates.
o Data Integrity Boards: The Act requires agencies involved in matching
activities to establish a Data Integrity Board to oversee the process.
GAO found that the Boards were not providing full and earnest reviews
of proposed matches. GAO did not find any instance in which a Board
pemianently cancelled an ongoing matching program or refused to approve
a newly proposed one.
GAO did not find evidence that the requirements of the matching act
were used by the Boards to determine if a match should be approved. GAO
also found that the implementation of the new procedures does not
appear to have had major effects on the most important review process,
the decision to conduct the match.
GAO found that the Data Integrity Boards generally accepted agencies
and states cost-benefit analyses despite their "severe methodological
flaws and lack of documentation." The documentation often failed to
show how costs and benefits were calculated or the time period for
expected savings. Agencies rarely estimated the most significant
costs.
Overall, GAO found that the Data Integrity Boards provide less than a
full and earnest review of matching agreements to detem-dne whether to
proceed with proposed matches, but rather a regularization of the
approval process.
The report is titled Computer Matching: Quality of Decisions and
Supporting Analyses Little Affected by 1988 Act. The report number is
GAO/PEMD-94-2, and the date is October 18, 1993. Copies can be obtained
[for free] from GAO by calling 202-512-6000.
------------------------------
End of Computer Privacy Digest V4 #018
******************************
.