Date: Mon, 17 Jan 94 06:23:10 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#019
Computer Privacy Digest Mon, 17 Jan 94 Volume 4 : Issue: 019
Today's Topics: Moderator: Leonard P. Levine
Re: Form 1040
DES Encryption
Public Hearings on Privacy
Your Post About Newspaper Column
Re: Autoland Credit Scam
Re: FOIA and Copyright
Re: INMAC using mailing list derived from internet materials
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: Re: Form 1040
Date: Mon, 17 Jan 1994 06:02:42 -0600 (CST)
Organization: University of Wisconsin-Milwaukee
Oops. A half dozen readers noted that the form I had received
was different from the form the rest of the United States had
received :-) and that they had the same old form as 1992 with
the mailing label containing their Social Security Number.
Checking with a friend it became clear that I had received Pack-
age 1040-5 and most people had received Package 1040-10, the same
package as was used in 1992. The two booklets differ mainly in
that Package 1040-5 has a hole in the cover and that the tax-
payer's name and address, printed on the next sheet, show through
the hole. The usual label (with the red IRS printed down the
right side and the SSN included) is affixed just below this and
is not visible through the hole. Us privacy freaks will be
pleased with this. There is more, however, not ominous to me but
interesting.
Form 1040-5 has a hole in the cover. That cover consists of page
1 and 2 on the front of the booklet and unnumbered pages contain-
ing the index and a page discussing major categories of income
and outlays for 1992 on the back of the booklet.
Between pages 2 and 3 in the front and between the index and page
2 of the instructions for form 8829 in the back is a new sheet
page numbered V-1, V-2, V-3 and V-4. Pages V-2 and V-3 are
otherwise blank. Pages V-1 and V-4 are a single face of computer
output containing 4 distinct items.
On the top of page V-1 my name appears twice, first upside down
in such a way as to be visible through the hole in the cover,
then right side up on the removable sticker along with my SSN.
The bottom half of page V-1 discusses and contains a new form
1040-V about the size and shape of a business check preprinted
with my name, address, SSN, and a coded string of text in an OCR
font. The instructions tell me to include form 1040-V if I am
making a payment, and to use only that form, not a photocopy.
This tells me that the form is printed with magnetic ink, like
the OCR text on the bottom of checks.
Page V-4 at the back of the booklet is an order blank for forms
and documents. The information block is just like what I have on
page 31 of the 1992 Package 1040-10, however this new form has a
few nice touches. First, it is correctly addressed to the Cen-
tral Area Distribution Center so that I do not have to guess
where to send it. Second, it is preprinted with my name and
address (no SSN) and has 10 inches of bar code that I have to
assume contains the same information so that a return envelope
can be built from this form. I do have to pay the postage but
page V-4 folds into a mailer.
I strongly suspect that I was not the only one who was sent
Package 1040-5 although I would be pleased if they went to all
this trouble just for me. Page V-1 contains the statement that
"We are providing some taxpayers in your area with..." indicating
that this may be a local test. My agents in the field are check-
ing on this even as we speak.
I would like to thank the following people for informing me that
one sample does not constitute a change in a fairly widely dis-
tributed publication:
====================
Received From: gast@CS.UCLA.EDU (David Gast)
Perhaps your booklet did not dispaly the SSN, but mine did, and the
other booklet I saw did also.
One should not make sweeping generalizations with a small or limited
sample size.
====================
Received From: Dean Ridgway <ridgwad@CSOS.ORST.EDU>
Its probably a fluke, the 1040EZ form still has the single press-affix
label it has last year.
Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@kira.csos.orst.edu
| CIS 73225,512 | ridgwad@csos.orst.edu
====================
Received From: shaman@cyberia.bowlgreen.oh.us (Paul Zimmerman)
MINE still has SSN on the front. It is form 1040 (not 'A' or 'EZ')
- are you referring to one of these?
But then, mine didn't have a cover. It was just a booklet.
Internet: shaman@cyberia.bowlgreen.oh.us (Paul Zimmerman)
Uucp: ...!bgsuvax!cyberia.bowlgreen.oh.us!shaman
ICBM: 41.23.4 N 83.37.8 W
Bowling Green, Ohio
====================
Received From: oppedahl@panix.com (Carl Oppedahl)
I received Package 1040-10, and there was no cover or anything like
it. There on the label on the outside of the booklet was my old style
exposed SSN.
Carl Oppedahl AA2KW
Oppedahl & Larson (patent lawyers)
Yorktown Heights, NY
voice 212-777-1330
====================
Received From: rfrank@kaiwan.com (Ronald E. Frank)
My 1993 1040 book still has a mailing label with the SSAN on the
cover...
Actually, I intended to post this... but it's too much trouble to
change now :-)
====================
Received From: Carl Oppedahl <oppedahl@panix.com>
I received Package 1040-10, and there was no cover or anything like
it. There on the label on the outside of the booklet was my old style
exposed SSN.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of Computer Privacy Digest and
Professor of Computer Science | comp.society.privacy.
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
---------------------------------+-----------------------------------------
------------------------------
From: Steven Vardy <004388v@dragon.acadiau.ca>
Date: Fri, 14 Jan 1994 18:44:39 -0400 (AST)
Subject: DES Encryption
Hello, My name is Steven Vardy and I am a Computer Science Major at
Acadia University in Wolfville, Nova Scotia, Canada and I was wondering
if you have any information on DES Encryption. The type of information
I need isn't how it is programmed, but how it works and what it does
for the computer industry. Every source that I have tried for this
project has come up dry and time is REALLY running out!! Can you help?
If you can you can either give me access for a day, or send me the
information I need to 004388v@dragon.acadiau.ca
Thanking you in advance,
Steven Vardy
004388v@dragon.acadiau.ca
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Sat, 15 Jan 1994 10:20:07 -0600 (CST)
Subject: Public Hearings on Privacy
Organization: University of Wisconsin-Milwaukee
The following was taken from the CPSR Alert, issue 3.01, Thu, 13 Jan
1994 15:42:37 EST, Dave Banisar <banisar@washofc.cpsr.org>, CPSR
Washington Office
The Information Infrastructure Task Force (IITF) Privacy Working Group
has announced two public hearings on privacy and the NII to be held in
Sacramento, Ca and Washington, DC The meetings are organized by the US
Office of Consumer Affairs. They are the first meetings in nearly
twenty years to be held outside Washington on privacy.
The public meetings will examine privacy issues relating to such areas
as law enforcement, financial services, information technology, and
direct marketing. Representatives from the public, private and
non-profit sectors will attend. CPSR has been asked to participate at
both hearings.
The California meeting, January 10th and llth, will be hosted by Jim
Conran, Director, California Department of Consumer Affairs in the
First Floor Hearing Room at 400 R Street in Sacramento. The Washington,
DC meeting, January 26th and 27th, will be held at the U.S. Department
of Commerce Auditorium, 14th & Constitution Ave. NW. Registration
begins at 8:30am, meetings at 9am.
The public is invited to attend, question speakers and to make brief
comments, but space is limited. Concise written statements for the
record should be sent to "Privacy," USOCA, 1620 L Street NW, Washington
DC 20036 or faxed to (202)634-4135.
For more Information, Contact Pat Faley or George Idelson at
(202)634-4329.
------------------------------
From: Chuck Weckesser <71233.677@CompuServe.COM>
Date: 15 Jan 94 15:48:40 EST
Subject: Your Post About Newspaper Column
I greatly enjoyed your recent comment about the local privacy-busting
column that runs amok in your city. Here in Florida, we have similar
columns.
What never ceases to amaze me - obviously I am too naive - is the
brazen, nonchalant manner in which they go about invading another
person's privacy. It's as though they were discussing the merits of
buying at K-Marvt v. Wal-Mart.
------------------------------
From: images@netcom.com (David M. Berman)
Date: Sun, 16 Jan 1994 04:26:34 GMT
Subject: Re: Autoland Credit Scam
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
dwn@dwn.ccd.bnl.gov (Dave Niebuhr) writes:
>One of my daughters asked me if I would co-sign a car loan for her and
when the salesman called me and asked for some very basic information,
one of the questions was "can I have a credit card account number?" I
told him that I'd prefer not to give it due to the Autoland scam and
that anyway, it would be made known during a credit check.
>His reply: "Don't blame you, I'll leave it blank."
>My daughter decided not to get the car due to the deal the salesman
proposed so it was a moot issue (I hope).
I'm rather certain that a name and address are sufficient
identification to run a credit check. Your best protection at this
point in time is to pay TRW or one of the other services to send you a
recent report several times per year. These reports list INQUIRIES
made into your credit record -- mine listed Autoland as one.
Witholding your credit card number from the salesman did not hold him
up at all because the TRW (or Equifax or Transunion) report lists ALL
of your cards and ALL of their numbers along with credit line, payment
history, balance, etc.
There is no way to operate in the conventional credit world that would
prevent others from impersonating you. To borrow from the Catholic
church, the only truly safe behavior when it comes to credit is
abstenance.
------------------------------
From: rerodd@eos.ncsu.edu (Richard Roda)
Date: Sun, 16 Jan 1994 19:21:59 GMT
Subject: Re: FOIA and Copyright
Organization: North Carolina State University, Project Eos
reed@interval.com (David P. Reed) writes:
>The recent note by James Love of Nader's Taxpayer's Assets Project
attempt to break West's control of the Juris database raises
interesting issues related to the use of FOIA to allow one taxpayer to
seize another's property. (Let me make it clear that I'm not
commenting on the dispute about Juris, instead I'm extending the
argument Love makes).
>FOIA is apparently being used to request a free copy of the contents
of West's Juris database from the gov't. Apparently the cost of
purchasing it from West is considered a barrier, and FOIA is being used
to get it cheaper. [The general issue of whether the gov't should make
judicial opinions available through channels other than West is more
complex, but the FOIA approach tries to bypass those issues]
The main issue is this: something like the juris database could be used
to circumvent FOIA by a company making an agreement with the government
along the lines of: "We won't show this information to anyone you don't
want us to", and then getting a copyright on information *created by
the government*. The fact that the court cases are created by the
government is the real issue. Allowing a company to copyright public
information is a dangerous precedent. This is different from an FCC
taping a movie to make sure it does not exceed the politically correct
amount of profanity, nudity and violence because the movie was not
created by the government. This is the essential distinction, not how
the information is delivered.
PGP 2.3 Public key by mail | Richard E. Roda <rerodd@eos.ncsu.edu>
Disclaimer--------------------------------------------------------------
| The opinions expressed above are those of a green alien who spoke to |
| me in a vision. They do not necessarily represent the views of NCSU |
| or any other person, dead or alive, or of any entity on Earth. |
------------------------------------------------------------------------
Criminals prefer unarmed victims. Oppose gun control.
Drug Dealers prefer a monopoly. Support legalization of drugs.
------------------------------
From: rerodd@eos.ncsu.edu (Richard Roda)
Date: Sun, 16 Jan 1994 19:32:20 GMT
Subject: Re: INMAC using mailing list derived from internet materials
Organization: North Carolina State University, Project Eos
paul@vix.com (Paul A Vixie) writes:
>my overall goal is to see to it that "commercializing the internet"
does not translate to "bombarding people with electronic and physical
junk mail since all of their name and address information is so easy to
find." if we don't draw a line in the sand and vigorously enforce a
non-junkmail culture, we will shortly see a time when "netfind" and
other tools no longer operate because noone will give out any
information about their users.
The fact that a company should use freely available information should
come as no surprise; I am surprised it took the companies this long to
realise that information was out on the Internet free for the asking.
The problem is that once such information is avaliable, there is really
nothing you can do about it. I would be against any legal or net.cop
type mentality for dealing with this "problem". Simply contacting the
company and letting them know that you don't want the product should be
sufficent. If everyone on the internet contacts companies that send
them stuff, then the companies will catch on that using the Internet
for address informaton is not profitable.
Personally I've never seen "junk mail" as a big enough deal to make
more rules about. Remember, that if such rules are made they will have
the side effect of reducing freedom of action in the internet, and the
mild benefit of reducing junk mail is not worth violating the principle
that the internet is a free place to share information.
PGP 2.3 Public key by mail | Richard E. Roda <rerodd@eos.ncsu.edu>
Disclaimer--------------------------------------------------------------
| The opinions expressed above are those of a green alien who spoke to |
| me in a vision. They do not necessarily represent the views of NCSU |
| or any other person, dead or alive, or of any entity on Earth. |
------------------------------------------------------------------------
Criminals prefer unarmed victims. Oppose gun control.
Drug Dealers prefer a monopoly. Support legalization of drugs.
------------------------------
End of Computer Privacy Digest V4 #019
******************************
.