Date: Wed, 19 Jan 94 13:50:26 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#020
Computer Privacy Digest Wed, 19 Jan 94 Volume 4 : Issue: 020
Today's Topics: Moderator: Leonard P. Levine
SSNs and E-mail guidelines
Credit, Retirement and SS Reports
Buckley Act Outrage
Re: Form 1040
Re: Form 1040
Re: Autoland Credit Scam
Re: FOIA and Copyright
Data Encryption and Privacy
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: Mon, 17 Jan 94 10:35 EST
Subject: SSNs and E-mail guidelines
In response to the moderator's tax form: IRS has decided to cover the
SSNs on Form 1040 but apparently did not decide in time to alter the
1993 forms. This change in IRS practices resulted from prodding by
CPSR and other privacy advocates over the past five years.
Michael T. Palmer asked about SSNs and the Virginia drivers license.
There was long litigation concerning the Virginia requirement that SSNs
be provided IN ORDER TO VOTE, but not concerning the SSN on drivers
licenses. A federal Court of Appeals ruled in March 1993 that Virginia
could not demand the SSN in order to vote.
A. Lee Saloman asked about corporate policies on e-mail. Guidelines
are available from the Electronic Mail Association in Arlington, Va.
703/875-8620. It is EMA on most mailboxes; on CompuServe it's
70007,2377. Robert Ellis Smith, Publisher, Privacy Journal.
------------------------------
From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr)
Date: Mon, 17 Jan 94 12:53:30 EST
Subject: Credit, Retirement and SS Reports
With all the talk about the Autoland Credit Scam and checking credit
reports, it occurred to me that there are two other areas that should
be checked at least yearly.
Get a copy of your earnings and benefits statement from the Social
Security Administration. Call (800-772-1213 and they will send you a
form to fill out and mail back. I do that yearly and have just done so
for 1993.
Another place and is especially critical if one is in a defined
contribution retirement plan (retirement pay based on earnings paid
into the plan, not retirement pay based on age/years of service).
At one point several years ago, I wasn't receiving earnings and
retirement projections from my retirement plan and started asking my
employer about it. They stated that the payments went in on a regular
basis but didn't know any more than I did.
I then contated my retirement plan and when they got done checking,
they found out that although my payments were credited correctly, the
reports were going to Los Angeles, not Long Island.
Reason: Somebody goofed at the retirement plan and the reports were
going to W. David Niebuhr, not David W. Niebuhr.
The retirement plan then reported back to my employer who graciously
went over almost five years of records and gave me a complete readout
of what was sent in, down to the penny amount. So did the retirement
plan.
My SSN was not needed at the time since the policies are issued on a
"participant number" that in no way resembles an SSN. They're trying
to go the SSN way but when I call them, I refuse to give it to them
even though they have it.
Moral: Check your retirement plan at least yearly as well as your SSN
benefits and earnings. They can go just as screwy as a credit card in
the wrong hands.
I've held the name of the retirement plan back but will reveal it if
asked since it is the biggest private pension plan going (it has a huge
investment in the Mega Mall in Minneapolis as well as underwriting
another daughter's college education).
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Tue, 18 Jan 1994 15:18:02 -0600 (CST)
Subject: Buckley Act Outrage
Organization: University of Wisconsin-Milwaukee
[I recently received the following from a student at a University here
in the United States. I agreed to post this under my name to secure
that student's privacy. MODERATOR]
I'd like to share the following with the readers of your digest. I am a
graduate student at _______. I have a strenous diagreement with one
faculty member and in retaliation, I have discovered that this person
has disseminated confidential information in my student file which, of
course, is protected in full by the Educational Privacy Act of 1974,
better known as the "Buckley Act."
Incredibly, when I complained, no one realized that a student's
educational file is completely confidential and the contents therein
can only be released to University personnel on a "need to know basis"
and that under no circumstances, can information be disseminated to
outsiders notwithstanding a signed release from the student in
question.
I would GREATLY appreciate help from any one of you as to how best to
deal with this outrage. Can violations of the Buckley Act and
dissemination of information in student files be punished on a criminal
basis? If so, who/where does one complain?
Also, if anyone has any other "tips" about the Buckley Act I would
appreciate hearing them (for example, can anyone in a school access the
information, or is it limited to instructional personnel or what??).
[If any reader wishes to privatly mail material to this student, I will
be glad to forward anything sent to me. MODERATOR]
------------------------------
From: todd@meaddata.com (Todd Leonard)
Date: 19 Jan 1994 14:29:04 GMT
Subject: Re: Form 1040
Organization: Mead Data Central, Dayton OH
The IRS TeleFile package (1040EZ-3) sent to eligible Ohio residents
is rather inconsistent, privacy-wise...
- My SSN is prominently displayed on the peel-off label on the
front cover.
- Instructions on the 3rd unnumbered page say, parenthetically,
"For best results, and to ensure privacy, don't use cordless
or cellular phones."
- Later on that page, the instructions continue, "TeleFile will
use a recording of your voice [name + SSN] as your signature,
so there's no form to sign."
To me, the most interesting nugget in the instructions is that the
IRS dares to imply that despite law to the contrary, cellular phone
conversations are less than private. :-) That's a nice touch, but
clearly they still have work to do to "ensure privacy".
--
______________________________________________________________________
________ |
| _ _| _| todd@meaddata.com | No island is an island.
||_||_||_| !uunet!meaddata!todd |
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Tue, 18 Jan 1994 15:47:07 -0600 (CST)
Subject: Re: Form 1040
Organization: University of Wisconsin-Milwaukee
After contacting the information officer of the local office of the
IRS, I now know about the various packages offered by them. There are
11 packages that are sent to taxpayers depending on which forms you
filled out last year.
I was told that package 1040-5 is for people who filed Schedule C last
year. The package was redesigned this year. Other packages will be
redesigned later and the change that appeared in package 1040-5 this
year will occur in other packages as they are redesigned.
For my purpose the only privacy change was the removal of the Social
Security Number from the mailing label on the front of the package.
The SSN is still used to identify you, but it is now on a separate
sheet of paper located inside the package.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr)
Date: Mon, 17 Jan 94 12:38:40 EST
Subject: Re: Autoland Credit Scam
images@netcom.com (David M. Berman) writes:
>>His reply: "Don't blame you, I'll leave it blank."<<
>>My daughter decided not to get the car due to the deal the salesman
proposed so it was a moot issue (I hope).<<
>I'm rather certain that a name and address are sufficient
identification to run a credit check. Your best protection at this
point in time is to pay TRW or one of the other services to send you a
recent report several times per year. These reports list INQUIRIES
made into your credit record -- mine listed Autoland as one.
Witholding your credit card number from the salesman did not hold him
up at all because the TRW (or Equifax or Transunion) report lists ALL
of your cards and ALL of their numbers along with credit line, payment
history, balance, etc.<
Actually, I just sent away for copies of my credit reports from the
"big three" and I'll be looking to see what, if any, inquiries have
been made.
from what I understand, the operative part of a credit report is the
SSN and I didn't give the salesman that since he never asked for it.
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: brokowski@nwu.edu (Mike Brokowski)
Date: 18 Jan 1994 01:05:45 GMT
Subject: Re: FOIA and Copyright
Organization: Northwestern University, Evanston IL
In article <comp-privacy4.18.2@cs.uwm.edu>,
David P. Reed <reed@interval.com> wrote:
>The recent note by James Love of Nader's Taxpayer's Assets Project attempt
to break West's control of the Juris database raises interesting issues
related to the use of FOIA to allow one taxpayer to seize another's
property. (Let me make it clear that I'm not commenting on the dispute
about Juris, instead I'm extending the argument Love makes).<
>FOIA is apparently being used to request a free copy of the contents
of West's Juris database from the gov't. Apparently the cost of
purchasing it from West is considered a barrier, and FOIA is being used
to get it cheaper. [The general issue of whether the gov't should make
judicial opinions available through channels other than West is more
complex, but the FOIA approach tries to bypass those issues]<
>Now suppose that I sell the government a copyrighted work (a book,
play, computer program, whatever). If a citizen decides that the gov't
cost to make a copy of that work is less than it costs to buy it in the
commercial marketplace, he/she can bypass the commercial source, and
ask the gov't to give it to them under the FOIA, since it is a taxpayer
asset. There is an exemption when it is in a library (obviously since
the Lib of Congress gets copies of all books, this would be a
problem). But where does it cross between a library and a taxpayer
asset?<
Is the issue what constitutes a "taxpayer asset" or what is a "public
record"? Clearly the distinction may be blurry in many cases, but I
thought that the FOIA was to provide reasonable access to documents
that the government generates in the course of its functions, not to
allow access to government assets. Am I mistaken?
I don't pretend to understand the entire legal machinery behind this
kind of case, but it seems reasonable to assume that FOIA requests are
intended to make accessable public records generated by the government
in the course of government activities. A the FOIA provides a check on
government activities by making records of said activities available to
the public and it is an assumed cost of government. As I see it, the
problem isn't that someone wants a free copy of West's records.
Indeed, these *aren't* West's records, West only takes care of storage
and distribution, they have no copyrights to them as they are public
infromation (court records). (Someone correct me if this isn't the
case.)
The problem might be that the government has entered into a contract
that it shouldn't have. If the government is required (by FOIA) to
maintain these records and provide ready and (essentially) free access
to them, then they have screwed up in telling West that West may
maintain them *and* charge for access to them. If the gov't wants to
contract out this record keeping service and meet its FOIA obligations,
then perhaps the contract needs to be reworked to allow West to provide
access to these records and send the bill for such access back tot he
appropriate department. Otherwise, uncle Sam is dodging the cost of
meeting its FOIA duties whenever it contracts out the maintainance of
public records to a private record keeper.
>If a gov't employee in the course of doing his job records a movie on
HBO for later viewing under fair use (this is clearly not a library
function), one might argue the FOIA gives an entrepreneur the right to
request it for distribution to taxpayers free. Looks like a new
business opportunity, especially if you can get the FCC to do so on a
regular basis.<
Hmm. Does the FOIA allow access to copywritten materials at all? I
thought it only allowed access to records generated by the gov't, not
necessarily all of the data that the government has, some of which is
the intellectual property of private entities. However, the poster has
an interesting point in the (common?) case where private material is
entered into a government record for some purpose. One recalls the
popularity of the Meese Commission's Report on Pornography some time
ago. :-)
Mike
brokowski@nwu.edu
------------------------------
From: Chuck Weckesser <71233.677@compuserve.com>
Date: 19 Jan 94 08:59:54 EST
Subject: Data Encryption and Privacy
Since the issue of PGP has been raised, I have a question about two
programs (commercial) which I have paid for with the express intent of
keeping my Macintosh, and the contents therein, completely private.
One "layer" of privacy is insufficient. The names of the programs are
(1) Cryptomactic and (2) Nightwatch II, both manufactured by a firm
called Kent Marsh Ltd.
The first program encrypts files using several different methods. I
always choose "triple DES". I then use Norton to encrypt the encrypted
file as there is no incompatibility in doing so.
I then use Nightwatch II to actually lock the disk where the encrypted
files are.
Question: Am I completely protected? If I have anything less than 100%
protection, I am going to be dissappointed upon finding that out from
one of you guys as I shelled out big bucks for these programs.
In theory, could even NSA penetrate my system given the steps I have
taken to protect my data?
Finally, is anyone aware of a shareware program which DESTROYS your
disc (if you so set that option) after incorrectly entering the
password on the third attempt *after* first getting through security
measures which cause no harm?
I am new to Internet and am following the PGP debate with great
interest. As things now stand, and someone please correct me if I am
wrong, it is absolutely *IMPOSSIBLE* to penetrate a system using PGP,
correct?
I belong to CompuServe. I hope they have this file. I will try to look
for it but if anyone is willing to send PGP through Internet at
71233.677@compuserve.com I would appreciate it.
------------------------------
End of Computer Privacy Digest V4 #020
******************************
.