Date: Mon, 07 Feb 94 15:43:41 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#027
Computer Privacy Digest Mon, 07 Feb 94 Volume 4 : Issue: 027
Today's Topics: Moderator: Leonard P. Levine
Re: SSN on Payroll Checks
Re: SSN on Payroll Checks
Re: SSN on Payroll Checks
Re: SSN on Payroll Checks
SSN on Payroll Checks
Re: SSN other concerns
WIRED Magazine Report
Re: Electronic Cross-Checking
Re: INMAC and lists for sale
Winter Consumer Electronics Show Keynote Speech
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: close@lunch.asd.sgi.com (Diane Barlow Close)
Date: 3 Feb 1994 20:57:52 GMT
Subject: Re: SSN on Payroll Checks
Organization: Self employed, eh.
Todd Jonz <tcj@netcom.com> writes:
With an account number and the last four digits of the account
holder's SSN, Bank of America provides an automated telphone account
inquiry service via which you can get detailed information about his
account balance, recent deposit amounts, cleared check number and
amounts, etc.
I wonder if one can request that this "service" *not* be provided for
a specified account?
Yes, and I was instrumental in getting this "service"
replaced/refined. After my husband's SSN was usurped by unscrupulous
individuals who used it to obtain credit cards and defraud banks of
over $25,000 I went to B of A about providing further protection for
our bank accounts. In conjunction with Don Owen, Senior Vice President
and Manager of Item Processing at the Glendale, CA main office, we
developed a password system and a SSN lockout system that bank
customers can use on their accounts instead of the SSN.
What you do is request that your account be locked out of the
automatic-phone-in system. Now you'll have to go through a live
operator to get any information on your account. An inconvenience, but
worth it, imho. Next, get a password assigned to your account (you
choose it). >From now on the phone-teller will as for you password
instead of your SSN. Usually she also asks for some other
collaborative ID, like account activity stuff.
I was very happy with this solution to a sensitive problem and to B of
A's response. Mr. Owen also instituted a random call-in check of the
system to make SURE that tellers follow the correct procedures and
don't rely on the SSN for identification.
Just FYI, I eventually left banking at B of A for other reasons. I
must say that they did take my security and privacy concerns very
seriously and it was most rewarding to be involved in the planning and
implementation of a more secure process. It seems that private
citizens CAN make a difference, at least some of the time!
--
Diane Barlow Close
close@lunch.asd.sgi.com
I'm at lunch today. :-)
------------------------------
From: news@zeus.aix.calpoly.edu
Date: Thu, 3 Feb 94 21:08:55 GMT
Subject: Re: SSN on Payroll Checks
Organization: California Polytechnic State University, San Luis Obispo
P. B. Hutson. (poivre@netcom.com) wrote:
I mean, for such an important number as the SSN is, you'd think
people would be more careful with it. Instead, this all important
number is so insecure, its laughable.
I'd like to get rid of the SSN completely but if society insists on
using it, then i'd like to see more security features for the number
and tamper-proof must-show cards.
I agree with the posters who advocate being more careful with their
SSN. But *how*? Can you give us a few options/techniques/etc. when
people are being quite demanding about it?
--
Vincent J. Abella |"We men of study, whose heads are in
(vabella@oboe.aix.calpoly.edu) | our books, have need to be straitly
Cal Poly, San Luis Obispo, CA | looked after! We dream in our waking
| moments, and walk in our sleep."
------------------------------
From: rick@CRICK.SSCTR.BCM.TMC.EDU (Richard H. Miller)
Date: Fri, 4 Feb 1994 16:40:16 -0600
Subject: Re: SSN on Payroll Checks
On 30 Jan 1994 poivre@netcom.com (P. B. Hutson.) wrote:
John R Levine (johnl@iecc.com) wrote:
The basic problem is that far too many organizations assume that
anyone who presents your name and SSN must be you, making it easy
to impersonate you for credit theft and other fraudulent purposes.
This is very true. Think of the last time someone who needed your
SSN required you to show them the card to prove its really yours.
The only people who wants to see the cards are employers and gov't
welfare agencies. When you apply for credit cards, open bank
accounts, rent an apartment, get utilities, etc etc etc, they never
ask to see the card so its easy for the bad guys to impersonate you.
Actually, some mortgage companies require the original card when you
apply for a mortage. (Not all, ours did not) but many of the FAQ types
of guides warn people to make sure they have the original gov't issued
card when applying.
Also, to get back to the origan of this thread; the person who started
this thread was asking if there was any way to not have his SSN printed
on his paycheck. Since then the thread has diverged but no-one has
addressed his question.
In my opinion, the appearance of his SSN or his paycheck is one case
where there should be no question about its use. Since the SSN number
is the taxpayer ID number, it should appear on the check as a sanity
check and a verification that his earnings would be reported under the
correct ID. By the same token, ADP would have to know his SSN since
they would be reporting his earnings to both the IRS and SSA (as well
as any local and state agencies) This is also why it is required for
interest bearing accounts, mortgages and other entities which can
generate tax events.
--
Richard H. Miller Email: rick@bcm.tmc.edu
Asst. Dir. for Technical Support Voice: (713)798-3532
Baylor College of Medicine US Mail: One Baylor Plaza, 302H
Houston, Texas 77030
------------------------------
From: palbert@netcom.com (Phil Albert)
Date: Sat, 5 Feb 1994 03:42:46 GMT
Subject: Re: SSN on Payroll Checks
Organization: Disorganized
tcj@netcom.com (Todd Jonz) writes:
With an account number and the last four digits of the account
holder's SSN, Bank of America provides an automated telphone account
inquiry service via which you can get detailed information about his
account balance, recent deposit amounts, cleared check number and
amounts, etc. Joe's pay stub or direct deposit notification contains
all of the information required to make the telephone robot spill its
guts. Until very recently, this information also appeared on BofA's
ATM receipts as well.
I wonder if one can request that this "service" *not* be provided for
a specified account?
With Great Western (California), you can ask that the service be turned
off. Kudos to Wells Fargo: they will assign you a PIN for telephone
inquiries. For either bank, you have to ask.
--
Phil Albert, full-time patent attorney and philosopher, part-time car thief
Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend
Internet: palbert@netcom.com or palbert@cco.caltech.edu
ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760'
------------------------------
From: bj@herbison.com (B.J. Herbison)
Date: Sun, 06 Feb 1994 21:07:27 EST
Subject: SSN on Payroll Checks
Organization: Herbison Consulting, Leominster, MA 01453-523218 +1 508 534-1050
In article <comp-privacy4.26.4@cs.uwm.edu> rerodd@eos.ncsu.edu writes:
I am not a lawyer, but sometimes I play one on the Internet :-).
Isn't it true that if the credit report is not true and you are able
to prove it is not true that you could sue for liable or commercial
slander?
In general that isn't true. Credit reporting bureaus have some
protection because they don't generate the information, they just
`report what they are told'. They also have some explicit protection
in U.S. Federal law. It is very hard to sue a credit agency, although
I have heard more talk about trying to change this in the last few
years.
---
B.J. Herbison Herbison Consulting Another Asylum
bj@herbison.com +1 508 534-1050 18 Drummer Lane
42 29 30 N / 071 44 10 W Leominster, MA 01453 USA
------------------------------
From: kfl@access.digex.net (Keith F. Lynch)
Date: 3 Feb 1994 21:11:21 -0500
Subject: Re: SSN other concerns
Organization: Express Access Public Access UNIX, Greenbelt, Maryland USA
David Finan <fin@panix.com> wrote:
He stated that there is a new requirement from the Fed health folks
(i can give dept names but this is being done on the fly) that ALL
blood doners MUST provide the blood bank with the SSN or their blood
won't be taken.
I donated blood today, and left the SSN field on the form blank, as I
always do, and nobody hassled me about it. In the past I've been asked
if I meant to leave it blank or just overlooked it, but they've never
hassled me about it or turned me down.
This is at a blood drive run by Fairfax (Virginia) Hospital, not
affiliated with the Red Cross.
--
Keith Lynch, kfl@access.digex.com
f p=2,3:2 s q=1 x "f f=3:2 q:f*f>p!'q s q=p#f" w:q p,?$x\8+1*8
------------------------------
From: abacard@well.sf.ca.us (Andre Bacard)
Date: 4 Feb 1994 11:13:21 -0600
Subject: WIRED Magazine Report
Organization: UTexas Mail-to-News Gateway
Robert Jacobson and Bernie Cosell have raised interesting questions
about a recent article in WIRED magazine -- regarding government
actions to track all financial transactions.
I've treated this subject from many angles in "A Cash- Free Society:
Nirvana or Nightmare?" which is published in the January 1994 issue of
HUMANIST magazine -- now on newsstands and in libraries.
See you in the future, Andre
-------------------------------------------------------
Scientist Andre Bacard authored the book "Hunger for Power: Who Rules
the World and How". He writes the "Technology and Society" column in
"Humanist" magazine and has been interviewed on hundreds of radio
talk shows. He writes a monthly interview column for Computer
Professionals for Social Responsibility.)
From: Andre Bacard
P.O. Box 3009
Stanford, California 94309-3009
abacard@well.sf.ca.us
------------------------------
From: barmar@Think.COM (Barry Margolin)
Date: 4 Feb 1994 20:53:00 GMT
Subject: Re: Electronic Cross-Checking
Organization: Thinking Machines Corporation, Cambridge MA, USA
erwin@trwacs.fp.trw.com (Harry Erwin) writes:
The IRS is getting into cross-checking of 1099s.
I think they've been doing this for years. They've sent me notices a
couple of times in the past when their dividend total didn't agree with
mine.
--
Barry Margolin
System Manager, Thinking Machines Corp.
barmar@think.com {uunet,harvard}!think!barmar
------------------------------
From: dsulit@panix.com (Daniel Sulit)
Date: 6 Feb 1994 15:32:57 -0500
Subject: Re: INMAC and lists for sale
Organization: PANIX Public Access Internet and Unix, NYC
mike@camphq.fidonet.org (Mike Bray) writes:
Recently Paul Vixie posted a note about INMAC...
today i got three copies of the INMAC catalogue, sent to myself and
two others at my address. the others do not live here, but one of
them has an account on my internet- connected computer and posts a
fair number of netnews articles.
Are you sitting down? Get this...
from the November 22nd issue of DM News, page 41...
PC Operator List Names Electronic Bulletin Users
BETHEL, CT -- The new Electronic Bulletin Board Posters/Usenet file
is available from <name deleted>.
someone had to cross-reference "From:" field information against
the NIC's "whois" domain database to get the particular combination
of company name, street address, and user full name that was used
on this mailing label.
Some one? Nah... some program. :)
The next step is to cross-reference the names & addresses with the
newgroups we post to. Or even the words we use.
Subcribe to: rec.toys.lego
comp.sys.os2
alt.sex
Get junk mail for: Snap-together, OS/2 compatible Orgasmatron.
--
Danny Sulit
"Giving money and power to government is like giving whiskey and car keys
to teen-age boys" -- P.J. O'Rourke
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Mon, 7 Feb 1994 15:24:12 -0600 (CST)
Subject: Winter Consumer Electronics Show Keynote Speech
Organization: University of Wisconsin-Milwaukee
This short note is a description of the keynote speech given at the
Winter Consumer Electronics Show on Thursday, 6 January 1994 by Robert
Kavner, Executive Vice President and Chief Executive Officer for
Multimedia Products and Services, AT&T.
The entire speech is archived in ftp.cs.uwm.edu and has been placed in
file pub/comp-privacy/library/ConsumerShow.keynote.
The speech, delivered by a VP at AT$T, deals primarily with the
economic and social differnces that will result if one or the other of
two main plans for developing the "new network world" is carried out.
His talk deals mainly with questions about who will own and control the
economics, but deal somewhat with information paths, who controls them,
and, through that, privacy considerations.
The file is 25,000 bytes long, which I judge is too large for this
digest, but some of us might find it of interest.
A short quote:
"There are two opposing business models for interactive multimedia.
One model -- a customer-focused model to which AT&T subscribes --
sees an open access, competitive marketplace that promotes people
connecting with people.
"A prototype for thinking about this "open access" model is the
enormous success generated by today's communications networks. When
the new interactive networks enable anybody to reach any content and
anyone else, anywhere in the world, it will stimulate a bigger
artistic, scientific, and economic revolution for the 21st century
than the industrial revolution did for the 20th century.
"But there is another business model.
"We call it the "gatekeeping" model: a closed access, non-competitive
marketplace that looks an awful lot like the model prevailing today
in the cable industry."
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of Computer Privacy Digest and
Professor of Computer Science | comp.society.privacy.
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
---------------------------------+-----------------------------------------
[Copies of the file can be downloaded by the following procedure. Come
in and browse]
ftp ftp.cs.uwm.edu (on your system)
ftp (answer to login request)
your_userid@your_site (answer to password request)
cd pub/comp-privacy/library (at ftp prompt)
dir (look at what is there)
get ConsumerShow.keynote (move document to your filespace)
quit (back to your system)
In addition to the "library" subdirectory there are other
subdirectories named "volume1" - "volume4" that you are free to examine
and copy from. If ftp is unavailable or difficult to use, send a
request for ConsumerShow.keynote to:
comp-privacy-request@uwm.edu
------------------------------
End of Computer Privacy Digest V4 #027
******************************
.