Date: Thu, 14 Apr 94 18:40:04 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#052
Computer Privacy Digest Thu, 14 Apr 94 Volume 4 : Issue: 052
Today's Topics: Moderator: Leonard P. Levine
***Help*** Regulation E and Banking
Internet Surfers
K-12 Schools & SSNs
Backfinger Program from FAQ
Every Move You Make...I'll Be Watching You
K12 Personal Security
Re: Computer Databases of Information
Re: Getting Social-Security Numbers
Re: Let your Fingers do the Walking on the Internet
Re: SSN#: How Could Someone Find Out Mine
Re: Credit check only with Permission Granted
Re: Let your Fingers do the Walking on the Internet
Re: Credit Check only with Permission Granted
Re: Neat Tricks!
Re: Neat Tricks!
Re: Neat Tricks!
Re: CNID vs. ANI
Re: CNID vs. ANI
Re: Telemarketing
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: darlene.r.huber@uwrf.edu
Date: 12 Apr 1994 16:22:49 -0500 (CDT)
Subject: ***Help*** Regulation E and Banking
Organization: University of Wisconsin - River Falls
I am trying to find information on Regulation E this has to do with the
Banking Industry. Do you know what year it came into effect or where
to find info on this. Many libraries do not have info on this
subject. Any help would be great my paper is due Friday. Thanks!
--
DARLENE.R.HUBER@UWRF.EDU
------------------------------
From: ids0179@ucssun1.sdsu.edu (Brian Abernethy)
Date: 13 Apr 1994 00:03:33 GMT
Subject: Internet Surfers
Organization: San Diego State University Computing Services
Hey all you internet surfers! I am a student in San Diego, CA that is
conducting a survey on how internet use affects society. Please,
please, PLEASE help me through this research project by answering 15
easy questions. When you are done, please leave your initials and
internet address for research purposes. Thanks!
1. On the average, how much time do you spend on the Internet?
2. On what forums do you hang out?
3. What kind of information do you seek out on the "net"?
4. Do you feel that the info you get from the net gives you an advantage
over colleagues who do not have net access?
5. If so, why?
6. Has being on the net informed you about the issues/topics that you
previously knew little about?
7. If so, what were these issues/topics and how do you use them?
8. Approximately, how much time/money do you spend subscribing to the net?
9. Do you read newspapers? Daily? Weekly? Whenever you can?
10. If so, which ones?
11. What do you look for when you read a newspaper?
12. Do you watch t.v. newscasts? How often?
13. Afterwards, do you feel properly or adequately informed on the world's
happenings?
14. What does having access to the "net" mean to you?
15. Do you find that the information you get from the net applies to your
life?
Again, thanks for your participation. Don't forget to leave your name and
internet address.
[Moderator: This, after all is a board concerned with Privacy. Any
user who wants to respond to this and maintain privacy can send the
response to comp-privacy-request@uwm.edu and I will forward the
information anonymously.]
------------------------------
From: glr@rci.ripco.com (Glen Roberts)
Date: 13 Apr 1994 15:55:52 GMT
Subject: K-12 Schools & SSNs
Organization: RCI, Chicago, IL
Please contact me, if your school (K-12) has asked for your kid social
security numbers. Whether this is a regular part of the registration
process, or a special request.
This would be a request by the School, not auxiliary programs, such as
the federal or state government, relative to a free or subsidized lunch
program.
If, you have it available, please include the School's address and name
of the superintendent or principal.
Did you supply the social security numbers? Did they threaten you if
you refused? Did the application form have a Privacy Act notice on it?
--
Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
Box 734, Antioch, Illinois 60002. Fax: (708) 838-0316
Call the Surveillance Hotline: (708) 356-9646
------------------------------
From: kyrouz@student.umass.edu (Bill Kyrouz)
Date: 13 Apr 1994 13:38:51 -0400
Subject: Backfinger Program from FAQ
Organization: University of Massachusetts, Amherst
(forgive me if this is slightly off topic but...)
I've ftp'd the backfinger file from quartz.rutgers.edu mentioned in
this newsgroup's FAQ, de-compiled and de-tar'd it and all, but the
instructions are not for the UNIX-impaired. Could someone fill me in
on exactly what I have to do to get this thing going? I don't want to
tinker too much with it for fear of screwing something up in my
account...
--
William J. Kyrouz III
CASIAC Student Coordinator, University of Massachusetts at Amherst
------------------------------
From: "Paul W. Robinson" <PAULW@TDR.COM>
Date: 14 Apr 1994 02:43:17 -0400 (EDT)
Subject: Every Move You Make...I'll Be Watching You
"Paul W. Robinson" <PAULW@TDR.COM> stated: Here's something which
might be of interest to you. A large Educational Instuitution's
computer is watching everything sent in newsgroups and possibly in
some mailing lists. I am using a modified address of PAULW@TDR.COM
instead of PAUL because that computer has already sent me a message
to PAUL@TDR.COM. I want to try to see what it does this time.
In one list I mentioned that the Massachusetts Institute of Technology
(you know what the 3 letter abbreviation is) has a system that collects
E-Mail addresses of people who post to newsgroups. That site used to
be called "pit-manager".
I am writing this message in this way to see what happens. Apparently,
any time one of the Institute's computers sees a reference to
"pit-manager" it mails a message to the sender telling them that the
site was changed to the address "rtfm".
I am not referencing the internet address that ends in .EDU here for
that educational Institution because I want to see if the Massachusetts
Institute of Technology's computer is checking based upon someone using
the name "pit-manager" or is it because of reference to the Institute's
domain name with that term used within the message?
I don't know if a program that is sending out messages based on it
scanning the contents of messages that it saw is a good idea. Consider
a program that checked for spelling errors and criticized people who
misspelled words by telling them of all the words they misspelled.
(Considering how bad some people's writing is, that might not be a bad
idea.)
This sort of practice could be prostituted into to all sorts of
interesting political correctness tactics by having automated programs
that watch for comments someone doesn't like and mailing the writer
complaints.
---
Paul Robinson - Paul@TDR.COM
------------------------------
From: turet@u.washington.edu (Philip Turet)
Date: 14 Apr 1994 18:50:23 GMT
Subject: K12 Personal Security
Organization: University of Washington, Seattle
Dear Netters:
I recently have become involved in a project to implement Internet
feeds to some elementary/high schools. Actually, they already have the
feeds and the hardware, we're putting together a science/math
curriculum, also using Mosaic. I recently (re-)started looking at the
k12 newsgroups, which I haven't done in a few years, since my kids were
small. It struck me that there could be a possibility for abuse of the
system, for example in the 'chat' or 'pen-pals' groups and access to
names/addresses/phone #'s by those with less than salutory intentions.
Does anyone else have any thoughts or experiences with this, and is
this an appropriate newgroup for this discussion? I hope I'm simply
being parental (fatherly) and not paranoid.
I would like something like this to be a long thread, since I want to
explore this aspect of things before we just go head-long into the
network with the little kids and expose them to potential problems
later on.
--Phil Turet >> turet@pmel.noaa.gov
------------------------------
From: fielden@rintintin.Colorado.EDU (jeanette fielden)
Date: 12 Apr 1994 18:28:44 GMT
Subject: Re: Computer Databases of Information
Organization: University of Colorado, Boulder
I also seem to remember that there was a way to find out
if someone owned property in a given state through
LEXIS or NEXUS. Anyone know if this is true?
Does anyone know if this is actually true. I know
you can get such info by going to court houses or
wherever deeds are recorded.
Other databases of info -- voter registration records, DMV records in
most states many universities sell lists of students w majors and grad
dates A number of universities are starting to use debit cards and
smart cards to track student buying habits and reselling info to
marketers.
it all just mkes me shudder.
------------------------------
From: fielden@rintintin.Colorado.EDU (jeanette fielden)
Date: 12 Apr 1994 18:31:29 GMT
Subject: Re: Getting Social-Security Numbers
Organization: University of Colorado, Boulder
John A. Thomas <B858JT@UTARLVM1.UTA.EDU> wrote: Tony Austin wonders
how easy it would be to get ones' social-security number. Pretty
east, actually.
First, it is indeed on your credit report.
Second, many governmental agencies ask for it for documents that
will become public records. In Texas, for example, it is requested
for voter-registration certificates (first place I go if
backgrounding someone), divorce petitions, and probate applications
(both the applicant and the deceased!). I understand some states
use the SSN as a driver's license number.
As of Septemeber Texas now requires you to have your social security
card(you must have the actual card) in order to replace, renew or get a
driver's license.
------------------------------
From: kec@stubbs.ucop.edu
Date: 13 Apr 94 09:34:58 PDT
Subject: Re: Let your Fingers do the Walking on the Internet
Organization: University of California, Berkeley
<PAUL@TDR.COM> writes: Some people seem to have gotten upset over
the collection of E-Mail addresses for advertising. Now, here,
someone has generally collected everyone's address off public
messages, and published them in a book that is sold over the
counter in a computer store. I wonder how people feel about this
issue.
I feel about it the same way I feel about the phone company selling my
phone number, and the magazine companies selling my name and address:
I didn't agree to it. When I give someone my address so that they can
send me something, I am not giving them the right to give or sell that
address to anyone else for any other purpose. Yet, the current
assumption in our world is that information about who you are and where
you can be reached is public unless otherwise protected (medical info,
SSNs in some instances). I think that my name, address, phone number
and email are *mine* for *me* to use, to give out, etc.
Posting on a news group should not result in your email address
becoming a commodity!
Karen Coyle CPSR/Berkeley
------------------------------
From: pmacghee@motown.ge.com (Peter F. MacGhee, x 2266)
Date: 13 Apr 1994 18:01:57 GMT
Subject: Re: SSN#: How Could Someone Find Out Mine
Organization: Martin Marietta Corp, Moorestown NJ
austin@netcom.com (Tony Austin) wrote: I read the SSN# FAQ and it
was a wonderfully written article. What I can't understand is how
an individual, like a detective or such, could find out what my
SSN# is.
Is my SSN# so vulnerable that someone could do a credit check on me
and find out what my SSN# is?
Yes, they could. I've seen credit reports run without SSN's before.
Cross reference with name, address, phone, age, or employment, and
pickup the person's SSN off the report.
---
Pete MacGhee Jr.
pmacghee@motown.ge.com
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 13 Apr 94 23:33 EDT
Subject: Re: Credit check only with Permission Granted
Organization: I.E.C.C., Cambridge, Mass.
I called TRW in Orange County, California today. I asked how safe
my credit information and social security number is. They told me
that noone can look at your credit report unless you grant them
permission.
This is a swell theory. Unfortunately, the practice seems to be that
TRW (and any other credit bureau) will provide any of their credit
reports to any of their clients, on the impressively optimistic theory
that no client would dream of asking for your report if you hadn't
already granted them permission to do so.
If you feel like it, call TRW back and ask what they do to verify that
the people to whom they provide a report do in fact have permission to
request it.
Regards, John Levine, johnl@iecc.com, jlevine@delphi.com,
1037498@mcimail.com
------------------------------
From: kbarger@ACC.HAVERFORD.EDU (Kyle Barger)
Date: 14 Apr 1994 14:17:07 -0400
Subject: Re: Let your Fingers do the Walking on the Internet
Organization: Haverford College Academic Computing
Paul Robinson <PAUL@TDR.COM> wrote: Apparently the compiler of the
book collected some 100,000 people's names and printed them up.
This book is fairly recent but not that much. As with most
people, I looked myself up. While it does have my address on
access.net and MCI Mail, it does not have my address here on
TDR.COM, which implies that it stopped collecting before I started
using it almost exclusively, which would be before December 5,
1993, which is when the TDR.COM domain is listed as last updated
via WHOIS.
I was very interested to finally see this book in print. Several
months ago I saw a notice from the author (forget his name), saying
that he had collected *demographic information* about people, along
with their email addresses. So I immediately emailed him and asked for
a copy of any information he had on me. He wrote back within a day
saying he would be happy to send it to me, but was busy and it would be
a few days before he could get to it. I never heard from him again via
email, but a week later he posted a second note saying that he had
taken so much flak for this project that he decided to chop out all the
demographic info and just do a listing of email addresses.
Presumably he still has all this "extra" information, even though he
didn't publish it. I wonder what he plans to do with it?
--
Kyle Barger Haverford College
kbarger@haverford.edu Academic Computing
------------------------------
From: cntrspy@netcom.com (Executive Protection Assoc)
Date: 13 Apr 1994 01:30:59 GMT
Subject: Re: Credit Check only with Permission Granted
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Tony Austin (austin@netcom.com) wrote: I called TRW in Orange
County, California today. I asked how safe my credit information
and social security number is. They told me that noone can look at
your credit report unless you grant them permission.
A fine and a civil lawsuit was mentioned as well. Subsequently I
feel a lot safer. Is this a false feeling of security?
Yes credit info is confidential and not available without a release but
there is a loophole called "credit header" information that is NOT
regulated and includes name, ssn, most recent address, most recent
employers and sometimes other "lifestyle" information.
Don't kid yourself, I have also heard of places that can run a check
and not leave a "fingerprint" on your record...
Scary stuff...
-- Chris Hall Operations Director Executive Protection Associates,
Inc.
------------------------------
From: lvc@cbvox1.att.com
Date: 12 Apr 94 14:37:49 EDT
Subject: Re: Neat Tricks!
Organization: Idaho City University
glr@rci.ripco.com (Glen Roberts) writes: Well, my delight in
phoning the back to express my displeasure with them, quickly
turned to frustration! Try it... 1-312-670-4113. It won't cost you
anything. The familiar reorder tones followed by the number
670-4113 "is not in service for incoming calls!" The ultimate
Caller-ID block.
This is done for pay phones, prisoner phones, among others. I found
out what the phone number for a prisoner phone was and out of curiosity
called it. The prisoner phone didn't have reorder tones play back,
just some strange "equipment test" message. This was for a New Jersey
prison which served as a beta site for a product I worked on, although
the prisoners didn't know it ...
--
Larry Cipriani lawrence.v.cipriani@att.com or attmail!lcipriani
"Singapore scientists discover new treatment for attention deficit
disorder." -- USA Today
------------------------------
From: kyrouz@student.umass.edu (Bill Kyrouz)
Date: 12 Apr 1994 19:13:10 -0400
Subject: Re: Neat Tricks!
Organization: University of Massachusetts, Amherst
Glen Roberts <glr@rci.ripco.com> wrote: PROTECT YOURSELF WITH THE
CHICAGO TRIBUNE'S TELEMARKETING TRICK the irritating telemarketing
call comes in... it's the middle of dinner and some lady wants to
know if we get the Chicago Tribune... I tell them, just when it
comes free a couple times a week... well, my delight in phoning the
back to express my displeasure with them, quickly turned to
frustration! Try it... 1-312-670-4113. It won't cost you anything.
The familiar reorder tones followed by the number 670-4113 "is not
in service for incoming calls!" The ultimate Caller-ID block.
As a former telemarkter, I can tell you the cause; WATTS lines. Most
telemarketing operations have them to be better equiped to handle
making thousands of calls an hour. The trick is they don't allow
inbound calls. The telemarketing firm I worked for even went as far to
have a line that by-passed the local phone company, giving an extra
second or two each time a call was made.
--
William J. Kyrouz III
kyrouz@student.umass.edu or wkyrouz@nyx.cs.du.edu
CASIAC Student Coordinator, University of Massachusetts at Amherst
------------------------------
From: wbe@psr.com (Winston Edmond)
Date: 14 Apr 1994 20:30:10 GMT
Subject: Re: Neat Tricks!
Organization: Panther Software and Research
glr@rci.ripco.com (Glen Roberts) wrote: Yet, if I dial "10288356-9646"
it comes in as out of area
10-288 is simply the AT&T access code. 10-222 is MCI's access number,
and other 10xxx numbers use other long distance companies. The trick
of using a LD carrier to defeat Caller ID will stop working at some
point since the FCC has now approved interstate passing of Caller ID
information.
-WBE
------------------------------
From: lvc@cbvox1.att.com
Date: 12 Apr 94 14:54:46 EDT
Subject: Re: CNID vs. ANI
Organization: Idaho City University
gibbs@husc4.harvard.edu (James Gibbs) writes: And if you don't want
your phone number to be given by ANI to the owner of an 800 number,
call the operator and ask him/her to dial the 800-number for you.
They can still get your number, but they probably won't go through
the extra hassle to get it.
Call from a pay phone...
It is my understanding that 800 lines are actually an aliasing
scheme for regular (non-800 area code) numbers.
The aliasing can depend on time of day, originating phone number, among
other things. There is not necessarily a one-to-one mapping between
800 numbers and regular numbers.
If you can discover the regular number associated with an 800
number and dial that instead, does that deny the ANI information to
the 800 supplier?
I believe that is correct.
Is it possible to find out what non-800 number is associated with
an 800 line?
Not unless you know someone who can dig it up at a phone company. A
guy I know found out the non-800 number for ticket sales to a Rolling
Stones concert by calling a friend at a phone company. He got though
on the non-800 number but not the 800 number. This worked because the
800 numbers also go though different network controls than regular
numbers.
--
Larry Cipriani lawrence.v.cipriani@att.com or attmail!lcipriani
"Singapore scientists discover new treatment for attention deficit
disorder." -- USA Today
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 14 Apr 94 00:07 EDT
Subject: Re: CNID vs. ANI
Organization: I.E.C.C., Cambridge, Mass.
It is my understanding that 800 lines are actually an aliasing
scheme for regular (non-800 area code) numbers.
Sometimes yes, sometimes no. Low volume 800 numbers are forwarded to
regular phone numbers. High volume 800 numbers are more often
delivered on high-volume trunks connected directly from the long
distance company to the customer. Those high volume lines are the ones
most likely to get real-time ANI.
If you can discover the regular number associated with an 800
number and dial that instead, does that deny the ANI information to
the 800 supplier?
Maybe. There are some regular phone numbers that get ANI. Speedway, a
low-cost Internet provider in Oregon, has direct trunks from AT&T for
their modem phone number 503-520-2222. AT&T pays them a per-minute
amount for incoming calls, which lets Speedway provide their service at
no charge above the cost of the phone call. (On a normal connection,
AT&T would pay the per-minute amount to the local telephone company in
that area to complete the call.) Speedway makes no secret of the fact
that they get and record the ANI on incoming AT&T calls. If you call
other than via AT&T, you get a busy signal, so there's no way to call
them without them getting ANI.
Regards, John Levine, johnl@iecc.com, jlevine@delphi.com,
1037498@mcimail.com
------------------------------
From: seth@wucs1.wustl.edu (Seth Golub)
Date: 13 Apr 1994 14:26:07 GMT
Subject: Re: Telemarketing
Organization: Washington University, St. Louis MO
Chris Call 908-946-1133 (rccall@babel.ho.att.com) wrote:There are
laws governing the behavior of telemarketers; in particular, there was
a discussion of a law that requires telemarketers to supply their
company name and address, and to remove people from their mailing list
if they have called those people twice and the people ask to be
"de-listed."
But what do you do when the telemarketer is just a recorded message?
-- Seth Golub seth@cs.wustl.edu seth@hilco.com
------------------------------
End of Computer Privacy Digest V4 #052
******************************
.