Date: Sat, 16 Apr 94 08:18:41 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#053
Computer Privacy Digest Sat, 16 Apr 94 Volume 4 : Issue: 053
Today's Topics: Moderator: Leonard P. Levine
Re: Credit check only with Permission Granted
Re: Credit check only with Permission Granted
Re: Credit Check only with Permission Granted
Re: Let your Fingers do the Walking on the Internet
Re: Let your Fingers do the Walking on the Internet
Re: Let your Fingers do the Walking on the Internet
Re: Let your Fingers do the Walking on the Internet
Re: K12 Personal Security
FCC Issues Decision on Caller ID (Finally)
Medical Privacy Bill Introduced in Congress
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: glr@rci.ripco.com (Glen Roberts)
Date: 15 Apr 1994 01:29:20 GMT
Subject: Re: Credit check only with Permission Granted
Organization: RCI, Chicago, IL
Tony Austin (austin@netcom.com) wrote: I called TRW in Orange
County, California today. I asked how safe my credit information
and social security number is. They told me that noone can look at
your credit report unless you grant them permission.
You asked the wrong question. Ask them what information they collect
about you, and of that information what is protected by law, and what
they sell.
You name, address, social security number, spouse, date of birth,
possibly income and other information WILL BE SOLD TO ANYONE FOR ANY
REASON.
They consider ONLY your payment history to be protected by the Fair
Credit Reporting Act.
--
Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
Box 734, Antioch, Illinois 60002. Fax: (708) 838-0316
Call the Surveillance Hotline: (708) 356-9646
------------------------------
From: jgreene@nyx10.cs.du.edu (Justin Greene)
Date: 15 Apr 94 17:54:20 GMT
Subject: Re: Credit check only with Permission Granted
Organization: Nyx, Public Access Unix at U. of Denver Math/CS dept.
Tony Austin <austin@netcom.com> wrote: A fine and a civil lawsuit
was mentioned as well. Subsequently I feel a lot safer. Is this a
false feeling of security?
YES
--
Justin Greene <jgreene@nyx.cs.du.edu> Finger for PGP 2.x public key
------------------------------
From: poivre@netcom.com (Poivre)
Date: 16 Apr 1994 04:28:07 GMT
Subject: Re: Credit Check only with Permission Granted
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Executive Protection Assoc (cntrspy@netcom.com) wrote: Yes credit
info is confidential and not available without a release but there
is a loophole called "credit header" information that is NOT
regulated and includes name, ssn, most recent address, most recent
employers and sometimes other "lifestyle" information.
Hmmm, how about companies that do checks on people without their
permission to see if they can be good potential customers?? I also
got a copy of my own credit file and i saw that some companies have
looked at me. Heh, i found out that Citibank Gold card looked at me
but i guess they didn't like me since i didn't get any preapproved
invitations from them :( .
Don't kid yourself, I have also heard of places that can run a
check and not leave a "fingerprint" on your record...
Yes, and there are smaller credit bureaus who don't adhere to the same
strict guidelines that the "big 3" do and let just about anyone with
the money look at you.
Scary stuff...
Indeed!!
--
poivre@netcom.com : #include <disclaimer.h>
lychees@marble.bu.edu :
------------------------------
From: mea@intgp1.att.com (Mark E Anderson +1 708 979 4716)
Date: 15 Apr 94 00:39:00 GMT
Subject: Re: Let your Fingers do the Walking on the Internet
kbarger@ACC.HAVERFORD.EDU (Kyle Barger) stated: I was very
interested to finally see this book in print.
It would also be kind of interesting to see someone scan all of this
information and post it electronically in the public domain. I wonder
what kind of copywrite protection he has on the information he took?
Also, there probably wouldn't be a way for him to sue since by making
some additions to the list, the two lists would not be the same and
whose to say someone else couldn't do the same thing. I think this
list would be very hard to copyright leaving the door open for anyone
to publish a competing book.
from a privacy perspective, I have no objections to this kind of data
collection. You have to realize that anything you do on the net can be
monitored by someone. That's just a fact of the net. I protect my
privacy by keeping informed of the subject as much as possible.
Knowledge is the greatest asset against any adversity.
Mark Anderson mea@intgp1.att.com
------------------------------
From: stanwong@kaiwan.com (Stan Wong)
Date: 14 Apr 1994 20:19:51 -0700
Subject: Re: Let your Fingers do the Walking on the Internet
Organization: KAIWAN Internet (310/527-4279,818/756-0180,714/741-2920)
Paul Robinson wrote: Some people seem to have gotten upset over
the collection of E-Mail addresses for advertising. Now, here,
someone has generally collected everyone's address off public
messages, and published them in a book that is sold over the
counter in a computer store. I wonder how people feel about this
issue.
I don't like it. At least the phone company gives me the option of
being listed, or not, in the public telephone directory as well as the
street directory listing.
I don't equate my email address to my street address. It's more like
my telephone number. It's another way for someone to access me (albeit
on a non-interrupt basis). Currently I use email as a means of focused
communication among a group of people with whom I want to exchange
information. I don't want to get the equivalent of electronic junk
mail. It's only annoying in the time that I would have to spend
weeding through the stuff.
Here's some questions to think about: What do you think about the
practice? Is it right or wrong and why? Does this impact people's
security? Are there risks involved if your E-Mail address becomes
well known or if it is misprinted in a published "white pages"?
Are there other considerations to think about?
As far as I can tell there's nothing illegal about this. It may be
borderline unethical since the other and others are making a buck with
this information (of course, I suppose it's much like selling mailing
lists). Clever idea, though.
--
Stan Wong |
Current Email : stanwong@kaiwan.com | Space for rent.
Permanent Email : s.wong@ieee.org |
------------------------------
From: andy@autodesk.com (Andrew Purshottam)
Date: 15 Apr 1994 21:14:28 GMT
Subject: Re: Let your Fingers do the Walking on the Internet
Organization: Autodesk Inc.
When your usenet posting flows though _my_ computer, I'll do what I
like with the info. Trying to regulate this will only give us
ridiculous laws like th swedish data protection act discussed recently.
If you want privacy in a usenet posting, use an anonmous posting
technology, or get a provider that supposrts handles.
--
Andrew V. Purshottam /\ | andy@autodesk.com ...!fernwood!acad!andy
Autodesk, Inc. //\\ | (415)289-4423 FAX (415) 331-8093
2320 Marinship Way ///\\\ | Sausalito CA 94965
"The views expressed are those of the speaker."
------------------------------
From: higgins@dorsai.dorsai.org (John Higgins)
Date: 16 Apr 1994 00:29:02 GMT
Subject: Re: Let your Fingers do the Walking on the Internet
Organization: The Dorsai Embassy, New York, NY
God love Mr. White Pages for being innovative. What's the big deal? The
info's floating around out there. I have a .sig, so I like to advertise.
--
John M. Higgins higgins@dorsai.dorsai.org
Multichannel News CIS:75266,3353
FINGER broken, V)212-887-8390/F)212-887-8384
E-mail me for the Cable Regulation Digest
------------------------------
From: poivre@netcom.com (Poivre)
Date: 16 Apr 1994 04:41:32 GMT
Subject: Re: K12 Personal Security
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Just tell the kids not to give out their physical address/phone numbers.
The FAQs on the k12 newsgroups cover this.
--
poivre@netcom.com : #include <disclaimer.h>
lychees@marble.bu.edu :
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Apr 1994 20:15:27 -0500 (CDT)
Subject: FCC Issues Decision on Caller ID (Finally)
Organization: University of Wisconsin-Milwaukee
Taken from the CPSR Alert 3.06:
After three years of deliberation, the FCC in April finally issued its
rules on Caller Number Identification. The FCC mandated that telephone
companies that use Signaling System 7 offer Caller ID for interstate
calls and that interstate carriers carry the signals at no charge.
The FCC ruled that telephone companies provide free per call blocking
for interstate calls, preempting the decisions of over 30 states public
utility commissions, many of which have opted for greater privacy
protections. It adopted a controversial brief by the Department of
Justice brief, which decided that Caller ID does not violate the
Electronic Communications Privacy Act prohibition of "Trap and Trace
Devices," which capture the numbers of incoming telephone calls.
Previously, the Congressional Research Service and several states found
that Caller ID was a trap and trace device.
The FCC rules also require that users of ANI services, such as 800 and
900 number services, which do not currently have a blocking capability,
obtain consent from callers before passing on the information.
Telephone companies must institute public education campaigns about ANI
and Caller ID.
A copy of CPSR and the US Privacy Council's brief to the FCC and other
materials from CPSR on Caller ID are available at the CPSR Internet
Library.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Apr 1994 20:15:27 -0500 (CDT)
Subject: Medical Privacy Bill Introduced in Congress
Organization: University of Wisconsin-Milwaukee
Taken from the CPSR Alert 3.06:
Congressmen Gary Condit (D-CA), has introduced a comprehensive bill
protecting the privacy of medical records in the House of
Representatives. HR 4077, the Fair Health Information Practices Act of
1994, is a free standing bill but is intended to be an amendment to HR
3600, the Clinton Administration's health reform bill and other bills
currently pending in Congress.
The bill creates fair information practices for the collection and use
of personal medical information. It mandates that holders of health
information keep that information confidential unless there is
authorization for its release by the patient or other limited
exceptions. Each person who obtains private medical information becomes
a trustee. Patients will also have the right to access, and correct
their own personal files.
The bill also creates criminal and civil penalties for improper access
or disclosure of records. For criminal access, penalties are up to a
$250,000 fine and 10 years in jail. Civil penalties are available
against any private company, individual or state or local government
for damages, including punitive damages in some cases, and attorney
fees.
One area that has caused some concern is the law enforcement access to
medical records. As currently written the bill allows law enforcement
access to patient records with only a written certification by a
supervisor that access is being obtained for a lawful purpose. Privacy
advocates are concerned that a low threshold for obtaining records will
encourage "fishing expeditions" for information by law enforcement
officials.
HR 4077 was also cosponsored by John Conyers (D-MI) and Maria Velazquez
(D-NY). Congressional hearings will be held on April 20, 27 and 28.
CPSR has been asked to testify on April 28. HR 4077 and supporting
materials are available from the CPSR Internet Library. (See below for
details).
HR 4077. Fair Health Information Practices of 1994
/cpsr/privacy/medical/
hr4077 - text of bill
hr4077.faq - Frequently Asked Questions
hr4077.int - Questions and Answers
hr4077.pr - Press Release
hr4077.sum - Summary
Transcripts of the CFP94 panel "Who holds the Keys?" and Bruce
Sterling's Speech
/privacy/crypto/cfp94_who_holds_keys_discussion.txt
/privacy/crpyto/cfp94_sterling.txt
The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are
also archived. For more information, contact ftp-admin@cpsr.org.
------------------------------
End of Computer Privacy Digest V4 #053
******************************
.