Date: Mon, 16 May 94 10:35:34 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#066
Computer Privacy Digest Mon, 16 May 94 Volume 4 : Issue: 066
Today's Topics: Moderator: Leonard P. Levine
Re: FCC order on interstate Caller ID
Re: Credit Check only with Permission Granted
Journalists attack credit card account
UPENN and SSN
Community Nets Crackdown in Italy
IRS "Privacy Principles"
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: padgett@tccslr.dnet.orl.mmc.com (padgett peterson)
Date: 13 May 1994 17:14:37 GMT
Subject: Re: FCC order on interstate Caller ID
Organization: Martin-Marietta
johnl@iecc.com (John R Levine) said: In other words, per-line
blocking is a bad idea because subscribers are too dumb to unblock
calls when they want to unblock them, although they're not to dumb
to block calls when they want to block them.
Not at all (and the negative loading is uncalledfor IMHO). First both
have been avaialble for some time in various areas (Florida is per
call).
Where per line blocking was chosen numerous complaints occurred
concerning the impossibility of the user to tell which way
star-six-seven would toggle the blocking (is it or isn't it, only the
callee will know...). With per call, ther is no question.
Second, the person making the call might not be the one who started the
blocking & might not even have any idea of what it is (I live in
tourist world remember). With per call, thedefault is off.
Finally in an emergency situation it is easy to visualize a cartoon
where the receiver is saying "sorry, first you must dial star-six-seven
before making this call. <click>". All it would take would be one.
Now if there is a special situation where the CNID should *never* be
returned or a different number should display, I am sure that the home
of the unlisted number will be happy to assist, new source of revenue
are always welcome.
And let's not forget 0, 911, 800, & 900 ANI. Star-six-seven has no
effect for now.
I say the FCC is right and per-call blocking should be the default.
------------------------------
From: rivaud@rain.org (L. E. de Rivaud)
Date: 13 May 1994 11:28:21 -0700
Subject: Re: Credit Check only with Permission Granted
Organization: wherever.com
Poivre (poivre@netcom.com) wrote: So no matter how you intend to
pay for the car, as long as youre going to test drive it, you will
get checked right?? So people should avoid a test drive and just
test drive their friend's cars or something.
Sure just don't buy a car that costs more than $10,000. Pay cash.
Then find an insurance company who doesn't require a ss#. (OR move to
a state that does not require auto insurance. Are there any?)
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 13 May 1994 21:00:23 -0500 (CDT)
Subject: Journalists attack credit card account
Organization: University of Wisconsin-Milwaukee
Taken from Risks-List: RISKS-FORUM Digest Thursday 12 May 1994 (16:06)
Date: 11 May 94 21:51:29 EDT
From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
Subject: Journalists attack credit card account
>From the Reuter newswire via CompuServe's Executive News Service (GO ENS):
"FRANKFURT, May 10 (Reuter) - A journalist from a well-known German
satirical magazine has cut off fugitive real-estate tycoon Juergen
Schneider from one source of cash -- by ringing up Schneider's credit
card company and cancelling his account.
The magazine Titanic said journalist Bernd Fritz had telephoned the
Eurocard company and blocked the account by giving Schneider's name and
date of birth."
The article explains that Schneider has been on the run for over a
month and has filed for bankruptcy. He is under investigation for
credit fraud.
Asked for identifying information, including Schneider's bank, the
journalist picked a bank at random--and was right.
The magazine writers now claim that they will try to block credit cards
for other fugitives.
[Comment by MK: I have been saying for a long time we need PINs for
credit cards! I hold no brief for the accused man, but it does seem
odd that someone else be able to cancel a person's account. How would
you like it if some prankster cancelled _your_ credit/bank/phone/...
account with a simple phone call?]
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
------------------------------
From: michael.feeley@dscmail.com (Michael Feeley)
Date: 15 May 94 14:20:00 -0640
Subject: UPENN and SSN
Organization: DSC/Voicenet * Ivyland, PA * (215) 443-9434
Sun 94.05.15 @ 14.19
Late this past winter, the University of Pennsylvania (PENN) notified
all employees that we would have to provide the names, dates of birth
(DOBs), relationship, sex, student status, disability status and Social
Security Numbers (SSNs) for all our dependents when completing our
benefits enrollment forms for 1994- 1995 (called Pennflex Open
Enrollment). We were told that this was to comply with IRS regulations
(the H-2), new accounting procedures (which require future retiree
medical expenses to be recognized on an accrual basis), and to enable
the electronic transmission of employee and dependent records into the
"medical carrier's eligibility systems." A dependent database is to
facilitate these needs.
Several weeks later I received a call from someone in the Benefits
Office requesting the SSNs of my dependents. He didn't know what the
Privacy Act was, but assured me with energetic solemnity that the
Benefits Office maintained personnel records in "strictest
confidence." I indicated I would appreciate a copy of the Privacy Act
statement for the SSN request. He informed me in a somewhat injured
and huffy tone that he would have to check on it with someone else.
Yesterday I received my "Pennflex Confirmation Statement" which
included all the information I had provided, the SSN spots were blank.
I am to make any necessary corrections, sign and return the form.
To my dismay, I also received the Pennflex Confirmation Statement from
another PENN employee (a professor in the medical school). This single
sheet includes the home address, name (with middle initial), DOB, sex,
disability status, and SSN for this man, *AND* the same information for
his wife and his two children (as well as his choices for medical,
dental, and life insurance coverage). It would appear that PENN does
not hold personnel information in "strictest confidence."
When I return the material early next week I would like to include some
information about the dangers of having such information "leak." I
would appreciate posts or email about said dangers (which would be
included in a packet accompanying the man's benefits form). I am also
thinking of sending it to Judith Rodin the President of PENN.
Information, comments and suggestions are most welcome. Thanks in
advance.
* Michael Feeley Haverford, Pennsylvania, USA ;
* michael.feeley@satalink.com (1:273/203) 71534,1343 ;
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 May 1994 10:13:05 -0500 (CDT)
Subject: Community Nets Crackdown in Italy
Organization: University of Wisconsin-Milwaukee
---------- Forwarded message ----------
Date: 15 May 1994 11:46:49 -0700
From: Bernardo Parrella <berny@WELL.SF.CA.US>
To: Multiple recipients of list COMMUNET <COMMUNET@uvmvm.uvm.edu>
Subject: Community Nets Crackdown in Italy.
-I am sending again this posting-yesterday night bounced back-
On May 10-12 1994, the first nationwide crackdown on telecom nets was
operated by Italian police.
Acting after a warrant issued by a Prosecutor in Pesaro, about 60
Bullentin Board Systems throughout the country have been visited and
searched by police officials.
Dozens of people were formally accused of "distribution of illegally
copied software and appropriation of secret passwords" under the law
approved by Italian Parliament in January this year.
In several cases police officials didn't know what to search for, thus
seizing computers, floppy disks, modems along with electric outlets,
answering machines, audiotapes, personal effects.
The raids also hit private houses and belongings, and in some places
sleeping people were abruptly woken up facing machine guns.
After searching probably around one third of the entire network - that
includes more than 300 BBSes - police officials closed several Fidonet
nodes, but no arrests were made.
A still inaccurate figure of people were charged with software piracy,
and dozens of computers and related devices were seized - along with
thousands of floppy disks, CD-Roms, W.O.R.M.S.
Moving after a suspected software piracy ring run by people involved in
a Fidonet node, the crackdown started in the night between May 10 and
11 in Milano, targeting in the two following days BBSes in Pesaro,
Modena, Bologna, Ancona, Pisa and other cities.
Fidonet Italia, member of the worldwide Fidonet network, is a
non-profit organization devoted to distribution of shareware and
freeware programs as well as to electronic forums on topics ranging
from technological to social issues. An essential communication tool
for several groups and individuals throughout the country, Fidonet
Italia became an active multi-cultural vessel and distributor of
several different nodes dedicated to specific issues: Peacelink
(solidarity, human rights), Cybernet (cyberpunk), Ludonet (games),
Scoutnet, Amynet, and others. For thousands of Italian people, Fidonet
BBSes today are invaluable tools of information-exchange, social
activism and professional activities.
The network policy strictly prohibits any distribution of illegally
copied software and fraudulent appropriation of secret passwords.
Also, Fidonet is one of the few International organizations which has
always stated and pursued a clear position against unauthorized copying
software.
At the moment, the raids seems to be motivated by accusations against
two people involved in a Pesaro-based BBS who were using Fidonet
contacts to allegedly distribute illegal copies of computer programs.
However, there are no reasons for such a vast law enforcement
operation. Most likely the prosecutor acted simply on the basis of the
Fidonet telephone numbers list (publicly available) owned by the two
suspected of software piracy. The vast majority of the people searched
don't have any kind of relationship with the suspected, and many of the
search warrants stated a generic "conspiracy with unknown" for the
crime of software piracy.
Particularly, the random and arbitrary seizures of floppy disks and
personal computers are completely unmotivated, because every BBS is a
completely independent structure and each sysop is running his/her own
hardware and software.
The seizures will resolve in a great economic loss for these people and
their professional activities will be surely affected from negative
publicity. Some of them own small computer-related companies while
others are physicians, hobbyists, students who risk personal savings to
run their services.
Because police officials also seized electronic and paper archives
containing data and numbers of the people who logged onto Fidonet
nodes, it is evident that investigations are going even further - thus
violating the constitutional right to privacy.
The first result of this crackdown is that many Fidonet operators
decided to shut down immediately their systems all over the country,
fearing heavier police intrusions in both their public activities and
private lives.
While the Italian Parliament recently approved specific laws about
copyright and piracy of computer software, there are still no rules to
protect personal privacy in the electronic medium. This legislative
void inevitably makes the sysop the only responsible person about
anything happens onto and around his/her own BBS.
Fidonet operators do not want and can not be the target of
undiscriminated raids that, forcing them to closing down their
activities, cause serious damages to themselves as well as to the
entire community.
In an article published Friday 13 by the newspaper "La Repubblica",
Alessandro Marescotti, Peacelink spokesperson, said: "Just when the
worldwide BBS scene is gaining general respect for its important role
at the community level, in Italy the law hits those networks that have
always been strongly against software piracy. Charging dozens of honest
operators with unmotivated accusations, the main goal of this crackdown
is directed against the social activities of small community nets -
thus clearing the space for commercial networking."
While terms and figures of the entire operation should still be
clarified, on Sunday 15 Fidonet Italia operators will meet in Bologna
to study any possible legal counter-action.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 May 1994 10:16:00 -0500 (CDT)
Subject: IRS "Privacy Principles"
Organization: University of Wisconsin-Milwaukee
From the Privacy Forum Digest Sunday, 15 May 1994 (03:10)
Date: 4 May 94 15:55:42 MDT
From: kristill@robie.cs.trw.com (Laurel Kristick)
Subject: IRS "Privacy Principles"
In the April 25, 1994 edition of _Federal Computer Week_ was an article
titled "Employee guide on protecting taxpayers' privacy planned."
The gist of the story is that the IRS plans to provide formal rules for
protecting personal information about individual taxpayers. The exact
wording of the guidelines is still being negotiated, but includes a
warning against "browsing," or opening taxpayer files without
authorization.
The final paragraph of this article was interesting:
"Among other instructions to employees, the guidelines would demand
they collect only information they need for their jobs, to ask
taxpayers for information before seeking it from third parties and to
verify with taxpayers all data obtained from other sources before
acting on it."
Can one assume that the IRS feels the need to put this in writing
because of serious problems with employees violating taxpayers privacy
and with accepting non-validated information?
------------------------------
End of Computer Privacy Digest V4 #066
******************************
.