Computer Privacy Digest Sat, 18 Jun 94 Volume 4 : Issue: 079
Today's Topics: Moderator: Leonard P. Levine
Archive Notes
Credit Reports Now Sold Over the Net
Misdirected Mail
Re: SSNs, Drivers and Students in Kentucky
Re: Social Security Number FAQ
Re: Information Required by Employer
Re: Information Required by Employer
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Jun 1994 10:43:29 -0500 (CDT)
Subject: Archive Notes
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest (CPD) is a forum for discussion on the
effect of technology on privacy. The digest is moderated and gatewayed
into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
CPD maintains an archive site for material of general interest that is
too long to post. We also maintain all back issues of CPD for those
who wish to peruse issues that have passed. These issues are ordered
by Volume and Issue number.
Ftp Access into ftp.cs.uwm.edu with userid 'ftp' and password
'yourid@yoursite' will open up the directory. The archives are in the
directory "pub/comp-privacy". Archives are also held at the address
of the former moderator, Dennis Rears, ftp.pica.army.mil
[129.139.160.133].
Within the directory pub/comp-privacy a 'dir' command will show the
following:
drwxr-xr-x 2 levine ftp 512 Apr 11 11:15 library
drwxr-xr-x 2 levine ftp 2048 Mar 8 09:53 volume1
drwxr-xr-x 2 levine ftp 1024 Mar 8 09:54 volume2
drwxr-xr-x 2 levine ftp 1536 Mar 8 09:55 volume3
drwxr-xr-x 2 levine ftp 1024 Apr 8 08:17 volume4
and within the directory pub/comp-privacy/library you will find the
following:
-rw-r--r-- 1 levine ftp 290932 Apr 11 11:14 hideseek.uue
-rw-r--r-- 1 levine ftp 61126 Jan 19 14:17 net-privacy-part1
-rw-r--r-- 1 levine ftp 50905 Jan 19 14:17 net-privacy-part2
-rw-r--r-- 1 levine ftp 43002 Jan 19 14:17 net-privacy-part3
-rw-r--r-- 1 levine ftp 26986 Jan 7 13:32 ssn-privacy
-rw-r--r-- 1 levine ftp 6090 Feb 7 08:54 ssn-structure
Please come and access what you wish.
If you are unfamiliar with the use of the File Transfer Protocol (ftp)
the following short summary might help. On most systems the following
procedure will work, if you have a local command named ftp:
You type: Comment on the command:
ftp ftp.cs.uwm.edu (on your system)
ftp (answer to login request)
your_userid@your_site (answer to password request)
cd pub/comp-privacy (at ftp prompt)
dir (look at what is there)
cd library (at ftp prompt)
dir (look at what is there)
get hideseek.uue (move document to your filespace)
cd .. (back to previous menu)
cd volume4 (at ftp prompt)
dir (look at what is there)
get V4#031 (move document to your filespace)
quit (back to your system)
------------------------------
From: bruce@jise.isl.melco.co.jp (Bruce Hahne)
Date: 16 Jun 1994 21:15:14 -0500
Subject: Credit Reports Now Sold Over the Net
Organization: UTexas Mail-to-News Gateway
Below is an ad which was forwarded over eff-activists. Is this the way
the system works; everybody EXCEPT me is allowed to look at my credit
history?? Doesn't some provision of the Fair Credit Reporting Act
require Creditel to make this information available to me?
I wrote to Creditel asking for information, mostly to see if they were
planning to transmit credit reports over the net unencrypted. They
aren't; right now they're only accepting ORDERS via the Internet.
I've put two attachments below: first, the original ad, and second,
extracts from Creditel's reply to my information request. I thought
people might be interested in what you really have to go through (not
much) to order reports; just sign the form, fax it in, and you're set.
I'll be VERY interested to see what encryption scheme they choose. Will
they choose something unexportable like PGP and tell non-U.S. customers
to get the sources via ftp? Will they just not sell email reports to
non-U.S. customers? Will they use a poor encryption scheme which is
exportable but breakable? Hmmmm.
Bruce Hahne
bruce@jise.isl.melco.co.jp
"By hook or by crook, we will."
---------------------------------------------------------------------------
From: creditel@interaccess.com (CREDITEL)
Newsgroups: biz.comp.services,misc.entrepreneurs,alt.business.misc
Subject: Re: Order Credit Reports over the net: CREDITEL
Date: 13 Jun 1994 23:18:35 GMT
Organization: InterAccess, Chicagoland's Full Service Internet Provider
NNTP-Posting-Host: home.interaccess.com
Brian Porter: CREDITEL June 13, 1994
CREDITEL, one of the largest credit reporting agencies in the U.S. is
happy to announce its new credit reporting service over the internet. Now
for the first time CREDITEL will be offering internet users the
opportunity to order consumer and business credit reports directly over the
internet.
Businesses and organizations who require credit reports for their operations
will benefit greatly by the speed and competitive rates of CREDITEL'S new
internet service. Unfortunately, CREDITEL is unable to offer credit reports
to individuals who are seeking a copy of their own credit history.
Here is a sample of some of our services available at VERY competitive rates.
*Tenant Screening Reports *Landlord Eviction Reports * Name Searches
*Dunn & Bradstreet Business Reports * Residential Mortgage Credit Reports
*Skip Tracing *Social Security Searches *Address Searches
In celebration of our introduction on the internet we will waive all
membership fees and annual dues until June 30, 1994. If you have any
questions or would like more info send e-mail to: creditel@interaccess.com
---------------------------------------------------------------------------
Currently, we are only offering a service to order credit reports over
the net. We do plan to have an encryption program in place for
transmitting reports in the near future.
[snip]
Thank You for your interest in CREDITEL Credit Reporting.
In response to your request for additional information regarding CREDITEL,
we are pleased to provide you with a list of the services we offer along
with our current pricing. (All prices are in U.S. dollars)
- Trans Union or TRW or CBI personal credit report $12
- All three of the above $25
- Tenant Screening Report $20
- Landlord Eviction Report $15
- Dun & Bradstreet Business Report $70
- Residential Mortgage Credit Reports $50
- Skip Tracing $10
- Social Security # search $10
- Name search $10
- Address search $10
There are no monthly minimums required to subscribe to CREDITEL.
Payment can be made by VISA or Mastercard and regular users may be
invoiced monthly.
[snip]
To start using CREDITEL'S services complete and sign the attached
Service Contract Agreement and fax it back to us at 1-800-395-2435.
[snip]
SERVICE CONTRACT AGREEMENT
The Undersigned Applicant Agrees:
- To comply with all the provisions of Title VI (Fair Credit Reporting
Act) of the Consumer Credit Protection Act, under Public Law 91-508, when
using the reporting services of Creditel for consumer credit and
employment purposes.
- To certify that consumer inquires will be made, and/or consumer reports
ordered only for a permissible purpose as defined in Section 604 of the
Act, namely
1. intends to use the information in connection with a credit
transaction involving the consumer on whom the information is to be
furnished, and involving the extension of credit to, or review or
collection of an account of, the consumer; or
[some legalese cut]
- That the employees of the client are forbidden to attempt to obtain
reports on themselves or their associates, or on any other person except
in the exercise of their official duties.
[remainder of agreement cut]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Jun 1994 11:39:24 -0500 (CDT)
Subject: Misdirected Mail
Organization: University of Wisconsin-Milwaukee
from RISKS-FORUM Digest Friday 17 June 1994 (16:17) Peter G. Neumann,
moderator
From: jra1854@tntech.edu (Jeffrey Austen)
Date: 16 Jun 1994 11:24:16 -0600
Subject: Misdirected Mail
I received the following in the mail the other day. Quite amusing. I
wonder if the CIA would send out a similar message if one of their
secrets got out?
One of IBM's electronic mail distribution nodes experienced a
problem routing mail from Wednesday June 8, 1994, through
approximately 7:00pm Thursday June 9, 1994. This may have resulted
in your having received proprietary information that was not
intended for you. If you have received such information, please
return it to the Internet address:
xxx@xxx.ibm.com
without retaining any copies of it. If you have already destroyed
or discarded the information, please confirm this by sending a note
to this address stating that the information you received has been
destroyed.
If you are not sure whether you should have received certain
information or if you have any other questions, please call xxx xxx
at (xxx) xxx-xxxx.
Jeffrey Austen, Tennessee Technological University, Box 5004
Cookeville Tennessee 38505 U.S.A. jra1854@tntech.edu (615)
372-3485
------------------------------
From: lowell@bu.edu (Lowell Gilbert)
Date: 17 Jun 1994 14:54:46 GMT
Subject: Re: SSNs, Drivers and Students in Kentucky
Organization: Boston University
Poivre (poivre@netcom.com) wrote: I am happy to hear that at least
one state, Kentucky, is restricting the use and disclosure of
SSNs. Everyone else seems to be increasing its use and
accessibility.
Is this in fact the case? Can anyone confirm this statistically?
Massachusetts, for one, has recently stopped assigning SSNs as driver's
license numbers. But my experience is too limited to try to project in
general.
--
Lowell Gilbert lowell@acs.bu.edu
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: 17 Jun 1994 12:31:50 -0400 (EDT)
Subject: Re: Social Security Number FAQ
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Chris Hibbert <hibbert@kwi.com>, writes: The Privacy Protection
Study Commission of 1977 recommended that the Executive Order be
repealed after some agencies referred to it as their authorization
to use SSNs. I don't know whether it was repealed, but no one
seems to have cited EO 9397 as their authorization recently.
I have a suspicion it has been. Recent copies of the Nuclear
Regulatory Commission's Form 15, which is used by the agency to collect
names, home addresses and home telephone numbers to use for connecting
agency people to other agency employees at home, had a notice on the
back stating that one of the two provisions of the form requesting the
information was Executive Order 9397 of November 15, 1942.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: 17 Jun 1994 12:26:24 -0400 (EDT)
Subject: Re: Information Required by Employer
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Joe Dunn <jdunn@hnssys1.hns.com>, writes: what would you do if
someone doesn't have a SSN. there is no law requiring anyone to get
a SSN. Are you going to discriminate against people who don't have
one?
An employer is required to pay certain taxes on behalf of the employee,
and to use the employee's Taxpayer Identification Number to identify
those payments. The employer is permitted to collect from the employee
a portion of these taxes in reimbursement. (Some employers offer the
payment of the Social Security tax directly without deducting it from
the employee's pay as an additional fringe benefit.) These taxes, which
include some of the social security and federal income tax payments,
are what are called "trust fund taxes" meaning that even if the
employer goes out of business due to bankruptcy, the individual owner
of the business (or the directors of the company if a corporation) are
_personally liable_ for the payment of these trust funds, and the
payment obligation _cannot_ be discharged through bankruptcy.
Given this kind of serious and heavy liability, an employer is going to
want a social security number so that he isn't accused of not applying
your trust fund taxes to your account, since name alone might not be
enough.
At the place I used to work, we had at least three pairs of unrelated
people who had identical first and last names, in an organization of
more than 3,000 people, including two women who had the same first
name, last name and middle initial even though they were totally
unrelated. With such a possibility, not having a social security
number would be a serious problem.
I am not certain, but I suspect the IRS could claim that the law
requires someone who is obtaining "income" to require a Social Security
number or Taxpayer Identification Number. (I have both, a TIN is not
hard to get, and whenever someone asks for a number, I give them the
TIN if I can.) Social Security numbers are assigned by SSA, and TINs
are assigned by IRS.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: tnyurkiw@lagrange.uwaterloo.ca (Tom Yurkiw)
Date: 17 Jun 1994 20:56:20 GMT
Subject: Re: Information Required by Employer
Organization: University of Waterloo
what would you do if someone doesn't have a SSN. there is no law
requiring anyone to get a SSN. Are you going to discriminate
against people who don't have one?? There are already laws on the
book to protect a person's SSN. The law already states that the SSN
can not be used for identification purposes.
What is the purpose of the American SSN?
In Canada, we have a SIN (Social Insurance Number) which is used to keep
track of a person's income, as well as
employment benefits (Unemployment Insurance, Canada Pension Plan)
which employers are required to contribute to. So, the case you raised,
would be impossible -- employers must receive the SIN's of their
employees :), and send them to the government. :)
---------Tommy the Yurk
------------------------------
End of Computer Privacy Digest V4 #079
******************************
.