Computer Privacy Digest Sat, 06 Aug 94 Volume 5 : Issue: 018
Today's Topics: Moderator: Leonard P. Levine
Internet White Pages
hacker recourse/please post
Re: SSN Required by Sprint in U.S.
Re: SSN Required by Sprint in U.S.
Re: Fingerprinting Rules
Re: Many Phone Taps are now Legal
Re: Unsolicited Advertisements in the Mailbox
Re: Bank Account Numbers
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: jeffrey@minerva.cis.yale.edu (Jeffrey Licht)
Date: Thu, 4 Aug 1994 20:21:36 -0400 (EDT)
Subject: Internet White Pages
I was browsing in our local Borders yesterday, and came across a book
called (as I recall) "The Internet White Pages". Purely on a lark, I
looked for my name, and, to my surprise, it was there, along with my
email address. Upon further research, I found that the names and
addresses were obtained by searching all postings on Usenet for some
period of time, which at least explained why I was in there. I know
that there is a searchable list of people on-line who've posted on
Usenet somewhere, but seeing the same information in print seems
different.
I see a few issues here:
* Do people posting on Usenet know that their e-mail addresses are
being recorded? (I doubt it.)
* Would more people post anonymously if they knew this?
* Does anyone have the right to publish this information about me.
for personal gain, without contacting me first? This is currently
done all the time with (snail) mailing lists - is it appropriate
for the Internet?
* And if this book calls itself a "White Pages", is there a
provision to request an unlisted number? (There may be - I didn't
look at it long enough to find out.)
------------------------------
From: pub556@idptv.idbsu.edu (Jim Arriola)
Date: Fri, 5 Aug 1994 09:14:38 -0600 (MDT)
Subject: hacker recourse/please post
Re: Owners of computers that have been "hacked" or attacked.
THIS WRITING IS NOT LEGAL ADVICE - THE WRITER IS NOT AN ATTORNEY
Federal law provides for criminal penalties when any "Federal interest
computer" [system] has been "hacked" or attacked or misused. If modems
connect one computer to others via interstate telephone circuits, the
"Federal interest computer" definition has been met. Every privately-
owned computer with modem, then, may be a "Federal interest computer".
This federal law has been called THE COMPUTER FRAUD AND ABUSE ACT; and
it is Title 18, United States Code, section 1030. The full text is
about 25,000-bytes, so it can be emailed but is bulky.
If filing a criminal complaint against a "hacker" does not bring
complete satisfaction, a civil suit demanding reimbursement for all
monetary expenses required to "repair" the damage is always a
possibility. In anticipation of filing a civil suit against a
"hacker", be SURE to document (IN WRITING) all the phone and other
expenses, and all the staff time, required to reconstruct, restore
files, etc., preferably at the same time as the recovery effort. That
documentation may be the only evidence of monetary damages usable in
court to establish actual dollar damages, so all victims of "hackers"
are strongly encouraged to document everything completely.
The full text of this law have been placed in the library that is
available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as
"ftp" with password "yourid@yoursite". The archives are in the
directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Interested readers might well want to purchase the CDROM from which
this text was obtained. It was extracted from a CDROM entitled:
"UNITED STATES CODE CONTAINING THE GENERAL AND PERMANENT LAWS
OF THE UNITED STATES, IN FORCE ON JANUARY 2, 1992"
"Prepared and published under the authority of Title 2, U.S.Code,
Section 285b by the Office of Law Revision Counsel of the House of
Representatives"
The CDROM was shipped about 10/93 from:
THE UNITED STATES GOVERNMENT PRINTING OFFICE Cost then: $34.00
GPO stock number (1992 version): GPO S/N 052-001-00438-8
*** Order the most current version rather than this older stock number!
--
Jim Arriola INTERNET:
P.O. Box 6892 pub556@idptv.idbsu.edu
Boise, ID 83707
------------------------------
From: oppedahl@panix.com (Carl Oppedahl)
Date: 5 Aug 1994 23:44:32 -0400
Subject: Re: SSN Required by Sprint in U.S.
Organization: Oppedahl & Larson
tenney@netcom.com (Glenn S. Tenney) writes:
dunn@nlm.nih.gov (Joe Dunn) wrote: From what I remember though,
there was provisions to give a number to someone who did not
have a SSN. The SSN is used by the system for several reasons.
To get adequate voice sample to verify your voice while at the
same time not reject you because it doesn't recognize your
voice. To facilitate this, the 800 number you call to gain
access to the system is determined by your SSN. In that way if
it misidentifies a digit, it can decide, that number should not
be dialing this 800 number. You don't get billed for some-
elses calls because of misidentified numbers.
It seems that one simple thing would be to just have the person say
the 800 number that they called. Nothing to remember, no SSN,
nothing. The person has to have the 800 number to call it and it's
the right number of digits plus the system knows that the number is
supposed to be that you're saying. Sure seems that it would
work...
Just defending a legitimate use of a SSN.
Well, since you began by noting that the system had provisions for
any other number to be used, it's clearly NOT a legitimate use of
the SSN.
Mr. Tenney is right, of course.
What is particularly annoying about Sprint demanding you speak your SSN
to use this fancy calling card, is that from now on whenever you are
standing in one of those nasty bus stations or airports where shoulder
surfing is so much of a problem ... you are revealing your SSN to
anyone standing near enough to hear it.
--
Carl Oppedahl AA2KW
Oppedahl & Larson (patent lawyers)
Yorktown Heights, NY
oppedahl@patents.com
------------------------------
From: faulkner@wimsey.com (Andrew Faulkner)
Date: Thu, 4 Aug 1994 16:00:11
Subject: Re: SSN Required by Sprint in U.S.
Organization: Forest Engineering Research Institute of Canada
dwn@dwn.ccd.bnl.gov (Dave Niebuhr) writes: Sorry, but Sprint
dropped the ball on this one.
I am told that starting in September Sprint will be offering its
services to private home subscribers in Canada. It will be interesting
to see if they play "ball" by the Canadian rules (CFL?) and forgo the
temptation to use our Social Insurance Number (SIN). As with the
American SSN it is not well protected by law for use by private
corportations. The government frowns on non-tax related use however.
---
Andrew Faulkner, Data Alchemist | faulkner@wimsey.com
Box 78539 University Postal Outlet | tel: (604) 224-2570
VANCOUVER, B.C. V6T 1E7 Canada | --- PGP public key available ---
------------------------------
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Date: Thu, 4 Aug 1994 18:42:30 -0400 (EDT)
Subject: Re: Fingerprinting Rules
Prof. L. P. Levine <levine@blatz.cs.uwm.edu> writes: Then I got to
a form that was titled Fingerprint Authorization. It read similar
to the following, but this is from memory:
"I voluntarily give authorization to be fingerprinted, and give
permission my fingerprints to be used in a manner deemed
necessary by <name of bank>."
"I understand that I do not have to have my fingerprints taken
and this will not affect any current or future employment with
<name of bank>."
It seems to me that the first paragraph is the key one in this issue.
The operative word is voluntary and no matter what anyone says,
voluntary means just that -- voluntary. The second just backs up the
first.
Just because someone in a business says that they have to do it but
they ignore it is going to cause the bank some problems. The fact that
the FDIC (mentioned later on) had someone who didn't know anything, the
trick would be to go higher and higher to see just who had the
authority to do something about resolving the mis-use of "voluntary."
I never take "that's the way we do it" or "never heard of it" from
anyone I deal with, especially telephone companies who are notorious
for these words.
As the person said, the job was needed so he/she relented. In a way
that was too bad.
Side note: I have been fingerprinted three times in my life
(horrors!). once each by the United States Naval Reserve, the United
States Air Force and by my employer, Brookhaven National Laboratory
which is owned by the US Department of Energy but operated by
Associated Universities, Inc. Each was mandatory but I would have
given them anyway because, like the employee, I wanted the job.
Not like the employee, I had no option and in fact was never told that
fingerprinting was mandatory.
--
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov
niebuhr@bnlcl6.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 1+(516) 282-3093
FAX 1+(516) 282-7688
------------------------------
From: John Palkovic <palkovic@x4u2.desy.de>
Date: Fri, 5 Aug 1994 08:31:19 GMT
Subject: Re: Many Phone Taps are now Legal
Chuck Weckesser <71233.677@compuserve.com> writes: One writer is
mistaken when he states that "all" cordless phones are fair game.
One, available from the Sharper Image (A Uniden model) operates on
the 900 mghz range, making "accidential" interception impossible.
The last time I looked in a Radio Shack catalog, they were listing a
phone that claimed to scramble the signal between the headset and the
base. This would make casual "tapping" via radio impossible. I recall
the price was in the $200 range.
--
palkovic@desy.de Deutsches Elektronen-Synchrotron, Relativity Engineering
"I ask each of you to be intolerant of creeping bureaucracy." - Bob Wilson
finger for PGP public key. MIME and PGP mail welcome
------------------------------
From: briang@access.digex.net (Brian G.)
Date: 5 Aug 1994 14:33:10 -0400
Subject: Re: Unsolicited Advertisements in the Mailbox
Organization: Express Access Online Communications, Greenbelt, MD USA
Cristy <cristy@eplrx7.es.duPont.com> wrote: I frequently find
unsolicited advertisements in my mailbox. These advertisements are
not delivered by the postman but by people that go from box to box
and pop them in. I understand this is against postoffice
regulations. Can anyone cite the regulation? What are my options
to try to get this stopped. I consider this a privacy issue
because people I do not know are going in my mailbox. I have no
way of knowing whether they are in fact reading or taking any mail
that may already be there...
Just go to the post office serving that area, ask for a supervisor, and
give them a copy of one of the ads. They will probably contact the
advertiser and inform them that they can either stop or pay $.29 per ad
+ fines (if applicable).
We were doing this as a non-profit group and the post office informed
us to stop or start paying.
I believe that they are entitled to bill without warning if they wish.
Becuse... (drum roll, please)
You do not own your mail box.
The government does.
Once you put it up, it becomes govt property, and having someone
else put ads in it is infringing on the govt's rights to that
property.
--
That'll be $.29, please.
Brian G.
------------------------------
From: amy young-leith <alyoung@kiwi.ucs.indiana.edu>
Date: Fri, 5 Aug 1994 15:16:16 -0500
Subject: Re: Bank Account Numbers
Organization: Computer Science, Indiana University
Sherry White <sherry@meaddata.com> wrote: I never felt that I
should hide my bank account number because I felt the only thing
one could do with it was deposit money into my account. Then I was
told that when a company direct deposit your check into the accout
they have the previledge to deduct money as well. They say it's
incase a mistake is made and needs correction. Could someone e-mail
me and tell me what else can be done with my bank account number.
I was just thinking today.... "Am I the only one bothered by this new
gimick of "Have your payment deducted monthly from your checking
account...." thing I'm seeing everywhere.
What I want to ask is: WHEN did I give my bank authorization to allow
other people to take money out of my account? How can they allow these
"dedictions" with just a signature at a company (most say, "Just fill
in your account number and sign below...."
For instance, I hung up on a "free trial offer" for AOL because they
wanted a credit card or bank account number, "just in case you go over
and use additional time." Hell no!
--
\ Amy Young-Leith Bloomington, Indiana Lifetime Student
\ /\ (That thing to the left is a bunny!)
( ) The views expressed within represent only my opinions.
.( o ). ***Please feel free to email -only-***
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp on ftp.cs.uwm.edu
[129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The
archives are in the directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
End of Computer Privacy Digest V5 #018
******************************