Date: Mon, 08 Aug 94 07:09:40 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#020
Computer Privacy Digest Mon, 08 Aug 94 Volume 5 : Issue: 020
Today's Topics: Moderator: Leonard P. Levine
Re: Fingerprinting Rules
Re: Fingerprinting Rules
Re: Fingerprinting Rules
Re: Unsolicited Advertisements in the Mailbox
Re: SSN Required by Sprint in U.S.
Re: SSN Required by Sprint in U.S.
Re: SSN Required by Sprint in U.S.
Re: Internet White Pages
Re: Internet White Pages
DMV Records Available to Anyone who wants to Subscribe
Are Web Servers Anonymous?
Set Top Boxes
Re: Privacy Research Program - Help NEEDED
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: cwp101@psu.edu (Carmine Prestia)
Date: 05 Aug 1994 21:43:33 -0400
Subject: Re: Fingerprinting Rules
I read you message, it was forwarded to me by a friend. I work for a
municipal police department and in years past fingerprinted a LOT of
bank employees. I believe that the FDIC or some Federal law, if the
bank is nationally chartered, does require fingerprints or
authorization for fingerprints.
Consider that the FDIC wouldn't want its insureds hiring thieves to
handle the money that the FDIC protects. Years ago our local banks
would periodically have all their employees come in and get 'printed.
They probably just got to big to keep that up.
--
Carmine Prestia : Pennsylvania State University and
cwp101@psu.edu : State College Pennsylvania Police
WB3ADI : FBI NA 168th
------------------------------
From: tenney@netcom.com (Glenn S. Tenney)
Date: 06 Aug 1994 20:05:24 -0800
Subject: Re: Fingerprinting Rules
"Dave Niebuhr" <NIEBUHR@bnlcl6.bnl.gov> wrote: It seems to me that
the first paragraph is the key one in this issue. The operative
word is voluntary and no matter what anyone says, voluntary means
just that -- voluntary.
It would seem that in this case it was voluntary (not that I like it,
but)... if you didn't do it then you would almost certainly not get the
job because the prints were a part of the "evaluation" process. In
other words... the prints were voluntary because you could choose to
apply or not apply for the job --- your choice, no one is forcing you.
--
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
(415) 574-3420 Fax: (415) 574-0546
------------------------------
From: JBWOOD@CHEMICAL.watstar.uwaterloo.ca (JB Wood)
Date: 08 Aug 1994 00:24:20 -0400
Subject: Re: Fingerprinting Rules
Organization: University of Waterloo
"Dave Niebuhr" <NIEBUHR@bnlcl6.bnl.gov> writes:
Then I got to a form that was titled Fingerprint
Authorization. It read similar to the following, but this is
from memory:
It seems to me that the first paragraph is the key one in this
issue. The operative word is voluntary and no matter what anyone
says, voluntary means just that -- voluntary. The second just
backs up the first.
On a similar note, in Alberta, Canada, I applied for a job and was
asked if I would help speed things up by taking a lie detector test.
It was explained to me that it was optional, but it was hinted that
they would like me more if I made them feel better about my past. I
had no objections, and I actually had a little experiment in mind, as I
always wondered if I could fool the lie detector. As a side note, I
did fool the machine, and on something pretty serious too. Anyway, I
was interested in this concept and called a few people who knew about
this sort of thing. This is definitely an area in which you can file a
lawsuit if you feel you should have been hired based on abilities, but
you think you weren't based on your refusal to participate in something
they call "voluntary". On the company's part, its a great way to see
who will work for them and never complain about anything, but they must
be able to defend their choice in a civil rights suit. But that
shouldn't be a difficult thing to do. All in all, I felt the whole
situation stunk (but I got the job! I told the lie detector dude I was
planning on making a career in the industry when I knew I was going to
school in Ontario in 3 months).
Fingerprinting is a lot more serious and I would NEVER submit to any
gov't agency retaining my prints (voluntarily). About 8 years ago, my
mom thought it was a good idea when the police offered the free service
one weekend at the mall. They said it was to help find missing
children, but in my mind they just wanted to be able to use future
technologies to I.D. anybody by computer. I said I had a date that
night and didn't want ink all over my fingers... worked like a charm.
--
"They say that these are not the best of times,
But they're the only times I've ever known." - Billy Joel
jbwood@undergrad.uwaterloo.ca jbwood@chemical.watstar.uwaterloo.ca
"I'd start a revolution but I don't have time" - Billy Joel
------------------------------
From: es@crl.com (Eric Smith)
Date: 08 Aug 1994 10:07:49 -0700
Subject: Re: Unsolicited Advertisements in the Mailbox
Brian G. <briang@access.digex.net> wrote: Just go to the post
office serving that area, ask for a supervisor, and give them a
copy of one of the ads. They will probably contact the advertiser
and inform them that they can either stop or pay $.29 per ad +
fines (if applicable).
When I was a kid I delivered newspapers before dawn and put them in
people's mailboxes. This was in a rural area where the mailboxes are
big enough to hold newspapers. One kid on my route was a practical
joker. One morning when I opened his mailbox to put the newspaper in,
BANG! He had put a kind of fireworks thing in the mailbox, which
operated by pulling a string from it, and he had tied the string to the
mailbox door in such a way that it would pull out and go off when I
opened it.
I wonder if those are still available. What were they called? It
seems like they would be good to help train various delivery people to
remember to skip your mailbox.
------------------------------
From: poivre@netcom.com (Poivre)
Date: 06 Aug 1994 21:30:11 GMT
Subject: Re: SSN Required by Sprint in U.S.
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Dave Niebuhr (dwn@dwn.ccd.bnl.gov) wrote: Oh there isn't? There
are many privacy issues here: income, drivers liscenses, credit
cards held, etc.
Sprint really sees nothing as a privacy issue. First they've got the
Friends and Family program which they use to annoy your friends and
family, and now this! Sprint doesn't seem to know what privacy is, or
care. I would never use Sprint.
--
. . . . . . . . . . . . . . . . . . . . . . . . . .
poivre@netcom.com : #include <disclaimer.h>
:
. . . . . . . . . . . . . . . . . . . . . . . . . .
------------------------------
From: robert.heuman@rose.com (robert heuman)
Date: 07 Aug 1994 09:35:22 GMT
Subject: Re: SSN Required by Sprint in U.S.
Organization: Rose Media Inc, Toronto, Ontario.
From: dunn@nlm.nih.gov (Joe Dunn) The number has to be easily
remember by you. When you receive your calling card from Sprint, it
tells you to speak a digit plus your SSN. In that way you can
carry around your calling card and not worry about losing it and
being usable by someone who finds it. If Sprint were to assign you
a number, rather than your SSN, you would carry around that card
until you memorized the number or to remember the 800 number to
dial. Using your SSN protects you and Sprint from someone using
your card to make calls that they can't bill you for. The card does
not have your SSN printed on it.
I for one do NOT remember my SSN (SIN here in Canada, but I have BOTH)
and carry it in my wallet, where I would also carry my calling card if
I had one, so I cannot see how this use of the SSN would possibly be a
legitimate use of the SSN. As far as I am concerned any use of SSN or
SIN that is not required by LAW is NOT a legitimate use of that
number. Joe is welcome to feel it is legitimate, but it is NOT
required by any legal regulation that I know of, so I will have to
disagree....
--
R.S. (Bob) Heuman |My opinions are my own, and only my own!
rn.1886@rose.com |They are NOT those of my employer.......
RoseReader 2.50 P001886 Entered at [ROSE]
RoseMail 2.50 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285
------------------------------
From: "anonymous" <levine@cs.uwm.edu>
Date: 07 Aug 94 20:41:34
Subject: Re: SSN Required by Sprint in U.S.
=========
IMPORTANT: COULD YOU MAKE THIS POSTING ANONYMOUS ? THANKS !
=========
Surely sendmail reeled when thusly spake Carl Oppedahl: What is
particularly annoying about Sprint demanding you speak your SSN to
use this fancy calling card, is that from now on whenever you are
standing in one of those nasty bus stations or airports where
shoulder surfing is so much of a problem ... you are revealing your
SSN to anyone standing near enough to hear it.
I admit to once having dealt with the people who hang around public
phones, observing and memorizing other people's long distance calling
card access numbers, and then selling them. In this case, I "bought" a
code after it was demonstrated to me that this code did indeed work for
overseas calls.
By the time I set out to seriously (ab)use this code, three hours or so
later, the long distance company was wise to what had happened, and an
operator came on-line to quiz me. (I hung up at once.) Doubtlessly
astronomical charges had been rung up on this particular account quite
quickly.
Abuse of a social security number would presumably be detected much
more slowly. What in fact might the possibilities for abuse be if
one's social security number becomes known to one of these shady
characters ?
------------------------------
From: hedlund@teleport.com (M. Hedlund)
Date: 06 Aug 1994 18:23:50 -0700
Subject: Re: Internet White Pages
Organization: Teleport - Portland's Public Access (503) 220-1016
jeffrey@minerva.cis.yale.edu (Jeffrey Licht) wrote: I was browsing
in our local Borders yesterday, and came across a book called (as I
recall) "The Internet White Pages"[...] * And if this book calls
itself a "White Pages", is there a provision to request an unlisted
number? (There may be - I didn't look at it long enough to find
out.)
There is -- send email *from all of your accounts* to
'delete@whitepages.com'. (There is an 'add@whitepages.com' as well, if
you're into that sort of thing.) They accept rants at
'comments@whitepages.com'.
I have two serious problems with this:
(1) neither the 'delete' nor the 'add' address was advertised *before
the first edition*, nor have they been effectively advertised online
since the first edition; and
(2) their setup requires the user to take an active role in deleting
themselves from the "White Pages," rather than requiring users to
request a listing if they want one.
The "authors" would surely respond by stating that they have made an
effort to allow for unlisted addresses in future editions, and that
there is no expectation of privacy when posting a news message. The
first response is obviously inadequate, as very little effort has been
made to advertise the 'delete' address *online*, where it matters -- it
does not follow that everyone using Usenet also browses computer book
sections. Further, the entire project is wrapped in an analogy to
directory listings put out by phone companies, and that analogy is
misleading. My listing in any phone directory is directly linked to my
purchase of service from the publisher of that directory -- if I don't
like the way they deal with their "unlisted" clients, I can change
services or bring a complaint before the State Public Utility
Commission. There is no such connection between my purchase of service
from 'teleport.com' and my listed address in the Internet White Pages.
No matter what effort they make to advertise the 'delete' address, it
will always be inappropriate to compare their publication to phone
directories (unless, of course, they sell directory publication
services to individual Internet providers).
The second response, that there is no expectation of privacy in the
news distribution system, is more convincing. It is not reasonable to
think of a news message as private when it is copied to every news
carrier on the net; especially as, by grepping the news spool, a user
would not even have to read the group carrying the posting to get an
address from it. Until recently, however, this meant a poster was
giving up a degree of privacy in the realm of net users; which is
different than giving up that degree of privacy in bookstores. Usenet
itself, grep, news spools, netfind, whois, and so on, have been -- and
certainly were during the time the "White Pages" was collecting
addresses -- more obscure tools than a book in a bookstore. However
much that may have changed and may still change, there is a difference
in scale. The publishers of the "White Pages" took addresses, freely
given on the net, and gave them out (for a price) in an area of society
largely unrelated to Usenet. If we did give up the privacy of our
email addresses by posting news messages, we gave up privacy *in that
forum*, which should be distinct from surrendering that privacy
entirely.
To turn their analogy against them: if a Regional Bell Operating
Company (US West, Ameritech, etc.) were to use 'finger' to collect net
users' phone numbers, and then were to add those numbers into their
phone directories, the unlisted net users would be most upset. The
phone companies would be mistaken to say that the users had surrendered
all privacy for their phone numbers by listing them in their 'finger'
information. I can always change my 'finger' listing. It is much more
difficult to change a printed listing such as the "White Pages."
I would suggest that the publishers, at the very least, post a monthly
message to 'news.announce.important' advertising the 'delete' address
and informing users of their actions. I would be much happier to see
the "White Pages" exist as a voluntary service only -- users who wish
to be listed must actively request such a listing. I would also like
to see an option, similar to that in *real* phone books, for a marking
next to listed addresses that forbids commercial solicitations.
<hedlund@teleport.com>
------------------------------
From: jgd@dixie.com (John De Armond)
Date: 07 Aug 94 01:08:35 GMT
Subject: Re: Internet White Pages
Organization: Dixie Communications Public Access. The Mouth of the South.
jeffrey@minerva.cis.yale.edu (Jeffrey Licht) writes: * Do people
posting on Usenet know that their e-mail addresses are being
recorded? (I doubt it.)
If a person speaks in public to an audience of thousands, does he know
that someone may have written down his name for future use? If he
didn't, he should have.
* Would more people post anonymously if they knew this?
No. What good is building up a presence on the net if that presence is
"an12345"?
* Does anyone have the right to publish this information about me.
for personal gain, without contacting me first? This is currently
done all the time with (snail) mailing lists - is it appropriate
for the Internet?
You mean "is it appropriate for the Usenet." Of course.
* And if this book calls itself a "White Pages", is there a
provision to request an unlisted number? (There may be - I didn't
look at it long enough to find out.)
Most people on Usenet are accomodating. I'm sure if you asked nicely....
--
John De Armond, WD4OQC, Marietta, GA jgd@dixie.com
Performance Engineering Mag. Unsolicited email published at my sole discretion
The government has 3 new savings bonds: The Steffie bond with no maturity,
the Gore bond with no interest and the Clinton bond with no principle.
------------------------------
From: richburr@netcom.com (Richard Burroughs)
Date: 07 Aug 1994 01:23:42 GMT
Subject: DMV Records Available to Anyone who wants to Subscribe
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Bfolensbee (bfolensbee@aol.com) wrote: There are a number of
commercial "information providers" which can be subscribed to and
the ones I have seen include not only DMV records but info on your
property, neighbors, any type of publicly filed information such
as bankruptcies, tax liens, judgements against you, whatever. It
always amazes me what is available on most people in this country
that they have no idea
I have recently seen ads in local newspapers here in Portland, OR, for
CD-Roms of the Oregon DMV records. I've seen them advertised for sale
at least twice now. I'm not sure if it was only one, or if the person
was selling multiple copies. Is this legal?
--
Rich Burroughs
richburr@netcom.com
------------------------------
From: mlaroque@aol.com (MLaroque)
Date: 08 Aug 1994 04:36:02 -0400
Subject: Are Web Servers Anonymous?
Organization: America Online, Inc. (1-800-827-6364)
A web question:
I understand that the administrator of a web server has access to a log
of connections made.
How do the logs for the server work ?
As a server administrator, can one determine the
[1] { } users who web to the server
[2] { } sites of the users who web to the server
[3] { } sites from which the most adjacent connection was made
An example of the third option is as follows:
user on netcom webs to ucla.edu
user chooses cs.bu.edu from a menu on ucla
Under [3] above, the cs.bu.edu administrator would know that
there had been a web connection from ucla, but would not know
the the client was on netcom.
Essentially, I am wondering about the anonymity of the users
connecting to a server.
Martin Laroque
------------------------------
From: Marc Thibault <marc@tanda.on.ca>
Date: 07 Aug 1994 20:59:45 -0400
Subject: Set Top Boxes
Organization: Tanda and Associates
Jeremy D. Allaire <jallaire@skypoint.net> writes: IMHO, the bottom
line is that all of this technology will continue to be advertiser
driven, and, hence, the advertiser will shape the contents of your
box more than you shape the contents of your box.
Although there is a privacy issue here, there are also some benefits
(which is why we routinely give up bits of privacy).
(1) If you had to pay the full cost of delivering television
programming to your home, you would spend more time in theatres. A lot
of people would choose to do without TV. Advertisers pick up the tab
and make TV cheap for us to watch. It is appropriate that they get
some compensation in the form of viewer attention.
(2) Smarter marketing as a result of effective use of consumer
databases means that the time you do spend watching ads will more
likely be useful. No advertiser is going to waste selling dollars
trying to sell you something you don't want or need if they can help
it. You'll get ads for stuff you are actually interested in buying. In
the end, you do in fact shape the contents of your box; effortlessly.
(3) Smarter marketing will also make it cost effective to advertise
niche products, so you won't have to dig all over the place for that
special item - the producer will find you.
--
Marc Thibault | Information Systems Architect
Oxford Mills, Ontario, Canada | End-User-Powered Systems
613-724-9442 | Design, Development, Project Management
------------------------------
From: es@crl.com (Eric Smith)
Date: 07 Aug 1994 10:02:05 -0700
Subject: Re: Privacy Research Program - Help NEEDED
Organization:
<GATTIKER@CETUS.MNGT.ULETH.CA> wrote:
9. While using computer data-bases by the government to maintain
central records on the health, employment and income/tax
records is appropriate, exchange/matching of such
information between government data-bases is dangerous to
individual privacy 1 2 3 4 5 6 7
People who really care about privacy can't answer such questions the
way they are worded, because they know, and have known all along, that
the government's use of such databases is not appropriate and never has
been. The survey is requiring them to contradict their own beliefs in
order to give any of the available answers to the question.
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp on ftp.cs.uwm.edu
[129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The
archives are in the directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
End of Computer Privacy Digest V5 #020
******************************
.