Date: Mon, 14 Nov 94 15:35:05 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#062
Computer Privacy Digest Mon, 14 Nov 94 Volume 5 : Issue: 062
Today's Topics: Moderator: Leonard P. Levine
Error Correction
Re: Intrusive Supermarket Card
Re: Intrusive Supermarket Card
Re: E-mail headers
Re: E-mail headers
Re: Must I Always Carry I.D?
Re: Must I Always Carry I.D?
Other People's E-mail
Re: Mother's Maiden Name
Help on a Student Reaserch Project
Clipper History & Current Status Needed
Re: Corporate Electronic Communications Policy
Info on WWW Browsers & Privacy
Ohio Supreme Court Upholds Privacy of SSNs
Info on CPD, Contributions, Subscriptions, FTP, etc.
----------------------------------------------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 11 Nov 94 12:04 EST
Subject: Error Correction
In my last message to you, concerning the FBI Telephony law: It should
be Public Law 103-414. Thanks. Bob Smith
------------------------------
From: Steve Berczuk <berczuk@space.mit.edu>
Date: 14 Nov 1994 09:31:25 -0500 (EST)
Subject: Re: Intrusive Supermarket Card
regarding check cashing cards:
From: johnl@iecc.com (John R Levine) They're compiling prospect
lists for junk mail, of course. On most of those cards all you
really need to fill out is name and address, and you don't even
have to do that truthfully. In may cases the card doubles as a
check cashing card (for people who haven't figured out that if you
pay with your Visa card you get a month's free float) so in that
case the name, address, and bank reference had better match. They
all ask for SSN, but I've only run into one (Stop and Shop) who
refused to give me a checks cashing card without one.
I tried applying for a check cashing card at a "Bread & Circus" which
is a store that puts forth a healthy food/politically correct image.
When I asked why I needed to give a SSN for a check cashing card I got
a letter explaining how the SSN was the "only unique identifier" they
could use to track someone down in case they bounced a check, etc....
(of course they never ask to see any identifying information to prove
that the SSN you give is yours - it seems that a drivers license number
would serve the purpose better. )
The thing that disturbes me a bit about the SSNs being permissible for
check cashing cards is that Massachusetts law requiring Social Security
Numbers on *checks* is illegal (unless the SSN is your drivers lic
number - which it does not have to be) I think courtesy cards get
around this by allowing you to write checks above the amount of your
bill (which is in effect extending credit), so asking for an SSN for a
check cashing card IS legal.
I dealt with Bread & Circus by just getting the check approved each
time i go shopping; fortunately there is rarely a line at the courtesy
desk :)
as a side note: >>for people who haven't figured out that if you pay
with your Visa card you get a month's free float<<
is one of the reasons I don't understand the idea behind the Express
Check cards that banks are issuing: it looks like you are making a master
card payment but your bank account gets debited when the merchant submits
the credit slip rather than the bank issuing you a bill. Can anyone
explain what these cards offer above what a credit card does, besides
opening you up to problems is you lose the card (if you lose a credit
card, no money has left your bank account....)
--
Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research NE80-6015
Phone: (617) 253-3840 | Fax: (617) 253-8084
------------------------------
From: jwendt@kosepc02.delcoelect.com (John Wendt)
Date: 11 Nov 1994 19:33:58 GMT
Subject: Re: Intrusive Supermarket Card
Organization: Delco Electronics Corp.
Winn Bill <WinnB@rnd1.indy.tce.com> writes: There is a supermarket
chain in Indiana, Marsh Supermarkets, that has a [ many questions
deleted] The questionnaire closes with a place for a validation
signature, social security number, driver's licence number, and
home address and phone number. The owner/CEO of the chain has been
sent a letter inquiring as to why all of this information is needed
for a coupon card, but thus far there has been no reply.
Clearly market research. Answers will be used by Marsh and will no
doubt go to manufacturers of products sddressing the maladies asked
about.
========================================================================
John M. Wendt | Ah, but a man's reach should
Software Engineer | exceed his grasp,
Service Test Equipment Engineering | Else what's a metaphor?
Delco Electronics Corp., Kokomo IN, USA |
| -- Marshall McCluhan
(Standard Disclaimers Apply)
------------------------------
From: Barry Margolin <barmar@nic.near.net>
Date: 13 Nov 1994 01:20:57 -0500
Subject: Re: E-mail headers
Organization: NEARnet, Cambridge, MA
Houston, James A. <JH2@scires.com> writes: My question is this,
*if* a "blind" carbon copy is directed to the president of my
company, can I see that transaction in the header, or is that type
of thing controlled by the email application being used, e.g.,
ccmail?
Most mail systems will not leave any indication in your copy of the message
that a blind copy was sent to other addresses.
--
Barry Margolin
BBN Internet Services Corp.
barmar@near.net
------------------------------
From: "Dennis G. Rears" <drears@pica.army.mil>
Date: 14 Nov 1994 16:29:23 GMT
Subject: Re: E-mail headers
Organization: U.S Army ARDEC, Picatinny Arsenal, NJ
Houston, James A. <JH2@scires.com> wrote: be read. My question is
this, *if* a "blind" carbon copy is directed to the president of my
company, can I see that transaction in the header, or is that type
of thing controlled by the email application being used, e.g.,
ccmail?
Normally, you can not see that a bcc was sent. That's part of the
purpose of a blind carbon copy. If fact, it is only the MTA (mail
transport agent) of the sender and the bcc's reciever's that will know
of it.
I just want to know if there is a way to *detect* if my mail is
being directed to secret places I normally would not be aware of.
No. Even if there were all a person would have to do is resend the
original message.
--
dennis
------------------------------
From: kadokev@rci.ripco.com (Kevin Kadow)
Date: 11 Nov 1994 15:48:57 -0600 (CST)
Subject: Re: Must I Always Carry I.D?
From: amy young-leith <alyoung@cherry.ucs.indiana.edu> If you are
pulled over and you HAVE a valid drivers license issued to you, but
you don't have it WITH you (it's at home on the table or in your
purse slung on the chair or...), is THAT a crime? Will you be
charged with something? Will you have any chance to obtain your
license to avoid this charge if there is one?
Well, at least in Illinois, the state police have all your drivers
license information on file, so if you don't have your license with
your they _could_ pull it up on the computer- but the computer is often
very out of date, they told me I had a license when the most I've ever
had was a training permit, and that expired years ago.
--
kadokev@ripco.com Kevin Kadow
FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983
Dialup:(312) 665-0065|Gopher:gopher.ripco.com|Telnet:foley.ripco.com ('info')
------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: 13 Nov 1994 15:46:44 GMT
Subject: Re: Must I Always Carry I.D?
Organization: Fantasy Farm, Pearisburg, VA
amy young-leith writes: If you are pulled over and you HAVE a valid
drivers license issued to you, but you don't have it WITH you (it's
at home on the table or in your purse slung on the chair or...), is
THAT a crime? Will you be charged with something? Will you have
any chance to obtain your license to avoid this charge if there is
one?
Well, this is the wrong newsgroup for the inquiry --- it'd be more
proper [and surely get a better-informed response] on
misc.legal.moderated. The simple answer is that it is almost
*certainly* an offense, although the precise nature of the offense is
subject to your state's laws.
Around here [VA}, you will receive a fine if you operate a vehicle
without: a driver's license and the registration *in*your*possession*.
Some states also require that you carry proof of insurance.
In no case that I know of is it a "crime" [i.e. "go directly to jail,
do not pass GO, do not...]... in fact, as a rule almost NOTHING to do
with operating a motor vehicle generally involves criminal sanctions.
--
Bernie Cosell bernie@fantasyfarm.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
--->>> Too many people; too few sheep <<<---
------------------------------
From: robert.heuman@rose.com (robert heuman)
Date: 11 Nov 1994 23:53:16 -0500
Subject: Other People's E-mail
Organization: Rose Media Inc, Toronto, Ontario.
Prof. L. P. Levine <levine@blatz.cs.uwm.edu> writes: THE ECPA. The
principal law protecting the privacy of e-mail is the Electronic
Communications Privacy Act of 1986 (the "ECPA" for short). ECPA is
a 1986 federal law that expanded to e-mail the protections long
afforded telephones conversations. The ECPA makes it a serious
crime to read, use or disclose another person's electronic
communications without justification. The ECPA sets the basic
"don't read without permission" rule, along with some exceptions.
Please remember that this law applies in the United States ONLY. It is
NOT the law anywhere else in the world.
Would someone care to cover the situation, legally, in Canada?
Also would appreciate coverage of the legal situation in the EEC,
Japan, Singapore, Israel, to name a few other jurisdictions.
--
RoseReader 2.52 P001886 Entered at [ROSE]
RoseMail 2.60 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285
------------------------------
From: dklein@pluto.njcc.com (Dorothy Klein)
Date: 12 Nov 1994 12:01:13 -0500
Subject: Re: Mother's Maiden Name
Organization: New Jersey Computer Connection, Lawrenceville, NJ
Mother's maiden name might have been a great personal codeword a
generation ago, but consider the newer naming schemes.
If your mother hyphenated her name upon marriage (Doris Doe marries Joe
Jones and becomes Doris Doe-Jones, which keeps her professional
identity intact and all her citations together) or kept her own name
(such a pain to change monograms! and IDs..), you'd better not put her
name on your next-of-kin wallet card.
Hm, I wonder what the operator says when someone answers, "My mother
never married. Her name is the same as mine." The techno-cynic in me
suspects that the database isn't set up to accept that answer.
--
Dorothy Klein
dklein@pluto.njcc.com
------------------------------
From: HFHH02C@prodigy.com (MISS ELLEN A FALBO)
Date: 12 Nov 1994 16:57:35 -0600
Subject: Help on a Student Reaserch Project
Organization: UTexas Mail-to-News Gateway
I'm a senior in high school and I am writing my senior paper/thesis
on: The ability of governmental antitrust regulatory agencies-- such
as the FTC and the antitrust division of the DoJ-- to regulate the
computer industry in a timely and effective manner. I'm using the
recent Microsoft antitrust lawsuit as a case in study because it was
handled by both the FTC and the DoJ.
I am attempting to get the views of as many people as possible
concerning this topic and I would appreciate any comments or
information concerning the FTC's and/or the DoJ's performance or
effectiveness in dealing with the computer industry.
I also need information on the following questions. Any information
would be greatly appreciated.
1) How does the FTC fit into the political scheme of things?
2)How does a change in administration affect FTC funding, personnel,
etc.?
3)Was the FTC downsized during the Reagan and Bush administrations,
like the Antitrust division of the DoJ was?
4)Has the FTC had many cases that have dealt with high tech industries
like the computer industry?
5)If so what were they and what were the outcomes?
6)Within the last 2 years have there been any antitrust cases (other
than the one against Microsoft) brought against the computer industry?
7)If so, who were they against and who brought them up (the FTC or the
DoJ) and what were the results?
--
Thank you for your time and help. please send replies to:
HFHH02C@PRODIGY.COM
Thanks again, Ellen
------------------------------
From: uabpa!egutierrez@uunet.uu.net (Noel G)
Date: 13 Nov 94 14:15:15 MST
Subject: Clipper History & Current Status Needed
Organization: College of Business and Public Administration, Univ. of Ariz.
Can anyone tell me where the FAQ is? I'm trying to find out more on
how the Clipper chip came into being (i.e. its "history") and its
current status. Thank you for your time.
--
Noel Gutierrez
------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: 13 Nov 1994 15:20:38 GMT
Subject: Re: Corporate Electronic Communications Policy
Organization: Fantasy Farm, Pearisburg, VA
Dick Mills writes: The following is a corporate policy proposed for
adoption at my company. The purpose of the policy is to protect the
company from lawsuits. The fear of lawsuits was prompted by press
reports of workers in California who sued because their company had
inspected their "private" email records. What do followers of
comp-privacy have to say about this policy as written?
Regardless of the reason for the policy, which may or may not be valid,
the policy seems fine to me.
_Electronic Communication Policy_ Electronic communications,
including electronic mail, voice mail, facsimile and all other
forms of electronic media are company-owned resources, and are
provided as business communication tools.
Regardless of the motive, I can't see on what basis one could object to
a statement like the above.
Employees who use the electronic media for personal use do so at
their own risk and expense.
This, too, seems pretty much on the mark.
... [Company] will share no responsibility for incidents of
harassment, sexual harassment, slander, malice, defamation of
character or other civil or criminal actions which occur or are
alleged to have occurred through the personal use of [company]
electronic communications. The responsibility for and the defense
against such actions or claims is solely that of the individual.
Again, I'm not sure what else one would expect: should the *company*
end up with responsibility for the unauthorized and improper use of
their equipment?
[Company] reserves the right to review all electronic records and
communications, although it not the intent to do so except for
legitimate business reasons. The message originator's department
manager and corporate officers are the only individuals authorized
to review these messages except with specific written permission
from the president. The message originator will be notified as soon
as possible if messages are reviewed.
This seems more than fair. As many of you know, I am much more of a
curmudgeon about matters like this and I wouldn't even have been
inclined to put in all the disclaimers --- I'd have ended the paragraph
after the first sentence.
Electronic messages should be drafted with the same thought and
concern devoted to written or verbal communications, and there can
be no guarantee of privacy for electronic communications. Please
exercise good judgment when using these media.
Sounds 100% perfect to me. There is a similar naivete, I suspect,
about things sent through the interoffice mail.
Improper use of [company] electronic communications may result in
disciplinary action up to and including discharge from employment.
Indeed, and such could be said [and should be made clear] about
improper use of *ANY* company equipment, be it a photocopier or the
forklift in the warehouse...
--
Bernie Cosell bernie@fantasyfarm.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
--->>> Too many people; too few sheep <<<---
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 14 Nov 1994 11:24:11 -0600 (CST)
Subject: Info on WWW Browsers & Privacy
Organization: University of Wisconsin-Milwaukee
Taken from Discussion of Global CPSR Issues
John Schmitz posted this to me and I am posting it on to you:
You WWW browser may be telling the http servers you visit more than
you think. For more information, see
http://www.uiuc.edu/~ejk/WWW-privacy.html
Ed Kubaitis (ejk@uiuc.edu) Computing & Communications Services Office -
University of Illinois, Urbana
Some users may have noticed that some WWW browsers allow configuring an
email address. We have recently discovered that some browsers use this
information not only for mail or news posting purposes, but also
provide it to every http server you visit. Further, some Unix browsers
provide your username even if an email address is not configured.
since even experienced WWW users here were surprised to learn this, we
decided to pass the information on. Silent delivery of a user's email
address or username (other than for email or news posting purposes
which most users would expect) seems to open a door to potential abuse
-- junk email, for example
------------------------------
From: David Banisar <banisar@epic.org>
Date: 12 Nov 1994 13:56:25 -0500
Subject: Ohio Supreme Court Upholds Privacy of SSNs
In a decision handed down on October 26, the Ohio Supreme Court has
ruled that governmental disclosure of Social Security numbers (SSNs)
violates individuals' constitutional right to privacy. At issue was a
request by the Akron Beacon Journal for release of computer tape
records of the City of Akron's year-end employee master files. The
payroll files contain various information including employees' names,
addresses, telephone numbers, SSNs, birth dates, education, employment
status and positions, pay rates, service ratings, annual and sick
leave information, overtime hours and pay, and year-to-date employee
earnings. The City had provided the records to the newspaper, but
deleted the SSNs on privacy grounds.
EPIC staff, on behalf of Computer Professionals for Social
Responsibility, joined with the Public Citizen Litigation Group in
filing a "friend of the court" brief in the case. The CPSR/Public
Citizen brief highlighted the privacy implications of SSN disclosures
and argued in support of the City's decision to withhold the numbers.
The brief urged the Ohio Supreme Court to follow the lead of the U.S.
Court of Appeals for the Fourth Circuit in the case of Greidinger v.
Davis, where Virginia's practice of requiring SSNs for voter
registration purposes was held unconstitutional. EPIC staff had
similarly participated in the Greidinger litigation as friends of the
court.
Significant excerpts from the Ohio Supreme Court decision:
The city's refusal to release its employees' SSNs does
not significantly interfere with the public's right to
monitor governmental conduct. The numbers by themselves
reveal little information about the city's employees. ...
While the release of all city employees' SSNs would
provide inquirers with little useful information about the
organization of their government, the release of the numbers
could allow an inquirer to discover the intimate, personal
details of each city employee's life, which are completely
irrelevant to the operations of government. As the Greidinger
court warned, a person's SSN is a device which can quickly be
used by the unscrupulous to acquire a tremendous amount of
information about a person. ...
Thanks to the abundance of data bases in the private
sector that include the SSNs of persons listed in their
files, an intruder using an SSN can quietly discover the
intimate details of a victim's personal life without the
victim ever knowing of the intrusion.
Coming a year after the Greidinger decision, the Akron Beacon Journal
case continues a trend toward judicial recognition of the privacy
implications of SSNs. EPIC will continue to participate in related
litigation in an attempt to establish a body of caselaw protecting the
confidentiality of SSNs and other personal information.
David Sobel (Sobel@epic.org)
Legal Counsel
Electronic Privacy Information Center
[moderator: lengthy court transcript is avilable in archive or via
email from moderator]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 26 Sep 1994 12:45:51 -0500 (CDT)
Subject: Info on CPD, Contributions, Subscriptions, FTP, etc.
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions generally are acknowledged within 24 hours of
submission. An article is printed if it is relevant to the charter of
the digest. If selected, it is printed within two or three days. The
moderator reserves the right to delete extraneous quoted material. He
may change the subject line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #062
******************************
.