Date: Mon, 28 Nov 94 11:44:54 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#067
Computer Privacy Digest Mon, 28 Nov 94 Volume 5 : Issue: 067
Today's Topics: Moderator: Leonard P. Levine
Story on Privacy Abuses & Stalking
Re: Essay: The Right to Privacy
Re: Debit Cards
Re: Debit Cards
[Booklet] Authors Wanted!
Lotus CD
DMV Records
Quebec Private Sector Privacy Law-Bill 68(1993, Ch 17)
Clarifying answers to TEN QUESTIONS ...
Info on CPD, Contributions, Sub... (new material)
----------------------------------------------------------------------
From: Willie_Raye@macnexus.org (Willie Raye)
Date: 24 Nov 1994 11:39:57 -0800
Subject: Story on Privacy Abuses & Stalking
We are a television news crew working on a two part series that
details victims of electronic stalking and other invasions of their
privacy. We're also interested in what software and hardware is
available to the general public to harass, stalk or rip-off others
throught their computer.
This is typical negative junk from the commercial information
superhighway.
I truly hope people who read this digest do not respond to this. I make
the assumption that people who read this digest are concerned about
privacy, freedom, and the 1st Ammendment.
Internet users do not need more reporting on the miniscule amount of
fraud, crime, etc. that happens here. I am tired of hearing stories
about how someone romanced a 12 yr old via AOL. Or stories about how
the Internet is used to transport sexually explicit GIF's to
unsuspecting innocents in BumFarm, Utah.
If anything will drive politicians and the FCC (the people responsible
for handing radio and TV technology over to the higest bidders) to
enforce (someone's) standards on the electronic community, it will be
this kind of reporting - presented on television, to those already
under it's spell.
There will be many who will respond to this opportunity to be talked
about or even quoted on the 6:00 news. Please don't add to the list.
I challenge this or any other TV 'crew' to solicit responses about
positive aspects of the evolving virtual global community that exist
because of the egalitarian make-up of the Internet.
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 25 Nov 94 22:55:37 EST
Subject: Re: Essay: The Right to Privacy
gmcgath@condes.MV.COM (Gary McGath) wrote: It is primarily
victimless crimes whose prosecution is aided by the denial of the
right to privacy.
I wonder what privacy rights are being referenced. Are we talking
about the use of electronic surveillance? And "victimless crimes"
means homosexual acts between consenting adults, drug offenses,
abortion, and prostitution. If so, is it really true that electronic
surveillance is used more often in the investigation of "victimless
crimes"? And were that all to be true, is our cash strapped government
really inclined to expend resources to monitor the consentual conduct
of citizens in their own homes?
I always wonder about these statements when I see them used as the
premise for claims of unrestricted government intrusion into the
everyday life of the average citizen. If this is going to happen, I
sure want to know about it. On the other hand, I don't want to be told
that the government will be watching what kind of shaving cream I use,
or for that matter that the world as we know it would be gone in 1984,
if its not true.
I believe that we do ourselves a great disservice when we needlessly
call the people to arms. It reminds me of the axiom of "not crying
wolf". I fully agree with McGath that use of encryption is a part of
the right to privacy, and therefore should be available to all. I just
disagree with his means of persuasion. If we are going to do the right
thing, then we too, must do it the right way.
------------------------------
From: thwong@cs.cornell.edu (Ted Wong)
Date: 26 Nov 1994 19:35:24 GMT
Subject: Re: Debit Cards
Organization: Cornell Univ. CS Dept, Ithaca NY 14853
robert heuman (robert.heuman) wrote: Do not, for one moment,
believe that the debit card is to your advantage. When compared to
a credit card, unless you have problems handling your money, there
is NO benefit to you. The card is for the Bank's purposes.
Eventually the banks would like to see the end of credit cards and
the exclusive use of debit cards - no float - loans carrying high
interest if you overdraw, and eliminate credit card fraud.
For the banks I have dealt with in the past, the granting of an
overdraft facility is NOT automatic, but requires the approval of a
credit officer and an explicit application from the account holder.
Thus, although banks charge an extortionate rate of interest on
overdrafts, this is done with the full knowledge of the holder. Debit
cards are also just about the only way for some people to obtain
something remotely resembling credit - as a foreign national in the UK
a Barclays Connect card was the only form of 'credit' available to me
as a student.
Credit cards are a billion-dollar industry. Why would the companies
that control these empires wish to shut them down? A reality check is
called for here (no pun intended).
--
Ted Wong <thwong@cs.cornell.edu> |DISCLAIMER:
|Cornell's opinions are its own,
Computer Science |and do not necessarily reflect
Cornell University |those of the author.
------------------------------
From: c23st@kocrsv01.delcoelect.com (Spiros Triantafyllopoulos)
Date: 28 Nov 1994 16:59:50 GMT
Subject: Re: Debit Cards
Organization: Delco Electronics Corp.
robert heuman <robert.heuman@rose.com> wrote: Do not, for one
moment, believe that the debit card is to your advantage. When
compared to a credit card, unless you have problems handling your
money, there is NO benefit to you. The card is for the
For me the benefit is getting in and out of the checkout register
really fast without a dumb clerk asking me to pronounce my last name
for their amusement (Walmart RULES in this aspect :-)). Or asking me
for the 100th time which address is the right one, the one in the check
or the one in the driver's licence, or, or, or. Try writing a check
while carrying a 2 year old throwing a tantrum sometimes :-).
Bank's purposes. Eventually the banks would like to see the end of
credit cards and the exclusive use of debit cards - no float -
loans carrying high interest if you overdraw, and eliminate credit
card fraud. Just be sure you can:
Funny, my 'debit card' in reality is my ATM card (which requires a PIN)
and overdrafts go to my (very low) VISA card... I don't care for
'float'. Credit card fraud elimination as well; if I lose my ATM card
it's useless to anyone without my PIN. I wouldn't say this for a
credit card. It is accepted in a limited number of stores for now but
expanding.
1. select your own PIN
Yes.
2. change your PIN at any time, day or night, on YOUR demand
Yes.
--
Spiros Triantafyllopoulos Kokomo, IN 46904 (317) 451-0815
Software Development Tools, AD/SI c23st@kocrsv01.delcoelect.com
Delco Electronics/GM Hughes Electronics "Reading, 'Rithmetic, and Readnews"
------------------------------
From: fd@wwa.com (Glen L. Roberts)
Date: 27 Nov 1994 22:28:02 GMT
Subject: [Booklet] Authors Wanted!
Organization: WorldWide Access - Chicago Area Internet Services 312-282-8605 708-367-1871
We're looking to expand the selection of booklets in our catalog. If
you have something to say... something people want to hear... and would
like it published in booklet form (40-60 pages, saddle stiched, with a
two-color cover), and the topic is in the area of privacy,
surveillance, computer security, technology, hacking, or government...
Email me an outline. There is absolutely no cost to you, and you'd be
paid a percentage of each sale. We'd prefer that your original be in
plain ascii (emailable).
Questions, comments, submissions... fd@wwa.com
--
Glen L. Roberts, Editor, Full Disclosure
Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central)
email fd@wwa.com for catalog on privacy & surveillance.
Does 10555-1-708-356-9646 give you an "ANI" readback? With name?
------------------------------
From: Jay Wood <jwood@ritz.mordor.com>
Date: 27 Nov 1994 21:02:02 -0500
Subject: Lotus CD
Organization: Mordor International BBS
Can anyone give me pointers to information about the Lotus CD that
inspired such outrage a few years ago? If I recall correctly, it was
ultiately dumbed-down after much expression of public outrage. The
original idea was to produce on disk credit report-like information
about a wide sampling of American households.
Thanks in advance.
--
Jay Wood jwood@mordor.com
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 27 Nov 94 22:20:48 EST
Subject: DMV Records
The following article was printed in the "Orange County Register",
Tuesday, November 22, 1994, news section, page 2:
Car-rental firms checking on drivers
by Ricky Young
As the busiest travel weekend of the year draws nigh, more rental-car
companies are taking advantage of a California system to allow
instantaneous access to drivers' records.
The companies turn down about 8 percent of drivers for accidents,
tickets and other telltale signs that a driver might wreck their car.
More than 1 million drivers have had their records checked in the first
year of the Department of Motor Vehicles program.
Alamo, Avis, budget, Dollar, Hertz and Thrifty rental companies are the
major ones tapped into California driver records. Enterprise and
National are not.
The companies contract with credit-check firms to addess a driver's
record within five seconds. No one combs through records; a computer
makes a pass-fail determination in five to six seconds.
People who are turned down are given a toll-free number they can callto
plead their case.
Companies look two to six years back, and drivers are generally turned
down for any drunken-driving offense, two or three moving violations,
two or more accidents, or failure to report an accident.
"Renting a vehicle is not a constitutional right," said Joseph
Willoughby of Dateq Information Network in Georgia. "It's a
privilege. You're talking about a $20,000 asset being placed in the
hands of someone who might be an unsafe driver."
Some clients have seen a 50 percent reduction in accidents since
starting the screening, Willoughby said.
"It;'s their car," said Joe Pollheim of Cincinnati, renting a car at
John Wayne Airport on Monday. "They laid out the bucks for it."
A Laguna Beach doctor on trial this week for a fatal head-on collision
in July 1993 on Santiago Canyon Road was driving a rented Chevrolet
Lumina. A check of Ronald Allen's record would have shown two
druken-driving arrests.
"If you're in the business of renting cars, you'd better do your
homework," said Rebecca Rodriguez, whose two daughters were injured in
the crash. "For them not to do that, that's irresponsible."
------------------------------
From: ua602@freenet.Victoria.BC.CA (Kelly Bert Manning)
Date: 24 Nov 1994 19:38:16 -0800
Subject: Quebec Private Sector Privacy Law-Bill 68(1993, Ch 17)
"An Act respecting the protection of personal information in the
private sector"
This has been in effect since early in 1994, giving legislative teeth
to privacy rights identified by Chapter III of Quebec's Civil Code.
Copies are available from the Quebec Official Publisher in either
english or french.
Section 9, at the end of Division II, reads:
"No person may refuse to respond to a request for goods or services or
to a request relating to employment by reason of the applicant's
refusal to disclose personal information except where
(1) collection of that information is neccessary for the conclusion
or performance of a contract; (2) collection of that information
is authorized by law; or (3) there are reasonable grounds to
belive that the request is not lawful.
In case of doubt, personal information is considered to be non-
neccessary."
Which would put an interesting spin on someone who tried to insist that
a customer calling by phone not use caller ID blocking, or give them a
true name, address, or other unneccessary information.
Section 17, in Division III, reads:
"Every person carrying on an enterprise in Quebec who communicates,
outside Quebec, information relating to persons residing in Quebec or
entrusts a person outside Quebec with the task of holding, using or
communicating such information on his behalf must take all reasonable
steps to ensure
(1) that the information will not be used for purposes not relevant to
the object of the file or communicated to third persons, except in
cases similar to those decsribed in sections 18 and 23;
(2) in the case of nominative lists, that the persons concerned have a
valid opportunity to refuse that personal information concerning them
be usef for purposes of commercial or philanthropic prospection and, if
need be, to have such information deleted from the list."
Section 22 also deals with release of personal information for
soliciting and essentially prohibits it unless prior consent is
obtained. Consent can also be withdrawn at any time(sec. 5). Section
24 makes it mandatory for enterprises using nominative lists to
identify themselves and to inform their targets of their right to have
personal information about them deleted from the list.
The penal provisions escalate from a $1,000-$10,000 fine for the first
offence to $10,000-$20,000 for subsequent offences(sec. 91).
Personal Information agents are liable to a $6,000-$12,000 fine.
I'm not familiar with Quebec legal terminology as translated into
english, but if "legal person" translates as corporation then section
93 makes individuals who authorize or commit offences personally liable
for the penal fines, not simply the enterprise they work for or head.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 24 Nov 1994 08:15:28 -0600 (CST)
Subject: Clarifying answers to TEN QUESTIONS ...
Organization: University of Wisconsin-Milwaukee
Taken from RISKS-LIST: RISKS-FORUM Digest Tuesday 22 November 1994
Volume 16 : Issue 57 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G.
Neumann, moderator
Date: 15 Nov 1994 12:12:15 (xST)
From: [A well-known but suitably anonymized contributor]
Subject: Clarifying answers to TEN QUESTIONS PARENTS SHOULD
ASK THEIR CHILDREN
Where are the manuals, boxes, license agreements for the programs
you have or use?
They don't have manuals or boxes. Should I not use them?
Where did you get that game? (program?, floppy?, software?)
Usually over the net - how do I tell if it's legitimate?
When programs first start running on your computer, whose name
comes on the screen as the "owner" or "licensed-to."
Very few have this feature.
Did you write/create/author what you're passing off as your own work?
I resent the use of 'passing off'. Almost all modern works are
collaborative in nature - the selection of citations is not a
trivial issue. Where did you get these questions? Are you
passing off some of it as your work when in fact others first
came up with some of these ideas? Where are your citations?
Where did you get the text and images you're using?
Many of them come from on-line sources. Does that make them
legitimate or illegitimate?
If you copied text and images from another source, did you have permission?
Rarely - in most cases, fair use allows you to use them without
getting formal permission. Kind of like these questions of yours.
If you didn't need permission from the "owners" of the information
you're using, did you credit them for the material?
Only if I republish it. I have lots of on-line information
without citations attached to it. But I see the author of this
questionnaire thinks it's legitimate to do this without citation.
I guess I should stop giving as much credit where due as I do.
3. Do you ever use other people's computer, disk-space or processing
capability, or look at or copy their files or information, without their
knowledge or permission?
I almost never get permission to look at each file I view.
I go under the assumption that I may view anything that
allows read access by me without going outside of the
normal methods in use to read files. If it is interesting,
I copy it for future reference. I hope they do not know any
details about my use. After all, I want to retain my privacy
and they should not be watching what I do.
4. Do you have any prank programs, computer viruses, worms, trojan
horse programs, bombs, or other malicious software?
Several thousand of them. What's wrong with that? Don't you
have some too?
Do you use bulletin boards or systems that contain these things, or have
friends or acquaintances who do?
Certainly. The Internet has lots of these things, and I use it.
The telephone system is used for abusive phone calls and I use
it too. I don't really know what my friends do when they use
computers. They have privacy rights too, and we rarely talk about
what information service we use.
Do you write or create any software like this or deal with people who do?
All the time. I deal with Microsoft, Lotus, and many other
companies that have widely distributed this sort of thing.
I also know and deal with individuals who have done this, and
I do it all the time. Is there something wrong with that?
Are they things you would be comfortable showing me? Showing your
grandmother?
I would not show either you or my grandmother my files, but it
has nothing to do with embarrassment. It is called privacy.
Do you have any pictures, video clips, sound clips, articles, text, or
other software or files which contain pornography, violence, dangerous
instructions other distasteful material?
Lots of them. It this wrong for some reason?
Do you access or view any of these kinds of things when using the net?
All the time. In fact, if you know of any, I would be happy
if you would forward information on them to me.
6. Do you have any newsletters, plans, guidelines, or "how-to"
documents or files that you would not be comfortable showing to your
mother?
Same answer as above. I value my privacy.
Making Bombs, breaking into systems, stealing telephone access, stealing
computer access, stealing passwords, pornographic or violent text,
guides, descriptions, ...... Do you create, contribute to or receive
anything like this?
All the time. In fact, the Risks Forum is one of my best
sources for this information. Should you stop making it
available to me?
7. Do you ever connect your computer to a telephone, use a modem, or
otherwise use a network?
All the time.
8. Who do you associate with when you use the Net?
Lots of different people. How do I know who they really are
anyway? If you claimed to be John Smith at the West Hannover
Institute, how could I tell this was true, and why would I
bother?
... so should you attempt to discern the character of their cyber-friends
How? We have congress-people that seem to lie all the time,
and yet the majority of voters vote for them and they have a lot of
power, are on TV all the time, and are supposed to be highly
respected. Does this mean that lying is good or bad? Judge
not - lest you shall be judged! Who shall cast the first stone?
Do you attempt to discern the character of everyone on the net
you communicate with? How about the thousands who read your
postings to Risks? The nature of the net is that it provides
anonymity and open forums for discussion. Why would I want to
stifle free speech by asking character questions. The
statements people make should stand on their own regardless of
who states them. That is the best feature of the nets. A high
school kid can shine and a Ph.D. can look like an idiot - based
on what they say, not who they are.
9. Do you ever use an assumed name, a handle, or an alias instead
of your real name?
Sure. I have asked this posting to be made anonymously in
order to allow it to be judged based on its content rather
than it's source. It's kind of like the referee process is
supposed to be on professional papers. Maybe we would all be
better off if all postings were anonymous (with a return
address that permits response without identity).
Do supply a false information about yourself when using a bulletin
board, a news group, a message group, or forum, any part of the net, or
when using e-mail or when otherwise communicating?
At times. Especially when bbs systems ask extensive questions
about who I am, my SSN, credit information, or other information
that I don't think they have a right to have. I have also lied
when connecting to hacker BBS systems because I don't think they
have a right to know who I am when they all use handles instead
of names anyway. I have also used telnet (25) into SMTP sites
to forge e-mail as if I were Captain Kirk from the enterprise in
order to have fun when communicating with friends. Is there
something wrong with having fun in this way, or is the Internet
only for serious work and not for having fun or playing around.
If so, why are there thousands of fun and games forums in the
Internet?
Do you use your real age & sex when communicating with your computer?
I rarely use either. Nobody has ever asked my sex (my name
is probably a giveaway on that one) or my age. Besides, I
think that discrimination based on age and sex are wrong, are
against the law, and that forging a sex or age in order to
have equal access is fair, reasonable, and appropriate in the
network environment.
Do you use any false information like addresses, or phone numbers or use
someone else's credit card number when using your computer?
Yes, yes, and no respectively. Theft (by deception) is very
different than not telling someone where you live or what
your phone number is. These are privacy issues, and privacy
is a very important thing to have. Privacy through deception
is not wrong. Even becoming someone's friend by lying to them
about having something in common is not particularly wrong.
Certainly giving a salesperson a polite wrong number and address
is a reasonable privacy precaution against getting on mailing
lists. It is probably even good to lie if you think someone
is stalking you over the net. I think we have a right to lie,
perhaps even a social responsibility to do so under certain
circumstances.
Do you ever send messages or e-mail in such a way that the recipient
cannot tell that you sent it?
In what sense? I have certainly sent e-mail that never got
through - the intended recipient didn't know I sent it.
I have sent e-mail from group accounts where the individual
was not identified, but the group was. This is quite common
in customer support. I have also forged e-mail addresses so
that I could remain anonymous. Is that supposed to be wrong?
Why? If I sent you a seasons greeting card from a false identity
would you be upset and try to find me and have me arrested?
There is a difference between malice and fun.
Have you ever modified data, text, messages, or other computer
information so that it looks like someone other than you created it or
made the changes?
Certainly. I had to make a change to the TeX sources once
to get them to compile right, and I used the TeX user ID to
do so in order to allow the compilation to work right. This
is often called for in systems administration.
What are you trying to hide by not using your real name?
My identity. It's called privacy and anonymity. It's one of
the basic principles of a free society - that's why we have
anonymous voting - to protect anonymity and be certain that
I can think and do what I feel are right without someone like
you being able to seek retribution. I believe that a free
society requires privacy and anonymity. Otherwise, someone like
you who perhaps thinks that these ideas are too radical might
try to black ball me. Anonymity in pre-war Germany could have
saved millions of lives. Many in the US are trying to eliminate
anonymity by such practices as federal ID cards, and I think that
is very dangerous.
Are you trying to pretend you are something or someone you are not?
I have a right to be whatever I want to be. If I claim to
be an expert in business consulting, you use my services, and
I do a good job, what does it matter that I don't even have
a high school diploma. If you hire an MBA and they do a bad
job, does that make it OK? There is nothing wrong with
pretending, as long as you don't lie in order to take advantage
of someone else. Theft by deception requires theft. If I knock
on your door and claim to be a Jehova's witness when I am not,
why should that offend you more than if I were a real one?
10. Do use telephone, video, cable-TV, computer network, bulletin
board, or other network services without paying for them?
All the time. When I am at a friend's house and I make a phone
call, I don't pay for it. I don't pay for Internet access, it is
given to me. I use Freenets and other bulletin boards without
paying for them too. I have even used friend's accounts to
access the network on occasions when I didn't have any local
access. I also used free compu-serv, America-Online, and Delphi
services when they had free offers. The vast majority of people
using the Internet until only a few years ago did not pay for
their usage either. Their company, the federal government, or
someone else paid for their usage.
The bottom line: Are these things also true for my children? Yes, I think
they are. I hope that they learn how to do the same things I have learned
how to do in order to protect themselves from the tyranny of the majority -
or is it the vocal minority? I hope they keep things private from me when
appropriate, and if they look at some dirty pictures once in a while, it
won't greatly offend me.
Please consider that most issues of right and wrong are matters of degree
and circumstance. Given more choice and less control, I think more people
will make better decisions. Illegalize dirty pictures, and you will have a
much larger audience. That's why so many motion pictures add nudity or
violence if they don't get an R rating with the first cut. After all, an R
picture on average sells a lot more tickets than a PG picture.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Nov 1994 08:46:14 -0600 (CST)
Subject: Info on CPD, Contributions, Sub... (new material)
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
| new material:
| This digest is a forum with information contributed via Internet
| eMail. Those who understand the technology also understand the ease of
| forgery in this very free medium. Statements, therefore, should be
| taken with a grain of salt and it should be clear that the actual
| contributor might not be the person whose email address is posted at
| the top. Any user who openly wishes to post anonymously should inform
| the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions generally are acknowledged within 24 hours of
submission. An article is printed if it is relevant to the charter of
the digest and is not redundant or insulting. If selected, it is
printed within two or three days. The moderator reserves the right to
delete extraneous quoted material. He may change the subject line of
an article in order to make it easier for the reader to follow a
discussion. He will not, however, alter or edit or append to the text
except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #067
******************************
.