Date: Fri, 30 Dec 94 11:06:55 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#079
Computer Privacy Digest Fri, 30 Dec 94 Volume 5 : Issue: 079
Today's Topics: Moderator: Leonard P. Levine
Re: Must I Always Carry I.D?
Re: School Monitoring
Re: School Monitoring
Re: School Monitoring
Re: School Monitoring
Credit Reporting
Re: 3 Hits and You're Out
SSN Removal from VA Driver Lic., Possibly, Private Records
Pointer to a Variable
Info on CPD, [new]
----------------------------------------------------------------------
From: "David C. Frier" <duvie@digex.com>
Date: 27 Dec 1994 14:28:41 -0500
Subject: Re: Must I Always Carry I.D?
Organization: Express Access Online Communications, USA
On 11 Nov 1994, amy young-leith wrote: If you are pulled over and
you HAVE a valid drivers license issued to you, but you don't have
it WITH you (it's at home on the table or in your purse slung on
the chair or...), is THAT a crime? Will you be charged with
something? Will you have any chance to obtain your license to
avoid this charge if there is one?
I have been in traffic court and seen a succession of cases dismissed
by the judge after the defendants, all of whom had been charged with
"driving without a license," produced the licenses that had been at
home on the table or in the other pants or whatever.
-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-
David C. Frier, CCP | All opinions expressed my | duvie@digex.com
Compensation Systems | very own, not necessarily | 76702,1417 (CIS)
Wyatt Software | those of my various bosses: | 75250,422 (CIS)
Washington, DC | employer, wife, kids or God.| 410/358-3100
=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: ranck@earn.net (Bill Ranck)
Date: 28 Dec 1994 10:23:48 GMT
Subject: Re: School Monitoring
Organization: Universite Paris-Sud, France.
Jim C (collins@nova.umd.edu) wrote: Recently, the logon banner at
my school/internet provider has had an unsettling addition to it:
"All usage of this system is monitored for security purposes, and
by signing on to the system you are implictly consenting to this
monitoring." Yipes! What are the implications of this? Is this even
legal? I don't....
Why not? It's their machine. They get to make the rules on how you
can use it and they can certainly monitor how it's being used.
Revealing your usage to others would be a problem, but for internal
security reasons they have every right.
... expect to pick up the phone and hear "By using this service you
are implictly consenting to being montored for security purposes",
I don't...
Some businesses you call will have a recording that says something like
that. They monitor their incoming calls to see how well they are
handled, etc. There is usually a record that tells you this if a
company is doing it. The phone company doesn't do it because they are
a "common carrier" and forbidden to control content, but the party you
call certainly can monitor their phones.
... expect to go mail a letter and see on the mailbox "By using
this service you are implictly consenting to subjecting your mail
and parcels to inspection". What is this nonsense? Jim C.
Never heard of the Postal Inspectors? They certainly can inspect
mail. There just isn't a notice on the mailboxes.
Welcome to the real world :-/
--
* Bill Ranck +33.1.69.41.24.26 ranck@earn.net *
* Technical Staff, European Academic & Research Network (EARN) Orsay, France *
------------------------------
From: brunkhorst@mayo.edu
Date: 28 Dec 1994 13:57:28 GMT
Subject: Re: School Monitoring
Organization: Mayo Foundation
collins@nova.umd.edu (Jim C) writes: Recently, the logon banner at
my school/internet provider has had an unsettling addition to it:
"All usage of this system is monitored for security purposes, and
by signing on to the system you are implictly consenting to this
monitoring." Yipes! What are the implications of this? Is this even
legal? I don't expect to pick up the phone and hear "By using this
service you are
I'm sure it is legal for a 'publicly-funded' system to be monitored for
usage, as long as explicit notification and consent exists (which this
message informs the potential user of). If I have a chargeback
program that tells me every time you login, logout and what programs
you run (and some will log the command lines), and I use that for a
security check because some security hack tells me to ("I need to know
who telnetted from your box to bank.umd.edu at 3:34am yesterday"), all
of a sudden my accounting log is a monitor. My guess is that is what
happened, some reasonable lawyer pointed out that no one told the
suspect that mere usage of software would be 'monitored' and therefore
his/her privacy was impinged. With this login banner, a sysadmin can
now use any logs for 'monitoring' purposes, since the opportunity of
advise and consent was offered to all users. Of course, with the
vagueness of the statement, they may well be able to 'tap' sessions at
the keystroke level as they see fit.
That last sentence is what concerns me. As a sysadmin, I have no
problem using the normal accounting files to trace computer usage,
which can provide some level of session monitoring (and some level of
invasion of privacy, if not explicitly explained to all computer
users), as this is akin to tracking credit card transactions, but I
have a harder time of keystroke monitoring. My guess is that by
providing that generic banner, they have covered the lions share of
invasion of privacy issues by stating, "if you prefer a higher level of
privacy, then don't use our system." The don't say the DO keystroke
monitor every session, but they infer they have the right to, once you
log on and 'give up' your right to privacy.
Why don't you expect to see those sorts of warnings on telephone and
postal boxes? I have a feeling the only difference is the level of
judicial 'probable cause' needed to humanly exam the records. Your
telephone usage is being monitored, if for nothing else billing
purposes. I wrote a program once when I worked for a telco to monitor
'unusual' aberrations of calling card use, to identify possible fraud.
Credit Card companies advertise they do the same thing. My guess is
Fed Ex could do the same. Is this 'monitoring' for 'security
purposes?" Could be.
I guess I wouldn't get all bent out of shape by this statement up
front. Go ask the sysadmin what sort of monitoring they are doing. If
you feel by this explanation that a) your privacy is being intruded
beyond normal levels, and b) this will impact the level of education or
research you are expecting to receive at UMD, then bring it up with the
Academic Dean (I would hate to have operators 'borrowing' term papers
from classmates in the name of 'security!').
--
=========================================================================
Geoffrey Brunkhorst Brunkhorst.Geoffrey@Mayo.edu
Research Computing Facility, Guggenheim 10 (507) 284-1805
Mayo Foundation, Rochester MN, 55905 USA Fax (507) 284-5231
------------------------------
From: travis@netrix.com (Travis Low)
Date: 29 Dec 1994 17:21:06 GMT
Subject: Re: School Monitoring
Organization: Netrix Corporation
collins@nova.umd.edu (Jim C) writes: [new login banner as follows:]
"All usage of this system is monitored for security purposes, and
by signing on to the system you are implictly consenting to this
monitoring." Yipes! What are the implications of this?
If someone hacks their way into the system, the system administrators
may wish to monitor the hacker's activity.
Is this even legal?
Probably (but I am not a lawyer). You could probably get a more
complete explanation on comp.security.misc, but I believe the strong
wording covers their asses. If the word "welcome" appeared, hackers
(or hackers' lawyers) would argue that the hackers were invited in. Or
suppose the hacker who just deleted your Ph.D. thesis was discovered
via keystroke monitoring. Without the nasty login message, the
surveillance might be of dubious legality ("But they didn't *tell* me
they would monitor my keystrokes!").
I don't expect to pick up the phone and hear "By using this service
you are implictly consenting to being montored for security
purposes",
It is not necessary with telephones. You can't do the same kind of
damage with a phone, or wiretaps would probably be legal.
I don't expect to go mail a letter and see on the mailbox "By using
this service you are implictly consenting to subjecting your mail
and parcels to inspection".
Yet another story. I believe the post office can inspect packages
without your prior consent. Or without ever warning you. But again, I
am not a lawyer, and you might want to check.
--
travis@netrix.com
------------------------------
From: "balkx003" <balkx003@gold.tc.umn.edu>
Date: 30 Dec 1994 16:55:41 GMT
Subject: Re: School Monitoring
Organization: University of Minnesota, Twin Cities
"All usage of this system is monitored for security purposes, and
by signing on to the system you are implictly consenting to this
monitoring." Yipes! What are the implications of this? Is this even
legal? I don't expect to pick up the phone and hear "By using this
service you are implictly consenting to being montored for security
purposes", I don't expect to go mail a letter and see on the
mailbox "By using this service you are implictly consenting to
subjecting your mail and parcels to inspection". What is this
nonsense? Jim C.
Well, it's perfectly legal for them to do that because they own that
system, you don't, and the main reason they do that is because they
don't want you to cause any trouble from their system - your actions
could bring lawsuits upon them.. even though I disagree with people
doing that, they have somewhat of a reason for it, huh?
--
balkx003@gold.tc.umn.edu
------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 27 Dec 94 19:16 EST
Subject: Credit Reporting
Just before the holiday there were some inquiries about credit
reports. Here are some answers: The practice of doing a credit check
of everybody on a list before sending a mailing is legal so long as
everybody who makes the cut gets a bona fide extensio n of credit.
It's called prescreening. If you object to it - because it is recorded
as an "inquiry" on your credit report and because the name of inquiring
company may mean nothing to you - write a letter to Rep. James Leech,
new chair of the House Bank ing Committee, and urge him to reform the
Fair Credit Reporting Act accordingly. And write to your own Member of
Congress.
When you exercise your rights under the act to see your own credit
report, that is not recorded as a "credit inquiry."
--
Robert Ellis Smith, Publisher, Privacy Journal
------------------------------
From: david@c-cat.PG.MD.US (Dave)
Date: 28 Dec 94 12:55:42 EST
Subject: Re: 3 Hits and You're Out
Organization: China Cat BBS (301)604-5976
Robert Ellis Smith wrote: On Dec. 5, 1994, Geoffrey Knauth asked
whether the mere fact that someone inquires into your credit-bureau
file may have negative consequences for you. The answer is yes.
Credit grantors regard an inquiry from a company into your credit
file without any evidence in your credit file that the company
subsequently granted you credit as evidence that the company
rejected you. To many credit grantors, three inquiries in a short
period of time without any granting of credit indicates that your
credit applications have been rejected three times. That's enough
for other companies to reject you.
mikus@bga.com (Mikus Grinbergs) writes: What I personally find
objectionable is to receive unsolicited letters saying: "You have
been PRE-APPROVED for our credit card (or vacation rental, or
whatever). Just sign here." I make it a point not to respond.
Now you tell me that these hucksters (who've run credit checks on
me that I haven't authorized) make footprints that look like
"credit-denied", unless I accept their offer ? Mind-boggling!
my concern with this issue is this: I am planning to buy a house
within the next year or two, I was pre approved and received a free
card ( 21%) from a local dept. store, all I had to do was use it show
my id and it would be activated, ( really, get a fake id, and use it
anyway) I was pre approved for something like $2500 I am concernet
when the mortgage lender checks my credit, they will count the $2500
and "debt available" when I tore up and threw out the card. Is this
correct to assume ?
--
David R. Ristau
========================
david@c-cat.pg.md.us
uunet!anagld!c-cat!david
------------------------------
From: "SAMARAWEERA Law Offices, Wash., D.C." <samarlaw@access4.digex.net>
Date: 29 Dec 1994 18:47:34 -0500
Subject: SSN Removal from VA Driver Lic., Possibly, Private Records
Organization: Express Access Online Communications, USA
Original Subject: Social Security Number Removal from Virginia
Driver's License and, Possibly, from Private Records
Maintained in VA
The Virginia General Assembly is about to start its 2 month 1995
session during the first week of January.
During the 1994 General Assembly session, Delegate Karen Darner
introduced a bill that would have required the removal of social
security numbers from Virginia driver's licenses. The bill was
"carried" to 1995 which means that it did not make it out of the Roads
and Navigation Committee, but that the Committee indicated that it
would consider it again during the 1995 session.
Those of us who are concerned about the use of the social security
number for identification purposes in government records, and in
private records; e.g. utility companies, etc.; should write to Delegate
Darner and the VA General Assembly to urge passage of this legislation
during the 1995 session.
I shall attempt to follow the bill, if it is re-introduced, and provide
an update posting.
Meanwhile, if you want to phone Delegate Darner, in Richmond, her
office voice phone number is (804) 786-7206. The fax number, which is
for the entire General Assembly, is (804) 786-6310.
Virginia is still studying whether to provide internet access to
government agencies, etc., so I do not know if they have e-mail
addresses for the General Assembly.
If others want to follow this item and try and persuade their Virginia
state Delegates or Senators to pass this legislation, please do so.
Postings of examples of specific statutes from other states would be
helpful. Full text would be the best, but if that is not available, a
citation or short general description would also do.
\\\\\\\\\\\\\\\\\\\\\ Rohan J. Samaraweera \\\\\\\\\\\\\\\\\\\\\\\\
SAMARAWEERA Law Offices
Suite 900, 1150 Connecticut Avenue, N.W., Washington, D.C. 20036
Voice Telephone: (202) 785-1985 Facsimile: (202) 785-1912
\\\ E-Mail and Internet Address: samarlaw@access.digex.net \\\\\\\\\\
------------------------------
From: pmf@world.std.com (Paul M Foglia)
Date: 30 Dec 1994 14:31:02 GMT
Subject: Pointer to a Variable
Organization: The World Public Access UNIX, Brookline, MA
I saw a couple of weeks ago that someone gave a way to set a pointer
(or a reference) to a control. I have searched for the article but
can't find it. Does anyone remember this, or know how to do it?
--
Paul Foglia
pmf@world.std.com
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD, [new]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #079
******************************
.