Date:       Sat, 07 Jan 95 10:00:15 EST
Errors-To:  Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V6#003

Computer Privacy Digest Sat, 07 Jan 95              Volume 6 : Issue: 003

Today's Topics:			       Moderator: Leonard P. Levine

                              Opening Mail
                          Postal Inspections
                          Postal Inspections
                          Re: Credit Reporting
                   Canadian Government Computer Abuse
                            CallerID Opinion
                          Signature Digitizers
             Regulation of Collection Agencies' Activities
                          Who's Looking You Up
                 Info on CPD [unchanged since 12/29/94]

----------------------------------------------------------------------

From: travis@netrix.com (Travis Low)
Date: 04 Jan 1995 18:18:20 GMT
Subject: Opening Mail
Organization: Netrix Corporation

    mea@intgp1.att.com (Mark E Anderson) writes: I receive the so
    called pre-approved credit cards and credit in the mail about once
    a week and rip them up without bothering to open the envelope...

IMHO, it is better to open them and look for a postage-paid return
envelope.  If there is one, just stuff it full and pop it in the mail.

That way, the mailers subsidize the post office, saving taxpayer
dollars.  And the mailers will have to spend money processing the bogus
envelopes, hopefully to their fatal detriment.

I get a six inch stack of mail every day, much of it addressed to my
father who died in 5/93 and his wife who died in 4/92.  I'm sick of it
and I consider it an invasion of privacy, as I do not wish to receive
it.  Worse yet, sometimes finding the important mail is like finding a
needle in a haystack -- I've had to dig through the trash more than
once.  Damn irritating.

--
Travis
travis@netrix.com


------------------------------

From: fd@wwa.com (Glen L. Roberts)
Date: 04 Jan 95 16:31 CST
Subject: Postal Inspections 
Organization: WorldWide Access - Chicago Area Internet Services 

    Bill Ranck (ranck@earn.net) wrote: To be honest, I don't know
    exactly what powers the Postal Inspection Service has in this
    regard.  They *are* federal agents, with badges and guns.  They can
    open mail under some circumstances.  They may require a warrant to
    do so, but they don't necessarily have to tell you about the
    warrant ahead of time.

With the exception of some international mail. ALL FIRST CLASS MAIL is
sealed against inspection. They have to have a warrant to open it.

Third, fouth, second class mail is all open for inspection (at least
for ensuring that the content qualifies for the rate of mail).

They CAN read/record the OUTSIDE of first clas mail without a warrant.

In Chicago, a few years ago(when I looked at ALL the search warrants at
the federal court in chicago). The postal inspection servcie was
opening about one package (express mail) a day in Chicago, pursuant to
a warrant.  It was a three step process:

1) the parcel matched a "address profile"
2) the Chicago Police drug dog reacted to it.
3) A federal judge signed a warrant upon 1 & 2

I'm not in the USA at the moment, but anyone should be able to go ask
at the post office.  The postmaster will certainly know who and what
the Postal Inspectors are, and probably what they can/can't do.

--
Glen L. Roberts, Editor, Full Disclosure
Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central)
email fd@wwa.com for catalog on privacy & surveillance.
Does 10555-1-708-356-9646 give you an "ANI" readback? With name?
email for uuencoded .TIF of T-Shirt Honoring the FBI


------------------------------

From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 05 Jan 95 13:11 EST
Subject: Postal Inspections 

On Jan 3 Bill Ranck asked about opening of mail.  U.S. postal personnel
may open any non-first class piece of mail.  They are supposed to
INSPECT the contents not read the text.  To open and read first-class
mail is supposed to require a court-approved wa rrant based on probable
cause of criminal activity.  Roughly 500 warrants are issued a year.

CUSTOMS officials, on the other hand, may open first-class mail from
overseas without a warrant.  They, too, are supposed to inspect the
contents not read the text.  They open about half a million pieces a
year, based on country of origin, suspicions abou t the outside of the
envelope, or reactions of sniffing dogs.

However, there were several instances in the 1970s of the CIA, FBI and
other agencies reading first-class mail without warrants.  CIA people
even copied some letters and distributed them to other federal
agencies.  (The CIA claims to have the capability t o read the contents
of an envelope without opening it.)

A "mail cover" does not require a warrant.  Under this procedure,
postal inspectors intercept mail addressed to a target (or from a
target) and copy down the information on the outside of the envelope,
send the piece on its way, and send the copied inform ation to whatever
federal investigator requested it.  This, of course, may give a clue as
to the whereabouts of a fugitive or at least his or her friends, and it
helps identify victims of scams conducted by mail.

This information is from PRIVACY; HOW TO PROTECT WHAT'S LEFT OF IT
(1979), available from Privacy Journal for $15.

Robert Ellis Smith 0005101719@mcimail.com, 401.274-7861. 


------------------------------

From: genghis@ilces.ag.uiuc.edu (Scott Coleman)
Date: 05 Jan 95 20:52:08 GMT
Subject: Re: Credit Reporting
Organization: University of Illinois at Urbana

    mea@intgp1.att.com (Mark E Anderson +1 708 979 4716) writes: I
    receive the so called pre-approved credit cards and credit in the
    mail about once a week and rip them up without bothering to open
    the envelope.  None of these outfits have touched my credit report
    from what I've seen.

Interesting choice of phrase, that last. Your use of the singular
implies that you believe that there is only ONE credit report for each
person which may be checked by banks and other parties.

My understanding is that each of us has MULTIPLE credit reports, one
with each of several credit bureaus (the big three certainly, and
probably some smaller regional and local ones, as well). These reports
can differ, depending on which financial institutions report to which
bureaus. Thus, by checking "your credit report" (singular) from only
one bureau, you may be missing inquiries made for your report at
another bureau. As an example, I know my local credit union checks my
credit report at some regional credit bureau, but doesn't ask TRW,
Trans Union, et. al.

You might wish to obtain copies of ALL your credit reports - I'm afraid
you may be in for a rather rude awakening.

-- 
Scott Coleman, President ASRE (American Society of Reverse Engineers)
asre@uiuc.edu
Life is temporally limited - drive velocitously!!


------------------------------

From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 06 Jan 1995 05:35:15 GMT
Subject: Canadian Government Computer Abuse
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada

Staff working at Vancouver abortion Clinics exercised their Freedom of
Information rights to see if anyone had been checking their vehicle
registrations. An audit by the Insurance Corp. of BC revealed that the
licence numbers of several workers had been checked through the the
Canadian Police Information Computer in quick succession from a
Vancouver detachment of the RCMP.

An investigation is underway to see if this was an appropriate use of
the system.

The requests for an access audit were made after Gordon Watson, whose
violent attacks on workers have been broadcast repeatedly, claimed to
be paying $70 to $100 per licence number to obtain vehicle registration
details from "private detectives". Mr. Watson was convicted of 1
assault.

ICBC says that it has provisions for concealing the registration
details of victims of violence that can be applied to abortion workers
if they ask for it.

This discloure occurs just 2 months after Garcon Romalis, a doctor who
provided abortions, was shot while eating breakfast in his kitchen.
Gordon Watson was broadcast describing this as "good shooting".

The involvement of CPIC in this puts an interesting light on claims
that BC's proposed mandatory central registry of prescriptions would
have "CPIC type access controls to protect privacy".


------------------------------

From: carmen@infi.net (Carmen C. Richberg)
Date: 06 Jan 1995 03:17:03 GMT
Subject: CallerID Opinion
Organization: InfiNet

The Caller ID Service in North Carolina is now in many calling areas
and it continues to grow. It was extremely upsetting when I learned
that Caller ID could only be offered with the provision of free
universal perline and percall blocking.

It was ruled by the Utilities Commission that the service could only be
offered to Southern Bell customers, only if blocking options were
offered free of charge.  Blocking would prevent the display of a
telephone number of the calling party.  PerCall Block is available
automatically with out special request.  To activate,just dial *67
before dialing the number.  At that time the calling number would
display as Private.  By request only, a customer could have their line
blocked permanently without additional charge.  Any calls from the
number would display as Private.

This blocking takes away from the full capabilities of the CallerID
Service that customers must pay for.  I subscribed to the service,
because I felt that it would provide added security for my home and
family. I do not view Caller ID as an invasion of privacy for the
caller, as some have expressed that oppose Caller ID.  In fact, it
provides security and privacy.  I pay for my telephone service, not the
caller.  I do not let people enter my home without first asking who is
it?  Nor, do I want to answer my phone without knowing who is calling.
If a person can call my home knowing my telephone number, then it is my
right to know what number is calling me.  If a person is honest, then
they should not have anything to hide.

As far as unlisted telephone numbers, I used to pay for that service
too, until Caller ID was made available.  That is also a joke.
Computers dial telephone numbers all day long. Unpublished telephone
numbers are called too. So, the argument of not wanting an unpublished
number displayed on a Caller ID Display, for the purpose of security
and privacy is not a reality today. Unpublished numbers have been
obtained by unauthorized people long before the invention of Caller
ID.  Full Caller ID service would provide a better security for those
with unpublished numbers, because it gives you the option of answering
that call or not.

In New Jersey, Atlantic Bell is now offering Caller ID with free
percall Blocking and Anonymous Call Rejection (*77) at no additional
charge.  This lets Caller ID subscribers reject blocked calls.  The
phone will not ring and the caller will hear a short message that
blocked calls are not being accepted. Then that caller also has the
option of calling back with out the block or not to call at all.  I
feel that if call Blocking options must be offered,let it be PerCall
Blocking along with Anonymous Call Rejection.

I would like to see the service be updated with the following: PerCall
Blocking only, Anonymous Call Rejection, and Number and Name Delivery
in and out of state.


------------------------------

From: Moodperson@aol.com
Date: 06 Jan 1995 10:43:07 -0500
Subject: Signature Digitizers

I recently opened a Sears charge account. Part of the process required
me to digitize my signature as I signed through the credit request. I
was told this was to prevent forgery. Well, I later used my card to
make a purchase. This time my wife used my card and signed my name. She
had never had her signature digitized before, yet the computer accepted
her signature on my card. I feel the explanation about forgery was
bogus, and I wonder what Sears is doing with my digitized signatures.
Any comments about this? I can be reached at moodperson@aol.com. I'll
also check into this forum again. I really think this is an important
issue.


------------------------------

From: jcp@escher (John C. Peterson)
Date: 06 Jan 1995 19:40:36 GMT
Subject: Regulation of Collection Agencies' Activities
Organization: SAIC Technology Research Group, San Diego, CA

I'm curious to know what fed/state regulations apply to the activities
of Collection Agencies (firms that try to collect on bad debts.) To put
my interest in perspective, I have a common enough name. It seems there
is someone else in the general area where I live with a similar or
perhaps identical name, *and* some bad debts. Over the past year or so,
I've been receiving phone calls from stores, banks, and collection
agencies asking me to "pay up". I guess "this other guy" has moved or
whatever, and they try my name from the phone book. It usually hasn't
been a problem, I just tell them that I don't have an account with
them, give them the last few digits of my social security number or
something, they apologize for the confusion, and thats the end of it.
However, a few weeks back I received a call from someone trying to
collect on a bad student loan. The guy was rather impolite and
borderline abusive when I told him that I wasn't the person he was
looking for. What are my rights in such a situation, and what legal
restrictions apply to such Collection Agencies? Any pointers
appreciated.

-- 
John C. Peterson  KD6EKQ       | + 1 619 546 6539 | Disclaimer: The opinions
Science Applications Intl Corp | jcp@trg.saic.com | expressed are mine alone,
10260 Campus Point Drive MS-C6 |    Microsoft -   | and do not reflect those
San Diego, CA 92121            |  Just say NO!!!  |  of SAIC.


------------------------------

From: djones@cim.mcgill.ca (David Jones)
Date: 07 Jan 1995 01:34:05 -0500
Subject: Who's Looking You Up
Organization: Centre For Intelligent Machines, McGill University

[repost from efc-talk]

		* Good Cop, Bad Cop *
	
	* Who's got access to your personal data? *

   "If we, just by fluke at guessing the dates to check,
   found three records called up in an unauthorized manner,
   just how much more is there?  It's very scary." --- Kim Sander

What happens when a police officer abuses his ability to access
sensitive personal information stored in the nation's law enforcement
computers?  Perhaps we'll find out soon, in Delta, B.C.

This tale raises issues of electronic privacy, demonstrates the utility
of the utility of our freedom-of-information legislation, and finally,
the influence of the media.

I spoke with Kim Sander, spokesperson for "Every Woman's Health Centre"
(an abortion clinic in Vancouver, BC) who filled me in on some
background for the story that was on every news broadcast last night
[Thursday, Jan 5].

Last August, several of the clinic staff received phone calls or mail
from anti-abortion activists.  They found this was rather unsettling,
because they'd made a point of trying to keep personal information like
address or telephone numbers private.

This concern led them to the police, to whom they explained that
anti-abortion activists were recording license plate numbers outside
the clinic and apparently using them to track down personal information
 ... but the police didn't seem to do much.

In September, Gordon Watson, a prominent local anti-abortion activist,
stated while on the stand in a court hearing that he had gathered
license plate numbers in order to "follow up on them" and he "paid good
money" to get personal information about the car owners.  When clinic
staff asked the Crown council and police to investigate, they were
told, "Give us two weeks."

After two months of hearing nothing, the women filed a
freedom-of-information request on November 15th with the Insurance
Corporation of British Columbia (ICBC maintains all auto insurance and
registration) seeking to find out who had been accessing their personal
records.  They provided 8 of their license plate numbers to be
checked.

The ICBC information officer explained that while daily access logs
were kept, accesses were not recorded in the personal records
themselves.  Without specific dates to check, finding out who accessed
their records would be next to impossible.

So the women just guessed, based on when they'd been contacted.

Those were lucky guesses.  On December 6th, the information officer
said that 3 out of 8 records had been accessed, and those accesses were
suspicious, so he'd contacted the RCMP.  The accesses originated in the
Delta police department, in a suburb of Vancouver.

Any cheers for the power of the FOI legislation must be tempered by the
fact that the RCMP apparently sat on this issue for another month
until, frustrated after what was now four months with no signs of an
investigation, the women contacted the media.

Apparently, it was media inquiries that sparked some action.  On
January 5th, the RCMP informed the Delta police that potentially
inappropriate computer accesses were coming from their department.
Constable Steve Parker, whose anti-abortion views were well known, was
now under a cloud of suspicion.  The very same day, all Canadian TV
networks ran news stories on the situation.

Stay tuned - it's not over yet.


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa.  The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.  

This digest is a forum with information contributed via Internet
eMail.  Those who understand the technology also understand the ease of
forgery in this very free medium.  Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top.  Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting.  He will comply.

If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution.  As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute.  If you
do so, it is best to modify the "Subject:" line of your mailing.

Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored.  They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious.  Diversity is welcome, but not personal attacks.  Do
not include entire previous messages in responses to them.  Include
your name & legitimate Internet FROM: address, especially from
 .UUCP and .BITNET folks.  Anonymized mail is not accepted.  All
contributions considered as personal comments; usual disclaimers
apply.  All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.  

Contributions generally are acknowledged within 24 hours
of submission.  If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion.  He will not, however, alter or
edit or append to the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite.  The archives
are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.

Mosaic users will find it at gopher://gopher.cs.uwm.edu.

Older archives are also held at ftp.pica.army.mil [129.139.160.133].

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Mosaic:        gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V6 #003
******************************
.