Date: Mon, 30 Jan 95 15:19:43 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#012
Computer Privacy Digest Mon, 30 Jan 95 Volume 6 : Issue: 012
Today's Topics: Moderator: Leonard P. Levine
Re: Requests for Home Phone Numbers
Re: Requests for Home Phone Numbers
Re: Requests for Home Phone Numbers
Re: SSN, The Way to Your Pocket
Re: The Cyber Police are Coming?
Re: The Cyber Police are Coming?
Privacy and HIV
Re: A Small but Satisfying Victory
Re: US Government Regulations and Internet Access
Re: Cybersex Seattle
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: O1EVERT@VM1.CC.UAKRON.EDU (Tom Evert)
Date: 27 Jan 95 20:34:00 EST
Subject: Re: Requests for Home Phone Numbers
Organization: The University of Akron
aj027@yfn.ysu.edu (Chip Kaye) writes: I recently opened an account
on CompuServe and filled in my home phone # on their online form as
555-555-5555. I then tried logging onto the account a few days
later and was given an 800 number to call to complete my unverified
home phone. I would prefer not to give out my phone number but was
told that their policy was to require at least 1 phone number. I
am wondering about the legality of this requirement. I vaguely
remember a number of years ago that merchants were prohibited from
requesting phone numbers when processing customer credit card
purchases. Any info would be helpful. Thanks.
Most likely they want your number for telemarketing purposes and/or to
call you if you don't pay your bill or probably to update Phone File
(so every other Compuserve subscriber can get your number, also). If
their reasoning really is to update Phone File then either your name
wasn't in their data base or they are unable to cross reference
subscribers with Phone File. Once you get in Phone File - you never
get out.
------------------------------
From: rfs@panix.com (Richard F. Strasser)
Date: 28 Jan 1995 12:45:13 -0500
Subject: Re: Requests for Home Phone Numbers
privacy@interramp.com said: However, several times when I used a
credit card in the Fall of 1994 the clerk told me that they had a
right to demand my address. When I questioned this practice, the
employee pulled out a statement from the back of the store
indicating that Mastercard and Visa International allow merchants
to request further information (such as address) if the purchaser
is deemed suspicious or in cases of purchase by mail order. I
called Mastercard Internation, Visa International, Discover Card,
and American Express. Apparently they allow their merchants to
engage in this practice if they deem the purchaser as "suspicious."
It seems to me that, in this case, someone asking for your telephone
number is the least of your problems. If you really want to protect
your privacy, you probably shouldn't use a credit card for your
purchases. (Also, I think that is reasonable for someone selling goods
to you on credit to have basic personal information.)
On the other hand, I do object to those instances in which one pays
cash for a purchase and the store still insists on a phone number.
Richard F. Strasser <rfs@panix.com>
------------------------------
From: berczuk@glendower.mit.edu (Steve Berczuk)
Date: 30 Jan 1995 20:32:19 GMT
Subject: Re: Requests for Home Phone Numbers
Organization: MIT Center for Space Research
wbe@psr.com (Winston Edmond) writes: What you're vaguely
remembering is that if you're in a store where the sales clerk is
able to verify your in-person signature against the signature on
the card, then in some states the store can't refuse to make the
sale just because you don't give them yet more personal data. I
think similar language is also part of the merchant agreement for
MasterCard, VISA, and probably other cards.
This doesn't apply to CompuServe on-line forms. If all you've done is
fill out an on-line form, they don't have your signature and without an
exchange of letters or the ability to call you, they have no way to
verify who you are.
Hmm, but when you order something mail order by phone with a credit
card you don't give then a signature either, and I'm not sure that a
mail order vendor would refuse a sale if you didn't give one to them.
True they ask for your CC billing address so they ship the mechandise
to the owner of the Credit card, but if an on line service only
provided a connection to your home number you'd loose a good deal of
flexibility...
Is it _legal_ for them to ask you for a phone number? I think so.
Well, in MA it is illegal to require this info on a credit card
slip. Is an olline form a cc slip? I don't know.
I has a similar experience with AOL. I called them to ask WHY they
needed a phone number, and the answer I got was that they "needed the
information for my record." If they had given me a legitimate sounding
reason, I may have given out the number (though if they really needed
to contact me, they could have sent me email or a paper letter..) At
the very least they could have a box to opt out of mailings and the
like (like many paper sales forms)
laws not withstanding, I tend to think that any company should at least
give you a reason for why they want the information. (Sort of what
would be required if teh privacy act applied to private companies...)
--
Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research
Phone: (617) 253-3840 | NE80-6015
Fax: (617) 253-8084 | Cambridge MA 02139
------------------------------
From: Christopher Zguris <0004854540@mcimail.com>
Date: 27 Jan 95 23:53 EST
Subject: Re: SSN, The Way to Your Pocket
styvesan@cosricon.com wrote: Many times one may receive a check for
services or a product that they would prefer to cash and just
quietly put in their pocket. The problem occurs when your SSN is
attached to everything. How can you cash this check in private?
Many think they can simply go to there bank and cash it, without
any record. WRONG! When you present the check, the first piece of
information required is - Right... your account number.
How? Simple. Take the check to a friendly neighborhood business that
knows you, endorse it, and let them give you cash for the check. At
least, that's what I've heard. And, since I have several commercial
checking accounts, I know it can be done. The only danger is the
business you give the check to is liable if it bounces, *that's* why
you've got to be on good terms with the business owner! You could also
send the checks in as payment for a utility and -probably- credit card
bills, the big guys have their checks processed for them and don't
bother looking at who the check is made out to. True story: a friend
of mine gave two checks to her accountant, one for $825 in the
accountants name, and one for $125 made out to a major insurance
company. The accountant sent the $825 check to the insurance company by
mistake, and they cashed it _even though_ it was NOT made out to them.
More trivia, the dopes who say you can delay paying the I.R.S. by not
signing the check are full of it, the I.R.S. will cash it anyway. In
fact, I don't think there are any situations where the bank will say no
to the I.R.S.
Hope this helps! What I mentioned may be illegal (cashing checks to
avoid reporting taxable income _is_ illegal). Consult a lawyer, I've
got nothing to do with you and offer this info for informational
purposes only.
--
Christopher Zguris
czguris@mcimail.com
------------------------------
From: slowdog@wookie.net (slowdog)
Date: 28 Jan 1995 15:20:37 GMT
Subject: Re: The Cyber Police are Coming?
Organization: Wozz's Place
kcerioni@clyde.ics.uci.edu wrote: The wiretapping analogy does not
hold true to the Internet. Telephone lines are owned by private
companies, telephone conversations are private, between two
people. The internet is a public infrastructure, discussions on
bulletin boards are an open public forum. Should law enforcement be
banned from public places? This is contrary to their mission. Do
we band police officers from the public parks? What happens when a
rape occurs. Do we deny the county sheriff the right to drive on
public streets? How could they catch the criminals?
This is utter claptrap. The net is not a physical place where the Blues
have to cruise around looking for people causing physical harm to
anyone. The net is not a public place like other public places, and
the use by the media and law enforcement and government and you right
here of metaphors that simply don't match the true reaility of the
situation is getting to be rather alarming in and of itself. The net is
a loose confederation of sovereign indivduals (because, in truth, all
individuals are inherently sovereign). And the "cybercops" should stay
home and watch cable television.
I think this whole controversy is over a misconception people have
about the internet. The feel and interaction is conversing
verbally in a small, intimate group of peers that share the same
interest. (This would explain the existence of anarchist - type
bulletin boards.) When
Is the existence of "anarchist-type bulletin boards" relevant at all,
or do you have another point or agenda that you're hiding here?
in reality you are making a public record that any one can have
access to. People are really compromising their privacy by
participating on the Internet. For example, say you participate on
a bulletin board for wine connoisseurs, don't be surprised when
your mailbox starts to fill up with advertisements from wine
retailers. The Internet is not about privacy.
People do understand this, in fact. It's why we talk about and use
encryption schemes. It's why we want such schemes that the government
can't crack, and certainly don't want things like Clipper.
--
dog
------------------------------
From: slowdog@wookie.net (slowdog)
Date: 28 Jan 1995 15:23:00 GMT
Subject: Re: The Cyber Police are Coming?
Organization: Wozz's Place
nick@global.demon.co.uk wrote: Cyberpolice says Newsweek. Is this
just an ambitious Brooklyn Asst. DA? Or is it Wash DC training
cybercensors? Could someone in the US post the article and any
follow up? If it is a serious attempt at Cybercensorship, it needs
a global solution.
Any attempt to infringe upon the right of soveriegn individuals to
freely communicate and control their own fate (in this case, on the
net) should be met with a response from the -world's- net users. SUch
things cannot be allowed to be seen as the domain of any one single
nation, because the net spans physical nations.
--
dog
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Jan 1995 08:20:56 -0600 (CST)
Subject: Privacy and HIV
Organization: University of Wisconsin-Milwaukee
This was taken from PRIVACY Forum Digest Saturday, 28 January 1995
Volume 04 : Issue 03 Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
dgh@BIX.com writes: in discussing Blood Tests and AIDS disclosure:
If the Red Cross sends the name of a person who donated HIV-positive
blood to the CDC, what is the CDC going to do with the information?
They don't know who that person has had sex with, so how does providing
the name to the CDC protect anyone? The CDC won't have a clue as to
who to contact, so the only way the information could be useful is if
people could use a computer to see if a prospective, or past, partner
is on the list. But that means that *anybody* could access the
information, which is *not* acceptable to privacy advocates.
and Joebates@aol.com writes when discussing Mandatory HIV disclosure:
I would suggest that we split this topic into three seperate discussions.
1) Once testing (for whatever reason) has revealed that the test
subject has HIV infected blood, should it be required by law that the
previous partners be found, notified (partner tracking) and be required
to be tested with possible further notification and treatment for their
partners? (This is currently required by law for other venereal
diseases.)
2) Whether the results of HIV and/or other STD (Sexually transmitted
disease) tests should be made available to persons or organizations
other than the health professionals directly involved in the
notification, testing and treatment procedures. If the results are
disseminated, should it be in statistical form only or should some
persons from government, industry, research or other fields be able to
obtain the identities of those tested and the results of the individual
tests?
3.) Whether blood collection agencies have the right to collect
lifestyle information and test donor blood for contagious diseases of
any type in an attempt to screen out potentially unacceptable donors.
Additionally, are the results of these screens the property of the
blood collection agency for further use as they see fit, or does the
"screenee" have the right to control the use of the information (or
somewhere inbetween)?
------------------------------
From: horowitz@nosc.mil (Alan M. Horowitz)
Date: 29 Jan 1995 22:20:42 GMT
Subject: Re: A Small but Satisfying Victory
Organization: NCCOSC RDT&E Division, San Diego, CA
In all fairness, if we want to deal on _our_ terms, we have to be
prepared to make payment in full. If we say, "bill the insurance" for
some portion, we are asking the doctor to be our creditor. He then has
the right to make us comply with _his_ terms. Fair is fair.
IncidentaLLy, I beleive the average MD will have more understanding and
sympathy for liberty & privacy issues than the drones in the office.
Don't hesitate to ask the drones to ask the doctor for a ruling. It
_is_ the doctor's business operation - he can make whatever decisions
he feels like.
Doctors eat a lot of shit from govt and Insurance companies. They will
tend to sympathize - if you get him invovled.
------------------------------
From: bear@fsl.noaa.gov (Bear Giles)
Date: 30 Jan 95 05:26:24 GMT
Subject: Re: US Government Regulations and Internet Access
Organization: Forecast Systems Labs, NOAA, Boulder, CO USA
Eric Hermanson wrote: (one of the regulations on that industry is
that there cannot be more than two cellular providers in any one
metropolitan area. Now SOMEONE please explain the thinking behind
that restriction to me!)
An informed guess is that there is a limited number of cellular phone
frequencies with current technology. This is the bandwidth allocated
to celphones divided by the bandwidth required for each channel.
Let's say this limit is "N". For "n" cellular service providers
sharing equal access, each can serve "N/n" customers.
If "n" is 1, you have a monopoly. Very bad. If "n" is N, you have
frequent lockouts since one customer in the cell will lock out the
other customers of that service in the same cell. (Of course, the
customer could often still make a connection through a neighboring
cell, but this just widens the area locked out.)
A reasonable compromise would be "n" of 2 or 3. Two, while low,
prevents a monopoly from forming while minimizing lockouts as the cell
is saturated.
I suspect that regulation for the Internet is upcoming, but I would
like to know when it is planned, and what the regulations might
look like.
Any regulation would be for other reasons. Probably content, to
protect our nation's innocent 13-year-olds from learning how to make
pipe bombs with an FTP request (instead of a library request).
--
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: bear@fsl.noaa.gov (Bear Giles)
Date: 30 Jan 95 05:35:39 GMT
Subject: Re: Cybersex Seattle
Organization: Forecast Systems Labs, NOAA, Boulder, CO USA
You may not have been aware that you were communicating with a
minor. Indeed, you may have been told that you were communicating
with a 25-year-old.
There was a local, very bizarre, case of this in Denver a few years
ago. David Bath, as state representive, introduced a bill to make it a
felony to videotape sex acts with minors. I know there's already a
Federal "kiddie porn" law, but he introduced this bill anyway. Part of
his "tough on crime!" image, I guess.
A while after he was voted out of office a kiddie porn case was broken,
and it had a videotape of ex-Rep Bath getting a blow job from a
17-year- old male.
I think 17 is over the age of consent in Colorado, so Bath didn't face
charges under statutory rape. But he did face charges under the very
bill he introduced.
He was convicted, but won on appeal. The conviction was based, in
part, on Bath's failure to ask for proof of the guy's age. Had he
asked for proof, and been deceived, charges would have probably been
dropped... but he didn't ask for ID.
The appeals court ruled that Bath was not under any obligation to ask
for ID, since the physical difference between a 17- and 18- year old is
so minor (so to speak) that he had no reasonable expectation that the
guy was under 18.
Needless to say, you still want to exercise caution -- going through a
public wringer like that can't be fun.
--
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #012
******************************
.