Date: Mon, 06 Feb 95 13:01:20 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#015
Computer Privacy Digest Mon, 06 Feb 95 Volume 6 : Issue: 015
Today's Topics: Moderator: Leonard P. Levine
Lying to Protect Privacy
Re: Radio Shack and Privacy
Re: Radio Shack and Privacy
Re: Wastebaskets
Re: Wastebaskets
Digitized Signatures
Legal definition of "Signed"
Privacy in Telecommunications
Merchant Personal Information Requests
Re: Requests for Home Phone Numbers
Re: Requests for Home Phone Numbers
Re: Requests for Home Phone Numbers
Re: Requests for Home Phone Numbers
Tracking Deadbeats in Indiana
Re: Who is Looking at Your Files?
Phone Users Slam Dunked
Re: The Cyber Police are Coming
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: "Virginia Matzek" <VMATZEK@alumni.berkeley.edu>
Date: 03 Feb 1995 15:19:13 PACIFIC
Subject: Lying to Protect Privacy
Organization: California Alumni Assoc.
It's easy to lie and give out fake names, addresses, telephone
numbers, etc. But this is not the "way it should be." Instead, the
best solution (as far as I am concerned) is to create laws and
grassroot efforts to stop such requests for personal information as
a condition of sale. Let's empower the consumers so that they don't
have to be placed in the unenviable position of having to lie in
order to protect their privacy.
Agreed; but what do we do in the meantime to staunch the flow of
personal information?
Until we have such laws or widespread support, we should educate
consumers on how to deal with situations where personal information
is requested.
Oh, you answered that one yourself. Well, as it happens, I'm a consumer
whose sole purpose in joining this digest is to be educated on how to
deal with these situations. I've picked up a lot of useful tips
(including lying), and I hope y'all will keep them coming.
I don't like lying any more than you do, but I find it justified in
cases where 1) the information requested is not necessary, and 2) I
don't have the energy to engage the drone processing the information in
a lengthy discussion of my privacy rights. (Sometimes I do, because I
want to educate people and make my dissatisfaction with the intrusion
of my privacy known to the intruder; however, after I've already asked
the grocery checker not to wrap plastic bags around my frozen juices
and expounded on the relative merits of paper and plastic, I find it
easier to just alter my phone number by a digit and let the bank assume
that the clerk wrote it down wrong on my check.)
+----------------------------------------------------------------+
| Virginia Matzek "I love being a writer. |
| Associate Editor What I can't stand is the |
| California Monthly paperwork." -- Peter De Vries |
| |
| vmatzek@alumni.berkeley.edu |
| phone: 510/642-5781 fax: 510/642-6252 |
+----------------------------------------------------------------+
------------------------------
From: quartz@ix.netcom.com (M. Schwartz)
Date: 04 Feb 1995 04:06:56 GMT
Subject: Re: Radio Shack and Privacy
Organization: Netcom
privacy@interramp.com wrote: Sure, Radio Shack isn't the only game
in town. But your solution doesn't solve the problem; it ignores
it. Convince me that other electronic merchants will treat you any
better. Even if you do find more privacy-sensitive merchants,
isn't our job -- as privacy sensitive advocates -- to help others
from being manipulated?
gmcgath@condes.MV.COM (Gary McGath) writes: Well, in my experience,
Radio Shack is the only retail outfit of any kind that routinely
asks for the phone numbers of people who pay cash. It's their
right to do that, and my right not to deal with such bozos. I
don't see why it's anyone's "job" to "help" people who are
perfectly satisfied with such an arrangement.
I haven't had problems with a Radio Shack in years. I always pay cash
and when they ask for my personal information, instead of saying "you
can't have it", I say: "I don't want to be on your mailing list.
There's no logical response to that so they just shut-up.
I read somewhere that the Washington, DC area (where I live) has the
highest per capita number of non-published residential phone numbers in
the country. Perhaps the local Radio Shack folks have been softened up
by a privacy-oriented community.
------------------------------
From: gmcgath@condes.MV.COM (Gary McGath)
Date: 05 Feb 1995 14:22:04 GMT
Subject: Re: Radio Shack and Privacy
Organization: Conceptual Design
privacy@interramp.com wrote: Instead, the best solution (as far as
I am concerned) is to create laws and grassroot efforts to stop
such requests for personal information as a condition of sale.
I must disagree strongly. As I stated in my earlier message, if people
provide personal information as a condition of sale, they are doing so
by their consent. In effect, they are bartering information.
When the government sets conditions on the transactions which people
may make, it inevitably destroys rather than enhancing privacy. In the
course of normal, legal activity, only the government can *compel* us
to surrender information by threat of force. The more activities it
regulates, the more opportunities it has to further encroach on our
privacy. Indeed, much of the information which we have to give out in
private transactions (loan applications, for example) is the result of
government regulation.
It is the shy, naive, or less educated that we need to empower by
making them aware of their "Privacy Bill of Rights."
This is quite condescending. It appears that you're saying that you
know that they shouldn't be willing to give out personal information,
and you're going to "educate" them till they know that as well as you
do, or pass laws if that doesn't work.
Do you have suggestions for a "Privacy Bill of Rights?" Please
forward them to me, as I am compiling one for future applications.
The Bill of Rights was a series of Constitutional amendments
restricting the government's power. A set of laws which would enhance
the government's power to regulate transactions has no business
usurping that name.
--
Gary McGath
gmcgath@condes.mv.com
PGP Signature: 3E B3 62 C8 F8 9E E9 3A 67 E7 71 99 71 BD FA 29
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 04 Feb 95 00:39:02 EST
Subject: Re: Wastebaskets
G Martin <gmartin@freenet.columbus.oh.us> asked: How do you dispose
of documents, diskettes or backup tapes that have sensitive info on
them?
There is a new, but expensive generation of shredders that produce an
end product not larger than 1 mm x 3 mm. They handle diskettes very
well, provided you take the actual plastic disk out of the sleeve and
discard the metal hub from the 3 1/2's. Disassemble tapes and feed
them in, no problem. Other companies use huge compactors that handle
confidential trash by the box. The machine basically smashes
everything together with such power that it's impossible to tell where
one box (and its contents) begins or ends. You can also incinerate
confidential material, but this technique runs afoul of local air
quality laws.
None of these techniques are fool proof. They all require the right
kind of equipment, and that the equipment be properly maintained.
I'm lucky enough to have access to such a shredder at work, but a good
question is, does anyone know of a company or service that will do this
at a reasonable cost for an individual?
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 05 Feb 95 12:10:34 EST
Subject: Re: Wastebaskets
G Martin <gmartin@freenet.columbus.oh.us> wrote I think shredders
are next to worthless because it's so easy to reassemble the
document.
For high-security requirements, you can use "cross-cut" shredders which
use offset knives to slice paper into small diamond-shaped fragments
instead of long parallel ribbons.
--
M.E.Kabay,Ph.D.
Director of Education, NCSA (Carlisle, PA)
Chief Sysop, CompuServe NCSA Forum
Mgmt Consultant, LGS Group Inc. (Montreal, QC)
------------------------------
From: STPCB@jazz.ucc.uno.edu
Date: 04 Feb 1995 14:00:08 -0600 (CST)
Subject: Digitized Signatures
This topic might be a bit old but I thought there might be some
interest in an actual letter I received from Service Merchandise
concerning their system of capturing electronic John Hancocks. I
inadvertantly signed on the digitized line over the holidays and
contacted the companys corporate office. This is the reply:
Dear Mr. Prinkey,
Thank you for your recent inquiry concerning our use of electronic
Signature Capture.
The technology we are using is very similar to the storage and
retrieval methodsused by American Express for the last 10 years and by
UPS for the last 3 years.
The security aspects are an improvement over the conventional paper
storage method, since that piece of paper which contains your name,
credit card number, expiration date and signature passes thru many
hands and is on hand for up to 3 years.
The electronic signature is immediately scrambled and stored in a
completely separate file that does not contain credit card
information. This information can only be accessed at the request of
the institutionn that issued the credit card. They must present a
unique code that is associated with that transaction prior to receiving
a copy.
The codes for de-scrambling your signature are not accessible to
Service Merchandise employees. We feel comfortable with the seccurity
aspects of your credit card transaction because you now leave our store
with the only paper copy.
Please feel free to contact my office if I can be of any additional
assistance.
Sincerely,
Service Merchandise Company, Inc.
Joanne Johnson
Customer Relations Senior Representative
800-4-SERVICE
end of letter
Ultimately, my request to have my signature removed was side-stepped in
favor of this explanation of why it was safer for me to have an easily
reproduced digital version floating around. I have my opinions on this
subject, could others please share theirs?
--
Todd Prinkey
~STPCB@JAZZ.UCC.UNO.EDU~
------------------------------
From: bear@fsl.noaa.gov (Bear Giles)
Date: 03 Feb 1995 18:55:37 -0700
Subject: Legal definition of "Signed"
Colorado Revised Statues 4-1-201 (39) and Article 1-201 (39) of the
revised Uniform Commercial Code define:
(39) "Signed" includes any symbol executed or adopted by a party
with present intention to authenticate a writing.
UCC 1-201 (46):
(46) "Written" or "Writing" includes printing, typewriting, or
any other intentional reduction to tangible form.
("Tangible form" includes tape recordings, data on computer *media*,
etc. Another section (not Article 1) defines "signature", but I
realized last night that what it was probably trying to say is that
"signature" implies you saw the person sign the document, otherwise
it's just a "signed" document.)
Now, let's address a few common misconceptions with the model legal
language (which has been adopted by at least Colorado).
- You must sign in a cursive hand.
- You must sign your legal name.
- You must sign a name derived from your legal name.
- You must sign *a* name.
- You must sign legibly.
- You must sign in black or blue ink.
*None* of that can be supported by the language in CRS 4-1-201 (39).
If I wanted to adopt a rubber stamp of Mickey Mouse to sign documents,
I have that legal right.
The language is intentionally vague, since it must deal with
corporations whose officers change (not just names), corporations that
must send out thousands or millions of checks (not just handwritten
signatures), etc.
And Mickey? What am I supposed to do if I have MS, or polio, or one of
any number of other neurological diseases? Perhaps a rubber stamp is
the only way I *can* "sign" documents.
Ok, how about "SEE PHOTO ID" on credit cards? Let's look at UCC 1-201
(10):
(10) "Conspicuous": A term [or] clause is conspicuous when it is so
written that a reasonable person against whom it is to operate ought
to have notifed it. A printed heading in capitals (as: NON-NEGOTIABLE
BILL OF LADING) is conspicuous. Language in the body of a form is
"conspicuous" if it is in larger or other contrasting type or color.
But in a telegram any stated term is "conspicuous". Whether a term or
clause is "conspicuous" or not is for decision by the court.
Okay. Let's postulate a reasonable clerk at the cash register. I hand
over a credit card where I have CONSPICUOUSLY written "see photo id" in
the spot where a signature normally goes.
This clerk is reasonable, she did not just beam down from Mars. She
realizes that signatures can be forged, and that a lost credit card
with a "signature" on it gives a criminal ample opportunities to
practice prior to fradulent use. Even if she didn't, she is reasonable
and recognizes the validity of this point when I mention it to her.
She also realizes that driver's licenses (and other common forms of
photo IDs) generally contain signatures along with fairly recent
photographs, height and weight information, eye and hair color, age,
etc.
So, since she is reasonable, she'll realize that I'm not trying to
defraud her store or Mastercard out of money. I'm not trying to get
out of providing a specimen of my signature. I'm being a reasonable
person who's a little bit more cautious than most people. So she
compares the signature on my credit card slip with the signature on my
photo ID.
The law clearly states that "conspicuous" must be determined by a
court, although it equally clearly defined STATEMENTS IN CAPITALS as
conspicuous".
Fair enough. That's why I write "SEE PHOTO ID", not "see photo id".
Plus my use of "conspicuous" is a slightly different than the intent of
the law, although it's clearly analogous.
But if anyone still insists that my credit card is "unsigned", I
breath- lessly await a citation from a real court where this practice
was ruled inappropriate. Otherwise, I'll stop worrying about it and
remember the magic phrase to chant at _unreasonable_ store managers:
CRS 4-1-201 (39)
CRS 4-1-201 (39)
CRS 4-1-201 (39)
--
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: rizzo24@aol.com (RIZZO24)
Date: 04 Feb 1995 12:11:15 -0500
Subject: Privacy in Telecommunications
Organization: America Online, Inc. (1-800-827-6364)
I work for the New York State Assembly and am researching privacy in
telecommunications. My focus is on telecommunication carriers and how
they protect or invade the privacy of their subscribers/users. Any
information on the governing legal rules, company practices and cases
of privacy invasion would be appreciated. I am also interested in the
potential privacy dangers involved in the more interactive technologies
that are currently in place or are being developed. Telephone, cable
and wireless are all of interest.
Hope you can point me in the right direction. Thanks,
--
Jenny RIzzo
------------------------------
From: Privacy Rights Clearinghouse <prc@pwa.acusd.edu>
Date: 04 Feb 1995 12:56:21 -0800 (PST)
Subject: Merchant Personal Information Requests
This in response to the many postings on merchants taking personal
information for check or credit card purchases. California, as well as
many other states, has enacted laws which limit the collection of
personal information when paying by credit card or check.
The Privacy Rights Clearinghouse has a free "fact sheet" on these
laws. This fact sheet may be obtained by calling 619.298.3396
(800.773.7748 within CA only), or by gopher at gopher.acusd.edu (select
"USD Campus-Wide Information System").
California Civil Code section 1747.8 provides that when a consumer pays
by credit card, the merchant cannot record any personal information
other than what is on the front of the card. This includes address,
telephone number, Social Security Number or any other personally
identifiable information.
There are, however, certain exceptions, such as when the credit card is
used as a deposit or to obtain a cash advance. Also, when the personal
information is needed for a purpose "incidental but related to" the use
of the credit card, the merchant may collect the necessary information
(Example: when the purchased product is to be shipped to the buyer's
home address).
Finally, there is an exception for merchants required by contract to
collect personal information from the credit card user. For example,
some gasoline companies that issue their own credit cards require their
stations to collect personal information.
When a consumer pays by check, California Civil Code section 1725
provides that the merchant is prohibited from recording a credit card
number. The merchant may request that a consumer voluntarily show a
credit card. The only information that the merchant can then record is
the type of card (i.e. Visa or Mastercard) and the expiration date.
The merchant must inform the consumer that the credit card is not
required for accepting the check.
Once again, there are exceptions. The merchant can require a credit
card if the check is used solely to obtain cash, if the check is used
as a deposit, or if the check is used to make a payment on the credit
card account. If the credit card also functions as a check guarantee
card, the merchant may record the card number.
This law specifically provides that merchants can require consumers to
show and can record drivers license information. The merchant can also
record the consumer's name, address and telephone number.
Although many other states have enacted similar laws, the specifics of
laws in other states may vary. Contact the Privacy Rights
Clearinghouse for more details.
=================================================================
Barry D. Fraser fraser@pwa.acusd.edu
Online Legal Research Associate
Privacy Rights Clearinghouse prc@pwa.acusd.edu
Center for Public Interest Law telnet teetot.acusd.edu
University of San Diego login: privacy
Privacy Hotline: 619-298-3396 BBS: 619-260-4789
In California: 800-773-7748 host: teetot
login: privacy
=================================================================
------------------------------
From: "Larry Kilgallen, LJK Software" <KILGALLEN@Eisner.DECUS.Org>
Date: 04 Feb 1995 21:21:53 -0500 (EST)
Subject: Re: Requests for Home Phone Numbers
Organization: LJK Software
bear@fsl.noaa.gov (Bear Giles) writes: I'm travelling for several
weeks and a 3" thick phone bill is sitting in my mailbox when I
return home. I owe AT&T $38,217.43 for calling card calls made
worldwide. I didn't make those calls. Do I have to pay AT&T? If
not, doesn't AT&T have the right to have a reasonable method of
contacting me if it suspects fraud on my account, to minimize *its*
losses?
Rather than a consumption-based account, Compuserve can very well use
the method followed by cellular and long distance companies. If
exhorbitant charges well beyond the normal pattern are encountered,
they disallow further charges until the customer contacts them. No
particular method to contact the customer is required (given the lack
of cryptographics authentication on cellular phones, external
authentication would be required regardless of who contacted whom).
I once came back to a hotel to find my room locked. American Express
had contacted the hotel to surely get in touch with me because a new
card mailed to my address had come back in the mail and they were
concerned it was not really me. I was upset at the time, but they
_were_ looking out for my interests and they did contact me without
having my phone number. Strange charges on American Express (especially
large ones) can also lead to the clerk putting you on the phone with
American Express who will ask questions such as the name of that
magazine you subscribed to last month using AMEX. I gather few card
thieves bother to steal recent bills as well.
------------------------------
From: "Larry Kilgallen, LJK Software" <KILGALLEN@Eisner.DECUS.Org>
Date: 04 Feb 1995 21:29:13 -0500 (EST)
Subject: Re: Requests for Home Phone Numbers
Organization: LJK Software
privacy@interramp.com writes: I leave you all with the following
thought. How can a company conduct anonymous or name-only returns
but still protect itself against crooks who try to return products
they never bought? It is often months later that companies realize
that they returned money to ganiffs.
I was under the impression that this was a solved problem, years ago,
independent of whether identification is provided.
from childhood I have seen signes saying "no returns without a
receipt". Presumably the store either retains the receipt or marks it
(in the case of a partial return of the contents of a receipt). So
long as this has been done, I don't see any valid reason for the store
to require any further identification. (If receipts are readily
forged, the store should fix that problem.)
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 05 Feb 1995 04:46:58 GMT
Subject: Re: Requests for Home Phone Numbers
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
"Dennis G. Rears" (drears@pica.army.mil) writes: My opinions on
providing SSN to merchants have appeared to be disjointed in the
past. This is mainly because I haven't had an original post in CPD
in about 18 months, only followups. Here's my thoughts: 1. Don't
give false information. Either leave it blank or fill it in.
Giving false information poorly reflects on one integrity.
This may be a cultural difference. There is also a nuance of difference
btween alias and false name. An alias is a name that you choose to use
for a particular purpose, as opposed to a false name made to
disassociate yourself from something.
The legal right of canadians to use any alias they choose in most
financial transactions has been widely publicized over the decades. My
first recollection of reading this was as a teenager in the 60s.
2. Stores should only request information they need. 3. In some
cases a credit check is necessary and you do this via SSN. If you
don't like they don't have to extend you credit or cash your
check.
This is literally a situation I've never been in. I've had 2 car loans
and a couple of mortgages in my life but I've never bought anything on
credit from a merchant. I've also never had a charge card account and
usually buy vehicles new without taking out a loan. My wife and I
rarely use checks. She caused quite a flap once at a local warehouse
type appliance operation when she produced cash to pay for a washer and
dryer.
On a issue not that has nothing to do with privacy, I am a firm
believer in property rights. Part of owning property is have the
ability to decide who you want to sell, lease, give, or otherwise
convey services or property to. I believe a merchant should have
the right to refuse to do business with anybody.
How far does that belief extend? Can a healthcare merchant(hospital)
refuse to provide life saving care to someone who can pay the going
rate but happens to have a skin color the hospital doesn't like to
see?
Can the owner of a busline refuse to carry blacks unless they consent
to ride in the back and give up their seats to whites if the bus fills
up?
Can someone who owns a restaurant refuse to sell the food they own to
people of a particular ethnic or racial background?
Allowing merchants to be arbitrary rather than equitable in their
choice of clients opens up a wide range of posibilities for them to be
discriminatory. If they are in business they should be prepared to
treat anyone with sufficient cash to pay in the same manner as anyone
else who can pay.
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 05 Feb 1995 04:19:29 GMT
Subject: Re: Requests for Home Phone Numbers
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
Kelly Bert Manning <bo774@freenet.carleton.ca> wrote: This kind of
demand for information, backed up by a threat of denial of service
is probably why the Quebec government made it the legal right of
consumers not to have to provide unneccessary personal
information.
David Jones (djones@insight.dcss.McMaster.CA) writes: Despite any
law to the contrary, some Quebec companies regularly refuse to
provide service if personal information is not provided. Case in
point: Videotron. [snip] that you would normally rent, but during
the special trial service, they loan you the box for free, but you
must provide personal information like your Health Insurance Number
or your Social Insurance Number
Hm, I did mention Direct Broadcast Video Satellites in my previous
post, so I guess that we are staying on topic here.
Basic cable service is regulated to a minimal degree by the CRTC. What
regulations still exist are seldom enforced. I've never been asked for
ID when establishing a basic service account, but I've often had to
spend several minutes telling their pay TV pushers that I don't want
any of the scrambled pay TV channels. The CRTC's cable TV regs don't
authorize them to demand any ID and it is well established in Canadian
law that consumers may use any alias they choose in most purchases, as
long as they pay in full and don't do so as part of a fraud. I recall
seeing reports of this in magazines with a nationwide circulation as
far back as the 60s and have seen more recent references in a local
paper within the last year. There is no public, judicial or legislative
thrust to change this long standing state of affairs. Additionally the
Currency Act says that all you have to provide is cash in an
appropriate combination of denominations. The provincial government
used this to end a BC Tel plan to require customers to pay by cheque.
Canadian Cablecos can hardly be described as typical in their attitude
toward customers or to regulations that are supposed to govern their
conduct. Is Videotron's attitude widespread among Quebec businesses?
Your post didn't say whether you had taken Videotron to the Quebec
analog of small claims court. Does Videotron have any legal judgements
to support it's position? Provincial Consumer Affairs
ministries/departments don't usually get involved in supporting civil
actions by consumers unless they feel that there is a major public
interest involved that warrants government backing for a precedent
setting civil action.
What you describe seems like the cableco analog of the old telco
practice of requiring customers to "rent" phone equipment, rather than
buying it, with the result that the eventual revenue was much more than
what the equipment cost. Consumers didn't win that battle against
telcos easily and still have a long way to go against cablecos.
The Parti Quebcois has a reputation for being very right
wing/pro-business, (by Canadian standards) so the change in government
in Quebec may have temporarily reduced the enforcement thrust behind
this law.
My first experience with a major cableco's attitude toward privacy was
in the mid 80s when I received personalized junk mail from Superchannel
at my non-published address. I called Shaw cable and confirmed that
they had transferred customer names and addresses to this out of
province pay TV company. Their tune changed after I filed a written
complaint with the CRTC and quoted the relevant sections from the BC
Credit Reporting Act. They then claimed to have handled the mailing for
Superchannel but didn't bother to get together with Superchannel and
put together a story consistent with the facts. When I heard the new
story I asked them if they could describe the postage meter stamp on
the envelope, ie. date, city, and meter number. After an embarassed
pause they suggested that it might be their BC headquarters in North
Vancouver. In fact it was Edmonton, Alberta. It is really quite a hoot
to be questioning someone, catch them in a lie and see them realizing
that they've been caught out when they are in too far to backout
without admitting to being a bare faced liar. The CRTC, as usual,
bought the Shaw line.
The only change has been that pay TV advertising now arrives as non-
personalized bulk advertising or gets stuffed in with Cableco bills.
What you say about Videotron in Quebec doesn't surprise me. Here in
B.C. Rogers Cable is making brave noises about a recently passed BC
Consumer law not applying to them because they are a federally
regulated service, formerly a total monopoly and still facing almost no
competition. They don't have a culture of serving customers or of
facing competition.
BC's new law is modelled on a similar law in Quebec that is supposed to
ban a favourite marketing technique used by Videotron and other Quebec
cable operators.
The B.C. law was introduced quickly to deal with the tidal wave of
protest over Rogers latest negative option billing scheme(ie. we'll
start charging you more for channels you probably don't want and hope
that you don't notice or complain). It was only within the last few
months that they started showing "Full Cable Service" as 2 separate
charge items on invoices. They'd listed it as a single line item for
years to keep most customers in the dark about the fact that a big part
of their bill was for optional channels that they didn't have to pay
for if they only wanted basic cable service.
Rogers claims that this law doesn't affect them, but they clearly don't
have any intention of getting into court. The impact on their bottom
line from bad publicity and people lining up for hours to return their
Rogers Wonder Boxes and terminate service would be more than they could
possibly gain even if they won the case.
Rogers also seems to have little regard for the property rights of
Concord Pacific and BC Tel. News reports from Vancouver last week
described how a convoy of cableco trucks carrying a small army of
Rogers technicans descended on the all digital fiber Concord Pacific
development last week, uttering fraudulent claims in an attempt to gain
access to the network center for the BC Tel phone/video operation
there. When their bluff failed they descended into the manholes around
the development to see what they could find out about the technology
deployed by BC Tel. Rogers seems reluctant to accept that the CRTC has
opened up "cable" service to competition just as Rogers Unitel
operation competes with Telcos. They claim to be planning to go to
court to defend their "monopoly". It doesn't surprise me that a Cableco
would dispute Quebec legislation. They seem very unwilling to accept
any law that is against their financial interests. Rogers interest in
BC Tel's Concord Pacific operation is understandable. BC Tel reportedly
charges half as much as Rogers for a comparable bundle of video
services.
Ted Rogers and Jim Shaw saw Cableco after tax profits explode under the
former conservative government, from $18M/year in the early 80s to
$200M/year by the end of the decade. Along the way the politically
directed CRTC consistently chose the Cableco's interest over
consumers. Ted Rogers reportedly raised millions for the Tories during
this period.
The new Liberal government doesn't seem to have slowed him down much.
At recent televised hearings the Chairman of the CRTC asked him if he
would go on record as committing to pass along to customers part of
economy of scale savings from proposed changes to customers. He said
quite bluntly NO. The chairman responsed "that's clear, at least" and
went on to give Rogers exactly what he asked for.
My original post mentioned the lengths to which Canadians are going to
obtain an alternative to Rogers/Shaw/Videotron cable monopolies. I
didn't even mention the up front costs involved in a DBS receiver.
Cableco arrogance and abysmal level of customer service is at least as
big a part of the motivation as the exploding cost of cable service.
You also write about Videotron wanting government health plan numbers.
Most provinces have a waiting period before new residents are covered.
Coverage is not mandatory, although most people choose to be covered,
so there is no requirement that people have one and they may very well
not have one at the time that they first open an account. Someone who
joined the Armed Forces or the RCMP before personal health numbers were
introduced and who is still serving probably wouldn't have one.
There is also no requirement to have an SIN if you've never been
employed and young people don't get one till they get their first job.
This could apply to youths moving out of home to college for the first
time. Are they supposed to apply for one just to get pay TV? Are
foreign students refused this cable service because they can't work and
obtain SINs?
Has anyone actually taken Videotron to court? In any case it seems like
a futile way of checking for credit. There have been many news reports
here in BC about how easy it is to defraud the welfare system by going
to a "photo ID" store, giving a phony name, and then going to apply for
welfare, after which the fraud artist gets a GAIN card and Care Card
with their "own" Personal Health Number. The reports described how
the Ministry of Social Services doesn't seem to be concerned about
reports from mail carriers who notice that several checks with different
names arrive at the same address. The Care Cards are the same format as
credit cards and a number were shown in a news story about an eastern
fraud operation that involved capturing the encoded information from
real credit cards and duplicating it on other compatible cards.
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 05 Feb 95 12:10:30 EST
Subject: Tracking Deadbeats in Indiana
from the Associated Press news wire via CompuServe's Executive News
Service:
APn 01/30 0147 Tracking Deadbeats
By TED BRIDIS
Associated Press Writer
EVANSVILLE, Ind. (AP) -- Applying for a fishing license will get
some residents here hooked for delinquent child support under a new
federal law.
The Family Support Act of 1988 sets a deadline of Oct. 1 for states
to computerize records on deadbeat parents so they can more easily
share information with each other and between their own counties.
Indiana has decided to go one step further.
By linking its state agencies by computer, welfare workers can use
information supplied for such things as fishing and driver's
licenses to track down deadbeat parents.
The author makes the following key points:
* Some officials are enthusiastic about such database linkages, whereas
others object to any intrusion into privacy for whatever purpose.
* Officials of the prison system in Indiana do not allow other state
agencies to retrieve data from the Corrections Dept. computers,
arguing that medical information in those files "are protected by
federal confidentially laws."
--
M.E.Kabay,Ph.D.
Director of Education, NCSA (Carlisle, PA)
Chief Sysop, CompuServe NCSA Forum
Mgmt Consultant, LGS Group Inc. (Montreal, QC)
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 05 Feb 1995 12:29:49 -0500
Subject: Re: Who is Looking at Your Files?
In comp.society.privacy [comp.society.privacy V6#009] I wrote: I
once lived in Sweden. They don't respect individual rights a whole
lot there, but they did have an innovation that impressed me. They
have a law which mandates that the individual be sent a copy of any
credit reports sent out. Thus I got to see who asked for
information on me, when, and what they were told. Not bad. If
there were any inaccuracies in the report, I could act in a timely
manner to correct it.
Jesse Mundis [jesse@oes.amdahl.com in comp.society.privacy V6#011]
replied: I like his idea, a lot!
That leads me to wonder if we couldn't form privacy rights
legislation on the same principle. Instead of attempting to stop
digitized signatures, sales records, video rental info, and the
thousands of other data gathering activities, we could require that
the individual be cc'd whenever this information was transmitted to
third parties.
A question for the group at large, what process would be required
to get legislation like this in place? I've never written up a
bill before, but this looks like a good idea. Anyone have a
pointer to some specifics, possibly in the EFF or CPSR archives?
I guess Jesse and I are the only ones who like this idea. There have
been no other posts I've seen yet. Too bad. It could be the answer to
a number of issues discussed recently in comp.society.privacy. For
example:
a) Radio Shack: Let them have the phone numbers! If they start
abusing them then they would have to send notice to their customers
revealing just what they did with the data. The knowledge that
customers will be angry will have a chilling effect on data abuse
wannabes.
b) Requesting your own credit report isn't enough; several
credit bureaus may have data on you [see Re: Credit Reporting
comp.society.privacy V6#004]: Actually there is no upper limit on
how many people might provide credit information on you. Asking for
copies of your credit report is thus not much help. If the law
required that you get a copy, then you would be informed regardless
of who provided the information.
c) Draft Privacy Principles 01/20/95 [comp.society.privacy V6#010]:
It should be one of the principles in the draft that the individuals
are always notified when their private information is transmitted
between third parties. (hmmm I guess I ought to send them the
comment myself).
d) Police Abuse of Personal Records [comp.society.privacy V6#004]:
If the citizens were getting copies when police request information
on them from a national center, then abuse would be harder to spot.
More important, knowledge that they could not do it secretly would
deter police from abusing the data in the first place.
Why isn't there more enthusiasm from comp.society.privacy readers? Is
it not explained well?
--
Dick Mills rj.mills@pti-us.com
Power Technologies, Inc. phone +1(518)395-5154
P.O. Box 1058 fax +1(518)346-2777
Schenectady, NY 12301-1058
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 05 Feb 95 14:12:46 EST
Subject: Phone Users Slam Dunked
from the United Press Intl news wire via CompuServe's Executive
News Service:
UPn 02/03 2014 California takes action to stop 'slamming'
LOS ANGELES, Feb. 3 (UPI) -- The state of California took court
action Friday to halt a small telephone company from switching the
long distance service of thousands of Californians without
permission.
The complaint, filed in Los Angeles Superior Court, seeks an
injunction against Sonic Communications Inc. for allegedly engaging
in a practice known as "slamming." Attorney General Dan Lungren
requested $5 million in restitution for customers and a $1 million
fine.
Key points from the article:
* Sonic is accused of having sent out cheques for $10 to over 10,000
customers.
* The "nearly illegible print on the back" of each cheque "gave the
company permission to switch the person's long distance service to
Sonic."
* Anyone who cashed the cheque automatically had their service switched
to Sonic, paying "double or triple" the normal long-distance rates.
* Some customers were apparently switched to Sonic without their
permission.
[Comments from MK: This case is another in a long series demonstrating
the poor state of authentication in a range of public and private
services. Readers of COMPUTER PRIVACY DIGEST and of the NCSA FORUM on
CompuServe have seen cases where registered mail has been handed over
to people without identification; credit card applications filled out
by criminals using innocent victims names; change of address forms
accepted by post offices without verification; and many other cases.
A complex society needs adequate non-repudiable forms of identity and
authentication. Organizations providing services must require much
higher standards of identification and authentication than currently
demanded when changes can affect people's pocketbooks, bank accounts,
health care, and other important services.]
--
M.E.Kabay,Ph.D.
Director of Education, Natl Computer Security Assn (Carlisle, PA)
Mgmt Consultant, LGS Group Inc. (Montreal, QC)
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 03 Feb 95 21:31:13 EST
Subject: Re: The Cyber Police are Coming
slowdog@wookie.net (slowdog) writes: The net is not a physical
place where the Blues have to cruise around looking for people
causing physical harm to anyone . . . . The net is a loose
confederation of sovereign indivduals (because, in truth, all
individuals are inherently sovereign). And the "cybercops" should
stay home and watch cable television.
Why should we exclude policemen from the use of the Internet? Is it
because we don't like what they do? Or is it the things we think they
stand for? What other groups should we exclude? Lawyers? Nope, can't
do that, we'd lose EFF. How about politicians? No, then they'd take
their servers and we'd never know what they're up to.
If we are all sovereign, then we cannot exclude anyone, or any group,
no matter how we feel about them. Each group is made up of
individuals. Each individual is sovereign, no matter who they are.
To quote slowdog: Any attempt to infringe upon the right of
soveriegn individuals to freely communicate and control their own
fate (in this case, on the net) should be met with a response from
the -world's- net users.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #015
******************************
.