Date: Mon, 20 Feb 95 17:44:18 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#019
Computer Privacy Digest Mon, 20 Feb 95 Volume 6 : Issue: 019
Today's Topics: Moderator: Leonard P. Levine
Re: Requests for Home Phone Numbers
Recent break-ins and collections of credit card numbers
Cordless Phone Privacy
Re: Innacurate Personal Information
Phones that dial *67 automatically
Phones that dial *67 automatically
Incredible Universe Privacy Concerns
Re: How Can I Change This?
Re: How Can I Change This?
Privacy Laws Regarding Computer Databases, etc.
Re: Mailing Lists & Personal Information
Ignore This
Privacy questions for research
New Hires SSN put into National Database
Swiss Federal Data Protection Commissioner on-line
What Does City Hall Have about Me?
----------------------------------------------------------------------
From: Christopher Zguris <0004854540@mcimail.com>
Date: 16 Feb 95 10:57 EST
Subject: Re: Requests for Home Phone Numbers
mjh9@lehigh.edu wrote: I have a question about using an alias in
the U.S. I work in our campus post office (which handles both
campus and U.S. Mail), and often put mail in the mail in student's
boxes. One thing that my supervisor has told me on several
occasions, it that I must make sure that the name on the mail
matches the the name on the box that it is addressed to. In one
sense this makes sense, students come and go, so boxes change from
one person to another each semester. However, this makes it almost
impossible to receive mail under an alaids that the post office is
not aware of. Is this policy used anywhere else, and is it even
legal? Any input is appreciated.
I thought it was _illegal_ to put anything in someone's mailbox!
Private delivery companies can't put magazines in private mailboxes
because it's against the law and the post office will sue them into the
stone age. How does a campus post office get away with fiddling with
private mail?
--
Christopher Zguris
czguris@mcimail.com
------------------------------
From: "Vinod Narayanan" <vinod@watson.ibm.com>
Date: 16 Feb 95 13:56:45 -0500
Subject: Recent break-ins and collections of credit card numbers
Todays NY times had a story about the apprehension of Mr.Mitnick for
various computer related breakins. There are various risks to be
considered in this incident, including some that Mr.Mitnick did not
anticipate, but one particular item caught my attention.
Mr.Mitnick had manged to hack netcom, and in the process, got hold of a
file containing 20,000 credit card numbers. Eventhough the article did
not explicitly state this, I assumme that these were the credit card
numbers of netcom subscribers. Now, obviously, we all know that the
service providers collect credit card numbers one at a time. But to
think that this is collected in a single file, on a system accessible
from the main switch, is rather disconcerting.
I would have expected at least one of the following measures to be
taken: - Move the credit card numbers physically to a separate system,
which cannot be accessed directly from the hosts connected to the
networks, maybe on a daily basis. - Use some strong encryption, with
the key being stored on a separate system, and all decryption being
done on a separate system.
Now, we may think that this is a risk associated only with online
providers who collect your credit card numbers for access to accounts.
However, this is not the case. As more and more merchants come on-line,
it is likely that their databases are accessible directly from the
network also.
I think the basic lesson is that we all need to be aware of the higher
risk associated with on-line collections of sensitive data.
--
vinod@watson.ibm.com
"Keep it simple: as simple as possible, but no simpler" -- A. Einstein
------------------------------
From: Lane Lenard <llenard@pipeline.com>
Date: 16 Feb 1995 15:54:32 -0500
Subject: Cordless Phone Privacy
I'm doing some research on cordless phone snooping and have heard that
there are "monitoring enthusiast clubs" in which members share
monitoring techniques. There is even supposed to be a monthly magazine
called "Monitoring Times" that gives eavesdropping techniques. Does
anybody know anything about these clubs and/or this magazine?
Also, what is the current legal status of cordless phone snooping? Am I
correct in assuming that it is now illegal as of the passage of the
recent Digital Telephony legislation?
Thanks in advance.
--
Lane Lenard
------------------------------
From: fred@sunserv.optiplan.fi (Fred Baube)
Date: 16 Feb 1995 22:58:52 +0200 (EET)
Subject: Re: Innacurate Personal Information
Surely sendmail reeled when thusly spake Kajae@aol.com: I agree.
Perhaps an alternative in addition to this would be an idea that a
previous poster had that we make credit bureaus compete for our
reports, and penalize them for innacuracies by threatening to take
our report elsewhere. This of course would be predicated on the
fact that 1) we as individuals would have to be legally enpowered
to have ultimate posession of that information and [..]
This was of course rendered academic when the Supreme Court decided
some years ago that information about an individual is neither the
property of, or subject to control by, that individual.
Perhaps an explicit privacy provision in the Bill of Rights would have
changed that interpretation.
The Supreme Court is not bound by precedent, but then again, who
expects anything pro-privacy from *this* bunch ?
--
F.Baube(tm) * "Government had broken down.
G'town Univ MSFS '88 * I found the experience invigorating."
baube@optiplan.fi * -- Maurice Grimaud, Paris prefect
#include <disclaimer.h> * of police in May 1968
------------------------------
From: G Martin <gmartin@freenet.columbus.oh.us>
Date: 17 Feb 1995 00:33:27 -0500 (EST)
Subject: Phones that dial *67 automatically
Jeff Nye <jeffn@meaddata.com> wrote: My phone line has caller ID
and I would prefer not to pay a monthly fee to have it blocked.
I'd like to block caller ID by default on all outgoing calls, which
in my area, means dialing "*67" before each outgoing call. My
computer's telecommunications software allows a "dial-prefix" to be
prepended to all outgoing calls. Does anyone know of any
telephones which do this?
I'm not aware of any phones that do this, but I have seen phones that
have 1-3 buttons on them for dialing police, fire or an ambulance.
Since most people would use 911 anyway, these buttons are often not
used. Seems like you could program them to dial *67 if you wanted to.
--
Gary Martin
gmartin@FREENET.COLUMBUS.OH.US
------------------------------
From: "Jongsma, Ken" <kjongsma@p06.dasd.honeywell.com>
Date: 16 Feb 95 14:32:00 PST
Subject: Phones that dial *67 automatically
Jeff Nye <jeffn@meaddata.com> wrote: My phone line has caller ID
and I would prefer not to pay a monthly fee to have it blocked.
I'd like to block caller ID by default on all outgoing calls, which
in my area, means dialing "*67" before each outgoing call. My
computer's telecommunications software allows a "dial-prefix" to be
prepended to all outgoing calls. Does anyone know of any
telephones which do this?
Zoom Telephonics (Boston, MA) makes a box called the Hot Shot that
plugs into any phone outlet. It can be programmed to prepend *67 to any
call from any phone on the same line. Graybar sells it for about $50.
------------------------------
From: G Martin <gmartin@freenet.columbus.oh.us>
Date: 17 Feb 1995 00:38:18 -0500 (EST)
Subject: Incredible Universe Privacy Concerns
Matt Sargent [ m.sargent@genie.geis.com ] said: Obviously, no one
shops at The Incredible Universe against their will. But how many
of the people who do shop there even realize what data they may
unwitting be providing.
Thanks for sharing this info. I heard rumors about Incredible Universe
doing something like this, but until now I hadn't realized how
extenstive their invasions of privacy really are. I have avoided
shopping there for this very reason and will continue to do so as long
as they refuse people the right to make anonymous cash purchases.
--
Gary Martin
gmartin@FREENT.COLUMBUS.OH.US
------------------------------
From: bandy@aplcomm.jhuapl.edu (Mike Bandy)
Date: 16 Feb 1995 09:34:56 -0500
Subject: Re: How Can I Change This?
Organization: Johns Hopkins University Applied Physics Lab, Columbia, MD, USA
lauras@holly.ColoState.EDU (Laura Sizemore) writes: Is there anyone
out there who knows how to change your name on the system when
someone types, "finger (your login name)"
mcinnis@austin.ibm.com (Mickey McInnis) writes: There might be a
way to do this without going to the sysadmin, but try asking the
system administrator to change the name entry for your id. This is
usually stored in the /etc/passwd file.
On my SunOS 4.1.3 system the command is 'passwd -f'. On your system do
a 'man passwd' and see what the switches are. On HPUX 9.05 the sys
admin must get involved, as our long winded IBM friend describes
below.
--
Mike Bandy bandy@aplcomm.jhuapl.edu
Johns Hopkins University / Applied Physics Laboratory
------------------------------
From: G Martin <gmartin@freenet.columbus.oh.us>
Date: 17 Feb 1995 00:49:24 -0500 (EST)
Subject: Re: How Can I Change This?
lauras@holly.ColoState.EDU (Laura Sizemore) writes: Is there anyone
out there who knows how to change your name on the system when
someone types, "finger (your login name)"
Mickey McInnis - mcinnis@austin.ibm.com There might be a way to do
this without going to the sysadmin, but try asking the system
administrator to change the name entry for your id. This is
usually stored in the /etc/passwd file. <snip> If they are
reluctant to remove your name entirely, you could try changing the
first name to initials, or "Laurance" or some such. You could also
ask them to change it to "account 3249" or some such. If they are
still unwilling to remove or disguise your name, try working your
way through the bureaucracy, or even getting one of the local or
college newsrags or TV stations interested in this "scandal".
i.e. "Local School Refuses to Protect Identity of Female Students,
etc." Try the local bureaucrats first, you might find a sympathetic
ear. If necessary point out the danger of stalkers, etc. and the
potential for liability or embarassment to the University if
something happens.
When our Columbus Freenet first got started, they originally had
intended to make everyone use their full first and last name in their
userid, and in the output from the Finger command. I tried bucking the
system when I first applied, and asked them to only use my first
initial in my first name. Even thought the application clearly stated
that I couldn't do this, I wrote it on the application anyway that I
wanted to. I also enclosed a letter stating that the reason was
because I wanted to protect my privacy.
About a week or two after I mailed my application, I got a phone call
from a man who worked with our Freenet. He was rather militant in the
sound of his voice, and he insisted that I would have to use my full
name or I could not get an account. I wanted the account bad enough
that I reluctantly agreed. Then much to my surprise, when I got the
paperwork in the mail to set me up, they had used only my initial after
all.
I can only guess as to why they did this. I suspect that because many
others probably expressed concerns about their privacy that they
realized I wasn't just some paranoid nutt. Additionally, several
months later, they had an announcement that they were going to limit
the amount of information available on Internet via the "Finger"
command to just our userid ("gmartin" in my case) and our full Internet
address. And in my case, they seem to have even taken it one step
further. When I try to use the internal Freenet option (not the Finger
command; a Gopher menu option) to list info about users, I don't even
show up as belonging to Columbus Freenet. don't know how they pulled
that off, but I like it.
Laura, even if you can find a command to change it yourself, I think
it's important for you and others who have similar concerns to speak
up. If they get enough complaints, they just might take action like
our Freenet apparently did.
--
Gary Martin
gmartin@FREENET.COLUMBUS.OH.US
------------------------------
From: kellys@cs.stanford.edu (Kelly Schwarzhoff)
Date: 17 Feb 1995 06:54:25 GMT
Subject: Privacy Laws Regarding Computer Databases, etc.
Organization: Stanford University
Does anyone know of a good book/article that describes the main laws
the attempt to protect one's privacy regarding various computer
databases (i.e. credit records, medical information, criminal records,
etc.), such as the Fair Credit Reporting Act, etc.? I know of "The
Right of Privacy in the Computer Age" by Freedman, but unfortunately it
was published in 1987 and I'm under the impression that a number of
significant laws have been published in the last eight years.
Suggestions?
--
Kelly Schwarzhoff kellys@cs.stanford.edu
MIME Mail is welcome
------------------------------
From: gmcgath@condes.MV.COM (Gary McGath)
Date: 17 Feb 1995 11:58:31 GMT
Subject: Re: Mailing Lists & Personal Information
Organization: Conceptual Design
Sarah Holland <70620.1425@compuserve.com> wrote: I think the issue
is that when one subscribes to a mailing list, one doesn't expect
that one's email address will be sent out to other people without
having first posted! It's not a big problem, of course...
On my recently started book review mailing list, I send the mailings to
myself, and BCC everyone else on the list. Everyone's privacy is thus
guaranteed. Just something which other people who have mailing lists
might consider doing in order to avoid the problem mentioned.
--
Gary McGath
gmcgath@condes.mv.com
PGP Signature: 3E B3 62 C8 F8 9E E9 3A 67 E7 71 99 71 BD FA 29
------------------------------
From: Bruce Steinberg <bruces@sco.COM>
Date: 18 Feb 1995 22:41:31 -0800 (PST)
Subject: Ignore This
Newsgroups: comp.society.privacy
From: anonymous@whocares.net
Subject: IGNORE THIS
X-Nntp-Posting-Host: cisco-slip114.acc.virginia.edu
Message-ID: <D41y9J.4yp@murdoch.acc.Virginia.EDU>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: University of Virginia
Date: 15 Feb 1995 17:36:55 GMT
Approved: I wish it was...
Lines: 2
testing again.
2121281873
This is both scary and just a little poetic, especially appearing on
comp.society.privacy, and the day after the Mitnick bust. Could I have
responded back and posted as directly to the newsgroup as the initial
anonymous poster here (should I have chosen to add to the clutter),
effectively bypassing the moderator? Are there any safeguards against
this, or are we looking at the future here?
[moderator: I wrote to the postmaster at the mailing address and
wondered if this was the norm at their institution or if they were the
victim also of this trash. The postmaster indicated that they knew
who the perp was and that he had been talked to and would not do it
again. Learning is a part of the Internet game. This was mild and
will not be repeated.]
------------------------------
From: Loren.Mikola@asu.edu
Date: 18 Feb 1995 04:07:17 +0000 (GMT)
Subject: Privacy questions for research
Organization: Arizona State University
Hello All,
My name is Loren Mikola. I am a computer science student at Arizona
State University. I am doing a research project that discusses
privacy; specifically, how far government should be allowed to delve
into people's privacy as far as computer technology is concerned. A
large part of the paper will be on laws pertaining to privacy; as well
as a substantial section on the Clipper chip. There will also be a
section on striking a balance between government interference as
opposed to national and domestic security. I would apreciate it if
anyone with any information on these or related subjects would E-Mail
me and tell me what they know. For instance, FTP or telnet sites where
I can obtain documents and other related material, the names of
newspapers, magazines and other periodicals that deal with this subject
would also be greatly apreciated. If you are a professional in a
related field, your opinions would also be valued. My E-Mail address
is:
loren.mikola@asu.edu
Thanks very much in advance. I hope I don't sound like I'm picking
your brain. But hey, that's what the Net's for.
Sincerely,
Loren Mikola
loren.mikola@asu.edu
�
------------------------------
From: jwarren@well.sf.ca.us (Jim Warren)
Date: 19 Feb 1995 17:01:56 +0800
Subject: New Hires SSN put into National Database
And they call this Social "Security"??
Sen. Bill Bradley (D-NJ) said about S.456 which was introduced on
Thursday (16-Feb-1995): "This bill requires information on every
new hire to be filed in a national database, which States can
regularly search for the names or Social Security numbers of
parents who owe support to children in their States."
Daniel A. Norton danorton@chsw.win.net said: The bill is "The
Interstate Child Support Responsibility Act" and the purpose of the
database is to track parents who are purposefully evading
child-support obligations. Of course, no one should expect that a
database that tracks every employee in the U.S. with 30-day
accuracy would be of any interest to anyone else.
This child-support pursuit was the same rationale used by California's
then-state Senator Becky Morgan in mandating that SS numbers must be on
drivers' licenses.
Who was it that first said something about no person's liberty being
safe while the legislature is in session?
--jim
Jim Warren, GovAccess moderator; columnist, MicroTimes/Govt.Tech/BoardWatch
[puffery: James Madison Freedom-of-Information Award, Soc. of Professional
Journalists - Nor.Calif.(1994); Hugh Hefner First-Amendment Award, Playboy
Foundation (1994); Pioneer Award, Electronic Frontier Foundation (its first
year, 1992); founded Computers, Freedom & Privacy confs, InfoWorld, etc.]
------------------------------
From: Ralf Hauser <hauser@ifi.unizh.ch>
Date: 20 Feb 1995 17:55:30 +0100
From: hauser@ifi.unizh.ch (Ralf Hauser)
Subject: Swiss Federal Data Protection Commissioner on-line
Organization: University of Zurich, Department of Computer Science
We are happy to announce the experimental server of the
| |
| Swiss Federal Data Protection Commissioner |
| Eidgenoessischer Datenschutzbeauftragter |
| Prepose federal a la protection des donnees |
| Incaricato federale della protezione dei dati |
| Incombensa federal per la protecziun da datas |
It currently contains (in HTML and RTF format):
- The commissioner's recommendations for concerned individuals how to
execute their rights granted by the Swiss data protection law.
- Guidelines for the owners of collections of personal data.
- Guidelines for the treatment of personal data in the Swiss Federal
Administration.
The documents are in French and German. Italian paper versions can be
requested and their electronic versions are in preparation. It is
furthermore planned to add the yearly reports of the Officer, the full
text of the law, as well as various further information.
You can reach the server under URL:
http://www.edsb.ch/edsb
Ralf Hauser
http://www.policom.ch/Customers/POLICOM/
By Courtesy of http://www.eunet.ch
--
For more information: finger hauser@claude.ifi.unizh.ch or +41 1 724-8426
------------------------------
From: donath@hweng.syr.ge.com
Date: 20 Feb 95 12:59:05 EST
Subject: What Does City Hall Have about Me?
Organization: Martin Marietta Aerospace, Valley Forge, PA
What does my local city government have on file about me? Any tips on
where to find it? Is there a FAQ that would cover some of this
information?
--
Kurt Donath
donath@hweng.syr.ge.com
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #019
******************************
.