Date: Sun, 26 Mar 95 16:34:28 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#029
Computer Privacy Digest Sun, 26 Mar 95 Volume 6 : Issue: 029
Today's Topics: Moderator: Leonard P. Levine
Re: First Bank of Internet Opens
Re: First Bank of Internet Opens
Transcript of Barlow-Baker Debate Now Available
Big Modem is Watching
Drug Testing and Privacy
Re: Can My Neighbor Peruse My Medical Records?
Re: Can My Neighbor Peruse My Medical Records?
Is Reading E-Mail Legal?
Getting Your Credit Report
Privacy of Newsgroups
Re: FCC Caller ID Order Stayed
Re: Abolishing the IRS
Can a LAN Supervisor watch Me?
Re: Proving your Citizenship
Re: Proving your Citizenship
FCC Backs Off on Caller ID Ruling
Re: FTC Alert
"Communications Decency Act" Update
Crypto 101: Chapter I: Mail
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: <ead@netcom.com>
Date: 22 Mar 1995 06:53:48 -0700
Subject: Re: First Bank of Internet Opens
Organization: Netcom
___/\___
_|_()_|_ A N N O U C E M E N T
For immediate release: Contact: fboi@netcom.com
Monday, March 20, 1995 Subject of 'info' for details
Direct questions to Vinn K. Beigh
The First Bank of Internet, FBOI, is announcing the initiation of
transaction processing services for Internet electronic commerce.
Purchases over the Internet can now be made without exposing personal
credit card information. Vendors can now sell products on the Internet
without the restrictions imposed by credit card use.
Is this appropriate for the Computer Privacy Digest? I don't think so.
This is nothing more than an ad. Why did you let this through? FBOI are
the latest Usenet spammers, having hit several moderated and
unmoderated groups.
Please keep the Computer Privacy Digest spam-free.
Eric De Mund <ead@netcom.com>
[moderator reply:]
I was/am aware that this was an ad. It is however appropriate to the
CPD mandate as the ability to handle anonymous transactions is an
important privacy aid. I will post your response with my comment
unless you wish your name suppressed. The concepts contained in the
ad are meat and drink for us.
[Eric De Mund <ead@netcom.com> reply:]
Thanks for your reply. IMHO, the post *did* contain a *small* amount of
information of interest to Computer Privacy Digest subscribers, but
only incidentally. I would prefer not to see ads like this in the
future but rather some tiny blurb by you, the moderator, in its place.
I wonder how many other subscribers feel this way? Can you post my
previous comments and the above anonymously? Also, maybe a few words by
you about ads in the digest might be in order.
Thanks very much. And keep up the good work.
[moderator reply:]
glad to post your concerns, you are the only one to show such concerns
so far. I will post this also, and let's get a conversation going
about the internet and funds transfer.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Mar 1995 15:16:08 -0600 (CST)
Subject: Re: First Bank of Internet Opens
Organization: University of Wisconsin-Milwaukee
Taken from RISKS-LIST: RISKS-FORUM Digest Tuesday 21 March 1995
Volume 16 : Issue 94 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public
Policy, Peter G. Neumann, moderator
From: Steve Holzworth <sch@unx.sas.com>
Date: 21 Mar 1995 16:23:44 -0500
Subject: Re: First "Bank" of Internet (Beigh, RISKS-16.93)
This "announcement" is so full of holes as to be ludicrous.
1) According to the NC Banking Commission, use of the term "bank", with a
very few limited exceptions, is illegal for anyone but an organization
that is a federally (FDIC) or state chartered, regulated entity. The NC
Banking Commission has taken an interest in this announcement, and is
forwarding the info to the FDIC...
2) "The alternative to personal credit cards for electronic commerce is
based on an FBOI procured Visa (tm) Automated Teller Machine (ATM) card.
The card is prepaid, PIN protected, replaceable, disposable, and good
at over 200,000 Visa/PLUS (tm) ATMs in 83 countries. "
Translation: 'you send us $x.xx to keep on account (with no interest accrued
to you). We deduct purchases from this balance'. What happens if we disagree
on the balance and/or dispute transactions? Because this an ATM card as
opposed to a credit card, normal fraud liability limitations ($50.00 US)
and disputed charge reversals are not in effect. If someone fraudulently
charges against your ATM account, you potentially bear the full loss.
Also, the "vendor" info, sent in response to the specified E-mail request,
indicates that the ATM cards are not "rechargeable". When you run your
balance down, you must buy a new one. FBOI charges a 5% commission to
establish a new card for you (ie - the "setup" fee is 5% of the balance you
wish to put on account; when that runs out, you pay another 5% for a new
card). Since they charge vendors a 5% commission per transaction, FBOI is
keeping 10% of all funds that move through their system.
3) "The safety of FBOI is ensured because access to ATM funds without
possession of both the ATM card and the Personal Identification Number
(PIN) is not possible. ATM cards are also better than credit cards because
their purchase does not require the personal, financial, and employment
background of the consumer."
Here is how a transaction is instigated (from FBOI info):
"*FBOI procedures for creating a vendor E-mail invoice*
FBOI E-mail invoices are a two line message created by a FBOI vendor.
Line one of the message contains the customer Internet E-mail address.
Line two contains the transaction amount in US dollars. This message
must then be encrypted, signed, in ASCII, and in Text using the PGP
command "PGP -seat invoice fboi". The "invoice.asc" is then ready to
be E-mailed to fboi@netcom.com with subject "invoice". FBOI will issue
an E-mail transaction receipt."
"*FBOI procedures for creating a customer E-mail check*
FBOI E-mail checks are a two line message created by a FBOI customer.
Line one of the message contains the vendor Internet E-mail address.
Line two contains the transaction amount in US dollars. This message
must then be encrypted, signed, in ASCII, and in Text using the PGP
command "PGP -seat check fboi". The "check.asc" is then ready to be
E-mailed to fboi@netcom.com with subject "check". FBOI will issue an
E-mail transaction receipt."
FBOI then reconciles the above transactions and sends payment to the vendor
(or credits the vendor's ATM card). Note that FBOI recommends product pricing
at around ONE US DOLLAR for items! (Almost-Freeware, anyone?)
4) "...In addition, consumers can reclaim their funds at any time using
an ATM."
At what service charge per transaction? What limitations on withdrawal
amounts (how many transactions will it take to empty my account)? Any
yearly fees for this privilege? FBOI info is rather vague in this regard.
The only pertinent comment I saw was (pertaining to vendor payment):
"... While the Visa ATM card as a payment method has many
advantages (portable, anonymous, and cash in any country of the world),
your ATM may not dispense the entire payment due to the exchange rate
and possible ATM fees."
5) "...Those services will collect the consumers credit card information in
advance because of Internet security problems."
Since those are still credit card transactions, the consumer has much better
dispute resolution abilities.
6) "FBOI transmits no sensitive information over the Internet and prevents
forgery and impersonation by using Pretty Good Privacy, PGP (tm),
software for all transactions. This freeware provides excellent
authentication and anti-alteration security."
The description of transactions as in (3) above may or may not be subject
to spoofing. I'm not up enough on crypto to comment.
7) "In addition to the unsecured nature of the Internet, consumers should be
hesitant giving out their credit card information to vendors of unknown
credibility."
You mean like FBOI?? Based out of a Netcom account (instead of a .com domain)?
8) "...since U.S. Postal Service and Federal Trade Commission mail order laws
do not apply to the Internet."
The laws may not apply to the Internet per se, but credit card transactions
are still subject to all of the controls of typical "mail order" as is
normally practiced via telephone.
9) "The First Bank of Internet (tm) is not a lending institution, and is not
chartered."
This says volumes.... (see (1), above).
And finally:
"When FBOI procures a Visa ATM card for vendor customers the card
becomes their money. FBOI will be granted access to their funds
through the FBOI customer agreement allowing FBOI to possess a
duplicate card."
^^^^^^^^^^^^^^^^^^
------------------------------
From: mccap@swarm.cs.wustl.edu (Peter J. McCann)
Date: 22 Mar 1995 03:33:20 GMT
Subject: Transcript of Barlow-Baker Debate Now Available
Organization: Washington University
A transcript and audio recordings of a recent debate between John Perry
Barlow, of the EFF, and Stewart Baker, former general counsel to the NSA,
is now available through the WWWeb:
http://swarm.cs.wustl.edu/~mccap/debate/debate.html
The two discussed a variety of issues relating to freedom, privacy, and
law enforcement brought up by recent advances in computer encryption
technology. The debate was held here at Washington University on February 7
as part of the Washington University Assembly Series Lectures.
--
Pete McCann
Department of Computer Science
Washington University in St. Louis
------------------------------
From: /DD.ID=OVMAIL1.WZR014/G=DANIEL/S=STICKA/@EDS.DIAMONDNET.sprint.com
Date: 22 Mar 1995 09:06:29 -0500
Subject: Big Modem is Watching
I caught an article in Forbes (Feb13,1995;pg:186) titled "Big Modem is
Watching". The jisk of the article describes the practice of online
services doing a check of your system and writing some files on your
hard drive to give quicker and flashier access.
The author then explores the possibility of the online service doing
more, such as checking out the type of software you have loaded, or
browsing your Quicken files for financial info, all without you knowing
it. The big three (Prodigy, AOL, CompuServe) all deny looking at the
subscriber's information other than available disk space, but the
article describes some product registration software that did in fact
snoop at software and update their database during the online
registration process.
The logical conclusion of this is while you may trust your friendly
online service provider, who knows what lurks out in the big bad
Internet. "While you are scanning one (WWW page), the operator could
be scanning you."
--
Dan Sticka
OVMAIL1.WZR014@EDS.COM
------------------------------
From: wjwinn@kocrsv01.delcoelect.com (Bill Winn)
Date: 22 Mar 1995 14:40:23 GMT
Subject: Drug Testing and Privacy
Organization: Analysts International Corporation
As a condition for employment, my current contract employer required a
drug screening. This is not unusual. It was how the hospital wanted
to track my urine sample that I found unusual.
Upon arriving at the hospital I was asked to fill out a form. I did
so, intentionally leaving the space for my Social Security Number (SSN)
blank (since my employer had already paid for the test there was no
credit or insurance involved).
I gave the completed form to a nurse and returned to my seat. A few
minutes later, the nurse called for me and said that she needed my
SSN. I asked why, and she said that urine samples could not be marked
using names, so the hospital used the patients' SSNs to track samples.
I enlightened the nurse as to the dangers of using one's SSN for
tracking (as well as to the "proper" uses for one's SSN), and noted
that using that number did not confer anonymity. I suggested using a
randomly generated number, known only to my physician, to track the
sample. Alas, my argument fell on deaf ears. The nurse insisted that
she needed my SSN because hospital policy required it. I asked for a
copy of the *written* policy, but she said that it was not in writing.
I again refused to divulge my SSN.
It was at this point that a doctor stepped forward and suggested that
my concerns were valid and had the nurse assign me a random number.
Has anyone else had this particular problem when having a drug screen?
--
Bill Winn
Software Engineer - Analysts International Corporation
-------------------------------
wjwinn@kocrsv01.delcoelect.com
wwinn@klingon.iupucs.iupui.edu
My views do not express the views of anyone except my alter-ego.
------------------------------
From: burns006@maroon.tc.umn.edu (Sean Burns)
Date: 22 Mar 1995 16:25:53 GMT
Subject: Re: Can My Neighbor Peruse My Medical Records?
Organization: College of Human Ecology
Robert Gellman <rgellman@cais.cais.com> writes: What to do about
the possibility of a nosey insider? You might bring the problem to
the attention of the administrator of the hospital. The
possibility of a lawsuit should be readily apparent to the
administrator. But you have to be careful. If you bring specific
charges against an identifiable person, you run the risk of being
sued by that person for defamation. If you name a person, you had
better have your facts straight and provable.
Depending on the record system in use at the hospital there may be an
audit trail available to the administrator. For example, at the
University of Minnesota a monthly report is generated for every person
who has electronic access to student records. These reports record who
accessed a particular student's record and which part of the record was
accessed. The reports are sent to supervisory staff who are supposed
to review them for any improprieties. Some institutions use similar
audit devices for paper records. If the hospital has such controls in
place (and it should) it would be a simple matter to check and if the
trail supports your claim I would hope the adminstrator takes quick
action. Your neighbor seems to be a first-class creep.
------------------------------
From: kyoung@iptcorp.com (Ken Young)
Date: 22 Mar 95 10:05:51 PST
Subject: Re: Can My Neighbor Peruse My Medical Records?
Organization: IPT Corporation
kingsmill@esdsdf.dnet.ge.com (Harry Kingsmill) writes: We have a
neighbor who we have done our absolute best to avoid because she
tends to be very snoopy and free with personal information that she
has gathered on the other neighbors. As a result of our avoiding
her, she has naturally taken a keen dislike for my wife and I.
During the past year, this person has taken a part time job in the
admissions [...]
This gossip is now liable for lawsuit, prosecution, and loss of job for
divulging psichiatric records. Sorry about the spelling - can't find
dictionary.
--
Ken Young
------------------------------
From: ahoffman@li.net (Hoffman)
Date: 24 Mar 1995 09:25:47 -0500
Subject: Is Reading E-Mail Legal?
Organization: LI Net (Long Island Network)
Can someone give me a definitive authoritative answer regarding the
exact status of if it is legal for system admins to read mail. Is
e-mail covered in any law such as the electronic communicatiosn privacy
act or the omni-bus crime bill? (I'm specifially referring to Internet
providers).
------------------------------
From: "Virginia Matzek" <VMATZEK@alumni.berkeley.edu>
Date: 24 Mar 1995 11:04:18 PACIFIC
Subject: Getting Your Credit Report
Organization: California Alumni Assoc.
Someone on this list helped me find this information and I thought it
would be of interest to many people on the list, particularly
newcomers.
My understanding of the law is that consumers are entitled to a free
copy of their credit report ONLY IF they have been turned down for
credit due to a negative report from the agency in question. (This may
be different in other states; it fits my experience in California.)
TRW, the major credit reporting agency, does give consumers one free
credit report per year as a courtesy. Equifax and TransUnion charge $8
(in California; others may pay less) for credit reports if you can't
show that you have been turned down for credit.
The information you need to report to TRW is as follows: name, any
aliases, birth date, SSN, current address, and previous address. You
also need to sign your permission, I think.
Addresses are as follows:
TRW
Box 2350
Chatsworth CA 91313
Equifax
Box 740241
Atlanta GA 30374
TransUnion
Box 7000
North Olmstead, OH 44070
+----------------------------------------------------------------+
| Virginia Matzek "I love being a writer. |
| Associate Editor What I can't stand is the |
| California Monthly paperwork." -- Peter De Vries |
| |
| vmatzek@alumni.berkeley.edu |
| phone: 510/642-5781 fax: 510/642-6252 |
+----------------------------------------------------------------+
------------------------------
From: "Richard Schroeppel" <rcs@cs.arizona.edu>
Date: 23 Mar 1995 14:55:39 MST
Subject: Privacy of Newsgroups
Ronald Dietz <74315.1546@CompuServe.COM> writes: Who or where or
how, as the case may be, is the suscriber list to the various
newsgroups maintained? Is there a keeper of the list(s)? Is it
private or not? Are ones activities or participation in a news
group monitored/recorded by anyone?
The moderator might have added the following information:
His reply is mainly relevant to *mailing-lists*, where you subscribe by
sending a note to the moderator, and he sends you email regularly with
the latest goodies.
There are also mailing lists with automated subscriber-services;
usually you contect them by sending email to a special "user" called
Listserv or Majordomo. For these servers, you can send a "help"
command that tells you how to get a list of all the subscribers, and
(sometimes) how to have a concealed subscription. If you read
newsgroups (with names like alt.foo.bar, sci.math, etc.), then there is
usually a file on your local machine that keeps track of which groups
you have subscribed to, and which articles you have read within each
group. (This is so the news reading program won't offer you the
articles you have already read, the next time you start it up.) In the
last case, the fact that you are reading a newsgroup is relatively
private (kept locally); but there's a periodic "Nielsen report" that
looks around the net and reports how many people read each group, so
your reading habits must be indirectly available to this program.
In all cases, since the mailing lists must be on machines connected to
the net, and since your local machine is connected to the net, a
determined cracker can get the information if he wants it. Usually,
your local sysadmin can read your email and look at your newsgroup
file. And usually this information is backed up regularly on magnetic
tape, often stored off-site.
Never put any information on the net that you would be embarassed to
find on the front page of the New York Times.
--
Rich Schroeppel rcs@cs.arizona.edu
------------------------------
From: Privacy Rights Clearinghouse <prc@pwa.acusd.edu>
Date: 24 Mar 1995 21:18:35 -0800 (PST)
Subject: Re: FCC Caller ID Order Stayed
We have just received notice that the FCC has stayed implementation of
its rules requiring that the calling party's number be transmitted on
all interstate calls (i.e. Caller ID).
I haven't had time to read the document carefully, but it appeared that
there was pressure from both the Baby Bells and several state Public
Utility Commissions to get the FCC to reconsider these rules. One
problem is the impossibility or impracticability of holding the Bells
to a double standard for interstate and intrastate calls.
I'll try to get more info to CPD concerning this issue asap.
--
Barry D. Fraser fraser@acusd.edu
Online Legal Research Associate
Privacy Rights Clearinghouse prc@acusd.edu
Center for Public Interest Law Gopher gopher.acusd.edu
University of San Diego Select "USD Campus-Wide Info"
Privacy Hotline: 619-298-3396 BBS: 619-260-4789
In California: 800-773-7748 host: teetot
login: privacy
------------------------------
From: poivre@netcom.com (Serrano)
Date: 25 Mar 1995 23:46:22 GMT
Subject: Re: Abolishing the IRS
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
GOODWYN@delphi.com wrote: Regarding the various problems with the
IRS snooping into people's private, does anyone know anything about
a proposal in Congress to abolish income tax and the IRS? I think
I saw something about this recently, and would like to know more.
The idea was to replace income tax with a national sales tax, and
the express purpose, if I remember correctly, was to get the IRS
out of people's private lives by abolishing it.
Doesn't the IRS collect other taxes besides income?? If a sales tax
were to be in place, the govt might still need to use the IRS to
collect the sales tax. In that case, the IRS won't have a need to
snoop since the tax will be collected from merchants etc, and not from
individuals.
--
poivre@netcom.com : #include <disclaimer.h>
------------------------------
From: jdemarco@netcom.com (John M. DeMarco)
Date: 26 Mar 1995 18:56:16 GMT
Subject: Can a LAN Supervisor watch Me?
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Please excuse a question from the paranoid:
Our workstations are networked, running NetWare - 250 user (I don't
know the version No.) On boot-up, we (naturally) need to login with
passwords, etc. If a user answers "no" to the login request, the
workstation reverts to the "local" mode (the "C:\" prompt). BUT, it's
still possible to type "F:" and receive the following: "F:\LOGIN".
This means (to me) that although I'm _not_ "logged in", I'm still
"attached" to the network in some fashion.
My suspicion is that as long as the network interface card (NIC) is
plugged into the workstation, and the cable from the NIC is plugged
into the wall socket labled "DATA", there *always* remains a
possibility that _someone_ , _somewhere_ can (using the network
supervisory utilites, Intel's LanSight or "Satan" or _something_) read
my hard drive, monitor my screen output or keyboard input.
This is a particularly sensitive issue because as part of some of the
work we do, certain data are explicity _restricted_ to viewing by
certain _specific_ persons, and the mere ability that _anybody_ else
(including the trusted LAN Supervisor) could have a peek at it would
have significant legal ramifications.
So,
(1) what _are_ the strengths/limitations of the NetWare supervisor's
abilities when I'm "attached" but not "logged in" to the LAN,
(2) do I need to move all sensitive work to a physically isolated
machine to be _assured_ of _total_ freedom from unauthorized access by
others? (pulling the network connection plug is frowned upon)
(3) any other suggestions?
Thanks *very* much to those who have a moment to reply to this
paranoid.
--
jdemarco@netcom.com
------------------------------
From: lane@wsgs07.lngs.infn.it (Charles Lane)
Date: 22 Mar 95 10:02:49 EST
Subject: Re: Proving your Citizenship
dpbsmith@world.std.com (Daniel P. B. Smith) writes: The concept
that I have to "prove my citizenship" disturbs me greatly. The
current situation is that I don't think I have any difficulty
"proving my citizenship," but that's only because nobody is
seriously interested in challenging it. [...] The basic question I
have is: I have a "birth certificate," but how do I "prove" that
that birth certificate is actually _my_ birth certificate if
anybody decides to challenge it? The piece of paper I currently
present as my birth certificate was obtained by placing an order
over the telephone with the City of New
And some people don't even have that. My mother doesn't have a birth
certificate; she was born at home (a farm in Kansas). I don't know
whether it was a problem of not having a doctor in attendance, or the
county courthouse burnt down, but when she went to get a passport she
had to have family members swear affidavits that she actually was born
on such-and-such a date at such-and-such a place.
According to the constitution, you're a citizen if you're born in the
US. Period. And unless there's manditory imprisonment for pregnant
women to make sure that the child has the right "papers", there will
always be undocumented births.
--
Chuck Lane "I wish to God these calculations
Drexel Univ. Particle Physics had been accomplished by steam."
lane@duphy4.physics.drexel.edu --C. Babbage
------------------------------
From: msmithn@129.174.1.13 (Mara Smith)
Date: 23 Mar 1995 15:40:11 -0500
Subject: Re: Proving your Citizenship
John Stanley <stanley@skyking.OCE.ORST.EDU> wrote: There are
millions of Americans who cannot prove US citizenship. They were
born in Canada, Mexico, Chile, Brazil ... In fact, any
{North|South} American country that wasn't the USA.
It doesn't even take being born in a foreign country; all it takes is a
little ignorance.
I was born in Puerto Rico, a U.S. commonwealth whose citizens are U.S
citizens, to U.S. citizen parents who were in the U.S. military
assigned at a U.S. military base in Puerto Rico. That wasn't good
enough to prove my citizenship at a SSN office. So I handed over my
military I.D. card--I was active duty at the time. THAT wasn't good
enough--the SSN office employee did not know you had to be a citizen to
serve in our military and I had no luck trying to convince her. She
insisted on a passport--those are easily forged--or a birth
certificate.
Yes, unfortunately, a little ignorance goes a long way in hindering
someone trying to prove their citizenship. Perhaps my maiden name of
Garcia added to her confusion--I'd hate to believe that one. No, I
prefer to believe she was ignorant and stupid since she didn't even
know enough to perform her job satisfactorily.
------------------------------
From: arobson@Gateway.Uswnvg.COM (Andrew Robson)
Date: 23 Mar 1995 00:04:18 GMT
Subject: FCC Backs Off on Caller ID Ruling
Organization: U S WEST NewVector Group, Inc.
The following item appeared in the 3/17/95 "Daily_Summary" on the FCC's
server at fcc.gov:
CALLER ID. Effective March 17, stayed effectiveness of Sections
64.1601 and 64.1603 of the Commission's rules in the matter of
Rules and Policies Regarding Calling Number identification Service
-- Caller ID. (CC Docket 91- 281 by Order [FCC 95-119] adopted
March 17 by the Commission)
It would appear that they are backing away from their agressive
positions on transport and blocking of Calling Line IDentification
information. The full text of the order was not yet posted.
--
Andy
------------------------------
From: gordon@sneaky.lonestar.org (Gordon Burditt)
Date: 23 Mar 95 23:55 CST
Subject: Re: FTC Alert
Organization: /usr/lib/news/organi[sz]ation
Would effectively kill the rapidly growing "checks by phone"
industry,
The "checks by phone" industry, and related electronic funds transfers,
deserves to be killed if it doesn't clean up its act. I rate it
slightly better than the "airplane" pyramid scam or posting plaintext
credit card numbers on the net in consumer-friendliness. I'd have
problems with trusting in a vendor who asks for payment this way even
if I was paying under the terms: cash 5 years after warranty expires.
>From misc.consumers, the effect of many automatic withdrawl or even
*DEPOSIT* setups is to give the company a permanent hook into the
account. If the consumer wants to terminate the agreement and the
company doesn't, often the only practical recourse the consumer has is
to close the account. The bank just says "talk to the company".
Even automatic deposit isn't safe. It has happened several times, as
reported on misc.consumers, that a company decides to fire a
consultant, takes the last several payments back as a "mistake", and
then notifies the consultant he's fired. He's out pay for a couple of
months work that he actually performed and was paid for. If there is a
dispute over the quality of work and the company was stupid enough to
pay for work not performed, it should have to sue the consultant, not
vice versa.
Another danger of automatic deposit I have personally experienced
several times is that the company makes a REAL mistake, say, in the tax
schedules, or insurance deductions, gives employees a paycheck stub,
and the employees record this in their checkbooks. Then they write
checks. The company figures out its mistake, withdraws $100, and then
TWO DAYS LATER notifies the employees. Meanwhile, checks are
bouncing. Not any of mine, but only through luck. I think the company
should either ask for $100 back, or make the correction on the next
paycheck.
Fraud associated with checks by phone is less than with credit
cards.
How do you measure this? Does it adequately count instances where the
consumer simply gave up trying to dispute one of these checks,
particularly one that comes in a month after the service involved was
supposed to be shut off, and they run out of options. Some industries
have a lot of venders who (health clubs in particular are mentioned a
lot, and increasingly, Internet Services Providers and online services)
simply don't process cancellations, or perhaps they expect the unborn
offspring of their pregnant employees to deal with them. These
probably get classified as "clerical error" but it's obvious the
companies aren't doing much to stop it.
Any consumer can take a check to his or her bank and, since
consumer's signature is not on check, have the check kicked back to
the bank it was originally deposited in and have their account
credited.
If this is the current law, someone needs to inform the banks.
Otherwise, it needs to be the law. What is the magic incantation
required to get them to kick back the check? Please post this to
misc.consumers. A consumer should be able to have the check kicked
back to the bank within a reasonable time (my bank seems to allow 60
days after sending your statement to protest errors; this seems
reasonable) if they didn't sign it. Excuses like "you authorized it",
even if true, should be irrelevant. Of course, if you really owe the
money, the company can sue or try to collect directly or through a
collection agency, but that's not the bank's problem. Settle it
through negotiation, arbitration or in court.
It should also be a very easy procedure to tell the bank "even though I
authorized automatic periodic withdrawls (or deposits) from this
company, (even if it was in writing) I want to cancel this
authorization". The bank should not be able to say NO. They can
insist on having the cancellation in writing if they want. The
consumer should not have to go through a monthly ritual of begging and
pleading to get a check kicked back, with the bank and the company each
saying to talk to the other.
The FTC must demonstrate why checks over the phone must require
prior written authorization from consumers [which would effectively
negate its usefulness] while allowing credit card purchases by
phone without prior written authorization.
Prior written authorization is a bit strong, but if the consumer's
absolute right to kick back unsigned checks and cancel authorizations
for automatic transfers can't be enforced, it's needed. It shouldn't
have to come to that, though.
--
Gordon L. Burditt
sneaky.lonestar.org!gordon
------------------------------
From: ACLU Information <infoaclu@aclu.org>
Date: 23 Mar 1995 14:45:05 -0500
Subject: "Communications Decency Act" Update
Senate Committee Backs Cyber Censorship, and Imposes Criminal Penalties
WHAT JUST HAPPENED
The Senate Commerce Committee adopted late this morning a modified
version of the Exon bill, the so-called "Communications Decency Act"
(originally introduced as Senate Bill 314). Senator Slade Gorton
(R-WA), who had cosponsored S. 314 with Senator James Exon (D-NE),
proposed the amendment in Exon's absence. It was adopted on voice vote
as an amendment to the Telecommunications Competition and Deregulation
Act of 1995.
The amendment would subject on-line users to scrutiny and criminal
penalties if their messages were deemed to be indecent, lewd,
lascivious or filthy -- all communications that are protected by the
Free Speech Guarantees of the First Amendment to the United States
Constitution. Although protecting children from pornography is its
most often cited rationale, this is really a "bait and switch" with
your rights at stake. Note that the amendment in fact goes way beyond
child pornorgaphy. It's like the opponents of TV violence who first
said children should be protected and then made "Murder She Wrote" with
Angela Landsbury their number one target. Or like the censors who
banned "Huckleberry Finn," "Where's Waldo?" and even Webster's
Dictionary (it has "bad" words in it, after all). The Exon/Gorton
Amendment would invite active interference in the basic speech of
everyone using any telecommunication device -- simply because some
government bureaucrat somewhere thought the speech was indecent or
lascivious.
All senators on the committee had been informed that the Exon/Gorton
amendment would violate the Constitution, assault the liberties of net
users, stifle development of new technologies (many of which offer
greater choice and control by all users -- including parents), and
spawn expensive litigation -- while not succeeding at reducing access
by children to pornography. A coalition of civil liberties
organizations -- including the ACLU -- and numerous commercial
companies warned against adopting the Exon/Gorton amendment, which
originally would also have made all online service providers (in fact,
anyone transmitting an offensive message) criminally liable.
Some commercial companies offered Exon and Gorton language exempting
themselves from liability while still letting their subscribers be
prosecuted. Today Senator Gorton said that the amendment had been
modified to exempt those merely "transmitting" the message. The
amendment would, however, still cover anyone who originates a message
deemed indecent, lascivious etc.
WHAT YOU CAN DO
1. Contact the senators from your state, and all senators on the
Commerce Commitee expressing your disappointment with this morning's
action. Thank Senate Commerce Committee Chairman Larry Pressler (R-SD)
for not including the Exon/Gorton amendment in his proposed bill, and
urge him to support action on the Senate floor to remove the anti-cyber
amendment.
2. Contact your online service providers and ask them what they have
been doing about this Exon/Gorton assault on your liberties. Some
providers are still standing up for your rights; others may not
have.Urge them, not to support any legislation that protects them, but
violates your free speech rights. Urge them to oppose the modified
Exon/Gorton amendment.
3. Contact all the other senators and urge them to support deletion of
the Exon/Gorton amendment when the bill comes to the Senate floor.
4. Stay tuned for further information and action items for both House
and Senate.
The American Civil Liberties Union is a nationwide, nonpartisan
organization of over 275,000 members. Now in its 75th year, the ACLU
is devoted exclusively to protecting the civil liberties guaranteed by
the Constitution and the Bill of Rights, whereever these liberties are
at risk--in a bookstore, in school, on the street, in cyberspace,
wherever. The ACLU does this through legislative action, public
education and litigation.
Send your letter by e-mail, fax, or snail mail to:
Senator Larry Pressler, S.D. Chairman, Committee on Commerce, Science,
and Transportation SR-254 Russell Senate Office Building Washington,
DC 20510-6125 (202) 224-5842 (phone) (202) 224-1259 (fax of Commerce
Committee) e-mail: larry_pressler@pressler.senate.gov
To maximize the impact of your letter, you should also write to the
members of the Senate Commerce Committee and to your own Senators.
Majority Members of the Senate Commerce Committee
Senator Bob Packwood, Ore. SR-259 Russell Senate Office Building
Washington, DC 20510-3702 (202) 224-5244 (phone) (202) 228-3576 (fax)
Senator Ted Stevens, Alaska SH-522 Hart Senate Office Building
Washington, DC 20510-0201 (202) 224-3004 (phone) (202) 224-1044 (fax)
Senator John McCain, Ariz. SR-111 Russell Senate Office Building
Washington, DC 20510-0303 (202) 224-2235 (phone) (202) 228-2862 (fax)
Senator Conrad Burns, Mont. SD-183 Dirksen Senate Office Building
Washington, DC 20510-2603 (202) 224-2644 (phone) (202) 224-8594 (fax)
Senator Slade Gorton, Wash. SH-730 Hart Senate Office Building
Washington, DC 20510-4701 (202) 224-3441 (phone) (202) 224-9393 (fax)
e-mail: senator_gorton@gorton.senate.gov
Senator Trent Lott, Miss. SR-487 Russell Senate Office Building
Washington, DC 20510-2403 (202) 224-6253 (phone) (202) 224-2262 (fax)
Senator Kay Bailey Hutchison, Tex. SH-703 Hart Senate Office Building
Washington, DC 20510-4303 (202) 224-5922 (phone) (202) 224-0776 (fax)
e-mail: senator@hutchison.senate.gov
Senator Olympia J. Snowe, Maine SR-174 Russell Senate Office Building
Washington, DC 20510-1903 (202) 224-5344 (phone) (202) 224-6853 (fax)
Senator John Ashcroft, Mo. SH-705 Hart Senate Office Building
Washington, DC 20510-2504 (202) 224-6154 (phone) (202) 224-7615
Minority Members of the Senate Commerce Committee
Senator Ernest F. Hollings, S.C. SR-125 Russell Senate Office
Building Washington, DC 20510-4002 (202) 224-6121 (phone) (202)
224-4293 (fax)
Senator Daniel K. Inouye, Hawaii SH-772 Hart Senate Office Building
Washington, DC 20510-1102 (202) 224-3934 (phone) (202) 224-6747 (fax)
Senator Wendell H. Ford, Ky. SR-173A Russell Senate Office Building
Washington, DC 20510-1701 (202) 224-4343 (phone) (202) 224-0046 (fax)
e-mail: wendell_ford@ford.senate.gov
Senator J. James Exon, Neb. SH-528 Hart Senate Office Building
Washington, DC 20510-2702 (202) 224-4224 (phone) (202) 224-5213 (fax)
Senator John D. (Jay) Rockefeller IV, W. Va. SH-109 Hart Senate Office
Building Washington, DC 20510-4802 (202) 224-6472 (phone) (202)
224-1689 (fax)
Senator John F. Kerry, Mass. SR-421 Russell Senate Office Building
Washington, DC 20510-2102 (202) 224-2742 (phone) (202) 224-8525 (fax)
Senator John B. Breaux, La SH-516 Hart Senate Office Building
Washington, DC 20510-1803 (202) 224-4623 (phone) (202) 224-2435 (fax)
Senator Richard H. Bryan, Nev. SR-364 Russell Senate Office Building
Washington, DC 20510-2804 (202) 224-6244 (phone) (202) 224-1867 (fax)
Senator Byron L. Dorgan, N.D. SH-713 Hart Senate Office Building
Washington, DC 20510-3405 (202) 224-2551 (phone) (202) 224-1193 (fax)
You can also write or fax your own Senator at:
The Honorable ______________________ U.S. Senate Washington, D.C. 20510
Senate directories including fax numbers may be found at:
gopher://ftp.senate.gov:70
gopher://una.hh.lib.umich.edu:70/0/socsci/polscilaw/uslegi
Additional information about the ACLU's position on this issue and
others affecting civil liberties online and elsewhere may be found at:
gopher:\\aclu.org:6601 OR request our FAQ at infoaclu@aclu.org
--
ACLU Free Reading Room | American Civil Liberties Union
gopher://aclu.org:6601 | 132 W. 43rd Street, NY, NY 10036
mailto:infoaclu@aclu.org| "Eternal vigilance is the
ftp://ftp.pipeline.com | price of liberty"
------------------------------
From: gitm@netcom.com (Ghost in the Machine)
Date: 22 Mar 1995 18:40:16 GMT
Subject: Crypto 101: Chapter I: Mail
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
This is a file I wrote for an e-zine of mine, and a friend suggested it
was good enough for mass dissemination, so here it is. Note, this is very
long (60k) and since I know that will bother some of you, I am warning
you ahead of time.
[...]
[moderator, this file is too long to post here, it can be found in the
CPD archive. It is worth reading for those who are interested in the
material.]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #029
******************************
.