Date: Wed, 26 Jul 95 15:06:10 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#007
Computer Privacy Digest Wed, 26 Jul 95 Volume 7 : Issue: 007
Today's Topics: Moderator: Leonard P. Levine
Re: Social Security Number Abuse by Employer
Texas Driver's License
Re: Toyr-R-Us Phone Number Request
Re: Toyr-R-Us Phone Number Request
Re: Social Security Number Abuse by Employer
Re: Social Security Number Abuse by Employer
Defeating Signature Scans by Sears
Kuwait: Telephone Pests Arrested
The Information Culture
New 8 Mb Smart Cards
Re: Question about 'fingering...'
The cost of Privacy
Re: No Second Chance
This Week's Free Online Privacy Article
International Internet NewsClips
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: sarig@teleport.com (Scott Arighi)
Date: 23 Jul 1995 17:42:08 GMT
Subject: Re: Social Security Number Abuse by Employer
Organization: Teleport - Portland's Public Access (503) 220-1016
sarig@teleport.com (Scott Arighi) noted: Although not a legal
point, I found that my bank would allow *anyone* with my checking
account no. and my SS. no. to find out my bank balance -- which I
view as a rather private matter. Now use a password on the
account in addition to the numbers. In your case, it sounds like
wmcclatc@internext.com (Bill McClatchie) wrote: This is kind of
redundant since most people have their SSN's on the check already.
Perhaps people in other areas of the country put their SSN on their
checks as a routine matter, but I don't get more than 1-2% of the
personal checks that I receive in my business that have the SSN on
them.
--
Regards.
Scott Arighi
------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: 23 Jul 1995 14:44:34 -0700 (PDT)
Subject: Texas Driver's License
I just went to have my driver's license renewed in Texas. I had to
provide both right and left thumbprints. Does every state do that?
--
Mary Jo Bruce, M.S., M.L.S.
Sunshine@netcom.com
------------------------------
From: Kajae@aol.com
Date, 24 Jul 1995 02:23:16 -0400
Subject: Re: Toyr-R-Us Phone Number Request
WELKER@a1.vsdec.nl.nuwc.navy.mil writes: Anybody out there shared
the experience of having Toys-R-Us ask for your phone number before
ringing up the sale, regardless of whether cash/check/charge?
Yeah, first hand, as a matter of fact. At the Toys-R-Us where I work,
the store management sometimes reprograms the registers to require
getting the zip code from the customer. Management's explanation was
that since there were two other Toys-R-Us stores within twenty miles,
plus the fact that there were several other stores (Meijer, Target,
Baby World, Sports Authority, Service Merchandise, and Wallmart among
others) that compete with us in that same radius, they wanted to know
how far their customers came in order to shop at our particular store.
*Exactly* why they wanted to know that still remains a mystery (does
any other business learn anything from Radio Shack?)
They say it's for market survey purposes. The clerk was quite
surprised at the tone of voice in my refusal.
Probably on the verge of tears is more like it. Customers who go to
our or any other store may not know (or care) how user-unfriendly even
the most up-to-date cash registers are, especially when they're
programmed to do something that isn't entirely necessary.
I happen to know that the registers we're using now will not let the
cashier complete the transaction (whether it be cash, check, or charge)
without getting all of the information it's programmed to ask for -
regardless of whether the customer wants to part with it or not. If
the register isn't set up to let the cashier skip the marketing part of
the transaction, a Department Head or DKC (Designated Key Carrier)
would need to be called in order to manually override the prompt.
Naturally, doing this takes longer than either getting valid
information or just entering jibberish - much to the chagrin of the
cashier as well as the two dozen people in line behind you.
However, you'll all be happy to know that at my particular store (and
perhaps a few others) the managers have figured out (finally) how to
program the registers so that the cashiers can skip the little add-ons
like zip codes and phone numbers simply by pressing the "Enter" key
when prompted for the info. The information-conscious among us can
bring this to the attention of the cashier and/or management the next
time this happens to them.
On a personal note: Always having to stop and ask (or argue with) the
customers for their additional personal info always slowed me down (and
as a reader of this group I also saw their point) so every time I was
prompted for the zip code, I just entered the zip code of the store.
Considering what that did to their survey, all parties concerened felt
I would be happier building bikes in the back of the storeroom - where
no one's right to privacy would be infringed upon... ;j
--
Karl Jackson Kajae@aol.com
"Always be nice to your cashier. No matter how long
you've been waiting in line, they've been there longer!"
------------------------------
From: DLEUCHT@ccmail.gsfc.nasa.gov (David K. Leucht)
Date: 25 Jul 1995 12:07:18
Subject: Re: Toyr-R-Us Phone Number Request
Organization: NASA Goddard Space Flight Center -- Greenbelt, Maryland USA
WELKER@a1.vsdec.nl.nuwc.navy.mil writes: Anybody out there shared
the experience of having Toys-R-Us ask for your phone number before
ringing up the sale, regardless of whether cash/check/charge? They
say it's for market survey purposes. The clerk was quite surprised
at the tone of voice in my refusal.
Haven't purchased from TRU recently, but Service Merchandise requests a
phone number. SM has apparently purchased the phone list for our area.
I once gave them the phone number and to my surprise, my name and home
address appeared on the clerk's terminal screen. My guess is SM is
using the purchase data to construct purchasing profiles of customers;
the most likely current use is to determine catalog shipping lists, but
one can only wonder what other uses they have for it.
Needless to say, I no longer acknowledge possession of a telephone to
*any* commercial enterprise.
-----------------------------------------------------------------
David K. Leucht Internet: dleucht@ccmail.gsfc.nasa.gov
Guidance and Control Branch Voice: (301) 286-4460
NASA/Goddard Space Flight Center FAX: (301) 286-1718
Code 712.1
Greenbelt, MD 20771
-----------------------------------------------------------------
------------------------------
From: jcr@mcs.com (John C. Rivard)
Date: 25 Jul 1995 15:17:59 -0500
Subject: Re: Social Security Number Abuse by Employer
Organization: very little
wmcclatc@internext.com (Bill McClatchie) wrote: This is kind of
redundant since most people have their SSN's on the check already.
I hope you are joking. You actually have your SSN printed on your
check?
Do you also include all your credit card numbers, with their expiration
dates? Might as well.
--
John C. Rivard � <jcr@mcs.com> Opinions expressed yadda yadda--you know the drill
------------------------------
From: berczuk@glendower.mit.edu (Steve Berczuk)
Date: 1995 20:32:26 GMT
Subject: Re: Social Security Number Abuse by Employer
Organization: MIT Center for Space Research
wmcclatc@internext.com (Bill McClatchie) writes: This is kind of
redundant since most people have their SSN's on the check already.
Actually no they don't; Though I have wondered why it seems to be the
practice in some parts of the country to have the SSN imprinted on the
check. Pretty scary considering that with a SSN , and checking acct #
you can fill out a credit card application. in MA, it's illegal to
require anything other that name/address driver's license number and a
phone number on the check. (though if you DL # is the same as your SSN
that's another problem; though it can be corrected..)
--
Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research
Phone: (617) 253-3840 | 37-561
Fax: (617) 253-0861 | Cambridge MA 02139
--
---
Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research
Phone: (617) 253-3840 | 37-561
Fax: (617) 253-0861 | Cambridge MA 02139
------------------------------
From: Paul Robinson <paul@TDR.COM>
Date: 26 Jul 1995 14:37:29 EDT
Subject: Defeating Signature Scans by Sears
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Those of you who prefer not to have your signature scanned by Sears or
other such places now have a method without requiring you make a scene
or cause a problem.
First, call your credit card company (or Sears) and tell them you need
a replacement card. Explain to them what do they think happens if a
clerk places your card on the pad that says, "Do not put bank, atm or
credit cards here." They will understand, and send you another card.
Now, once you have the replacement, either take that one, or the other
one, and demagnetize it for real. (The reason for using the above
explanation is to allow you to ask for a new card without demagnetizing
yours until you have a replacement, and without lying to them.)
Now, when Sears wants to scan your signature, hand the clerk the
demagnetized card.
The card will not scan. The clerk will therefore use the addressograph
charge-slip imprinter ("Slide rack") to create an actual tissue of the
transaction. The cash register does not ask for signature when the
card cannot be scanned.
The meaning of this:
1. Sears gives you back the receipt you signed when signature imaging
is used.
2. The image of your signature is only taken to correspond to a
transaction you have made.
3. The clerk has no access to anything you signed if your card scans
and your signature is imaged.
4. If the card does not scan, Sears does not take the image of your
signature.
Which leads to the conclusion (my interpretation):
Sears takes an image of a signature for one reason, and only one: to
have an electronic image of the transaction for processing, so as to
reduce the amount of paper they have to generate or process.
So if you really do not want to leave a scanned signature with them,
here's a way to do so. I found this out when the mag strip on the
Discover Card I had didn't work, so this time they did not ask for my
signature on the pad.
I think it's a great idea, since there isn't even a carbon that would
need to be thrown away, and I have no problems with Sears scanning
signatures including mine. Other people may disagree, and that's what
this message is designed to assist, those who do not want to have their
signature imaged but don't want to be considered a "troublemaker."
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 24 Jul 95 14:29:08 EDT
Subject: Kuwait: Telephone Pests Arrested
Taken from the Reuters news wire via CompuServe's Executive News Service:
RTw 07/23 0201 Kuwait's phone pests nabbed
KUWAIT, July 23 (Reuter) - Kuwaiti authorities disconnected 4,288
telephone subscribers for making obscene or nuisance calls in the
first six months of 1995 and referred 1,698 of them to police for
investigation, newspapers reported on Sunday.
About 3,000 telephone lines were monitored in the period to enable
abusive callers to those numbers to be traced, the English-language
Kuwait Times and Arab Times quoted Ministry of Communication official
Adel al-Ibrahim as saying
The article makes the following key points:
o Several arrests for phone tapping, "carried out by people of low
morality or delinquents."
o "[A]ffluent young men ... bug cordless phones with expensive
surveillance gadgets."
M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA)
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 25 Jul 95 06:17:38 EDT
Subject: The Information Culture
Taken from the German Press Agency news wire via CompuServe's Executive
News Service; translated by MK with the help of Power Translator Deluxe
1.0 from Globalink Inc:
dpa 95.07.18 10:33
Wissenschaftler fordern "Informationskultur" im Datennetz
Bonn (dpa) - Die rasante Entwicklung in der Telekommunikation
mus nach Ansicht von Informatik-Experten eine neuen Form der
"Informationskultur" zur Folge haben.
Translation:
Scientists demand "information culture" in the data network
Bonn (German Press Agency) - The rapid development of
telecommunications will lead to an "information culture,"
according to an informatics expert.
The article makes the following points:
o At a conference in Bonn on Tuesday (18 July), Professor Wolfgang
Glatthaar warned of insufficient research on the effects of the
growing data superhighway
o Professor Glatthaar said that the population must be prepared at
all levels of education - especially adult education - for the
new technology. "The use of electronic media will be equivalent
to today's reading, writings and calculating for every
profession and activity.", said Glatthaar.
o Glatthaar argued for international agreements to cover
responsibility for the quality of information posted to the Net.
o He argued against anonymous communications, pseudonyms and
deliberate disinformation campaigns.
o Frankfurt computer scientist Hans Schussler said that current
copyright laws are inadequate to protect the privacy and security
of intellectual property.
o Werner Schmidt, a commissioner in the Bundesbeauftragten fur den
Datenschutz (League for Data Protection), called on industry to
create internationally binding guarantees for users. It is already
technically possible now, he said, to enforce identification and
authentication for all users of data networks.
M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA)
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 25 Jul 95 06:45:15 EDT
Subject: New 8 Mb Smart Cards
>From the German Press Agency news wire via CompuServe's Executive News
Service; translated by MK with the help of Power Translator Deluxe 1.0 from
Globalink Inc:
Siemens entwickelt Chipkarte als CD-Ersatz
Copyright dpa, 1995
Munchen (dpa) - Die Siemens AG (Berlin/Munchen) entwickelt
eine eine Mini-Chipkarte als Ersatz fur die Compact Disc (CD).
Bei der sogenannten MultiMediaCard, die kleiner als ein
Scheckkarte ist, konnen Informationen, wie etwa Software,
Nachschlagewerke, Reisefuhrer oder Spiele, Musik oder sogar
Photos gespeichert werden. "Tausend CDs als Chipkarten in
einer Zigarrenschachtel sind moglich," hies es am Mittwoch aus
dem Hause Siemens.
Translation:
Munich (German Press Agency) - The Siemens INC (Berlin/Munich)
is developing a Mini-Smart-Card as a substitute for the Compact
Disc (CD). The MultiMediaCard, which is smaller than a credit
card, can store information such as software, reference books,
guides or games, music or even photos. "Thousands of CDs could
fit in a cigar box using Mini-Smart-Cards," announced Siemens
on Wednesday (19 July).
Key points of interest to security professionals:
o No moving parts, minimal power consumption; could be powered by
solar cells.
o Prototypes and first model using ROS (Record on Silicon)
technology hold 8 Mb; expect 64 Mb after 1997.
[Comments from MK: this technology will boost the utility of smart
cards in many fields, including medical informatics. Availability of
extensive storage capacity will allow better identification and
authentication techniques such as high-quality voice recognition to
reside in access tokens.]
--
M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA)
------------------------------
From: leec@xmission.com (Lee Choquette) (by way of leec@xmission.com (Lee Choquette))
Date: 25 Jul 1995 08:53:54 -0700
Subject: Re: Question about 'fingering...'
Organization: XMission Internet (801 539 0900)
grifter@dircon.co.uk (David Griffiths) wrote: Sorry if this is the
wrong place to ask, but I have heard about a system called
'fingering', which I understand is a way of snooping across an
individual's activities on the net. Can this be true? I would be
very unhappy to think that somebody could be monitoring my every
move. Thanks in advance.
Don't worry, you have to cooperate to be 'fingered.' To get any
information at all about you through the finger command, you have to
have a finger daemon (aka finger server) running on *your* computer.
You can set up this finger daemon to do whatever you want, but they
typically show whether you're logged on or not. If you provide your
phone number or other information, they display that, too. Some
computers actually tell you what programs the people logged in are
running, but yours isn't one of them. You may be happy to know that
your computer (dircon.co.uk) gives me no information at all.
--
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . Lee Choquette . . . . . . . .http://www.xmission.com/~leec/ . . . .
. . leec@xmission.com . . . . I love work. I could watch it all day. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
------------------------------
From: rdurie6@ibm.net
Date: 25 Jul 95 13:48:56
Subject: The cost of Privacy
I just got a call today from our friends at Bell Atlantic and they
wanted to know if I want Caller ID. I said no, and went into my usual
about the invasion of privacy when they told me that for an additional
$3.00 per month I could stop my number from being given out. Not only
do they sell my phone number which I have not agreed to but now they
want me to pay to keep my information private. Boy isn't this a
wonderful world!
--
Robert Durie
------------------------------
From: berczuk@glendower.mit.edu (Steve Berczuk)
Date: 25 Jul 1995 20:41:32 GMT
Subject: Re: No Second Chance
Organization: MIT Center for Space Research
anonymous writes: Being a recovering alcoholic I was saddned to
learn that I have been *branded* by the insurance industry for
having elected to enter a drug rehab a few years ago. It seems
their records show I have a pre-existing condition and therefore am
a high-risk.This makes it most difficult to obtain insurance; and
worse, any employer whom may provide insurance will be made aware
of my past drinking and God knows what else.(they have detailed
records of my 35 day hospital stay, I saw it)
Alas the problem with this is that you may not be able to get your own
insurance for the same reason, and if you can, often coverages provided
by group policies that you can get through your employer are not
available for non-group policies...
There was a news item recently in MA about folks with histories of
being abused by spouses being denied insurance. There have been similar
issues around folks who have ever had psychotherapy...
This brings up an interesting problem: wouldn't common sense make you
think that someone who sought out treatment for a problem would be
*less of a risk* that someone who had not... I imagine that the
problem is that insurers can't make judgements about a hidden
affliction, but by taking positions like this it would seem that there
is a greater likely hood of folks keeping avoiding treatment for too
long...
that discussion is perhaps beyond the scope of this group,but better
controls on access to and use of medical history might be a way to get
at this.
--
Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research
Phone: (617) 253-3840 | 37-561
Fax: (617) 253-0861 | Cambridge MA 02139
------------------------------
From: invis@ix.netcom.com (Duane Pitlock)
Date: 25 Jul 1995 20:35:23 GMT
Subject: This Week's Free Online Privacy Article
Organization: Netcom
This weeks FREE ONLINE PRIVACY ARTICLE can be accessed by emailing
Privacy-Article@Mailback.com, no need to put anything in the SUBJECT or
BODY of your message.
The Article will automatically be sent to your computer,
instantaneously.
------------------------------
From: cpsr-global@Sunnyside.COM
Date: 24 Jul 1995 01:28:42 -0700
Subject: International Internet NewsClips
Taken from CPSR-GLOBAL Digest 203 [moderator: I have trimmed away
items that do not seem to relate to privacy.]
Date: 23 Jul 1995 17:27:31 -0600
From: marsha-w@uiuc.edu (Marsha Woodbury)
Subject: (@) "International Internet NewsClips" ....
Hello folks -
Here are excerpts from this week's edition of my weekly
column, "International Internet NewsClips." You can find the full
column plus archives (as well as book reviews) at the MecklerMedia
Web site (http://www.mecklerweb.com) under the Net Day section.
Happy reading! Questions, comments, feedback, translations
from other languages, etc. most welcome as always -
madan
Madanmohan Rao Phone: (212) 963-1175
Communications Director Fax: (212) 754-2791
Inter Press Service E-mail: rao@igc.org
Room 485, United Nations, New York
------------------------------------------------------------------
Concern About Online Sex And Violence Grows In Australia
--------------------------------------------------------
Concern about sex and violence on online services and BBSs has
led the Federal Government to seek public comment on draft
legislation regulating online content. Questions remain as to how
to apply obscenity laws to service providers who knowingly or
unwillingly have "objectionable" content on their services. Several
approaches are under consideration - self-regulation according to
standards developed by consensus with community sentiment, offense
provisions, and educational strategies for schools and parents. It
is not clear, however, how intermediate agents such as Internet
access providers, gateways and database replicators will fare under
some of these provisions.
(Sydney Morning Herald, Australia; July 18-24, 1995)
Internet Usage Records Raise Privacy Concerns
---------------------------------------------
Many Internet users fear that individuals could face public
humiliation, harassment, or damage their careers if some
information about their Internet usage patterns became public.
Though information about individual behaviour has always been
collected, the tremendous breadth and depth of information about
Internet usage raises new concerns. "People need to be fully
informed about how the data on each site are being collected, and
how their privacy is being protected," according to Ann Bishop, a
library science professor.
(Chronicle Of Higher Education; July 21, 1995)
Porn Issue Sparks Largest Internet Mobilization
-----------------------------------------------
The response of the Internet community to allegations of
rampant online pornography may be "the largest mobilisation yet on
the Internet over a current event." Internet users have made "a
practical crusade" out of investigating the study's author and
debunking its conclusions. For instance, it appears that Martin
Rimm has a history of conducting research in which the results are
criticised but that leads to government action, such as his earlier
study on gambling in New Jersey. The World Wide Web pages at
http://www2000.ogsm.vanderbilt.edu/cyberporn.debate.cgi have useful
information on such issues.
(Knight-Ridder Business News; July 15, 1995)
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #007
******************************
.