Date: Tue, 05 Sep 95 11:17:02 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#019
Computer Privacy Digest Tue, 05 Sep 95 Volume 7 : Issue: 019
Today's Topics: Moderator: Leonard P. Levine
Re: Fair Credit Reporting
Social Security Number Linking
Find People Fast
Signatures
Re: Credit Reports and Identifying Information
Telcos and Privacy
Re: Computer Privacy Digest Outrage
Re: Computer Privacy Digest Outrage
Re: Computer Privacy Digest Outrage
Re: PharmaNet - Abortion Drugs
Info on CPD [unchanged since 08/01/95]
----------------------------------------------------------------------
From: "L. Jean Camp" <lc2m+@andrew.cmu.edu>
Date: 31 Aug 1995 13:49:46 -0400 (EDT)
Subject: Re: Fair Credit Reporting
Here is my understanding:
The Fair Credit Reporting Act codifies the principles of the Code of
Fair Information Practice to apply to credit reporting agencies.
Unfortunately, the courts have determined that this act applies only to
those agencies which provide credit reports as their primary business
function . This means that financial information given to credit card
companies, banks and other institutions can be freely traded without
consumer knowledge or consent. The Fair Credit Reporting Act has
prevented the proliferation of private credit guides which contain
information on individuals; and has allowed only a bad-check list which
contains encoded information such as address and last name whereby
identifying the individual without their check is not feasible.
And for your friend's case:
In fact , the courts have ruled that, "The Act clearly does not provide
a remedy for an illicit or abusive use of information about consumers"
(Henry v. Forbes). This ruling has almost been destroyed by later
decisions; however, the law still reads that if one obtains a report
with frankly illegitimate reasons the Fair Credit Reporting Act would
not apply.
I believe this part of the ruling still stands: if some one lies to a
credit agency the agency has no repsonsibility.
--
Jean
------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: 31 Aug 1995 18:57:52 -0700 (PDT)
Subject: Social Security Number Linking
I phoned the number in a customer service rep job ad in the paper to
get info for a friend. The phone was answered electronically, and I
was asked to enter a SSN. If you didn't you were cut off at the pass.
I called back and used my own SSN. A rep came online. He began a
spiel that included all sorts of personal info about me including my
name, address, phono, current job, and such like, which he needed to
"verify." He seemed amazed that I was upset. He said he had taken
hundreds of calls that day, and nobody else cared. I asked where he
got the information about me, given that I had no relationship with his
firm. He hung up on me.
--
Mary Jo Bruce, M.S., M.L.S.
Sunshine@netcom.com
------------------------------
From: schbbs!PHSSMPC2!shourc@uunet.uu.net (Robert C. Shouse)
Date: 01 Sep 1995 13:17:48 GMT
Subject: Find People Fast
Organization: MOTOROLA
There's a service out of California called Find People Fast. They have
an 800 number that you can get from directory assistance (800 555
1212). If you have someones ssn they can find them literally in a
matter of seconds. They also do searches based upon last name last
address etc.
--
Robert C. Shouse
------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: 02 Sep 1995 20:02:59 -0700 (PDT)
Subject: Signatures
Recently I went on a trip. In a small town, I bought a used laptop,
paying with my credit card. I was surprised when I was led into a
small room to a signature capturing device - what is the proper name
for them? The space allotted to me for my signature was too small for
me. I created a signature entirely different from my real one and
waited for trouble. A couple of minutes later the machine began to
purr and the authorization for the charge went through. I asked the
store owner if anybody ever was rejected on the basis of his/her
signature. He said they were not ready to do that yet, but he had been
told it was the next step. From what he said, I gathered that credit
card companies are now collecting signatures from members for
analysis. He seemed fascinated by the equipment and believed it would
eventually protect him - from people like me (strangers). He thinks it
will shift responsibility from him to the credit card company.
--
Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com
------------------------------
From: Nightwolf <N-wolf@cris.com>
Date: 03 Sep 1995 11:45:46 -0400 (EDT)
Subject: Re: Credit Reports and Identifying Information
Organization: Concentric Internet Services
Steve Berczuk wrote: 3) Aside from esthetic considerations, how
important is information like "previous addresses and "Also know
as" (or relatedly spouses first name-- credit bureaus seem to not
be able to handle "spouses first & last name")?
One other detail which all three of the credit bureaus appear totally
unable to handle, is a person with more than one valid current
address. I prefer to use a post office box for as much of my mail as I
can. Even my utility bills and my car registration are mailed to me at
that address. As a direct result of this, I have noticed that all
three of the credit reporting services list my current home address as
being my former home address. How any of them think that I am able to
live at a post office is a fascinating question!
--
Nightwolf
N-wolf@cris.com
------------------------------
From: Peter Marshall <rocque@eskimo.com>
Date: 04 Sep 1995 21:17:44 GMT
Subject: Telcos and Privacy
Organization: Eskimo North (206) For-Ever
---------- Forwarded message ----------
From: Barry Orton <borton@macc.wisc.edu>
Date: 04 Sep 1995 16:09:19 -0500
To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
Subject: Re: Telcos and Privacy
reposted for CYBEROID@U.WASHINGTON.EDU
I'm not a regular member of this list, but via the WA Information
Activists list, I read Jack Bryar's comments regarding the collec- tion
of local calling information by the RBOCs.
I have an uncomfortable admission to make: in 1985, I helped to draft
and manage to passage CA's Telephone Privacy Act. This law made it a
crime to pass information out of the local tele- phone company to any
third party, for any purpose. This law, at the time, seemed
well-advised, as it prohibited third party's from gaining access to
calling information accumulated by our state's telephone companies
(primarily, Pacific Bell and GTE-CA).
Now I have second thoughts about this. It puts the telcos in a
position of power that is quite exceptional relative to the capacities
of other information-service providers, IXCs included. There is
nothing to compel the telcos to share their information, if it becomes
necessary to craft an egalitarian competitive en- vironment. At the
same time, the telcos are uninhibited in the ways that they can employ
this information -- a potent tool.
It may be that the law has accomplished its principal purpose well and
prevented a flood of personal information out of the telcos and to
third parties. But times change, and perhaps it's time to revisit CA's
Telephone Privacy Act. Perhaps it should apply to the telcos' new info
subsidiaries just as it does to other third parties. I'm not with the
CA legislature any longer; it's a much wilder, more pro-utility
enterprise these days. I wonder what can and should be done.
--
Bob Jacobson
Former Principal Consultant
Assembly Utilities and Commerce
Committee, CA Legislature, 1981-9
------------------------------
From: Robert Jacobson <cyberoid@u.washington.edu>
Date: 31 Aug 95 13:22:35 -0700
Subject: Re: Computer Privacy Digest Outrage
I would vouch for the quality of Robert Ellis Smith's PRIVACY
NEWSLETTER. While I was working on privacy issues in the CA
legislature, in the "dark" years during the Reagan Administration, PN
was my main source of news about privacy developments nationwide. He
deserves to be noted, praised, and (if he's willing), drawn upon to
provide news for this Digest. Thanks.
Bob Jacobson
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 01 Sep 1995 09:37:51 -0400 (EDT)
Subject: Re: Computer Privacy Digest Outrage
This is a response to a posting from Robert Ellis Smith about his
newsletter, the Privacy Journal. I won't comment on his dispute about
the policies of this Digest because I don't know all the details.
The Privacy Journal is a monthly newsletter on privacy that has been
published for years. During my 17 years working on Capitol Hill, I
always read the Privacy Journal. Bob Smith is one of the nation's
leading authorities on privacy and one of the best journalists covering
the territory. The Privacy Journal has provided more coverage,
including investigative pieces, on the credit reporting industry, the
Medical Information Bureau, and other major and minor institutions that
affect privacy rights and interests.
In addition, Bob Smith is the author of several useful books on privacy
as well as several basic reference works. His compilation of privacy
laws is the only publication of its type. Bob has also written a
compilation of privacy horror stories and a directory of privacy
professionals and advocates.
Bob Smith has been a privacy advocate/author longer than almost anyone
else in the United States or in the world. He is a regular speaker on
the privacy circuit. He is a valuable resource to the privacy
community.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 01 Sep 1995 23:41:24 -0400
Subject: Re: Computer Privacy Digest Outrage
Organization: America Online, Inc. (1-800-827-6364)
I have been a Privacy Journal subscriber for over 6 years, and have
found it to be accurate, insightful, and informative concerning the
future directions that privacy issues will take.
I see no reason why the contents of this well respected and and often
cited newsletter is being denied to readers of this group.
--
Bob Bulmash, President - Private Citizen, Inc.
[moderator: I have posted everything that Mr. Smith has submitted
except his requests to post the table of contents of his journal. I
indicated that these had insufficient content to be posted repeatedly.
He hs in fact posted more that half a dozen times with good content. I
have no problem with that. I regularly post announcements of new
journals and that seems to be the trigger for his complaint.
I will continue to post everything with content that he submits and
will be glad to give him the last word on this issue if he wishes to
respond.]
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 02 Sep 1995 20:42:38 GMT
Subject: Re: PharmaNet - Abortion Drugs
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
This came up in BC.GENERAL so I thought I'd cross post to related groups.
John Maxwell (jmax@wimsey.com) writes: So this morning, listening
to good old Hal Wake on CBC AM, two news stories caught my ear in
how much they seem to have to do with one another, yet so seemingly
unconnected.
Item 1: An article is published in the New England Journal of
medicine saying that two regular presription drugs, having little
or nothing to do with contraception, when taken in combination,
produce an abortion-inducing effect hat works as well or better
than RU234.
Item 2: PharmaNet goes online. Hal has a little back-and-forth with
the head guy from PharmaCare and the province's privacy watchdog.
They talk about the issues of safety and privacy. It is explained
that one of the greatest benefits of the pharmanet system is that
it will catch dangerous combinations of drugs.
Hmmmm.
Given that we've already seen personal-records databases abused by
anti-abortion protesters (last year's licence plate search by that
cop), doesn't this all sound rather worrisome?
I didn't hear the head to head discussion between Privacy Commissioner
David Flaherty and Mike Corbeil of Pharmanet, but someone who did told
me that the Commissioner predicted he and Mr. Corbeil would be talking
to each other and the media within a year about a "how could this have
happened" incident.
He also pointed out to Mr. Corbeil the difference between
confidentiality and privacy, something that staff in the Information
and Privacy Branch (independent of Privacy Commission office) have also
commented on in public. I have the impression that this initiative is
not highly thought of elsewhere in the BC Government.
Commissioner Flaherty has also pointed out that he has dealt with more
than a six pack of medical records related privacy invasions in the
past year. No end seems to be in sight.
The justification for the program seems to rest on a claim that $30
million in fraud could be avoided each year. The BC Civil Liberties
Association looked into that claim in detail and found out that there
was already a "triplicate presription system" that very effectively
dealt with the problem of people going to multiple doctors and getting
prescriptions for drugs that could be resold illegally.
On a related topic, another aspect is that the BC government program
has adopted something called reference based pricing, where they will
only pay for the cheapest drug in each category that they consider
medically effective. There was a promise that individuals who don't
respond optimally to the discount drugs can have their doctor write a
letter to the program and get more expensive drugs covered.
An angina patient who tried this went to the news media after he got
rejected. They stuck the letter in front of the camera long enough for
his name, address, and Personal Health Number to be read by viewers.
Somehow I doubt that either the reporter or the patient considered that
this is enough data for someone to get medical service and some no cost
prescriptions.
Paying for your own prescriptions is not an option for avoiding this
big brother at the pharmacy scheme. In fact there has been some
discussion that people should be happy with it because it will
automatically check for employment health benefit coverage for people
who haven't reached their deductible limit on the universal plan. Ie.
you go to the pharmacy, and the pharmacist gets information about your
employment status and the related benefits at the same time that he
passes the prescription data along to the benefits administration. I
haven't had a personal opportunity to see this in action myself.
I'm also slightly disappointed that I won't be needing the oral surgery
my dentist has been trying to talk me into for the past 5 years. There
is no requirement for giving a PHN, address, birthdate or Medical
Practitioner number in that case. Twenty plus years of dental records
should provide all the ID the dentist needs on me. He'd wanted me to
get "crown lengthening" so he could do a crown before what was left of
a tooth split off. When it finally went he had a look and decided I
don't need it. Things just never seem to work out right for me.:-)
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 11 Aug 1995 09:39:43 -0500 (CDT)
Subject: Info on CPD [unchanged since 08/01/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #019
******************************
.