Date: Sun, 26 Nov 95 09:46:51 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#045
Computer Privacy Digest Sun, 26 Nov 95 Volume 7 : Issue: 045
Today's Topics: Moderator: Leonard P. Levine
Re: Phone Number Privacy
Re: Phone Number Privacy
Re: GE Capital Offer of Personal Information
Re: The Privacy Act and SSNs
Re: United Way uses SSN now
Re: Telemarketing
Re: Stopping Junk Mail
Gary, Settle down
Re: Copyright Notice
Do We Need New Health Privacy Laws
Re: Act Now to Stop the Religious ...
Survey on Privacy in Business
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: halfbree@rapidnet.com
Date: 23 Nov 1995 05:01:18 GMT
Subject: Re: Phone Number Privacy
Organization: Very Little
night@acm.rpi.edu (Trip Martin) writes: One thing that is available
in my area (518 area code) is call return blocking. It means that
if I call someone, they can't call me back by using *69. I don't
know if this is available in other areas, but it's worth asking
about for those who are concerned about it.
And do you have to PAY extra for this feature? If it's free than
fine, but if you have to pay, then seems like double payment for folks
who have all ready payed extra money for an unlisted number?
--
The Halfbreed
------------------------------
From: Steve Mitchell <mitchell@access.digex.net>
Date: 23 Nov 95 13:10:46 -0800
Subject: Re: Phone Number Privacy
To the best of my knowledge, *69 does not work outside of your local
calling area. *67 does not prevent call back in the Mid-Atlantic
area.
This has been a problem for answering services who often are blamed for
giving out a client's phone number. It took a while for people to
realize that *69 was the culprit.
You might consider having your answering "patch" these calls to you.
This way, if your caller hits *69, the answering service will get the
call and can relay to you again if necessay. This would be a
protection for both of you.
--
Steve Mitchell
Regional Manager
TElescan Corporation
[moderator: My understanding now is that in some areas *67 forbids
the use of *69 and in some areas not. I also understand that new
federal rules will require that *67 will forbid *69 so that much of
the concern that I first brought to this list will be cancelled. It
is correct that *69 will only work for local calls, so you do not find
yourself making a call to a pizza joint in Tahiti by using it.]
------------------------------
From: maillist@dazed.nol.net (Al Johnson)
Date: 24 Nov 1995 11:02:58 GMT
Subject: Re: GE Capital Offer of Personal Information
Organization: Networks On-Line, Houston
JF_Brown@pnl.gov (Jeff Brown) wrote: mod@world.std.com says... My
mortgage is held by GE Capital Mortgage Services. ...snip... I
recently received an offer from them whereby I'd pay $5 a month for
the "privilege" of getting allegedly current reports on our credit,
driving, Social Security and medical histories, including the
ability to correct errors and discrepancies. ...snip... What are
the risks in my subscribing to this service?
What information do they request from you?
Do the reports come directly to you or through them? (i.e., who
gets to see the information on them)
You could get all the information yourself, but the $5 you pay them
might be worth saving you the time. Your choice.
Also, you'll probably have to sign over the right for them to access
your personal information, from where-ever your personal info might be
located, such as hospitals and insurance companies. They may be
planning on reselling this info after collecting it and forwarding it
to you. I'll gaurantee you that they will not simply forward your
personal info to you without first keeping a copy for themselves,
especially since the data will most likely be in digital form.
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 23 Nov 1995 00:58:19 -0500 (EST)
Subject: Re: The Privacy Act and SSNs
An earlier posting discussed the Privacy Act of 1974 and its SSN
provisions. Some of the information posted was incorrect. The
relevant section of law is Public Law 93-579, Section 7. You can also
find this at 5 USC 552a note.
The law states that it is unlawful for any federal, state, or local
government agency to deny anyone any right, benefit, or privilege
provided by law because of a refusal to disclose a SSN. There are
exceptions for federal statutory requirements and for disclosures that
were required by law or regulation in existence before January 1, 1975
(a grandfather clause). Agencies that request disclosure of the number
must inform the individual whether the disclosure is mandatory or
voluntary, the authority for the soliciation, and how it will be used.
That is the entire provision. There is no enforcement language in the
section. There have been some successful civil cases filed using this
section as authority.
There are other federal laws that require the disclosure of SSNs. I
believe that if you engage in any transaction that results in the
payment of taxable income (e.g., interest on a bank account or wages),
the tax code requires you to disclose your SSN. In addition, the
Selective Service is authorized to collect SSNs for draft registration,
although I do not know if disclosure in mandatory. I suspect that it
is.
In addition, other federal law authorizes states to use SSNs for
welfare, tax, and motor vehicle purposes. States can require
disclosure of SSNs for these purposes. There are probably some other
exceptions to the SSN provision of the Privacy Act that I don't know
about.
I believe that current bills in Congress will require everyone to
disclose their SSN for any transaction with the federal government and
to state departments of motor vehicles. I don't have the details and I
cannot confirm this. Actually, I believe that the proposed motor
vehicle provision will require states to collect the SSN. Maybe
someone else knows and can post the bill numbers and details.
Section 7 of the Privacy Act does not apply IN ANY WAY to private
businesses. A business may ask for your number if it chooses. You may
not be required to disclose it in all cases, but there are some
statutory requirements like the tax code. Basically, except for those
laws that mandate disclosure, there is no federal legislation on the
disclosure of your number. If there is no law, then it is up to you
and to the requester.
There are NO criminal penalties that apply when SSNs are requested by
government agencies in violation of section 7 of the Privacy Act.
Similarly, I know of no criminal penalties that apply to requests from
private businesses.
Finally, while I am most sympathetic to those who try to keep their SSN
secret, be aware that it is not difficult to obtain almost anyone's SSN
from private, lawful information companies. Credit bureaus have SSNs
for most consumers. There is at least one company that has a Web page
offering SSNs for $7.50 a pop. Someone with your SSN and an attitude
can do lots of damage to you. No question about this. But SSNs are
not exactly secret numbers.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: fyoung@oxford.net (F Young)
Date: 23 Nov 1995 18:48:10 GMT
Subject: Re: United Way uses SSN now
Organization: North Norwich Telephone
wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes: doesn't know my
SSN, unless I contribute. Gee, that's a dilemma: should I give
away money and thereby spread my SSN around, or keep my money and
also keep my SSN a little more secret?
If the urge to give money to the United Way is so strong, then I would
discard the form and send a cheque to United Way directly, or white-out
your SSN, make a photocopy of the form then send it in.
------------------------------
From: fyoung@oxford.net (F Young)
Date: 23 Nov 1995 18:48:13 GMT
Subject: Re: Telemarketing
Organization: North Norwich Telephone
anonymous <levine@cs.uwm.edu> writes: wish to be telemarketed.
Then, rather than rely on local or state law enforcement to
prosecute offenders, allow the individual the ability to prosecute
the offender through small claims court. Any reactions to this
idea? Thanks.
Sounds like a good idea. But how do we "prosecute" a telemarketer?
Say my name is on the "don't call me" list, then a telemarketer calls,
not once, but twice. Now what do I do? I have to prove in Court that
the telemarketer has been notified with the list, then I have to
establish an amount for the "damage." How do I convince the judge that
I suffered $x of damage because so and so called me over the phone?
I'm not a lawyer, so maybe I've missed something? Will someone care to
enlighten me on this?
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 23 Nov 1995 22:14:14 -0500
Subject: Re: Stopping Junk Mail
Organization: America Online, Inc. (1-800-827-6364)
YES, you have the right, under federal law to prohibit any advertiser
from sending you anything through via the USPS that avertises anything
you consider offensive.
See 39 USC sec.3008
on a happier note:
Did you guys watch DateLine NBC on November 15, 1995?
If you did, you'd of seen that handsome devil, Bob Bulmash, president
of Private Citizen, Inc. and two members of Private Citizen who took
thousands of dollars from telemarketers who called in defiance of their
previously expressed will.
It's easy, and joining Private Citizen help in substantially reducing
your junk call burden.
--
Robert Bulmash
Private Citizen, Inc. 1/800-CUT-JUNK
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 23 Nov 1995 12:07:08 -0500
Subject: Gary, Settle down
Organization: America Online, Inc. (1-800-827-6364)
I had posted the following in comp-privacy: Private Citizen, Inc.
will notify over 1400 national and local telemarketing relatred
firms of your `do-not-call' request, and send you a list of the
firms we notified. Also included in your notification, will be an
offer to allow those firms to tele-solicit you on a `for hire'
basis of $500 per call.
I recieved the following response from Gary McGath:
Well, now I understand your desire for laws that would allow
government monitoring of E-mail in the name of "privacy"; it would
be a whole new market for you.
This is an official instruction, and valid according to your own
interpretation of the law: DO NOT SEND ME ANY E-MAIL AT ANY TIME IN
THE FUTURE. IF THE COURTS UPHOLD A LAW UNDER WHICH YOU CAN BE
PROSECUTED, I WILL PROSECUTE.
My response to Gary is as follows:
Gary, Gary, Gary... you litigious little lad,
Their is no legislation, at present, that allows you to sue me for
e-mailing a simple message to you in defiance of your previously
expressed will Nevertheless, I will respect your wishes... because
that is your wish, and I feel no compulsion to offend you.
But you still don't get it. The mechanisms Private Citizen uses to Cut
Junk calls and Cut Junk snail-mail is not based solely on statute, but
rather a common legal theory, in existance well before your
great-great-grandparents were born.
Next time, please take a moment to understand what you think you
understand, before you express yourself. If you like, I will be happy
to e-mail you a Private Citizen Authorization Form By reading it, you
WILL understand that theory. (I hope). But you'll have to ask nice.
--
Robert Bulmash
Private Citizen, Inc. 1/800-CUT-JUNK
------------------------------
From: gmcgath@condes.MV.COM (Gary McGath)
Date: 24 Nov 1995 12:23:06 GMT
Subject: Re: Copyright Notice
Organization: Conceptual Design
halfbree@rapidnet.com wrote: Now that makes sense! However I
believe the ownership of the actual material; ie; tape, paper,
book, vidio, or so on would enter into the question as to who owns
the copyright. The original author or owner of the copyright may
have bartered his/her rights to the copy right away to another.
Simply not true, at least under normal circumstances. Here's an example
with which I have experience, and about which I have talked with
professionals who understand the legal ramifications:
At science-fiction conventions, various people will sing in concerts or
at open singing sessions known as "filksings" (with an i). Often a
recording engineer will be brought in to record these for possible
later release on small-run tapes. The recording engineer does not
thereby acquire the rights to the song. The recording company must
obtain permission from the performer and from the author (or, in the
later case, can in certain circumstances use what is called a
"mechanical license," which entails paying a legally fixed amount to
the copyright holder of the song).
Only if there is an explicit agreement between the person creating or
performing the work and the person providing the medium is there any
transfer of rights.
--
Gary McGath
gmcgath@condes.mv.com
http://www.mv.com/users/gmcgath
------------------------------
From: jwarren@well.com (Jim Warren)
Date: 24 Nov 1995 14:44:34 -0800
Subject: Do We Need New Health Privacy Laws
Seems like someone should answer this ... to the large FOI-L list;
*not* to me, please. :-)
--
jim
From: BRODELLJ@MSCD.EDU
Date: 24 Nov 1995 12:00:06 -0600
Sender: State and Local Freedom of Information Issues
<FOI-L@LISTSERV.SYR.EDU>
Subject: do we need new health privacy laws
To: Multiple recipients of list FOI-L <FOI-L@LISTSERV.SYR.EDU>
The long posting on health privacy legislation are welcome.
However, it seems to me that the laws that alrady are in place are
being violated because of need and money.
Would not national privacy legislation create more federal bureaucracy
that eventually would become self-serving and expansive?
What is the fundamental justification for keeping health information
private anyway? particularly since so much federal and state money is
wrapped up in health care.
Why should not health records of individuals treated with public funds
and/or at public facilities be public?
This is a serious question that requires a serious answer. "because you
will be invading their privacy" just won't cut it. What is the
fundamental (non-circular) reason we should have privacy of medical
records, particulalry are they relate the the expenditure of government
funds?
--
Jay Brodell
brodellj@mscd.edu
------------------------------
From: Paul Robinson <paul@TDR.COM>
Date: 26 Nov 1995 09:14:26 EST
Subject: Re: Act Now to Stop the Religious ...
Organization: Tansin A. Darcos & Company/TDR, Inc. Silver Spring, MD USA
CAMPAIGN TO STOP THE EXON/COATS COMMUNICATIONS DECENCY ACT The
Religious Right has proposed shutting down speech on the net more
tightly than ever before. Their activities could succeed,
resulting in Internet providers screening your mail, postings, and
conversations to avoid criminal liability. There is a very real
chance that this legislation will pass, and we will experience a
period of uncertainty and chilling of speech while an appropriate
test case attempts to reach the Supreme Court (should it even get
there!)
To me, it seems, this sort of hysteria and fear-mongering serves no
useful purpose, since it apparently ignores reality.
1. There has never been an (anti) abortion law passed since _Row v.
Wade_ that went into effect until a substantial amount of time after it
was passed. Why? Because the courts would suspend the effect of the
law until the issue was tried in court, seeing that the law would
clearly be in contravention to that case.
2. What does this have to do with the above proposed law? While the
courts have generally taken the stand that most laws passed by congress
are constitutionally valid, when it comes to restrictions on speech and
press, the courts have generally taken the exact opposite stand, that a
restriction on speech is generally invalid lacking a foundation that
there is some damn good reason to allow such a restriction. This would
take a considerable amount of time.
3. Most laws which are created in Congress never even get very far.
Mostly these laws are written for bargaining points, or for political
capital, since someone can say they are attempting to be "tough on..."
something the voters don't like, even if the law never gets out of
committee.
I would be more concerned if this was regulation to be passed which was
to appear in the {Federal Register}. Most of that _does_ get passed,
and, because of the Administrative Procedure Act of 1949, _has_ the
force and effect of law in most cases.
4. I suspect those who are reporting the law are misstating what it
actually says, either accidentally or on purpose. During protests over
the motion picture "The Last Temptation of Christ," people were
protesting over some issues that they claimed were degraded or defamed
by the movie. My brother, who saw the film, said that some of the
things that they complained about weren't even in the film.
I am not saying the law isn't providing exactly what the original
poster alleges that it does. I am just wondering what their biases
are.
5. Why is it that it is presumed to be some organization or group
called the "religious right" that wants this sort of law passed? I
guess because it is "Politically Correct" to bash on that group. Or
perhaps the poster didn't think "Skinhead Neo-Nazis" or "Fascists" was
a strong enough term this week.
I am usually very suspicious when someone blames some named group or
alleged class as being responsible for something. It's an attempt to
use "splinter politics" where one group is pitted against another,
distracting people from more serious issues and allowing those to be
passed along without people noticing or paying attention.
6. Common Carrier law has an incredibly long history - hundreds of
years - the rules go back to the creation of the term in the 1400s. I
find it highly unlikely that the entire system of common carrier law,
which includes lack of liability for content, is going to be trashed.
To hold a system operator such as AOL or Compuserve liable for the
material transmitted over their facilities when they have no knowledge
or awareness of this content means that AT&T could be held liable for
messages in voice-mail using their "store and forward" system which is
available by dialing *123 when placing a telephone call that doesn't
complete.
This would be ridiculous, and it would overrule hundreds of years of
settled case-law as well as make a mess.
7. Further, it would not just be applicable to Prodigy, or MCI, if it
applies to those who transport "message traffic" or electronic
material, then it is applicable to Federal Express and UPS, too! (A
CD-ROM, a diskette or a book with the above probably qualify too, if
the law is written as sloppily as the writer apparently claims it is.)
8. In short, first this bill must be passed by both houses of congress,
then signed by the President, then survive the inevitably certain court
challenges, then, and only then - assuming there hasn't been
significant public outcry to have the law repealed - is there anything
to worry about, if there is at all, that is.
9. This also presumes people don't implement new ways to go around the
law, such as using gateways in other countries, using ftp sites to
allow people to take material, using mailing lists through remailers,
and other things. Unless the sender can be identified, and traced to
somewhere in the U.S., there is no means to enforce the law no matter
how strict it is.
10. There are lots of ridiculous laws on the books that, if enforced at
face, would effectively grind society to a halt:
As it stands, now, under the Robinson-Patman antitrust laws, if a
party sells something at a price higher than their competitors do,
this is de-jure evidence of an illegal monopoly (or they could not
get a higher price).
If they sell at a price less than their competitors, this is de-jure
evidence of an illegal attempt at destructive competition and/or the
establishment of an illegal monopoly.
If they sell at the same price, that's PRICE FIXING and it's also
illegal!
It is technically possible to find every single business in violation
of some provision of the antitrust law. Does this mean that people
live in fear of it being used against them? No. Most businesses
aren't even aware of the law being applicable. The law just sits
around until some bright boy decides it's easier to use the law as a
club to bash a competitor that they can't beat legitimately in the
marketplace.
12. I would seriously doubt that the bill, if it even becomes law,
would mean much of anything, anyway, there is too much material being
transmitted to have such a law be effective. It would most likely
become just another law that is only enforced if someone complains, or
plainly is ignored and isn't enforced at all, like the one that makes
consentual oral sex between husband and wife in the privacy of the
bedroom of their home, if in the Commonwealth of Virginia, a felony
punishable by imprisonment exceeding three years.
For both of them.
--
Paul Robinson
General Manager
Tansin A. Darcos & Company/TDR, Inc.
"An employee owned company"
---
Among Other things, we sell and service ideas. Call 1-800-TDARCOS from
anywhere in North America if you are interested in buying an idea to solve
one of your problems.
------------------------------
From: robrienr@aol.com (ROBRIENR)
Date: 22 Nov 1995 19:14:10 -0500
Subject: Survey on Privacy in Business
Organization: America Online, Inc. (1-800-827-6364)
Please complete survey and E-mail reults to ROBRIENR@aol.com
SURVEY
PRIVACY IN THE WORKPLACE
PERSONAL INFORMATION
Please check the statements that best describes yourself:
Student _______
Part-time employee _______
Full-time employee _______
Manager or supervisor _______
Please rate the following types of employee monitoring by business
to your extent of approval. Please use the comment space to
elaborate on your response.
1. Business responding to outside request for information about
employees.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
2. Business administering lie detector test to employees.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
3. Business testing for drug use by employees.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
4. Business testing employee for AIDS.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
5. Business using secret video surveillance cameras.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
6. Business monitoring employee phone calls.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
7. Business monitoring employee E-mail.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
8. Business requesting credit checks on employees.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
9. Business requesting preemployment mental and health screening.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
10. Business requesting genetic testing of an employee to determine
if the employee is predisposed to certain medical conditions.
Approve _____ Indifferent _____ Disapprove _____
Comment:_________________________________________________________
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Nov 1995 14:25:54 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #045
******************************
.