Date: Wed, 20 Dec 95 10:42:02 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#052
Computer Privacy Digest Wed, 20 Dec 95 Volume 7 : Issue: 052
Today's Topics: Moderator: Leonard P. Levine
Re: Avrami Case
Why Internet don't really work in France?
French Authorisation puts People into a Secret File
Re: BC Commissioner Upholds Severing of Voter Addresses
Re: Employer Abuse of Private Voicemail
Re: Privacy Issues and Java
Re: Unsolicited email Advertising
Re: Unsolicited email Advertising
SSN Shown On Payments by Intuit's Banking Service
Re: Copyright Notice
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 16 Dec 1995 01:11:43 -0500
Subject: Re: Avrami Case
Organization: America Online, Inc. (1-800-827-6364)
On November 27 Ram Avrahami appeared in Arlington district court to
pursue his claim against US News & World Report. Mr. Avrahami is
charging that the magazine violated his property rights when it
sold his personal information to another publication without his
permission.
I wonder if the `respected' US News & World Report, will report the
news of its hammer blows against those who seek to protect their
privacy.
--
Robert Bulmash
Private Citizen, Inc. 1/800-CUT-JUNK
------------------------------
From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat)
Date: 18 Dec 1995 11:11:05 GMT
Subject: Why Internet don't really work in France?
Organization: FranceNet
Why Internet don't really work in France?
December 14th, France Telecom try to explain why all the Internet links
in France are all busy. If you own an email address, you can use a
Minitel terminal (X.25 gateway like 3616 ALTERN, 3617 EMAIL or 3619
USNET), an X-Windows terminal (Atlass X.400 messaging service from
France Cables & Radio) or a poor little micro-computer (TCP-IP accesses
via one of the 84 national Internet Service Providers [ISP]) to put a
message to another email throughout the world. All the strikes were
too hard and Internet become in some days the only way to transmit a
document without any delay.
Choosing an ISP doesn't be an easy operation. The difference of quality
and price are unpossible, it's the same Internet service: THE France
Telecom's one. But the user have some uncredible way to choose between
the CompuServe, AOL, FranceNet, WorldNet, Imaginet, InternetWay, Mnet,
Xon-Xoff, Attmail or Simplenet access. The most use method is funny,
crually funny.
Imagine a teen looking for an Internet connection via the Minitel
terminal offer with the parents phone line. He try with Minitel to
access to the best ISP. If you use the 3615 basic videotex access on
the Minitel, the INTERNET service is a joke. A joke, because Mr.
Valentin Lacambre, a lucky 29-years old business man, possess the
'Internet' trademark for all the French industry. When France Telecom
try to use it, Valentin receive some money. When some journalists
writte on the Internet media, Valentin note an increasing number of
connections on the 3615 INTERNET service (= postmaster@altern.com).
Valentin is one of my best friend, the only that really DO business
with Internet in my country.
Imagine the same teen looking for a micro-computer connection to
Internet. If this teen live out of Paris, he generally try to find the
correct phone number for the connection. The first available in a teen
head will be the transcription of the word INTERNET in a real phone
number. In France, the transcription with ABC is 1, DEF is 3, GHI is
4, JKL is 5, MN is 6, PRS is 7, TUV is 8, WXY is 9 and OQZ is zero...
permit to have for INTERNET, the phone number: 46837638. If you dial
this phone number out of Paris, you never have an answer. My poor
teen, dont have any chance... the phone line dont be an ISP, but a
private one. The owner is Mr. Francois PERIGNON, living in an little
village called La Beaupiniere in Bords, an Charente-Maritines nice
place. He receive some hundreds of modem tunes pro days... and never
answer!
Imagine the same teen living in Paris. The owner of the 46837638 phone
line is a student on the Ecole Centrale campus in Chatenay-Malabry.
This room have a credit-phone... but the owner of this room dont have
money and forget to credit the #638 account. Half of the time, the
credit expire and when you call the line, never answer because of the
null-credit account. My poor teen (and all the journalist trying to do
a connection on the INTERNET number) said all the time: I cannot have a
connection.
MM. Valentin Lacambre, Francois Perignon and the student of room #638
of the Ecole Centrales campus are the three most influent and lucky
persons in France that (dont) permit the unexperiment users to
experiment Internet connections. Its the only reason why Internet dont
really work in France...
--
Jean-Bernard Condat
Computer fraud and security consultant (Paris, France)
JeanBernard_Condat@FranceNet.FR
------------------------------
From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat)
Date: 18 Dec 1995 11:11:05 GMT
Subject: French Authorisation puts People into a Secret File
Organization: FranceNet
New official authorisation to put all people in a secret file...
November 16th, 1995: In middle of the strike period in France, the
Ministry of the Army publish a text dated November 9th giving the
authorisation to the Army to put all available data in local files for
future uses. The available data mind political, philosophical,
religion... opinions of a person called "terrorist" or "victim of a
terrorist." :-|]
After some hard reactions of certain kinds of persons in France, the
French Governmement announce Decembre 16th the complete suppression of
this text. Note that the CNIL (Commission Nationale Infortique et
Libertes) formed to look at abusive use of laws... have given a
positive authorisation to publish the following text...
UNCREDIBLE !
Decret n95-1211 du 9 novembre 1995 portant application des
dispositions de l'article 31 de la loi n78-17 du 6 janvier 1978 aux
fichiers mis en oeuvre par la direction generale de la gendarmerie
nationale.
Le Premier Ministre,
Sur le rapport du ministre de la defense,
(...)
Vu l'avis conforme de la Commission nationale de l'informatique et
des libertes en date du 25 avril 1995 ; Le Conseil d'Etat (Section
des finances) entendu,
Decrete :
Art. 1er. - Pour l'exercice de sa mission, la gendarmerie nationale
est autorisee a collecter, conserver et traiter, dans les fichiers
regionaux, les informations nominatives qui, etant relatives aux
personnes majeures enumerees a l'alinea ci-apres, mentionnent les
signes physiques particuliers, objectifs et inalterables comme
elements de signalement, ou font apparaitre, directement ou
indirectement, les opinions politiques, philosophiques ou
religieuses ainsi que les appartenances syndicales de ces
personnes.
La collecte, la conservation et le traitement des informations
enoncees a l'alinea precedent ne peuvent concerner que :
1-- Les personnes qui peuvent, en raison de leur activite
individuelle et collective, porter atteinte a la surete de l'Etat
ou a la securite publique par le recours ou le soutien actif
apporte a des actes de terrorisme definis aux articles 421-1 et
421-2 du Code Penal ;
2-- Celles qui entretiennent ou sont entretenu avec elles des
relations durables et non fortuites ;
3-- Les personnes qui sont victimes d'actes de terrorisme ou
paraissent etre particulierement exposees a de tels actes.
(...)
Fait a Paris, le 9 novembre 1995
Par le Premier Ministr ALAIN JUPPE
Le ministre de la defense,
CHARLES MILLON
--
Jean-Bernard Condat
Computer fraud and security consultant (Paris, France)
JeanBernard_Condat@FranceNet.FR
Private phone number: +33 1 41238807
------------------------------
From: afaulkne@bclands.crl.gov.bc.ca
Date: 18 Dec 1995 10:19:26 -0800 (PST)
Subject: Re: BC Commissioner Upholds Severing of Voter Addresses
Organization: BC Systems Corporation
8. Order I find that the provisions of the Municipal Act apply to
authorize the District of Squamish to refuse access to the records
in dispute. I also find, under section 22(1) of the Act, that it
would be an unreasonable invasion of personal privacy of third
parties for the District to disclose the records in dispute to the
applicant, and that the District was required to refuse access.
Under section 58(2)(b) of the Act, I confirm the decision of the
District of Squamish to refuse access under section 63 of the
Municipal Act. Under section 58(2)(c) of the Act, I require the
District of Squamish to refuse access to the records in dispute to
the applicant under section 22.
This may have interesting ramifications for the up coming provincial
election. The voters list is provided to political parties for their
use. Usually that involves merging the name, address, occupation
fields with telephone data bought from BCTel. This becomes a very
powerful campaign tool, especially when coupled with occupation
directed campaigning (e.g. teachers, doctors) and ethnic sub-listing
based on last name.
I wonder if this usage will still be allowed?
--
Andrew Faulkner
Applications Analyst, BC Lands
Ministry of Environment, Lands and Parks 387-1146
Internet address: afaulkne@bclands.crl.gov.bc.ca
------------------------------
From: fyoung@oxford.net (F Young)
Date: 18 Dec 95 14:21:04 EST
Subject: Re: Employer Abuse of Private Voicemail
There is a homepage for the IPC office in Ontario. I don't have
the address within reach, but it should be easy to surf to it.
The URL for accessing Ontario government information is
http://www.gov.on.ca/mbs/english/index.html OR
http://www.gov.on.ca/mbs/french/index.html
------------------------------
From: jeffg@ptp.hp.com (Jeff Gruszynski)
Date: 18 Dec 1995 22:29:42 GMT
Subject: Re: Privacy Issues and Java
Organization: Hewlett Packard
Jim Gindling (gindling@cs.colorado.edu) wrote: I had a question
concerning privacy issues in relation to Java.
Currently, the security model for Java applets has the following
limitations enforced by the browser:
1. an applet can only create client socket connections back to the
source host of the applet
2. an applet cannot create a server socket connection on client machine
3. an applet cannot read or write local file system at all
The intent is to prevent viral problems, but it also impacts privacy in
general. Some of these restrictions caused some grumbling at WWW4, since
it prevents you from doing some cool things, but in a less than benign
network enviroment these restrictions seem prudent.
--
Jeff Gruszynski Any Standard Disclaimers Apply
Test & Measurement Webmaster
Hewlett-Packard Company
jeffg@ptp.hp.com http://www.tmo.hp.com/
------------------------------
From: jcr@mcs.com (John C. Rivard)
Date: 19 Dec 1995 12:08:54 -0600
Subject: Re: Unsolicited email Advertising
Organization: very little
tswalton@aol.com (TSWalton) wrote: I would suggest that the net
begin to charge the spammers a per piece handling charge......just
like the USPS. It would be too costly to spam if they are not
hitting their target audience and would be self limiting in the
long run.
Yeah, this would work.....just like the USPS.
You sure don't see any USPS junk mail anymore. ;^)
--
John C. Rivard � <jcr@mcs.com>
Opinions expressed yadda yadda--you know the drill
------------------------------
From: herwin@osf1.gmu.edu (HARRY R. ERWIN)
Date: 20 Dec 1995 12:46:44 GMT
Subject: Re: Unsolicited email Advertising
Organization: George Mason University, Fairfax, Virginia, USA
I have been receiving 'junk email' from a commercial advertiser,
netnet@access1.soundcity.net. I have politely asked them to put me on
their 'do not contact' list, but I continue to find my mailbox filled
with their stuff. What have people found to be the most effective
recourse?
--
Harry Erwin
Internet: herwin@gmu.edu
Home Page: http://osf1.gmu.edu/~herwin
PhD student in comp neurosci: "Glitches happen" & "Meaning is emotional"
------------------------------
From: michael@piglet.amscons.com (Michael Bryan)
Date: 18 Dec 1995 19:10:07 -0800
Subject: SSN Shown On Payments by Intuit's Banking Service
Organization: none
Another user (Robert Mayo) discovered, and I confirmed, that Intuit's
online bill payment service sends your payees a printout containing
your social security number.
This applies to any person who is using Quicken for Windows or
Microsoft Money for Windows to send payment requests electronically,
using Intuit's service. It specifically does -not- apply to using
Quicken with the Checkfree service, as the Checkfree service does not
supply anybody with your SSN.
The details:
When the Intuit service sends a payment to a merchant, it will do one
of three things. First, it will try to perform an EFT directly from
your account into the merchant's. Most merchant's are still not setup
for this, however. Second, if your payment is the only payment going
to a given merchant on a given day, then they will print a check, drawn
against your account, and mail it to the merchant. Both of these
methods are ok, and do not result in your merchant receiving your SSN.
However, if there are multiple payments going to a single merchant on a
given day (i.e., more than one customer has requested a payment to the
given merchang), all of these payments are sent in a single envelope,
and a summary sheet is enclosed. This summary sheet will have a field
called "Control Number", which consists of your SSN, followed by two
other digits. This summary also lists your checking account number, in
addition to your name, account with the merchant, and the amount of
your payment. (In my opinion, only these last three fields are called
for. There is no need for the checking account number to be listed,
even though it -is- printed on your check as part of the MICR
encoding.)
I have contacted Intuit regarding this matter, and they have been
decidedly less than helpful. I know at least three other people who
have called them, and we have all been told the same thing:
1) "Most of your merchants already have your SSN". Perhaps this is
true for some people, but it is not the case with me.
2) "The SSN is encrypted on the printout". Absolutely not true. It is
printed under the label "Control Number", and has two extra digits
appended, but this does not "encrypt" the number. Anybody who knows
what the field contains has instant knowledge of your SSN.
Intuit is currently refusing to address this issue. Furthormore, when
I called in, they tried to tell me I was the only person who was
complaining. I immediately gave them the names of three other people
who had called in, one of whom I knew had talked to this particular
individual. So that little "divide-and-conquer" trick backfired.
Also, when I said that I would be forced to go to the media if they
didn't address this issue, I was told that by doing so, I would be
responsible for broadcasting this information to those who might then
illegally use the information. I found this two-faced attitude
particularly annoying. On the one hand, they are claiming it's not a
problem, yet on the other they tried to keep me from going to the media
because it might give criminals information they could then exploit.
Anyway, I've done all I can with talking to Intuit, so I am now
pursuing other avenues. My bank (Union Bank) was particularly
concerned that the SSN was being printed out and mailed with
potentially every payment, and vowed to look into it and work with
Intuit on my behalf to get this behaviour stopped. Also, I and a few
others have contacted various media representatives, in an attempt to
get them to focus a spotlight on Intuit, and let people know that
Intuit is broadcasting their SSN, without their knowledge. And of
course, I'm posting Usenet articles in the privacy newsgroups, as well
as the newsgroup where most Quicken discussion occurs,
comp.os.ms-windows.apps.financial.
If you are using Intuit's Online Bill Payment service, and are
concerned about this, please call Intuit and express your displeasure.
The number for the Online Bill Payment service is 708-585-8500. Also,
call your bank, and inform them as to what's going on. Finally, write
to your local (or national) newspaper, let them know about this, and
ask them to cover this in their paper.
It appears that the only way Intuit is going to address this is by
getting some negative publicity, since customer complaints don't seem
to carry enough weight. I wish they were more reasonable, but that
just doesn't seem to be happening here. So be it --- they want a
fight, they've got one.
------------------------------
From: jcr@mcs.com (John C. Rivard)
Date: 19 Dec 1995 12:36:42 -0600
Subject: Re: Copyright Notice
Organization: very little
michaelm@nairobi.eecs.umich.edu (Michael McClennen) writes: the
intent is that copyright is automatically granted to a work as soon
as it appears in a form such that everyone can agree upon the exact
content. Thus, a verbal utterance *snip* recorded on a magnetic
tape, written down, or typed into a computer, *snip* is an
unambiguous record of the content and thus an automatic copyright
to the author. *snip* The exact ownership of the computer (or the
tape recorder, the pen, etc.) does not enter into the question.
halfbree@rapidnet.com wrote: Now that makes sense! However I
believe the ownership of the actual material; ie; tape, paper,
book, vidio, or so on would enter into the question as to who owns
the copyright. The original author or owner of the copyright may
have bartered his/her rights to the copy right away to another.
I'm sorry, but you are wrong.
Ownership of the recording material has NOTHING to do with copyright.
Read the law.
The author of a work (as copyright holder) may, of course, sell or
barter the copyright after the work is fixed, but you can only sell
something you first own, obviously. The author may also elect to place
something in the public domain, which is to rescind all copyright on
the work. Then no one owns the copyright.
The ONLY time that an author is not the automatic owner of the
copyright is when it is a "Work for Hire," in which the author creates
the work as part of their job. For example, when an artist working at
an advertising agency paints a picture for an advertisement, that may
be a Work for Hire. If you look at many ads, you will see that the
copyright notice indicates that the ad belongs to the advertiser, not
the author.
The author knows in advance that they are creating a work for hire;
usually this is specifically spelled out in the terms of the employment
or freelance contract.
--
John C. Rivard � <jcr@mcs.com>
Opinions expressed yadda yadda--you know the drill
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Nov 1995 14:25:54 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #052
******************************
.