Date: Mon, 08 Jan 96 15:09:15 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#004
Computer Privacy Digest Mon, 08 Jan 96 Volume 8 : Issue: 004
Today's Topics: Moderator: Leonard P. Levine
Re: Checking Account Status is Public
Breasts on AOL
Re: BC Commissioner Upholds Severing of Voter Addresses
Spy Viruses
Re: Bully for US Gov't Boo to Wisconsin
Re: The Year We Struggled with On-line Censorship
Re: Public Universities and SSNs
Re: Public Universities and SSNs
Gas Station Receipts
Re: Censorship Escalation
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: "Mark W. Eichin" <eichin@mit.edu>
Date: 05 Jan 1996 18:51:23 -0500
Subject: Re: Checking Account Status is Public
quoth Wm. Randolph Franklin, wrf@ecse.rpi.edu: Every bank (and S&L
etc) that I've checked with will tell you over the phone whether a
check you're holding from one of their customers would clear if you
deposited it. ... No bank manager that I've asked sees any privacy
problems with this.
I'm told (by friends who are customers there) that University Bank, in
Palo Alto CA, also provides this service by default; however, if you
specifically ask them about it, they'll set a "privacy flag" on your
account and will in fact refuse all such requests.
_Mark_ <eichin@cygnus.com>
Cygnus Support, Eastern USA
ps. Yes, University Bank is the one with the fanciful alien spaceship
crashing into the side of the building :-)
------------------------------
From: fyoung@oxford.net (F Young)
Date: 05 Jan 96 22:56:27 EST
Subject: Breasts on AOL
wasn't censoring "breast" in private e-mail, the chats themselves,
or discussion group posts--at least none of the e-mail, chats, or
discussion groups I was in. This may have been only because they
didn't have the time and technology, and it certainly doesn't
reduce the stupidity of the act.
There is, nonetheless, a very fine line between moderating and
censoring in public discussion groups. But the thought of my private
e-mail being monitored by officials/agents of an online service is
upsetting to say the least. The technology is certainly there if any
online service wish to pick up certain keywords from private e-mail and
then take actions against the sender.
I believe online servies should be given the same immunity given to
common carriers. But privileges comes with responsibility, online
services must then ensure they do not unilaterally censor public
information, and that private e-mails not be read by any third party
while they remain in their systems.
Does AOL allow members to use PGP to encrypt their e-mails?
In the summer, breast cancer survivors tried to form a chat room
called "Breast cancer survivors." They were told that the chat
room name was obscene. Someone tried variations, such as "boob
cancer" and "hooter cancer." AOL accepted these--they were not
"obscene." After lots of
The term "breast cancer" is widely used by _all_ medias. I have heard
and saw the term on TV, radio, newspapers, and government
documentations. I would consider "boob" or "hooter" much less
acceptable in serious discussions such as those found in support
groups.
It is insulting to breast cancer survivors to make them use colloquials
when sharing their experiences with each other.
About two months later, a breast cancer survivor scanned through
user profiles to find other women who described themselves as
breast cancer survivors. She found that all these posts had been
purged because of their allegedly obscene content.
Congratulation for cancelling your AOL account.
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 06 Jan 1996 07:54:12 GMT
Subject: Re: BC Commissioner Upholds Severing of Voter Addresses
Organization: The National Capital FreeNet
References: <comp-privacy8.2.8@cs.uwm.edu>
"Mario M. Butter" (mbutter@tower.clark.net) writes: The US has
different laws in each state; indeed one state (Louisiana) has laws
modeled after the French legal system rather than English common
law. In some states, the voter registration lists are public
information.
Is this a setup for the "Dead men vote, at least they do in Louisiana
line"?
The names of voters can still be released to the public. Their
addresses cannot.
I did have the idea that states pretty much run elections in the USA.
My reference to efficiency was based on a second impression that voters
cast ballots for everyone from president down at least as far as county
offices at the same place on the same date.
Here there is no coordination between federal and provincial
elections. Municipal and school board elections do occur together on a
fixed schedule, but bodies such as hospitials are often incorporated as
societies with elections at arbitrary times operating under the type of
voting procedure that Pat Robertson fans exploited so well a few years
back.
Speaking of hospitals, there is a new BC I&P commissioner decision at
the web site dealing with a request that a service bureau be ordered to
restore e-mail between staff at a hospital and the Ministry of Health
and scan it for a specified list of key words. I'm not aware of much of
the background, but my reading of it is that the major factor in the
rejection of the request was the volume of work involved. If it had
been cheap/fast/easy to retrieve this the decision might have gone the
other way.
--
notice: by sending advertising/solicitations to this account you will be
indicating your consent to paying me $70/hour for a minimum of 2 hours for
my time spent dealing with it
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 06 Jan 1996 09:11:53 -0600 (CST)
Subject: Spy Viruses
Organization: University of Wisconsin-Milwaukee
Taken from RISKS-LIST: Risks-Forum Digest Friday 5 January 1996
Volume 17 : Issue 60 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public
Policy, Peter G. Neumann, moderator
From: Educom <educom@elanor.oit.unc.edu>
Date: 01 Jan 1996 19:48:38 -0500 (EST)
Subject: Spy Viruses (Edupage, 31 December 1995)
Syndicated columnist Gina Smith predicts a proliferation of computer
"spy" viruses similar to Microsoft Windows 95's registration wizard
that can zip around your CPU and determine whether you've legally
registered all the software you've got loaded on there: "It's already
possible to do this sort of scanning without alerting the user, so it
doesn't take much of a futurist to imagine the same sort of stealth
technology being used on unknowing bulletin board and Internet users.
In fact, I think a trend away from juvenile-prank computer viruses to
information-seeking `spy' viruses isn't merely likely, it's
inevitable." (Popular Science Dec 95 p12)
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 06 Jan 1996 21:53:03 -0500 (EST)
Subject: Re: Bully for US Gov't Boo to Wisconsin
I just got my new tax forms. My Social Security Number (SSN) did
not appear on the federal form cover but was only on a label folded
into the middle of the book. The state of Wisconsin, as usual, had
my (and my wife's) SSN right on the top of the cover.
I didn't notice this until I read your posting. I agree that this is
progress of a sort. But if postal workers wanted your SSN, all they
have to do is flip open the tax booklet and read the label. The
booklet is not sealed. The real problem is that getting an SSN is
generally pretty easy so a Postal Worker does not have any great
incentive to collect them. Still, if someone gets YOUR SSN, and uses
it improperly, a lot of damage can result.
Like I said, it is progress of a sort.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: gmcgath@mv.mv.com (Gary McGath)
Date: 07 Jan 1996 15:02:19 GMT
Subject: Re: The Year We Struggled with On-line Censorship
Organization: Conceptual Design
References: <comp-privacy8.2.15@cs.uwm.edu> <comp-privacy8.3.9@cs.uwm.edu>
bernie@fantasyfarm.com (Bernie Cosell) wrote: On the other hand, if
you do want to pursue the quest, at least be aware of how tough a
row it is going to be to hoe. You'll have to make a case that the
network is a medium different from *any* other, and that that
difference should be the reason to overturn hundreds of years of
*unquestioned* legal precedent, rather than that difference meaning
that some sort of new and innovative legislation is called for.
We may be drifting rather far from the topic of privacy here in
discussing censorship, but I'll throw in a couple of brief comments
which Prof. Levine can use or not as seems appropriate.
Trying to win an argument by conceding the basic principle is the real
"fool's errand." The degree of free speech which we have was won by
people arguing for a basic principle, not by carving out specialized
exceptions to a general principle. The fact that there have always been
laws against "pornography" is not evidence that there is an exception
hidden in the First Amendment, nor is it a reason for us to act as if
there were.
Once you concede the principle and then argue "But we're an exception!"
then you only end up having your case made more and more narrow. Any
victories you win are at the cost of having helped the case for
censorship in the "normal" course of affairs.
An example: In New Hampshire, several communities have passed
ordinances severely restricting the location of bookstores that carry
material "that constitutes sexual conduct." The very definition is
incoherent at its root. But rather than challenge the principle, the
plaintiffs chose to challenge the details of the zoning. They lost --
and now there's a precedent saying that the ordinance was upheld in
court.
--
Gary McGath gmcgath@mv.mv.com
http://www.mv.com/users/gmcgath
One world, one vendor, one Web browser? No, thanks!
------------------------------
From: glr@ripco.com (Glen L. Roberts)
Date: 08 Jan 1996 14:08:13 GMT
Subject: Re: Public Universities and SSNs
Organization: Full Disclosure
The Oil City, Pa school district called up and asked my wife for the
kids SSNs... said: when we get their SSNs we'll be all set.
I called back to see what the deal was (ie: no Privacy Act Notice, and
no Privacy Act exemption allowing them to ask).
To make a long story short, the individual I talked to was responsive
to my privacy concerns (we'll see about the District in general). The
REASON they wanted one of the SSNs was they would run the SSN though a
private company that has a list of kids that have Medical ID cards. If
there was a match, the school would get money from the State. Why not
just ask if the kid has a Medical ID card? (not that it is really any
of the schools business who is on welfare or not).
Anyway, he said it was completely voluntary whether we provided the SSN
(and quite irrelevant to their objective since we don't have Medical ID
cards... so they won't get any money either way).
I sent him a copy of the book I publish, Your Social Security Number
from Pension Provider to Privacy Penetrator. I also just got my packet
from the United States District Court... we'll see if an apology and
compliance with the Privacy Act is forthcomming before I decide to
spend $120! (They had a spot on some paperwork for the SSNs but we
didn't fill em out or hear anything about it).
------
Check out our "Why Microsoft Sucks Contest" see url below
Full Disclosure [Live] -- Privacy, Surveillance, Technology!
(Over 140 weeks on the Air!)
The Net Connection -- Listen in Real Audio on the Web!
http://pages.ripco.com:8080/~glr/glr.html
------
------------------------------
From: Steigelmann@picard.capd.abbott.com (Jim Steigelmann)
Date: 08 Jan 1996 19:49:47 GMT
Subject: Re: Public Universities and SSNs
Organization: Abbott Labs
References: <comp-privacy8.3.7@cs.uwm.edu>
wrf@ecse.rpi.edu says... UT Austin asks for the applicant's SSN on
recommendation forms, and says that it is required. There is no
privacy act notice. This would seem to be illegal. It is also
intimidating since an applicant might be scared to make a fuss
since the admissions process is so vague, and the applicant would
never be able to prove that complaining was why he was rejected.
The University of Illinois had an even more insideous practice - your
Student ID number - required for every test (and asked for by bouncers
to get into bars) was you social security number.
--
---------------
Jim Steigelmann
----------------------------------------------------------
The opinions expressed are my own and do not represent the
opinions of my employer, my boss, the state of Illinois,
the government of the United States of America, or of the
world in general...
-----------------------------------------------------------
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 06 Jan 1996 09:32:19 -0600 (CST)
Subject: Gas Station Receipts
Organization: University of Wisconsin-Milwaukee
Taken from RISKS-LIST: Risks-Forum Digest Friday 5 January 1996
Volume 17 : Issue 60 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public
Policy, Peter G. Neumann, moderator
From: CharlesP_Schultz-ECS013@email.mot.com
Date: 03 Jan 96 06:56:36 -0600
Subject: Gasoline Pump Receipt Risks
Over the last few months, I have pulled up to self-serve gasoline pumps
that accept credit card payment, and noticed that a previous customer
has left behind the receipt that gets printed at the end of the
transaction. Some pumps make you explicitly hit a button to get a
receipt, but others do it automatically.
So what's the risk? The risk lies in the information that you leave
behind if you drive away without taking the receipt, or if you simply
toss it in the trash nearby. The receipts from different gas companies
have different information, but the worst risk I have seen so far is on
the Amoco receipt where the account number and CUSTOMER NAME appear on
the receipt. I also found a Chevron receipt that has someone's account
number on it, and the gas station's name and station number. Since this
particular gas station is "Juan's Chevron" I suppose a spoofer could
call up Chevron posing as Juan and give their station number to
legitimize their spoof, so here there is also a risk to the station
owner. Mobil receipts have less information than the Amoco or Chevron
ones. But as long as someone gets a legitimate account number, this is
probably enough information to perpetrate some damaging fraud (for
example, setting up a bogus gas station, then turning in credit card
receipts and getting paid for them by the gas provider - this actually
happened down here a number of years ago).
Here's a list of the information provided on the receipts (besides the
amount of gas and price per gallon) from the three providers I
mentioned above. I don't know if the gas companies use different models
of pumps in different parts of the country (I'm in South Florida), so
your receipts may differ. Perhaps we could collect information from
other gas providers, and urge them to be more sensitive to their
customers' privacy.
AMOCO: Station name and address, date, time, CUSTOMER NAME, CARD
ACCOUNT NUMBER, reference number
CHEVRON: Date, station name and address, station number, CARD ACCOUNT
NUMBER, invoice number, authorization number
MOBIL: CARD ACCOUNT NUMBER, invoice number, date, station name and city
--
Charles P. Schultz
------------------------------
From: Harvey A Silverglate <has@world.std.com>
Date: 05 Jan 1996 22:17:27 +0001 (EST)
Subject: Re: Censorship Escalation
Charles Platt wrote: I have a question for people whose knowledge
of censorship history is more comprehensive than mine: is there any
factual basis for the claim, often made by "our side," that
censorship tends to escalate? I've often heard it said by civil
libertarians that if we allow them to censor X today, they'll want
to censor Y tomorrow. Today, alt.sex.pedophilia; tomorrow, gay
discussion groups. Today, Hustler magazine; tomorrow, Penthouse.
Your question is too interesting for me to pass up the opportunity for
a brief reply. My reply is brief and partial, but I think to the
point.
In 1943, the U S Supreme Court decided the landmark free speech/free
press case of NEAR vs. MINNESOTA. In that case, the Court declared
presumptively unconstitutional all efforts by government at PRIOR
RESTRAINT of speech or press. This means that the government may not
prevent, IN ADVANCE, anyone from speaking or publishing, although in
some situations the government may prosecute, or courts may award civil
damages for, certain prohibited forms of speech (obscenity,
libel/slander for example). However, the Court, almost in passing,
said that the rule against prior restraints was not absolute. It gave
as an example of a possible exception, the case of a newspaper wanting
to publish the schedule by which troop ships would be sailing in time
of war. In such an extreme situation, said the Court, where national
security was involved, prior restraint might indeed be constitutional.
On the basis of the "troop ship" exception set out in NEAR, state and
federal governments have tried time and time again to suppress speech
and press via the route of prior restraints. There was the attempt to
stop the publication of the "Pentagon Papers" by the NYTimes,
Washington Post, and Boston Globe. There was the attempt to stop
publication by the Progressive magazine of an article on how to build
an atomic bomb (all of which information was available in the MIT
library!). There was the recent case of a private litigant - a bank -
trying to stop a business magazine from publishing an article
containing documentation from a lawsuit in which the bank was
involved. Such attempts at prior restraint are, sadly, endemic
nowadays to many "politically correct" college and university
campuses. The attempts at prior restraints go on and on. And each
time, there is restraint for a period of time until some appellate
court overturns the injunction against publication. It is a real
problem. The Supreme Court should have said simply that ALL prior
restraints are unconstitutional, and relied on the patriotism and good
sense of the press not to publish troop ship sailing schedules in time
of warfare. (Besides, such publication might well be punishable AFTER
publication, and surely a newspaper would not go ahead and publish such
material just because prior restraints are not available to the
government, if punishment after the fact were available.)
This is a good example of the phenomenon of the "slippery slope." Once
an inroad is made in liberty, the government, and some private parties,
may be counted on to try to push the envelope. Inroads into liberty
inevitably result, even if most are successfully resisted.
True, the same phenomenon might be found on the other side. Allow one
sexually-suggestive book to be published, and others -- even MORE
suggestive -- are likely to follow. But for people who value liberty,
if the "slippery slope" phenomenon is going to operate, better it
should operate in the direction of liberty, rather than in the
direction of suppression and repression.
--
Harvey Silverglate
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 06 Jan 1996 09:32:19 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #004
******************************
.