Date: Sat, 02 Mar 96 11:27:15 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#020
Computer Privacy Digest Sat, 02 Mar 96 Volume 8 : Issue: 020
Today's Topics: Moderator: Leonard P. Levine
Re: Caller ID: Ameritech -> MCI
Re: Caller ID: Ameritech -> MCI
International Billing for 800's
Re: ANI Information Cannot Be Used for Marketing Purposes
Re: Access to DMV Records by Rental Car Companies
Caller ID is not 800# ANI
US Right to Anonymous Publication
Re: Your Computer Is Watching You
A Far-Reaching Privacy Bill
Re: KING Radio Checks out Bill Gates
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: jacob@mayhem.com (Jacob DeGlopper)
Date: 28 Feb 1996 19:47:13 -0500 (EST)
Subject: Re: Caller ID: Ameritech -> MCI
Organization: Mayhem Communications
you write: Just another data point for those interested in Caller
ID interoperability. I phoned an 800 number from my private
residence line (Ameritech) and preceded the call with *67. The 800
number was able to determine my phone number (this was an automated
system I was
800 numbers don't use Caller ID. The owner of an 800 number gets ANI
(Automated Number Identification) information on the lines that call
his 800 number, since he's paying for the call. The ANI delivery can
vary from just having the numbers printed on your bill the next month
to getting real-time ANI, which is what this automated system is
doing.
ANI can't be blocked with *67.
------------------------------
From: page-usa@ix.netcom.com (Ken Mezger)
Date: 29 Feb 1996 08:14:08 GMT
Subject: Re: Caller ID: Ameritech -> MCI
Organization: Netcom
References: <comp-privacy8.19.5@cs.uwm.edu>
<glnfoote@freenet.columbus.oh.us> writes: First the "right" to know
who is calling on an 800 number is not the same as having
sufficient information to audit the bill. For years telephone
companies would not provide this information, and the business
community got along without it just fine. Users could still be
given sufficient information to indicate the general area of the
call (NPA, NNX), but even this is may be too much information _for
billing purposes_ when you consider that 800 services are
increasingly being offered on a flat per minute basis.
**ANOTHER PROBLEM NOBODY HAS MENTIONED...I HAVE NOTICED WITHIN THE PAST
YEAR ALL OF THE POLICE DEPARTMENT TIPSTER/CRIMESOLVER NUMBERS ARE NOW
AN (800) NUMBER! THEY ALWAYS ASSURE YOU THAT IT'S NOT NECESSARY TO GIVE
YOUR NAME...THAT'S BECAUSE THEY ALREADY KNOW WHERE YOU ARE CALLING
FROM! I THINK ALL CALLERS TO THESE POLICE TIPSTER LINES SHOULD BE MADE
AWARE THAT THEY ARE NOT BEING AFFORDED ANY PRIVACY WHEN THEY CALL TO
GIVE INFORMATION TO THE POLICE. IT'S ONLY FAIR, ISN'T IT??
[moderator: Good point, but no need to shout.]
------------------------------
From: "Peter M. Weiss +1 814 863 1843" <PMW1@PSUVM.PSU.EDU>
Date: 29 Feb 96 09:23 EST
Subject: International Billing for 800's
What happens if the 800/880 # is terminated in Canada but initiated
in the USA? Who calls the shots then?
--
Pete Weiss at Penn State
[moderator: with the new 888 numbers (second set of free calls) we can
expect a new set of problems. TV yesterday told me that 1/3 of ALL
calls were to 800 numbers.]
------------------------------
From: glr@ripco.com (Glen L. Roberts)
Date: 28 Feb 1996 20:57:02 GMT
Subject: Re: ANI Information Cannot Be Used for Marketing Purposes
Organization: Full Disclosure
References: <comp-privacy8.19.7@cs.uwm.edu>
privacy@interramp.com (Privacy Newsletter) wrote: Several
participants in this newsgroup have recently discussed how
800-number-owners have the capacity to collect ANI information.
This is very true. However, the nationwide Caller ID rules -- which
went into effect December 1, 1995 -- make it illegal for an
800-number-owner to use ANI information for marketing purposes. ANI
is allowed only for routing purposes or for account retrieval;
under the FCC's rules, no other behavior is tolerated. A strict
reading of the rule means that should an individual call a business
with an 800 number, and the individual becomes disconnected, then
the business cannot call the individual back. Generally speaking,
unless the individual gives permission to associate his/her
telephone with his/her name, the business cannot call back.
Period!
Ironically, such a provision does not apply to numbers captured
under Caller ID -- only under ANI. For more information, you can
check the complete rule under the FCC's homepage or contact Privacy
Newsletter.
Where is the oversight / enforcement?
How do you prove they used your number from ANI?
------
Links, Downloadable Programs, Catalog, Real Audio & More on Web
Full Disclosure [Live] -- Privacy, Surveillance, Technology!
(Over 150 weeks on the Air!)
The Net Connection -- Listen in Real Audio on the Web!
http://pages.ripco.com:8080/~glr/glr.html
------
------------------------------
From: horowitz@nosc.mil (Alan M. Horowitz)
Date: 28 Feb 1996 22:29:59 GMT
Subject: Re: Access to DMV Records by Rental Car Companies
Organization: NCCOSC RDT&E Division, San Diego, CA
References: <comp-privacy8.14.7@cs.uwm.edu> <comp-privacy8.17.8@cs.uwm.edu> <comp-privacy8.18.14@cs.uwm.edu>
"Milton C. Hubbard" <mchubb01@starbase.spd.louisville.edu> writes:
Did you offer to use a Gold VISA, MC or AMEX as security? They
offer complete car insurance automatically even when the renter has
no comprehensive coverage on his own policy. I don't see how the
rental agency could lose in this situation. Comments anybody?
Read your CC insurance contract, more closely.....
------------------------------
From: Richard_Lee@ssw.mclean.sterling.com (Richard A Lee)
Date: 29 Feb 1996 00:59:55 GMT
Subject: Caller ID is not 800# ANI
Organization: Sterling Software ITD, McLean, VA
References: <comp-privacy8.17.11@cs.uwm.edu>
Christopher L Barnard <cbarnard@cs.uchicago.edu> writes: Yet
another reason to never assume that caller ID blocking will
actually block anything...
*Sigh*. One more time:
800 numbers use ANI (Automatic Number Identification, I think), which
existed well before Caller ID and is quite unrelated to it. Using
Caller ID blocking will not -- repeat, _not_ -- prevent ANI from
working.
The fact that the 800 number belonged to a different provider in your
case is _completely_ irrelevant.
--
Richard Lee rlee@mclean.sterling.com Sterling Software, McLean VA
"Don't take life so serious, son... It ain't NOHOW permanent."
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 01 Mar 1996 06:41:13 GMT
Subject: US Right to Anonymous Publication
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
The thread on remailers seems to have turned to the likelyhood of
interception. Without checking an archive my recollection is that the
poster who started the thread felt that the US was somehow threatened
by anonymous posting. It brought me back recollections of a CBC
interview with a communist chinese official who got quite exercised
about the suggestion that people should be able to put up posters
"without put down name". I'm sure he sounds much more eloquent in his
own language. I was actually quite impressed by his ability to debate
with the reporter in English, or at least in Canayjun.
While anonymous remailers, usenet and e-mail provide a computer context
to this particular discussion the root issues go back centuries, if not
millenia, and a wide body of literature exists about them. Discussion
of Privacy issues might be improved by building on the work of the many
people who have spent a lot of time and energy considering them
already.
In Ch. 13 "Privacy and American Law" of "Privacy and Freedom", Alan
Westin writes of "The First Era of Technological Challenge,
1880s-1950".
On page 331, he writes "The First Amendment and its state counterparts
also protected individuals in the practice of anonymous publication.
Contrary to the principle of seventeenth-century English Licensing
laws, which had required books and pamphlets to bear the name of the
author and printer, the First Amendment's right of free press protected
both anonymous and pseudonymous expressions. One historian has
estimated that between 1789 and 1809 six Presidents, fifteen Cabinet
members, twenty Senators, and thirty-four Congressmen published
unsigned political writings or writings under pen names." refering to a
citation in a 1961 issue of Yale Law Journal.
On page 334 Westin writes "The Constitution of 1787, of course, had
itself been written behind closed doors; no reports were published, and
all participants were sworn to secrecy, 'to preserve the fullest
freedom of discussion.' Though opponents of the Constitution denounced
the 'secret conclave,' historians agree that a constitution would
probably never have been issued if the convention's work had been
publicized at the time."
Another timely/timeless issue mentioned in Westin's 1967 book is law
cases resulting in computer searches of electronic repositories for
items containing combinations of keywords. Another I find ironic is his
description of being personaly assured by the head of a federal agency
that it had a written policy of a total ban on phone taps, when in fact
it used them extensively, sent staff to phone tap courses, and
purchased equipment and vehicles to perform taps. This is an
interesting precedent to consider in light of the claims that Clipper
keys will be escrowed and not accessed without a warrant, and otherwise
used only in accordance with a published written policy. -- notice: by
sending advertising/solicitations to this account you will be
indicating your consent to paying me $70/hour for a minimum of 2 hours
for my time spent dealing with it
------------------------------
From: glr@ripco.com (Glen L. Roberts)
Date: 28 Feb 1996 20:56:57 GMT
Subject: Re: Your Computer Is Watching You
Organization: Full Disclosure
References: <comp-privacy8.18.13@cs.uwm.edu>
gordon@sneaky.lerctr.org (Gordon Burditt) wrote: Deleting the
cookies file will prevent the cookies from persisting over sessions
(I hope), but it is not at all obvious to me that you won't be
"re-infected" with cookies each time you visit a site that uses
them (especially if Netscape is still set to show one of Netscape's
pages on startup - I recommend changing this). I expect that the
cookies file is cached in memory and that updates use the memory
copy (no, I didn't trace the code to prove this). This will allow
Netscape to track your travels in their pages in any one session,
but it won't allow correlations between sessions (except by IP
address, which might be dynamic or correspond to several different
users) if you keep deleting or prevent creation of the cookie
file.
Why not update, alter, or amended the cookies file to provide bogus
information to whoever snoops...
MCOM-HTTP-Cookie-file-1
.infoseek.com TRUE / FALSE 826157028
InfoseekUserId 3393C369AEB848A45615C6081EAE685E
.infoseek.com TRUE / FALSE 826157028
InfoseekCookieVersion 1
What secrets have I told the world by incluing my cookie file here?
------
Links, Downloadable Programs, Catalog, Real Audio & More on Web
Full Disclosure [Live] -- Privacy, Surveillance, Technology!
(Over 150 weeks on the Air!)
The Net Connection -- Listen in Real Audio on the Web!
http://pages.ripco.com:8080/~glr/glr.html
------
------------------------------
From: Beth Givens <bgivens@pwa.acusd.edu>
Date: 29 Feb 1996 18:21:56 -0800 (PST)
Subject: A Far-Reaching Privacy Bill
California state senator Steve Peace has introduced a bill, which if it
passes, will give consumers a great deal of control over their personal
information. The bill reads in part:
"No person or corporation may use or distribute for profit any personal
information concerning a person without that person's written consent.
Such information includes, but is not limited to, an individual's
credit history, finances, medical history, purchases, and travel
patterns."
Senator Peace himself admits that the language is very broad at this
time, and that the bill will no doubt be altered radically before it
comes up for a vote.
--
Beth Givens Voice: 619-260-4160
Project Director Fax: 619-298-5681
Privacy Rights Clearinghouse Hotline (Calif. only):
Center for Public Interest Law 800-773-7748
University of San Diego 619-298-3396 (elsewhere)
5998 Alcala Park e-mail: bgivens@acusd.edu
San Diego, CA 92110 http://pwa.acusd.edu/~prc
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 01 Mar 1996 20:51:42 GMT
Subject: Re: KING Radio Checks out Bill Gates
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
That was KING TV, of course. My wife and children often don't let me
use our cumputer and phone line till they've turned in for the night. I
guess the late hour takes it toll in my composition.
The tuesday show found a lot of public record data about him. Apart
from the make and year of 5 vehicles they also found registration data
for 2 boats, as well as the title details and tax details for his
estate. The story mentioned that KING didn't look at his credit report
because they didn't have permission, but said that there were companies
that would do sell them a copy even though that is illegal. They were
able to find his SSN and noted that it was apparently being used by a
California man with a different name.
Tuesday's show also mentioned a copy (Acxiom?) along with picture of
robotic tape retrieval and said that it has all sorts of personal
information including the names and ages of your children.
Wednesday's show had a volunteer grant permission to start with a
driver's licence and look at her credit report, as well as the stuff
they did monday. This lady had also been divorced and was startled to
hear them read off some of the details of who got what in the
settlement(nice starting point for burglars after a paticular item they
already have a buyer lined up for?).
The issue of credit report innaccuracy also came up, since it reported
a loan and a law suit/food poisoning incident that had nothing to do
with her.
The general tone of this series is that these kinds of problems and
exposures are "a wake up call".
There was a bit on medical record privacy, but the suggestion of paying
cash seemed a bit ineffective, even to one of the other journalists.
--
notice: by sending advertising/solicitations to this account you will be
indicating your consent to paying me $70/hour for a minimum of 2 hours for
my time spent dealing with it
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 02 Mar 1996 10:34:30 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #020
******************************
.