Date: Tue, 19 Mar 96 11:09:00 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#025
Computer Privacy Digest Tue, 19 Mar 96 Volume 8 : Issue: 025
Today's Topics: Moderator: Leonard P. Levine
Re: Legal Restrictions on SSN
Re: Legal Restrictions on SSN
Identification challenge
Re: Privacy Suit in San Diego
Re: 800 ANI
Re: 800 ANI
Re: 800 ANI
MS Internet Assistant Cache
Re: Netscape Problems
Help about IDEA Encryption
Social Security Number FAQ
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: johnl@iecc.com (John R Levine)
Date: 17 Mar 96 18:23 EST
Subject: Re: Legal Restrictions on SSN
Organization: I.E.C.C., Trumansburg, N.Y.
If someone knows of any other relevant federal laws, please post
them with specific cites.
This language dates from the original 1939 Social Security Act, at
which time it never occurred to anyone that SSNs would be used outside
the government, but the law says what it says.
It looks to me like section (7)(B) broadly prohibits lying about your
SSN. Note the last phrase before part (A), "for any other purpose".
What is says is:
42 USC Sec. 408
[Whoever]
(7) for the purpose of causing an increase in any payment
authorized under this subchapter (or any other program financed
in whole or in part from Federal funds), or for the purpose of
causing a payment under this subchapter (or any such other
program) to be made when no payment is authorized thereunder, or
for the purpose of obtaining (for himself or any other person)
any payment or any other benefit to which he (or such other
person) is not entitled, or for the purpose of obtaining anything
of value from any person, or for any other purpose -
(A) willfully, knowingly, and with intent to deceive, uses a
social security account number, assigned by the Secretary (in
the exercise of his authority under section 405(c)(2) of this
title to establish and maintain records) on the basis of false
information furnished to the Secretary by him or by any other
person; or
(B) with intent to deceive, falsely represents a number to be
the social security account number assigned by the Secretary to
him or to another person, when in fact such number is not the
social security account number assigned by the Secretary to him
or to such other person; or
(C) knowingly alters a social security card issued by the
Secretary, buys or sells a card that is, or purports to be, a
card so issued, counterfeits a social security card, or
possesses a social security card or counterfeit social security
card with intent to sell or alter it; or
(8) discloses, uses, or compels the disclosure of the social
security number of any person in violation of the laws of the
United States;
shall be guilty of a felony and upon conviction thereof shall be
fined under title 18 or imprisoned for not more than five years, or
both.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: curunir@deltanet.com
Date: 18 Mar 1996 05:52:59 GMT
Subject: Re: Legal Restrictions on SSN
Organization: Delta Internet Services, Anaheim, CA
References: <comp-privacy8.24.4@cs.uwm.edu>
Robert Gellman <rgellman@cais.cais.com> wrote: The only real
federal law restricting the collection of SSNs is section 7 of the
Privacy Act of 1974. That is Public Law 93-579, and section 7 is
uncodified. It can be found at 5 USC 552a note. Here is the
text:
(a)(1) It shall be unlawful for any Federal, State or localH
government agency to deny to any individual any right, benefit, or
privilege provided by law because of such individual's refusal to
disclose his social security account number.
(b) Any Federal, State, or local government agency which requests
an individual to disclose his social security account number shall
inform that individual whether that disclosure is mandatory or
voluntary, by what statutory or other authority such number is
solicited, and what uses will be made of it.
Two items: How did the codification miss that particular section? I
thought codification took the public law word for word into the US
Code...
Second, my employer demands I get an airport ID at the Long Beach
Airport. In the absence of a privacy act disclosure statement, I
refused to give my SSAN. Now they're demanding it again. I think they
probably qualify under one of the exceptions (as a polic agency), but
it seems to me that they still have to give out a disclosure notice.
Showing them a copy of the law simply does not impress them - no SSAN,
no ID.
So what do I do?
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 18 Mar 1996 09:22:25 -0500
Subject: Identification challenge
After reading so much about SSN abuse here in CPD and elsewhere, I
despair at ever solving the SSN problem. The genie is out of the
bottle. We privacy advocates, by refusing to accept this fact, may be
shooting ourselves in our collective feet. Real people are being
harmed every day because SSN fails to provide secure identification.
It is time to think of other ways to protect our identities.
Even simple daily activities cause privacy conflicts. To protect the
privacy of my bank account, I require the bank to secure the identity
of persons attempting to access it. On one hand, I may feel invaded
when the bank demands that I identify myself. On the other hand, I
would be angry if the bank failed to protect me from an unauthorized
person using a false identity. The simple act of identification
necessarily invades privacy to protect privacy.
I challenge us net.citizens to propose a solution to this simplest of
all privacy problems. Rather than SSN, what practical means is there
of identifying people?
A practical system should not be dependent on nationality, or race, or
electronics, or superior math skills. It must be affordable, fraud
resistant, scaleable, applicable anywhere, and not offensive to privacy
advocates or civil libertarians. It should not be able to be used for
passive surveillance of an entire populace by machine.
Me? I'd vote for face or voice recognition by a fellow human; except
that fails the scalability requirement.
If there is no solution, then compromise is necessary. Some of our
beloved principles have to give, and we should be working to define our
priorities.
--
Dick Mills +1(518)395-5154 O- http://www.pti-us.com
AKA dmills@albany.net http://www.albany.net/~dmills
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 17 Mar 1996 13:38:32 -0500
Subject: Re: Privacy Suit in San Diego
Organization: America Online, Inc. (1-800-827-6364)
References: <comp-privacy8.24.3@cs.uwm.edu>
>The paragraph stated, in general terms, that the check was an agreement
>between the individual and the retailer. That the retailer agreed not
>to use the individual's address WITHOUT consent, and that the check
>endoresment was not consent. Also, the paragraph sited some 'specific
>consumer protection bill' (my words, I'm looking to find out what this
>reference was!)
I believe the reference you seek was to the :
`Universal' Commercial Code..
otherwise (and better) known as the Uniform Commercial Code.
The guy's name is Robert Beken, and he sued a division of Tandy Corp
(Computer City?) .
Robert Bulmash
Private Citizen, Inc.
http://webmill.com/prvtctzn/home
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 17 Mar 96 17:52 EST
Subject: Re: 800 ANI
Organization: I.E.C.C., Trumansburg, N.Y.
References: <comp-privacy8.24.11@cs.uwm.edu> <comp-privacy8.17.11@cs.uwm.edu> <comp-privacy8.18.10@cs.uwm.edu> <comp-privacy8.22.7@cs.uwm.edu>
This is exactly the attitude I was complaining about, i.e., "we're
not going to solve the problem because..." vs. "here's how the
problem can be solved...." Don't give up so easily.
An important question to start with is how much per month extra you're
willing to pay to make 800 numbers blockable. Someone has to pay, and
800 customers certainly don't have any interest in paying for this.
If, as I suspect, the answer for most people is "nothing", that
suggests that nothing's going to change.
A reasonable compromise requiring no technical changes at all is to
encourage organizations with 800 numbers to publish equivalent non-800
numbers, which you can call if you don't want them to get ANI. Smart
organizations publish their regular numbers anyway, so that potential
customers outside of the area where their 800 number works can call
them. Dumb but true: US companies put ads in European magazines with
the only contact number an 800 number you can't call from Europe.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: wbe@psr.com (Winston Edmond)
Date: 18 Mar 1996 15:29:26 GMT
Subject: Re: 800 ANI
Organization: Panther Software and Research
References: <comp-privacy8.17.11@cs.uwm.edu> <comp-privacy8.18.10@cs.uwm.edu>
I believe there are two issues regarding "ANI blocking": a policy issue
and a technological issue, and that no one with the power to change the
technology is going to do so unless the prevailing policy is addressed
first.
The policy is that the one who pays for the call is entitled to enough
information to determine whether or not their bill is correct.
"Somebody, somewhere, but we're not going to tell you who or where,
called and you owe us $5 for the call" isn't an acceptable billing
practice.
* CLID when you pay for the call does not conflict with this policy and
so blocking options are acceptable.
* You may have seen warnings that calls to cellular phones may result in
the called person getting your phone number. Cellular phone customers
pay for incoming calls and thus fall under the policy.
* If 800-number customers are entitled to caller information at the end
of the month, then they are equally entitled to it at the time of the
call.
IMO, the best deal you'll ever get if you pursue "ANI blocking" is
suppression of the last 4 digits of the number, as in 614-366-xxxx.
That still marginally satisfies policy while providing some anonymity.
Of course, whether or not something like this would ever be implemented
depends on the market. CLID is sold to call recipients (who aren't
paying for the call) under the banner of security, caution, anti-
harrassment, etc. The equivalent for ANI blocking would be to offer
you, the caller, an extra-cost service to block the low 4 digits of
your number when calling an 800 or 888 number. Would you pay $5 /
month for that?
If enough people answer yes, then maybe you have a chance of seeing it
happen. Unlike CLID, where both caller and callee got new capabilities
at the same time, ANI blocking has to be proposed in an environment
where service to the callee already exists. Certainly the current
800/888 and cellular customers aren't going to pay extra, and they may
well complain that such a capability by callers would reduce the value
of the service they now have.
Anyhow, as I said, the issue of ANI blocking isn't primarily
technological (though there may well be some of those, too).
--
WBE
------------------------------
From: tpeters@hns.com (Thomas Peters)
Date: 18 Mar 1996 18:23:32 GMT
Subject: Re: 800 ANI
Organization: Hughes Network Systems Inc.
References: <comp-privacy8.17.11@cs.uwm.edu> <comp-privacy8.18.10@cs.uwm.edu> <comp-privacy8.22.7@cs.uwm.edu> <comp-privacy8.24.11@cs.uwm.edu>
The technical challenge in blocking the calling number from 800 and 900
numbers and other recipient-pays services is considerable, but that
isn't the real point. There are essentially no customers for this
feature, where customer is defined as someone who pays money.
The callers want it, but they aren't paying for the call. With possibly
a few exceptions (e.g. tip lines), the 800-number owners will not
support the service. The information is valuable to them and the
800-number is worth less if they cannot have it. Aside from all of the
other reasons for wanting the information, the need to audit
long-distance phone bills is real.
So I don't see any of the long distance providers jumping at the chance
to add this expensive new feature and aggravate their own customers.
What's left? Pass a law! This would allow everyone to help pay for the
feature :-). Of course, if anonymous call rejection is allowed, most
800-number owners will probably sign up for it and we will be right
back where we started.
--
Tom Peters
------------------------------
From: Shannon Wenzel <s_wenzel@ix.netcom.com>
Date: 17 Mar 1996 21:23:52 -0500
Subject: MS Internet Assistant Cache
Organization: Netcom
I have begun learning HTML programming. In order to place an example
graphic on an HTML page, I thought I would scan my harddisk for a
suitable GIF or JPEG image. In Win95, I lauched the FIND utility and
typed *.GIF. In seconds, a huge list of GIFS scolled across the screen.
I though this was odd so I wen to the directory.
Perhaps many of you are aware of Internet Assistant caching; I was not.
There were 7.2Mb of GIFs and JPEGs from pages I had visited in the
/CACHE directory. Needless to say, I was shocked and somewhat concerned
that these images had been saved to my hard drive.
Has anyone else had experience with this? I am concerned about "virus"
delivery or some other unscrupulous use of such technology.
--
///////////////////////////////////////////////////////////////
Shannon Wenzel KA3WBH
Princeton, NJ
Is it not possible than an individual may be right
and a government wrong? -- Henry David Thoreau
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
------------------------------
From: Barry Campbell <Btc@cris.com>
Date: 18 Mar 1996 01:48:06 -0500
Subject: Re: Netscape Problems
Organization: CTSL
References: <comp-privacy8.24.1@cs.uwm.edu>
Prof. L. P. Levine wrote: This is insidious; it means that E-mail
messages, purportedly from me (and all traces will show they really
are from me) can be sent anywhere, without my knowledge, with
contents that I do not approve. Further, it means that I can no
longer count on browsing a site without my userid being disclosed.
Unlike Java, there is no way to disable this. [Also been submitted
to Netscape.]
There is now. Netscape has released version 2.01 of its Navigator
software, which plugs this Javascript security hole and also fixes some
other security-related problems.
(You can also, at your discretion, now "turn off" Java and JavaScript
support in the Netscape browser.)
If you're interested in the particulars, point your browser to:
http://home.netscape.com/newsref/std/java_security.html
--
Barry Campbell | "There's no difference between theory
<Btc@cris.com> | and practice in theory, but there is
http://www.cris.com/~Btc | in practice."
------------------------------
From: deezxl@sunstation2.tsinghua.edu.cn (HOME_Xuelong Zhu)
Date: 19 Mar 1996 02:29:16 GMT
Subject: Help about IDEA Encryption
Organization: Peking Univerity
Where can I find the papers, technical reports or other materials about
security consideration, security authentication, cryptanalysis of the
IDEA (the International Data Encryption Algorithm).
Can you tell me how and why the IDEA works. Specially
1) why and how the MA structure plays an important role.
2) How the operations from three groups of order 2^n (2 to the n_th
power) play important roles.
3) is it the key point of the algorithm that one of the two groups in
MA structure can be looked as a field and the other one can be looked
as a ring in nature.
4) Why the little change from PEA to IDEA make the algorithm
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
stronger.
^^^^^^^^
Please send email to: deezxl@tsinghua.edu.cn
Thank you advance
------------------------------
From: hibbert@netcom.com (Chris Hibbert)
Date: 10 Mar 1996 14:10:27 GMT
Subject: Social Security Number FAQ
Organization: Computer Professionals for Social Responsibility
If you have comments on the following, please send them to me at
hibbert@netcom.com. A description of how to retrieve the most recent
version of this and related documents appears at the end.
What to do when they ask for your Social Security Number
by Chris Hibbert
Computer Professionals
for Social Responsibility
Many people are concerned about the number of organizations asking for their
Social Security Numbers. They worry about invasions of privacy and the
oppressive feeling of being treated as just a number. Unfortunately, I
can't offer any hope about the dehumanizing effects of identifying you with
your numbers. I *can* try to help you keep your Social Security Number from
being used as a tool in the invasion of your privacy.
The advice in this FAQ deals primarily with the Social Security Number used |
in the US, though the privacy considerations are equally applicable in many |
other countries. The laws explained here are US laws. The advice about |
dealing with bureaucrats and clerks is universal. |
The Privacy Act of 1974
The Privacy Act of 1974 (Pub. L. 93-579, in section 7), which is the primary |
law affecting the use of SSNs, requires that any federal, state, or local |
government agency that requests your Social Security Number has to tell you
four things:
1: Whether disclosure of your Social Security Number is required or
optional,
2: What statute or other authority they have for asking for your number,
3: How your Social Security Number will be used if you give it to them, and
4: The consequences of failure to provide an SSN.
In addition, the Act says that only Federal law can make use of the Social
Security Number mandatory (at 5 USC 552a note). So anytime you're dealing
with a government institution and you're asked for your Social Security
Number, look for the Privacy Act Statement. If there isn't one, complain
and don't give your number. If the statement is present, read it. Once |
you've read the explanation of whether the number is optional or required, |
and the consequences of refusing to give your number, you'll be able to |
decide for yourself whether to fill in the number.
There are several kinds of governmental organizations (see the list in the |
"Short History" section below) that usually have authority to request your |
number, but they are all required to provide the Privacy Act Statement |
described above. The only time you should be willing to give your number |
with reading that notice is when the organization you are dealing with is |
not a part of the government. |
Why You May Want to Resist Requests for Your SSN
When you give out your number, you are providing access to information about
yourself. You're providing access to information that you don't have the
ability or the legal right to correct or rebut. You provide access to data
that is irrelevant to most transactions but that will occasionally trigger
prejudice. Worst of all, since you provided the key, (and did so
"voluntarily") all the info discovered under your number will be presumed to
be true, about you, and relevant.
A major problem with the use of SSNs as identifiers is that it makes it hard
to control access to personal information. Even assuming you want someone to
be able to find out some things about you, there's no reason to believe that
you want to make all records concerning yourself available. When multiple
record systems are all keyed by the same identifier, and all are intended to
be easily accessible to some users, it becomes difficult to allow someone
access to some of the information about a person while restricting them to
specific topics.
Unfortunately, far too many organizations assume that anyone who presents
your SSN must be you. When more than one person uses the same number, it
clouds up the records. If someone intended to hide their activities, it's
likely that it'll look bad on whichever record it shows up on. When it
happens accidentally, it can be unexpected, embarrassing, or worse. How do
you prove that you weren't the one using your number when the record was
made?
What You Can Do to Protect Your Number
Here are some suggestions for negotiating with people who don't want to give |
you what you want. They work whether the problem has to do with SSNs (your |
number is added to a database without your consent, someone refuses to give |
you service without getting your number, etc.) or is any other problem with |
a clerk or bureaucrat who doesn't want to do things any way other than what |
works for 99% of the people they see. Start politely, explaining your |
position and expecting them to understand and cooperate. If that doesn't
work, there are several more things to try:
1: Talk to people higher up in the organization. This often works
simply because the organization has a standard way of dealing
with requests not to use the SSN, and the first person you deal
with just hasn't been around long enough to know what it is.
2: Enlist the aid of your employer. You have to decide whether talking
to someone in personnel, and possibly trying to change
corporate policy is going to get back to your supervisor and
affect your job. The people in the personnel and benefits |
departments often carry a lot of weight when dealing with health |
insurance companies. |
3: Threaten to complain to a consumer affairs bureau. Most newspapers
can get a quick response. Ask for their "Action Line" or
equivalent. If you're dealing with a local government agency,
look in the state or local government section of the phone book
under "consumer affairs." If it's a federal agency, your
congressmember may be able to help.
4: Insist that they document a corporate policy requiring the number.
When someone can't find a written policy or doesn't want to
push hard enough to get it, they'll often realize that they
don't know what the policy is, and they've just been following
tradition.
5: Ask what they need it for and suggest alternatives. If you're
talking to someone who has some independence, and they'd like
to help, they will sometimes admit that they know the reason
the company wants it, and you can satisfy that requirement a
different way.
6: Tell them you'll take your business elsewhere (and follow through if
they don't cooperate.)
7: If it's a case where you've gotten service already, but someone
insists that you have to provide your number in order to have a
continuing relationship, you can choose to ignore the request
in hopes that they'll forget or find another solution before
you get tired of the interruption.
How To Find Out If Someone Is Using Your Number
There are two good places to look to find out if someone else is using your |
number: the Social Security Administration's (SSA) database, and your credit |
report. If anyone else used your number when applying for a job, their |
earnings will appear under your name in the SSA's files. If someone uses |
your SSN (or name and address) to apply for credit, it will show up in the |
files of the big three credit reporting agencies. |
The Social Security Administration recommends that you request a copy of
your file from them every few years to make sure that your records are
correct (your income and "contributions" are being recorded for you, and no
one else's are.) As a result of a recent court case, the SSA has agreed to
accept corrections of errors when there isn't any contradictory evidence,
SSA has records for the year before or after the error, and the claimed
earnings are consistent with earlier and later wages. (San Jose Mercury
News, 5/14, 1992 p 6A) Call the Social Security Administration at (800)
772-1213 and ask for Form 7004, (Request for Earnings and Benefit Estimate
Statement.) The forms are available online at the SSA's website: |
http://www.ssa.gov/online/forms.html. You can also pick up a copy at any |
office of the SSA. |
Information about the credit reporting agencies is available in the Junk |
Mail FAQ, and various other privacy-related FAQs. Try looking at |
http://www.cpsr.org/dox/program/privacy/privacy.html |
Choosing A Key For New Databases
Most organizations that have studied the issue have concluded that a simple |
combination of Name, Address, and Phone number is usually sufficient. In |
cases where you are likely to be dealing with several members of the same |
family (and thus Jr. and Sr. might have matching records, you can add Date |
of Birth. If the database saves an old address and the date of the move, |
that will usually be sufficient to identify particular clients uniquely. |
If you're designing a database or have an existing one that currently uses |
SSNs and want to use numbers other than SSNs, it's useful to have the |
identifiers use some pattern other than 9 digits. You can make them longer |
or shorter than that, or include letters. That way it won't be mistaken for |
an SSN. |
Some of the qualities that are (often) useful in a key and that people think
they are getting from the SSN are uniqueness, universality, security, and
identification. When designing a database, it is instructive to consider
which of these qualities are actually important in your application; many
designers assume unwisely that they are all useful for every application,
when in fact each is occasionally a drawback. The SSN provides none of
them, so designs predicated on the assumption that it does provide them will
fail in a variety of ways.
Uniqueness
Many people assume that Social Security Numbers are unique. They were
intended by the Social Security Administration to be unique, but the SSA
didn't take sufficient precautions to ensure that it would be so. They have
several times given a previously issued number to someone with the same name
and birth date as the original recipient, thinking it was the same person
asking again. There are a few numbers that were used by thousands of people
because they were on sample cards shipped in wallets by their manufacturers.
(One is given below.)
The passage of the Immigration reform law in 1986 caused an increase in the
duplicate use of SSNs. Since the SSN is now required for employment, illegal
immigrants must find a valid name/SSN pair in order to fool the INS and IRS
long enough to collect a paycheck. Using the SSN when you can't cross-check
your database with the SSA means you can count on getting some false numbers
mixed in with the good ones.
Universality
Not everyone has a Social Security Number. Foreigners are the primary
exception (though the SSA will now assign a number to a legal immigrant |
without connecting that to the authority to work), but many children don't |
get SSNs until they're in school (and some not until they get jobs). They |
were only designed to be able to cover people who were eligible for Social
Security. If your database will keep records on organizations as well as
individuals, you should realize that they're not covered either.
Identification
Few people ever ask to see an SSN card; they believe whatever you say. The
ability to recite nine digits provides little evidence that you're associated
with the number in anyone else's database.
There's little reason to carry your card with you anyway. It isn't a good
form of identification, and if your wallet is lost or stolen, it provides
another way for the thief to hurt you.
Security
Older cards are not at all forgery-resistant, even if anyone did ever ask
for it. (Recently-issued cards are more resistant to forgery.) The numbers
don't have any redundancy (no check-digits) so any 9-digit number in the
range of numbers that have been issued is a valid number. It's relatively
easy to write down the number incorrectly, and there's no way to tell that
you've done so.
In most cases, there is no cross-checking that a number is valid. Credit
card and checking account numbers are checked against a database almost
every time they are used. If you write down someone's phone number
incorrectly, you find out the first time you try to use it. An incorrect
SSN might go unnoticed for years in some databases. In others it will
likely be caught at tax time, but could cause a variety of headaches.
Short History
Social Security numbers were introduced by the Social Security Act of 1935.
They were originally intended to be used only by the social security
program. In 1943 Roosevelt signed Executive Order 9397 which required
federal agencies to use the number when creating new record-keeping systems.
In 1961 the IRS began to use it as a taxpayer ID number. The Privacy Act of
1974 required authorization for government agencies to use SSNs in their
data bases and required disclosures (detailed below) when government
agencies request the number. Agencies which were already using SSN as an
identifier before January 1, 1975 were allowed to continue using it. The
Tax Reform Act of 1976 gave authority to state or local tax, welfare,
driver's license, or motor vehicle registration authorities to use the
number in order to establish identities. The Privacy Protection Study
Commission of 1977 recommended that EO9397 be revoked after some agencies
referred to it as their authorization to use SSNs. It hasn't been revoked,
but no one seems to have made new uses of the SSN recently and cited EO9397
as their sole authority, either.
Several states use the SSN as a driver's license number, while others record
it on applications and store it in their database. Some states that
routinely use it on the license will make up another number if you insist.
According to the terms of the Privacy Act, any that have a space for it on
the application forms should have a disclosure notice. Many don't, and
until someone takes them to court, they aren't likely to change.
Dealing with Government Organizations
Surprisingly enough, government agencies are reasonably easy to deal with;
private organizations are much more troublesome. Few agencies are allowed |
to request the number, and all agences are required to give a disclosure |
complete enough that you can find the law that empowers them. There are no |
comparable Federal laws either restricting the uses non-government
organizations can make of the SSN, or compelling them to tell you anything
about their plans.
Some states have recently enacted regulations on collection of SSNs by
private entities. (Usually in cases of consumers making payments with
checks or credit cards.) With private institutions, your main recourse is
refusing to do business with anyone whose terms you don't like. They, in
turn, are allowed to refuse to deal with you on those terms.
Universities and Colleges
Universities that accept federal funds are subject to the Family Educational
Rights and Privacy Act of 1974 (the "Buckley Amendment", it's at
http://www.cpsr.org/cpsr/privacy/law/education_records_privacy.txt), which
prohibits them from giving out personal information on students without
permission. There is an exception for directory information, which is
limited to names, addresses, and phone numbers, and another exception for
release of information to the parents of minors. There is no exception for
Social Security Numbers, so covered Universities aren't allowed to reveal
students' numbers without their permission. In addition, state universities
are bound by the requirements of the Privacy Act, (so they have to give a
Privacy Act notice if they ask for a SSN). If they make uses of the SSN
which aren't covered by the disclosure they are in violation.
US Passports
I've received several reports that a new version of the passport application |
fixes the problems described below. Apparently, these new applications ask |
for SSN, but state that failure to provide it isn't grounds to deny a |
passport. It warns that the SSN is used to verify the other information on |
the form, and processing of the application may be delayed if the number is |
not provided. I just went to my local Post Office, and found the old form |
still there. |
Some forms for applying for US Passports (DSP-11 12/87) request a Social |
Security Number, but don't give enough information in their Privacy Act
notice to verify that the Passport office has the authority to request it.
There is a reference to "Federal Tax Law" and a misquotation of Section
6039E of the 1986 Internal Revenue Code, claiming that that section requires
that you provide your name, mailing address, date of birth, and Social
Security Number. The referenced section only requires TIN (SSN), and it
only requires that it be sent to the IRS (not to the Passport office). It
appears that when you apply for a passport, you can refuse to reveal your
SSN to the passport office, and instead mail a notice to the IRS, give only
your SSN (other identifying info optional) and notify them that you are
applying for a passport. Copies (in postscript) of the letter that was used
by one contributor can be found at
ftp://ftp.cpsr.org/cpsr/privacy/ssn/passport.ps.Z. Other readers have also |
used this technique successfully. |
Requirement for Disclosing SSNs of Minors Covered by Company Health Plans
Quietly Dropped
The Omnibus Budget Reconciliation Act of 1993 required all employers to |
collect social security numbers for everyone covered by their health plans, |
including all dependents. The latest word is that this database has been |
quietly dropped, though it may still be in the law. If your employer |
requests your children's SSNs, ask for a copy of the regulation they're |
responding to. |
Children
The Family Support Act of 1988 (Pub. L. 100-485) requires states to require
parents to give their Social Security Numbers in order to get a birth
certificate issued for a newborn. The law allows the requirement to be
waived for "good cause", but there's no indication of what may qualify.
The IRS requires taxpayers to report SSNs for dependents over one year of
age when you claim them as a deduction, but the requirement can be avoided
if you're prepared to document the existence of the child by other means if
the IRS challenges you. The law on this can be found at 26 USC 6109. The
penalty for not giving a dependent's number is only $5. Several people have
reported that they haven't provided SSNs for their dependents for several
years, and haven't been challenged by the IRS. Notice that the instructions |
for form 1040 report that the fine is $50. I have heard reports from |
several people who haven't given any SSN for their children, and have paid |
no fine, and I haven't heard from any one who has had to pay a fine. |
Private Organizations
The guidelines for dealing with non-governmental institutions are much more
tenuous than those for government departments. Most of the time private
organizations that request your Social Security Number can get by quite
well without your number, and if you can find the right person to negotiate
with, they'll willingly admit it. The problem is finding that right person.
The person behind the counter is often told no more than "get the customers
to fill out the form completely."
Most of the time, you can convince them to use some other number. Usually
the simplest way to refuse to give your Social Security Number is simply to
leave the appropriate space blank. One of the times when this isn't a
strong enough statement of your desire to conceal your number is when
dealing with institutions which have direct contact with your employer.
Most employers have no policy against revealing your Social Security Number;
they apparently believe that it must be an unintentional slip when an
employee doesn't provide an SSN to everyone who asks.
Employers
Employers are required by the IRS to get the SSNs of people they hire. They
often ask for it during the interview process, but there are good reasons to
refuse if you can afford to argue with the potential employer. Some of them
use the SSN to check credit records, to look for criminal history, and
otherwise to delve into your past in areas you might object to. Tell them
you'll give them your SSN when you accept their offer. They have no
legitimate use for it before then.
At one point I needed a security badge from a company that wasn't my |
employer (my employer was contracting to the host.) The host company used |
SSNs to do background checks on applicants for security badges. I asked if |
there was a way I could keep my SSN out of their database, and we worked |
things out so I gave my number directly to the person who ran the background |
check, and he used it for that and then destroyed it. I may have been the |
only person working at this very large company who didn't have an SSN on |
file. |
Utilities
Public utilities (gas, electric, phone, etc.) are considered to be private
organizations under the laws regulating SSNs. Most of the time they ask for
an SSN, and aren't prohibited from asking for it, but they'll usually relent
if you insist. See the suggestions above under "What you can do to protect
your number" for more ideas.
Banks
Banks and various others are required by the IRS to report the SSNs of |
account holders to whom they pay interest. If you don't tell them your |
number you will probably either be refused an account or be charged a |
penalty such as withholding of taxes on your interest. Most banks will |
refuse to open safe deposit boxes without a SSN, though there is no direct |
governmental requirement that they collect it. |
Many banks send the names, addresses, and SSNs of people whose accounts have |
been closed for cause to a company called ChexSystem. ChexSystem keeps a |
database of people whose accounts have been terminated for fraud or chronic
insufficient funds in the past 5 years. ChexSystems is covered by the Fair
Credit Reporting Act, and a bank is required to let you know if it refuses
to open an account and a report from ChexSystems was a factor. You can also
send a letter to ChexSystems directly (Consumer Relations, 12005 Ford Road, |
Suite 650, Dallas, TX, 75234) and request a copy of their report on you. |
Many Banks, Brokerages, and other financial institutions have started
implementing automated systems to let you check your balance. All too
often, they are using SSNs as the PIN that lets you get access to your
personal account information. If your bank does this, write them a letter
pointing out how common it is for the people with whom you have financial
business to know your SSN. Ask them to change your PIN, and if you feel
like doing a good deed, ask them to stop using the SSN as a default
identifier for their other customers. Some customers will believe that
there's some security in it, and be insufficiently protective of their
account numbers. Every financial institution I have asked has been willing |
to use a password I supplied. I don't know why they don't advertise this |
rather than relying on the SSN. |
When buying (or refinancing) a house, you have to give your SSN, because
the bank is required to report the interest you pay. Most banks will now ask
for your Social Security Number on the Deed of Trust. This is because the
Federal National Mortgage Association wants it. The fine print in their
regulation admits that some consumers won't want to give their number, and
allows banks to leave it out when pressed. [It first recommends getting it
on the loan note, but then admits that it's already on various other forms
that are a required part of the package, so they already know it. The Deed
is a public document, so there are good reasons to refuse to put it there,
especially since all parties to the agreement already have access to your |
number.] |
Insurers, Hospitals, Doctors
No laws require private medical service providers to use your Social
Security Number as an ID number. They often use it because it's convenient
or because your employer uses it to identify employees to its group's health
plan. In the latter case, you have to get your employer to make an
exception to their standard practices. Often, the people who work in
personnel assume that the employer or insurance company requires use of the
SSN when that's not really the case. When a previous employer asked for my
SSN for an insurance form, I asked them to find out if they had to use it.
After a week they reported that the insurance company had gone along with my
request and told me what number to use.
Insurance companies often require the SSN for underwriting purposes, but |
don't usually use it for underwriting personal property or personal auto |
insurance policies. You may be able to get them to leave the number out of |
their data base, even if they want to use it when deciding whether to cover |
you. They may call every few years to ask for it again. |
Insurance companies share information with one another that they have |
collected while evaluating applications for life, health, or disability |
insurance. They do this by sending the information to an organization |
called the Medical Information Bureau. The information they share includes |
test results and brief descriptions of conditions relevant to health or |
longevity. MIB rules prohibit the reporting of claims information. The MIB |
doesn't use the SSN as an identifier in their files, and doesn't report SSNs |
when providing reports. You can get a copy of your MIB file by writing to |
Medical Information Bureau, P.O. Box 105, Essex Station, Boston, MA 02112. |
Their phone number is (617)426-3660. |
Blood banks
Blood banks also ask for the number but are willing to do without if pressed
on the issue. After I asked politely and persistently, the (non-Red Cross)
blood bank I go to agreed that they didn't have any use for the number.
They've now expunged my SSN from their database, and they seem to have taught
their receptionists not to request the number. I've gotten one report that
some branches of the Red Cross will issue a "file number" in lieu of your SSN
if you insist. It's probably the case that not all branches (and especially
not all receptionists) know about this possibility, so it will pay to be
persistent.
Blood banks have changed their policies back and forth a few times in the
last several years. When the AIDS epidemic first hit, they started using
SSNs to identify all donors, so someone who was identified as HIV-positive at
one blood bank wouldn't be able to contaminate the blood supply by donating
at a different site. For a few years, they were a little looser, and though
they usually asked for SSNs, some would allow you to donate if you provided
proof of your identity. (I showed a Driver's license, but didn't let them
copy down the number.) Now the Federal Government has declared blood banks
to be "manufacturers" of a medical product, and imposed various Quality
Control processes on them.
The Blood bank I go to now asks for SSNs, and if you refuse, allows you to
give a Driver's License number. I balked at that, since I hadn't had to
give it before. They let me donate, but while I was eating cookies, the
director of Quality Control came down and talked to me. After a little bit
of discussion, she was satisfied to have me pick an ID number that I
promised to remember and provide when I visisted again. So, once again, if
you want to protect your SSN and your privacy, it pays to push back when
they ask.
Using a False Social Security Number
If someone absolutely insists on getting your Social Security Number, you
may want to give a fake number. I have never needed to give a fake number; |
at least one of the remedies described above has always worked for me. |
There *are* legal penalties for providing a false number when you expect to
gain some benefit from it. For example, a federal court of appeals ruled
that using a false SSN to get a Driver's License violates federal law.
Making a 9-digit number up at random is a bad idea, as it may coincide with |
someone's real number and cause them some amount of grief. It's better to |
use a number like 078-05-1120, which was printed on "sample" cards inserted
in thousands of new wallets sold in the 40's and 50's. It's been used so
widely that both the IRS and SSA recognize it immediately as bogus, while
most clerks haven't heard of it. There were at least 40 different people in |
the Army's database at one point who gave this number as their SSN. The |
Social Security Administration recommends that people showing Social
Security cards in advertisements use numbers in the range 987-65-4320
through 987-65-4329.
There are several patterns that have never been assigned, and which
therefore don't conflict with anyone's real number. They include numbers
with any field all zeroes, and numbers with a first digit of 8 or 9. For
more details on the structure of SSNs and how they are assigned, see
http://www.cpsr.org/cpsr/privacy/ssn/SSN-structure.
Giving a number with an unused pattern rather than your own number isn't
very useful if there's anything serious at stake since it's likely to be
noticed.
Collecting SSNs yourself
There aren't any federal laws that explicitly forbid the collection of SSNs.
However, there is a body of law, intended to prohibit the misuse of credit
cards, that is written vaguely enough that it could be interpreted to cover
personal collections of SSNs. The laws are at 18 USC 1029, and cover what
is called "access device fraud." An access device is "any card, plate,
code, account number or other means of access that can be used, alone or in
conjunction with another access device, to obtain money, goods, services, or
any other thing of value, or that can be used to initiate a transfer of
value." The law forbids the possession, "knowingly and with intent to
defraud" of fifteen or more devices which are counterfeit or unauthorized
access devices." If interstate commerce is involved, penalties are up to
$10,000 and 10 years in prison.
Retrieving the SSN FAQ and related documents
The SSN FAQ is available from two places: rtfm.mit.edu (by FTP or EMail), or
cpsr.org (by FTP or http).
WWW (HTTP)
http://www.cpsr.org/dox/program/privacy/ssn/ssn.faq.html. The HTML
version of the SSN FAQ stored there contains several resources which I
haven't included in the plain text version.
rtfm.mit.edu is a standard archive which has many other FAQs. |
EMail
You can get the latest version of the SSN FAQ by sending mail to
mail-server@rtfm.mit.edu with
send usenet-by-hierarchy/news/answers/privacy/ssn-faq
as the sole contents of the body. Send a message containing "help" to
get general information about the mail server.
cpsr.org has other resources on privacy, SSNs, and related subjects.
Other directories contain information on pending legislation, the 1st
amendment, computer security, cryptography, FOIA, NII, and CPSR.
other Privacy-related Resources
http://www.cpsr.org/dox/program/privacy/privacy.html |
If you have suggestions for improving this document please send them to me:
Chris Hibbert
hibbert@netcom.com or 1195 Andre Ave.
Mountain View, CA 94040
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #025
******************************
.