|
Computer Privacy Digest Vol 2 #008
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Tue, 19 Jan 93 Volume 2 : Issue: 008
Today's Topics: Moderator: Dennis G. Rears
New French computer security e-journal
Op-ed piece on telephone Calling Number ID
Radar Detector Prohib
Re: Radar Detector Prohib
Re: Radar Detector Prohib
Re: Radar Detector Prohibitions
Re: Radar Detector Prohibitions
SSN and new baby
Re: SSN and new baby
Re: SSN and new baby
Re: SSN
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: [email protected]
Date: 31 Dec 69 23:59:59 GMT
Subject: New French computer security e-journal
Bonjour!
A new computer security e-journal is already published in France. It's the
first in my country:
* weekly;
* name: _Chaos Digest_;
* last issue available: #1.03 (18 Jan 1993);
* for a subscription send an e-message to: [email protected]
Thanks, and hope to hear from you soon!
jbc
--
_-_|\ Jean-Bernard Condat
/ \ Chaos Computer Club France [CCCF] B.P. 8005
\_.-*_/ E-Mail: [email protected] 69351 Lyon Cedex 08, France
v Phone: +33 1 40101775 Fax: +33 1 47877070
------------------------------
From: [email protected]
Subject: Op-ed piece on telephone Calling Number ID
Date: 13 Jan 93 13:46:28 GMT
Organization: Computer Science Department University of Rochester
I recently wrote the following article for the editorial page of the
Rochester, NY _Times_Union_. It appeared (edited down a couple of
paragraphs) on Tuesday, January 12th, 1993, under the (newspaper chosen)
headline "Call Id Will Be Boon For Telemarketers". I thought I'd share
it with the net.
---------------------
Unless you act immediately, your name, address, and telephone number are
about to be added to the marketing lists of a whole new set of telephone soli-
citors and direct-mail advertisers. How? Through the "Call ID" facility
recently introduced by Rochester Telephone.
Call ID or, more accurately, Calling Number Identification (CNID), is a
mechanism that gives your telephone number to anyone you call. CNID is being
promoted as a way to enhance personal privacy: if you pay for CNID service and
buy a special phone, you can see the number from which you are being called
before you decide to answer. Unfortunately, CNID is much more useful to the
marketing industry than it is to individuals. On the whole, it is likely to
_reduce_ your personal privacy, rather than enhance it.
To its credit, Rochester Telephone has sought to educate customers,
through phone bill inserts and newspaper ads, about the technical details of
CNID. Moreover, it is permitting customers to opt out of the system.
By default, your telephone number will be given to anyone you call, unless
you punch a special code before you dial. If you call the phone company and
request "all-call restrict," this behavior will be reversed: your number will
_not_ be given to anyone you call, _unless_ you punch a special code first.
Many people would "like to know `who is it?'" before they pick up the
phone. Advertising slogans notwithstanding, however, CNID doesn't tell you.
Suppose you buy into the service. When your phone rings and displays the call-
ing number, how will you decide whether to answer? Do you know the phone
numbers of all the people you might be willing to talk to? If not, how will
you resist the urge to pick up the phone "just in case"? Even if you memorize
the phone numbers of all your friends, how will you know if they call you from
a different phone, or if your spouse calls from a gas station when the car
breaks down, or if a stranger calls to tell you that your child has been
injured while out playing?
Experience with CNID in other states suggests that the real beneficiaries
are commercial customers who want to compile -- and then sell -- a list of the
people who call them. For $200, your favorite business can buy a "reverse
directory" that lists all the phone numbers in the Rochester area, in numeri-
cal order, with the names and addresses that go with them. For $350, they can
buy this directory on a computer-readable laser disk. A business that keeps
track of the numbers from which it is called can easily generate a list of the
people who made those calls, or at least of the people who own the numbers.
Call a movie theater for show times, and within a few days you may begin to
receive junk mail and phone calls inviting you to join a video-of-the-month
club. Call a bank or broker to check on interest rates and you may begin to
receive cold calls from financial advisors. Call any sort of specialty shop
(toy store, gun shop, pro shop -- even a fancy restaurant) and you're likely
to find yourself on yet another marketing list.
These lists are very big business. A multi-billion-dollar industry now
collects and organizes personal information on ordinary people. The same com-
pany that sells reverse directories will, for a price, augment the listing
with estimates of family income (guaranteed 98% accurate to within $5,000),
number of children, number of cars, favorite hobbies, etc. One of their
sources of information is a CNID-like service that was offered to businesses
with 1-800 and 1-900 numbers several years ago. (Your number is given away
whenever you make an 800 or 900 call, and there's nothing you can do to
prevent it.) The company representative to whom I spoke expects local CNID
to increase his business substantially, but he understands the cost: he has
switched to all-call restrict for his own phone.
For those who want to eliminate nuisance phone calls, there are better
alternatives than CNID. Many people have taken to leaving their answering
machines on all the time. I have friends whose recording says "Please state
your name and the person for whom you are calling. If no one picks up the
phone right away, you may leave a message." Of course, they have to listen
whenever the phone rings, but they'd have to go look at the number display if
they had CNID.
An option that saves you the trouble of even going to the phone when an
unwanted call arrives can be purchased for $70 from local telephone stores
(though not from the Rochester Telephone product center). It's a "call
screening" box that plugs in between your phone and the wall, and that can be
programmed with a special 4-digit "security code." Callers hear a recorded
message that asks them to type in the code. If they get it wrong, your phone
doesn't even ring. Friends who know the code can call you from anywhere.
Hammacher Schlemmer sells a fancier version that remembers up to 300 different
codes.
If privacy were really the goal, telephone companies could easily provide
the name of the owner of the calling number, rather than the number itself, in
a CNID service. The name would be much more useful to residential customers
than the number is, but would be much less useful to marketers, since names do
not uniquely identify households. Equally easily, phone companies could pro-
vide services that duplicate the functionality of call screening boxes. If
they allowed callers to identify themselves, either by voice or by punched-in
code, you would be in a far better position to decide whether you wanted to
answer. Knowing that your call is from "Tom at work" is a lot more useful,
from a privacy point of view, than knowing the number from which the call was
placed. At the same time, this sort of personalized identification is useless
for the collection of marketing lists.
Privacy-enhancing alternatives to CNID have been proposed in testimony to
the FCC and before public service commissions across the country. In every
case, telephone companies have resisted the proposals, on the grounds that
they do not adequately meet the needs of their marketing customers. Marketers
are clearly hoping that most Rochester residents won't bother to opt out of
CNID. I urge you to disappoint them: call the Rochester Telephone customer
service number (777-1200) and request all-call restrict. Keeping your phone
number private is easy and free.
Michael L. Scott is an Associate Professor of Computer Science at the Univer-
sity of Rochester and a member of Computer Professionals for Social Responsi-
bility. The views expressed here are his own.
------------------------------
From: Craig Wagner <[email protected]>
Date: Thu, 14 Jan 1993 17:13:50 -0500
Subject: Radar Detector Prohib
ER> [Moderator's Note: You're underlying assumption is that breaking
ER> speed limits is dangerous. This is not necessarily true.
While it's true that it's "not necessarily true," it's _not_ the case that a
driver can _know_ that it's _not_ dangerous, and therefore shouldn't be doing
it. He may see no other cars on the road, and the driving conditions may be
perfect, but he has no way of knowing precisely the road conditions ahead of
him, or whether or not there's a driver waiting to turn onto the road, and
expecting any oncoming traffic for which he may be looking to be no further away
than could be expected based upon the posted speed limit.
ER> Your statement about burglar tools is incomplete. Most states have laws
ER> that ban the possession and use of burglar tools. Since most burglar
ER> tools also have legitimate purposes, that law is normally only used in
ER> conjuction with actual burglaries...
A couple of years ago, someone locked my keys in my car for me. The service
station was across a BUSY intersection. Walking across the intersection took
less than a minute (the time it took the light to change). The service person
who helped me, though, had to drive through the intersection (which took
_several_ minutes - much longer than it would have to have walked it and a
couple of changes of lights) because he "needed to have his tow truck next to
him if the cops found him with" the device he used to break into my car - and
yes, he was wearing a uniform identifying himself as being from the service
station across the street. I'm sure he could have explained his way out of it,
but the potential hassle involved in being "caught" with the tools to break into
the car was apparently sufficient that he prefered dealing with the obnoxious
driving conditions (this was shopping center, on a Saturday, during the
Christmas season), and the extra time they required. I suppose I understand,
but it seems kind of unfortunate, really.
------------------------------
From: "T. Archer" <[email protected]>
Subject: Re: Radar Detector Prohib
Organization: University of Tennessee
Date: Thu, 14 Jan 1993 19:43:46 GMT
Apparently-To: [email protected]
In article <[email protected]> Ed Ravin <[email protected]> writes:
>In article <[email protected]> "T. Archer" <[email protected].
edu> writes:>>
>>Whether or not speed kills is irrelivant. Radar detectors do not kill, and
>>should not be regulated unless the present a danger to the public. Wanting
>>to know where radar emitters are is not a crime.
>
>Who says radar detectors _don't_ "present a danger to the public"? If
>you follow lawful speed limits you don't need them.
This does not follow. Perhaps I believe that police radar causes cancer,
and I want to know where speed traps are and avoid them. Perhaps I just
want to know where the police are.
>There are certain
>items known as "burglar tools" that if the cops find on you, they will
>assume that you are planning to commit burglary with them --
Um hmm... My roommate got busted on that one. A hammer and a roll of duct
tape. He make SCA combat armor and carries it in his trunk.
>what else
>can you do with a radar detector besides using it to reassure that you
>can break speed limits with impunity?
I needn't answer that. You are assuming guilt and asking me to prove
otherwise. That's not the way the law works, nor should it. If that is the
case, I will assume that you intend to use your net interface to commit
libel and have it confiscated.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
E-Mail to [email protected], mail to ARCHER at that address will
bounce. "Don't blame me, I voted Libertarian."
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: "david.g.lewis" <[email protected]>
Subject: Re: Radar Detector Prohib
Organization: AT&T
Date: Thu, 14 Jan 1993 20:26:20 GMT
In article <[email protected]> Ed Ravin <[email protected]> writes:
>In article <[email protected]> "T. Archer" <[email protected]> writes:
>>
>>Whether or not speed kills is irrelivant. Radar detectors do not kill, and
>>should not be regulated unless the present a danger to the public. Wanting
>>to know where radar emitters are is not a crime.
>
>Who says radar detectors _don't_ "present a danger to the public"? If
>you follow lawful speed limits you don't need them.
First of all, these two sentences are unrelated. Whether or not one "needs"
something is unrelated to whether or not it presents a danger to the public.
Your logic seems to be (a) exceeding the speed limit presents a danger to
the public; (b) owning a radar detector causes one to exceed the speed
limit; therefore © owning a radar detector presents a danger to the public.
If you don't like the word "causes" in (b), replace (b) with its
contrapositive, one who does not exceed the speed limit does not own a radar
detector, and you end up with your second statement.
Others have alread argued point (a); I'll stick with point (b).
Saying that "if you follow lawful speed limits you don't need a radar
detector" is not only showing ignorance of the limitations and use of speed
radar, it's setting a dangerous precedent.
It assumes that the only people who get issued tickets for exceeding the
speed limit due to the use of radar are indeed exceeding the speed limit.
This would require radar to be 100% accurate. Radar is not 100% accurate.
Therefore, it is possible that one could be accused of exceeding the speed
limit, due to radar, when one is not. If I am falsely accused of committing
a crime, do I not have the right to know?
This is like arguing for the repeal of the Fifth and Sixth Amendment,
because they only apply to people who have been accused of crimes, and we
don't want to coddle the criminals.
It's like arguing that the government should be permitted to open your mail,
eavesdrop on your telephone conversations, and bug your house without your
knowledge and without probable cause - because, after all, if you haven't
committed any crimes, what are you worried about? The information will only
be used in prosecuting criminals, and if you haven't committed any crimes,
you have nothing to hide, right?
>There are certain
>items known as "burglar tools" that if the cops find on you, they will
>assume that you are planning to commit burglary with them -- what else
>can you do with a radar detector besides using it to reassure that you
>can break speed limits with impunity?
You can use it to ensure that, if you are monitored by radar, you are fully
aware of the circumstances and surroundings so that if you are falsely
accused of breaking the speed limit, you are able to provide a defense.
You can use it to be aware that there are police ahead, indicating that the
traffic in front of you is likely to be slowing down to *below* the speed
limit, because for some reason people seem to think it's better to slow down
from (whatever speed the traffic is moving at) to (five miles an hour under
the prevailing speed limit) when passing a police car.
Or you can use it to tell when you're approaching a supermarket with an
automatic door opener. After all, what business is it of the government's
what I'm using it for? If I commit a crime, prosecute me for the crime.
But don't prosecute me because I have a device which someone else may use
in the commission of a crime.
------------------------------
From: "T. Archer" <[email protected]>
Subject: Re: Radar Detector Prohibitions
Organization: University of Tennessee
Date: Thu, 14 Jan 1993 19:39:57 GMT
In article <[email protected]> [email protected] (Graham Toal) writes:
>From: [email protected] (Graham Toal)
>Subject: Re: Radar Detector Prohibitions
>Date: 9 Jan 93 19:11:22 GMT
>In article <[email protected]> Richard Pierson <[email protected].com> writes:
>:There is also a product on the market from uniden that
>:you plug your detector into and when is senses a radar
>:detector shuts off your radar unit, a Detectors, detector,
>:detector so to say (Just saw one in truckstops of america
>:last wednesday for $90.00).
>
>This sounds like a con to me; how can you detect a radar-detector? Surely
>they're passive devices? Also, why would anyone except the police want one?
>
>Or do we have one too many 'detectors' in the description abov
I would have thought "detector detectors" to be impossible for the same
reason, but I hear they are out there.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
E-Mail to [email protected], mail to ARCHER at that address will
bounce. "Don't blame me, I voted Libertarian."
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: [email protected] (Andrew C. Green)
Subject: Re: Radar Detector Prohibitions
Date: 16 Jan 93 21:47:52 CST
Organization: Datalogics, Inc., Chicago, IL
In article <[email protected]>, Richard Pierson
<[email protected].com> writes:
> Went back and looked at it. What it is supposed to do is pick up the
> signal from a "radar detector detector" {Read Revenue enhancers} and
> shut yours off before the "radar detector detector" {Revenue Enhancers}
> detects your radar detector and NO I WONT TYPE THAT AGAIN. Also Uniden
> is a reputable company as far as I know, their detectors are theft
> attractors (I've lost 2 so far before I hard wired front and rear remotes
> into my truck). The range I do not know about as I don't know how the
> radar detectors work, whether they are "Passive" or whether the operator
> goes "Active" to get a "Reflection" back from the suspected radar detector.
The Radar Detector Detectors (which we shall call RDDs from now on :-)
operate on the fact that radar detectors emit some sort of detectable
electronic leakage/signal while they're monitoring for speed traps.
The RDDs simply pick up on that leakage, but as I am not an electronics
expert, that's as much as I can describe. Car & Driver magazine had an
explanation of the principle a while back when reviewing the latest crop
of detectors, devoting a review category to how much detectable leakage
was generated by each model. This would be of great interest to Connecticut
readers, although I believe that Virginia has since rescinded their ban.
Driver behavior is also a good giveaway for the cops -- they just zap a
likely-looking car and see if the brake lights erupt. You might want to
consult John de Armond's great treatise "Trolling for Taillights".
Andrew C. Green
Datalogics, Inc. Internet: [email protected]
441 W. Huron UUCP: ..!uunet!dlogics!acg
Chicago, IL 60610 FAX: (312) 266-4473
------------------------------
Date: Thu, 14 Jan 93 16:31:39 EST
From: "Nicholas J. Simicich" <[email protected]>
Subject: SSN and new baby
Reply-To: Nick Simicich <[email protected]>
Actually, perhaps the best thing you could do for the child would be
to apply for a SSN for them. More than once so that they have several
to choose from when they become an adult.
Nick Simicich (NJS at WATSON, [email protected]) -SSI AOWI #3958, HSA #318,
NAUI #14065
------------------------------
From: Esther Lumsdon <[email protected]>
Subject: Re: SSN and new baby
Organization: Verdix Corp
Date: Thu, 14 Jan 1993 23:17:20 GMT
Mike Brokowski <[email protected]> writes:
I suspect you're writing toungue-in-cheek, but I'll respond in case
you're serious:
>So what is the whole story here regarding how long the state will
>stay out of the business of "registering" our kids before they
>throw your butt in jail?
I don't recall anyone being thrown in jail for not "registering" a kid.
>It seems clear that a SSN is needed to claim a child as a dependant
>(if s/he is over 1 year old), but, if you don't claim the child as a
>dependant, does the state care? And what about this birth
>certificate business? Isn't a child's existance cerification enough
>of its birth? Is there some law forcing parents to tell the state
>whenever a child is born? Do these "certificates" become part of a
>publically accessable record? When was this policy enacted?
I think "certificates of live birth" started to be required in the
1800s. A child's existence is not sufficient evidence of its birthdate
when one needs to verify citizenship or age (when applying for a
driver's license, or a passport, or registering to vote, or proving
that a child is old enough to start kindergarten). In addition,
the State thinks it has an interest in knowing the parentage of new
citizens, to disallow incestuous marriages, and to track for child
support, or to locate the grandparents of the child if the parents
should die.
I have read an anecdotal account of the difficulties of getting a
passport for a U.K. citizen whose birth was unregistered. There
was nothing about being thrown in jail, or breaking any laws in
not registering the birth.
Or, I could just say that it's all a conspiracy so that the Church
of Latter Day Saints can amass the largest collection of genealogical
data for free, from government sources.
--
-- Esther Lumsdon, not speaking for Verdix. [email protected]
Q: How many user support people does it take to change a light bulb?
A: We have an exact copy of the light bulb here and it seems to be
working fine. Can you tell me what kind of system you have?
------------------------------
From: John McGing <[email protected]>
Subject: Re: SSN and new baby
Date: 16 Jan 93 12:25:21 GMT
Organization: Express Access Online Communications, Greenbelt MD USA
Reply-To: [email protected]
Mike Brokowski <[email protected]> writes:
>So what is the whole story here regarding how long the state will
>stay out of the business of "registering" our kids before they
>throw your butt in jail?
>It seems clear that a SSN is needed to claim a child as a dependant
>(if s/he is over 1 year old), but, if you don't claim the child as a
>dependant, does the state care? And what about this birth
>certificate business? Isn't a child's existance cerification enough
>of its birth? Is there some law forcing parents to tell the state
>whenever a child is born? Do these "certificates" become part of a
>publically accessable record? When was this policy enacted?
>So many questions...
>
> Just curious as always,
> - Mike
It seems government have been registering births of children at least
since the Roman times (given the reason for the census at Christs'
birth). But yes, birth, death, marriage, divorce records are public
records, and have been for a long time now. It is deemed in the public
interest to know who you are, who your parents are, how old you are, where
you were born....
I think some of the eastern older states have BVS records going back into
the early 1800's. Check with a geneological group if you want to get an
idea of what data is recorded on people and available for review.
--
------------------------------------------------------------------
[email protected] or [email protected]
SSA, your FICA tax people woodb!oss2cc!jmcging@soaf1
J.MCGING on GEnie 70142,1357 on Compuserve
------------------------------
From: Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: Re: SSN
Organization: Rensselaer Polytechnic Institute, Troy, NY
Date: Tue, 19 Jan 1993 01:19:56 GMT
In article <[email protected]> on 8 Jan 93 00:11:56 EST (Fri),
"John R. Levine" <[email protected].ma.us> writes:
> > An SSN, once issued, is ours to keep. It never changes. The SSN is
> >truly the "universal identifier."
>
> I have read that due to 45 years of clerical errors there are over four
> million people who have either more than one SSN or use an SSN also used
> by someone else. It is a gross oversimplification to claim that the SSN is
> unique.
Apparently one can get a new SSN if, e.g., the old one has problems
because a thief is widely using it.
> Also note that the only two data banks
> legitimately indexed by SSN, those kept by the SSA and IRS are legally
> off limits to prospective employers, whether or not they have an SSN.
A few years ago, the SSA was reported to be verifying (SSN, name)s for
the credit agencies. They say that they don't do it any more.
In article <[email protected]> on Wed, 13 Jan 1993 00:06:18 GMT,
Mike Brokowski <[email protected]> writes:
> Is there some law forcing parents to tell the state
> whenever a child is born? Do these "certificates" become part of a
> publically accessable record? When was this policy enacted?
1. Yes, I believe. Also deaths are to be reported.
2. Yes, altho it's getting harder since people use this info to
construct new identities.
3. In the last century, at least in the UK.
--
---------------------
Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
------------------------------
End of Computer Privacy Digest V2 #008
******************************
|
|
