TUCoPS :: Privacy :: priv_125.txt

Privacy Digest 1.25 11/11/92

PRIVACY Forum Digest     Wednesday, 11 November 1992     Volume 01 : Issue 25

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS
	Re: Privacy on the Agenda? (Jeff Johnson)
	Wire Taps, Key Management, and Privacy (Brinton Cooper)
	Va. Hearing on SSNs (Dave Banisar)
	Credit Thieves (Paul Robinson)
	Privacy Problems in 2142 A.D.
           (Lauren Weinstein; PRIVACY Forum Moderator)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 25

   Quote for the day:

	"Sticks nix hick pix"

		-- Headline from "Variety" (a Hollywood trade daily)
		   regarding rural areas' lack of interest in farm dramas.
	           (July 17, 1935)
		   
----------------------------------------------------------------------

Date:    Wed, 04 Nov 92 10:29:20 -0800
>From:    Jeff Johnson <jjohnson@hpljaj.hpl.hp.com>
Subject: Re: Privacy on the Agenda?

Moderator Lauren Weinstein wondered aloud whether Clinton et al will
put privacy on their agenda.  He wrote: 

> I suspect that it's only natural to expect that the issues of privacy may
> not be high (or even present) on many lists.

Here is a list from the Clinton Campaign, on which privacy is indeed mentioned:

Excerpted from - "Clinton/Gore Campaign Pledges Strong Consumer
Protections; Blasts Bush/Quayle Record" -  Oct. 26

A Clinton/Gore Consumer Bill of Rights will include:

         1.  The Right to Safety -- To be protected against the
             marketing of goods which are hazardous to health or
             life.
         2.  The Right to be Informed -- To be protected against
             fraudulent, deceitful, or grossly misleading
             information, advertising, labeling or other practices,
             and to be given the facts needed to make an informed
             choice.
         3.  The Right to Choose -- To be assured, whenever possible,
             access to a variety of products and services at
             competitive prices; and in those industries in which
             competition is not workable and government regulation
             substituted, an assurance of satisfactory quality and
             services at fair prices.
         4.  The Right to be Heard -- To be assured that consumer
             interests will receive full and sympathetic
             consideration in the formulation of government policy
             and fair and expeditious treatment in its administrative
             tribunals.
         5.  The Right to Consumer Education -- To help consumer
             education become an integral part of regular school
             instruction, community services and educational program
             for people out of school; to ensure that consumers have
             the assistance necessary to plan and use their resource
             to their maximum potential and greatest personal
             satisfaction.
         6.  The Right to  Privacy -- To not have information provided
             by consumers for one purpose used for a separate purpose
             without the consumer's knowledge and consent.

------------------------------

Date:    Wed, 4 Nov 92 17:38:19 EST
>From:    Brinton Cooper <abc@BRL.MIL>
Subject: Wire Taps, Key Management, and Privacy

In RISKS DIGEST 13.87, Dorothy Denning wrote, in part:

of a "...potential crisis in law enforcement if we lose the capability
to conduct court authorized taps." She spoke of the high costs of lawful
surveillance and asserted, "Much of this is related to organized crime,"
perhaps a scare tactic?  Her solution involves nongovernmental "key
centers" which, presumably, would not give out keys to anyone without a
properly executed court order.  She cites that the "...phone companies
are so fussy about court orders that they send them back if the
semicolons aren't right...," apparently believing that the rights of the
citizens are thereby protected.  For the following reasons, this is a
politically naive position.

 1. It provides that our right to protection from illegal governmental
search and seizure and/or illegal eavesdropping rests on the good will
and integrity of a phone company!

 2. Even a nongovernmental agency may act more like, than unlike,
government.  Consider the US Postal Service.

 3. Court orders, search warrants, and the like protect citizens only
when the information or evidence gathered is to be used in court against
a suspect.  If information is being gathered for political purposes,
blackmail, or other subversion of law (Watergate, Iran-Contra, the
Italian bank scandal, etc), the purloined information will never see a
public forum but can still do great harm to innocent persons.  Thus, the
constraints of court orders are obviated.

The FBI needs to fund its own R&D from its own budget, just as the
rest of the government at all levels must do.  There is talent that can
"red team" modern telecommunications and find trapdoors when necessary.

You must never forget that the gravest threat to our freedom is, and
always has been, government itself.  

_Brinton Cooper

------------------------------

Date:    Wed, 11 Nov 1992 9:29:42 EDT
>From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: Va. Hearing on SSNs 

An ad hoc committee of the Virginia General Assembly met November 10 and
agreed to draft legislation that will remove the SSN off the face of the Va.
drivers license and from voting records. The Special Joint Subcommittee
Studying State and Commerical use of Social Security Numbers for Transaction
Identification met for 3 hours and heard witnesses from government, industry
and public interest groups. It appears that the draft will require the DMV
and the Election Board to continue to collect the information, but will no
longer make it publicly available. It was also agreed that the committee
would look into greater enforcement of Va. privacy laws, including the
feasibility of setting up a data commissioner.

All of the legislators in attendance agreed that using the SSN on the face
of the driver's license caused problems for both fraud and privacy. The DMV
representative admitted that it would cost a minimum amount of money to
modify their new computer system, which they have not completed installing
yet, to use another numbering system. She estimated that this would take 3-7
years using the renewal process to change all the licenses. She estimated a
cost of $8 million  for an immediate change due to mailing costs.

Bob Stratton of Intercon Systems explained the inherent flaws in using the
SSN as an identifier and offered alternatives such as the SOUNDEX system
used by Maryland and New York as a better alternative for licenses. A
representative of the Va. State Police admitted that they do not use the SSN
to identify persons in their records because it was "inherently inaccurate"
and described cases of criminals with up to 50 different SSNs. Dave Banisar
of CPSR Washington Office explained how the SSN facilitates computer
matching and offered options for the board to consider to improve protection
of personal privacy. Mikki Barry of Intercon Systems described how any
attorney in Virginia has access to the DMV database to examine all records
via a computer network.

------------------------------

Date:    Mon, 09 Nov 1992  22:23:37 EST
>From:    "Message Center" <FZC@CU.NIH.GOV>
Subject: Credit Thieves

Article Summary, "The Credit Thieves"
(Washington Post, Nov. 9, Page D5),
"They Take Your Identity, Then Your Good Name."

In "The Credit Thieves" article author Stephen J. Shaw asks if you have
checked your credit rating lately; some thieves have been known to find
people's personal information, then create new identities - and new credit
histories - for some people.  Apparently name and address is enough to be
able to "borrow" someone else's credit information.  Some so-called "credit
doctors" charge $500 to find someone else with the same or similar name and
a clean record, and give the buyer that person's credit record.

Shaw declares personal exposure to credit fraud: his credit rating showed
"almost $100,000" in credit, services and merchandise ("loans, credit cards,
personal bank loans, plane tickets, home-entertainment systems, computers,
clothes, furniture, cellular telephones and a slew of other consumer
goodies") granted to "him" even though he lives in Washington DC, and the
credit granted to "him" was to someone in Orlando Florida, and he's never
heard of the things claimed to be charged to him.

He only found out about the incident when he applied for credit with an
organization and they asked him why he didn't declare all the OTHER credit
cards and such that he has.

Apparently almost anyone with access to a computer terminal with access to a
regular credit reporting agency can probably find out your credit history.

His "Credit Double" was only caught because he tried to buy a house using
Shaw's name.  The Secret Service is the agency that handles trying to catch
people who do this.  The "credit mugger" is in jail awaiting trial for four
counts of bank and credit fraud.

Happy ending, eh?  NOT.  Now getting rid of the inaccurate and fraudulent
credit requests is a job in and of itself.

"Equifax had deleted five of the bogus accounts, kept another four on my
report and added three new ones.  TRW told me that most of the disputed
accounts had been deleted because the creditor had not replied to TRW's
inquiry, but added that the 'creditor may re-report item.' stating , in
effect, that the accounts could reappear in future editions."  Trans Union
did not have the incorrect accounts, but still had the Florida address.  TRW
also has his address listed as Florida.

A New York State agency found six out of 17 credit reporting agencies which
advertised would sell credit histories without any attempt to verify the
purpose of the request.  An executive at TRW told a 1991 Congressional
hearing that "if someone is willing to lie to get a consumer report on
another individual, there is nothing in the present law to act as a
deterrent."

Apparently it's not all that hard even to get someone's credit report
legally. The Fair Credit Reporting Act (FCRA) allows anyone with "a
legitimate business need for the information" can get your report; this
includes prospective creditors and employers.  "This loophole covers
anything from renting an apartment to paying for something by check to
joining a health club or a dating service.  Reports can be ordered
legitimately by employers checking on employees, insurance companies writing
policies, someone trying to collect a debt, and government agencies deciding
to grant any form of assistance or licenses."

The article notes one can request not to be put in the list of
"pre-screened" or "targeted" people that credit reporting agencies sell to
companies that sometimes offer credit.  You can also ask to be taken off
mailing lists by writing the Direct Marketing Association, Mail Preference
Services, 11 West 42nd St, Box 3961, New York, NY 10163-3861.  They can also
take reqests just to remove your telephone number from some lists.

The article recommends contacting each of the three major agencies twice
yearly, and at least 6 months before a major purchase, because some of them
don't get what the others have.  If something is wrong, contact the creditor
directly as well as the reporting agency.  If you can't get something
corrected, ask to have a statement inserted in your record.

If you're not satisfied, you can write the Federal Trade Commission
at Correspondence Dept, Room 692, Washington DC 20580.

The major credit reporting agencies are:
 - Equifax, Box 740241, Atlanta GA 30374    1-800-685-1111
 - Trans Union, Box 7000, North Olmsted, OH 44070
   Regional Offices:
   - Box 360, Philadelphia, PA, 19105         215-569-4582
   - 222 South First St., Suite 201,
     Louisville KY 40202                      502-584-0121
   - Box 3110, Fullerton, CA 92634            714-870-5191
 - TRW National Consumer Relations Center,
   12606 Greenville Ave., Box 749029,
   Dallas TX 75374-9029                       214-235-1200
   (TRW allows one free report a year by mail from)
   - TRW, Box 2350, Chatsworth CA, 91313-2350
---
Paul Robinson -- TDARCOS@MCIMAIL.COM
These (uninformed and probably inaccurate) opinions are mine
alone; nobody else is (stupid enough to be) responsible for
them.

------------------------------

Date:    Wed, 11 Nov 92 19:41 PST
>From:    lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Privacy Problems in 2142 A.D.

Greetings.  About two months ago "The Sci-Fi Channel" launched their
(long awaited) cable service. While it is not yet widely carried by
cable systems, it shows a wide variety of (mostly old and/or campy)
Science Fiction, Horror, and related programs and films.  I like it--
which says nothing about its chances for future success!

In any case, one of their in-house produced interstitial elements (that is,
short programming segments to run between main programs) is the "Comlink FTL
Newsfeed"--direct from the year 2142.  The concept is that we're looking in
on a sort of "headline minute" from today's date, but 150 years in the
future.  Each day there's a new one, and we move forward in step with the
future.  The news is read by a computer-processed "mask" face, with various
garbled stock tickers running along the top and bottom (wouldn't you know
it, we can't see what the winning stocks will be in 2142!)  

There have been a number of interesting looks into future news stories.
The scandal over the Mars terriforming contracts, for example.  The
issue of clone rights.  Problems with "defective" clones--especially
the Elvis and Mother Teresa models.  However, the one continuing FTL story
since the channel launched is the "Identification Chip Controversy".

It seems that in 2142, the government decreed that all citizens would be
required to have identity implants which could be scanned by authorities
(similar to the pet ID chips available today, it would seem).  Initial
announcements on FTL indicated that the chips would only be scanned when
searching for criminals--but later announcements indicated that there were
plans for direct tie-ins between the identity chip codes and a range of
public and private databases.  When the opposition "Privacy Party" publicly
tried to argue against this technology (using arguments very similar to what
we might see in this digest) they were branded essentially as kooks and
official statements were released to the effect that no honest citizen has
anything to fear from identity chips or database linkups.

Yestersday, an FTL press release announced that a new "police visor" would
be issued that could automatically scan all identity chips in an area to
make identification of all citizens as rapid as possible.  Apparently this
was the straw that broke the camel's bank for some of the opposition in the
future.  Today (or rather, today plus 150 years), FTL Newsfeed was suddenly
interrupted by a large red "R", and a voice repeating, "Defy the government!
No Identi-Chip!" until the end of the segment.  One can only imagine
the steps that authorities will take to deal with the transgression!
We shall see.

Even though it is presented in a humorous manner, it is refreshing to see
*any* treatment of privacy issues that indicates even a basic awareness of
modern privacy concerns--matters that are all too frequently ignored by most
mass media.  The Sci-Fi Channel deserves a thumbs-up for their creative (and
continuing) look into the "future" of privacy.

--Lauren--

------------------------------

End of PRIVACY Forum Digest 01.25


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH