Date: Sat, 05 Dec 92 13:14:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#108 Computer Privacy Digest Sat, 05 Dec 92 Volume 1 : Issue: 108 Today's Topics: Moderator: Dennis G. Rears Re: Lucky Supermarkets copies social security numbers on to checks. Re: Privacy in VA Re: Privacy in VA Re: Privacy in VA Re: Privacy in VA Re: Privacy in VA Medical Credential info Privacy in the Commonwealth of Virginia SSN The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 3 Dec 92 15:11 PST From: John Higdon Organization: Green Hills and Cows Subject: Re: Lucky Supermarkets copies social security numbers on to checks. jms@carat.arizona.edu (A virtually vegetal non-entity) > I hope that the solution to this problem is obvious: take a small > kitchen magnet, place it in close contact with your drivers license, > and erase the strip. Minutes ago, I put my license through a professional grade video tape degausser. I do not recall seeing or hearing any admonition to refrain from doing this. There are plenty of people out there without the mag stripe on the back of the license, so until it is universal I do not feel like being placed at any particular disadvantage. If the time comes that it can be demonstrated to me, the citizen, that the mag stripe on the back of my license is of benefit to ME, then I will consider taking it in for re-recording. Until then, I am not going to be stapled, folded, or mutilated. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ From: Steve Johnson Subject: Re: Privacy in VA Organization: TRW Systems Division, Fairfax VA Date: Thu, 3 Dec 1992 23:43:07 GMT Paul Olson writes: >> >>4. Etc >>Are there related issues I should know about but haven't thought to ask? >Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar >detectors. Personally, I wouldn't live in a state which says I can't own a >radio receiver, not to mention that it's overbuilt, over crowded and you can't >get anywhere on a Saturday because of traffic. If you're going to be working >in DC, I'd look into moving to Maryland. But that's just my opinion. I've lived in both and concur with Paul (although some parts of Maryland are better than others. Don't fall for the "the taxes are lower in Virginia bit". About two years ago, while living in Virginia, my tax man goofed and punched in MD for my state of residence. When I got the return in the mail, noticed the error and reported it he, after apologizing most profusely, corrected it to VA and all was right with the world. The best part was that I got to get a REAL comparison of the income tax situation in VA and MD with the same input data. The result: I saved about $100 in VA. Of course, I had a ten year old car (VA has a personal property tax and levies it on cars, boats, airplanes, and just about anything else they can find EVERY year) and didn't have to shell out anything in taxes (well almost nothing) for it. The Commonwealth (geez what ego) has truly learned the fine art of the nickel-and-dime tax (including the so called VA Pilot's License). Unfortunately, Mayor (oops Governor) Schaefer of Maryland is beginning to learn this technique from Governor Wilder so I can't say how much longer this situation will continue and of course your mileage may vary. BTW I live in one of the highest taxed areas in MD; Montgomery County. Live somewhere else (like Frederick) and things are cheaper still. ------- Any views expressed are those of myself and not my employer. -------- Steven C. Johnson, WB3IRU / VK2GDS | TRW | johnson@trwacs.fp.trw.com FP1 / 3133 | [129.193.172.90] 1 Federal Systems Park Drive | Phone: +1 (703) 968.1000 Fairfax, Virginia 22033-4412 U.S.A. | Fax: +1 (703) 803.5189 -- ------------------------------ From: Carl Oppedahl Subject: Re: Privacy in VA Date: Fri, 4 Dec 1992 00:30:11 GMT Organization: PANIX Public Access Unix, NYC In Allen Warren writes: >This information came to light in an article noting differences between >credit card and bank check payment. When a store accepts your check, >they assume liability. When they accept your credit card, there is no >liability to the store, the liability is with the credit card company. >Whenever a store asks me to list my telephone number on my credit card >receipt, I put down 555-1212. I had one clerk notice the number and she >stated that the number was not valid since it was information. I then >stated that this was the number I wrote on the receipt and I wouldn't give >out my unlisted number. ..... New York State has a law that they cannot make you give your phone number or address for a credit card slip. The idea is that the store has already gotten credit approval for the charge slip and has no legitimate need to know anything else. Carl Oppedahl AA2KW (intellectual property lawyer) 30 Rockefeller Plaza New York, NY 10112-0228 voice 212-408-2578 fax 212-765-2519 ------------------------------ From: Christopher J Burian Subject: Re: Privacy in VA Organization: University of Illinois at Urbana Date: Fri, 4 Dec 1992 02:17:18 GMT Apparently-To: comp-society-privacy@ux1.cso.uiuc.edu Craig Wagner writes: > RL> 2. SSN, CC#, Phone # on checks What is VA law on stores wanting to > RL> write any of the above on your check before honoring it? > RL> > RL> [Moderator's Note: I sure as hell hope they don't restrict the > RL> practice. You have no *RIGHT* to cash a check. A store has a > RL> legitimate need for the SSN. ] >They _do_ restrict the credit card numbers here. Nothing else, though, to the >best of my knowledge. > RL> [Moderator's Note: Once again I have to ask: Does the > RL> knowlege of one SSN affect that's person privacy? I say no. All the > RL> SSN does is act as a global indentifier. In today's technology it is > RL> not difficult for a legitimate business to get a persons SSN. You > RL> don't need a SSN to get a credit report just a name and address. > RL> ._dennis ] >This comment almost makes it sound as though the only privacy issues >are (1) protection from "a legitimate business" or (2) for protecting >credit reports. Privacy includes the protection of _any_ information >an individual chooses to consider "none of 'your' business," including, >if they so choose, the SSN from being given to friends, neighbors, or >strangers. As long as organizations use the SSN as an identifier for >conducting transactions (American Express does this for phone >transactions, and other organizations rely too heavily - and singularly >- on it), an individual is being reasonable in making efforts not to >have his SSN become any more public than it already is. It's precisely >because of these issues that some states (the recent report of actions >within the Virginia legislature is an example) are taking efforts to >help individual's protect their SSN number. >[Moderator's Note: The point I am making is that the SSN has become the >defacto Universal Identification Number. I don't like but I have to >accept that fact. ._dennis ] The point of the word "privacy" isn't to deny identification when for a legitimate business use. The problem is businesses and government organizations that can get the job done without the SSN. It's fairly easy to make someone's life miserable if you know their SSN, according to the people who want to restrict its use. If this or that form doesn't NEED the SSN to ensure payment or collect taxes, then don't ask for it! Chris Burian--- ------------------------------ From: "Michael T. Palmer" Subject: Re: Privacy in VA Date: 4 Dec 92 17:56:12 GMT Organization: NASA Langley Research Center, Hampton, VA USA Paul Olson writes: >Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar >detectors. Personally, I wouldn't live in a state which says I can't own a >radio receiver, not to mention that it's overbuilt, over crowded and you can't >get anywhere on a Saturday because of traffic. If you're going to be working >in DC, I'd look into moving to Maryland. But that's just my opinion. Well, you're right about the radar detectors at least. But I thought that Connecticut also outlawed detectors... either way, I just can't fathom why this law has not been successfully challenged. Now about the rest of this statement... you must be talking about Northern Virginia in the DC area. If you took the time to visit the rest of the state, you'd find one of the prettiest and friendliest around! -- Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681 Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail ------------------------------ From: David Banisar Subject: Re: Privacy in VA Organization: Computer Professionals for Social Responsibility Date: Sat, 5 Dec 1992 03:49:09 GMT Apparently-To: comp-society-privacy@uunet.uu.net Since there has been much recent discussion about privacy in Va., I thought the readers might be interested in this new provision of Va. law, enacted in 1992. It provides for an opt-out system for personal information collected by merchants. Its fairly weak in its disclosure and enforcement provisions but it is a start. Readers might want to consider showing this to their legislators. In addition, Va. also has a privacy law, fairly closely modeled after the 1974 Federal Privacy Act. Both the legislature and the Council on Information Management have expressed some interest recently in a data commission to protect privacy. CPSR is working on a draft bill to present to the legislature and the council that would increase enforcement of privacy provisions and remove many existing loopholes among other functions. The legislature expressed great interest in removing the SSN off of driver's licenses and may do so in the next legislative session. It may be possible to speed up the processing if notices for new liscences are included in every already existing mailing that the DMV already sends out. (ie registrations, tickets, etc.). We will present this alternative to the legislature when the bill is drafted (unless someone here forwards the idea sooner). If anyone is interested in either an electronic copy of the full Virginia code on privacy protection or the testimony I gave at the SSN hearing, feel free to email me at banisar@washofc.cpsr.org. Both are a bit long for submission here. Dave Banisar CPSR Washington Office TITLE 59.1. TRADE AND COMMERCE CHAPTER 35. PERSONAL INFORMATION PRIVACY ACT | 59.1-442. Sale of purchaser information; notice required No merchant, without giving notice to the purchaser, shall sell to any third person information which concerns the purchaser and which is gathered in connection with the sale, rental or exchange of tangible personal property to the purchaser at the merchant's place of business. Notice required by this section may be by the posting of a sign or any other reasonable method. If requested by a purchaser not to sell such information, the merchant shall not do so. No merchant shall sell any information gathered solely as the result of any customer payment by personal check, credit card, or where the merchant records the customer's driver's license number. For the purposes of this section "merchant" means any person or entity engaged in the sale of goods from a fixed retail location in Virginia. | 59.1-443. Exceptions This chapter shall not apply to information gathered for purposes of extending credit or the recording and sale, rental, exchange or disclosure to others of information obtained from any public body as defined in the Virginia Freedom of Information Act (| 2.1 -341 et seq.). | 59.1-444. Damages Any merchant who violates the provisions of this chapter shall be liable for damages in the amount of $100, payable to the purchaser whose personal information was sold or otherwise disclosed in violation of this chapter. In addition, such purchaser may recover reasonable attorney's fees and costs. Actions under this section shall be brought in the general district court for the city or county in which the transaction which gave rise to the action occurred. ------------------------------ Date: Fri, 4 Dec 1992 01:02:14 -0500 (EST) From: Paul Eric Stoufflet Subject: Medical Credential info (I sent this to alt.privacy, but received no reply) I am a medical resident at Columbia Presbyterian Medical Center in NYC. It recently came to my attention that the Department of Medicine was giving information on myself (and presumably the other residents at CPMC) to the American Board of Internal Medicine, which oversees the credentialing of 'board-certified' physicians. In addition to assessments of performance, they provide personal information including the omnipresent SSN. I do not recall granting any permission, written or otherwise, to Columbia to disseminate this information. I am sure that Columbia University receives federal funds, and so does Presbyterian Hospital. Are they in violation of the 1974 Privacy act? Can I do anything about it? Please respond via Email. Thanks- / \ / \ Paul Stoufflet / \ / \ | / \ | Columbia Presbyterian Medical Center | / \ | | \ / | internet: pes3@cunixf.cc.columbia.edu | \ / | \_/_\_/ All opinions are my own \_/_\_/  ------------------------------ From: "Paul Robinson, Contractor" Reply-to: TDARCOS@mcimail.com Date: Thu, 03 Dec 1992 21:49:00 EST Subject: Privacy in the Commonwealth of Virginia Aproximately two years ago, Chesapeake & Potomac Telephone Company of Maryland, and Virginia introduced the Caller-ID feature on their electronic telephone switch systems. The Public Service Commission of the District of Columbia specifically forbade Chesapeake & Potomac Telephone Company of Washington, DC to provide Caller-ID either on interstate local calls or to calls made within DC. So for a time, if you called from Maryland or Virginia, to someone in either of those states who has Caller ID, the holder of the device could get your number; you had no means to block the number. After a short period of time, the Maryland Public Service Commission issued an order to C&P Telephone of Maryland to allow "per-call" blocking by dialing *67 / 1167. It was at this time that the DC PSC told C&P of DC that they could offer Caller-ID if they also implemented blocking. They did. The Washington Post ran a series of articles about people who had troubles because of Caller-ID. It wasn't until their competitor, the Washington Times, told about it, that anyone knew that the Post had installed Caller ID on its lines when it installed its new PBX system. The Post, for some reason never said anything to anyone about it. In Virginia, there is still no way to block Caller-ID on a call dialed from one of their numbers. But callers in DC or Maryland can block the delivery of their number. And, a Caller-ID subscriber can refuse to accept blocked calls. I have a drivers' license from the State of Maryland. While they asked for my social security number on the application, the number appearing on my license is a long "soundex" number. (California had it interesting; my old license from there was N71xxxxx. This told anyone who knows California licenses that mine was originally issued in 1977. My brother has an identification card from the Commonwealth of Maryland. My mother has an (expired) id card from the District of Columbia. Both the Virginia card and the DC card use the Social Security number as the serial number. Had I turned in my California license before it expired, when I was living in DC, the license they would have issued me would have used my social security number. ---- Paul Robinson -- TDARCOS@MCIMAIL.COM -- These opinions are mine alone. ------------------------------ Date: Fri, 4 Dec 92 06:22 GMT From: Andrew Koran <0003967939@mcimail.com> Subject: SSN Dennis, I think you're missing the point on this SSN debate. I have to agree that if youre writing a check in a store the merchant has to ID you, but your SSN is not supposed to be an ID. If your worried about your privacy or your credit record pay cash (if you can) You mentioned before that it pretty much defacto as an ID, but how did it get that way in light of the present abuses. Issue number 105 has a few words about correcting your credit bureau reports, near impossible, and that if someone, some merchant abuses it like I;ve had done, I can just imagine the problem you'll have trying to correct the artwork of some bogus fool abusing your ID. The burden of all of this tends to fall right on the shoulders of the individual. Andrew A. Koran ------------------------------ End of Computer Privacy Digest V1 #108 ******************************