The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Wednesday, 31 December 1997 Volume 06 : Issue 18 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Banks, Telemarketing Lies, and the Fine Print (Lauren Weinstein; PRIVACY Forum Moderator) ATM card problems (Joe Bates) GSM mobile network in Switzerland reveals location of its users (Daniel Polak) Toll records (Phil Agre) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic list handling system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list handling system. Please follow the instructions above for getting the "help" information, which includes details regarding the "index" and "get" commands, which are used to access the PRIVACY Forum archive via the list handling system. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 18 Quote for the day: "Must have been murder. She always knitted so carefully." -- Roderick Femm (Robert Morley) "The Old Dark House" (Columbia; 1963) ---------------------------------------------------------------------- Date: Sun, 21 Dec 97 14:47 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Banks, Telemarketing Lies, and the Fine Print Greetings. Well, we're at the end of 1997 (by the time many of you read this it will already be 1998), and it's been another banner year for privacy problems. As we surge inexorably toward the 21st century, it looks more and more as if "privacy" may end up being one of those terms that will be so changed as to be unrecognizable in dictionaries of the future--Newspeak, indeed. A few topics to cover today... I recently received a submission here at the PRIVACY Forum that presented some interesting complexities. It was from a reader (who fully identified himself) who in addition to a technical job also worked as a telemarketer for a *major* telemarketing firm. He was concerned over being required to explicitly lie to the persons he called to sell a "credit watch" service. Specifically, his telemarketing scripts (associated with and he said approved by one of the U.S.'s largest banks, which was providing the customer data), told him to lie to callers regarding Social Security Numbers (SSNs) and the security of customer personal information. SSN data was being used to "verify" the customers. The telemarketers were to say that they "only" had the first three and last four digits of the customers' SSN. They were to say that the bank had not provided them with full SSNs. Unfortunately, he reported that this was simply untrue. He said that the full SSN for all customers always appeared on their screens, and much of the time full date of birth info appeared as well. As for security standards, he claimed that most of the callers were college students or other young people, that there were no security measures, and that anyone was free to copy down whatever information they wished. He said they were told to lie and claim that high security standards for customer data were in place. Given the stature of the organizations involved, I wanted to verify his story as far as possible. While he was fully identified to me, he (understandably) didn't want his name mentioned here in the Forum. I had further e-mail and telephone exchanges with this person, and asked for and received faxed copies of the telemarketing scripts, all of which confirmed his story to the extent such materials could. I was in the process of working toward verifying his accusations at the level of the firms themselves when he reported that the SSN field in their displays had just begun starting to blank the center two digits. Coincidence? Perhaps. In any case, this made the practicality of pursuing this issue questionable, so I will not name the organizations that were involved. My inclination, judging from my interactions with this person and past experience, is to believe his story. But even though it seems unlikely that more can be done regarding this particular case, the bottom line lessons seem valid regardless. There is more and more evidence that banks and other financial institutions are treating people not so much as valued customers but as information fodder for marketing "schemes" of all sorts, usually without their explicit permission. Key to this trade in personal data are many of the commercial database firms. A number of these large firms have recently announced a voluntary agreement to "restrict" the release of personal information to the "general public." Unfortunately, their definitions would seem to leave holes gaping enough to allow anyone with an ounce of intelligence or ingenuity to still gain access to whatever information they really wanted. "Voluntary" of course means that there will still be firms out there selling data who are *not* abiding by even this modest restriction. The majority of information abuses are from commercial entities and professionals who wouldn't be considered to be the "general public" in most cases. Let's face it--if these database firms restricted access to the data broadly, there wouldn't be anyone left to whom they could sell the data--and selling data on individuals is key to their core businesses. It's not members of the "general public" who are the real problem when it comes to misuse of personal data. Many persons believe that their bank information is among their best protected personal data from commercial abuse. But is your checking account balance private, or is it really public information? Usually, essentially the latter--since most banks make it trivial for anyone to verify through automated or other systems whether a given check will clear--a simple binary search can often pin down a highly precise value. As usual, no "need to know" verification of the party making the query is typically performed. Another example of a system with a legitimate, valid purpose that can be easily abused. For that matter, have you ever bothered to read the "fine print" in those little credit card and bank disclosure booklets that show up from time to time? Most of them border on the bizarre. Basically, they usually retain the right to do pretty much anything with the information they have on you, including providing it to others for marketing. They also usually attempt to indemnify themselves for any problems that might result from release of data to persons who call them and present your SSN or other trivial identifier. Don't like it? With the massive consolidation in the financial industry, there aren't all that many choices left, and they all pretty much use the same boilerplate text. Meanwhile, any hopes that the recent Federal Trade Commission (FTC) investigations into personal data abuse would help the situation have been pretty much dashed. The FTC is recommending the usual "voluntary controls"--which essentially means firms will still be free to do pretty much whatever they want with your personal data. It's clear that the commercial realm--sort of a "Big Brother, Inc."--is still firmly in control. Personal data remains the same "information potatoes"--to be bought and sold like vegetables--as I've referred to them in the past. Until we bite the bullet and start the work to develop national legislation to control the use and abuse of personal data in the commercial arena, we will continue to be forced to chip away our lives, little datum piece by piece, by the commercial entities who take those chips and grind them up into their profit centers deluxe. All the best to everyone for the new year. Take care. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Sat, 20 Dec 1997 08:45:35 -0800 From: Joe Bates Subject: ATM card problems Like hundreds of thousands of California customers, I received a mailing from Wells Fargo enclosing my "new" ATM card and notifying me that my old card would expire soon and to start using the new one. I didn't read most of the fine print (silly me) because I didn't intend to use the debit features. I don't like the idea of withdrawing from my bank account without knowing the running balance. I use either cash or a credit card and generally pay off balances every month. Then I read the first post concerning Wells Fargo Bank's new "Check card" and I called their customer service to get my new card cancelled and have another card sent without the debit and/or Mastercard functions attached. At first, the customer rep told me that the card was absolutely safe and I shouldn't worry. She also said that once activated, it was impossible to go back to the old card. So, we moved up a level to her supervisor and discussed how Wells Fargo marketing materials lie to the customer on the first page of the announcement by stating that your old card is expiring. It is not. If you don't want the new card, you can call and refuse it and continue to use you old (non-debit) card. After she finally acknowledged that there might have been a "bit of confusion" generated by their literature, she said that she could replace my debit card but would have to cancel it and send me a new non-debit card in the mail. The process could take several weeks and in the interim, I would have no access to the ATM machines. She said that the computer would not allow a customer to have two cards at the same time. When I pointed out to her that hundreds of thousands of customers currently were in possession of an old and a new debit card simultaneously right then as a result of their own mailing, she decided that it was time for the next level of supervision to join in the debate. Finally it was settled that they would go through sales to send me a new card without the Mastercard/debit portion and then would cancel my current card 10 days after mailing the new card. That was 15 days ago and I haven't gotten anything yet. The moral is: 1) You can keep your old card if you call in and cancel the new one. 2) You can deactivate the "Check/Mastercard" portion of your new card if you have destroyed you old card. Simply call customer service and request that they deactivate that feature and that they comfirm in writing that they have done so. Tell them that you feel that it is insecure and until they allow the customer to use a PIN when using the debit function and build in some security that prevents legitimate checks from bouncing in the event the card or the number is used fraudulently, you are not interested in a service designed mainly to generate new fees for Wells Fargo. Most of all read ALL the literature and don't throw it away until you've settled things. Joe Bates ------------------------------ Date: Mon, 29 Dec 97 21:35:00 +0100 From: Daniel Polak Subject: GSM mobile network in Switzerland reveals location of its users In tonight's newspaper an article in the Swiss Sonntags Zeitung of yesterday is quoted. The article reports that the Swiss telecom company Swisscom has stored information on the whereabouts of 1.000.000 users of their mobile phone system. The information has been kept for longer than 6 months. According to Swiss police authorities the information is a treasure trove. It allows them to pinpoint the location of any subscriber to within a few 100 meters. It is ironic that a country that prides itself (overly) on the privacy of its bank system does not care about the privacy of its mobile phone users. [ I've seen the full version of the article described above by Daniel. The key issue revolves around the amount of data being routinely recorded from any cell phone "switched on" at any particular time. The Swiss controversy is in contrast to countries such as Australia and Great Britain where apparently such intra-cell location data is not routinely stored for long periods except for particular "target" phones upon court order or other law enforcement request. So says the article, in any case. An engineer involved in the design of the Swiss system, in response to the article, suggests that there is too much detailed location data for so much to be routinely archived, and that it isn't always clear who is really using a particular cell phone in any case. However, he seems to agree that inter-cell location data is archived for about a year and a half. I might add that in metropolitan areas, an individual cell site (particularly with PCS) can be extremely small, making more accurate location data possibly of little additional value in many cases. What does this mean for U.S.-based cell systems? Here in this country, the FCC has mandated a two-stage implementation of highly accurate location tracking facilities for cell systems, specifically for 911 emergency use. However, all manner of call record data (whether cellular or conventional landline) has traditionally been granted extremely minimal protections in the U.S., far less than the protections related to monitoring of the actual content of calls. This suggests that in the absence of laws to the contrary, detailed intra-cell location data may well be widely available for all manner of non-911 tracking applications, both in realtime and retroactively, to the limit of archiving policy and rapidly advancing technology. This form of "data creep," where information is collected ostensibly for one purpose but then made available for other applications, is an increasingly serious one. The retroactive "filtering" of vast amounts of routinely collected location data to search out particular events "after the fact" can be especially problematic. How would we feel about this if the technology existed to record the content of all telephone calls, but by law it took a court order to go back and search through the call archives to pick out conversations of interest later? Or how about cameras in every home, the tapes from which would theoretically remain unviewed unless retroactively examined under court order? Farfetched? Of course, but the basic principle would appear to be much the same as the one at issue in the Swiss cell phone case, and quite possibly here in the U.S. cell systems as well quite soon. In George Orwell's "1984," nobody ever knew for sure when their particular telescreen was monitoring them. So people quite sensibly behaved as if they were being monitored all the time. The result was a society with comparatively little crime, and virtually no freedom as we know the term. A reasonable tradeoff? Points of view will differ. Orwell didn't visualize the Cellular and PCS networks of today. If he had, would they have been part of the basic infrastructure through which the members of his fictional society were monitored? It's something to ponder as we consider the necessity of laws to control the vast amounts of personal data being collected by burgeoning technologies of all sorts. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Thu, 25 Dec 1997 15:32:45 -0800 (PST) From: Phil Agre Subject: Toll records The 11/3/97 issue of the New York Daily News blares, "IT'S E-Z TO SPY: Toll lane records used in crime cases; divorce court could be next". The article, by Alice McQuillan and James Rutenberg concerns law enforcement use of the records kept by the E-Z Pass toll collection system that is operated by the Triborough Bridge and Tunnel Authority. (Disclosure: I was interviewed for this article but I'm not mentioned in it.) It quotes an anonymous NYPD investigator as saying "It will become another item to be checked off in a routine investigation... You must do it. It will be an omission not to do it". A divorce lawyer is quoted as saying, a little hyperbolically I assume, "When he says, 'I was at work, Honey', now she can check the E-ZPass and prove he was at the Hot Bed Motel in Long Island". Although the TBTA initially required subpoenas for access to the records, the NYPD successfully fought this requirement in court in a recent kidnapping case. They also say they'll refuse requests for access in civil cases, and say they've only gotten one such request. Stay tuned. Phil Agre [ Another "data creep" example, of course. -- PRIVACY Forum MODERATOR ] ------------------------------ End of PRIVACY Forum Digest 06.18 ************************