risks@CSL.SRI.COM (RISKS Forum) (03/15/91)
RISKS-LIST: RISKS-FORUM Digest Thursday 14 March 1991 Volume 11 : Issue 28
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
BeeperScam (Jake Livni)
The Mailing List Business (Mary Culnan)
Census Bureau Seeks Changes [anonymous]
Roadway information base risk (John McMahon)
How to deal with "DROIDS" (Greeny)
Re: EM solution for new buildings - risk solved? (Christopher Owens)
Computer Obtuseness File (Medical Division) (Anthony E. Siegman)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For
vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Tue, 12 Mar 91 18:58:27 EST
From: jake@mars.bony.com (Jake Livni <JAKE@DBCLUA>)
Subject: BeeperScam
I just saw a news item describing the arrest, today, of someone in New York
City on possible wire-fraud and mail-fraud charges. Apparently, he used a
computer to dial common beeper exchanges and left a return phone number on as
many beepers as he could. Those people who called the number heard a message
stating that they were being billed $55.00 for this call. There weren't many
more details in the report - except that the Secret Service didn't have much
difficulty finding this guy.
Maybe that explains a strange return number my boss got a few weeks ago, I
think a 900-number. I knew that some FAX-supply companies were sending out
junk-FAXes to FAX-numbers but what could a beeper-supply company try and sell?!
On a slightly divergent note, should there perhaps be some kind of restriction
on phone numbers that cost umpteen-dollars after the first second of connect
time? It's not so difficult for a misdialled call to cost plenty.
Jake jake@bony1.bony.com
[An anonymous RISKS reader noted that their company phone switches are
protected from making outgoing calls on 900 and 540 numbers. However, their
employees may use phones at customer sites in response to a page. Their New
York office has alerted employees to this scam. They expect similar
activities in other areas in the future. PGN]
------------------------------
Date: 14 Mar 91 13:38:00 EST
From: "Mary Culnan" <mculnan@guvax.georgetown.edu>
Subject: The Mailing List Business
In today's Wall Street Journal (3/14/91, p. A1;A8), there is an extended
article describing the extent to which the mailing list business extends its
tentacles into the details of our private lives. The article by Mike Miller
not only provides extensive examples of individual lists which many people are
likely to find offensive, but also provides information on some of the largest
mailing list firms in the country and the ways they gather data about all of
us. Evan Hendricks of the Privacy Times is quoted as saying, "You go through
life dropping little bits of data about yourself everywhere. Most people don't
know there a big vacuum cleaners sucking it up."
Specific lists cited in the article include:
* Metromail's "Young Family Index Plus" which lists about 67,000
new births each week compiled from clipped birth announcements,
referrals from Lamaze coaches and names acquired from companies that
deal in baby supplies
* America List Corp sells lists based on high school yearbook listings
about virtually every high school class in the U.S.
* Benadryl bought names and addresses (based on phone numbers sold
to them) of people calling an 800 number for pollen count information
* The Big 3 credit bureaus sell mailing lists based on aggregated
credit data, e.g. "Credit Seekers Hotline" of people who recently
applied for credit and are "prospects who want to make new purchases"
Finally, an Atlanta-based company which prepares marketing questionnaires asks
if there has been a recent death in the family. The company's President is
quoted, "Death has always been a negative life style change nobody thought
could be sold, but I differ. I think it's a very good market."
The RISKS are clear. If you aren't aware that personal information is being
collected, i.e. you thought you had an expectation of privacy, ignorance makes
it impossible to exercise the options that exist for getting one's name taken
off of lists. However, even these mechanisms are not foolproof if companies
are not committed to privacy on principle. One example was cited of a company
who mailed to people who had signed up for a "delete me" list because these
people would have uncluttered mailboxes.
[A lot of the info came from the same public sources I mentioned in my
earlier RISKS posting and also in the handout I sent to the 10 or so people
who wrote me. MC]
[Roger.Pick@UC.Edu (Roger Pick) also noted this article, headlined
"Data Mills Delve Deep To Find Information About U.S. Consumers: Folks
Inadvertently Supply It By Buying Cars, Mailing Coupons, Moving, Dying:
Treasure for Direct Marketers." He highly recommends it. PGN]
------------------------------
Date: Tue, 12 Mar 91 12:37:37 XST
From: [anonymous]
Subject: Census Bureau Seeks Changes
Today's AP reports that the Census Bureau is already asking for $10.1M next
year for needed modernization of the census process for the year 2000. Census
Director Barbara Bryant told the census and population subcommittee of the
House Post Office and Civil Service Committee that "The increasing diversity in
ethnic and language groups will certainly make data collection in the 2000
census more difficult."
Bryant said the bureau is considering changes such as the following:
* A "user-friendly short questionnaire" that would include only the questions
needed to redraw voting districts. The agency hopes more people will fill
out the census form if it is shorter.
* Distributing forms at public locations, much as tax returns are, and using
computers to weed out duplicate mailings.
* Using new technologies to produce forms in languages other than English and
Spanish.
* Allowing people to file their census forms by home computer directly into
the agency's data banks.
* Obtaining information about people from other government agencies rather
than from the people themselves.
------------------------------
Date: Thu, 14 Mar 91 16:03:00 PST
From: mcmahon@TGV.COM (John 'Fast-Eddie' McMahon)
Subject: Let your fingers do the walking thought the roadway information base
In the 3/13/91 issue of the San Francisco Examiner, a columnist (I have
forgotten the name) describes the new transportation department service where
you can use your phone to dial up and request information on the status of a
particular roadway. From a touch tone phone, you answer the prompt with the
highway number.
It appears the default for any given road is a message which states that "no
construction/detour information is available". This was the information that
the columnist received when he punched in "480", the code for Interstate
Highway 480 in downtown San Francisco.
The problem is that I-480 (a.k.a. The Embarcadero Freeway) was closed after the
1989 Loma Prieta Earthquake earthquake and is in the process of being torn
down. Anyone who reads a San Francisco newspaper know this. Obviously no one
bothered to tell the computer...
John 'Fast-Eddie' McMahon, TGV, Inc., 603 Mission Street, Santa Cruz CA 95060
408-427-4366 or 800-TGV-3440 : MCMAHON@TGV.COM
------------------------------
Date: Thu, 14 Mar 91 19:05:53 -0600
From: MISS026@BOGECNVE.BITNET
Subject: How to deal with "DROIDS"
The recent discussions on "droid" workers has prompted me to pass along a bit
of "wisdom" that I've acquired from dealing with many "droid-related" problems.
Feel free to quote the following:
<cut the droid off in the middle of the scripted speech now> "Excuse me,
you have been quite helpful, however, I would like to take this matter
up with the President of your company. Please provide me with the
name/address/phone number of the President."
Just forget about dealing with STEWPID [sic] people altogether, and send a
CERTIFIED letter to the President, RESTRICTED DELIVERY REQUESTED. It costs
about $2.80 to send it this way, but the President must physically sign for
the letter, and you are just about guaranteed at getting a favorable response
from the President (or at least a vice-president). These people know why they
you are writing to them, and how to solve your problem to retain your business
(along with all of your word-of-mouth business as well), and will help you.
It's worked for me for years, and years.....start at the top and work down
rather than working upward thru stupidity.....(gravity works wonders in
bureaucracies...)
And remember to wear your "I HATE STEWPID PEOPLE" T-shirt with pride! :->
(yes I have one....)
Greeny Internet: MISS026@VE.BOGECN.EDU BITNET: MISS026@BOGECNVE
[Although not really computer related, this message is brought
to you as a service to the public (instead of a risk?). PGN]
------------------------------
Date: 14 Mar 91 16:08:53 GMT
From: owens@lust.uchicago.edu (Christopher Owens)
Subject: Re: EM solution for new buildings - risk solved?
> ... which stops any electromagnetic radiation from leaving the building.
^^^
> It is therefore impossible to hack inside information from outside ...
^^^^^^^^^^
It appears that the author of the magazine article uses the term "any" to mean
"some", and "impossible" to mean "more difficult". Clearly (bad pun) the stuff
can't stop *all* electromagnetic radiation, else you couldn't see through it.
Christopher Owens, Department of Computer Science, The University of Chicago
owens@gargoyle.uchicago.edu (312) 702-2505
------------------------------
Date: Sun, 10 Mar 91 16:27:10 PST
From: Anthony E. Siegman <siegman@sierra.stanford.edu>
Subject: Computer Obtuseness File (Medical Division)
My wife's father, elderly and ill, has had many medical bills lately. These
bills are sent by the medical providers (doctors, hospitals, etc.) directly to
Medicare, which pays part of the charges, leaving a balance to be paid by
supplementary insurance or his personal funds.
Because so many patients in this situation have supplementary Blue
Cross/Blue Shield coverage, Medicare has set up an automatic forwarding
procedure to transmit the unpaid portions of these bills directly to Blue
Cross. My wife's father has supplementary coverage with another carrier,
however, and no Blue Cross coverage; yet it turns out this automatic forwarding
feature can be neither redirected to his carrier nor turned off.
For every single bill, therefore -- and there are dozens -- the unpaid
portion gets forwarded to Blue Cross, which tries to process it and discovers
he has no coverage. So after a suitable delay they mail him (really, us) a
form letter (a separate one for each bill) saying they are unable to identify
his coverage. There seems to be no way to turn this process off or
short-circuit it.
--AES
------------------------------
End of RISKS-FORUM Digest 11.28
************************