Archive-name: privacy/info-source Posting-Frequency: monthly, 13th If you become aware of any changes or additions (phone numbers, procedures, addresses,etc.), please advise so I can incorporate the changes. Thanks! Non-commercial reproduction of this document is permitted with appropriate credit given to the author: Doug Monroe <doug.monroe@att.com> Hypertext HTML version at URL: http://www.eff.org/pub/Privacy/HTML/monroe_priv.html (thanks to Stanton McCandlish mech@eff.org) Last Modified: 11/15/95 Last Modifications: Changed URL to hypertext version (above) and general cleanups NY TIMES ref. to Med. Records Confid. Act of 1995 PGP link added to Email security info Disclaimer: The included information is from my own files and does not necessarily reflect the opinions/attitudes of my employer. **NEWS** from NY TIMES 11/15/95- Hearings on the Medical Records Confidentiality Act of 1995 will be held Tuesday (Nov. 21, 1995). Sponsored by Sen. Robert F. Bennet (R), Utah. Seeks to establish "Federal rules for the use and disclosure of health information"...opposed by "civil liberatarians and patients rights groups who say that it will facilitate the establishment of large databases of medical records" ..."authorizing law enforcement authorities and others to delve into records without patients consent". Interest in the topics discussed in this file was generated by reading a book titled "Privacy for Sale" by Jeffrey Rothfeder Simon & Schuster 1992 ISBN 0-671-73492-X regarding the demise of privacy in the age of the computer. The ease with which personal finance, medical histories, credit, etc. information is obtained, by practically anyone with the time and or money to find out, is truly alarming. The lack of protection by the laws of this country is perhaps even more alarming. The book mentions many organizations but no addresses or phone numbers are given. Mr. Rothfeder also gives us some helpful, but limited advice which I have tried to expand upon. I have put together some additional information which I thought might be helful to those interested in inquiring about the quality and quantity of information (about themselves) which would be available to others. I would whole heartedly recommend the book for all consumers to read and use this information to protect yourself in the abscence of governmental protection against data abuse. Sections marked --> are excerpted from pages 207-208 with my comments added: --> Get a copy of your credit report from all major bureaus and check it for inaccuracies and evidence of unauthorized snoopers. Address and procedures for the three major credit bureaus: (also see notes below address section) TRW PO Box 2350 Chatsworth, CA 91313-2350 Cost: 1 free report per year, $15.00 thereafter Procedure: In writing only Phone:(800) 682-7654 (800) 422-4879 7/21/94 A. Evans reports via email: TRW will supply credit report from an automated system by calling 800 392-1122. Equifax PO Box 740241 Atlanta, GA 30374-0241. FAX request to: (404) 612-2668 Cost:$8.00 (Maryland +$5.00, ME & MT +$3.00) Procedure: Write or fax Phone:(800) 685-1111 (800) 525-6285 Trans-Union P.O. Box 390 Springfield, PA 19064-0390 Phone: 404-396-0961 (800) 680-7289 Cost: $8.00 individual, $16.00 husband & wife Procedure: Write or call 610-933-1200 (call *only* if denied credit in last 60 days) Note: All bureaus will provide free report if you have just been denied credit. Credit reports should include the names of organizations who have accessed your records. They may not necessarily be the same org. to whom you applied for credit. All claim to require the following information to respond to your request-- 1. Full name including middle initial 2. Spouse name, (if you have one.) 3. Current address. 4. Date of Birth. 5. Social Security Number 6. Verification of your address (copy of Driv. license or a bill with the address clearly indicated). ---------------------- From: Patrick Townson (10/12/93) ...the *top half* of your credit bureau file -- the part where your name, address, former address, SSN and date of birth are revealed (as well as frequently your places of employment and previous employment and sometimes a phone number) is NOT protected under the Fair Credit Reporting Act. Just the bottom half of the report where your 'trades' appear is protected. If you don't like it, take it up with the Congress of the United States. ----------------------- From Brenda J. Roder (4/16/93): When I received my credit reports from trw and equifax, they had separate addresses to write to, to be excluded from the pre-screening programs. [This should help eliminate pre-approved cards you never requested,as well as reduce the amount of mail from direct marketers who target specific audiences] Equifax Options P.O. Box 740123 Atlanta, GA 30374-0123 TRW Credit Marketing Consumer Opt-Out Service PO Box 919 Allen, TX 75002 (800) 353-0809 Trans Union 555 W. Adams St. 8th Floor Chicago, IL 60661 ----------------------- From Jerry N. Alexandratos (11/13/94): Maryland law now requires the credit reporting agencies to provide, upon request, one free credit report per year. Recent credit denial is not necessary. You still must give them *lots* of information about yourself to get the report- enough to start a file on you if they have not already done so. (Addresses for the past 5 years, for example.) ----------------------- From anon source: (accuracy unknown 3/21/95) You may also want to [ask the credit bureau(s) to] put a "security alert" on your information for added protection. What this does is if a loan application comes in to the credit bureau, you must be contacted by phone for verification before any loan is issued. ----------------------- Lots of Consumer Credit info can be obtained from Steve Adam's consumer-credit-faq lists (part 1-n) at rtfm.mit.edu anonymous ftp site (also posted to news.answers and misc.consumers) in: /pub/usenet-by-hierarchy/news/answers/consumer-credit-faq Also: FTP to internet.spss.com in /pub/credit (ftp://internet.spss.com/pub/credit) ----------------------- ---->Don't share personal information with anyone who does not have the right to see it. Don't write SS# or phone #, address, credit card numbers if it is not appropriate to do so. Don't give out this info over the phone to unknown callers. --------------------------- From Chris Hibbert (hibbert@netcom.com) A Social Security Number FAQ is available from the following sites: Site Location rtfm.mit.edu /pub/usenet-by-hierarchy/news/answers/privacy/ ftp.cpsr.org /cpsr/privacy/ssn/Social_Security_Number_FAQ Gopher users can retrieve it from gopher.cpsr.org. World Wide Web (www) can find it using the following locator (and probably several others you could construct from the other directions I've given): ftp://ftp.cpsr.org/cpsr/privacy/ssn/html/privacy.html You can also retrieve it by sending email to Address Command (omit the quotes) listserv@cpsr.org "GET cpsr/privacy/ssn Social_Security_Number_FAQ" mail-server@rtfm.mit.edu "send usenet-by-hierarchy/news/answers/privacy/ssn-faq" You can also ask for general help from either of these email servers by sending a message to the same address with just "help" in the body. --------------------------- Info about the structure of SSN's and how they are assigned, use anon ftp to cpsr.org, file is /cpsr/privacy/ssn/SSN-structure. ---------------------------------------------------------------------- Phone Number info: The below is meant to illustrate just how easy it is to use reverse phone directories to uncover the name/address associated with a given phone number-- Info passed on from Blake Patterson (blake.r.patterson@att.com) 1/5/95: Reverse (telephone) directory services give you the listed name and address belonging to a telephone number. Most cannot help with unlisted phone numbers. Here are some: I. The UnDirectory service -- mechanized, low-cost, and quick You need: Touch-tone phone and a line that allows 900- calls Action: Dial 1-900-933-3330 and enter any 10-digit US number Pay: $1 per minute (on next phone bill) Speed: Instant lookup. If you're fast: 3 lookups a minute Coverage: Listed numbers in contiguous US + Alaska, Hawaii, AT&T 800 Available: 24 hours, year round Accuracy: Like CD-ROM data -- better for some areas than others Provider: Clarity Inc, PO Box 8357, Red Bank, NJ 07701 Contact: 1-908-530-5100 -- leave a message No presubscription needed. No refund for unsuccessful lookups. II. Telename (I think) -- uses live operators You need: Phone and a line that allows 900- calls Action: Dial 1-900-884-1212, give operator number, await lookup Pay: $1.49 first minute, $0.75 per additional minute Available: Business hours Provider: Telecompute Corporation, Washington, DC III. Chicago-area lookups only (312- & 708-) -- mechanized, low-cost You need: Touch-tone phone Action: Dial 796-9600 from Chicago phones, or 1-312-796-9600 Enter Chicago-area phone number Pay: $0.35 for two lookups from Chicago phones; Long-distance charge, only, for outside-Chicago callers Coverage: Listed 312- and 708- phone numbers Available: 24 hours (?) Accuracy: High -- uses Ameritech's database Provider: Ameritech IV. Published directories Public-library reference desks often keep reverse directories, but only for local cities. The book for one city costs $150-200. V. CD-ROM phone directories Widely available. Many provide only name-to-number lookups, not the reverse. ------------------------------------------------------------------------- --->If you don't want junk mail, notify credit reporters, credit grantors, and the Direct Marketing Assoc. that you would like to be removed from their mailing lists. See addresses above for credit reporters(TRW, Equifax, Trans Union), write to your credit card providers, and write to: Mail Preference Service Direct Marketing Assoc. PO Box 9008 Farmingdale NY 11735-9008 Request to be listed in the Mail and Telephone "suppression" file. The Direct Mark. Assoc. can also be reached by phone: Phone 212 768-7277 ask for Mail Preference Dept. (Better to write, IMO) Ask to be listed in the Telephone and Mail "Suppression" file. Stay on the line while info is typed in. Call a month or so later to ask if you're listed. ___________________________________ Don't ask your mail carrier to stop delivering "junk" mail. They have a legal obligation to deliver anything for which postage has been paid. Do not send back the Business Reply envelope, stuffed full of the junk, back to the sender. Likewise do not mark "Return to Sender" thinking that these tactics will send the message that you don't want the mail. Most reply mail goes to third party sweatshops for data entry. Therefore, your effort to notify them in this manner will be for naught. -------------------------------------- Polk is a Direct Mail Advertising (read "junkmail") list developer, and someone to whom you can write to get your name off the list: R.L. Polk & Co. List Compilation and Development 6400 Monroe Blvd Taylor, Mich. 48180-1814 ______________________________________ Finally, see Chris Hibbert's "junk mail FAQ" Look in misc.consumers or alt.privacy; or the ftp site rtfm.mit.edu in /pub/usenet-by-hierarchy/news/answers/privacy/junk-mail -------------------------------------- ---> Strike back when somebody has invaded your privacy. Notify the offending party that you're outraged and won't do business anymore. Tell the tale to anyone with media power--Congresspersons, Bankers Assoc., AMA, FTC, BBB, and newspapers. ---> Notify licensing officials if you learn the a private investigator has inappropriately gained information about you. A few more points mentioned: -->The Physicians Computer Network in Laurence Harbor, NJ is providing free PC's to many physicians. PCN requires that they always be connected to the network so they can "scour the patient records of the M.D.s looking for interesting tidbits, and pull data for marketing lists" Page 193 Ask your physician if she/he subscribes to this network and avoid them if they do. -->The Medical Information Bureau (MIB) is a vast databank containing the summaries of health conditions for more than 12 million Americans. Insurance underwriters scan MIB files to decide how much to charge for a policy, or whether to even issue the policy. Page 184 Obviously, inaccurate data can be extremely harmful. Call MIB to get a form to request that they disclose your medical records to you (or your physician). Medical Information Bureau PO Box 105 Essex Station Boston MA 02112 617 426-3660 follow instructions on voice mail. Cost: free Procedure: request disclosure form D-2 Canada: MIB, 330 University Ave. Toronto, Ont. M5G 1R7 (416 597-0590) Check out an article titled "Open Secrets: Medical Data Gathered by Firms Can Prove Less Than Confidential", by Ellen Schulz, Wall Street Journal 6/9/94 Two more things you can do: Write to the FBI to inquire about a search of the automated indices to the central records system files maintained at FBI headquarters. Federal Bureau of Investigation F.O.I.P.A Section (Freedom of Inf./Privacy Act) J.Edgar Hoover Bldg No charge 9th and E Streets NW Washington, DC 20535 Phone 202 324-5520 Procedure: Provide Full Name, Date of Birth, Place of Birth, Address Request must be signed *and* notarized! or it will be returned ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It takes a *long* time to satisfy these requests. Typically, several months go by between the time you make a request and the time you receive any notification of documents found (or not found). If documents are found, you are then notified of the backlog and review period and you must wait until an analyst makes a decision to send any info to you. Apparently there are many exemptions under which the FBI can deny disclosure of records. This wait could be a year or more I'm told. Periodic notifications are not sent. You can call or write to inquire about the status of a request. The request is given a number and it is supplied to you on a form letter early in the process which acknowledges receipt of your request. ------------------ From Chris Hibbert: It's probably worth pointing out that there are statutory requirements for timely responses. You occasionally have to file appeals to get a response, but there are organizations that specialize in houding federal agencies to respond on time, and take them to court when they don't. (The biggest is called the Fund for Open Information and Accountability.) ------------------- The Attorney General has specifically excluded NCIC records from the provisions of the Privacy Act. However, NCIC computerized criminal files are now maintained within the Identification Division records. If you desire a search of the Identification Div. records write to: FBI Identification Div. Room 10104 Washington, DC 20537-9700 Proof of identity required--name, date of birth, and a set of rolled inked fingerprint impressions placed upon fingerprint cards or forms commonly utilized for applicant or law enforcement agencies. Processing fee $17.00, in form of certified check or money order payable to Treasury of the United States. Ask for copy of Rules and reg's for Order 556-73 which will explain procedure to follow for changing correcting, updating records. ----------------------- There is a Freedom Of Information Act kit available via ftp to: hyperreal.com in directory /pub/drugs/politics/misc The file is called FOIA.kit - or, search ARCHIE for other FOIA info (lots out there). The Kit is very complete and informative! Additonal FOIA info can be obtrained from ftp to cpsr.org in cpsr/foia/citizens_guide_foia.txt The CPSR ftp site lots of other info of interest too! Also, try gopher://wiretap.spies.com/00/Gov/foia.cit The Electronic Frontier Foundation ftp server contains lots of info on communications technology and privacy issues on ftp.eff.org ----------------------- Check out the book from your local library or buy (~$22.00), read it, then CONTACT YOUR CONGRESSPERSON! tell them you are appalled at the lack of data privacy in America. Encourage them to support legislation to protect us from information abusers! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MISCELANEOUS +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Additional addresses and info: (Thanks to Chris Hibbert) ChexSystems Consumer Relations 1550 E. 79th Street Suite 700 Minneapolis, MN 55425 What is ChexSystems? They have a database of people who have had bank accounts closed for persistant bad checks or fraud of one kind or another. Many banks check with them and report to them when opening new accounts. People who are refused service because of information about them in th the FCRA, which requires the banks to notify them what information was relied on, who supplied it, and then ChexSystem is required to provide a free copy of their report to the individual. ========================================== From: Judi Clark (11/16/94)- The Privacy Rights Clearinghouse The Center for Public Interest Law 5998 Alcala Park San Diego, CA 92110 (619)260-4806 (619) 260-4753 (fax) e-mail prc@teetot.acusd.edu Hotline: +1 800-773-3348 (Calif. only) +1 619-298-3396 URL: http://www.manymedia.com/prc/ They have a number of valuable publications online. ========================================== Privacy Journal P.O Box 28577 Providence, Rhode Island 02908 (401)274-7861 North America: $98/year Overseas: $125/year Paid in advance: $35/year ======================================== Privacy Newsletter PO Box 8206 Philadelphia PA 19101-8206 Phone: 215-533-7373 E-mail: privacy@interramp.com USA: $99/year (12 issues) Foreign: $149/year (12 issues) ======================================== The CODEX : "Our purpose is to educate the layperson about the technology, techniques and equipment used for professional intelligence gathering." The Codex is published monthly by: Codex Publishing, 286 Spring Street, New York, New York, 10013. Tel: 212-989-9898 Fax: 212-337-0934 E-Mail: SpyKing@novalink.com The annual subscription rate is $ 95.00 for US residents and $135.00 foreign subscriptions. All mail sent 1st class. To subscribe send a check or money order payable to Codex Publishing. Include your name & full mailing address. ======================================== From Deborah Barett (4/17/95): Who (Secretly) Reads YOUR E-Mail? by Andre Bacard, Author of "Computer Privacy Handbook" ISBN # 1-56609-171-3 Do you like people to (secretly) monitor, store, and redistribute your business and personal e-mail? How about your electronic posts? Probably not. [Andre Bacard] has written several privacy FAQs (Three to five page articles in question & answer format). You can download these for free. To get info, send this e-mail: To: abacard@well.com Subject: Help Message: [ignored] Web site: http://www.well.com/user/abacard - with links to book info, and pro-privacy people and groups. Editors note: see the PGP web pages for info on using PGP for mail security...http://draco.centerline.com:8080/~franl/pgp/ ======================================== There are many local credit bureaus. Bankcard holders of America, a non-profit consumer education group, publishes a ``credit-check kit'' that includes the name, address and phone numbers of legitimate credit bureaus across the country, as well as a pamphlet that explains in details your rights under the FCRA. The kit costs two dollars and is available from: Bankcard Holders of America 560 Herndon Parkway Suite 120 Herndon, VA 22070 If you disagree with anything on your report, contact the credit bureau. The FCRA requires the bureau to reinvestigate the facts in the dispute; if you do not agree with their conclusion, you have the right to include a statement in the report with your version of the story. ======================================== Obtain a statement of your earnings from the Social Security Administration every two years. This will tell you if someone else is earning wages under your social security number, which can lead to many difficulties at retirement. If you suspect an error, you have three years, three months and 15 days after the mistake is made to challenge it. To get your statement, you need to fill out a Request For Earnings and Benefit Estimate Statement card, which can be ordered by telephone from the Social Security Administration's toll free number, (800) 772-1213. Ask for Form 7004, (Request for Earnings and Benefit Estimate Statement.) For you net surfers you can download the Social Security Earnings and Benefits Request form from the following URL: http://www.ssa.gov/online/ssa-7004.html ========================================= From foo@drycas.club.cc.cmu.edu Date: 30 Sep 1993 13:05 EDT If you REALLY want to get some good ammunition of WHY information should be protected.. read this book: GET THE FACTS ON ANYONE : How you Can use Public Sources to Check the Background of Any Person or Organization. By Dennis King, Award-Winning Investigative Reporter published by Prentice Hall (part of Simon & Schuster) in 1992. ISBN 0-671-86470-X One part I really HATED was his discussion of what info is available with an SSN and how to try to figure out if someone has a fake identity using it. I know it IS available, but that does not make it right. I got the book in my college library, so try borrowing it first if you can't or don't want to buy it. The retail price is listed as $15 on the book cover. FOO ========================================== In an effort to illustrate the amount of info available (and its cost), I have include a recent (10/93) Usenet post with all refs to poster omitted. Followups to this post have indicated that costs might be much lower than those listed- I point this out only to show that this info -is- available and at a relatively low cost. -dwm =begin included post= I wish to announce my recent aquisition of some databases which are primarily used by skip-tracing, investigative and government agencies to locate people, any assets they may have, and other pertinent and personal details of their lives. These databases are being made available to anyone who wishes to have access to them. The charges are simply being passed along, 'at cost' based on what I am paying. SOCIAL SECURITY NUMBER TRACING: =============================== You provide an SSN. I will advise you of all the names which have been used with this SSN, and the addresses which go with each. Or it can be the other way around: you supply an exact name and address (it can sometimes be a former address), and I will supply you with the SSN used by that person. $60 PEOPLE FINDER: ============== You provide a name. Any name okay, but very common names will render a useless list. Middle initials and last known address is requested if possible. You'll receive a listing of every person who has that name, along with other data: New address if they moved; Telephone number provided the number is published; Residence type; Length of residence; Gender; Date of birth; Up to four other household members and their dates of birth. For additional information, People Finder also can provide a neighbor listing which includes up to ten neighbors, their addresses, phone numbers and residence types. The People Finder database has 120 million names, 80 million house- holds and 61 million telephone numbers. It can be searched by telephone number only: You provide the phone number, I will respond with the person's profile and neighbor listing. Ot it can be searched by address only, with the same results. Cost: $80-$120, depending on how extensive the search is. People Finder comes with a guarantee: if I cannot produce at least one person with the name you request plus an address for that person, then there is no charge. CONSUMER CREDIT REPORTS: ======================== Consumer Credit reports availale from one bureau, $60 Consumer Credit reports available from three bureaus, $100 I need two things: 1. The name and address of the person, plus SSN if possible. 2. A *signed* statement that your request is for bonafide, legal reasons, i.e. you are considering an extension of credit to the person, or possibly employing them, etc. I cannot proceed without this signed statement. OTHER DATABASE FEATURES: ======================== Has someone ever filed bankruptcy? Any one district $40 Checking all districts avail. $160 Commercial Credit reports available on any business in file, $95 About fourteen million businesses and corporations included. Criminal History records available at $75-100 per jurisdiction you request searched. I need the exact name, SSN and DOB of the person. Death Records can be provided in various formats: By SSN only - is the holder of that SSN deceased or not? $30 By name - a more detailed account of their demise $40 Drivers Records can be pulled but the exact name and DOB is essential; otherwise if you have the full driver's license number, the search can be reversed, providing a name and DOB plus address. (Then use People Finder address trace on them.) $65 Education and degree verification is possible, and frequently used to expose those people who are not what they claim to be. $35 Real Property Asset Locator database $75 I can do this, but need to know *which* areas to search. Who is the real owner of the corporation with which you are having a dispute? The name(s) and address(es) of the officers of corporations are available in many places. Sometimes you get their home address and phone number in the process. If you know what state the corporation is based in $45 If you wish to have a search of 30 states done $165 Would you like to know if someone is getting workers comp money? If you know what state they are likely to get it from, I can verify it (only in selected areas) $63 Uniform Commercial Code filings by state $52 VIN (vehicle identification numbers) checked by state $50 =end included post= ----------------------------------------------------------------------- George Galdiano <ggaldia@utdallas.edu> prepared a very nice Microsoft Word document, accompanied by an Excel spreadsheet to help consumers: * get your name off junk mail lists * contact credit bureaus * contact Medical Information Bureau * handles disputes * contact the Social Security Admin. This resource kit can be obtained via anon ftp to: ftp.rahul.net in the directory /pub/jag/privacy/ ----------------------------------------------------------------------- END -----------------------------------------------------------------------