Slashdot Mirror

There should be a System Admin "Code of Ethics". The closest is the IEEE "Code of Ethics", or the ACM "Code of Conduct" if they happen to have joined.

The first is "bite sized", the second is probably more relevant but way more wordy, but how many people even bother joining either?

We are unorganized as a group at large, and the lack of standards to adhere to is part of the problem that we, as a Profession; including Admins, Programmers/Developers, Support Techs; need to address somehow.

(/rant) :)

computer professionals for social responsibility

cpsr.org

http://cpsr.org/issues/ethics/index.html

FTFY

You might be OK with the concept and execution of Google Street View. However, a lot of people most certainly are not happy. We don't want our houses plastered up on an easily indexed, location linked, photography database.

And it's going to happen anyway, with or without Google. I've posted hundreds of geolocated photos in Earthscape and Picasa. More will come. In 5 or 10 years, perhaps every photographable thing on earth will have at least one geolocated, maps-searchable photo pointing at it.

You're worried about photos of your house. Have you bothered to check Picasa, Flickr, Imageshack, Photobucket, Bayimg? TerraServer? Real estate comparison sites? What of the hundreds of other image and geographic services I have not named?

If not, can you claim with a straight face that this issue is important enough to warrant government involvement in private photography? It is unclear to me that there should be an a priori restraint on publication simply because "a lot of people are not happy". If that's a problem, toddle on down your Congressman's office and see if you can get enough people interested to pass a law. If you don't care enough to bother, fine, but don't tell me it's important to you.

I'm a veteran of these wars. I fought Lotus Marketplace, I wrote letters to my legislators and to Lotus and to Mitch Kapor. That success was utterly irrelevant. What I have learned is that you need to pick your battles, and pick them only when there is real harm being done. Otherwise you risk creating an unwieldly, overbearing enforcement environment that hurts everybody.

and perhaps join and participate in computer professionals for social responsibility. http://cpsr.org/

Some years ago I dealt with several databases where the primary key was the student's SSN. Most used a separate field as the primary key and there were new db systems in the works when I left, but at least not too long ago there were still a handful around. I would suspect there are still other systems around that for whatever reason (expedience, incompetence) use an SSN as a primary key. It was only back in 2005 that CPSR was reiterating that SSN's are bad as db keys, so it wouldn't seem too much of a stretch to think that there are still dumb db designers out there.

I never liked the fact that SSN's were kept in the student databases I worked with at all, much less were used as an ID, but some stupid federal programs require that info to be available for eligibility (eg. free/reduced lunch).

I agree with the GP that SSN's should only be stored by the SSA. However, I'd go one step further and say that they shouldn't exist at all anymore - the SS program itself has outlived its' usefulness, but that's another issue.

IMO, the IRS using SSA's as TIN's was rather stupid, though I'm sure more than one person thought it was a good idea at the time. Add in the ubiquitous use of the SSN as a 'positive identifier' by every entity and its' sister organization and you have created an environment where ID theft is so simple that any common street thug can do it. SSN's are useless as a unique positive identifer, but it still amazes me that public and private entities accept one as a valid ID.

Make SSN's completely meaningless and ID theft becomes at least a little bit harder to accomplish, and the risk/reward ratio isn't nearly as attractive. The problem is this would require so many changes on so many levels of government and the private sector that it's almost mind boggling.

Actually, as far as the draconian U.S. copyright law goes, it's mostly due to Democrats.

Check the laws that Democrats try to pass. Republicans don't care about "content industry" as much as the Democrats do---their campaign funds come from other sources, like oil companies.

If you really feel strongly about copyright laws (and you think it's too restrictive), you should really be a Republican. I know that's one issue that turned me around to Republican side (after all, most young people like to think they are "liberal" and somehow wrongly associate the Democratic party with being progressive), and I know I will never vote for Democrats ever again.

if people haven't brought up examples it is because they don't care to respond, not because they don't exit. i don't even care too much about this issue, but i read your post - spent 5 minutes on google and found this. it is a bit long so i'll throw the relevant part into my post.

Rep. Howard Berman (D-Hollywood) recently introduced the P2P Piracy Prevention Act (H.R. 5211). This law essentially gives any copyright-holder the right to break any existing law while engaging in technological measures (such as hacking) in the course of protecting their content. They must give prior notice to the government, but there is no approval is required, and the government must keep secret any notice it receives. Large copyright holders sought this immunity in the counter-terrorism bills that greatly increased penalties for hacking, but the absurdity of equating file sharing to terrorism forced them to withdraw their bid that time. The chances of success are hopefully slim, but it's hard to tell.

so in 2002 copyright holders tried to gain the ability to completely ignore the law to go after those they thought to be violating copyright and tried to do so under the auspices of counter-terrorism. like i said, it took 5 minutes to find that with a google search on the words "copyright violation equated with terrorism".

It is a felony. From where I sit, it looks to me like someone at Sony should be doing ten years in the slammer. Or perhaps (since it is a "person") Sony itself should be given the Corporate Death Penalty.

fwiw

It is a felony. From where I sit, it looks to me like someone at Sony should be doing ten years in the slammer. Or perhaps (since it is a "person") Sony itself should be given the Corporate Death Penalty.

fwiw

Mod parent down for plagarism.
http://www.cpsr.org/issues/privacy/whyPrivacy

How do you know it's plagarism? He posted AC. Couldn've been the guy that wrote it.

Mod parent down for plagarism.
http://www.cpsr.org/issues/privacy/whyPrivacy

http://www.cpsr.org/issues/privacy/whyPrivacy

I have been participating as a mentor for the SoC program since it started, and I highly recommend it. It is a great way to get paid, gain valuable experience and a great resume booster, and write code which will be used by thousands or millions of people! Your can read about the successful creations of Nmap SoC students in 2005 and 2006.

This year I am involved with three projects which have been accepted for SoC this year:

• Nmap Security Scanner (SoC Ideas Page)
• UMIT (SoC Ideas Page). This is an Nmap graphical front end which started out as a student's Nmap-SoC project, and now he has been accepted by Google to run it as an independent SoC project!
• Computer Professionals for Social Responsibility (SoC Ideas Page). I serve on the board of directors for this 501(c)3 nonprofit which aims to educate and influence policy makers and the public on technical issues.

And even if none of those projects float your boat, there are 128 others to choose from. Remember that you can apply for multiple projects, and doing so can (with sufficient care and detail for each application) be a good way to increase your odds.

-Fyodor
Insecure.Org

• Do I know what is expected of me?
• Do I have the right materials and equipment I need to do my work right?
• At work, do I have the opportunity to do what I do best every day?
• In the last seven days, have I received recognition or praise for doing good work?
• Does my supervisor, or someone at work, seem to care about me as a person?
• Is there someone at work who encourages my development?
• At work, do my opinions seem to count?
• Does the mission/purpose of my company make me feel my job is important?
• Are my co-workers committed to doing quality work?
• Do I have a best friend at work?
• In the last six months, has someone at work talked to me about my progress?
• This last year, have I had opportunities at work to learn and grow?

• Do I know what is expected of me?
• Do I have the right materials and equipment I need to do my work right?
• At work, do I have the opportunity to do what I do best every day?
• In the last seven days, have I received recognition or praise for doing good work?
• Does my supervisor, or someone at work, seem to care about me as a person?
• Is there someone at work who encourages my development?
• At work, do my opinions seem to count?
• Does the mission/purpose of my company make me feel my job is important?
• Are my co-workers committed to doing quality work?
• Do I have a best friend at work?
• In the last six months, has someone at work talked to me about my progress?
• This last year, have I had opportunities at work to learn and grow?

Social Security numbers were introduced by the Social Security Act of 1935. They were originally intended to be used only by the social security program. In 1943 Roosevelt signed Executive Order 9397 which required federal agencies to use the number when creating new record-keeping systems. In 1961 the IRS began to use it as a taxpayer ID number.

Here I was, thinking that we simply lived in a modern, bureaucratic state with social welfare benefits, and it turns out that it is all a secret plan established and repeatedly expanded by Democrats to number, track, and control us all! Insidious! Ingenious! And they just took control of Congress with promises to further expand social welfare programs! I thought that they were just beneficail social welfare programs, but your case that they are the road to totalitarianism is worth study.

Yes, we do need to be protected from Al Qaida and other terrorists, but not at the expense of the constitution.

Yes, that is a worry. President Roosevelt did directly threaten to pack the Supreme Court by expanding the number of justices to get them to stop rulling all of the social programs he was pushing as unconstitutional. That should have been a key tip off, don't you think? Clearly, President Bush is in the junior leagues when it comes to influencing the Supreme Court even if you assume the more lurid fantasies about his designs on the court are true.

Things are not bad yet, but they could go bad. Pieces are being moved into place that would give a dictator all of the tools that he would need to exercise incredible power. We are already seeing the media bullied, silenced, and propagandized. I guess the next sign of things getting worse would probably be disappearances and prominent people flee^H^H^H^Hleaving the country.

It is hard to get good information from the media about the war against the Islamist extremist terrorists, especially when the media uses imposters as "news sources".

Where do you think people will go? Eurabia? It looks like France is in worse trouble than the United States:

Since appeasement alone is not a strategy. French authorities are keeping a force of some 50,000 riot police in permanent stand-by. A ministry spokesman said it is important to find "the good balance: not overreact to the situation, but at the same time, not underestimate it either."

A local prefect (a provincial governor) added: "In case of trouble, we will have to

Social Security numbers were introduced by the Social Security Act of 1935. They were originally intended to be used only by the social security program. In 1943 Roosevelt signed Executive Order 9397 which required federal agencies to use the number when creating new record-keeping systems. In 1961 the IRS began to use it as a taxpayer ID number. The Privacy Act of 1974 required authorization for government agencies to use SSNs in their data bases and required disclosures (detailed below) when government agencies request the number. Agencies which were already using SSN as an identifier before January 1, 1975 were allowed to continue using it. The Tax Reform Act of 1976 gave authority to state or local tax, welfare, driver's license, or motor vehicle registration authorities to use the number in order to establish identities. The Privacy Protection Study Commission of 1977 recommended that EO9397 be revoked after some agencies referred to it as their authorization to use SSNs. It hasn't been revoked, but no one seems to have made new uses of the SSN recently and cited EO9397 as their sole authority, either.

Several states use the SSN as a driver's license number, while others record it on applications and store it in their database. Some states that routinely use it on the license will make up another number if you insist. According to the terms of the Privacy Act, any that have a space for it on the application forms should have a disclosure notice. Many don't, and until someone takes them to court, they aren't likely to change.

Can you just get one though? It isn't like you can write up the SSA and request it.

From here:

Other commonly accepted complaints include that someone who is harassing you is tracing you through your SSN, sequential numbers were assigned to family members, or there was a serious impact on your credit history that you've tried to clear up without success.

In all cases, the process includes an in-person interview at which you have to establish your identity and show that you are the original assignee of the number. The decision is normally made in the local office. If the problem is with a credit bureau's records, you have to show that someone else continues to use your number, and that you tried to get the credit bureau to fix your records but were not successful. When they do issue a new number, the new records are linked to the old ones.

So basically, they won't issue a new number unless credit bureaus don't fix the problems. If your identity continues to be stolen, and you are forced to keep getting the problems fixed for the rest of your life, you have no recourse. Spectacular.

The Privacy Act of 1974

"I was browsing the patent database, and..."

Everything you read can and will be used against you.

I don't know the rest of the Miranda rights, only that part. ;o

(e.g., Better off not reading these bad things. https://www.cpsr.org/prevsite/essays/2002/2ip4.htm l)

Actually, India-GII - a mailing list/group of sorts which is a part of CPSR (Computer Professionals for Social Responsibility) has been discussing this for quite a while now.

Check out this month's archive.

Particularly, see the threads MMS saga has unexpected consequences and Mahesh Murthy sends you Release the CEO of eBay India (Baazee) - a travesty of cyber-law and e-commerce Petition .

People have been petitioning the release of Bajaj for a while, and this is going to have some very serious repurcussions, too.

• Americans United for the separation of church and state
• ACLU
• EFF Electronic Frontier Foundation
• Computer Professionals for Social Responsibility

Therac-25 ring any bells? Errors like these are not unprecedented. People have died from programmers' mistakes and now that we are relying on technology more than ever, there is more risk than ever before. No link between emergencies and MS security support? Have you ever been in a hospital?! The number of tasks that are now done via computers in our health care facilities is staggering. The worst thing that we can possibly do is put peoples' lives in the hands of companies like Microsoft by trusting them to harden security. And btw, how safe would you feel driving a car running on windows?

I'm pretty rabidly anti-electronic voting (as currently implemented), but these two papers I stumbled across have me rethinking my position:

CFP'93 - Electronic Voting - Evaluating the Threat

Paper v. Electronic Voting Records - An Assessment

WSJ's OpinionJournal.com has a pretty poorly written article as well at:

No Doctored DRE (Subscription might be required for this one though)

Enjoy.

One of the winners of a recent CPSR essay contest was Viruses, Worms and Biodiversity in Computer Systems.

One of the winners of a recent CPSR essay contest was Viruses, Worms and Biodiversity in Computer Systems.

Incidentally... the Computer Professionals for Social Responsibility (CPSR), which in the range of computer-related professional organizations is on the more issue-activist end of the spectrum, has been quite active on voting technology. Check out the organization's e-voting working group.

Also, the CRSP testimony to the Election Assistance Commission is worth a read.

Incidentally... the Computer Professionals for Social Responsibility (CPSR), which in the range of computer-related professional organizations is on the more issue-activist end of the spectrum, has been quite active on voting technology. Check out the organization's e-voting working group.

Also, the CRSP testimony to the Election Assistance Commission is worth a read.

Technology helps in catching criminals too -- the police loves cell phones -- the moment you catch one, his cell phone records lead you to others. The private citizen too can use hidden cameras and the like to fight corruption. On india-gii@cpsr.org, you will find plenty of people who have been often successfully been campaigning for better policy. The anonymous coward has most likely not been in touch with developments in regulatory reform over the last few years. Serious problems remain (particularly the manner in which spectrum is mismanaged), and people who aren't part of the solution are part of the problem. Arun

I sent an anonymous packet of informtion to the dean through campus mail, regarding a faculty member's use of equipment purchased for a university project, and his taking that equipment for a company that he started, and giving us instead dated equipment with 'property of NASA' stickers on it. [where he worked part time, it was my understanding]. He also claimed the work of one of the students for whom he was an advisor, as the work of his company.

Unfortunately, as there were relatively few people who had access to all of the information that I did, it was rather easy for them to track it back to me. I was called into a meeting with the dean, and the faculty member, and they threatened me with expusion. They also weren't happy with something that I posted to the group's web page (which was in fact, a violation of the university's policies regarding use of computer systems)

I also wasn't aware that the dean had a vested interest in keeping the faculty member, as he had received a multi-million dollar grant for some of the research that he was doing.

So, my recomendation is -- if you're going to do anything, go straight to the feds. More than likely, whomever you complain to internally knows what's going on, and wants it to continue, for some reason that you don't know about. [It might even just be a cover-your-ass approach].

Oh -- and after graduating, years later, I needed to get a transcript for a job. It turns out the university had shipped me a diploma, but didn't have my graduation listed in their computer system. It took me over four months to get the issue resolved, and even then, as the last meeting I had with the assistant dean, he had the balls to appologize to me -- not for someone missing to update a flag in the computer system, but for them sending out an incorrect letter informing me of what classes I needed for graduation and sending me the diploma in error.

[They only flagged me as graduated, as I had taken a number of graduate level classes, and they applied those to make up for the two one credit classes they claimed I needed, 6 years later].

Unfortunately, I don't think that this is a direct violation of FERPA, but I know there was some new law, that I think is now in effect, that made it so they had to stop using SSNs as tracking numbers. I've been out of higher ed for almost a year now [working as a systems programmer, and speaking up about problems -- which got me fired], so I'm not as current as I used to be.

If you really want to report this to the school, take it to the student government, or some other body that the school doesn't have direct control over.

ssa - this is for victims of spousal abuse, but it's best I could do in 30 seconds.

Hmm, I stand corrected. But I still think they won't change them for most other reasons. To quote from this website: The SSA doesn't seem to have set policies about issuing new SSNs. As far as I can tell, they will only rarely issue a new SSN to someone who has a significant problem with a stalker or identity theft. In either case, you apparently have to convince someone at the local office that you have tried all reasonable avenues for handling these problems, and the problem continues to reappear because someone is tracking you through your SSN, or because the identity thief continues to create new false credit reports via misuse of your SSN.

In addition, according to some other digging on Google Mr. Gates SS # wasn't "leaked" -- it was exposed on publicly accessible documents (filings with the SEC) -- it's not like somebody at SSA said "I'm going to screw him and release this number!".

If your private information is entered into the public record (though SEC filings, Court records, or what have you) it's always been my understanding that there isn't a damn thing you can do about it. Unless somebody was trying to steal his identify -- which would just about be the stupidest thing you could do. I'm sure if I applied for a loan at my local bank and the credit report returned "William Gates" nobody would raise an eyebrow ;)

Laws and documents produced by the United States Federal Government are considered in the public domain, however "many [U.S.] state government documents, and most documents from foreign governments, are protected by copyright."

So technically some state and local governments can charge you for laws right now.

This is not really accurate. The whole first paragraph of that comment is false.

There are no laws that forbid the private use of the SSN for any reason whatsoever. Any private entity may demand your SSN as a condition for interacting with you; you must provide it or they may refuse to interact with you. (For instance, getting health insurance or a credit card.) The Privacy Act of 1974 made some restrictions relating to *governmental* (only) uses of the SSN as an identifier; when government agencies demand your SSN, they have to tell you their legal authority for requesting it and what the penalties are for failure to comply. This requirement is largely ignored in practice - for instance, when I was serving on jury duty, the court clerk demanded my SSN (to withhold income taxes on the $12/day jury payment), and when I pointed out that they were violating the law by not disclosing the authority for this request, the clerk was singularly unimpressed. If the court system is violating the law... but I digress.

The rest of the comment (seek to use an assigned number rather than your SSN whenever possible) is good advice, and will often work, albeit at the cost of some hassle. CPSR has a good FAQ with some more information.

It does NOT mean (necessitate) paper audit trails, and this goal is much more easily solved by a purely electronic system anyway.

The audit trail must be fixed in some media. Are you suggesting burning everyone a CD-ROM of their vote?

You slashdotters have this incredible tendency to latch onto an idea without bothering to express concrete reasoning behind it.

Many experts have explained their call for voter verified paper audit trails:

Currently, paper is the most widely used and understood medium for protecting valuable documents and verifying important transactions, such as those dealing with money, property and legal matters. If the permanent ballot record exists in an electronic, rather than paper format, the electronic record can be easily altered after it has been cast and therefore is not permanent. No audit medium is tamper-proof, but a paper audit trail is more permanent and transparent than a digital audit trail that depends on software not readily apparent or understandable to stakeholders, particularly voters.

Various technologies have been proposed to meet this requirement, but to date only one has been used in elections: a paper ballot marked with the voter's votes (including contests not voted), in plain language understandable to the voter. Unless and until a technology is developed that offers equal or superior security at an equal or superior price, CPSR strongly advocates that the votes of every voter be recorded in plain language on paper at the time that the vote is cast, and that the paper ballot be retained in ballot boxes and treated as an official elections document. All DREs should produce a paper ballot that may be inspected by the voter prior to completing the voting act.

* Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated. Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside of a voting system.

You have yet to explain your reasoning.

Do you work for Diebold or something?

Clipper Chip! I'm so glad that one died... or is it makeing a quiet comeback?

Of course it didn't subvert GCC, just (if used) ClosedPGP, ClosedSSL, etc

Often, private companies have no legitamate use for your Social Security Number. You might be surprised how often they actually don't need it, and can use an invented number instead.

You may also be surprised how easy it is to not give it to people. Try it sometime. For more information, try reading here.

Private companies, individuals, etc. are not subject to these restrictions at all, so you could potentially see some abuse there. However, just as there is no law that says companies can't ask for your SSN, there's no law that says you have to give it to them.

If you are required to provide a social security number for some purpose, consider using 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it.

See this page.

That was apparently written before the UCITA was widely adopted.

While I'd love to provide a link to disprove that, I actually can't find one.

Well let me lead you in the right direction. "When someone from a government agency asks for your number, they are required to provide a Privacy Act Disclosure Notice, which is required to tell you what law allows them to ask, whether you have to provide your number, and what will happen if you don't provide the number. Private companies aren't required to follow this law, and in general your recourse is to find another company to do business with if you don't like their policies."

Civil juries don't seem to give a wit's end about laws.

Yeah, but judges do. Juries decide issues of fact, not issues of law. If the facts of the situation do no support a legal decision, the judge will throw out the case before it even reaches a jury.

You're completely dead on. I hate it whenever employers, financial institutions or ngo/go's ask for it. Before the IRS started using it as an ID your were not required to give it to anyone except the Social Security Agency. Because the IRS started using it, employers and just about every financial institution there is needed to use it as well. 98% of the organizations that I 'need to' give my number to have nothing to do with social security.

Why doesn't the IRS/money people make their own number, dividing up the risk of the almost inevitable possibility of its theft. This would dramatically reduce the risk of falling victim to social security fraud.

Some resources:
SSN/Privacy FAQ's (cpsr.org)
General Privacy info

Useful information derived from SSN can be found here . You can see everyone was born in CA by the first three numbers. Group numbers can be verified, but isn't the serial numbers the important information?

Companies today don't give a rat's ass about you. All they want is a bunch of robots paying them as little as possible. Everyone is replaceable. If you understand that and embrace it, you can always have the last laugh. Before you leave make sure you have something lined up to go to. As soon as you start at your new job, decide how long you want to stay there (3,4,5 years), and what kind of position you would want at that time. Never stay at a company for more than 6 years. During the time you're at the new job, study,read, and learn what it takes to be able to perform that new position. If the company offers training, great, but don't rely on them 100%. It's your responsibility to improve yourself. Once the time limit has been reached, if you haven't been promoted to the position you've been planning , go on a job hunt again. I once made the mistake of staying 8 years with a company. In the end, the company screwed me over, and I had to take a pay cut and a lower position just to get a new job.

Also, become more active politically. Write to your congressman about getting these excemptions to the labor laws reversed.Join organizations like (http://www.cdt.org/),(http://www.acm.org),(http:/ /www.cpsr.org),(http://www.eff.org) . Laws against us have been passed because we aren't political enough. Look at UCITA. Vendors tried to screw us over one more time. We became organized, and now we are in a stalemate. It's not dead yet, but its certaintly not being enacted on a grand scale.

Unions are not an answer. They have their own adgendas and they kill and calcify whole industries once they take hold.

In a school situation, I'd imagine it wouldn't be that hard to guesstimate the first six digits of a SSN. Remember that the first six digits would inculde the geography identifier (first 3 digits of the number), the group number (assigned chronologically), and one digit of the serial number. Assuming most kids in the school are born in Florida and about the same time, you have a reasonable set to search. Info on SSN number formatting

The UC Berkeley Computer Science Department teaches a somewhat similar class - CS 195: Social Implications of Computing. You might find some interesting reading material in the publications mentioned in their Fall 2002 Syllabus.

There's sure to be some fodder for discussion on the web pages of the Computer Professionals for Social Responsibility, Electronic Frontier Foundation, ACM SIGCAS: Special Interest Group on Computers and Society, ACM Computing & Public Policy, Computers, Freedom, & Privacy Conference, and The IEEE Society on Social Implications of Technology, to name just a few.

Nimda.
Look here to stop it.

(I'm thinking about setting up a DDOS system on anybody that tries to 'hack' my server. Just for a laugh, obviously.)

Remove yourself from the internet. Do it now. You've just proven you are too

• careless, clueless and uneducated

Go read This. When you understand it, and know why you are clueless for your above statement and can control your juvenile "I'm god's gift to the world and everyone else is just stupid and clueless, i'm so 1337!' urges, let yourself back on the internet.

I'm betting it will be a long time, if you are honest. Dolt.

I have both attended at work at UT in IT, so I can give you my observations.

For many years, UT had a non-centralized IT infrastructure. That is, the Colleges did one thing, the Administrative Computing Group did another thing, the Academic Computing Group did yet another thing, and the Libraries something else entirely. This was recently changed with the introduction of a new Office of Information Technology head by a new Vice Provost (Dan Updegrove, originally at Yale). One of the very first things I heard him address was the Social Security number problem in which every student, faculty, and staff member used their SSN as their ID. That practice had to change in order to meet both legal and privacy standards (see FERPA) , and UT has been trying for the past couple of years to make that happen. The trouble is, it was so integrated into all of the different services and departments that it is a slow process to remove it. They started to phase it out, but now UT is seeing the effects of this particular practice. I'm likely one of the ones who will be affected, so I'm waiting for them to announce where people can find that out. (It may be at the UT site, http://www.utexas.edu/datatheft/.

The Daily Texan (student newspaper) has an article about the theft, as does the Houston Chronicle.)

By the way, your Social Security Number isn't public information. It is required for use by some agencies of the government, but you are not required to provide your SSN to private groups unless they need to interact with certain government agencies (this includes your employers, who deal with the IRS). That being said, SSNs are so commonly used a search may pull up that information- but that doesn't mean it is legally public info.

Google can answer most of your questions with nifty links like this, or this.

Who would have thunk it?

From the Article...

To protect drivers' privacy, using the system to track cars in real time would be illegal.

Right. Just like social security numbers weren't supposed to be used for identification purposes.

I don't see anything in there specifying that this rule only applies to what the government can do to you.

How is your SSN any of these things? How about your photograph? Your name?

Just like it's within their rights as a private company to ask me my race as part of a transaction? It's exactly the same logic...

I don't believe it's illegal for them to ask. It's just illegal to discriminate.

More information about SSN's is available here: http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html# IsItIllegalToAsk