I just got a call on the super secret Stuphone in the closet. It was AT&T.

att: Hi my name is suchandsuch and I’m calling from AT&T.
me: OK
att: The purpose of this call is to ensure that you are receiving the best possible service from AT&T.
me: OK
att: This call may be monitored or recorded for quality purposes.
me: But I don’t want to be monitored and recorded.
att: Well it is just for quality purposes.
me: Is this a necessary call?
att: It is necessary to ensure you’re receiving the best possible service.
me: But it’s not necessary. And I don’t want to be monitored and recorded. So we should end the call.
att: Oh. Whatever. *click*

Funny how some people can’t comprehend that you don’t want to be recorded when they call you.

It is worth the (small) premium to get a good ISP:

“We will not allow warrantless wiretapping or access to customer information.”

DHS wants to bring charges against the NYTimes.

Myself and a lot of other people are going to be very, very pissed if this sees the light of day.

I have been thinking about setting up an organized system to track my correspondence with businesses and the like. One thing I would like to do is have a detailed record of all emails and phone calls between myself and a business. The basic premise here is that it would make it easier to protect my own consumer rights – “You specifically told me on June 2nd at 10:38am that I would only be billed once!” Stuff like that.

So I figured it might be a good idea to set up a recording system on my home phone to record my conversations. Then hopefully I could save these conversations to digital format and link them to a case number that I would create. But I knew that wiretap laws can be a little tricky, so I googled a bit and found this from Privacy Rights Clearinghouse: “Wiretapping/Eavesdropping on Telephone Conversations: Is There Cause for Concern?” Specifically, this is exactly the information I was looking for:

California law does not allow tape recording of telephone calls unless all parties to the conversation consent (California Penal Code 632), or they are notified of the recording by a distinct “beep tone” warning (CPUC General Order 107-B(II)(A)(5)).

So I think this leaves me with two options:
1) Every time I call up a business or receive a call on my home phone, I ask for the consent of the other end that I record the call.
2) I take detailed written notes of each call as it comes in.

Either way, this isn’t really relevant until I get this system in a workable state. But I thought I would post this information here just as an FYI to my California reader(s).

With all this recent talk of domestic spying, we’ve been hearing some pretty interesting things about how the NSA and the federal government operate. Most of these facts aren’t new to anyone, especially me. But the recent happenings have gotten me thinking nonetheless.

The NSA has taps on every major information pipe in the country. This isn’t even a secret.

You are restricted on the level of encryption you are allowed to use in this country. You aren’t allowed to use an encryption key larger than 256 bits. Why? Because the NSA wants to be able to crack your communications if they choose to.

Well, my viewpoint on all of this is not only does the government not have an inherent right to monitor my communications, but I have an inherent right to my own privacy. There is a concept called “innocent until proven guilty”, which isn’t always practiced in this country. Many people will say “Well, why does it matter if your communications are being monitored? If you haven’t done anything wrong, you don’t have anything to worry about.” Yeah? Well on the same note, if I am assumed innocent then the government also has nothing to worry about.

Why does the federal government get this special place in our lives that they evidently have a right to know everything we say and do? I personally call for civil disobedience. Use methods such as anonymizers to protect your identity (tutorial here). Use strong encryption to protect your communications. It is a shame that these technologies aren’t built-in to our everyday communication systems.

I wrote a tutorial entitled “How to be Anonymous on the World Wide Web Using Windows“. Read that tutorial if you want to know why you should care and how to do it.

Macy’s doesn’t seem too interested in protecting their customers against fraud, so I’ve written them again and copied the California Office of Privacy Protection. Hopefully we will get some results. The contents of the letter are found below.

November 18, 2005

Macy’s Customer Service
P.O. Box 8067
Mason, OH 45040

CC: Office of Privacy Protection
Department of Consumer Affairs
400 R Street, Suite 3080
Sacramento, CA 95814

Dear Macy’s Customer Service,

On October 5, 2005, I wrote a letter (a copy of which has been included in this mailing) to Macy’s customer service with a concern about the security of the credit card mailing methods. I have not yet received a reply. I was fairly certain that someone at Macy’s would be interested to know the ease in which fraud could be committed on their customers’ new credit cards.

Since that time I have received two promotional offers in the mail from Macy’s. I hardly think your sales and offers are more important than your customers’ identity theft concerns.

Due to the apparent lack of interest in the protection of your customers’ credit card accounts, I have sent a copy of this letter to the California Office of Privacy Protection. I hope that between all of us, we can come up with an acceptable solution.

Sincerely,
Stuart Matthews
2240 Larkin Street
Apartment 103
San Francisco, CA 94109

October 5, 2005

Macy’s Customer Service
P.O. Box 8067
Mason, OH 45040

To Whom It May Concern –

I have recently received a Macy’s Visa card in the mail. I have noticed a stunning security problem with the way the card is sent.

The credit card number, as you know, is shown on the back of the card as well as the front of the card. On the back of the card, it is printed in black ink. The glue used to affix the credit card is placed directly onto this part of the card. When you remove the card from the paper, guess what gets left behind on the paper? That is right – the credit card number, and the three-digit security code. This, in combination with the credit card holder’s name and address, is almost all that is needed to make charges to the card. The only other thing needed is the expiration date. A nefarious individual can quite easily guess this date in a short amount of time. They can either start trying dates starting from one month after the current month, or they can easily apply for a Macy’s card of their own and see what the expiration date is on that, which will be close to the date of the stolen card number.

Many people throw this piece of paper away unmolested. The only personally-identifiable information they should expect to be on this paper are their name and address. Not everyone will have as good of eyesight as I do to be able to notice the small numbers left behind on the glue. I hope you correct this error quickly and update me with any actions that have been taken to prevent fraud due to this error.

Sincerely,
Stuart Matthews
2240 Larkin Street
Apartment 103
San Francisco, CA 94109