Privacy Rights Clearinghouse
In this issue . . .
The PRC's newest fact sheet gives consumers the 411 on credit scores. A simple three-digit number gives creditors all they feel they need to make judgments about whether you will repay a car loan, mortgage, or credit card debt.
The most common scoring method uses a range of 620 to 850. How high or low your score is can determine your interest rate. A number in the range of 760-850 is considered very good and you would likely get the lowest interest rate available. On the low end a score between 620-639 tells creditors that you are a risky investment and might generate high interest rates.
If you are applying for credit, you should be aware of your score and the factors affecting the computation. Scores are generally derived from five categories of information: payment history, amount owed, length of credit history, new credit, and types of credit used. Of these factors, late payments affect your score the most.
Although the law does NOT give consumers the right to a free
copy of your score, it does guarantee your right to obtain your
score for a reasonable fee. You can obtain your score from one of the three credit bureaus: Equifax, Experian, or Transunion. You can also purchase your score if you order your free credit report through the official online source established for this purpose. www.annualcreditreport.com/cra/index.jsp 
Fact Sheet 6c answers many common questions including: who uses the credit score, what your score reveals to creditors, and how you can raise your score.
The guide is available at, www.privacyrights.org/fs/fs6c-CreditScores.htm 
In October someone fraudulently opened a UPS shipping account in the PRC's name. This person used the account to send envelopes via overnight delivery to 45 individuals located throughout the U.S.
The PRC learned that each envelope contained several counterfeit Wal-Mart money orders (often 3 or 4 valued at $950 each). The recipients thought they were receiving the deposit and first month's rent for an apartment rental or a roommate situation that they had arranged online. They were instructed to deposit the funds necessary to cover the costs and wire the balance to Nigeria or other foreign countries so that the supposed roommate could purchase an airline ticket to the United States. The victims had placed advertisements for roommates on Craig's List and Roommates.com websites.
We discovered the fraud when a staff member received a "welcome" packet from UPS. She immediately called UPS to investigate, realizing that no such account had been established by the PRC.
The security division at UPS was not very responsive. Often in identity theft cases the victim is responsible for ensuring that the fraudulent account is closed completely. Although we received assurances from UPS that the matter was resolved, we continue to receive letters and bills connected to the fraudulent account.
Our loss is minimal, however ñ just the loss of our good name with the 45 victims who were sent the bogus mail orders, as well as the time lost in dealing with UPS, reporting to law enforcement, and contacting the victims. But the victims who cashed the fraudulent money orders are out thousands of dollars. One victim with whom we spoke lost $3,500. It is important to realize that once money is wired out of your account, it is virtually impossible to get it back.
The fraudster may have targeted UPS because of the ease of creating an account online. We learned that the fraudster was able to open and use the account with only a stolen credit card. No other identification was required.
For more information on this type of scam, see the US Secret Service advisory available at http://www.secretservice.gov/alert419.shtml .
When your mother told you, ìIf it sounds too good to be true, it usually is,î she was right. Many people have received an email purporting to be from the IRS saying that the government owes them a tax refund. Promising hundreds of dollars, the email directs recipients to a website that collects Social Security numbers and credit card information.
ìPhishingî scams operate by directing people to websites that are designed to look official and requesting personal information such as account numbers or Social Security numbers
The email comes from email@example.com  and when the recipient clicks on the link or types in the address to receive the refund they are quickly bounced from the actual IRS site to a phony one. This happens too quickly for the average computer user to even notice what happened.
The IRS has assured consumers that it does NOT ask for personal information in unsolicited emails. Taxpayers can contact the IRS at 1-800-829-1040 to find out whether the agency is trying to contact them about a refund. The full IRS warning is available at http://www.irs.gov/newsroom/article/0,,id=151065,00.html 
For more information on phishing scams, see the PRC alert available at http://www.privacyrights.org/ar/phishing.htm 
When privacy advocates first learned of Radio Frequency
Identification (RFID), alarm bells went off at the potential reach of the technology. With the technology now firmly positioning itself in the mainstream, two new books describe RFID and its privacy implications.
RFIDs are comprised of tags that contain tiny computer chips connected to miniature antennae that can be affixed to physical objects. In the most commonly touted applications, the microchip contains an Electronic Product Code (EPC) with sufficient capacity to provide unique identifiers for all items produced worldwide. When an RFID reader emits a radio signal, tags in the vicinity respond by transmitting their stored data to the reader. With passive (battery-less) RFID tags, read-range can vary from less than an inch to 20-30 feet, while active (self-powered) tags can have a much longer read range.
Typically, the data is sent to a distributed computing system involved in, perhaps, supply chain management or inventory control.
Two new books take the mystery out of RFID. Written by two long-time consumer advocates, Spychips, is a necessary warning to legislators and regulatory agency officials. It's also a useful guide for consumers who want to learn about the technology and its potential implications for personal privacy and civil liberties. In addition to being highly informative, it's a good read.
Authors Katherine Albrecht and Liz McIntyre paint a future where RFID has never been regulated. The scenarios they portray are meant to be a wake-up call to consumers and policymakers alike.
Current applications include lost pet identification, building access control, and electronic toll collection on highways. Albrecht and McIntyre warn that uses of RFID could take an unwanted and unintended path ñ tracking and monitoring individuals without their knowledge or consent. For example,
RFID tags could be inserted into sneakers for the purpose of tracking the shipment from warehouse to retailer. However, since the tags are so small and their location can be remotely detected, the wearer of the shoe is now at risk of being tracked as well.
RFID chips can potentially be used in a wide-range of ways, from passports and driver's licenses to car tires and prescription medication bottles. The U.S. Food and Drug Administration recently approved the use of implanted RFID chips in patients.
RFID: Applications, Security, and Privacy, edited by Simson Garfinkel and Beth Rosenberg, examines the history of RFID with a look towards policy concerns. It has 32 chapters covering the development of RFID, current uses, regulation in the United States and abroad, and privacy and civil liberties implications. This comprehensive resource offers perspectives from policy experts, privacy advocates, and industry representatives.
PRC director Beth Givens contributed Chapter 29, ìActivists: Communicating with Consumers, Speaking Truth to Policy Makers.î The RFID position statement that she and Katherine Albrecht co-authored in November 2003 is included in the Appendix, titled ìPosition Statement on the Use of RFID on Consumer Products.î
Each year the Privacy Rights Clearinghouse assists thousands of individuals who have complaints or questions about a wide variety of issues. With only 2 full-time and 3 part-time staff ñ and a small budget -- we are not bashful in saying that we accomplish a great deal with our limited resources.
In addition to our one-to-one assistance (we call it our ìDear Abbyî role), our web site is rich with tips and problem-solving advice. It is accessed by at least 1.5 million users a year.
The PRC is a non-profit organization established 13 years ago in 1992. We are based in San Diego, California, and are funded primarily from foundation grants and contributions from individuals.
We invite you to support our ongoing work by making a tax-deductible donation to us this holiday season. You may contribute in one of two ways -- by using our online Donate Now feature (click on the ìDonate Nowî button on our home page, www.privacyrights.org ) or by printing out our donation form and mailing a check, www.privacyrights.org/Donation-Form.PDF .
Be assured that 100% of your donation will support our consumer education and policy work. Also, please know that we do not release the names of individual donors to others.
Thank you! And happy holidays!
To subscribe to our free email newsletter, go to www.privacyrights.org/subscribe.htm