2 September 2002

From: "Dorsey Morrow, CISSP" <dmorrow@isc2.org>
To: <jya@pipeline.com>
Subject: RE: Warning on Legal Notice
Date: Mon, 2 Sep 2002 21:07:50 -0500

John,

The e-mail you received is nothing more than a hoax.  While the "FROM:" box shows it comes from our organization, if you look at the IP header information, you will see that it does not come from our organization. None of the e-mail is true.  We do not have any personal information on anyone except those who are members of our organization, and we certainly do not keep any form of financial information.  In fact, unless you are a member of our organization, we do not even have your contact information.  We have determined that the e-mails used to further this hoax were gathered from various websites and spam lists.

Regrettably, it is easy to "spoof" someone on the Internet.  It is very easy for an e-mail message to appear to come from President Bush or Bill Gates, when indeed they did not.  That is the case here.  We are in the process of implementing digital signatures for all official e-mails to assist in verifying what is legitimate e-mail and what is not.  We believe the e-mail to be the work of a mentally-deranged individual acting without benefit of any ethics or scruples.

We apologize for any confusion or inconvenience this might have caused you. 

Best regards,

Dorsey Morrow, CISSP
(ISC)² General Counsel

2 September 2002

From: "Anthony Baratta, CISSP" <info@isc2.org>
To: jya@pipeline.com
Subject: Legal Notification
Date: Sun, 1 Sep 2002 13:23:23 -1000

Legal Notification

You are herby informed that (under the privacy act), the International Information System Security Certification Consortium (ISC)2  has sold your information including,  

Name ,
E-Mail address,  
Residential address,  
Credit and savings information,
Social Security information,    
and Occupation details.  

This information has been sold to a third Party \ Parties and this E-mail serves as notification for such action.

This information was sold under the premise for marketing and research.

Under the privacy act you may request to see in writing any information that we have about you. Please write to the following address with a self addressed envelope.

(ISC)2
860 Worcester Rd.,Ste 101
Framingham, Ma 01702
U.S.A

If you have any questions about the third Party \ Parties please inquire with them. The International Information System Security Certification Consortium (ISC)2 is no longer  responsible for the information sold. (ISC)2 Will hold no responsibility for damages and loss suffered by the reader of this E-mail. (ISC)2 is not responsible for the actions of third party companies.

Upon written request we will consider deleting records that we currently hold about you. A processing fee of $ 10.00 will apply.

Please make out this check to (ISC)2 and an application form will be mailed to you in order to complete this request.

Please visit our web site for more information about our organization  

http://www.isc2.org

If you decline this offer by the 31 Sep 2002 a charge of $50 will be deducted from your account. This charge will cover services that our organization provides to secure the internet.

Thank you  

Manager of Professional Programs

Anthony Baratta, CISSP

abaratta@isc2.org

Contact E-Mail  info@isc2.org

[See ISC2 privacy policy below.]

The message above may have been forwarded by a disgruntled member of ISC2; Cryptome is not a member of either CISSP or ISC2.

This confirms that ISC2 and CISSP, like AID-NIA and the TLAs, are sleazy organizations violating customer trust while operating under guise of security firms, an all too common deception of anybody selling "security" and "intelligence" to gullible and fearful customers -- national, personal, faith-based.

More vile behavior of CISSP from an insider:

http://cryptome.sabotage.org/cissp-who.htm

And ISC2's response:

http://cryptome.sabotage.org/cissp-who2.htm

See also recent US government intiative to combine all its databases in the name of homeland security but more likely to be used for profitmaking by the privatizing beneficiaries who operate the government's information systems:

http://cryptome.sabotage.org/gao-02-1048r.htm

Don't believe privacy policy statements; none are trustworthy, for they are deceptive cloaks of insecure systems. The stronger the privacy statement the weaker the security of the information. The greater the claims of national security the weaker the nation's protection. When national security providers promise, "we welcome an investigation, which will show no failure," they mean "we have you in our databases, fear's our product, pay and pray we won't betray."

To: abaratta@isc2.org
From: jya@pipeline.com
Subject: Warning on Fraudulent Notice
Date: 2 September 2002

Anthony Baratta, CISSP
Manager of Professional Programs
ISC2.org

Dear Mr. Baratta,

A so-called "legal notice" has been sent to me with your return address on it. This notice appears to be a fraud for I have had nothing to do with your organization and have not given permission for your organization to gather or sell my personal information.

The same notice has been sent to numerous persons over the pass several months and none of the persons know what to make of its claims and inaccuracies.

The message may be a forgery and if so you should be aware that the notice is damaging the reputation of ISC2 and you by its fraudulent intentions.

We have published the notice, other comments on it and this message at:

http://cryptome.sabotage.org/sec-con.htm

Regards,

John Young
Cryptome.org

Date: Mon, 02 Sep 2002 19:17:16 +0100
From: J
To: jya@pipeline.com
Subject: listowners-L: [LO] Be Aware -- Legal Notice

See also

http://archiver.rootsweb.com/th/read/listowners/2002-07/1025885278

I also received this email twice. Let me remark the September 31!

Let me also remark the following link on

https://www.isc2.org/cgi-bin/content.cgi?page=173

Regards, J

____________

listowners-L Archives

From: "Gordon A. Watts" <gordon_watts@telus.net>
Subject: [LO] Be Aware -- Legal Notice
Date: Fri, 5 Jul 2002 09:07:58 -0700

Greetings All.

I forward the message below as a warning to all. It has nothing to do with Rootsweb but in my opinion is another scam that unfortunately many unsuspecting recipients may succumb to. Despite the subject line I do not see this message as being a valid legal notice.

While they state they have sold my information I have given them no permission to either collect information to me, nor to sell that information to any third parties.

There is an impressive website at the address given but I still believe this to be a scam and would warn everyone not to send these jerks one penny.

Although the message gives a US mailing address I have no idea of what legal body a complaint regarding this might be sent to. If anyone else does feel free to forward this message to them.

Happy Hunting.

Gordon A. Watts gordon_watts@telus.net
Co-Chair, Canada Census Committee
Port Coquitlam, BC

http://globalgenealogy.com/Census

en français http://globalgenealogy.com/Census/Index_f.htm

----- Original Message -----

From: Anthony Baratta, CISSP
To: gordon_watts@telus.net
Sent: Wednesday, July 03, 2002 3:51 PM
Subject: Legal Notice

Legal Notification

You are herby informed that (under the Privacy Act), the International Information System Security Certification Consortium (ISC)2 has sold your information including,

Name ,
E-Mail address,
Residential address,
Credit and savings information,
Social Security information,
and Occupation details.

This information has been sold to a third Party \ Parties and this E-mail serves as notification for such action. This information was sold under the premise for marketing and research.

Under the Privacy act you may request to see in writing any information that we have about you. Please write to the following address with a self addressed envelope.

(ISC)2
860 Worcester Rd.,Ste 101
Framingham, Ma 01702
U.S.A

If you have any questions about the third Party \ Parties please inquire with them. The International Information System Security Certification Consortium (ISC)2 is no longer responsible for the information sold. (ISC)2 Will hold no responsibility for damages and loss suffered by the reader of this E-mail. (ISC)2 is not responsible for the actions of third party companies.

Upon written request we will consider deleting records that we currently hold about you. A processing fee of $ 10.00 will apply.

Please make out this check to (ISC)2 and an application form will be mailed to you in order to complete this request.

Please visit our web site for more information about our organization

http://www.isc2.org

If you decline this offer by the 31 Aug 2002 a charge of $50 will be deducted from your account. This charge will cover services that our organization provides to secure the internet.

Thank you

Manager of Professional Programs
Anthony Baratta, CISSP
abaratta@isc2.org

Contact E-Mail info@isc2.org

Source: http://www.isc2.org/cgi-bin/content.cgi?page=22

(ISC)2 Privacy Policy

The International Information Systems Security Certifications Consortium, Inc. [(ISC)2] has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this website: www.isc2.org.

(ISC)2 uses your IP address to help diagnose problems with our server and to administer our website.

This site contains links to other sites; www.isc2.org is not responsible for the privacy practices or the content of such websites.

(ISC)2 does not collect personally identifiable information about individuals except when such individuals specifically provide such information on a voluntary basis. For example, such personally identifiable information may be gathered from services and in connection with CISSP or SSCP Directory submissions, CISSP or SSCP Forum submissions, CPE submissions, Item Writing requests and other requests for information.

As (ISC)2 is an organization based in the United States your personal data will be transferred to and processed in the United States by (ISC)2 and third parties acting on its behalf in accordance with and for the purposes set out in this Privacy Policy. If you do not wish your personal data to be transferred in this way, please inform us using the contact details below. Personally identifiable information on individual users will not be sold or otherwise transferred to unaffiliated third parties without the approval of the user. Regardless of any opt-out by the user, (ISC)2 reserves the right to contact such user regarding changes to matters relevant to the underlying service and or/the information collected.

In some cases, such as the request to download online Study Guides, (ISC)2 does require the collection of home address and telephone numbers. It has been our experience that residential contact information is more constant than business contact information because of the mobility of professionals through their careers. This information is used to contact individuals about upcoming examinations and training seminars.

(ISC)2 reserves the right to perform statistical analyses of user behavior and characteristics in order to measure interest in and use of the various areas of the site. (ISC)2 will provide only aggregated data from analyses to affiliated third parties. (ISC)2 is not responsible for any actions or policies of such third parties. Users should check the applicable privacy policy of such a party when providing personally identifiable information.

Additionally, users should be aware that when they voluntarily disclose personally identifiable information (e.g. user name, email address) on the CISSP or SSCP Directory for the (ISC)2 sites, that such information, along with any substantive information disclosed in the directory, can be collected and correlated and used by third parties and may result in unsolicited messages from other posters or third parties. Such activities are beyond the control of (ISC)2.

Affiliated Third Parties
Occasionally, (ISC)2 contracts and collaborates with third parties in order to provide services to CISSPs, SSCPs, and candidates. From time to time, (ISC)2 collaborates with other security organizations and associations to promote its programs as well as the programs of other organizations and associations. In such cases, (ISC)2 may provide these organizations and associations with mailing information. Affiliated third parties include those who have a contractual relationship with (ISC)2 and are engaged in the training and education of Information Security (i.e. MISTI, CSI, (ISC)2 Institute), sale of Information Security educational literature (Auerbach press), the general promotion of Information Security (Information Systems Security Association), or who provide direct support services to (ISC)2 (Schroeder Measurement Technologies, Inc.)

Other Data Collection
Users should also be aware that non-personal information and data may be automatically collected through the standard operation of (ISC)2's Internet servers or through the use of 'cookies.' Please click here for more information on (ISC)2's Use of 'Cookies'.

Opt Out
Upon request, (ISC)2 will allow any user to "opt out" of further promotional contacts at any time. Additionally, upon request, (ISC)2 will use reasonable efforts to allow users to update/correct personal information previously submitted which the user states is erroneous to the extent such activities will not compromise privacy or security interests. Also, upon a user's request, (ISC)2 will use commercially reasonable efforts to functionally delete the user and his or her personal information from its database. However, it may be impossible to delete a user's entry without some residual information because of backups and records of deletions.

This site also provides users with the opportunity to opt out of receiving communications from our (ISC)2 partners at the point where we request information about the visitor. The following are options for removing user information from our database, to request not to receive future communications or to no longer receive our service.
1. You can send an email to webmaster@isc2.org
2. You can send mail using return receipt to the following postal address:
860 Worcester Road, Suite 101, Framingham, MA 01701 USA

CISSP and SSCP Forums
This site makes a forum available to CISSPs and SSCPs. Please remember that any information that is posted on the CISSP or SSCP Forum is automatically distributed to other subscribers of the Forum and you should exercise caution when deciding to disclose any personal information.

Correct/Update Information
If you would like to see the information (ISC)2 retains about you or would like to be removed from the (ISC)2 database, please write to the mailing address below. In those cases when you want (ISC)2 to provide a copy of the information held on you, (ISC)2 may require the payment of an administrative fee of $15USD. Additionally, and upon your written request, (ISC)2 will update/correct personal information previously submitted which you believe to be inaccurate.

You can send mail to the following postal address:
860 Worcester Road, Suite 101, Framingham, MA 01701 USA

Links to Third-Party Websites
This site contains links to other sites. (ISC)2 is not responsible for any actions or policies of such third-parties. Users should check the applicable privacy policy of such websites when providing personally identifiable information.

For Questions or to Contact the Webmaster
If you have any comments on this Privacy Statement, the practices of this site or your dealings with this website, or if you wish clarification, please contact:

Wilfred L. Camilleri, CISSP
International Information Systems Security Certifications Consortium, Inc.
860 Worcester Road, Suite 101
Framingham, MA 01701 USA
Or email: webmaster@isc2.org

The foregoing policies are effective as of May 13, 1999. (ISC)2 reserves the right to change this policy at any time by notifying users of the existence of a new privacy statement. This statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any party.