|
Computer Privacy Digest Vol 1 #113
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Date: 17 Dec 1992 17:12:12 -0500 (EST)
From: Computer Privacy Digest Moderator <[email protected]>
Subject: Computer Privacy Digest V1#113
To: [email protected]
Errors-to: Comp-privacy Error Handler <[email protected]>
Message-id: <[email protected]>
Content-transfer-encoding: 7BIT
Computer Privacy Digest Thu, 17 Dec 92 Volume 1 : Issue: 113
Today's Topics: Moderator: Dennis G. Rears
Los Angeles Marathon and SSN
Re: Digital Licenses in NY State
Re: Digital Licenses in NY State
re: Digital licenses in NY state
Re: Digital Licenses in NY State
Re: Digital Licenses in NY State
Blockbuster Video
Credit denies millionaire due to credit report
DOJ Authorizes Keystroke Mo (really DOJ asks consent..)
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Wed, 9 Dec 92 14:25:39 EST
Newsgroups: rec.running,comps.society.privacy
From: "Dennis G. Rears " <[email protected]>
Subject: Los Angeles Marathon and SSN
After running my 5th New York City marathon, I decided it was time to
run a different one. I decided on the Los Angeles marathon on March 7th.
I started filling out the application and was shocked to see that they
wanted social security numbers. Furthermore it states that all
information must be provided or the apllication would not be accepted.
Why in the world do they want or need SSN? I can understand birthdate,
occupation, and TAC number but SSN? While they do offer prize money;
there is no way I can qualify as 3:30 marathoner.
BTW, I did call the LA marathon office and the guy who answered the
phone had no idea why they wanted it. He did say they would still
process my application without it.
dennis
------------------------------
Date: Thu, 10 Dec 92 09:05:09 PST
From: Brian Bousman <[email protected].rockwell.com>
Subject: Re: Digital Licenses in NY State
Organization: Rockwell International, Seal Beach, CA
In article <[email protected]>, "Roy M. Silvernail"
<[email protected]> writes:
|>nicmad!madnix!zaphod%[email protected] (Ron Bean) writes:
|>
|>> As long as you're not trying to defraud anyone, it's still a
|>> valid signature. Since other organizations (such as UPS) are
|>> digitising signatures, a better strategy might be to get in the
|>> habit of *dating* everything you sign (although the date could
|>> still be cut off or altered).
|>
|>When UPS started that, everybody in my office refused to sign it except
|>the boss. He didn't really understand our reservations, but was
|>temporarily willing to sign all packages in. Eventually, practicality
|>and business sense won out over principle, and we all do something to
|>the pad. I elected to print my name.
|>
It seems to me that if you are worried about your signature being
digitized and used for other purposes then you cannot sign *anything*
because all it takes is a scanner to get it from a paper version of
your signature.
-------------
Brian Bousman | Rockwell International
[email protected].rockwell.com | Space Systems Division
(310) 797-4745 | Seal Beach, CA
---------------------------------------------------------
Of course I don't speak for my company. If I did that
they'd have to pay me a lot more money.
------------------------------
From: Mike Brokowski <[email protected]>
Subject: Re: Digital Licenses in NY State
Organization: Northwestern University, Evanston Illinois.
Date: Thu, 10 Dec 1992 18:00:14 GMT
In article <[email protected]> Mike McNally <[email protected]> writes:
>In article <[email protected]> Mike Johnston <[email protected]:
>>
>>Today's (12/3/92) New York Times carried a small article in the Metro
>>section describing NY's new licenses. In a nutshell, drivers will
>>have *both* their pictures and signatures digitally stored on the
>>state's computers. This makes me nervous.
>
>[...]
>
>>My biggest problem is this: I don't want my picture and signature
>>digitally stored on NY's computers, where it can easily be transmitted
>>to anyone the state deem's fit to receive it. This could include
>>the Federal Government, other State's and various agencies within
>>our own state. I won't even get into the ramifications of having
>>my SIGNATURE stored where someone can replicate it, perfectly, every
>>time they need to.
>>
>>It seems the privacy issues here have either been ignored or swept
>>under the carpet.
>
>It seems to me that elementary logic has either been ignored or swept
>under the carpet.. The very interesting thing about this post is that
>while I'm sure the author earnestly believes this is a privacy issue,
>his privacy is not in any significantly greater jeopardy because the
>stroage media employed by the NY state DMV has changed. The real issue
>is paranoia towards digital technology and its applications. Unless
>the author earnestly believes that photocopies and fascimiles of his
>motor vehicle permit cannot now be easily transmitted to "the Federal
>Government, other State's and various agencies within [his] own state," I
>I fail to see how digital storage of information that is already kept
>throws his personal privacy into serious danger.
Perhaps a re-read of MJ's post is in order then. Nobody argues that
without digitized signatures fraud would be impossible. The major,
IMO, distinction due to the "storage media" is that the fraud has
been transformed from a somewhat difficult to automate, effortsome
process to an easily automated one.
There will always be some way to get a clerk at the DMV to release
information which ought likely not be released, but now it can be
done precisely and potentially with even more anonymity than before.
On top of this lies the beaurocratic tendency to send as much
information as conveiniently possible whenever any information is
requested. One's signature could be transferred along with some
driving record information to anyone who cares to call himself an
insurance company. Even if the request is legitimate, people tend
to store all of the information sent to them, so the signature will
be sitting in the same file as everything else even if it was never
wanted.
Frankly, since the digitized version would be both easier to get
and more accurate (no losses from multiple photocopying) than both
photocopies or facsimiles, I cannot see how anyone could doubt that
such a move poses a threat to privacy.
------------------------------
Date: Thu, 10 Dec 92 15:17:23 PST
From: Phydeaux <[email protected]>
Subject: re: Digital licenses in NY state
> A colleague of mine recently went home to find the county sheriff waiting
>to talk to him about some recent burglaries. Seems they had a tire iron
>with his fingerprints all over it at the scene of one of the crimes. Lucky
>for him he had a nice airtight alibi. This is a guy whose only crime to
>date has been an occasional speeding ticket. Oh yes, how did they know they
>were his prints? He's got one of those nice jobs in the defence industry
>where they interview everyone you've ever known, done credit and police
>checks on you from everywhere imaginable, strap you to a polygraph (i.e.,
>a "lie detector" for the uninitiated), and fingerprint you. And imagine
>how nice it will be when the FBI has all those fingerprint cards digitized
>and accessible to even the most remote law enforcement agency (right from
>the squad car with live scanning technology) in seconds. Sound far fetched?
>Naw, it's from the specifications from the National Crime Information Center
Yea ... back when I was about 7 I remember as a class trip we visited
the local police station ... I don't remember why, but I seem to
recall that they fingerprinted us. This was long before the days when
they fingerprinted kids regularly as a "security" measure... I wonder
where the fingerprints ended up...
reb
-- *-=#= Phydeaux =#=-* [email protected] or reb%[email protected]
ICBM: 41.55N 87.40W h:828 South May Street Chicago, IL 60607 312-733-3090
w:reb Ingres 10255 West Higgins Road Suite 500 Rosemont, IL 60018 708-803-9500
==============================================================================
"You've got to know when to code 'em, know when to load 'em, know when to
emulate, know when to run. You never count your money, when your sittin' at
the keyboard: there'll be time enough for countin', when the software's done."
------------------------------
From: Christopher R Volpe <[email protected]>
Subject: Re: Digital Licenses in NY State
Date: 11 Dec 92 01:41:18 GMT
Reply-To: volpe@ausable.crd.ge.com
Organization: GE Corporate Research & Development
In article <[email protected]>, "Roy M. Silvernail" <[email protected]> writes:
|>
|> When UPS started that, everybody in my office refused to sign it except
|> the boss. He didn't really understand our reservations, but was
|> temporarily willing to sign all packages in. Eventually, practicality
|> and business sense won out over principle, and we all do something to
|> the pad. I elected to print my name.
|>
|> What really bothered me was UPS's attitude when they first introduced
|> this marvelous new gadget. They couldn't believe anyone had _any_
|> reason to be concerned. None of the PR droids I spoke with had the
|> first idea about technological privacy risks, and one chose to interpret
|> my concern as an accusation. Unfortunately, the only way to make some
|> people understand a risk is to present an exagerated example... it
|> really upset this guy.
Why is this new gadget any more dangerous than the status quo? Anyone
can digitize a signature from paper using your average image scanner.
-Chris
--
==================
Chris Volpe
G.E. Corporate R&D
[email protected].com
------------------------------
From: James Hess <[email protected]>
Subject: Re: Digital Licenses in NY State
Organization: University of California, Irvine
Date: 16 Dec 92 17:17:26 GMT
In article <[email protected]> Mitch Collinsworth <[email protected]> writes:t then a few days later I walked into the polling place for the
>primary election and was presented with a new form of sign-in book in
>which I was instructed to sign below my name. The book was clearly the
>output of a laser printer. My name appeared twice, once in type and
>once in a pixel reproduction of my signature. I decided it was already
>too late...
>
>
>Needless to say, I voted for the candidate who said we need to reduce
>government rather than the one who wanted to expand it.
>
Not to question your politics, but remember that Bush was director of the CIA,
which is not noted for its concerns for privacy or legality. Ask yourself,
which parts of government did he propose to reduce or expand? Of course,
if you run the country off the books, through Ollie North, you can reduce
the visible government... ;-)
-Jim-
------------------------------
Date: Friday, 11 Dec 1992 10:51:34 EST
From: Jerry Bryan <[email protected]>
Subject: Blockbuster Video
I think this has been discussed before, but I have only been on the
list a short time. So....
I just had my first encounter with Blockbuster Video. They wanted
my driver's license number, my SSN, a credit card number, where
I worked, and my boss's name. I balked on the SSN, they would not
give in, and I walked out.
What has been the previous discussion about Blockbuster? Would they
call my boss and tell on me if I was late with a tape?
------------------------------
From: James Davies <[email protected]>
Subject: Credit denies millionaire due to credit report
Organization: Cray Computer Corporation
Date: Fri, 11 Dec 92 22:04:49 GMT
(from an AP wire service story, seen in the Rocky Mountain News 12/11/92)
Jim Clayton, a "mobile home magnate" from Tennessee with a reported net worth
of $265 million, was recently rejected for a VISA card by the American
Association of Retired Persons. The reason for the rejection was that
there had been frequent requests for his credit report. Firms that do
business with his company often get credit reports on top officers.
(Business is apparently quite good. :-). After being informed of this, AARP
manually intervened to issue him a card.
AARP spokesman Ted Bobrow said "One of the important things this points out
is that any consumer who is turned down for credit needs to find out why.
It could very well be a mistake."
Apparently AARP didn't learn anything from this.
Jim Davies
[email protected]
------------------------------
Date: Sat, 12 Dec 1992 02:54:21 +0200
From: Jyrki Kuoppala <[email protected]>
Subject: DOJ Authorizes Keystroke Mo (really DOJ asks consent..)
Organization: Helsinki University of Technology, Finland.
In article <[email protected]>, Dave Banisar <banisar@washofc writes:
> DOJ Authorizes Keystroke Monitoring
>Subject: DOJ Authorizes Keystroke Monitoring
This headline seems somewhat misleading (except if DOJ has previously
recommended against monitoring). Actually U.S. Dept of justi(n)c(as)e
and CERT are recommending system administrators to post login banners
to get consent for monitoring from users.
I don't think the biggest problem here is keystroke monitoring per se,
and I can think of situations where monitoring would be appropriate
and an OK thing to do. For example, I think monitoring an intruder
using an account is OK with permission from the person who is the real
account holder. Perhaps also in some very safety-critical,
security-critical or privacy-critical environments.
But what I very seriously dislike and think is Orwellian is this as
part of the recommended login banner:
" Anyone using this system expressly consents to such monitoring
and is advised that if such monitoring reveals possible
evidence of criminal activity, system personnel may provide the
evidence of such monitoring to law enforcement officials."
Basically, the message is announcing "we have the power to watch
everything you do and we will use that power whenever we like and will
report any wrongdoings to the Big Brother", and DOJ and CERT are
suggesting that everyone put that message as their login banner.
If I got this right, this means that the login banner causes
acceptance of monitoring keystrokes (and possibly other monitoring) no
matter whether the use is authorized or not. I think this is an
unacceptable loss of privacy for all the users - it seems the users
lose all claims for privacy by using the system. This opens the
system for routine surveillance of every action by every user. If the
system admin feels like scanning the mail of every user, the user has
no recourse, no way to stop it.
CERT says that it is a simple matter of pointing out a problem with
the U.S. law. The law recognizes a fundamental right, the right to
privacy. This is not a bug of the law, it's a feature. I agree that
it is a reasonable goal and a good tool to be able to legally monitor
intruders, but the "bug fix" CERT and the U.S. justice department are
proposing is much worse than the problem itself.
Also, I agree it is a good idea to publish a policy of how far privacy
extends and how and when it may be violated - but this is not a
message publishing a policy, this is a message to get "consent" for
any kind of monitoring from every user of the system.
The paranoid minds might say the announcement is clearly aimed
expressly for the purpose of making routine surveillance legal and all
the talk about intruders is just smoke and mirrors. I will refrain
from claiming that. But it doesn't really matter - the end result is
the same in any case.
//Jyrki
------------------------------
End of Computer Privacy Digest V1 #113
******************************
|
|
