|
Computer Privacy Digest Vol 2 #017
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Wed, 17 Feb 93 Volume 2 : Issue: 017
Today's Topics: Moderator: Dennis G. Rears
Digitizing signatures for credit card purchases
Re: SSN as a red herring
Username, real names, and privacy
privacy in communication technologies
privacy
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 11 Feb 93 16:33:24 -0800
From: "Glenn S. Tenney" <[email protected]>
Subject: Digitizing signatures for credit card purchases
If you thought that signing for a package onto a notebook computer was bad,
you ain't seen nothing yet...
My wife just told me that The Gap (a large clothing store chain) store near
to us has a new computerized system. When making a credit card purchase
with a Visa card, she had to "sign" on a digitizing tablet. Then, they
printed out her receipt just like a cash register receipt with our credit
card number on it, but no signature.
I called BankAmericard who bounced me around and then they bounced me to
the 1-800-VISA-911 line. I finally called the Visa International main
office which is nearby and their customer relations person told me: If I
didn't like that system, it was my choice to not buy from that merchant --
but the merchant can use any system they want. She said that there was no
need to give me a receipt with my signature on it, since I could request
one from my bank.
When I sign for packages, I just print my name. For this, I might do the
same if push came to shove, but I do *NOT* like the idea of some store
having my signature actually "on-file" digitally!
---
Glenn Tenney
[email protected] Amateur radio: AA6ER
Voice: (415) 574-3420 Fax: (415) 574-0546
------------------------------
Subject: Re: SSN as a red herring
From: Brian Pirie <[email protected]>
Date: Sun, 14 Feb 1993 07:38:41 -0500
Organization: BP ECOMM Systems, Ottawa, Ontario, Canada
[email protected] (Philip Hurley) writes:
> I have considered the ramifications of writing a virus program (I don't know
> how and never have) that will delete any reference it finds with my name in
> it.
>
> I figure, the worst that can happen is that my bank "forgets" who I am. I
> might be willing to deal with the hassle of correcting such an error face-to-
> face with my bank in exchange for knowing that other data bases will also "
> forget" who I am.
This would not work, and it would lead the authorities right to your
doorstep. First of all, the chances of such a virus infiltrating a
system such as your bank's computer is next to nil. Their security will
be good enough that they simply wouldn't allow a virus to get into the
system. Secondly, such a virus that operated on one hardware/software
platform would most likely not function on others. You would have to
write a different virus for every hardware/software platform that might
be used for maintaining some database that includes your name.
Also, even if it were possible to write such a virus, you would have the
FBI or CIA (or whatever is the relavent authority in your country)
knocking on your door, probably before your virus has had a chance to do
any damage. Regardless of how sophisticated an encryption scheme is
used by the virus program, if it is written specifically delete every
occurance of your name, it wouldn't take them long to find the Philip
Hurley who wrote the virus.
--
Brian Pirie, [email protected] (Ottawa, Ontario, Canada)
PGP 2 key available upon request
------------------------------
From: [email protected]
Subject: Username, real names, and privacy
Date: 16 Feb 93 19:09:03 -0400
Organization: Dalhousie University, Halifax, Nova Scotia, Canada
I'd like to get some comments on the following issue. We have a facility,
called "FIND", on our main academic computer system where users can
voluntarily put information about themselves, including their name. They are
informed about the existence and purpose of FIND (primarily promoting good
communication among users) the first time they login. No one is required to
have a FIND listing but most people do.
It has been the practice that if someone enquires about the name of the
owner of a username, and that username is not listed in FIND, we will not give
out the person's name in order to protect their privacy. After an incident
where we would not release the owner's name to a user who complained about an
e-mail message from a username not listed in FIND, it has been suggested that
we change our policy and provide a public username to real name correspondence
for all usernames.
In this case we were protecting the privacy of a person who had obviously
violated the university's "Responsible Computing" policy. If the complainer
had wanted (or rather, not asked that we refrain from doing so) we would have
got in touch with the offender and asked for a change in behaviour, but we
would not reveal the identity of that person.
The policy change is directed against people who abuse the anonymity we make
possible (users may have any username of two to eight letters and digits
within reasonable limits). Should it be a condition of getting a computer
username that the owner's real name be public? Of course it is well known
that e-mail can be forged so that the identity of the sender is not, at the
very least, immediately apparent. I'd be interested to know what formal
policies other universities have in this area (I hope for some Canadian
responses).
Aidan Evans ([email protected]), Computer Facilities & Operations,
University Computing & Information Services, Dalhousie University,
Halifax, N.S., Canada, B3H 4H8
------------------------------
From: Deborah Parker <[email protected]>
Subject: privacy in communication technologies
Date: Wed, 17 Feb 1993 04:04:20 GMT
Organization: University of Illinois
I am looking for information concerning privacy/security in communication
technologies, especially concerning caller identification, electronic
mail, and cellular communication. I am also interested in the regulation
of communication technologies under the Federal Communication Commission.
I am working on a project at the University of Illinois-Urbana/Champaign
and would appreciate any information available. Thanks! Deb Parker
------------------------------
From: Thomas Chen <[email protected]>
Subject: privacy
Organization: Hughes Network Systems Inc.
Date: Tue, 16 Feb 1993 20:23:17 GMT
well, with the advancement of technology in moderm society,
privacy is something we will have to give up eventually.
when we move to a society where there is no more money but
just a card, everything we do, everything we spend are logged
somewhere. but what is the big deal??? as of now, if you
have a mobile phone, the cellular company knows where you
are (within a cell), when you shop in department stores with
your credit cards, they compile your shopping habit profile,
when you subscribe a magazine, you are automatically
categorized into a group. what we are doing is exchange part
of our personal information for a lot of other people's information.
Tom
As the people here grow colder
I turn to my computer
and spend my evenings with it
like a friend
I was loading a new program
I had ordered from a magazine
"Are you lonely, are you lost?
This voice console is a must"
I press EXECUTE
Well, I've never felt such pleasure
Nothing else seemed to matter
I neglected my bodily needs
I did not eat, I did not sleep
The intensity increasing
'Til my family found me and intervened
But I was lonely, I was lost
Without my little black box
I pick up the phone and go EXECUTE
--- Kate Bush, "Deeper Understanding"
------------------------------
End of Computer Privacy Digest V2 #017
******************************
|
|
