|
Computer Privacy Digest Vol 2 #018
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Thu, 18 Feb 93 Volume 2 : Issue: 018
Today's Topics: Moderator: Dennis G. Rears
Misattribution of article
House Bill filed to limit public access.... (fwd)
Re: Digitizing signatures for credit card purchases
Re: Digitizing signatures for credit card purchases
Re: Digitizing signatures for credit card purchases
Re: Digitizing signatures for credit card purchases
Re: Digitizing signatures for credit card purchases
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 18 Feb 93 17:50:32 EST
From: Computer Privacy List Moderator <[email protected]>
Subject: Misattribution of article
I have discovered a bug in the software that I use to break up a
digest into individual news articles. In the last issue (Vol 2, Issue
017). the bug appeared in the second article. It took the 'From:'
field from the first article and placed it in the second displacing the
real from field. The first article was from '"Glenn S. Tenney"
<[email protected]>' and the second was from 'Brian Pirie
<[email protected]>'. '"Glenn S. Tenney" <[email protected]>'
was noted as the original author when he fact was not.
I apologize for any difficulties that this has caused. I am still
trying to find and fix the bug. I would appreciate submitters checking
the articles out once they appear on their systems.
dennis
------------------------------
From: Dewey Coffman <[email protected]>
Subject: House Bill filed to limit public access.... (fwd)
Date: Wed, 17 Feb 93 13:42:43 CUT
[While this is Texas Political News, I thought it would be good info for
everyone to have. -dewey ]
State Bill filed to limit public access to private numbers, addresses
By David Elliot 2/16/93
Austin American-Statesman Capitol Staff
Elizabeth Trower was befuddled when a city employee called to say a
woman claiming to be her friend had obtained her home address and
unlisted telephone number from Austin's electric utility.
At first, Trower was puzzled and irritated. But two days later,
after hundreds of harassing phone calls began pouring in, the
irritation turned to fear and left Trower with two questions: Who was
the mystery woman? And by what fight did the city-owned electric
company give out Trower's unlisted number?
Under state law, if you apply for a driver's license, a vehicle
title or for service with a publicly owned utility company, your
address and sometimes your phone number are considered public
information. That means it is available to anyone: a journalist, a
company that wants to send you junk mail -- or someone who wants to
harass you.
Monday, state Rep. Sherri Greenberg, D-Austin, filed two bills
to change that:
* One proposal would let applicants for a driver's license or
vehicle title list only an address where, if necessary, they could be
served with legal papers. That way, the address of their residence
would not be public information.
* Under the other bill, public utilities could keep confidential
their customers' home phone numbers and addresses.
At issue are two competing rights: an individual's right to pri-
vacy rs. the public's right to certain information held by public
entities. Greenberg's bills enjoy widespread support from a coalition
of law enforcement officials, advocates for battered women and other
crime victims.
"This legislation will help protect the celebrity stalked by a
crazy fan and the woman who fears for her life because her parents'
murderers are being paroled," Greenberg said.
"It will help Elizabeth Trower, the constituent who came to me with
her story, and for whom the harassment continues today. This
legislation addresses the issue closest to the hearts of women and
men across this state today: public safety."
But the proposals have drawn caution to outright opposition from
media representatives, who note that the information Greenberg wants
to keep secret is available elsewhere -- in real estate records,
voter registration documents and county tax records, for example.
Indeed, massive information about individuals is available
through the state's open records process.
For instance, the Texas Parks and Wildlife Department, the Texas
Department of Transportation and the secretary of state's office
provide addresses of people who buy a hunting or fishing license,
register a car or boat or register to vote.
Such information might be sought by a company trying to sell
goods through direct mail, a motorist trying to track down a hit-
and-run driver or a politician running for office.
Nancy Monson, a spokeswoman for the Freedom of Information
Foandation, said the organization respects the privacy and, above all,
the safety of individuals. But she added, "We really believe it's a bad
precedent to start closing up records."
She compared the issue to the situation in department stores, which
use various electronic devices to catch shoplifters.
"Because there are so many thieves, they are going to penalize me,"
Monson said. "I am not a thief, but 1 still have to deal with this
thing that is all wrapped up in wires, this piece of clothing I can-
not get off the rack.
"We certainly do empathize with the situation with regard to the
safety of individuals. We would prefer, however, not to close up ac-
cess to public information in response to wrongdoing on the part of
some people."
Tom Leatherbury, president of the Freedom of Information Foun-
dation, expressed concern that Greenberg's legislation would "further
erode the Open Records Act."
"We are of course sensitive to Rep. Greenberg's concern about
individual privacy, particularly women's privacy," Leatherbury
said. "But in my view, the thing that should be done is, conduct should
be criminalized. That is, stalking should be a criminal offense. This
cuts too broadly."
However, Greenberg said her bill is narrowly drawn and has earned
the support of Barbara Jordan, who as a state senator in the 1970s
helped write the state's Open Records Act. Also supporting the bill
is Common Cause, which has made open government a priority for two
decades.
Greenberg said her bill "will not stop stalking. It will not
prevent junk mail. But it will guarantee that individuals can close the
most common outlets for unlisted addresses and phone numbers."
###
------------------------------
From: Mike McNally <[email protected]>
Subject: Re: Digitizing signatures for credit card purchases
Organization: University of Michigan EECS Dept., Ann Arbor, MI
Date: Wed, 17 Feb 1993 21:25:10 GMT
"Glenn S. Tenney" <[email protected]> writes:
>My wife just told me that The Gap (a large clothing store chain) store near
>to us has a new computerized system. When making a credit card purchase
>with a Visa card, she had to "sign" on a digitizing tablet. Then, they
>printed out her receipt just like a cash register receipt with our credit
>card number on it, but no signature.
>
>I called BankAmericard who bounced me around and then they bounced me to
>the 1-800-VISA-911 line. I finally called the Visa International main
>office which is nearby and their customer relations person told me: If I
>didn't like that system, it was my choice to not buy from that merchant --
>but the merchant can use any system they want. She said that there was no
>need to give me a receipt with my signature on it, since I could request
>one from my bank.
>
>When I sign for packages, I just print my name. For this, I might do the
>same if push came to shove, but I do *NOT* like the idea of some store
>having my signature actually "on-file" digitally!
Perhaps you should point out (truthfully or otherwise) to Visa
International that you consider the option of conducting a cash
transaction with the merchant a more realistic alternative than
refusing to deal with the merchant at all. Stress the fact that
you use your credit card as a matter of convenience but that you
feel that privacy considerations take precedence in such a case.
Visa International and/or the bank that issued your Visa card
couldn't care less if you take your business to another store but
if they come to believe than many customers are using cash for
purchases instead they'll be a lot more motivated to lean on the
chain for the sort of merchant agreement you prefer.
Anytime you use your Visa they (the bank / Visa) collect a
non-negligible percentage of the transaction amount as well as any
interest that might accumulate from failure to pay off your balance
every month. When you don't use your Visa, they're losing money
and the ability to effect their bottom line is the only influence
you wield over them that they understand..
(I'm a little bit perplexed as to *why* you want another piece
of paper floating around with your Visa information *and* your
signature, but that's another issue. If you want Visa to take you
seriously, you have to make them see that they have something to
lose from the situation..)
-mcnally.
------------------------------
Subject: Re: Digitizing signatures for credit card purchases
Organization: I.E.C.C.
Date: 17 Feb 93 20:44:33 EST (Wed)
From: "John R. Levine" <[email protected].ma.us>
>I do *NOT* like the idea of some store
>having my signature actually "on-file" digitally!
If you think about it for a few minutes, digital signature systems don't
introduce any new problems that we don't already have with paper
signatures. After all, any bad guy with $300 can buy a scanner or fax
machine and digitize any paper signatures he has lying around. As a
relatively innocuous example, I have my computer set up to automatically
take troff input for outgoing correspondence and rasterize it, insert a
bitmap copy of my signature at the appropriate place and fax it off to the
recipient using a fax modem. Recipients are often surprised to hear that
there is no paper original version of the letter they received. I'm too
cheap to buy a scanner, so to get the signature, I signed a piece of blank
paper a few times, faxed it to myself using a friend's fax machine, and
clipped the best looking signature out of the bitmap file.
What would be appropriate is public education to remind people that it is
so easy to doctor computer-stored images that a any digitzed version of an
alleged document should be treated with extreme scepticism if there is the
least question about its authenticity.
Regards,
John Levine, [email protected].ma.us, {spdcc|ima|world}!iecc!johnl
------------------------------
From: John De Armond <jgd@dixie.com>
Subject: Re: Digitizing signatures for credit card purchases
Date: Thu, 18 Feb 93 08:32:50 GMT
Organization: Dixie Communications Public Access. The Mouth of the South.
"Glenn S. Tenney" <[email protected]> writes:
>If you thought that signing for a package onto a notebook computer was bad,
>you ain't seen nothing yet...
>My wife just told me that The Gap (a large clothing store chain) store near
>to us has a new computerized system. When making a credit card purchase
>with a Visa card, she had to "sign" on a digitizing tablet. Then, they
>printed out her receipt just like a cash register receipt with our credit
>card number on it, but no signature.
>When I sign for packages, I just print my name. For this, I might do the
>same if push came to shove, but I do *NOT* like the idea of some store
>having my signature actually "on-file" digitally!
This is a bug in the system. There is a workaround :-) What I do is
two-fold. One, I have a markedly different signature that I use for
non-negotiable things such as shipment receipts as opposed to the one I
use for negotiable instruments. The second tact is to simply mark an
"X" on electronic signature devices.
This isn't as satisfying as organizing a boycott or a protest but it does
work and it let you have one less thing to worry about.
John
--
John De Armond, WD4OQC |Interested in high performance mobility?
Performance Engineering Magazine(TM) | Interested in high tech and computers?
Marietta, Ga | Send ur snail-mail address to
jgd@dixie.com | perform@dixie.com for a free sample mag
Need Usenet public Access in Atlanta? Write Me for info on Dixie.com.
------------------------------
From: "Glenn S. Tenney" <[email protected]>
Subject: Re: Digitizing signatures for credit card purchases
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Date: Thu, 18 Feb 1993 09:38:25 GMT
I got some email from someone basically asking "What's so wrong,
they could digitize your signature from a piece of paper?"
If you use a computerized credit card charge system where the
ONLY receipt with your signature on it is one that THEY print
when a charge is disputed, then you have no possibility of
proving that you didn't make a purchase.
*IF* someone took your carbons or forged your signature, then
the signature would not be yours. You could go through all of
your receipts and see for yourself. The merchant could NOT produce
a forged receipt with un-forged signature.
However, if a merchant (or actually someone working there) wanted
to defraud someone, they could claim you had made purchases when you
had not. When the bank or credit card company asked for a receipt,
they could easily produce one with your signature on it -- just like
the other ten thousand receipts they "keep on-line". Obviously,
you did make the purchase since the signature is yours and is not
forged.
Does that clarify why this is a problem? If not, I can get even more
verbose :-)
--
Glenn Tenney
voice: (415) 574-3420 fax: (415) 574-0546
[email protected] Ham radio: AA6ER
------------------------------
From: Scott Coleman <[email protected]>
Subject: Re: Digitizing signatures for credit card purchases
Date: Thu, 18 Feb 1993 15:11:42 GMT
Organization: University of Illinois at Urbana
Apparently-To: [email protected]
In article <[email protected]> "Glenn S. Tenney" <[email protected]> writes:
>If you thought that signing for a package onto a notebook computer was bad,
>you ain't seen nothing yet...
[...]
>When I sign for packages, I just print my name. For this, I might do the
>same if push came to shove, but I do *NOT* like the idea of some store
>having my signature actually "on-file" digitally!
I, too, was disturbed by the privacy implications of the UPS digital
notepad computers and other similar systems, but after some reflection
I've decided it's really a non-issue. Slick new pen-based systems aside,
ANY store can build up a collection of digitally encoded electronic
versions of your signature. Take an HP scanner and some software, slap
the credit card receipt you just signed onto the glass surface, and
voila! They have a digital image of your signature for their files.
In short, boycotting merchants who use such systems won't prevent the
collection of digitized signatures. If a merchant wants to badly enough,
he can do it already.
------------------------------
End of Computer Privacy Digest V2 #018
******************************
|
|
