|
Computer Privacy Digest Vol 2 #024
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Thu, 11 Mar 93 Volume 2 : Issue: 024
Today's Topics: Moderator: Dennis G. Rears
Re: Dorothy Denning's article in Comm. of ACM
re: Credit Card Validation
Re: NEW EDITION OF THE PRIVACY GUIDE?
Social Security Numbers as ID
Re: Dorothy Denning's article in Comm. of ACM
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Carl Ellison <[email protected]>
Subject: Re: Dorothy Denning's article in Comm. of ACM
Date: 9 Mar 1993 21:08:44 GMT
Organization: Stratus Computer, Software Engineering
In article <thomas.731450452@ponder> [email protected] (Tom Thomas) writes:
>I am not at all persuaded by Dorothy Denning's defense [...] Beyond this,
>Dr. Denning rationalizes the regulation of cryptography, [...]
>
>Once again, we are being asked to sacrifice a substantial and fundamental
>freedom for the sake of negligible safety and security. [...]
>
>Am curious about others' reactions to 'To Tap Or Not To Tap' in the March
>1993 'Communications of the ACM'.
I agree. I'm going to prepare a rebuttal article/letter to send to CACM
(and probably post here as well), but first I have to carefully read all
articles. It's hard. My blood pressure keeps going up and I have to set
it down.
Among other things, the gov't side focuses on only 1 of 8 scenarios:
variable values Denning's focus
good guy: (govt, private) govt (eg., FBI saint)
bad guy: (govt, private) private (eg., drug dealer)
encrypter: (good guy, bad guy) bad guy
If that's the only scenario you look at or give reasonable weight to, it's
very hard to justify private crypto. So -- we need to prohibit such a
focus from being established.
Meanwhile, I'm not at all sure that the gov't should have a right to
wiretap in the first place. Is the gov't allowed to bug a confessional in
a Roman Catholic church? Can it bug an interview room used by a lawyer for
an imprisoned client? A telephone gives, by its very nature, a suggestion
of privacy: (you have to hold your mouth close to it and hold it close to
your ear -- something you would do in person only if you were whispering a
secret.) That means that the telephone is seducing you into revealing
secrets you would not normally reveal in public -- just as you might in a
confessional or in a private room with your lawyer. [Before you protest
that I'm jumping to conclusions, I have *many* examples of my own
conversations with girlfriends over a telephone which I would never have
spoken through a PA system. I often intentionally lowered my voice and
brought my mouth closer to the mouthpiece, in fact, to keep my roommate
from hearing what I was saying....and I know how easy it is to wiretap, but
even I got seduced into treating a telephone as a private channel. It was
in asking myself why I behaved this way that I realized the psychological
relationship of telephone handset usage to whispering.]
- Carl
--
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison [email protected]
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
------------------------------
From: "Michael T. Palmer" <[email protected]>
Subject: re: Credit Card Validation
Date: 9 Mar 1993 21:23:20 GMT
Organization: NASA Langley Research Center, Hampton, VA
In article <[email protected]> Brinton Cooper <[email protected]> writes:
>Now, Citibank is asking (US Government employee) users of it's Diner's
>club cards to supply them with validation info. When activating a new
>(e.g., personal) account, changing address, or otherwise enquiring about
>one's file, the caller may be asked to supply such information in order
>to assure the credit company of the caller's legitimate identity.
>Information requested is:
>
> Name
> Acccount #
> Address
> Date of Birth
> Social Security Number (you were surprised, maybe?)
> Mother's Maiden Name (My hospital asks for this one, too.)
> Business and home phones
> Other Diner's accounts to which this info applies.
[etc]
>On the one hand, this has the potential to expose what little privacy we
>have left. On the other hand, one can argue that it protects us
>from malicious persons. I don't yet know whether I shall comply.
I don't know if I will, either. I'll have to think about this.
Although... I could make up some outrageous "Mother's Maiden Name"
like Spinkelschwartzenheimer. That's serve the validation purpose
(as long as I can *remember* it), but doesn't give out any info on
my personal life.
(Oooh! Dang! Now I can't use that one because I already posted it!)
>[Moderator's Note: I don't use the Diner Card Club. It's one less card
>I have to carry around. On the other hand I have passworded all my
>accounts (credit card, utilities, insurance, etc) that can be accessed
>by phone. I started this after my phone and electric service was cut off
>by someone claiming to be me. The "Mother's maiden name" is no security.
> ._dennis ]
While passwording your credit cards is a good idea, some of us MUST MUST
MUST use that damn Diner's Club card. When I go on Gov't travel, I
*must* charge hotels, rental cars, and registration fees to that card
if I want reimbursement without an act of Congress. Management has
made this CRYSTAL clear to us.
Michael T. Palmer | "A man is crazy who writes a secret in any
[email protected] | other way than one which will conceal it
RIPEM key on server | from the vulgar." - Roger Bacon
------------------------------
From: [email protected].edu (Eiji Hirai)
Subject: Re: NEW EDITION OF THE PRIVACY GUIDE?
Organization: Computing Center, Swarthmore College, Swarthmore, PA, USA
Date: Tue, 9 Mar 1993 21:41:13 GMT
Mark McFadden <[email protected]> writes:
:No edition since 1980!?! Does anyone know if another is planned?
The new edition came out in 1990.
AUTHOR Hendricks, Evan.
TITLE Your right to privacy : a basic guide to legal rights in an
information society / Evan Hendricks, Trudy Hayden, Jack D.
Novick.
EDITION 2nd ed., completely rev. and up-to-date.
PUBLISHER Carbondale : Southern Illinois University Press, c1990.
DESCRIPT xxii, 184 p. ; 18 cm.
SUBJECT Privacy, Right of --United States.
SERIES An American Civil Liberties Union handbook.
NOTE Rev. ed. of: Your rights to privacy / Trudy Hayden. c1980.
Includes bibliographical references.
ISBN 0809316323.
ALT. ENTRY Hayden, Trudy.
Novik, Jack.
------------------------------
From: Matthew B Cravit <[email protected]>
Subject: Social Security Numbers as ID
Date: Tue, 9 Mar 93 16:52:25 EST
I was discussing a recent bunch of bicycle and computer thefts here at Michigan
State University with one of the campus police officers, and in the course of
our discussion, I asked what he suggested one do by way of identifying
property. I asked if it was advisable to put a SSN on the bottom of my computer
by way of identification, as the police in Toronto (Canada) where I used to
live suggested using your SIN (Canadian equivalent to an SSN) for
identification of property. He said that quite apart from the fact that this
is not a good idea from a privacy standpoint (I already knew that), putting a
SSN on articles for identification was quite useless because he said that the
Social Security Administration will NOT release the name belonging to a
particular SSN to any local or state law enforcement agency FOR ANY REASON
UNDER ANY CIRCUMSTANCES. Is this assertion of his correct?
[Moderator's Note: This is true. The few law enforcement agencies I
have dealt with have always recommended to use you driver license number.
Of course this was before states starting using a SSN as a driver license
number. ._dennis ]
/Matthew Cravit, Undergraduate Communications/Computer Science Student
Michigan State University, East Lansing, Michigan
Internet: [email protected] OR [email protected]
------------------------------
From: Peter Swanson <[email protected]>
Subject: Re: Dorothy Denning's article in Comm. of ACM
Date: 10 Mar 1993 02:49:02 GMT
Organization: University of Michigan Engineering, Ann Arbor
In article <thomas.731450452@ponder> [email protected] (Tom Thomas) writes:
>...Dorothy Denning's defense of proposed
>legislation that would regulate the development of communication technology
>to ensure government wiretapping capabilities...
>
>...'To Tap Or Not To Tap' in the March 1993
>'Communications of the ACM'.
FYI:
Dorothy Denning has another article, 'Wiretapping and cryptography',
on p. 16 of the March 1993 IEEE Spectrum. The subject matter is the same.
--
| Peter J. Swanson | [email protected] |
| PhD Pre-Candidate | controls specialist |
| Electrical Engineering:Systems | Fortunately, ah keep muh feathuhs |
| University of Michigan | numbahd for just such ahn emergency.|
------------------------------
End of Computer Privacy Digest V2 #024
******************************
|
|
