Date: Fri, 30 Oct 92 09:57:18 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#094
Computer Privacy Digest Fri, 30 Oct 92 Volume 1 : Issue: 094
Today's Topics: Moderator: Dennis G. Rears
"M" Article: Dan Rather Reconaissance
Re: Posting grades by SSN
Re: encryption
Re: question on surrepticious
Re: ssn and traffic tickets
Re: public access to state info
Virginia Bug: FBI Finds No Basis For Prosecution
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: Todd VanderHeyden <tv@sei.cmu.edu>
Subject: "M" Article: Dan Rather Reconaissance
Organization: Software Engineering Institute
Date: Wed, 28 Oct 1992 15:46:41 GMT
The current issue of "M" ("for the civilized man")-- the one with David
Letterman on the cover-- has an article about how the writer decided to find
out how much confidential information he could obtain about a private citizen,
and used Dan Rather as a test case.
Todd VanderHeyden
------------------------------
From: Michael Mogensen-Vermillion <mwmv@athena.cas.vanderbilt.edu>
Subject: Re: Posting grades by SSN
Organization: Vanderbilt University Mathematics Department
Date: Wed, 28 Oct 1992 16:23:13 GMT
In article <comp-privacy1.93.2@pica.army.mil> David Ratner <ratner@pram.cs.ucla.edu> writes:
>
>It seems much easier for all parties if grades can be posted. I personally
>don't care if my grade is posted by my ssn. In one class at Cornell a
>waiver was actually sent to all students, and if they signed it they
>authorized the posting of their grade by ssn --- otherwise they had to
>physically ask the prof. Why not have each student make up some random
>number to post grades by, if that's what it takes.
>
When I taught at Middle Tennessee State University, my department was
advised by an attorney for the Board of Regents that it was illegal to
post by ssn. We were directed instead to ask each student to both grant
permission _and_ make up some random identifying phrase (not necessarily
a number) if they wanted his/her grade posted. If a student declined to
sign or to make up a code word, that student's grade was not to be
posted. One bonus of this method was that some of the students came up
with rather entertaining and illuminating phrases (some of which could
not be posted in a public place :^).
------------------------------
From: Michael Mogensen-Vermillion <mwmv@athena.cas.vanderbilt.edu>
Subject: Re: encryption
Organization: Vanderbilt University Mathematics Department
Date: Wed, 28 Oct 1992 16:35:05 GMT
In article <comp-privacy1.93.4@pica.army.mil> REDELSS JOHN W <ksjwr@acad3.alaska.edu> writes:
>Will it ever be possible to network with computers in privacy and security?
>Several years ago in an OMNI article I read that encryption would eventually
>make true privacy possible for everyone. It went into the math and the
>software technology more than I can remember, but it sounded good to me. Deos
>anyone know anything about this?
>
According to Macworld magazine, the NSC is trying to hamstring the power
of the encryption algorithms that network retailers are allowed to
incorporate, the justification being that the more powerful algorithms
would inhibit the ability of law enforcement angency to perform lawful
datataps in the process of criminal investigations.
In a similar vein, the FBI wants fiber optic phone systems designed with
ease-of-wire-tap in mind. This has been compared to requiring furniture
manufacturers to include built-in microphones in their sofas in case a
suspected criminal ever buys one.
------------------------------
Date: 28 Oct 1992 21:31:09 +0000 (GMT)
From: Dick Rinewalt <rinewalt@gamma.is.tcu.edu>
Subject: Re: question on surrepticious
Organization: Texas Christian Univ Comp Sci Dept
In article <comp-privacy1.93.1@pica.army.mil> james.j.menth,
jjm@cbnewsb.cb.att.com writes:
>In article <comp-privacy1.92.8@pica.army.mil>
bu676@cleveland.freenet.edu
>(Cheryl L. Kerr) writes:
>>
>>During a recent legal problem, I was advised by my attorney that
>>it is completly legal to tape a face-to-face or phone conversation
>>with out notifying the other party(ies) involved as long as YOU ARE
>>A PARTY TO THE CONVERSATION (e.g. Only you need to know it is being
>>taped). Since I wasn't involved in any clandestined work, I didn't
>>get any legal info on wire taps.
>>
>This was probably good advice in your state, as it is in mine, however
>although individual states may not pass legislation less restrictive
>than Federal laws they can usually go the other way. The phone books
>usually have a section in the front (Mine was titled "Your Responsi-
>bilities") that gives the policy applicable in your area.
However, I was advised by an attorney that that section of the phone
book is merely part of the phone company tariff. I was told that it is
policy not law (in Texas, at that time,...).
Dick Rinewalt Computer Science Dept Texas Christian Univ
rinewalt@gamma.is.tcu.edu 817-921-7166
------------------------------
Date: Wed, 28 Oct 92 12:46:57 -0600
From: Eric Hunt <bsc835!ehunt@uunet.uu.net>
Subject: Re: ssn and traffic tickets
> In article <comp-privacy1.92.6@pica.army.mil> fns-nc1!fns-nc1.fns.com!vib@concert.net (Victor Bur) writes:
> As for traffic tickets, I don't think it's illegal to forget your SSN
> and to not have it written down anywhere handy. Just tell the cop he
> will have to forgive your traffic infraction because your SSN is not
> available.
In Alabama, your SSN is printed on your driver's license. It's *not* the
DL#, but it is printed on the card itself.
How many other states also have the SSN printed on the license?
---
Eric Hunt | bsc835!ehunt@uunet.uu.net (preferred)
Birmingham-Southern College | eric.hunt@the-matrix.com
Birmingham, Alabama 35254 | ^--- Nothing longer than 100 lines
------------------------------
Date: Thu, 29 Oct 92 17:21:05 -0800
From: "Harry I. Rubin" <harry@tenet.icsi.berkeley.edu>
Subject: Re: public access to state info
An article titled "Car Break-in Ring Cracked," by Tom Alex of the Des
Moines (Iowa) Register, appearing Friday, October 9, 1992 (page 1M)
tells how "youths" (is that like juvenile delinquents?) used computer
records to facilitate auto break-ins.
These "youths" would spot cars with expensive stereo gear in parking
lots during the day and note the license plate numbers. They then went
to an Iowa State Department of Transportation office at a local
shopping mall which provides public access computer terminals, and used
the terminals to look up the names and home addresses of the owners of
the cars! The thieves would then break into the cars at night, at
times and places where they were unlikely to be discovered and could
burgle at their leisure.
From the article, it sounds like they have had security problems with
the public access terminals for a while. The "solution" the state
developed is to require people to identify themselves by some sort of
sign-on procedure to look up license plate numbers; "that does provide
at least some tracking of inquires," according to one official.
I have mixed feelings about this. Part of me is horrified that any
bozo is allowed to walk up and look up people's home addresses and
such. On the other hand, it is "public information." I must applaude
the state for trying to make information available in an easy way.
"They should have more safeguards" is one reaction, but what
safeguards? They can't give every person in the state a password, and
without something like that, and access controls on what every person
can look at, there are no safeguards. The scheme that the article
mentions so briefly sounds ridiculous; what do they do, make you type
your name? OK: "John Q. Public." The only other approach would be to
make the counter clerks check and record some sort of ID before you can
use the public access terminals, but I presume that would defeat part
of the reason for having them there, to off-load the clerks.
Maybe the bottom line is that it really is too dangerous to allow the
general public to get at data. I would hate to think that is really
true. And there will always be some people who can wangle access, then
they have an advantage over the rest of us.
------------------------------
From: Nigel Allen <ndallen@nyx.cs.du.edu>
Subject: Virginia Bug: FBI Finds No Basis For Prosecution
Organization: Nyx, Public Access Unix @ U. of Denver Math/CS dept.
Date: Fri, 30 Oct 92 02:46:21 GMT
Here is a press release from the U.S. Department of Justice.
FBI Finds No Basis For Prosecution in Case of Transmitting Device
Found in Va. Capitol Building
To: State Desk
Contact: Elizabeth Smith of the U.S. Department of Justice,
202-514-2007
RICHMOND, Oct. 29 -- Richard Cullen, United States Attorney
for the Eastern District of Virginia, announced today that the
Federal Bureau of Investigation has concluded its investigation
into events surrounding the transmitting device found
in the office of the governor's chief of staff.
Cullen has concluded that there is no basis for federal
prosecution.
The device was discovered in the afternoon of Aug. 20 and was
reported to the FBI on the following day.
Robert Satkowski, special agent in charge of the Richmond field
office of the FBI, stated that upon examination by the FBI, the
transmitting device had no battery, was turned off, and the antenna
was broken. Further, the device was of a type manufactured without
any serial number or other identifying markings and was distributed
to a large number of sales outlets across the nation. Accordingly,
it is not traceable to a particular buyer.
The device cost between $300 and $600.
-30-
------------------------------
End of Computer Privacy Digest V1 #094
******************************