Date: Mon, 07 Dec 92 18:11:51 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#109
Computer Privacy Digest Mon, 07 Dec 92 Volume 1 : Issue: 109
Today's Topics: Moderator: Dennis G. Rears
Re: Digital Licenses in NY State
Re: Digital Licenses in NY State
Re: Digital Licenses in NY State
Re: Digital Licenses in NY State
Re: Computer Privacy Digest V1#106
Re: Fully automated speeding tickets
Re: Privacy in VA
Re: moderator misinformation
Re: SSN and privacy
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Mitch Collinsworth <mkc@graphics.cornell.edu>
Subject: Re: Digital Licenses in NY State
Date: 4 Dec 1992 11:50:28 -0500
Organization: Cornell University Program of Computer Graphics, Ithaca, NY
In article <comp-privacy1.106.10@pica.army.mil> shearson!jenny!mjohnsto@uunet.uu.net (Mike Johnston) writes:
>Today's (12/3/92) New York Times carried a small article in the Metro
>section describing NY's new licenses. In a nutshell, drivers will
>have *both* their pictures and signatures digitally stored on the
>state's computers. This makes me nervous.
I read an article in my AAA club's newsletter in September about this
and was planning to post a message here outlining it and my objections
to having a digital copy of my signature stored in gov't computers.
But then a few days later I walked into the polling place for the
primary election and was presented with a new form of sign-in book in
which I was instructed to sign below my name. The book was clearly the
output of a laser printer. My name appeared twice, once in type and
once in a pixel reproduction of my signature. I decided it was already
too late...
>This is really getting to be too much.
Needless to say, I voted for the candidate who said we need to reduce
government rather than the one who wanted to expand it.
Interestingly, when I returned in November for the general election, I
found the familiar old sign-in method which had my name on a card of its
own and the original ink version of my signature from each time I had
voted there in the past, each on succeeding lines.
-Mitch Collinsworth
mitch@graphics.cornell.edu
------------------------------
From: Mike McNally <mcnally@quip.eecs.umich.edu>
Subject: Re: Digital Licenses in NY State
Organization: University of Michigan EECS Dept., Ann Arbor, MI
Date: Fri, 4 Dec 1992 15:40:17 GMT
In article <comp-privacy1.106.10@pica.army.mil> Mike Johnston <shearson!jenny!mjohnsto@uunet.uu.net> writes:
>
>Today's (12/3/92) New York Times carried a small article in the Metro
>section describing NY's new licenses. In a nutshell, drivers will
>have *both* their pictures and signatures digitally stored on the
>state's computers. This makes me nervous.
[...]
>My biggest problem is this: I don't want my picture and signature
>digitally stored on NY's computers, where it can easily be transmitted
>to anyone the state deem's fit to receive it. This could include
>the Federal Government, other State's and various agencies within
>our own state. I won't even get into the ramifications of having
>my SIGNATURE stored where someone can replicate it, perfectly, every
>time they need to.
>
>It seems the privacy issues here have either been ignored or swept
>under the carpet.
It seems to me that elementary logic has either been ignored or swept
under the carpet.. The very interesting thing about this post is that
while I'm sure the author earnestly believes this is a privacy issue,
his privacy is not in any significantly greater jeopardy because the
stroage media employed by the NY state DMV has changed. The real issue
is paranoia towards digital technology and its applications. Unless
the author earnestly believes that photocopies and fascimiles of his
motor vehicle permit cannot now be easily transmitted to "the Federal
Government, other State's and various agencies within [his] own state," I
I fail to see how digital storage of information that is already kept
throws his personal privacy into serious danger.
-mcnally.
------------------------------
From: Carl Oppedahl <oppedahl@panix.com>
Subject: Re: Digital Licenses in NY State
Date: Fri, 4 Dec 1992 17:19:57 GMT
Organization: PANIX Public Access Unix, NYC
In <comp-privacy1.106.10@pica.army.mil> shearson!jenny!mjohnsto@uunet.uu.net (Mike Johnston) writes:
>Today's (12/3/92) New York Times carried a small article in the Metro
>section describing NY's new licenses. In a nutshell, drivers will
>have *both* their pictures and signatures digitally stored on the
>state's computers. This makes me nervous.
>The reasons given are 'easier storage and retrieval and will result in
>more secure and higher-quality licenses and ID's'. Also noted is that
>duplicate licenses will be available within three weeks WITHOUT visiting
>the DMV. This is probably the hardest part of all to believe, as anyone
>who's ever tried to get ANYTHING from Motor Vehicles will attest.
>My biggest problem is this: I don't want my picture and signature
>digitally stored on NY's computers, where it can easily be transmitted
>to anyone the state deem's fit to receive it. This could include
>the Federal Government, other State's and various agencies within
>our own state. I won't even get into the ramifications of having
>my SIGNATURE stored where someone can replicate it, perfectly, every
>time they need to.
So here's an idea. When you go to the DMV to renew your next license,
they are going to ask you to write on some special writing pad with
a stylus, so that they can digitally capture your signature. Most
people, I suppose, will sign the same signature they put on everything
else, including their checks. But does the law require this?
Presumably not. So instead of signing "firstname lastname" on the
writing pad, why not sign "firstname DMV lastname".
And put one or two distinctive loops or whirls on the firstname
and lastname portions as well.
Then, whoever might be tempted to misuse the digitally stored signature
will pick somebody else to harm.
Carl Oppedahl AA2KW (intellectual property lawyer)
30 Rockefeller Plaza
New York, NY 10112-0228
voice 212-408-2578 fax 212-765-2519
------------------------------
Subject: Re: Digital Licenses in NY State
Date: Fri, 4 Dec 1992 19:28:13 -0600 (CST)
From: Ron Bean <nicmad!madnix!zaphod%astroatc.UUCP@cs.wisc.edu>
Content-Type: text
Content-Length: 1150
Mike Johnston <shearson!jenny!mjohnsto@uunet.uu.net> writes:
>.............. I won't even get into the ramifications of having
>my SIGNATURE stored where someone can replicate it, perfectly, every
>time they need to.
Perhaps you could sign your DL in such a way as to make it
appear different from your usual signature. I don't mean that you
should sign a bogus name-- just use your own name but make the
first letter a different shape, or leave out your middle initial
if you normally include it, or include it if you normally don't,
or anything else to make it unique.
As long as you're not trying to defraud anyone, it's still a
valid signature. Since other organizations (such as UPS) are
digitising signatures, a better strategy might be to get in the
habit of *dating* everything you sign (although the date could
still be cut off or altered).
This wouldn't prevent anyone from comitting fraud in your
name, but it would make it possible for you to say later, "That
signature was copied from my driver's license", and be able to
prove it.
==================
zaphod@madnix.UUCP (Ron Bean)
uwvax!astroatc!nicmad!madnix!zaphod
------------------------------
Date: Fri, 4 Dec 92 8:06:47 EST
From: "John DiLeo, CSB" <dileo@brl.mil>
Subject: Re: Computer Privacy Digest V1#106
In Issue #106, our esteemed moderator said:
[Moderator's Note: New Jersey has banned the use of photo radar. ._dennis ]
In Maryland, photo radar units have recently appeared on Interstate 95.
The units that I have seen so far have been in marked State Police vehicles
parked between the median guardrails, so they have been relatively easy to
spot. I think that it is important to note, however, that this was never
mentioned to the public, and noone made any sort of issue of it; they simply
appeared.
--John DiLeo
dileo@brl.mil
------------------------------
From: "P.Debenham" <ppxpmd@unicorn.nott.ac.uk>
Subject: Re: Fully automated speeding tickets
Organization: Cripps Computing Centre, University of Nottingham
Date: Fri, 4 Dec 92 14:14:39 GMT
Apparently-To: comp-society-privacy@uknet.ac.uk
Radar triggered speeding cameras are already in use in a number of places.
In the Australian state of Victoria they are used with the right for the
person accused to see the photograph taken before being forced to pay up.
The UK has changed its laws to allow similar cameras but what your rights are
to see the original data (ie the photo) I do not know. One test report for
a week recently logged (correctly) that about 60% of drivers were at least
10mph over a 40mph speed zone.
Neither of these schemes currently issue tickets without human examination of
the photographs but I have do know that such a scheme is being tested here in
England already. Given our parliaments general lack of ability to cope with
privacy related issues involving technology I am sure that once working such
cameras will get the go ahead.
------------------------------------------------------------------------------
Peter Debenham, Physics Dept., University of Nottingham
------------------------------
Date: Fri, 4 Dec 1992 21:28:24 -0500
From: MICHAEL LAUREN SHERMAN <mlsa@lehigh.edu>
Subject: Re: Privacy in VA
Organization: Lehigh University
>
>Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar
>detectors. Personally, I wouldn't live in a state which says I can't own a
>radio receiver, not to mention that it's overbuilt, over crowded and you can't
>get anywhere on a Saturday because of traffic. If you're going to be working
>in DC, I'd look into moving to Maryland. But that's just my opinion.
>
Agreed, the problem is that if you have a radar detector, especially a built
in like my father has, and live in Md. but are often in Va. I imagine it may
be quite a pain in the ass (I never really asked him if this was the case)
Also, any truth to the rumor that the cops can tell if it is on or not. If
not my advice is get a built in and turn it off before the cop gets to the car.
--
MICHAELLAURENSHERMANMICHAELLAURENSHERMANMICHAELLAURENSHERMANMICHAELLAURENSHERMA
N I THOUGHTS OF THE WEEK: 1 Float like a M
I MICHAEL LAUREN SHERMAN C Butterfinger, stink like a beet I
H 215-758-0207 H 2. If you uncle Jack was on a horse andC
A E he was done but couldn't get of on his H
E MLSA@LEHIGH.EDU A own, would you help your uncle Jack A
------------------------------
From: John De Armond <jgd@dixie.com>
Subject: Re: moderator misinformation
Date: Sat, 05 Dec 92 04:51:04 GMT
Organization: Dixie Communications Public Access. The Mouth of the South.
Paul Wallich <pw@panix.com> writes:
>In many states, New York among them, medical records belong by law
>to the patient. This means that the patient can legally control
>access to the records (modulo what insurance companies insist on
>knowing) and can compel a physician to turn those records over to
>the patient or another physician. The question of who owns medical
>records or phone records (or any number of other items of personal
>information) is not nearly as settled as the moderator's notes might
>make it appear.
>From a post made earlier in the year in another group:
]Russell Lawrence, russ@wpg.com uunet!wpg!russ wrote
]
]According to a survey of state laws conducted in 1989
][out-of-date, perhaps] and published in the March/April, 1989
]issue of _Hippocrates_ [aka _IN Health Magazine_]:
]
]NY statutes guarantee patient access to doctor records, hospital
]records and mental health records. States with similar laws
]guaranteeing across-the-board access include: Alaska, California,
]Colorado, Connecticut, DC, Florida, Georgia, Hawaii, Illinois,
]Indiana, Massachusetts, Michigan, Minnesota, Montana, Nevada, New
]Jersey, South Dakota, West Virginia, and Wisconsin.
]
]PA and Ohio had no law concerning patient access to doctor
]records, but legally guaranteed patient access to hospital
]records. Both states allowed patient access to mental health
]records with a provision for supervision in cases where
]those records might be deemed harmful to the patient. The
]absence of a law guaranteeing access might be a stumbling
]block for patients who are timid, but it's easily overcome
]by assertive people.
]
]I can vouch for the NY laws, but personally haven't read the
]statutes in PA and Ohio.
>[Moderator's Note: I stand partially corrected. The point I was making
>is that there are many records that people think belong to then when in
>reality they belong to somebody else. ._dennis ]
In reality all it says is we still have a lot of work to do to get
the necessary laws passed to protect our personal information.
John
--
John De Armond, WD4OQC |Interested in high performance mobility?
Performance Engineering Magazine (TM) |
Marietta, Ga |Interested in high tech and computers?
jgd@dixie.com |Write me about PE Magazine
Need Usenet public Access in Atlanta? Write Me for info on Dixie.com.
------------------------------
From: John F Carr <jfc@athena.mit.edu>
Subject: Re: SSN and privacy
Organization: Massachusetts Institute of Technology
Date: Sat, 5 Dec 1992 18:13:06 GMT
In article <comp-privacy1.106.2@pica.army.mil>
Michael Gersten <michael@stb.info.com> writes:
>How does this cause problems? Well, call up the utilities, and identify
>yourself by the SSN (you only have it if you are that person, or
>empowered to work for them, after all, they're private, right?)
Another example:
MIT often requires only a student ID number for authentication (for
undergraduates, this is usually the SSN). Want to check someone's account
balance or registration status? All you need is the ID number. They don't
even ask for your name. (Males may need a female accomplice, and vice
versa, in case they notice the sex of the name on the computer screen and it
doesn't match the sex of the person asking the questions.)
More problems arise when the information becomes directly accessible over a
computer system, with no human interversion. MIT is developing a system to
make registration information available from workstations on the campus net.
--
John Carr (jfc@athena.mit.edu)
------------------------------
End of Computer Privacy Digest V1 #109
******************************