Date: Tue, 08 Dec 92 17:39:26 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#110
Computer Privacy Digest Tue, 08 Dec 92 Volume 1 : Issue: 110
Today's Topics: Moderator: Dennis G. Rears
Re: SSN
Re: SSN
Re: Privacy in VA
Re: Privacy in VA
Re: User-transparent encryption?
Local Telephone records
Re: Radar Detector Prohibitions
Re: SSN and privacy
Digitized Voting Records (was Re: NY Liscenses)
Digitized Pictures and Signatures
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "BLACKMAN, EDWARD B" <ebb7683@venus.tamu.edu>
Subject: Re: SSN
Date: 6 Dec 1992 02:49 CST
Organization: Texas A&M University, Academic Computing Services
> I don't think the telephone company "owns" your phone number. They have
>obviously got certain rights in the number - but that's not like
>"owning" a house or a trademark. They have the right to prevent
>issuance of the same number to different customers in the same Area
>Code (though I think the right of the customer to have exclusive use of
>a number might be as strong as any interest the phone company has in
>the number). Again, here in Massachusetts, it is possible - by dint of
>regulatory decision - to opt out of the caller id system. I was told by
>the New England tel representative that blocking the id worked on all
>systems within their purview. It troubles me to know that Virginia does
>not have to respect my desire for privacy in this regard. And she a
>fellow "commonwealth" and guardian of freedom!
>[Moderator's Note: It is the phone company's number. They can take it
>away from you and give you another number. ._dennis ]
Only because we allow them to. Local carriers (the ones that assign your
number) are regulated monopolies. If the entity in charge of regulating
the telcos took away the power to reassign numbers, there isn't a thing
they could do about it.
[Moderator's Note: I'll let John Hidgon respond to this one. ._dennis ]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Ed Blackman | Another PROUD user of OS/2!!! |
| Internet: EBB7683@venus.tamu.edu |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| Fido : 1:117/331.10 | For you anti-RTKBA people: The era |
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= of the American Police State is |
| approaching - brace yourselves. In our zealotry to conduct the "war on |
| drugs" and to "make society safe from gun violence" we are dooming the |
| Bill of Rights. |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=( Boycott Microsoft )=-=-=-=-=-=-=-=-=-=-=-
------------------------------
Date: Tue, 8 Dec 1992 14:23:28 EST
From: Jerry Bryan <BRYAN@wvnvm.wvnet.edu>
Subject: Re: SSN
One reason that the SSN is such an issue is that it is so permanent.
For example, if you have an unlisted phone number that is compromised,
you can get a new one. If you move to a new state, you get a new
driver's license numbers. You can close out a checking account and
open a new one with a new number, etc. It is hard to get a new
(legitimate) SSN.
I wonder if the same permanence may not eventually come about with
respect to phone numbers. The moderator noted that phone numbers
belong to the phone companies. However, a great deal of thought has
been given to making phone numbers belong to the person. We may be
twenty years away technologically, but the idea is that your phone
number would follow you around for life. If you moved, or were in
your car using a mobile phone, if you were visiting a friend's house,
if you were traveling, etc., the technology would use your one and
only lifetime telephone number to get your phone calls to you.
Quite a convenience. And quite a potential invasion of privacy, I
think.
[Moderator's Note: I have a 800 number that follows me around. ._dennis
]
------------------------------
Subject: Re: Privacy in VA
From: Ed Boston <ed.boston%phant@uunet.uu.net>
Date: 6 Dec 92 22:26:00 GMT
Organization: Phantasia BBS - Boise, ID - 208-939-1350
Reply-To: Ed Boston <ed.boston%phant@uunet.uu.net>
CO>New York State has a law that they cannot make you give your phone number
CO>or address for a credit card slip. The idea is that the store has already
CO>gotten credit approval for the charge slip and has no legitimate
CO>need to know anything else.
Both Visa and MasterCard, from what I have been told, have in the
agreements with the stores that they may NOT ask for any other info such
as phone numbers, drivers licenses, or SSN on the transactions.
Ed Boston
---
. OLX 2.1 TD . "Maytag" is my middle name; I'm an agitator.
------------------------------
Date: Mon, 7 Dec 1992 12:32:30 -0500
From: Bob Goudreau <goudreau@dg-rtp.dg.com>
Subject: Re: Privacy in VA
>Paul Olson <olson@dstl86.gsfc.nasa.gov> writes:
>
> Well, you're right about the radar detectors at least. But I thought
> that Connecticut also outlawed detectors...
Not anymore. The repeal of the detector ban went into effect on
October first.
[Moderator's Note: Tom Talpey <tmt@osf.org> posted a similiar comment.
._dennis ]
----------------------------------------------------------------------
Bob Goudreau Data General Corporation
goudreau@dg-rtp.dg.com 62 Alexander Drive
+1 919 248 6231 Research Triangle Park, NC 27709, USA
------------------------------
From: Carl Ellison <cme@ellisun.sw.stratus.com>
Subject: Re: User-transparent encryption?
Date: 7 Dec 1992 07:15:48 GMT
Organization: Stratus Computer, Software Engineering
In article <comp-privacy1.107.1@pica.army.mil> egyed@lns598.tn.cornell.edu (Zoltan Egyed) writes:
>[Moderator's Note: I know of nothing. Either you trust your
>adminstrators or you don't. If a sysadmin wanted to read your mail it
>would be easy for him to get copies of it when you send it or recieve
>it. ._dennis ]
Worse than that, I believe root can read the memory of any running
program, under UNIX. Therefore, any program which kept a password in
memory would let root find it. root can also capture all keystrokes,
I believe.
The only answer is to be on a single-user machine -- not allow any other
logins (or any remote access via RPC) while you're logged in. Once you've
done that, PEM can take care of mail privacy and DES can handle file
privacy.
--
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison cme@sw.stratus.com
-- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
------------------------------
Date: Mon, 7 Dec 92 12:21:59 -0500
From: Susanna Elaine Johnson <sej3e@kelvin.seas.virginia.edu>
Subject: Local Telephone records
I don't normally post because who knows where these things end up
and who is listening, but...
I am not a US citizen and am in a fairly sensitive (it sez here)
profession. Not only do I have trouble from time to time with
DIS and DOE, but the last time Immigration came to talk to me
(which they like to do periodically) they had not just the
listing of local cals I had made but also TAPE of some of the
calls. All of this without benefit of court order, and this is
the Land of Liberty(??). Why they are interested in how many
toppings I like on my pizza, Lord only knows.
Regarding radar detectors in Virginia:
It is in fact illegal to possess, in the vehicle and connected to
a power supply, a radar detector in that state, and it is true
that they use radar detector-detectors to peg you. The fine is
$53, I know because they got me.
However:
According to the Federal Communications Comission Act of 1933 (as
amended) any person may own any type of receiver, for any type of
transmission whatsoever. Further, he may intercept on any
transmission. What he may NOT do is pass on the contents of any
such intercepted transmission to a third party. So, if my dog
barks, I can use this information but cannot legally telly you
that there is a "mountie taking pictures" up ahead...
I also recall that New Jersey had or still has on the books a law
forbidding the possession of "shortwave radios", on the grounds
that they may be used for intercepting police transmissions.
Comments from the legal beagles out there?
General comments on Virginia:
This is an interesting state. I was once arrested and spent some
days in jail for having a necklace hanging from my rear view
mirror. When I got out and went home, I found my front door
kicked in by the local police, who had searched my house without
a search warrant while I was in jail, and who had confiscated my
gun collection. Their thesis was "Nobody needs this much fire
power".
If it's any consolation for Virginians or would-be Virginians,
California appears to be even more fascist.
Anna Johnson (VE7LKL/KA3TPG) (sej3e@virginia.edu)
------------------------------
From: David C Lawrence <tale@ten.uu.net>
Subject: Re: Radar Detector Prohibitions
Date: 7 Dec 1992 18:45:01 GMT
Organization: UUNET Technologies, Inc.
In <comp-privacy1.107.7@pica.army.mil> dileo@brl.mil (John DiLeo, CSB) writes:
> Actually, I'm not so sure about DC. However, radar detectors are
> illegal in Connecticut, and the presence of one in the passenger
> compartment of a vehicle (including under the seat, unplugged) can
> (or at least once did) carry a pretty hefty penalty. If one was
> permanently installed in another state (the variety where the
> transceiver is behind the grill, and the control unit is in the
> dash) you could only be ticketed if they believed it was operating.
This isn't directly a privacy issue, but ...
The District and VA are the only two jurisdictions on their level in
the US to have a full ban on all radar detectors. CT repealed theirs.
There are various limited detector laws around (like bans on truckers
having them, but the truckers don't care because the CB works better
for their purposes anyway) but that's not quite the same.
(VA is remarkably confused about its highway policy overall. It
rather distresses me, even having come most recently from upstate NY,
where "NY is tough on speeders --- speeding is no cheap thrill." It's
not just that they're somewhat fascist (*cough*) down here, but really
_confused_ about just what they're trying to accomplish. There's a
lot of inconsistency.)
People concerned specifically about the involvement on government with
motorists should look into the National Motorists Association. They
are a motorists' advocacy group which deals with all aspects of our
highways, including the various issues of law enforcement like
harassment, unreasonable search and seizure and other activities which
readers of this forum are likely concerned about. Contact info:
National Motorists Association
6678 Pertzborn Road
Dane WI 53529
800 882 2785
David Lawrence
------------------------------
From: "Jeffrey I. Schiller" <jis@mit.edu>
Subject: Re: SSN and privacy
Organization: Massachusetts Institute of Technology
Date: Tue, 8 Dec 1992 05:08:30 GMT
Although I cannot speak for MIT administrative offices and how they
treat privacy when dealing with them "manually", I can comment on how
our efforts to provide information electronically are protected.
Privacy is a major concern with our system for providing registration
information online.
To use the on line registration information system, students first
need to have an account on our Athena distributed computing system. In
addition to being logged in to their Athena account (which requires a
password), students must also be in possession of a second "secure"
password in order to access electronic data on themselves. All
information that is sent over the network is encrypted (using keys
setup by our Kerberos authentication system). A network easedropper
will not be able to either learn their password(s) nor snoop at the
data itself when it goes across the network.
In order to register for the second "secure" password, a student must
first run a registration program (from their Athena account). This
program can only be run once (i.e., once they have their "secure"
password, they may not again register for one, if they forget it they
need to go see someone in person WITH AN ID CARD to have it changed).
Once the registration program is run, a Postal Mail verification is
mailed to them announcing that a secure password was requested and
giving instructions on what to do if they were NOT the person who
applied for it. Secure passwords are not valid for two weeks after
request to ensure enough time for this paper verification to be
delivered to the student.
Perhaps the system isn't perfect, but not because we didn't consider
student privacy in its design. Oh, and by the way, any student can
"opt out" of the system by request. If they do, their information will
not be available on-line at all.
-Jeff
P.S. In many systems it is the human clerk who doesn't understand
privacy, that results in abuse or lack of security. By replacing such
systems with computerized systems WHERE THOUGHT WAS GIVEN TO PRIVACY
PROTECTION we can actually improve the level of privacy that the
general populace has!
------------------------------
Date: Tue, 8 Dec 1992 7:57:08 -0500 (EST)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Digitized Voting Records (was Re: NY Liscenses)
In Computer Privacy Digest Volume 1 : Issue: 109
Mitch Collinsworth <mkc@graphics.cornell.edu> writes:
>In article <comp-privacy1.106.10@pica.army.mil> shearson!jenny!mjohnsto@uunet.uu.net (Mike Johnston) writes:
>
>>Today's (12/3/92) New York Times carried a small article in the Metro
>>section describing NY's new licenses. In a nutshell, drivers will
>>have *both* their pictures and signatures digitally stored on the
>>state's computers. This makes me nervous.
>
> ... I walked into the polling place for the
>primary election and was presented with a new form of sign-in book in
>which I was instructed to sign below my name. The book was clearly the
>output of a laser printer. My name appeared twice, once in type and
>once in a pixel reproduction of my signature. I decided it was already
>too late...
>
>Interestingly, when I returned in November for the general election, I
>found the familiar old sign-in method which had my name on a card of its
>own and the original ink version of my signature from each time I had
>voted there in the past, each on succeeding lines.
I worked as an Election Inspector this year and maybe I can shed some
light on this.
New York is in the process of updating the records of every voter, adding
some and deleting some information (SSN for one) so new buff cards are
being phased in as the older ones fill up with signatures.
The double signatures for the first entry on the new cards is to provide
a check for later elections. The first signature should be done when
registering for the first time, but additional cards have to be signed
twice at the polling place (and even that isn't foolproof).
These records are a mess and having the Boards of Elections in the Cities
and Counties digitize the signatures will take years and still not be
accurate.
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
Date: Tue, 8 Dec 1992 8:09:05 -0500 (EST)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Digitized Pictures and Signatures
Several people have discussed digitizing drivers liscense signatures and
pictures and also digitized signatures on voting records.
My employer issues digitized IDs for every employee, guest employee and
contractor on site (the ID number IS NOT the SSN). The signature is
made using an ordinary felt tip pen and when the picture is taken, both
are recorded on a CD for later reproduction on a credit card-like piece
of plastic with a magnetic stripe on the back (no, I can't find out what
if anything is on that stripe according to Personnel and Security).
I do worry about the NY DMV having this kind of information though,
since it is not the world's most efficient organization.
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
End of Computer Privacy Digest V1 #110
******************************