Date: Fri, 18 Dec 92 16:21:21 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#115
Computer Privacy Digest Fri, 18 Dec 92 Volume 1 : Issue: 115
Today's Topics: Moderator: Dennis G. Rears
alt.privacy
Comm Week article omits PGP
The UPS clipboard
Re: Blockbuster Video
Re: Blockbuster Video
PA DMV
Signatures
Re: More on SSNs as used by VA DMV
Re: Computer Privacy Digest V1
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Carl Oppedahl <oppedahl@panix.com>
Subject: alt.privacy
Date: Wed, 16 Dec 1992 01:32:25 GMT
Organization: PANIX Public Access Unix & Internet, NYC
An article in a recent issue of the New York Times describes a lawsuit
in which Mervyn's Department stores in California may be
eligible for nearly $6 million worth of vouchers. The store had been
requiring customers to reveal their telephone numbers when using
charge cards, but state law says customers did not have to.
Four customers sued, and now the store is settling.
Keep up the good work, I say.
Carl Oppedahl AA2KW (intellectual property lawyer)
30 Rockefeller Plaza
New York, NY 10112-0228
voice 212-408-2578 fax 212-765-2519
------------------------------
From: Carl Oppedahl <oppedahl@panix.com>
Subject: Comm Week article omits PGP
Date: Wed, 16 Dec 1992 01:38:14 GMT
Organization: PANIX Public Access Unix & Internet, NYC
An article in the December 14, 1992 Communications Week describes
an encryption arrangement said to be used by "many users", namely
using a public-key method to encrypt a DES key which is then used
to encrypt the message.
The article goes on at length but somehow manages to miss PGP, which
I suspect is the most widely used software that does this.
The article mentions RSA, of course, and quotes Prof. Hellman.
The article then mentions that RSA's encryption is used in Novell
Netware Release 4, in Lotus Notes, and in Microsoft Windows for
Workgroups.
Carl Oppedahl AA2KW (intellectual property lawyer)
30 Rockefeller Plaza
New York, NY 10112-0228
voice 212-408-2578 fax 212-765-2519
------------------------------
Subject: The UPS clipboard
From: "Roy M. Silvernail" <roy@cybrspc.uucp>
Date: Thu, 17 Dec 92 22:43:17 CST
Organization: Villa CyberSpace, Minneapolis, MN
I'm going to pull together several responses, in the interest of saving
bandwidth...
Brian Bousman <bbousman@zeus.muse.rockwell.com> writes:
> It seems to me that if you are worried about your signature being
>digitized and used for other purposes then you cannot sign *anything*
>because all it takes is a scanner to get it from a paper version of
>your signature.
and volpe@bart.nosubdomain.nodomain (Christopher R Volpe) writes:
>Why is this new gadget any more dangerous than the status quo? Anyone
>can digitize a signature from paper using your average image scanner.
That's a valid point. I have the feeling that UPS' old paper records
were handled a bit more securely than the clipboards, by virtue of the
physical paper itself. Everyone associated knew it was the only copy
existing. But that's just a feeling, so I can't press it too far.
The problem I saw was not so much the actual risk (which, since I've
seen no abuses, is probably as small as everyone at UPS claimed), but
with their attitude.
Consider that instead of a physical paper trail, you have valuable data
being stored electronically. No one at UPS could tell me if that data
was stored in the clear. The most knowledgable person I spoke to did
not know the term 'encryption'. Given that I'm familiar with the
company building the clipboards, if this product follows their usual
design practices, it's implemented around an 8051 derivative processor
and static RAM. It may, in fact, store data in EEPROM to avoid
inadvertant power loss. Both memories' contents can be recovered by a
skilled tech, regardless of the wishes of the host processor. Even if
they have gone to a more powerful processor, the memory must be held
static for the duration of the shift. The stored data are therefore
vulnerable.
Consider, also, that the signature may actually be the least valuable
piece of information in that record. How much could you tell about a
competitor if you had access to their UPS shipping records? In many
cases, even the insured value of packages is recorded.
No one at UPS knew of any audit trail established for the clipboards.
The one rep told me the boards were 'dumped and cleared' at the end of
each shift, but could not confirm that residual data was actually
overwritten. He also didn't know if a board could be dumped more than
once.
That brings up the next scenario, which made the UPS folks bristle the
most. The most vulnerable point for stored data on these clipboards is
when the board is in the posession of the driver. A reasonable man
cannot arbitrarily discount the possibility of crooked employees.
What's to stop a scrupulously challenged (tm) driver from stopping by a
contact point and dumping his board in exchange for a not-so-small
gratuity? The data is copied, but UPS still gets it as usual. They're
none the wiser, the driver is some the richer, and my company's shipping
habits are being studied by my competitor.
I need a better answer than "That will never happen." But that's the
only answer UPS had for my questions.
Finally, Ed Ravin <eravin@panix.com> writes:
>Do what many of us techno-troublemakers are already doing with junk mail
>lists -- sign an extra middle initial or two, or otherwise alter your
>moniker so that you can identify "the signature I use on UPS clipboards".
I do this already. I don't actually sign my name at all, and there's no
danger of what I do write being mistaken for my legal signature.
>>But UPS hasn't started dumping the clipboards' contents by radio, yet.
>
>Don't worry, be happy, the Electronic Communications Privacy Act makes it
>illegal for anyone to "listen" to the stuff :-) :-)
Gosh, I feel so much more secure now! :-)
I wouldn't have been so peeved, but the flat refusal of anyone to even
grant the existance of a risk really got me. This really goes for the
netters, as well as UPS. The risks may not be greater than those of the
paper records, but they are _different_ risks and need to be
specifically addressed. The fact that no abuses have come to light may
mean the system really is secure.
Or it might just mean the guys getting those extra dumps tip really
well.
--
Roy M. Silvernail | #include <stdio.h> | "press to test"
roy%cybrspc@cs.umn.edu | main(){ | <click>
cybrspc!roy@cs.umn.edu | float x=1; | "release
| printf("Just my $%.2f.\n",x/50);} | to detonate"
------------------------------
Date: Fri, 18 Dec 92 10:07:46 -0500
From: Doctor Math <root@sanger.chem.nd.edu>
Subject: Re: Blockbuster Video
In Digest: Volume 1, Issue 113, Message 7 of 9,
BRYAN@wvnvm.wvnet.edu (Jerry Bryan) writes:
>I just had my first encounter with Blockbuster Video. They wanted
>my driver's license number, my SSN, a credit card number, where
>I worked, and my boss's name. I balked on the SSN, they would not
>give in, and I walked out.
A friend of mine had an experience with Blockbuster that went like this:
Jealous ex goes to Blockbuster, convinces staff that he has permission
to check out tapes using her account, never returns the tapes, she gets
stuck with a large bill (it just appeared on the credit card statement).
Complaints to Blockbuster management (both verbal and written), while
not ignored, did no good whatsoever.
Conclusion: Blockbuster's concept of 'security' is: "We have authorization
to charge your credit card." It would seem to be all the security they
need - this way, they're never out any money :) :( :(
It could be argued that there are other video rental stores, but it can
also be said that Blockbuster would rather this not be true, and is likely
doing everything they can to eliminate the competition.
As it happens, the University put a video rental place in the Student
Center. You use your student or staff ID, which has your SSN embossed on
it along with your name... Back to square one, almost; since the
University already KNOWS your SSN, it's not like giving it out to a
third party, which is at least a minor bonus.
------------------------------
From: "Glenn R. Stone" <gs26@prism.gatech.edu>
Subject: Re: Blockbuster Video
Date: 18 Dec 92 18:28:52 GMT
Reply-To: glenns@eas.gatech.edu
Organization: The Group W Bench
In <comp-privacy1.113.7@pica.army.mil> BRYAN@wvnvm.wvnet.edu (Jerry Bryan) writes:
>I just had my first encounter with Blockbuster Video. They wanted
>my driver's license number, my SSN, a credit card number, where
>I worked, and my boss's name. I balked on the SSN, they would not
>give in, and I walked out.
Gee. BB here in HotLanta only wanted a card number and place of
employment; there was an explicit doodad that said you didn't have
to give your ssn if you didn't want to; they generated an eleven-digit
membership number.... I don't know if the ssn was included in the
number if you gave it to them or not. I didn't get any static at
all about not giving the SSN ('specially since I circled the section
that said I didn't have to).....
Not that I go thru there anymore.... <sigh>
-- Glenn R. Stone (glenns@eas.gatech.edu)
Don't throw matches in the urinals, for they are subtle and quick to anger.
--wilson
------------------------------
Date: Fri, 18 Dec 1992 13:02:57 -0500 (EST)
From: "L. Jean Camp" <lc2m+@andrew.cmu.edu>
Subject: PA DMV
The Pennsylvannia DMV requires that you ontain a SS# if you do not have
one to get a license. Then your SS# is printed on your lincense, not as
your license number, but in addition to. It is very common for people to
ask for your DL and start to write down your SS#. I just pull it away
from the clerk. At that point, the check is written, they have my
license number. Noone has yet refused my check.
If I lose my DL anyone who finds it could commit credit fraud with no
difficulty. All it would take is a simple form. Why do they want my SSN?
Because they can get it; and there are so many hurdles to jump through,
people are exhausted when the license finally hits our hot little hands
we will not fight it. I'm not paying a lawyer!
Jean
------------------------------
Acknowledge-To: WHMurray@DOCKMASTER.NCSC.MIL
Date: Fri, 18 Dec 92 08:22 EST
From: WHMurray@dockmaster.ncsc.mil
Subject: Signatures
>Why is this new gadget any more dangerous than the status quo? Anyone
>can digitize a signature from paper using your average image scanner.
>
>-Chris
>
>--
>==================
>Chris Volpe
Well, first, this is the status quo. Technology determines
practice, not the other way around. Second, what one should
learn from it is the limitations of signatures before it was
easy to digitize them.
From David Bowman:
> It seems to me that if you are worried about your signature being
>digitized and used for other purposes then you cannot sign *anything*
>because all it takes is a scanner to get it from a paper version of
>your signature.
Signatures have served us very well, but only for a couple of
hundred years. Three factors have contributed to this.
First, for most of us, it is very difficult for us to disown
our legitimate signature. It is so obvious to us that the
signature is ours that we believe that it is equally obvious to
others. However, if you think about it, while you are expert
at your own signature, you, and almost everyone else, are lousy
at anyone elses.
Second, although few of us ever see one, we are equally expert
at recognizing forgeries of our own signatures. The law provides
us with an easy way to disown these. We simply assert that
a particular instance of the signature is a forgery. For example,
if someone were to forge your signature to a check, you could
simply go to your bank, assert that the signature is not yours,
sign an affidavit to that affect, and the bank will take the
check back and credit your account. They will do this even if
they really believe that the signature is valid, since all they
are going to do is return the check, for credit, to the party
from whom they got it.
Of course, this only works for routine transactions. It will
not work for real property transactions or for wills, affidavits,
or testaments. For these, the signatures of multiple witnesses
and a notary public are required. These parties attest that
they watched you sign the document and this makes it more
difficult to disown. Note that the notary public is commisioned
by the state particularly for this purpose.
Finally, while easy to forge in ideal circumstances, signatures
are very difficult to forge in real time, under scrutiny. Thus,
if I ask you to sign or endorse your check in front of me, and
if it is not obviously different from the one on your driving
license, and if you wrote normally and did not draw, then I can
have a high degree of confidence in it. If I do not see you
sign it, if I could not testify in court that I saw you sign it,
then the signature has far less value.
The UPS case demonstrates this. Note that UPS has no reference
of your signature against which to compare the instance that
you provide. It is good evidence only because the driver can
testify that he saw you put it in. While it could be helpful,
in the same manner as any other digital or analog record of your
signature, in perpetrating a fraud, it is far from sufficient
for doing so.
Signatures are only evidence, they are not proof. They work
because they are rarely disowned. While, the cases in which
they are disowned make interesting reading, they are exceptions.
In most litigation, the legitimacy of the documents is
stipulated. It is their meaning that is in dispute.
Rational discussion of signatures is difficult because in our
culture they are emotionally associated with identity. For
our purposes it is sufficient to understand their limits and
to understand that in the presence of high quality recording and
reproduction equipment, they are likely to be even more limited.
William Hugh Murray, Executive Consultant, Information System Security
49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840
1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL
------------------------------
From: "Michael T. Palmer" <palmer@icat.larc.nasa.gov>
Subject: Re: More on SSNs as used by VA DMV
Date: 18 Dec 92 14:11:21 GMT
Organization: NASA Langley Research Center, Hampton, VA USA
In the Sunday, December 13 issue of the (Hampton, VA) Daily Press, the
front page of the business section had a long article (complete with cute
graphic showing a masked thief "entering" a computer) about how much
easier it is to commit fraud when you know someone's SSN. A couple of
case histories were provided, along with comments by legislators, the
VA State Police, and business leaders that using the SSN as the driver's
license number is both unnecessary and potentially harmful.
If anyone is interested, I will type it in over the weekend and provide
it in a posting. I plan to make photocopies of it to send to my state
delegate and state senator, along with a (polite) letter explaining how
I expect them to quickly pass legislation to protect their constituents.
P.S. Yesterday I got my new VA license (renewal). Not only is it the
worst picture EVER taken of me, but now the SSN is emblazoned in large
red letters across the front, right next to my digitized picture and
just above my digitized signature. YIKES!! And does anyone have a mag
stripe reader so I can find out what's on that black area on the back?
--
Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681
Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov
RIPEM Public Key available soon --- Consider it an envelope for your e-mail
------------------------------
From: Eric Hunt <bsc835!ehunt%bsc835bsc.edu@uunet.uu.net>
Subject: Re: Computer Privacy Digest V1
Date: 18 Dec 92 17:39:24 GMT
Organization: Birmingham-Southern College
In article <comp-privacy1.114.4@pica.army.mil>, bjwhitlock@vnet.ibm.com (Brad Whitlock) writes:
> And by the way, do you demand to see the original SSA-issue SSN card?
Alabama recently (last 2 years) began requiring SSN's for all students
entering school. No SSN, no school.
What's even worse, is they simply REFUSE to accept the number by itself, they
require the actual SSA-issued card. My sister was a week late starting school
because they wouldn't let her in the doors without a SSA-issue card. It
took a week to get a new one made, we had lost the original from when she
was born.
[Moderator's Note: Is this colleges, high schools, or primary schools?
._dennis ]
------------------------------
End of Computer Privacy Digest V1 #115
******************************