Date: Tue, 22 Dec 92 16:58:46 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#117
Computer Privacy Digest Tue, 22 Dec 92 Volume 1 : Issue: 117
Today's Topics: Moderator: Dennis G. Rears
Holiday Schedule
Policy on Submissions
Re: The UPS clipboard
Re: Digital Licenses in NY State
Re: More on SSNs as used by VA DMV
Re: Comm Week article omits PGP
Re: Schools and SSN
Re: Sallie Mae and SSNs
Re: SSN and Schools
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Tue, 22 Dec 92 16:54:10 EST
From: Computer Privacy List Moderator <comp-privacy@pica.army.mil>
Subject: Holiday Schedule
Due to the holidays I will not be publishing the digest from Dec 25 -
Dec 29. The last digest will go out the morning of the 24th. I will
save all submissions for when I come back. I extend best wished for a
happy holiday season to everyone.
dennis
------------------------------
Date: Tue, 22 Dec 92 16:55:31 EST
From: Computer Privacy List Moderator <comp-privacy@pica.army.mil>
Subject: Policy on Submissions
Policy on Posting to the Computer Privacy Digest.
Revision 1.0
27 Nov 1992
Introduction:
The Computer Privacy Digest is an electronic digest dedicated to the
discussion of how technology affects privacy. The digest is burst into
separate articles and fed into the USENET newsgroup comp.society.privacy.
The newsgroup and digest are different forms of the same forum.
Discussions should be centered around the following topics:
o Technology - What devices are out there now and are on the
drawing boards that will enhance or take away privacy from
individuals and entities.
o Ramifications - What are the ramifications are current and new
technology.
o Public Policy - What should public policy be in regulating,
not regulating, and/or using the technology. Privacy includes the
right of the individual/entitity to privacy against other
individuals, entities, businesses, and the various forms of
government.
o Education - This kind of goes with ramification. One of the
functions of this forum should be to educate people on how
current technology affect their privacy. This can range from
corporate data bases to credit card usage.
1. Submissions:
a. All submissions should be emailed to comp-privacy@pica.army.mil or
posted to the comp.society.privacy newsgroup. Only submissions that
are relavant to the charter of the forum will be published. Please
keep text to under 76 characters per line. Personal attacks, excess
flamage, or libelous postings will not be published.
b. Submissions should not be sent to comp-privacy-request@pica.army.mil.
This address is for drop/add requests, administrative changes, and
confidential requests to the moderator. Those submissions sent to
that address will only be published is explicit permission is granted
to publish by the poster.
c. Anonymous submissions
2. Copyright Issues
a. It is assumed that the copyright on material submitted to the CPD
will remain with the author. In the case where the author is the
submitter, it is assumed that the author explicitely grants (by the act
of submitting the material) permission for the material to be published
in the CPD, to be posted to the USENET group comp.society.privacy, and
to any archiving of either medium.
b. When the submitter is not the owner of the copyright, only those
submissions which carry a notice from the submitter that the permission
of the copyright holder has been obtained will be accepted. This does
not apply to limited inclusions of copyrighted material that meet the
fair use criteria.
3. Signal to Noise Ratio:
It is my desire to keep a high signal to noise ratio. As a result
a particular posting may not be published or a subject thread might
be terminated when postings start to fail to shed new insight into
the subject. I welcome submissions on new topics and encourage them.
The quality of the digest is up the readers and posters.
Dennis G. Rears
Moderator, The Computer Privacy Digest
------------------------------
From: dcg5662@hertz.njit.edu (Dave Grabowski (KxiK))
Subject: Re: The UPS clipboard
Organization: New Jersey Institute of Technology, Newark, N.J.
Date: Sun, 20 Dec 1992 07:22:50 GMT
In article <comp-privacy1.115.3@pica.army.mil> roy@cybrspc.uucp (Roy M. Silvernail) writes:
>Consider that instead of a physical paper trail, you have valuable data
>being stored electronically. No one at UPS could tell me if that data
>was stored in the clear. The most knowledgable person I spoke to did
>not know the term 'encryption'. Given that I'm familiar with the
>company building the clipboards, if this product follows their usual
>design practices, it's implemented around an 8051 derivative processor
>and static RAM. It may, in fact, store data in EEPROM to avoid
>inadvertant power loss. Both memories' contents can be recovered by a
>skilled tech, regardless of the wishes of the host processor. Even if
>they have gone to a more powerful processor, the memory must be held
>static for the duration of the shift. The stored data are therefore
>vulnerable.
>
>Consider, also, that the signature may actually be the least valuable
>piece of information in that record. How much could you tell about a
>competitor if you had access to their UPS shipping records? In many
>cases, even the insured value of packages is recorded.
>
>No one at UPS knew of any audit trail established for the clipboards.
>The one rep told me the boards were 'dumped and cleared' at the end of
>each shift, but could not confirm that residual data was actually
>overwritten. He also didn't know if a board could be dumped more than
>once.
My roommate (who works for UPS) just told me a bit about the "DIAD"
boards. When UPS started with the boards, the printed a bunch of info
about them in the UPS newsletter. According to it, the boards are
"dumped and cleared" at the end of every shift. They're all placed in
one big matrix and are all basically read at once, and sit there until
the next shift. Once cleared, the information can NOT be "dumped" again.
BTW - Apparently, those little touch-sensitive signature pads have to
be replaced about once every two weeks.
-Dave
--
-----------------------------------------------------------------------------
Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu
9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com
------------------------------
From: Mitch Collinsworth <mkc@graphics.cornell.edu>
Subject: Re: Digital Licenses in NY State
Date: 21 Dec 1992 11:54:07 -0500
Organization: Cornell University Program of Computer Graphics
In <comp-privacy1.113.6@pica.army.mil> James Hess <jhess@orion.oac.uci.edu> writes:
>In article <comp-privacy1.109.1@pica.army.mil> Mitch Collinsworth <mkc@graphics.cornell.edu> writes:
>>But then a few days later I walked into the polling place for the
>>primary election and was presented with a new form of sign-in book in
>>which I was instructed to sign below my name. The book was clearly the
>>output of a laser printer. My name appeared twice, once in type and
>>once in a pixel reproduction of my signature. I decided it was already
>>too late...
>>Needless to say, I voted for the candidate who said we need to reduce
>>government rather than the one who wanted to expand it.
>Not to question your politics, but remember that Bush was director of the CIA,
>which is not noted for its concerns for privacy or legality. Ask yourself,
>which parts of government did he propose to reduce or expand? Of course,
>if you run the country off the books, through Ollie North, you can reduce
>the visible government... ;-)
Not to question your intelligence, but I didn't say which party I belong
to. I also don't recall there being a Republican primary for presidential
candidates in New York State. What makes you think I was referring to
Bush?
-Mitch Collinsworth
mitch@graphics.cornell.edu
------------------------------
From: Mikki Barry <ooblick@intercon.com>
Subject: Re: More on SSNs as used by VA DMV
Date: Mon, 21 Dec 1992 17:49:18 -0500
Organization: InterCon Systems Corporation
The good news is that after testimony at a VA Senate Subcommittee by Dave
Banisar of CPSR, two of us from InterCon, and many other very annoyed people,
the Subcommittee voted to draft legislation removing the SSN from the VA
Driver's license. They also are looking into setting up an "Information
Czar" to overlook electronic privacy issues.
Seems the subcommittee was very frightened by the spectre of fraud and SSN's.
They were especially amused by Banisar's recounting of a story of a fat farm
selling customer information to a chocolate factory :-)
Bottom line is, they believed that the SSN should be kept more private, and
should not be used as a default identifier.
------------------------------
From: Sharon Fisher <slf@netcom.com>
Subject: Re: Comm Week article omits PGP
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Date: Mon, 21 Dec 1992 22:41:23 GMT
oppedahl@panix.com (Carl Oppedahl) writes:
>An article in the December 14, 1992 Communications Week describes
>an encryption arrangement said to be used by "many users", namely
>using a public-key method to encrypt a DES key which is then used
>to encrypt the message.
>The article goes on at length but somehow manages to miss PGP, which
>I suspect is the most widely used software that does this.
The article I turned in included a reference to PGP; it was cut out in
the editing process, of which I am not a part.
------------------------------
From: Harry Erwin <erwin@trwacs.fp.trw.com>
Subject: Re: Schools and SSN
Organization: TRW Systems Division, Fairfax VA
Date: Mon, 21 Dec 1992 23:37:50 GMT
What is the status of aliens lacking SSNs? For example, the children of
diplomats...
???
--
Harry Erwin
Internet: erwin@trwacs.fp.trw.com
------------------------------
Date: Mon, 21 Dec 1992 20:51:27 -0800
Subject: Re: Sallie Mae and SSNs
From: David Ruggiero <osiris@halcyon.halcyon.com>
Organization: [little or none, I'm afraid]
Reply-To: David Ruggiero <osiris@halcyon.halcyon.com>
Dave Niebuhr writes:
>The problem is that Sallie Mae uses my SSN, not my daughter's, as
>the account number. I called Sallie Mae and the person on the
>other side stated that he couldn't do anything about it and that
>I should address a letter to his supervisor (naturally).
Depends on the type of student loan. If this was a "PLUS" loan, it's
actually issued to your daughter but guaranteed by you, the parent.
In this case, SallieMae having *your* SSN makes pretty good sense.
If, however, it was another kind of loan ("Stafford", "GSL", "SLS", etc.),
this isn't as easy to see. It could be that they want *your* number to
make it easier to find *her* current address if she later defaults on
the loan (parents usually being more stable and easier to trace than their
recently-graduated offspring). Just a guess....
One of my clients is a large student-loan guarantee organization - I'll
make some enquiries there and report anything interesting that's said.
------------------------------
From: "Wm. L. Ranck" <ranck@joesbar.cc.vt.edu>
Subject: Re: SSN and Schools
Date: 22 Dec 92 13:38:12 GMT
Eric Hunt (bsc835!ehunt%bsc835bsc.edu@uunet.uu.net) wrote:
:
: > Alabama recently (last 2 years) began requiring SSN's for all students
: > entering school. No SSN, no school.
:
: It was her 10th grade year. She's in the 11th now. Public School. Very pissed
: off mother, incedentally. "If the number is good for the IRS, by god it should
: be good enough for [insert principal's name]" [grin]
Our school district tried to 'require' SSN of its students a couple of
years ago. I told them no and they didn't give me a hard time. If the
school had tried to keep my kids from attending because of it I would
have been on the phone to the ACLU and any other legal aide group I
could think of. They can't deny someone an education because they
don't have a SSN. They *aren't* required you know. If you don't take
the deductions for your children off your taxes there is no law that
forces you to have the number for them. Also there must me *some*
foreign nationals enrolled who don't have SSNs.
--
*******************************************************************************
* Bill Ranck ranck@joesbar.cc.vt.edu *
* Computing Center at Virginia Tech, not Vermont ----------------------^^ *
*******************************************************************************
------------------------------
End of Computer Privacy Digest V1 #117
******************************