Date: Wed, 03 Feb 93 17:58:23 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#013
Computer Privacy Digest Wed, 03 Feb 93 Volume 2 : Issue: 013
Today's Topics: Moderator: Dennis G. Rears
Prodigy class action suit
Computers Freedom and Privacy '93, Mar 9-12
How to contact the Clinton White House
Re: Ohio requires SSN for children to go to school?!!!?
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Sun, 6 Dec 1992 11:45:33 -0500 (EST)
From: Eugene Levine <elevine@world.std.com>
Subject: Prodigy class action suit
Attached is a text article receivedfrom a local BBS. I apologize if this is
not theway to send such material to a moderated list, and would appreciate
information about how to do this properly (I've only been using the
Internet for two months, and am still in need of nurturing advice on
netiguette.
--Gene Levine
elevine@world.std.com
[Moderator's Note: I got this a while ago. I had misfiled it. ._dennis ]
FROM: Tim Pearson Area # 39 ( 14_REC )
TO: All MSG # 9603, May-8-91 1:56am
SUBJECT: Prodigy Article
=============================================================================
* Forwarded by Tim Pearson (1:286/703) using GoldED 2.30
* Area : OZARK_NET (Ozark Net)
* From : Joel Dannelley, 1:286/730.2 (07 May 91 21:59)
* To : Tim Pearson
* Subj : Prodigy Article
=============================================================================
Heres something I found taht you might be interested in.
MORE OF A PRODIGY THAN WE THINK?
================================
By Linda Houser Rohbough
The Los Angeles County D.A's Office made known that it is considering
additional charges against Prodigy, a computer information service oper-
ated by Sears Roebuck & Co and IBM. The D.A.'s office said its investiga-
tion into Prodigy to include possible criminal and civil violations invol-
ving alleged unfair business practices and unauthorized access to com-
puters and computer data. They said a file called STAGE. DAT created by
Prodigy software to facilitate processing is the file in question and the
reason for the expanded investigation.
The L. A. County District Attorney is formally investigating PRODIGY
for deceptive trade practices. Computer users nationwide, are free to an-
nounce the fact of the investigation. Anyone can file a complaint. From
anywhere.
The address is:
District Attorney's Office
Department of Consumer Protection
Attn: RICH GOLDSTEIN, Investigator Hall of Records
Room 540320 West Temple Street
Los Angeles, CA 90012
Please, Goldstein doesn't want phone calls, he wants simple written
statements and copies (no originals) of any relevant documents attached.
He will call the individuals as needed, he doesn't want his phone ringing
off the hook, but you may call him if it is urgent at 1-213-974-3981.
PLEASE READ THIS SECTION EXTRA CAREFULLY. YOU NEED NOT BE IN CALIFORNIA
TO FILE!! THE COUNTY IS REPRESENTING THE STATE OF CALIFORNIA. This ISN'T
limited to L. A. County and complaints are welcome from ANYWHERE in the
Country or the world. The idea is investigation of specific Code Sections
and if a Nationwide Pattern is shown, all the better.
The stigma that haunts child prodigies is that they are difficult to
get along with, mischievous and occasionally, just flat dangerous, using
innocence to trick us. I wonder if that label fits Prodigy, Sears and
IBM's telecommunications network?
Those of you who read my December article know that I was tipped off
at COMDEX to look at a Prodigy file, created when Prodigy is loaded ST-
AGE.DAT. I was told I would find in that file personal information from
my hard disk unrelated to Prodigy. As you know, I did find copies of the
source code to our product FastTrack, in STAGE.DAT. The fact that they
were there at all gave me the same feeling of violation as the last time
my home was broken into by burglars.
I invite you to look at your own STAGE.DAT file, if you're a Prodigy
user, and see if you found anything suspect. Since then I have had nume-
rous calls with reports of similar finds, everything from private patient
medical information to classified government information.
The danger is Prodigy is uploading STAGE.DAT and taking a look at your
private business. Why? My guess is marketing research, which is expen-
sive through legitimate channels, and unwelcomed by you and I. The ques-
tion now is: Is it on purpose, or a mistake? One caller theorizes that
it is a bug. He looked at STAGE.DAT with a piece of software he wrote to
look at the physical location of data on the hardisk, and found that his
STAGE.DAT file allocated 950,272 bytes of disk space for storage.
Prodigy stored information about the sections viewed frequently and
the data needed to draw those screens in STAGE.DAT. Service would be
faster with information stored on the PC rather then the same information
being downloaded from Prodigy each time.
That's a viable theory because ASCII evidence of those screens shots
can be found in STAGE.DAT, along with AUTOEXEC.BAT and path information.
I am led to believe that the path and system configuration (in RAM) are
diddled with and then restored to previous settings upon exit. So the
theory goes, in allocating that disk space, Prodigy accidently includes
data left after an erasure (As you know, DOS does not wipe clean the space
that deleted files took on the hard disk, but merely marked the space as
vacant in the File Allocation Table.)
There are a couple of problems with this theory. One is that it as-
sumes that the space was all allocated at once, meaning all 950,272 bytes
were absorbed at one time. That simply isn't true. My STAGE.DAT was
250,000+ bytes after the first time I used Prodigy. The second assumption
is that Prodigy didn't want the personal information; it was getting it
accidently in uploading and downloading to and from STAGE.DAT. The E-mail
controversy with Prodigy throws doubt upon that. The E-mail controversy
started because people were finding mail they sent with comments about
Prodigy or the E-mail, especially negative ones, never arrive. Now Pro-
digy is saying they don't actually read the mail, they just have the
computer scan it for key terms, and delete those messages because they are
responsible for what happens on Prodigy.
I received a call from another user group who read our newsletter and
is very involved in telecommunications. He installed and ran Prodigy on a
freshly formatted 3.5 inch 1.44 meg disk. Sure enough, upon checking
STAGE.DAT he discovered personal data from his hard disk that could not
have been left there after an erasure. He had a very difficult time
trying to get someone at Prodigy to talk to about this.
There's a file called 'fraudigy.Zip' that I suggest all who use the
prodigy service take very seriously. The file describes how the Prodigy
service seems to scan your hard drive for personal information, dumps it
into a file in the prodigy sub-directory called 'STAGE.DAT' and while
you're waiting and waiting for that next menu come up, they're uploading
your stuff and looking at it.
Today while in Babbages's, I was talking to a friend when a gentleman
walked in, heard our discussion, and piped in that he was a columnist on
Prodigy. He said that the info found in 'fraudigy.Zip' was indeed true
and that if you read your on-line agreement closely, it says that you sign
all rights to your computer and its contents to Prodigy, IBM & Sears when
you agree to the service.
I tried the tests suggested in 'fraudigy.Zip' with a virgin 'Prodigy'
Kit. I did two installations, one to my often used hard drive partition,
and one onto a 1.2Mb floppy. On the floppy version, upon installation
(without logging on), I found that the file 'stage.Dat' contained a lis-
ting of every .Bat and setup file contained in my 'c:' drive boot direc-
tory. Using the hard drive directory of Prodigy that was set up, I
proceeded to log on. I logged on, consented to the agreement, and logged
off. Remember, this was a virgin setup kit.
After logging off I looked at 'stage.Dat' and 'cache.Dat' found in
the Prodigy subdirectory. In those files, I found pointers to personal
notes that were buried three sub-directories down on my drive, and at the
end of 'stage.Dat' was an exact image copy of my pc-desktop appointments
calender. Check it out for yourself.
I had my lawyer check his STAGE.DAT file and he found none other than
CONFIDENTIAL CLIENT INFO in it. Needless to say he is no longer a Prodigy
user.
---------------------------------------------------------------------------
Kinda interesting ain't it?
Enjoy...........
-!- LED ST 0.10
! Origin: Friends don't let Friends drive Fords! (1:286/730.2)
=============================================================================
Tim
--- GoldED 2.30
* Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703)
FROM: Tim Pearson Area # 39 ( 14_REC )
TO: All MSG # 9602, May-8-91 1:26am
SUBJECT: Prodigy Service
Hello All,
This message is going to sound too incredible to believe.
If anyone reading this echo subscribes to the "Prodigy" service, I encourage you
to look inside the file called "STAGE.DAT" in your \Prodigy sub-directory. I was
alerted to this by one of my users. You should be amazed at what you'll find. I
was. To explain:
Prodigy is a service like CompuServe and is owned by Sears. To access Prodigy,
you use their proprietary terminal software. One of the files the Prodigy
software uses is called "Stage.Dat". It is quite large and is supposed to be
used to store prodigy menus, text, and other information so as to actually place
part of the prodigy service on your computer's hard drive. When you are just
sitting there reading a prodigy menu, the software sends and receives data from
and to the STAGE.DAT file as a background process. If you have an external
modem, watch the lights when you're not doing anything. You'll see that data is
still being exchanged.
Now to the incredible part...
When I examined my "Stage.Dat" file with Norton, I found all kinds of
information in there that the prodigy "terminal" software had gleaned from
dozens, if not hundreds, of other files on my system's hard drive. Examples
include:
- Text from private FidoNet netmail messages
- A portion of the FidoNet nodelist
- Eddie Seasholtz's name (NC 284).
- AreaFix and Session passwords from my D'Bridge config file.
- Routing information from my D'Bridge config file.
- The name of almost every .BAT file on my computer
The clear implication is that Prodigy is capturing and uploading information
from its users' computers. I have no proof that the prodigy terminal software
acutally transmitted any of this information to the prodigy host. However, if
it were not to be transmitted then why in the heck did they include obviously
sophisticated code in the program to glean this information from my hard drive
and place it in their STAGE.DAT file?
The algorythm they use seems to like "D'Bridge", as well as the words "Control",
"Password", "Config", and anything preceeded or followed or enclosed in
asterisks or dashes.
Needless to say, I'll no longer be running the Prodigy.Exe terminal program. I
would encourage any of you who use Prodigy to examine your own STAGE.DAT file.
You may be horrified at what you find. You'll need to be patient. My Stage.Dat
file was over 900K and most of the interesting stuff was near the end of the
file. I'd be interested to hear from anyone who makes similar discoveries.
Perhaps, if we can show that they've violated FidoNet's copyright, some legal
action might be indicated.
Take care...
Tim
P.S. Feel free to forward this message to your own local sysop echoes if you so
desire.
--- GoldED 2.30
* Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703)
ysop echoes if you so
desire.
--- GoldED 2.30
* Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703
--1073741863-647511930-723660492:#29363--
------------------------------
From: Al <al@netcom.com>
Subject: Computers Freedom and Privacy '93, Mar 9-12
Date: 28 Jan 93 16:10:49 GMT
CFP'93
The Third Conference on Computers, Freedom and Privacy
9-12 March 1993
San Francisco Airport Marriott Hotel, Burlingame, CA
The CFP'93 will assemble experts, advocates and interested
people from a broad spectrum of disciplines and backgrounds in
a balanced public forum to address the impact of computer and
telecommunications technologies on freedom and privacy in society.
Participants will include people from the fields of computer
science, law, business, research, information, library science,
health, public policy, government, law enforcement, public
advocacy and many others. Some of the topics in the wide-ranging
CFP'93 program will include:
ELECTRONIC DEMOCRACY - looking at how computers and networks
are changing democratic institutions and processes.
ELECTRONIC VOTING - addressing the security, reliability,
practicality and legality of automated vote tallying systems
and their increasing use.
CENSORSHIP AND FREE SPEECH ON THE NET - discussing the
problems of maintaining freedom of electronic speech across
communities and cultures.
PORTRAIT OF THE ARTIST ON THE NET - probing the problems and
potential of new forms of artistic expression enabled by
computers and networks.
DIGITAL TELEPHONY AND CRYPTOGRAPHY - debating the ability of
technology to protect the privacy of personal communications
versus the needs of law enforcement and government agencies
to tap in.
HEALTH RECORDS AND CONFIDENTIALITY - examining the threats to
the privacy of medical records as health care reform moves
towards increasing automation.
THE MANY FACES OF PRIVACY - evaluating the benefits and costs
of the use of personal information by business and
government.
THE DIGITAL INDIVIDUAL - exploring the increasing
capabilities of technology to track and profile us.
GENDER ISSUES IN COMPUTING AND TELECOMMUNICATIONS - reviewing
the issues surrounding gender and online interaction.
THE HAND THAT WIELDS THE GAVEL - a moot court dealing with
legal liability, responsibility, security and ethics of
computer and network use.
THE POWER, POLITICS AND PROMISE OF INTERNETWORKING - covering
the development of networking infrastructures, domestically
and worldwide.
INTERNATIONAL DATA FLOW - analyzing the issues in the flow
of information over the global matrix of computer networks
and attempts to regulate it.
The conference will also offer a number of in-depth tutorials
on subjects including:
* Information use in the private sector
* Constitutional law and civil liberties
* Investigating telecom fraud
* Practical data inferencing
* Privacy in the public and private workplace
* Legal issues for sysops
* Access to government information
* Navigating the Internet
INFORMATION
For more information on the CFP'93 program and advance
registration call, write or email to:
CFP'93 INFORMATION
2210 SIXTH STREET
BERKELEY, CA 94710
(510) 845-1350
cfp93@well.sf.ca.us
A complete electronic version of the conference brochure
with more detailed descriptions of the sessions, tutorials,
and registration information is also available via anonymous
ftp from sail.stanford.edu in the file: /pub/les/cfp-93
or from sunnyside.com in the file: /cfp93/cfp93-brochure
or via email from listserv@sunnyside.com by sending mail
with this text: GET CFP93 CFP93-BROCHURE
[Moderator's Note: This has appeared once before. I figured I would
give it more shot. ._dennis ]
------------------------------
From: Bruce Schneier <schneier@chinet.chi.il.us>
Subject: How to contact the Clinton White House
Organization: Chinet - Public Access UNIX
Date: Fri, 29 Jan 1993 20:32:42 GMT
The White House is on-line. Send mail to them at:
75300.3115@Compuserve.COM
Bruce
****************************************************************************
* Bruce Schneier
* Counterpane Systems For a good prime, call 391581 * 2^216193 - 1
* schneier@chinet.chi.il.us
****************************************************************************
------------------------------
From: Dave Andrews <bilver!dandrews@peora.sdc.ccur.com>
Subject: Re: Ohio requires SSN for children to go to school?!!!?
Date: Sat, 30 Jan 1993 14:00:54 GMT
In article <comp-privacy2.11.11@pica.army.mil> Paul Scheidler <crpaul@sony1.sdrc.com> writes:
>
>I am informed by the school that the state of Ohio requires a SSN for the
>child to go to school. If you don't have one, they will assign you a
>temporary number until you get your official SSN. I have not fully
>investigated the actual law, but I plan on fighting this law.
>
>What are my options here? Can they deny my child an education because
>she is not numbered?
I don't see the big deal here. They asked for the SSN, you refuse, so
they make up a number for their own use. You get what you want, they
have a number to index you in their own accounting systems.
The FAA assigned me an alternate number when I got my PP license and
refused my SSN.... no big deal. My university does (um, did -- it's
been a lonnng time) the same thing.
- David Andrews
dandrews@bilver.oau.org
------------------------------
End of Computer Privacy Digest V2 #013
******************************