Date:       Wed, 17 Feb 93 13:57:24 EST
Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>
To:         Comp-privacy@PICA.ARMY.MIL
Subject:    Computer Privacy Digest V2#017

Computer Privacy Digest Wed, 17 Feb 93              Volume 2 : Issue: 017

Today's Topics:				Moderator: Dennis G. Rears

            Digitizing signatures for credit card purchases
                        Re: SSN as a red herring
                   Username, real names, and privacy
                 privacy in communication technologies
                                privacy

   The Computer Privacy Digest is a forum for discussion on the
  effect of technology on privacy.  The digest is moderated and
  gatewayed into the USENET newsgroup comp.society.privacy
  (Moderated).  Submissions should be sent to
  comp-privacy@pica.army.mil and administrative requests to
  comp-privacy-request@pica.army.mil.
   Back issues are available via anonymous ftp on ftp.pica.army.mil
  [129.139.160.133].
----------------------------------------------------------------------

Date: Thu, 11 Feb 93 16:33:24 -0800
From: "Glenn S. Tenney" <tenney@netcom.com>
Subject: Digitizing signatures for credit card purchases

If you thought that signing for a package onto a notebook computer was bad,
you ain't seen nothing yet...

My wife just told me that The Gap (a large clothing store chain) store near
to us has a new computerized system.  When making a credit card purchase
with a Visa card, she had to "sign" on a digitizing tablet.  Then, they
printed out her receipt just like a cash register receipt with our credit
card number on it, but no signature.

I called BankAmericard who bounced me around and then they bounced me to
the 1-800-VISA-911 line.  I finally called the Visa International main
office which is nearby and their customer relations person told me:  If I
didn't like that system, it was my choice to not buy from that merchant --
but the merchant can use any system they want.  She said that there was no
need to give me a receipt with my signature on it, since I could request
one from my bank.

When I sign for packages, I just print my name.  For this, I might do the
same if push came to shove, but I do *NOT* like the idea of some store
having my signature actually "on-file" digitally!


---
Glenn Tenney
tenney@netcom.com            Amateur radio: AA6ER
Voice: (415) 574-3420        Fax: (415) 574-0546


------------------------------

Subject: Re: SSN as a red herring
From:	Brian Pirie <brian@bpecomm.ocunix.on.ca>
Date:	Sun, 14 Feb 1993 07:38:41 -0500
Organization: BP ECOMM Systems, Ottawa, Ontario, Canada

p-hurley1@tamu.edu (Philip Hurley) writes:

> I have considered the ramifications of writing a virus program (I don't know 
> how and never have) that will delete any reference it finds with my name in 
> it.
> 
> I figure, the worst that can happen is that my bank "forgets" who I am. I 
> might be willing to deal with the hassle of correcting such an error face-to-
> face with my bank in exchange for knowing that other data bases will also "
> forget" who I am.

This would not work, and it would lead the authorities right to your
doorstep. First of all, the chances of such a virus infiltrating a
system such as your bank's computer is next to nil. Their security will
be good enough that they simply wouldn't allow a virus to get into the
system. Secondly, such a virus that operated on one hardware/software
platform would most likely not function on others. You would have to
write a different virus for every hardware/software platform that might
be used for maintaining some database that includes your name.

Also, even if it were possible to write such a virus, you would have the
FBI or CIA (or whatever is the relavent authority in your country)
knocking on your door, probably before your virus has had a chance to do
any damage. Regardless of how sophisticated an encryption scheme is
used by the virus program, if it is written specifically delete every
occurance of your name, it wouldn't take them long to find the Philip
Hurley who wrote the virus.

--
Brian Pirie, brian@bpecomm.ocunix.on.ca (Ottawa, Ontario, Canada)
PGP 2 key available upon request

------------------------------

From: ae@ac.dal.ca
Subject: Username, real names, and privacy
Date: 16 Feb 93 19:09:03 -0400
Organization: Dalhousie University, Halifax, Nova Scotia, Canada

  I'd like to get some comments on the following issue.  We have a facility,
called "FIND", on our main academic computer system where users can
voluntarily put information about themselves, including their name.  They are
informed about the existence and purpose of FIND (primarily promoting good
communication among users) the first time they login.  No one is required to
have a FIND listing but most people do.
  It has been the practice that if someone enquires about the name of the
owner of a username, and that username is not listed in FIND, we will not give
out the person's name in order to protect their privacy.  After an incident
where we would not release the owner's name to a user who complained about an
e-mail message from a username not listed in FIND, it has been suggested that
we change our policy and provide a public username to real name correspondence
for all usernames. 
  In this case we were protecting the privacy of a person who had obviously
violated the university's "Responsible Computing" policy.  If the complainer
had wanted (or rather, not asked that we refrain from doing so) we would have
got in touch with the offender and asked for a change in behaviour, but we
would not reveal the identity of that person. 
  The policy change is directed against people who abuse the anonymity we make
possible (users may have any username of two to eight letters and digits
within reasonable limits).  Should it be a condition of getting a computer
username that the owner's real name be public?  Of course it is well known
that e-mail can be forged so that the identity of the sender is not, at the
very least, immediately apparent.  I'd be interested to know what formal
policies other universities have in this area (I hope for some Canadian
responses).

Aidan Evans (AE@AC.Dal.CA), Computer Facilities & Operations, 
University Computing & Information Services, Dalhousie University, 
Halifax, N.S., Canada, B3H 4H8

------------------------------

From: Deborah Parker <parker3@uxa.cso.uiuc.edu>
Subject: privacy in communication technologies
Date: Wed, 17 Feb 1993 04:04:20 GMT
Organization: University of Illinois

I am looking for information concerning privacy/security in communication
technologies, especially concerning caller identification, electronic
mail, and cellular communication.  I am also interested in the regulation
of communication technologies under the Federal Communication Commission.
 I am working on a project at the University of Illinois-Urbana/Champaign
and would appreciate any information available.  Thanks!  Deb Parker

------------------------------

From: Thomas Chen <tchen@hns.com>
Subject: privacy
Organization: Hughes Network Systems Inc.
Date: Tue, 16 Feb 1993 20:23:17 GMT


well, with the advancement of technology in moderm society,
privacy is something we will have to give up eventually.
when we move to a society where there is no more money but
just a card, everything we do, everything we spend are logged
somewhere.  but what is the big deal???  as of now, if you
have a mobile phone, the cellular company knows where you 
are (within a cell), when you shop in department stores with
your credit cards, they compile your shopping habit profile,
when you subscribe a magazine, you are automatically 
categorized into a group.  what we are doing is exchange part
of our personal information for a lot of other people's information.
 


 Tom

    As the people here grow colder
        I turn to my computer
    and spend my evenings with it
        like a friend
    I was loading a new program
        I had ordered from a magazine
    "Are you lonely, are you lost?
        This voice console is a must"
    I press EXECUTE

    Well, I've never felt such pleasure
        Nothing else seemed to matter
    I neglected my bodily needs
        I did not eat, I did not sleep
    The intensity increasing
        'Til my family found me and intervened
    But I was lonely, I was lost
        Without my little black box
    I pick up the phone and go EXECUTE

                --- Kate Bush, "Deeper Understanding"






------------------------------


End of Computer Privacy Digest V2 #017
******************************