Date: Sat, 27 Feb 93 10:29:09 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#021
Computer Privacy Digest Sat, 27 Feb 93 Volume 2 : Issue: 021
Today's Topics: Moderator: Dennis G. Rears
Re: Digitizing signatures for credit card purchases
Re: Digitized Signatures
Digitized Voting Records
Police Intelligence Files
Re: Privacy of Police Reports
Mass electronic scanning of UK international telexes from London
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 25 Feb 93 18:30:46 -0800
From: "Glenn S. Tenney" <tenney@netcom.com>
Subject: Re: Digitizing signatures for credit card purchases
wicklund@intellistor.com says:
>Many stores are going to non-computerized forms of this -- they print
>you a receipt, then print a second receipt which you sign and they
>keep. You don't have a receipt with your signature.
Actually, just like simple contracts, you are given a copy for your
signature. The copy you have, is the exact same as the copy they have. It
is up to them to have your signature on their copy, just as it would be up
to you to have THEIR signature on a credit voucher. You would be amazed at
how many stores want ME to sign the credit voucher when I return something.
I have to tell them that THEY have to sign it, since they are giving me
money -- yes, the store does have to authorize the credit just as you have
to authorize the charge.
>Since I doubt the store physically sends the signed receipt to the
>bank, your bank also doesn't have a signed receipt unless they get it
>from the store, which will have a hard time finding a particular
>receipt out of the hundreds for a certain day.
But the store must do just that if you dispute the bill.
>True, this will be simpler -- though for systems like the one
>originally described I'm not too worried -- I doubt it has a built in
>ability to patch an arbitrary signature on an arbitrary receipt.
Well, I haven't audited their system, have you? Well, neither has Visa
International -- a reasonable assumption, since Visa says a merchant can
use ANY system they choose.
Let's not get into arguing whether a paper slip with signature can be
forged or not. We agree that it can. The difference is that with the well
established system (based on contract law I would assume) of both you and
the merchant having the same receipts, theirs with a signature and yours
for you to sign, there is an audit trail.
You might trust The Gap, but if Joe's Midnight Auto Parts used such a
system would you trust them? If you use a paper credit card slip at Joe's,
it is much easier to determine if a forgery has been committed, and it is
easier to "trust" Joe's.
Perhaps, my greatest concern is the utter lack of controls or regulation on
these systems. There are rules governing the banks and credit card
companies, but when the credit card companies start allowing merchants to
devise their own systems, I am VERY worried.
>I wonder how important the signature is. Many companies operate mail
>order by taking phone orders. These companies never get a signature
>from the purchaser, yet I haven't heard of either massive abuse of
>credit card numbers (there are some, but it's not industry wide).
>Hotels also routinely take card numbers for guaranteed reservations
>and I assume they sometimes run the charges through.
Then you may not been keeping up with the news... :-) Credit card fraud
of mail order companies is happening on a massive scale. The companies are
not defrauding the people, the companies are being defrauded by the use of
stolen cards. They do not have your signature, but they get your address,
verify the number and address from one of many firms, and then ship to that
address -- all in an effort to hold down fraud.
---
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
Voice: (415) 574-3420 Fax: (415) 574-0546
------------------------------
Subject: Re: Digitized Signatures
Date: Fri, 26 Feb 93 0:44:01 EST
From: Alex Batyi <bud@rescon.uucp>
I remember the first time I was faced with a digital signing board.
United Parcel Service showed up with one one day and instead of the
usual "Sign at 42.", he handed my the new gadget and asked me to
sign it. At first I wouldn't do it. I had the same reservations
that started this discussion. I had to think fast since this guy
is trained to do his paperwork at a fast trot on the way up to the
building. I didn't want my signature in a file but I wanted my goods.
After a few words with the U.P.S. man I remembered that a signature
is more than a two dimensional shape. Don't they have to get an
analyst who looks at the way the pen distorts the paper fibers
and the different pressures and speeds with which the pen travels
over the paper and such? I can see that the new method might have
varying widths as the pressure changed but I can't see them getting
as much info from the digital pad as they would from the pen and
paper method. I told the guy that I would sign it but that I didn't
see how they could use it for anything legal. Half the time I just
make a bunch of loops on the page anyway. I imagine the legalities
of the digital signature were thoroughly examined before they invested
any capital in the device but I also imagine that if it saved them
enough time, space and processing steps that they would dismiss any
negative legal hangups if the chances of them costing the company
money were small enough. Usually when there is a question about
a parcel, the deciphered name given over the phone is enough to
satisfy the customer as to who received the package. I doubt they
can use the same method to get a signature on a contract or other
legal document. There just doesn't seem to be enough data recorded
in the electronic pad to make it a legal signature.
--
AJB N3JQB +1 215 785 6644 UUCP:rescon!bud
Quote:"If you lose your memory, forget it!" bud@pacs.pha.pa.us
Proverb:"The sooner you get behind, the longer you have to catch up."
------------------------------
Date: Fri, 26 Feb 1993 8:00:11 -0500 (EST)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Digitized Voting Records
There have been discussions about digitizing signatures on
drivers liscenses and UPS receipts; I'm now going to address
that in another area: voting.
Suffolk County, New York, is going to digitized voting records which
will be used when a person votes in an election. This process
reduces the massive books that contain voter registration cards
in every election district in the county.
The current records for each registered voter in each election
district are kept in 11x14x3 (or larger in depth) books which
are very clumsy to handle to say the least (I'm an election
inspector on a part-time basis).
Now they will be in 8x11 books which will contain all of the
necessary information such as: full name, current address,
citizenship (if not born in the US, then proof of naturalization),
signatures obtained each time a voter voted, party affiliation,
inspector's initials, etc. Note that I didn't mention SSNs;
that portion was done away with because of a lawsuit, I think.
According to election officials, a test was made in the smaller
half of the county (population by geographical location; if anyone
wants a description of that, e-mail me) during the 1992 general
election and was successful. Full implementation will occur in
the 1993 general election (I'm talking about New York).
They also hope to reduce the number of voters who have to vote
by affidavit (insist that they are a registered voter in a district
but the voter registration card is missing; most of these instances
are the voter not remembering the correct election district).
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: KitchenRN@ssd0.laafb.af.mil
Subject: Police Intelligence Files
Date: Fri, 26 Feb 93 09:01:00
The Los Angeles Times this morning (Feb 26) had a big front-page article
about a scandal that is rocking the San Francisco Police Department.
Apparently, the SFPD had an intelligence unit that kept track of "potential
troublemakers." As far as I know, this unit still exists. Anyway,
information from their files was leaked to the Jewish Defense League, which
sent it on to Israeli intelligence. In addition, the information also made
it into the hands of South African intelligence. An SFPD officer has been
accused of leaking this data.
The article also said that the Los Angeles Police Department and the San
Francisco Police Department were sharing intelligence information, and some
of the data from the LAPD also was included in this leaked information. This
is all very interesting, because, even with a new police chief, the LAPD
continues to insist that it has never had an intelligence unit.
All of the data involved people who were never convicted of any crimes. Such
targets as Arab-American groups and skinhead groups were infiltrated in order
to obtain this information.
Rick Kitchen
kitchenrn@ssd0.laafb.af.mil
------------------------------
Date: Fri, 26 Feb 93 15:06:51 -0600
From: Jonathan Thornburg <jonathan@hermes.chpc.utexas.edu>
Subject: Re: Privacy of Police Reports
The references in chapter 4 of
"Your Right to Privacy:
A Basic Guide to Legal Rights in an Information Society"
% "An American Civil Liberties Union Handbook"
2nd Edition
Evan Hendricks, Trudy Hayden, and Jack D. Novik
Southern Illinois University Press, 1980,
ISBN 0-8093-1632-3
discuss the question of "public" access to police blotter information
in some detail.
- Jonathan Thornburg
<jonathan@hermes.chpc.utexas.edu> or <jonathan@einstein.ph.utexas.edu>
[until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity
and [until ~Apr/93] U of British Columbia / {Astronomy,Physics}
------------------------------
Date: Fri, 26 Feb 93 17:30:55
From: James Faircliffe <I_USERID_4@prime1.central-lancashire.ac.uk>
Subject: Mass electronic scanning of UK international telexes from London
A few months ago, a well-respected British TV documentary show (might have
been 'World in Action') discovered that all out-going telexes from the Uk were
electronically scanned by British Telecom (the main phone company) personnel,
supervised by the security services. Direct scanning by the security services
would have been illegal. They were looking for words like 'terrorist' &
'bomb', but the civil liberties implications are far-reaching. Obviously,
this could affect the privacy of American telexes to the U.K.
J.F. Faircliffe.
i_userid_4@uk.ac.uclan.p1
------------------------------
End of Computer Privacy Digest V2 #021
******************************