Date: Tue, 16 Mar 93 17:27:15 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#025
Computer Privacy Digest Tue, 16 Mar 93 Volume 2 : Issue: 025
Today's Topics: Moderator: Dennis G. Rears
What is passwording?
Re: Credit Card Validation
Re: Dorothy Denning's article in Comm. of ACM
Re: Credit Card Validation
Re: Social Security Numbers as ID
Employee Monitoring Systems
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: 11 Mar 1993 18:55:18 -0600 (CST)
From: "Michael A. Vitale" <vitale@athena.cas.vanderbilt.edu>
Subject: What is passwording?
Computer Privacy Digest Moderator says:
>
> Computer Privacy Digest Thu, 11 Mar 93 Volume 2 : Issue: 024
>
> >[Moderator's Note: I don't use the Diner Card Club. It's one less card
> >I have to carry around. On the other hand I have passworded all my
> >accounts (credit card, utilities, insurance, etc) that can be accessed
> >by phone. I started this after my phone and electric service was cut off
> >by someone claiming to be me. The "Mother's maiden name" is no security.
> > ._dennis ]
>
Dennis, what is passwording and how does one do it?
[Moderator's Note: It's calling up all your accounts and telling the
person you want to 'password' you account. After your account is
passworded no information can be given out unless the requestor knows the
password. ._dennis ]
------------------------------
From: Steve Johnson <johnson@trwacs.fp.trw.com>
Subject: Re: Credit Card Validation
Organization: TRW Systems Division, Fairfax VA
Date: Fri, 12 Mar 1993 09:53:15 GMT
Brinton Cooper <abc@brl.mil> writes:
[...]
> Mother's Maiden Name (My hospital asks for this one, too.)
[...]
>_Brint
>[Moderator's Note: [...] The "Mother's maiden name" is no security.
> ._dennis ]
I haven't given out my mother's mainden name yet (I agree with Dennis on
this one) and have used an "alternate" piece of information (something which
is not "public" information) instead. The folks that ask for the information
don't seem to care as long as they have something "to fill in the box".
--
------- Any views expressed are those of myself and not my employer. --------
Steven C. Johnson, WB3IRU / VK2GDS |
TRW | johnson@trwacs.fp.trw.com
FP1 / 3133 | [129.193.172.90]
------------------------------
From: "Michael T. Palmer" <m.t.palmer@larc.nasa.gov>
Subject: Re: Dorothy Denning's article in Comm. of ACM
Date: 12 Mar 1993 13:16:56 GMT
Organization: NASA Langley Research Center, Hampton, VA
In article <comp-privacy2.24.1@pica.army.mil> Carl Ellison <cme@ellisun.sw.stratus.com> writes:
>Among other things, the gov't side focuses on only 1 of 8 scenarios:
>
> variable values Denning's focus
>
> good guy: (govt, private) govt (eg., FBI saint)
> bad guy: (govt, private) private (eg., drug dealer)
> encrypter: (good guy, bad guy) bad guy
>
>If that's the only scenario you look at or give reasonable weight to, it's
>very hard to justify private crypto. So -- we need to prohibit such a
>focus from being established.
Actually, it's even simpler than that:
Federal Law Enforcement: (good guys)
Private Citizens: (bad guys)
I noticed in her "Final Thoughts" that she said "Wiretapping is used against
major drug traffickers, organized crime leaders, and terrorists."
Well! Maybe it's just me, but I thought wiretapping was used against
SUSPECTS that MAY have committed a crime. Hmmm. Now we really open
that can of worms, don't we? Because this means that private citizens
who MAY or MAY NOT have committed a crime (and all the people who talk
with them over the phone about ANY topic) will be subject to remote
monitoring by the federal government.
Kinda broadens your perspective a bit, doesn't it? Claiming that
wiretapping is only used against "bad guys" sweeps this whole issue
under the rug.
And claiming that the cost is so prohibitive that only "bad guys" that
have other evidence against them already will get the wiretaps just
won't cut it: they want a system where the cost will be so LOW that
wiretaps may become the primary means of gaining the INITIAL evidence
that "wrongdoing" has occurred.
I believe Ms. Denning to be a thoughtful and intelligent person who
has been misled into discounting the potential for a government to
abuse (either in the short or long term) the power it wields over its
citizens. She should ponder the quote of Ben Franklin that Mike
Godwin supplied, and not just brush it off. I think Ben would be
incredulous that we were even discussing giving the federal gov't
the power to monitor conversations, with only an aquiescent judge
or an intimidated service provider standing in the way.
Nor does Ms. Denning even acknowledge that new digital switching
technology has made it EASIER to get MORE information from the phone
lines (as Marc Rotenberg pointed out).
Orwell's 1984 may have been fiction, but it was social commentary
nonetheless about trends in government-citizen relationships. And NO,
Ms. Denning, our system has NOT been very successful at either preventing
or exposing abuses, at least not within a decade time-frame. Please.
Look around the blinders that you have inadvertantly placed on yourself
by accepting the FBI's paradigm. Look at the larger picture. If you
admit that it is POSSIBLE that the following situation may exist:
Federal Law Enforcement: (bad guys)
Private citizens: (good guys)
Then think about the impact the Digital Telephony Proposal will have.
What are the alternatives that may help the first situation without
being so devastative to the second? Why, as Rotenberg and Marx observe,
have no other options been discussed in a public forum?
Secrecy breeds mistrust... especially about motives.
Michael T. Palmer | "A man is crazy who writes a secret in any
m.t.palmer@larc.nasa.gov | other way than one which will conceal it
RIPEM key on server | from the vulgar." - Roger Bacon
------------------------------
From: Chris Johnston <chris@cs.uchicago.edu>
Subject: Re: Credit Card Validation
Organization: AM Investors, Chicago
Date: Fri, 12 Mar 1993 15:13:11 GMT
>[Moderator's Note: ... I have passworded all my accounts (credit
>card, utilities, insurance, etc) that can be accessed by phone. ...
>The "Mother's maiden name" is no security. ._dennis ]
Is this easy to do? A wide spread option? Are some outfits
better able to handle these requests? Any hints as to how to
easily/effectively achieve this? Is this in the FAQ?
regards,
cj
[Moderator's Note: I haven't had problems with any companies yet. I
have dealt with insurance, credit card, utility, and other companies.
._dennis ]
------------------------------
From: Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: Re: Social Security Numbers as ID
Organization: Rensselaer Polytechnic Institute, Troy, NY
Date: Fri, 12 Mar 1993 19:10:07 GMT
Apparently-To: comp-society-privacy@cis.ohio-state.edu
In article <comp-privacy2.24.4@pica.army.mil> on Tue, 9 Mar 93 16:52:25
EST, Matthew B Cravit <cravitma@student.msu.edu> writes:
> (The policeman) said that quite apart from the fact that this is not
> a good idea from a privacy standpoint (I already knew that), putting
> a SSN on articles for identification was quite useless because he
> said that the Social Security Administration will NOT release the
> name belonging to a particular SSN to any local or state law
> enforcement agency FOR ANY REASON UNDER ANY CIRCUMSTANCES. Is this
> assertion of his correct?
>
> [Moderator's Note: This is true. The few law enforcement agencies I
> have dealt with have always recommended to use you driver license
> number. Of course this was before states starting using a SSN as a
> driver license number. ._dennis ]
That's interesting, because in some (most?) places, the police want an
SSN when they arrest you. There was a local case a few years back,
where someone was charged with, approx, obstruction of governmental
administration for refusing. He beat that charge, but it probably took
some work.
Sorry, but I have no way of finding the citation. Local newspapers are
not indexed, at least accessibly to average people.
[Moderator's Note: I would follow this up to misc.legal. I do not think
it can be a criminal violation not give you one's SSN. ._dennis ]
--
---------------------
Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
------------------------------
Date: Sat, 13 Mar 93 01:06:27 EST
From: Ellen Wentz <EW6355A@american.edu>
Organization: The American University
Subject: Employee Monitoring Systems
cc: Ellen Wentz <ew6355a@american.edu>
I am currently doing research on the impacts of computer-based
monitoring systems on employee behavior. Proponents of the system
argue that it provides incentives to workers and ensures the fair
distribution of rewards. I suspect, however, that many would view this
monitoring as an invasion and would resist its implementation. I would
appreciate any comments.
------------------------------
End of Computer Privacy Digest V2 #025
******************************