Date: Thu, 19 Aug 93 16:37:52 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#017
Computer Privacy Digest Thu, 19 Aug 93 Volume 3 : Issue: 017
Today's Topics: Moderator: Dennis G. Rears
Trusted source for PGP keys
Re: License Photo Images
Re: License Photo Images
Re: Enhanced Driver's License
Re: Digital Cellular - was Re: First Person broadcast on privacy
Terminal Compromise (was: About Terminal Compression)
-----
Re: Beepers restrict or give freedom
Sharing government databases
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Marcos Javier Polanco <shiva@vega.stanford.edu>
Subject: Trusted source for PGP keys
Date: 15 Aug 93 18:11:54 GMT
Organization: Stanford University
Sorry if this is in a FAQ, but is there some trusted entity in the
internet which publishes the public keys of individuals using PGP?
Thanks.
-marcos j. polanco
-shiva@vega.stanford.edu
------------------------------
From: John Kennedy <warlock@csuchico.edu>
Subject: Re: License Photo Images
Date: 16 Aug 1993 00:04:32 GMT
Organization: California State University, Chico
In article <CBpJML.Fn2@trystero.com>, Quagga <quagga@trystero.com> wrote:
--> Do states have a right to retain an image of you when you get your
--> Driver's License? My sister recently got hers renewed and was sure
--> that the image was digitized.
In CA, I _know_ mine was digitized, as well as my fingerprint.
I've heard that the image is kept, although there are some restrictions
on what information the DMV can release (although I haven't heard them
applied to the pictures... more for the SS#).
I suspect that the images are at least forwarded down to the "primary"
DMV where the new driver's licenses (at least for CA) are made.
--
Windows/NT - From the people who brought you EDLIN
------------------------------
Date: Mon, 16 Aug 93 12:41:46 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: License Photo Images
The use of digitized pictures protects against alteration of driver's licence
card if they are stolen and allows them to be authenticated quickly.
BC uses this kind of system for some kinds of ID, eg Ministry of Social
Service(formerly welfare) staff, but not clients(recipients). The point
is that the strip on the back can be quickly scanned and used to bring
up a recorded picture to match against the picture on the card. Seeing
someone's picture on something that looks like a valid ID card is no
guarantee that it is a valid ID unless it is authenticated in some way.
Don't California and some other states already require drivers to
give finger print impressions? This seems like a relatively minor issue
compared to that.
With workstations in police cars this can now be used to check on people
who say that they have "lost" or left their card at home, without having
to eat up a lot of time taking them down to a station. A man here in
Victoria successfully used this line to impersonate someone else for
about 5 or 6 stops until he got caught is a speed trap and the police
overheard a friend of his asking why he had used someone else's name and
address.
A woman in vancover had her life turned into a nightmare after a young
man who walked into her place of work distracted her, took her ID and
credit cards and disappeared. Her credit cards had been rung up past
her credit limit by the time she finished work and reported them stolen.
Her driver's license was altered with the photo of a younger woman and
used for over a year to purchase cars, open phoney credit accounts, and
to buy cars and insurance with rubber checks. The victim was arrested several
times and had to deal with (private sector)sheriffs trying to seize her own
car at her home at least once, as well as having to explain a never ending
series of police and collection agency visits to her neighbours before the
impersonator was arrested.
In a previous article, quagga@trystero.com (Quagga) says:
>Do states have a right to retain an image of you when you get your
>Driver's License? My sister recently got hers renewed and was sure
>that the image was digitized.
>
>The state's logic is probably:
>"Oh goodie we can use this for identification and forward your
> picture to the police if necessary."
>
>My logic is probably:
>"Mind yer own business!"
>
>Any thoughts?
>
>equus quagga.
>quagga@trystero.com
>"But you can call me Cheryl.."
> \o/ "Ich habe festgestellt, das es N I C H T S gibt, was Deine
> (( Aufmerksamkeit schneller und vollstaendiger fesselt, als ein
> \\ sich nicht oeffender Fallschirm!" -moi. =)
>
------------------------------
Date: Wed, 18 Aug 93 02:48 GMT
From: Christopher Zguris <0004854540@mcimail.com>
Subject: Re: Enhanced Driver's License
This may be a little off-topic, but I just got my New York non-drivers
photo ID (I don't drive, so I never had the need until recently when
everyone seems to want photo ID for credit card purchases) and on the
back it has a bar code and a magnetic strip. Friends drivers licenses
don't have these, but their licenses haven't been renewed so maybe NY
is in the process of phasing this in (I got my ID from the DMV, so it's
the same card). I was wondering what this is for? I've seen reports of
our local police and traffic cops using computers to write tickets
instead of hand-writing them. Do other states use the bar code/mag
strip to directly tie into the DMV? I know the NY DMV lags behind the
rest of the country, so what other applications are these things being
used for (they would put the bar code & mag strip there for no
reason)?
Christopher Zguris
CZGURIS@MCIMail.com
------------------------------
Date: Wed, 18 Aug 93 02:49 GMT
From: Christopher Zguris <0004854540@mcimail.com>
Subject: Re: Digital Cellular - was Re: First Person broadcast on privacy
I wrote:
> Or are the bulk of the eavesdroppers out there using
> hacked cellular phones that would automatically follow the freq. shifts
> to provide continuous coverage like the real phone?
In Computer Privacy Digest V3#015 Brinton Cooper <abc@arl.army.mil>
responded, in part:
>Cellular phones generally don't do spread spectrum, so hacking them is
>as much work (see above) as hacking any radio receiver to do the job.
>
Somehow I missed the fact that cellular AND cordless were being discussed,
I thought we were just talking about cellular. I seem to remember messages
in TELECOM DIGEST about cellular phones being receivers and if they are
hacked/modified/programmed with another cell phones ID they will follow
whatever is happening with the legit phone, moving from freq to freq.
From what has been said, I am assuming this would be impossible with a
protected/encrypted ESN since it would be difficult to find it by monitoring
other cell phones.
Christopher Zguris
CZGURIS@MCIMail.com
------------------------------
Date: Wed, 18 Aug 1993 13:01:49 -0400 (EDT)
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Reply-To: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Terminal Compromise (was: About Terminal Compression)
-----
As pointed out by someone who read my message reviewing the book,
it's name is 'Terminal Compromise' not 'Terminal Compression'. From
the announcement of the book:
THE WORLD'S FIRST NOVEL-ON-THE-NET (tm) SHAREWARE!!!
By Inter.Pact Press
"TERMINAL COMPROMISE"
by Winn Schwartau
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
Nothing is as inevitable as a mistake whose time has come.
------------------------------
From: Scott Coleman <genghis@ilces.ag.uiuc.edu>
Subject: Re: Beepers restrict or give freedom
Date: Wed, 18 Aug 1993 16:03:24 GMT
Organization: University of Illinois at Urbana
My pager gives me freedom. I have a computerized voice mail setup at
home which will page me whenever an incoming message is taken. I can
then phone home and retrieve my messages and, if I wish, call the party
back. The beauty of this system is that nobody need know I have the
pager; from outward appearances, they're just leaving a message on an
answering machine (and possibly receiving a very quick call-back). If
the message is not important, I can ignore it/deal with it later. Thus,
I get all the benfits of being always reachable without the drawbacks of
having to give a pager number to everybody (or having those people know
that I have a pager and thus expect immediate reponses).
--
Scott Coleman, President ASRE (American Society of Reverse Engineers)
tmkk@uiuc.edu
Q: What's the difference between Jurassic Park and IBM?
A: One is a complex and expensive theme park, filled with dinosaurs and
unreliable equipment -- and the other is a Steven Spielberg movie...
Q: What's the similarity?
A: They both have clones.
------------------------------
From: Phil Karn <karn%unix.ka9q.ampr.org.qualcomm.com@PICA.ARMY.MIL>
Subject: Sharing government databases
Reply-To: karn@qualcomm.com
Organization: Qualcomm, Inc
Date: Wed, 18 Aug 1993 18:44:28 GMT
With all the talk about the risks of governments sharing or
cross-correlating separate databases, I thought I'd describe one case
where I erroneously assumed to my detriment that the government *was*
correlating its databases.
When I bought a house in San Diego a year ago, I dutifully notified
the DMV of my new mailing address by filling out a change-of-address
form for my drivers' license. Silly me foolishly assumed that by doing
so, all of the DMV's records (specifically vehicle registration) would
be similarly updated. After all, it's the same state agency, and they
even share the same large room in the local DMV office.
Not so. Recently I noticed the "AUG" on my license plate, and suddenly
realized that I hadn't gotten a renewal notification in the mail.
Worse still, I checked my registration and discovered that it lapsed 9
days earlier.
I immediately went to the DMV office and asked why I hadn't gotten a
renewal notification even though I had filed a change of address. The
droid behind the counter checked their records, which actually showed
that the renewal notice had been sent to my old address and returned
"unclaimed". Furthermore, they mark the notices "do not forward", so
it didn't matter that my forwarding order had long expired. I asked
why they didn't learn about my new address from my drivers' license,
and was told that "they're two separate entities". Gee, I guess I was
pretty dumb for thinking they were all part of the same California
DMV, and that they would actually make practical use of the drivers'
license number I originally put down on my registration application.
So this little screwup cost me a 40% penalty in the renewal fee. It
seems that governments are more than willing to keep their databases
rigorously separated if the practical effect is a little "revenue
enhancement"...
Hmm. 40% interest for 9 days...no doubt the state has found a way to
exempt itself from the usury laws it applies to everyone else. Of the
four state DMVs with which I've done business (Maryland, Illinois, New
Jersey and California), California is definitely the worst.
Phil
------------------------------
End of Computer Privacy Digest V3 #017
******************************