Date: Sun, 27 Mar 94 16:50:12 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#046
Computer Privacy Digest Sun, 27 Mar 94 Volume 4 : Issue: 046
Today's Topics: Moderator: Leonard P. Levine
Funny Money article in THE SCIENCES
Phone Book Pseudonyms
SSNumbers for NY driver's licenses
Groupware: is Privacy an Issue?
Re: Time Magazine on Clipper
Dutch legislators trying to pull a fast one?
Re: video privacy
Re: Time Magazine on Clipper
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 23 Mar 1994 08:40:19 -0600 (CST)
Subject: Funny Money article in THE SCIENCES
Organization: University of Wisconsin-Milwaukee
From: RISKS-LIST: RISKS-FORUM Digest Tuesday 22 March 1994 (15:68)
Mich Kabay [NCSA] <75300.3232@CompuServe.COM> writes:
In "Funny Money" (_THE SCIENCES_ 34(2):6, March/April 1994), Brian Mono
writes about counterfeiting using off-the shelf hardware and software.
Nothing very new for RISKS readers, but it's a good one-page summary of
the problem for novices. In brief:
o A report published in the autumn of 1993 by the National
Research Council warns that the U.S. government has not kept up with
technology used by amateurs to print counterfeit money.
o Scanners, computers, colour printers and colour copiers [the
distinctions among all of these devices are fading fast] tempt more
people today to print small amounts of money.
o Traditionally, counterfeiters have been few and concentrated in
a few areas such as New York City. Casual counterfeiters are the
opposite: many people over an enormous area.
o In 1991, there were about $6-$8 million of counterfeit money
detected by officials in the U.S. (only ~0.003% of the the Federal
Reserve System's yearly total of $265 billion in currency handled).
o "The dollar amount of scanned and color-copied fakes has
doubled in each of the past three years...."
o All countermeasures contemplated by the government must include
consideration of backward compatibility: money-changing machines and
business people have to be able to use both the older bills and
whatever new ones appear.
o Some recent countermeasures have had little effect; e.g., many
bills have "so-called security threads, metallic polyester strips
inscribed with USA and the denomination of the bill." Unfortunately,
"hardly anyone outside the Treasury Department is aware of their
existence."
o Proposed countermeasures include colour-shifting ink and
aliasing (a technique that tricks photographic reproduction machines
into printing a line along the intersections of sets of parallel lines
which are offset from each other at a particular angle). Holograms are
also a practical possibility to deter amateurs.
o One proposal from the NRC is that every copy machine print its
serial numbers on every copy it produces. This technology is already
in place in Xerox Corporation's "MajestiK" colour photocopiers.
However, many observers are concerned about privacy issues. Norbert S.
Baer, a member of the NRC committee, asked, "Would the Pentagon Papers
have been leaked if identification numbers were implanted on them?"
[MK thinking out loud: AI pattern recognition algorithms coupled with a
library of currency images could permit a smart copier to blank out all
attempts to photocopy money. Such a technique would drive criminal
hackers wild with the uncontrollable urge to crack the protection codes
and actually make the poor machine _print_ the currency images. So the
currency images would have to be one-way encrypted. But then the
criminal hackers would try to decrypt the images. So there would have
to be a cryptographically-sound checksum that could permit
identification but not reproduction. Comments?]
------------------------------
From: Rob Aronson <Rob.Aronson@dss.fw.gs.com>
Date: 23 Mar 1994 11:11:20 -0500
Subject: Phone Book Pseudonyms
poivre@netcom.com (poivre) writes: NYNEX/NYTel seems to be pretty
cool about identities. When i signed up for phone service, I
didn't have to give any SSN, drivers license number, etc etc. For
all I could see, I could have made up a name like John Doe, Jane
Smith, etc etc.
I had a phone line put in about six months ago and can't recall being
asked for any significant information to confirm my identity.
A friend of mine has his phone listed under a pseudonym. Apparently no
effort is made to ensure that the name which will be listed in the
directory is a real person. But New York Telephone seems to have a
weakly enforced (non-enforced??) policy that the listee must be real.
When my friend had his line installed he asked that it be listed under
his "uncle's name" and he wasn't questioned about it. However, once
when he called the business office to resolve some billing issue he let
it slip that the pseudonym was not a real person, to which the rep
replied something like "Oh no, we don't allow that. We have to get this
situation resolved, please hold". The rep put him on hold but my friend
hung up and no one has ever bothered him about it since.
-------------------------------+-------------------------------------------
| Rob Aronson | Phone:(212) 902-2207 Fax:(212) 346-3729 |
| Senior Programmer Analyst | Email: rob@fw.gs.com |
| | aronson@dockmaster.ncsc.mil |
| Goldman, Sachs & Company | raronson@aol.com |
| 85 Broad Street 85/08 | |
| New York, NY 10004 | "I am not a number, I am a free man!" |
-------------------------------+-------------------------------------------
------------------------------
From: Rob Aronson <Rob.Aronson@dss.fw.gs.com>
Date: 24 Mar 1994 15:46:58 -0500
Subject: SSNumbers for NY driver's licenses
I know there has been prior discussion on the topic of Social Security
numbers and driver's licenses, but the issue seems to be coming closer
to home for New Yorkers.
This is an excerpt of an article by David Seifman in today's (3/24/94)
New York Post. For those of you unaware, the New York City Sheriff's
Department is charged with enforcing civil laws (not criminal laws) and
the Sheriff (Phil Crimaldi) tends to be very opinionated. He's probably
going to push hard for his proposal.
-------------------------
SHERIFF SEES A SOC. SEC. SOLUTION TO SCOFFLAWS
Gaps in the law that allow brazen parking scofflaws to register
vehicles without penalty can be corrected easily, city Sheriff Philip
Crimaldi said yesterday.
"If the Social Scurity number became the motorist ID, alot of the
current loopholes would be closed," Crimaldi declared.
The Post reported yesterday that the city wrote off $1.4 million in
fines amassed by the 10 top scofflaws last year - and is unable to
collect $814,000 in tickets run up by new offenders on this year's
list.
City Transportation Department officials complain that their hands are
tied because it's the state Department of Motor Vehicles that controls
vehicle registrations.
And the DMV's computer system is designed to block the registration
only of individual plates.
That means that scofflaws can simply sell a car with numerous tickets
and register another vehicle.
DMV spokesman George Filieau said his agency is committed to cracking
down on those who take advantage of the system, but it will take time
to revamp its computer database, which has 11 million entries.
He said adding drivers' Social Security numbers "may be one of the
possible solutions to the problem" of scofflaws who hide their identity
by switching plates, addresses and even names.
Other states already use Social Security numbers to track motorists.
But Filieau said when New York was considering the system years ago,
federal regulations barred their use on the grounds of confidentialty.
[The article goes on to talk about an individual who is being sought by
the city DOT for owing about $85k in fines on 96 different
registrations]
-------------------------------+-------------------------------------------
| Rob Aronson | Phone:(212) 902-2207 Fax:(212) 346-3729 |
| Senior Programmer Analyst | Email: rob@fw.gs.com |
| | aronson@dockmaster.ncsc.mil |
| Goldman, Sachs & Company | raronson@aol.com |
| 85 Broad Street 85/08 | |
| New York, NY 10004 | "I am not a number, I am a free man!" |
-------------------------------+-------------------------------------------
------------------------------
From: Barbara Labier <BL5804A@AMERICAN.EDU>
Date: 25 Mar 1994 22:28:54 EST
Subject: Groupware: is Privacy an Issue?
Organization: The American University - University Computing Center
I'm doing research on the effects of Groupware on workers. Groupware is
an electronic conferencing software that allows team memmbers to
communicate with each other via the computer. I am most interested in
the issues of privacy and power. I am interested in the way people in
the group respond to the new challeges of Groupware. With the new
openess, workers write their thoughts in an open form which will be
available to every level in the corporation. Instead of mistakes being
used as a reason to demote or degrade aperson's performance , they will
now be seen as healthy and a sign of growth. How does this work in the
real world? Are workers comfortable with this? What about the issues of
power? Is the traditional dominance and ctrol hierarchy ready to turn
the reigns of power over to the group? The group as a result of
groupware now makes major decisions.
The group shares decision maming duties, there is a new spirit of
helpfulness and sharing of ideas and responsibilities. All the
competition between people is now directed towards making a competitive
product faster, more creative, and with more quality than the
competition in the market place. Power in now defined as the successful
development of a proudct that is compeititve created by a single group
who then becomes important. Instead of one person receiving all the
prestige and glory the group receives the accolades. More money and
more competitive productsare the siren song for corporations who will
do most anything to stay competitive in the world market. But what are
the effects on workers who now create proudcts faster? Do they feel
stressed out when worklife and homelife are merged? Is Groupware just
another manipulation by management to make workers work harder
promising them more equality in decision making and participtaion in
exchange for speeding up the developmentprocess? Groupware
hypothetically makes everyone available 24 hours a day. When do we get
to find peace of mind away from the office when the office becomes
kind of virtual reality and our cyberspace is leased by the
corporation. As Ice-Tea says "This is the real". But how do you feel
about these issues? I'd appreciate comments expecially from those of
you who are using Groupware and those people who have certain feelings
about the prospect of using it. So is Groupware Nirvana or Paranoia?
Thanks Barb
------------------------------
From: Christopher Zguris <0004854540@mcimail.com>
Date: 22 Mar 94 17:02 EST
Subject: Re: Time Magazine on Clipper
How did the NSA suddenly move into the role of "helper" of the American
citizen? When Cliff Stoll notified them about the computer "break-in's"
he found, the NSA wanted all the info he had but would offer no help
whatsoever. I've read several books on the NSA and I can't remember
them ever wanting to get involved in "protecting" anything except
themselves and other government communications. Now the NSA - an agency
with the greatest ability (if the rumors of their computing and
surveillance powers are to be believed) to crack codes - wants to
"give" us a secure code? Please. Nobody knows what sort of "bugs"
Clipper has for their benefit, but judging from what their charter and
actions charges to do it wouldn't be surprising if they could break the
code. I think the movement of the NSA into the "mainstream" (compared
to where they used to be) is amazing! Perhaps now that the cold war is
over and they're running out of evil enemies they have to look for new
"markets"?
Christopher Zguris
CZGURIS@MCIMAIL.COM
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 23 Mar 1994 15:10:27 -0600 (CST)
Subject: Dutch legislators trying to pull a fast one?
Organization: University of Wisconsin-Milwaukee
From RISKS-LIST: RISKS-FORUM Digest Tuesday 22 March 1994 (15:68)
ralph@runner.knoware.nl (Ralph) writes:
Yesterday, leading Dutch newspaper 'De Volkskrant' reported that
included intoa new bill that deals with telecommunication, is an
article that will outlaw cryptography in the Netherlands. One can apply
for a waiver but they will want to know why you want to use
cryptography, and they want your keys.
It looks like the Dutch government is trying to slip this one behind
the backs of the voters just before the elections in may. Most stunning
was that the Green party and others considered the issue 'a matter of
little importance' and were not willing to do anything about it.
Lucklily the proposal is still in draft state, which means there is
still time to get something done about it, but only if people are made
aware of the consequences of such a law.
------------------------------
From: bcn@world.std.com (Barry C Nelson)
Date: 27 Mar 1994 01:31:38 GMT
Subject: Re: video privacy
Organization: The World Public Access UNIX, Brookline, MA
BETH GIVENS 619-260-4806 <B_GIVENS@USDCSV.ACUSD.EDU> writes:
Regarding the video rental privacy law: The law protects you from
having the *titles* of videos that you rent released to others, but
not the *subjects.* Here's the wording on the back of a receipt
from the Wherehouse, a video rental and music store: [snip] The
upshot is that our video rental records are not very well
protected. Subject matter information can still be marketed.
Massachusetts legislators were so excited about this that they made it
a crime for video rental shops to keep records over 30 days, after a
transaction is "complete", and also made it a crime to give title,
category or subject records to any third party, except under 18 USC
2710 (b)(2)(c and f), if they contain the renter's name. Mass. Acts of
1993, Chapt 388. (veto overridden, Jan 4, 1994) (up to 60 days and
$1,000 for violation of keeping or disclosing records) Yes, they can
still market anonymous information.
-BCNelson [new statute to be codified as MGL c.93 2.106]
------------------------------
From: laine@MorningStar.Com (Laine Stump)
Date: 27 Mar 1994 05:22:35 GMT
Subject: Re: Time Magazine on Clipper
Organization: Morning Star Technologies, Columbus, Ohio
laine@MorningStar.Com (Laine Stump) writes: It is very possible
(some say likely) that the Clipper algorithm puts patterns into the
encrypted text which the NSA can later use to aid them in breaking
any encryption used "on top" of a Clipper-encrypted data stream.
wilhelm@lsesun6.epfl.ch (Uwe WILHELM) writes: So, the question is:
if I put another layer of encryption before the Clipper encryption
and after the Clipper decryption - is your point still valid?
me -> (my_encryption) ->
(Clipper_encryption) ->
(wire through NSA) ->
(Clipper_decryption) ->
(my_decryption) -> her/him
I can't see any chosen plaintext attack. All the NSA (or whoever)
has, is a encrypted stream of data, which is as safe as the
encryption I used.
Because of the order you've done it in, you're safe. It has been proven
that the security of a series of encryptions is at least as good as the
*first* encryption. It's when the order is reversed (the case I was
talking about) that the security of your encryption can be compromised.
I guess I should have used a different wording than "on top" (although
that was also the wording in the original post that I was replying to.
The April issue of Dr. Dobb's Journal has a few good articles on
encryption that can explain all this much better than I could ever hope
to, and point you in the right direction for sources related to the
topic.
Laine Stump
laine@morningstar.com
------------------------------
End of Computer Privacy Digest V4 #046
******************************
.