Date: Sun, 21 Aug 94 21:43:10 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#024
Computer Privacy Digest Sun, 21 Aug 94 Volume 5 : Issue: 024
Today's Topics: Moderator: Leonard P. Levine
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Re: Fingerprinting/Identfying Children
Multiple SSNs
Sprint Voice card and SSN
Re: SSN Dial In Database
Microsoft "Chicago" OS
Wanted: Info on Electronic Address Privacy
Privacy Issues in Telecommunications - Australia
Re: Bank of Canada opposes widespread availability of cash machines
Re: Internet White Pages
Re: Answering Machine Features
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: "Willis H. Ware" <Willis_Ware@rand.org>
Date: 12 Aug 94 15:51:14 PDT
Subject: Re: Fingerprinting/Identfying Children
Mike Fischbein <msf@nyc.ov.com> recently wrote in part as follows:
I wouldn't mind being fingerprinted; that's pretty much only useful
for positive ID purposes. I've had several (different jobs,
different agencies) high security clearances, and been
fingerprinted for each, as well as when I was active duty Navy. I
wouldn't have been upset at all about fingerprinting.
Many of us have been repeatedly fingerprinted for the same set of
reasons but all of our views and emotions about the process arise for
experience with a system based in an era of paper, and very little
automation.
Suppose that all fingerprints were in digital form, hence could readily
be transported from place to place by the ample wide band
communications coming into place, become entries in all data systems
which were concerned with identification (e.g., credit files, bank
accounts, entitlement databases), had little legal protection against
usage by private sector organizations, and were carried on smart cards
along with a lot of other personal data. In other words, suppose that
digital fingerprints became as ubiquitous as the SSN; i.e., prescribed
for some purposes (e.g., taxpayer ID), permissive for others (e.g.,
state data systems), but uncontrolled otherwise (e.g., private
sector).
What then would be Mike Fischbein's views? Or mine for that matter?
Would they change? And how?
My point. So many of our attitudes toward fingerprints, SSNs, data
bases, privacy, ....... have been shaped by our past experiences,
especially those of a largely paper world. We must be extraordinarily
cautious in extrapolating the past to the highly automated
data-intensive future, and especially we must be cautious about using
arguments that were valid for a paper world to promote or accept
attitudes and public policies for the future.
First-rate example: public records. As paper systems, they provided
important data for local access and they were not coupled to one
another. Hence, dissemination was inherently limited and controlled by
the physical attributes of the data system and the paper medium.
Today, we have rapid computerization, linking of systems, ready remote
access, sales of such material, assembly of data from individual
records into composite ones..... Public records collectively have
become a major input to dossier-level records on individuals, and are a
growing source of concern about privacy-related infractions. What we
thought about them in the past, and the laws that we created to
generate and control them may require significant alteration for the
future.
Willis H. Ware
Santa Monica, CA
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 12 Aug 94 22:57:38 EDT
Subject: Re: Fingerprinting/Identfying Children
Two thoughts. First,
JB Wood (jbwood@chemical.watstar.uwaterloo.ca) wrote:
Fingerprinting is a lot more serious and I would NEVER submit to
any gov't agency retaining my prints (voluntarily). About 8 years
ago, my mom thought it was a good idea when the police offered the
free service one weekend at the mall. They said it was to help
find missing children, but in my mind they just wanted to be able
to use future technologies to I.D. anybody by computer.
There is no problem if, as is usual, the parents retain the fingerprint
card. I had my daughter fingerprinted and held on to the cards (had
two made), just in case...
Second,
poivre@netcom.com (Poivre) wrote: I have always wondered about
fingerprinting children against kidnapping. What good does
fingerprinting do in recovering live, coherent abductees?
The fingerprints of very small children (under 5 or 6) become essential
in proving that the recovered child is in fact a particular missing
child. As Poivre pointed out, without the fingerprints, this becomes
increasingly difficult with the passage of time. With current
fingerprint technology, fingerprints of victims are computerized, and
when possible victims are located, their fingerprints can be be used to
query for possible matches. This would allow a child found on the east
coast under suspicious circumstances to be identified as a child
missing from the west coast 3 years before. No manual system could
possibly make such a match.
And unfortunately, as Poivre also pointed out, fingerprints are also
used to identify unkown corpses. It may be small consolation, but
victim parents want some resolution, even if it means finally
acknowledging that there child is gone. And positive identifications
in these cases are equally important.
------------------------------
From: nuessle@vax1.umkc.edu
Date: 12 Aug 94 22:23:05 CST
Subject: Re: Fingerprinting/Identfying Children
Organization: University of Missouri - Kansas City
JBWOOD stated: Fingerprinting is a lot more serious and I would
NEVER submit to any gov't agency retaining my prints
(voluntarily). About 8 years ago, my mom thought it was a good
idea when the police offered the free service one weekend at the
mall. They said it was to help find missing children, but in my
mind they just wanted to be able to use future technologies to I.D.
anybody by computer.
The legitimacy of child identification programs varies, but does Not
necessarily involve any government agency retaining the records. The
fingerprints, pictures, videotapes, etc. that may be created in these
programs are often given to the parents for use if they are needed,
with no copies kept by the government or any other organization.
* -.- .- ----- --.. .- .--. *
Nick Nuessle, PE * nuessle@vax1.umkc.edu * Only my viewpoints
Perpetual Student * * unless noted.
UMKC: Pushing back the Frontiers of Ignorance in the Fly-Over Zone
------------------------------
From: dunn@nlm.nih.gov (Joe Dunn)
Date: 15 Aug 94 21:55:29 GMT
Subject: Re: Fingerprinting/Identfying Children
Organization: NLM/NCBI
an64344@anon.penet.fi wrote: Then I got to a form that was titled
Fingerprint Authorization. It read similar to the following, but
this is from memory: "I voluntarily give authorization to be
fingerprinted, and give permission my fingerprints to be used in a
manner deemed necessary by <name of bank>." "I understand that I do
not have to have my fingerprints taken and this will not affect any
current or future employment with <name of bank>."
If the offer sheet you received from the bank does not put in it
conditions of employment that you must provide your fingerprints you
can not compel you to provide this information. If they refused to give
you the job based on your refusal to provide them your fingerprints
than you have the right to sue them for wrongful termination. If
presented with a situation like this again, sign your name, but
annotate that you are being compelled under threat of job loss and
state the name of the person forcing you to sign. You are leaving
yourself open in the event a problem occurs in t the future, legally.
That form will be used against you in court, if necessary, and your
signature will be the only thing the jury sees. Whoever the bozo was
who forced you to sign it will swear up and down that you were in no
way coerced into signing. They rely very heavily on your caving in
under threat of losing you job, who wouldn't? You showed a lot of
fortitude standing up to them as much as you did, as the guy said, most
sheeople just go ahead an sign it...
------------------------------
From: bsmart@bsmart.tti.com (Bob Smart)
Date: 16 Aug 1994 00:04:57 GMT
Subject: Re: Fingerprinting/Identfying Children
Organization: Citicorp+TTI
poivre@netcom.com (Poivre) writes: If someone could explain to me
the benefits of fingerprinting children other than what i've said
above, i'd like to hear it. Otherwise, its almost useless.
Well, I'm not sure that positive ID of a child's corpse is "almost
useless." It's not as useful as recovering a live child, but spending
the rest of your life wondering what happened to your child (or to your
sibling) has got to be painful. Also, conclusively identifying a dead
child might still help in catching the kidnapper--who might well be
about to repeat the process with some other kid. Again, not as useful
as preventing any kidnappings from happening in the first place, but
still a long way from "almost useless."
Beyond postmortem use, however, what about situations where you have
some reason to suspect that a child is with the wrong person, but you
can't quite prove it? You have reason to doubt me when I tell you that
this child is mine, you might even suspect that the child is
kidnapped...so you run the kid's prints and discover that your
intuition was correct. I might have pretty convincing stories about
the fire that destroyed our only copy of the birth certificate, the
tragic death of all the relatives who could have vouched for my being
his father...but if those prints match the prints of a child listed as
missing, no amount of tapdancing will get me off the hook.
The prints alone won't solve anything, since print matching isn't
normally done when doing things like registering for school, but if you
were suspicious of me for some other reason, having the prints or not
having them might mean the difference between getting me and not
getting me. I think that sounds pretty useful.
Works the other way, too: if my child happens to look very similar to
one who's missing, but my kid's prints don't match the missing kid's
prints, then you can stop considering me as a suspect in the other
kid's disappearance because you can be certain that the kid with me
isn't the one you're looking for.
--
A fanatic is someone who does what he knows that God would do if God
knew the facts of the case.
------------------------------
From: PHILS@RELAY.RELAY.COM (Philip H. Smith III)
Date: Tue, 16 Aug 94 07:00:08 EDT
Subject: Re: Fingerprinting/Identfying Children
poivre@netcom.com (Poivre) wrote: I have always wondered about
fingerprinting children against kidnapping.
I can think of a lot of uses for latent prints: identifying where a
child has been; identifying a child too small to identify him/herself;
identifying a wounded, unconscious child. As well as, of course, the
sad example you suggested, of a corpse. True, it doesn't *prevent*
kidnapping -- but nobody ever suggested it did.
wmccarth@t4fsa-gw.den.mmc.com (Wil McCarthy) wrote: I'm concerned
that the clerk is no longer permitted to exercise judgment of any
sort, and that the specter of underage drinking is _so_ terrible
that every shopper must be inconvenienced to prevent it. I'm also
concerned that the process is 50% automated at this point. Much
simpler if you just surrender your license at the start, yes? The
computer will give it back to you if you haven't broken any
laws...
Sure the clerk can authorize judgement: if (s)he doesn't think you're
worth carding, (s)he can hit ENTER or whatever on the register to say
"OK, I checked the stupid card". No need for you to display anything.
I'd be more concerned about clerks without brains ...
------------------------------
From: Rich24@aol.com
Date: 21 Aug 94 15:40:16 EDT
Subject: Re: Fingerprinting/Identfying Children
The past few issues have contained postings about fingerprinting,
advertising, and privacy in general. I find these conversations
interesting because they reflect a very parochial view of the world as
it exists today.
There is a price to pay for services used, and if one wants to use
those services then he/she must pay the price. The costs are more than
financial, they are also "informational." If you want the convenience
of using a credit card or a checking account, then you, by using these
services, surrender some of your privacy. If you don't want others to
know about you, your buying practices, etc., then don't use the
services. Remember, selling your information helps to pay for the
services. And no one is going to provide the service without making
some money off of it.
Finger printing children is only useful for identifying corpses. I have
yet to hear of a case where finger prints have been of any other value.
But then all the scare about children being kidnapped is greatly
overblow. There are really very few cases of true abductions by total
strangers. The vast majority of children "abducted" are really taken by
a parent involved in a custody case.
------------------------------
From: cybrland@aol.com (Cybrland)
Date: 14 Aug 1994 22:39:03 -0400
Subject: Multiple SSNs
Organization: America Online, Inc. (1-800-827-6364)
What prevents a person from going the the SS Admin and getting a 2nd,
3rd, or Nth, SSN? Is there some number that THEY match with your SSN?
------------------------------
From: dunn@nlm.nih.gov (Joe Dunn)
Date: 15 Aug 94 21:41:41 GMT
Subject: Sprint Voice card and SSN
Organization: NLM/NCBI
A little bit of a follow up to my previous posting, I don't have a
voice card because I don't believe in giving out my SSN even if it's a
good idea.
The fundimental reason that the SSN is used rather than a self
generated number is to ensure separation between two sound-alike voices
being misinterpreted. Part of the system is a user can input a list of
names to call, such as call home. The user says call home and the
system dials the pre-stored number. If it is someone who sounds like
you and go thru accidently, he would be talking to your wife, kids,
what have you. Talk about an invasion of privacy.
I don't carry my SS card, never have. I have never been approached by
someone asking for my SS card, and wouldn't give it to them anyway. So,
not concerned with someone getting my SS number to use with the system
if I used it.
One posting is the primary reason I don't use it. That is someone could
sit in an airport and write down everyone's SSN. We all know how lethal
that would be in the wrong hands.
BTW, I am very curious about the SIN in Canada. I saw that last year
that Canada also started taxing the "wealthy" recipients of SIN, along
the same lines imposed in the US. Is the SIN in as bad a shape as the
SS system? At least, that's what we're told. In order to save the SS
system this tax is necessary. You all fed the same line?? Or am I just
being conspiratorial that all these events seem to happen
simulaniously??
------------------------------
From: todd@meaddata.com (Todd Leonard)
Date: 16 Aug 1994 00:31:12 GMT
Subject: Re: SSN Dial In Database
Organization: Mead Data Central, Dayton OH
Glen Roberts (glr@ripco.com) wrote: Now, there is something new.
SSN-BASE, a public, free, interactive SSN database. It's easy to
check out. Just call from your modem (2400 baud): (708) 838-3378.
I tried this service. First, I entered a number that "looked like" a
SSN, to which it replied something to the effect of "I've never heard
of that, but I'll add it to the database". Next I tried 000-00-0000,
and then 123-45-6789, both of which were found, leading me to suspect
somebody before me had tried the same experiment.
I'm glad I didn't try a real SSN, particularly my own. Such a system
could clearly be used to collect SSNs and use them illicitly, if that
were the motive of the providers. This presents a risk similar to the
fake ATM machines used to collect PINs...
--
Todd Leonard --- todd@meaddata.com --- http://www.meaddata.com/~todd
If you see a good fight, get into it... - Vernon Johns
------------------------------
From: dpbsmith@world.std.com (Daniel P. B. Smith)
Date: 13 Aug 1994 00:04:01 GMT
Subject: Microsoft "Chicago" OS
Organization: The World Public Access UNIX, Brookline, MA
Press reports about the Microsoft "Chicago" (DOS 7.0) operating system
suggest that it will have an automated version of the traditional
marketing information reply card in it. If you have a modem, it will
encourage you to fill in an electronic on-screen form (the usual age,
job, is this for home or office, will you use it for spreadsheets or
games, etc). Apparently it will also query your system automatically
for hardware configuration. I'm sure the intent is pretty
innocuous--make it easier for people so the response rate will be
higher; don't ask the user, who may not even be sure how much RAM or
what kind of display adapter they have, when the program can just find
out for itself. It wouldn't surprise me if it presented a plug for
Microsoft's upcoming on-line service.
But the implications are kind of interesting. Seems like the Prodigy
STAGE.DAT thing, but for real. How far does it go? How far _could_ it
go? Will it tell Microsoft if you have WordPerfect loaded on your
disk, so they can send you an extra-special competitive upgrade offer?
Will it time your keystrokes and tell Microsoft whether you're a fast
typist? If you have 8 meg, will they sell your name to a RAM vendor so
they can advertise upgrades? Will it search your disk for files with a
.GIF extension and upload them to Microsoft to add to Bill Gates'
personal collection? :-)
--
Daniel P. B. Smith
dpbsmith@world.std.com
------------------------------
From: vimrich@athena.mit.edu (Vernon R Imrich)
Date: 15 Aug 1994 19:30:10 GMT
Subject: Wanted: Info on Electronic Address Privacy
Organization: Massachusetts Institute of Technology
I'm looking for information (FAQ's, sites, book reviews, personal
methods, or whatever) on how to prevent people from tracing the origin
of a person's posts. I know of (at least) one "anonymous" server
(anon.penet.fi) but their method seems merely to redirect incoming
posts to desired targets from numbered accounts. This seems pretty
unreliable (particularly if someone gets a hold of the account files
somehow) and in the case of penet.fi the posts take forever (based on a
few trial runs at least) presumably due to massive traffic. Also, I
have heard rumors lately that hackers have jeopardized the anonymity of
such systems.
I know there are other methods (forging addresses for one) but do not
know how they work, nor if they are reliable and/or ethical/legal (i.e.
I'm not interested in framing anyone with false posts, my interest is
privacy). I'd like to find any information on such methods (e.g. Can
"experts" locate where it "really" came from? or narrow it down? Can
the methods be applied from "commercial internet email providers" such
as Delphi, etc.?)
It seems to me that even with reliably encrypted transmissions, the
feds (or whoever) can still track who is contacting who. In a case
such as the AA-BBS, even if the data had been encrypted, the police
would not have been hindered. If however, the "location" of the data
source in electronic terms was hidden, greater privacy would have been
possible. Only the receiver of the data would have had to worry about
the local laws (IMHO a good side effect).
If PGP and data encryption is the electronic equivalent of an envelope
on a snail mail letter, what is the electronic equivalent of not
including a return address? Any pointers out there?
Thanks.
--------------------------------------------------------------------
| Vernon Imrich | market failure, n. The inabilty of the |
| MIT OE, Rm 5-329b | market to recover from a blow by |
| Cambridge, MA 02139 | intervention. (the Exchange) |
--------------------------------------------------------------------
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 16 Aug 94 07:44:57 EDT
Subject: Privacy Issues in Telecommunications - Australia
from the Australian Associated Press newswire (94.08.16 @ 15:32
Australian time) via CompuServe's Executive News Service (GO ENS):
Privacy Issues in Telecommunications to be Examined
By Jennifer Ezzy of AAP
"SYDNEY, Aug 16 AAP - Telecommunications regulator Austel would examine
privacy issues raised by the rise of new technological services such as
Pay TV, mobile phones and modem communications, Federal Communications
Minister, Michael Lee, announced today.
"The call for an advisory committee comes 18 months after an Austel
report recommended a volunteer co-regulatory approach to
telecommunication services yet almost three years before the 1997
deregulation deadline to allow more players into the industry."
The author provides the following key points in her article:
o The Minister spoke at a conference in Sydney entitled,
"Converging On Telecommunications: Consumers And The 1997 Review".
o `"The issues that I will ask Austel to take up as a matter of
priority are protection of customer personal information, caller
identification and telemarketing," Mr Lee told a conference in Sydney
today on changes after 1997.'
o According to Mr Lee, the Telecommunications Act prohibits
"carrier employees from disclosing customers' particulars, including
silent numbers.
o A recent trial of caller-ID in Wauchope, New South Wales was
well received.
o There is currently no law in Australia governing the use of
automatic diallers and recorded marketing messages.
o The Minister "said consumers subjected to this form of
marketing must be in a position to terminate such calls."
M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn / Carlisle, PA
------------------------------
From: skypatrl@crl.com (Albert Zhou)
Date: 20 Aug 1994 23:24:23 -0700
Subject: Re: Bank of Canada opposes widespread availability of cash machines
Organization: CRL Dialup Internet Access 415-705-6060 [login: guest]
ua602@freenet.victoria.bc.ca (Kelly Bert Manning) writes: A
document recently obtained under Canada's Access to Information act
has revealed that the Bank of Canada opposes the widespread
availability of automated bank machines(gas stations, beer stores,
drug stores, supermarkets, consumer electronics, etc.) dispensing
$20 bills because they make the canadian currency system
"inefficient".
Why can't the machine dispense $50 and $100 bills? It also helps reduce
the work load of human tellers. Many people want $100 bills when they
withdraw several hundred dollars. If the machine can dispense them,
they wouldn't probably go to the bank.
------------------------------
From: skypatrl@crl.com (Albert Zhou)
Date: 21 Aug 1994 00:06:42 -0700
Subject: Re: Internet White Pages
Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest]
jeffrey@minerva.cis.yale.edu (Jeffrey Licht) writes: I see a few
issues here: * Do people posting on Usenet know that their e-mail
addresses are being recorded? (I doubt it.)
I know it, but I am not particularly worried. What can one do with an
e-mail address? Sending junk mails? They are much easier to dispose
than paper junk mails. Try to stalk me? Haha..
* Would more people post anonymously if they knew this? > * Does
anyone have the right to publish this information about me. for
personal gain, without contacting me first? This is currently done
all the time with (snail) mailing lists - is it appropriate for the
Internet?
Well, it's just like phone company publishing your name, number and
address. You can opt yourself out of phone book by paying $2.00 per
month extra. What a good revenue source! If I were to publish this
book, I'd put a message on the front page: "Don't want to be listed
here? Send us $2.00".
------------------------------
From: rerodd@unity.ncsu.edu (Richard Roda)
Date: 21 Aug 1994 02:19:26 GMT
Subject: Re: Answering Machine Features
Organization: North Carolina State University
Just my $0.02 worth: I bought an answering machine at the flea market
a few years that does not have ANY remote features. Its a simple,
no-frills two-tape machine, and its old. Perhaps at yard sales, flea
markets, etc, would be a good place to look for answering machines
without the "remove" feature.
BTW: It does have a button to tape the current phone conversation.
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp on ftp.cs.uwm.edu
[129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The
archives are in the directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
End of Computer Privacy Digest V5 #024
******************************
.