Date: Mon, 22 Aug 94 22:53:05 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#025
Computer Privacy Digest Mon, 22 Aug 94 Volume 5 : Issue: 025
Today's Topics: Moderator: Leonard P. Levine
Re: Electronic Cash
Re: Electronic Cash
Re: Electronic Cash
Re: Bank Account Numbers
Re: Bank Account Numbers
Re: Big Brother at Checkout Stand
Re: SSN Dial In Database
Re: Multiple SSNs
Microsoft "Chicago" OS
National Registry: Equifax for Driving Records?
Remailers and "Anonymous Personas" (aliases)
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: mckeever@cogsci.uwo.ca (Paul McKeever)
Date: 12 Aug 1994 20:42:44 GMT
Subject: Re: Electronic Cash
Organization: University of Western Ontario, London, Ont. Canada
Anonymity is not a problem with digital cash. For example, I hold a
card for a photocopier. Currently, I pay cash to have credits (for
example, money) charged-up onto it's magnetic strip. When I use my
card at the photocopier, the copier does not know to whom the card
belongs...it simply takes credits off of my photocopy card. THIS
technology, and not that which is currently under use (in a limited
way) in Canada guarantees anonymity because the information about how
much money a cardhold has is encoded LOCALLY (i.e., on a card in the
holder's pocket) rather than CENTRALLY (e.g., on a hard disk in a
computer in Toronto). The problem of anonymity being lost occurs only
when we use cards that use the latter (i.e., CENTRALIZED storage)
approach.
In other words, PART 1 of my argument is that the technology exists to
have anonymous cash which is digital (and virtual) rather than physical
(like paper or coin).
THE REAL PROBLEM: Is one of politics and lawmaking. Plastic cards
etc. need card-readers (or what have you) to transfer credits from one
card to another...the card readers of digital cash, therefore, are the
hands used to transfer physical cash. NOW, that being understood,
consider human psychology. Governments have a difficult time telling
people what they can do with their bodies, especially note the abortion
issue, in which many people want the state to stay out of their wombs
and reproductive choices). In contrast, governments find relatively
little resistance when they attempt to regulate machinery. THUS:
WHATEVER sort of electronic cash you use, the machines used to transfer
credits will be easily regulated by government -- this will probably
mean centralized monitoring of all transactions, even between two
anonymous parties: you don't have to know WHO the party is, for
example, to remove sales tax from his card.
CONCLUSION: While the techology exists to mimick the anonymity of
physical cash, it is extremely UNWISE to ignore the ease with which
machines can be regulated by government. Consequently, it is unwise to
assume that the benefits of anonymity will continue if digital cash
replaces physical cash, and even if they did, somehow, continue,
taxation would still be quite easily done by regulating the possession
and use of the machines that transfer credits from one entity to
another.
ABANDONING PHYSICAL CASH, ANONYMOUS COINS OR PAPER, WILL *END* THE LIFE
OF ANONYMOUS TRADE, PRECISELY BECAUSE IT IS DIFFICULT FOR GOVERNMENT TO
PASS LAWS WITH RESPECT TO PEOPLE'S BODIES, AND EASY FOR GOVERNMENT TO
PASS LAWS WITH RESPECT TO THE POSSESSION AND USE OF MACHINES SUCH AS
DEBIT CARD READERS.
Now ignore me, and let's get on with the dismantling of privacy and
freedom in North America.
Rantingly yours,
Paul McKeever
------------------------------
From: wayne@arrow.HIP.berkeley.edu (Wayne Christian)
Date: 13 Aug 1994 19:56:05 GMT
Subject: Re: Electronic Cash
Organization: University of California, Berkeley
The August, 1992 Scientific American contained an article by David
Chaum, "Achieving Electronic Privacy", which proposed a scheme
involving multiple public keys which could issue you a "Magic
Cookie", which could be authenticated, used only once, and not
traced. I didn't understand it, and I'm not sure I believe it. Is
the proposal sound?
There have been a number of technical articles on electronic cash which
can be found in the CS literature. The concept is sound technically,
although there are various implementations. The problem is to get a
bank or other finanial institution to provide the infrastructure and
payments system to support it. After all you will want to convert
electronic cash into other types of money. Unless the system was set
up by the government some corporation would have to be willing to
guarrentee the system against error or 'hacking'.
There was an article either in the NYT or Economist recently about a
test implementation of a electronic cash system in England using a
credit card like mechanism.
------------------------------
From: huggins@quip.eecs.umich.edu (Jim Huggins)
Date: 15 Aug 1994 09:46:01 GMT
Subject: Re: Electronic Cash
Organization: University of Michigan EECS Dept.
Paul Gilmartin <pgilmart@nyx10.cs.du.edu> wrote: The August, 1992
Scientific American contained an article by David Chaum, "Achieving
Electronic Privacy", which proposed a scheme involving multiple
public keys which could issue you a "Magic Cookie", which could be
authenticated, used only once, and not traced. I didn't understand
it, and I'm not sure I believe it. Is the proposal sound?
Yes. I read a paper by Chaum describing the process and worked through
the mathematics of it. It uses some variants on 'cut-and-choose' and
is thus not completely secure (though with very low odds of failure
either in authentication or forgeability). Unfortunately, I don't
remember enough of the details to recount them here.
--
Jim Huggins, Univ. of Michigan huggins@eecs.umich.edu
"You cannot pray to a personal computer no matter how user-friendly it is."
(PGP key available upon request) W. Bingham Hunter
------------------------------
From: Paul Robinson <PAUL@tdr.com>
Date: 19 Aug 1994 21:23:57 -0400 (EDT)
Subject: Re: Bank Account Numbers
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
amy young-leith (alyoung@kiwi.ucs.indiana.edu) wrote: What I want
to ask is: WHEN did I give my bank authorization to allow other
people to take money out of my account? How can they allow these
"dedictions" with just a signature at a company (most say, "Just
fill in your account number and sign below...."
I would hope that you are overreacting. What can be done is if an
automatic deposit is made to your account in error, either because it
is too large (like a double transfer, or a post by mistake to your
account) the issuer has the right to reclaim the amount in error, by
issuing a reduction of the deposit. This is not an authorization to
withdraw money from your account; what it *is* is an authorization for
them to effectively cancel the deposit and reissue it for an amount
less than the first transaction. In no case should the sum total of
these transactions be less than zero.
Glen Roberts <glr@ripco.com>, writes: The telemarketers have come
up with a new trick...they will ask for your bank account number
off the bottom of one of your checks. They will then have a
"facisimile" check made, that looks like a real check, but in the
spot for the signature it, says "no signature required." The
telemarketer (or other business) then deposits these checks.
I will bet that somewhere on that document is a statement that the
issuer guarantees the validity of the transaction. And there's another
issue I'll come to in a moment.
What happens if a check of $100 is run through as $1000... you're
balance is $900 less than you think, and if you write a check that
bounces, you could be arrested for a felony.
It is only a felony if you intentionally bounce a check which you
knowingly had no funds available. If you were the victim of check
fraud, then there was no criminal intent. The biggest problem would be
if you don't keep good records and suspect you might have made a
mistake. If you *know for certain* you are supposed to have enough
money in the account, then you know something is wrong.
This might not help much if you're trying to cover some checks, but you
otherwise might be able to prevent a prosecution.
The bank that accepts an automatic draft must have an authorization
from the account holder to accept it. If you didn't authorize them to
issue these drafts, it's the same as if the bank accepted forged
checks. The bank is responsible to verify the signature on a check.
If the signature is missing or is clearly invalid, the bank is
responsible to refund the value of the check, which it should then
return to the issuing bank as a forged check, or most likely eats it.
It would be much worse, of course, if someone stole your checking
account number and took money out. Unlike the credit cards that
have a easy procedure for contesting charges... have fun at the
bank!
If it's an electronic transfer or automatic debit, ask the bank for the
signed authorization they have on file. If it's a check, show them
that the signature doesn't match the signature card and that it's not
yours. Tell them you are willing to prosecute if it is a forgery.
In the case of an electronic transaction the bank must find out what is
going on within 10 business days or credit your account until it does.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: skypatrl@crl.com (Albert Zhou)
Date: 21 Aug 1994 00:30:33 -0700
Subject: Re: Bank Account Numbers
Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest]
John Palkovic <palkovic@x4u2.desy.de> writes: amy young-leith
<alyoung@kiwi.ucs.indiana.edu> writes: I was just thinking
today.... "Am I the only one bothered by this new gimick of "Have
your payment deducted monthly from your checking account...." thing
I'm seeing everywhere.
This is the standard method of bill payment here in Germany. The
authorization comes from the account holder. You fill out a form,
giving your account number and "Bankleitzahl" (bank number), sign
it, and mail it off. The withdrawals can be stopped by the acct.
holder at any time. Personally, I think it is great. I have had no
problems with such payments.
The problem in the U.S. is that the automatic withdrawl cannot be
stopped through your bank. Only the merchant can make it stop. So if
the merchant doesn't cooperate, sometimes the only way to stop it is to
close the account. There are extensive laws to protect consumers in the
case of billing dispute in the U.S. That is, you can refuse to pay if
you think the bill is incorrect. You'd be out of luck if the payment
has been automatically paid before you see the bill.
I don't have to worry about writing checks each month for water,
gas, etc. Notice of the withdrawal is mailed to you, and is also
printed on your account statement (I can get a statement at any
time by going to the bank and running my ATM card through a little
machine). If there is a problem with the amount, you are given a
grace period to contest it. Just like when you pay by check.
They are several electronic bill paying services available in the U.S.
The difference is the consumer initiates a payment, not the merchant. I
think this is a safest way of paying bill, until new laws are enacted
to provide better consumer protection.
------------------------------
From: dunn@nlm.nih.gov (Joe Dunn)
Date: 16 Aug 94 13:53:17 GMT
Subject: Re: Big Brother at Checkout Stand
Organization: NLM/NCBI
klootzak@stein3.u.washington.edu (Michael Stuyt) writes: I know the
new Colorado Licenses have a magstrip on the back. Probably be at
the point where you drag the license through a reader as proof of
age...
isn't that great. Your driving record will be on that magnetic strip.
how many liquor stores or bars will sell to you knowing you've been
dwi?? think of the legal ramifications they face if they do and you get
in an accident after drinking there?? I'd take a magnet and make sure
that strip never works, complete invasion of privacy...
------------------------------
From: glr@ripco.com (Glen Roberts)
Date: 22 Aug 1994 19:01:55 GMT
Subject: Re: SSN Dial In Database
Organization: RCI, Chicago, IL
Todd Leonard (todd@meaddata.com) wrote:
Glen Roberts (glr@ripco.com) wrote: Now, there is something
new. SSN-BASE, a public, free, interactive SSN database. It's
easy to check out. Just call from your modem (2400 baud):
(708) 838-3378.
I tried this service. First, I entered a number that "looked like"
a SSN, to which it replied something to the effect of "I've never
heard of that, but I'll add it to the database". Next I tried
000-00-0000, and then 123-45-6789, both of which were found,
leading me to suspect somebody before me had tried the same
experiment.
I'm glad I didn't try a real SSN, particularly my own. Such a
system could clearly be used to collect SSNs and use them
illicitly, if that were the motive of the providers. This presents
a risk similar to the fake ATM machines used to collect PINs...
Which is exactly the point. What do you think happens when you give
your SSN to a business, voter registration clerk, etc? They are
collected and used for the benefit of that business.. not you.
--
Glen L. Roberts, Editor, Full Disclosure Magazine
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
email glr@rci.ripco.com for information on The Best of Full Disclosure,
four volumes to blow your mind. Voice/Fax on demand: (708) 356-9646
No record. No Trace calling: 1-900-STOPPER (786-7737). $1.95/min
------------------------------
From: jmcging@access.digex.net (John McGing)
Date: 22 Aug 1994 15:26:47 -0400
Subject: Re: Multiple SSNs
Organization: Express Access Online Communications, Greenbelt, MD USA
cybrland@aol.com (Cybrland) writes: What prevents a person from
going the the SS Admin and getting a 2nd, 3rd, or Nth, SSN? Is
there some number that THEY match with your SSN?
The ID data you present with documentation is used to see if an SSN
with that data has already been issued.
If you say you never had an SSN and are over 18, you gotta bring in a
birth certificate and some other documentation. They then enter your
parents names, date of birth, place of birth and name and see if they
get a match (or a series of matches). You can even have a different
name but the match will still find you under the old name.
So unless you have fake documentation (of a fictictious person or a
person who never had an SSN) they'll match through your biographical
data. And as an aside, SSA is now, in many States, verifying birth
certificates electronically, amking it harder to forge one.
--
jmcging@access.digex.net Nobody knows the troubles I've seen
jmcging@ssa.gov .... and nobody cares!
J.MCGING on GEnie 70142,1357 on Compuserve Team OS/2
------------------------------
From: jya@pipeline.com (John Young)
Date: 22 Aug 1994 19:01:56 -0400
Subject: Microsoft "Chicago" OS
Organization: The Pipeline
dpbsmith@world.std.com (Daniel P. B. Smith) wrote: Apparently
[Chicago] will also query your system automatically for hardware
configuration. How far does it go? How far _could_ it go? Will
it tell Microsoft if you have WordPerfect loaded on your disk, so
they can send you an extra-special competitive upgrade offer? Will
it time your keystrokes and tell Microsoft whether you're a fast
typist? If you have 8 meg, will they sell your name to a RAM
vendor so they can advertise upgrades? Will it search your disk
for files with a .GIF extension and upload them to Microsoft to add
to Bill Gates' personal collection? :-)
The list <cypherpunks> has discussed possibilities for this and other
future OSs:
Search your disk for encryption programs and their passwords.
Search your disk for encrypted files.
Search for just about anything that is contracted, or legislated by
government authorities, and private parties who wish to monitor your
system.
Store system data and transmit covertly along with innocent email or
other electronic transmissions for stripping or mining by remailers.
On a related matter:
Hardware devices and software can do the same under guise of "metering"
systems for software usage.
CPU and board manufacturers can embed such features for covert system
monitoring with reports piggybacked to electronic transmissions for
auto-mining by remailers.
Such hardware can similarly attach identification of authors and
senders of encrypted and anonymously remailed electronic data for
retrieval during transmission.
These features can be added by contract, or legislated by governmental
authorities, in lieu of, or parallel to, the implementation of the
Clipper chip for telephonic systems.
The capability for this is available through military downsizing and
concomitant commercializing of human and material resources once
devoted primarily to national security.
------------------------------
From: skypatrl@crl.com (Albert Zhou)
Date: 22 Aug 1994 16:12:33 -0700
Subject: National Registry: Equifax for Driving Records?
Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest]
It seems like many states rely on a database National Registry rather
than respective DMV's for driving records. According to some personal
accounts, this database is full of eroneous and outdated information,
and in many cases, the drivers have to bear the burden of correcting
the errors.
Does anyone have more info on who owns National Registry, and how it
operates?
------------------------------
From: vimrich@athena.mit.edu (Vernon R Imrich)
Date: 21 Aug 1994 04:31:12 GMT
Subject: Remailers and "Anonymous Personas" (aliases)
Organization: Massachusetts Institute of Technology
First of all, please post any remailer/anonymous-posting FAQ's. I've
seen related things sporatically, but have not saved them. I can't
recall if this or similar issues are covered.
Issue: I think the remailer concept does not allow for true "anonymous
personas." That is, should you wish to set up an alias identity and
post anonymously but identified with the alias, the remailer system
fails.
First "the watchers" watch all incoming messages to the remailer site
to find out where THOSE messages come from. They either come from
people, or from other remailers. If they come from other remailers
then they just watch that remailer to see what comes into it.
Now, if you use PGP on the way to the remailer and latent time on the
way out, they have no way of knowing which in messages led to which out
messages, but they do have a bounded set of possible addresses (at
most, all the users of a given remailer in say a week) since PGP
doesn't hide the address on the way to the first (or only) remailer
site. Since they can't be sure, they will keep track now of ALL the
remailers and log ALL who use them.
They'll be able to (eventually) identify anyone with an aliased
"persona" by: number of incoming posts to all remailers from address X
= number of remailed posts to public sites labeled with alias Y. X is
likely the same as Y. This can be refined by comparing X(t) to Y(t)
over time t.
E.g. they grep usenet for all posts from someone calling themselves
"Mr. Terrorist" over say, a week. Perhaps there are 80 such posts.
Now, look over that same period at all the known remailer sites and
chart the numbers of posts coming in from EACH user that is not another
remailer. Anyone who sent out about a 80 posts to the set of all
remailers is a possiblity (need not be exact since latent time effects
might be there on first last few days of week's survey, and may have
sent some posts w/o "Mr. Terrorist" name attached). Anyway, do this
for a month instead of a week and it will narrow further. Track
someone at weekly or monthly intervals over long enough time and the
conincidences will also be eliminated.
One way I see to avoid this is to use different originating sites. But
this is possibly still a problem since the watchers will be able to
link all address names to real people through the address providers. A
log in the form of: person A = electronic addresses, A@delphi.com,
A@aol.com, A@mit.edu, and so on could be arranged. A program could
cross reference all electronic addresses to their associated "real
person" and avoid problems.
The main other way I see is for a given alias to post only at the level
of "noise" so that s/he only posts as many times as the great bulk of
remailer users do. Even so, that will just make tracking take longer,
as the watchers use longer tracks to eliminate the noise and match the
usage levels.
E.G.
Number of Posts to ALL Remailers
users Week 1 2 3 4 5 6 7 8 ...
A 5 10 3 7 12 4 9 6
B 9 8 5 3 10 12 2 8
C 15 3 4 9 3 7 4 6
D 100 5 7 50 4 20 2 7
E 1 0 2 0 3 2 1 0
F 0 1 0 0 2 6 0 1
...
Alias Number of posts seen on (say) Usenet
"Mr. Idiot" 97 7 3 53 9 23 1 8
"Mr. Terrorist" 6 9 1 8 10 5 11 4
Obviously, "Mr. Idiot" is user D. "Mr. Terrorist" was smarter, posting
only at the noise levels of several other users, but still: users E,F
dropped out of contention in week 1 or 2 (too low usage), user C
dropped out through weeks 5 and 7, user B dropped out through weeks 6
and 7. Must be A. And with automated covariance (correct term?)
programs to do these comparisons it would be even faster. As long as
the watching was done well, the comparision of usage (and storage of
usage data) would be trivial even for millions of possible candidates.
Basically, since there are a finite number of remailers to "watch" and
all anonymous posts from a given alias must go through a remailer there
will be a finite number of users in the list to compare to any given
alias.
Question, what might be the quantitative numbers on this? Are there so
many possible users and so much "noise" that looking at such patterns
is useless practically? Might there be ways to send "dummy messages"
to remailers that have no mention of ones alias (or having long lag
times of weeks or months) to distort the usage pattern?
--------------------------------------------------------------------
| Vernon Imrich | market failure, n. The inabilty of the |
| MIT OE, Rm 5-329b | market to recover from a blow by |
| Cambridge, MA 02139 | intervention. (the Exchange) |
--------------------------------------------------------------------
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp on ftp.cs.uwm.edu
[129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The
archives are in the directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
End of Computer Privacy Digest V5 #025
******************************
.