Date:       Wed, 05 Oct 94 15:00:50 EST
Errors-To:  Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V5#044

Computer Privacy Digest Wed, 05 Oct 94              Volume 5 : Issue: 044

Today's Topics:			       Moderator: Leonard P. Levine

                             Re: 2020 World
                             Re: 2020 World
                         Re: The Crypto Dilemma
                  Re: How to verify your phone number
                  Re: How to Verify Your Phone Number
                  Re: How to verify your phone number
                      Re: Background Check For Job
                      Re: Background Check For Job
         MCI Employee Charged in $50 Million Calling Card Fraud
      DT in the House: Today's the day! Really! Almost certainly!
                       Re: Eastwood Door Problem
                       Re: Eastwood Door Problem
                       Re: Eastwood Door Problem
                       Re: Eastwood Door Problem
          Info on CPD, Contributions, Subscriptions, FTP, etc.

----------------------------------------------------------------------

From: craig@killerbee.jsc.nasa.gov (Craig Biggerstaff)
Date: 03 Oct 1994 22:04:45 GMT
Subject: Re: 2020 World
Organization: NASA Johnson Space Center, Houston, TX, USA

    Paul Robinson (PAUL@tdr.com) wrote some reasons why it is foolish
    to disregard reading and writing in favor of multimedia
    technology:

    Mr. Robinson is correct in pointing out the dangers of video; I
    have seen "multimedia" used as a synonym for "propaganda".

An observation or two of my own:

11.	The simpler solution is usually the more effective (a basic
engineering virtue).  No one takes a laptop to the store to read a
grocery list; it requires more work to achieve the same result.

12.	Printed material moves at the reader's own pace.  For something
hard to comprehend upon first reading (e.g., quantum physics lessons),
the reader can stop and ponder each word.  This is much simpler than
using the "rewind" button repeatedly.

    But there is one point he is correct upon; the average 9-year-old
    will be less educated than the 6-year-old of today because the
    public schools will be more expensive and less effective than they
    are now.  By the time someone comes out of college, his 2-year or
    4-year degree won't even be the functional equivalent of the
    high-school diploma of 1950.

I am less convinced of this; Parkinson's Law applies to education as to
most other things.  The amount of "necessary" knowledge expands to fill
the time available.  We do not learn about the Middle Ages anymore, or
Latin and Greek; they are not considered priorities now.  In twenty
years, much of what we have learned will be ignored in favor of
something else.  What we do not learn is a function of priorities.
(Right now it is essential that our offspring feel good about
themselves, whether they learn anything else or not:  we give them a
cheap substitute for the true, lasting satisfaction that comes with
mastery of a task.)

 ----------------------------------------------------------------------
Craig Biggerstaff			Software Engineer
craig@killerbee.jsc.nasa.gov		Unisys, Houston, TX


------------------------------

From: idela!markb@ide.com (Mark Bells Home Account)
Date: 04 Oct 94 16:52:55 PDT
Subject: Re: 2020 World

    2020world column title:  Emily is illiterate The information
    superhighway -- aren't you tired of reading about it? And it
    doesn't even exist!

Well, for some of us it does now...

    But it will.  And after it's built, we will live in a very
    different world.  ...

    It's the year 2020, your daughter Emily is 9 years old, and she
    can't read or write.  Is this your worst nightmare about our
    schools come true?  Nope, Emily just doesn't need to read or write
    anymore.

    Look inside your own head.  Do you store information as written
    words? Do you dream in written words?  No, you don't.  Visual
    images and spoken languages are our natural form of information.
    Writing is nothing more than a technology.

Well, writing is special.  Who knows why we have evolved being able to
read and write?  But, once someone has spent the 100 hours it takes to
get enough proficiency,  he or she can launch into the print world in
any direction, with RANDOM ACCESS.  That is, the reader can jump
instantly from topic to topic or paragraph with equal ease.

    I'll bet you are now in the "but what about..." stage:  Um, yes, I
    am...

    But what about education?  Video can do anything books can do;
    ARRGH! well-produced video can do many things better.  Which is the
    better way to learn about the Civil War -- reading a text for 10
    hours or watching 10 hours of Ken Burns' PBS production on the
    Civil War?

They both offer something of value.  But print has the crucial
advantage that the READER decides how to access it, whereas video or
audio the AUTHOR decides how it is accessed.  Most of the time when I
need information, I turn to a print source and skim until the parts I
need.  I may be skimming over stuff I already have learned or simply
don't need.  Yet I do see that it is there and make mental notes of
that in case I need it later.

The other important distinction is that video (usually with evocative
music) is a much more emotional medium than ordinary print.  One's
reactions to a problem are powerfully colored by whether the problem is
presented in print or video.  Certain problems respond well to video.
However, note that today people live in more anxiety than previously,
in great measure because of repeated exposure to crime and violence on
TV "news."  In fact, where I live (Northridge, CA) violent crime has
DECREASED 18% in two years yet most people believe it has increased and
are more uneasy than before.  Those who get their news from print are
much less likely to feel this way.

    But what about the law?  Don't we need the precision implied by
    written rules?  Perhaps, but wouldn't videos of the original
    trials, legislative debates, rulings and precedents be a better
    guide to future generations than law books?

How oh how could this be?  Since one has to watch a trial video in real
time, reviewing it takes as long as it took originally.   One can find
legal citations REAL FAST with legal software or actual lawbooks.  Even
with videos, someone would have to index them and prepare
machine-scannable summaries, etc.

(One note in defense of the 2020world scenario is that one could
somewhat overcome the crippling real-time hurdle by compressed
viewing.  That is, humans can understand speech at about twice normal
spoken speed and there are or will be viewing devices that speed up the
original yet shift the speech so it is still intelligible.  But even
there, you are looking at 200 words per minute tops, whereas a good
reader can read FIVE TIMES that fast; much faster still if they're
scanning for only useful portions.)

    Send me your own "but what abouts."  But make sure to include your
    thoughts about how the 2020world would deal with those situations,
    too.

    Does Emily really need to read and write in 2020world?  I don't
    think so.  Do you?

Well, she does if she is not to be at the mercy of the slow.  I believe
there will be many technopeasants who have severely limited reading
skills but those who would assume positions of authority and importance
will WITHOUT QUESTION need to read.

So here's a "but what about."  What I think will happen is that print's
importance will not diminish at all for parents who want their kids to
be able to make their own, independent way in life.  What probably will
happen, however, is that our schools will continue to wither and
parents will be empowered by the network.  Since children can usually
learn to read in one hundred hours and since more and more schools seem
to not be doing that, the net will provide support for parents who want
to take alternative routes.

I can give you two major examples.  First, visit any of the consumer
oriented nets (Prodigy, America Online, etc,) and get into the bulletin
boards on homeschooling.  There is an absolute wealth of information
there which, viewed through the Establishment lens, is subversive.
People are most forthcoming and willing to help the neophyte.  Second,
consider that there was a recent Federal law drafted that would have
placed all homeschoolers nationwide under the regulation of the
government and the teacher's unions.  This law was defeated (to the
shock of those who had backed it) by a storm of grassroots protest.
Much, perhaps half, of the protest was facilitated by the Net.  Quite
an accomplishment.  So now, in some measure because of the Net,
homeschoolers may be past the point of the government stopping them.
This in turn creates centrifugal forces in our society, yet the Net
then acts as a unifying force for all the newly created disparate
interests to reunite in birds-of-a-feather groupings.

    Thanks for taking the time to read this loonnggg e-mail.  Please
    join in and help us understand the real nature of our world after
    the information highway is built.  Send your subscription e-mail
    right now!  I'm looking forward to adding your thoughts to our
    discussion.

Good luck with your enterprise!

--
Mark Bell
43-yr old father of 10 year old girl who is print literate...


------------------------------

From: tro@ping.com (Tom Olin)
Date: 03 Oct 1994 21:53:35 +0500
Subject: Re: The Crypto Dilemma

    Shayne Weyker <weyker@wam.umd.edu> writes: It's an ugly choice. And
    I've heard too many people dismiss the folks on the other side as
    either voyeuristic fascists or paranoid anarchists with a "don't
    worry, be happy" attitude towards public safety.  Both sides are
    doing public who depend upon the quality of the debate a
    disservice. The debate should have less fear-mongering about what
    is goin to happen if "the other side" wins, and more brainstorming
    about exactly what new technology, new laws, and new behaviors we
    can develop which will protect us against the very real dangers of
    a world with too much or too little crypto in the public's hands.

While I agree that we should avoid fear-mongering and instead
concentrate on a cool, calm discussion of the issues, Mr. Weyker fails
to acknowledge the major practical difference between the advocates and
the opponents of Clipper, Digital Telephony, etc.:  The advocates are
attempting to enact legislation; the opponents are merely trying to
prevent its passage.

Reasoned discussion would be much more likely if the advocates weren't
so busy trying to ram legislation through Congress with little or no
public debate.  Repealing any such law will be much more difficult than
preventing its passage in the first place.  Since the advocates show no
interest in suspending their legislative efforts in order to give the
public a chance to fully consider all the issues, opponents of the
measures have no choice but to resist as best they can.

--
Tom Olin                         Internet: tro@ping.com
Waterville, NY                             tro@speedway.net
                                Voice/fax: +1 315 861 7712


------------------------------

From: stark@rtsg.mot.com (George Stark)
Date: 04 Oct 1994 03:20:27 GMT
Subject: Re: How to verify your phone number
Organization: Motorola Cellular Infrastructure Group

    pp000837@interramp.com wrote: If you dial 1-800-MY-ANI-IS
    (1-800-692-6447), you should be able to ascertain/verify the number
    you are calling from.  This technique is particularly useful when
    calling from a pay phone (that accepts incoming calls but is
    missing a listed number) or when calling from an unlisted phone
    that you want to crack.

When calling from my work phone, it gave the wrong number for the
extension I was at. Otherwise is worked in (708) land.

--
George
stark@rtsg.mot.com


------------------------------

From: cbarnard@cs.uchicago.edu
Date: 04 Oct 94 12:39:51 CDT
Subject: Re: How to Verify Your Phone Number

    johnny@.interramp.com If the corrected number still does not work,
    please let me know.  I have found this number to work from many
    phones around the country.  However, I do not know whether it works
    from all phones or geographic areas.  I also don't know who the
    sponsor of this service is or how long it will be available.

This number works from Chicago (312), but it doesn't return the correct
phone number (it wasn't even close).  I tried dialing the number that
was returned and was told that "this number is not in service".  The
University's telephone switch might be confusing it, though...

+----------------------------------------------------------------------------+
| Christopher L. Barnard             O     When I was a boy I was told that  |
| cbarnard@cs.uchicago.edu          / \    anybody could become president.   |
| (312) 702-8850                   O---O   Now I'm beginning to believe it.  |
| http://cs-www.uchicago.edu/~cbarnard                    --Clarence Darrow  |
+---------------------finger me for my PGP public key------------------------+


------------------------------

From: "M. Otto" <otto@vaxb.acs.unt.edu>
Date: 05 Oct 1994 09:36:01 GMT
Subject: Re: How to verify your phone number
Organization: Zetetic Institute

    pp000837@interramp.com writes: If you dial 1-800-MY-ANI-IS
    (1-800-692-6647), you should be able to ascertain/verify the number
    you are calling from.

1-800-MY-ANI-IS translates out to 1-800-692-6447.  Try that instead.
It worked just fine for me in 817 land.

-- 
         __ ____ __      otto@vaxb.acs.unt.edu
 /|/|   / / / / / /  A virtual prisoner of the VAX     // I'm sorry; my karma
/   |. /_/ / / /_/  at The University of North Texas \X/  ran over your dogma
                             Denton, USA


------------------------------

From: kazmarek@ix.netcom.com (Edward Kazmarek)
Date: 04 Oct 1994 23:32:56 GMT
Subject: Re: Background Check For Job
Organization: Netcom

    lindline@rice.edu (Ann Lindline) writes: Is this legal?  If you
    want to work for certain government agencies, I know you have to
    submit to, and subject your family and friends to, a lot of poking
    and prying into backgrounds.  Is working for a defense contractor
    basically the same as working for the government?  What rights to
    refuse would these roommates have? Any feedback is much
    appreciated.

I'm not sure, but I suspect it's legal.  At least, it's pretty common.
For security clearance background checks, it is quite common to assess
someone's potential security risk by the character of the company they
keep.  Even more, it's quite common to pursue what are called
"developed references."  You ask a listed reference, "Who else knows
this person?"  You ask the same question to two or three names on that
list, and so on for two or three levels.  You'd be surprised that you
don't have to go very far in a chain of developed references before
you're talking to people who are NOT friends of the candidate.  And you
get some REAL interesting information.  That's life.

-- 
E.A. Kazmarek                             kazmarek@ix.netcom.com
Long, Aldridge & Norman                    ekazmarek@attmail.com
303 Peachtree Street, #5300                       (404) 527-4160
Atlanta, GA 30308                             fax (404) 527-4198


------------------------------

From: anonymous <levine@cs.uwm.edu>
Date: 05 Oct 1994 12:00:00
Subject: Re: Background Check For Job

Moderator, if you catch this message, I would appreciate having my
name and affiliation removed, due to the sensitivity of the topic.

    lindline@rice.edu (Ann Lindline) wrote: Is this legal?  If you want
    to work for certain government agencies, I know you have to submit
    to, and subject your family and friends to, a lot of poking and
    prying into backgrounds.  Is working for a defense contractor
    basically the same as working for the government?  What rights to
    refuse would these roommates have?

Yes, I believe it is.  My sister works for a nave contractor, and
although her job may not be charaterized as "high risk" the level of
security clearance that she has is relatively high.  Because of that,
her family and friends were checked out.  I personally did not have to
undergo any interviewing, but that may be because I'm relatively
"clean."  in addition, her husband works for the CIA, so they may think
that he'll keep on eye on her (even though that's beyond their charter,
I think that's the NSA's <smile>).

The FBI does the same thing.  My girlfriend in college had a friend
(who didn't even go to the same school) who was applying for an
FBI-related appointment, and the FBI sent someone from one of their
field offices to interview her.  He spent the better part of a day
"lurking" until he presented himself and his badge to explain what he
was doing their.

Although we may not like it, when subjects of "national security" come
up, it appears that the government can take whatever measures they feel
are necessary...


------------------------------

From: Monty Solomon <monty@roscom.COM>
Date: 05 Oct 1994 04:05:41 -0400
Subject: MCI Employee Charged in $50 Million Calling Card Fraud

Excerpt from TELECOM Digest V14 #385

    Date: 04 Oct 94 12:47:54 CDT
    From: telecom@eecs.nwu.edu (Patrick Townson)
    Subject: MCI Employee Charged in $50 Million Calling Card Fraud

Felony charges of access device fraud involving over one hundred
thousand telephone calling cards -- mostly those of MCI customers but
including cards of local telcos and in a few instances AT&T and Sprint
have been filed against Ivy James Lay of Charlotte, NC.

Lay, employed as a switch engineer by MCI in its Charlotte switching
center until his arrest and indictment at the end of last week, is also
known by his phreak name 'Knightshadow'. He was fired late last week
when MCI concluded its investigation into his activities.

According to Secret Service Special Agent Steven Sepulveda, Lay had
installed special software in MCI switching equipment which trapped the
calling card numbers and personal identification codes of callers.  He
then sold these stolen calling card numbers to other phreaks all over
the USA and Europe.

MCI claims that about one hundred thousand of its customers' calling
cards have been compromised as a result. In addition, several thousand
calling cards issued by AT&T, Sprint and/or local telephone companies
have been compromised as a result of traffic from those carriers being
routed for whatever reason through the MCI center in Charlotte. The
dollar value of the fraud is estimated to be fifty million dollars by
the Secret Service and MCI. Some of the fraud traffic occurred as
recently as the last two weeks and has not yet been billed to
customers.

According to MCI and the federal indictment, Ivy James Lay is the
leader of an international fraud ring operating in Los Angeles and
several other US cities as well as Spain, Germany and the UK. The
indictment claims he supplied stolen calling card numbers to phreaks
all over the USA and other parts of the world.

A spokesperson for the Secret Service called the case unprecedented in
its sophisticated use of computers and the manner in which the fraud
ring coordinated its activities on a global scale. MCI spokesperson
Leslie Aun characterized the case as the largest of its kind in terms
of known losses, both in dollar amount and number of customers who were
victimized. Ms. Aun added that Ivy James Lay was immediatly fired once
the joint investigation by MCI and the Secret Service was finished

late last week.

In raids conducted simultaneously at the homes of Mr. Lay and other
co-conspirators last week, agents seized many items including six
computers with pirated commercial copyrighted software and many boxes
full of computer disks with thousands of calling card numbers on each.
Telephone toll records of Mr. Lay and other phreaks involved in the
scam have also been obtained showing examples of fraudulent traffic.

Spokespersons for Sprint, AT&T and MCI are encouraging customers who
believe their calling cards were compromised in the scam to contact the
appropriate customer service department immediatly so their cards can
be cancelled and re-issued. Customers should bear in mind that the vast
majority of the fraud was against MCI customers whose traffic went
through the Charlotte center.

If convicted, 'Knightshadow' as he known to other phreaks and his
co-conspirators face ten years in a federal penitentiary. It must be
remembered that in the United States, our constitution requires a
presumption of innocence on the part of Ivy James Lay and the other
phreaks involved until their guilt is proven by the government in a
court of law.

 -------------------

In certain other prominent e-journals on the Internet, we have read in
recent days that computer crime is not nearly the serious matter the
government claims it to be. It sounds to me like the sneak-thievery of
a hundred thousand plus calling card numbers and fifty million dollars
in phreak phone calls is serious enough. We have long known about telco
employees who themselves are as corrupt as the day is long; who think
nothing of taking bribes for providing confidential information about
their employer and its customers. But most of it to-date has been petty
ante stuff; a few dollars under the table for a non-pub phone number,
or maybe a hackerphreak who gets a job with telco then uses information
and technology at his (legitimate) disposal to cover his own tracks
where obscene/harassing calls are concerned.  But a hundred thousand
calling cards and fifty million dollars in traffic????  At what point
are certain publishers/editors on the Internet going to wake up?
Computer crime is growing expotentially.  I think it is time to have
another massive crackdown, similar to

Operation Sun Devil a few years ago.  Let's start getting really tough
on hackers and phreaks.

--
Patrick Townson


------------------------------

From: steven cherry <stc@panix.com>
Date: 05 Oct 1994 12:10:51 -0400 (EDT)
Subject: DT in the House: Today's the day! Really! Almost certainly!

              FOR THE HOUSE, TODAY IS THE DAY

The debate, such as it was, was last night. The vote could be anytime
today. Please call your Rep today, register your opposition, and demand
to know how they will be voting today. Please let us know as soon as
they've committed either way. Thanks. We get a second chance if needed
in the Senate, but we could win the whole thing today. If you don't
know your Rep's number, and don't have gopher access (see unix command
line below or just gopher to gopher.panix.com), write and we'll look it
up.

To summarize, the bill is included in the Suspension Calendar, which
allows only 40 minutes of debate, no amendments, and items require a
2/3 vote to pass. Some other items on the suspension calendar have
failed already. Our position is that Congress needs more time to study
the issue, and therefore the Suspension Calendar vote should be "no".

In particular, the following questions remain unanswered about the
FBI's bill:

  * Law enforcement has yet to demonstrate the need for
    this bill
 
  * No study has been made showing how much it will cost to
    fulfill the requirements of the bill
 
  * No study has been made showing the impact on smaller
    local telephone companies
 
  * No evidence has been presented showing that once the
    mandates of the legislation have been carried out, that
    law enforcement will be able to execute wiretap orders
    in the face of continually changing telecomm technologies

--
  Steven Cherry  <stc@vtw.org>  <stc@acm.org>
  Media contact
  Voters Telecommunications Watch  <vtw@vtw.org>   (718)596-2851   
  gopher -p 1/vtw gopher.panix.com


------------------------------

From: rgoggans@mason1.gmu.edu (Robert Goggans)
Date: 03 Oct 1994 21:08:33 -0400
Subject: Re: Eastwood Door Problem

As I was reading the dilemma about the Eastwood Door, it occurred to me
that any data collected will be kept forever.  Storage is relatively
cheap, and information is worth something.

Assume that the data from the entry program is collected by a security
firm and then compared to the database on the NCIC to establish any
correlation.  Joe Friday, the CIO at the security firm notices that
people who had been convicted of burglary often opened their doors
between 0200 and 0500.  Being the great crime fighter that he is, Joe
issues a list of the people who frequently open their doors during
these hours and tells his security guards to keep an eye on these
"potential criminals".

Jane Greasyspoon, a waitress at an all night truck-stop, begins to
notice that the security guards at the condominium seem to be following
her and looking inside her car.  She just thinks she is being a little
paranoid.

A few months later, a burglary takes place in the neighborhood.
Although Jane has never received even a traffic ticket, she is
questioned by the authorities on an anonymous tip.  Has her privacy
been invaded?

One more example.  Fred Lardass goes to the local supermarket four or
five times a week to get cookies, doughnuts, and milk, along with other
things.  He always uses his debit card at the checkout and his
purchases are recorded in a database.

This database is in turn sold to a data wholesaler for further sale to
advertising companies to be used to target potential customers for
direct mailings.  But these lists are for sale to anyone, and Bill
Bureaucrat at the local police department gets a copy.

Bill compares purchasing patterns with convictions for marijuana
arrests and establishes a correlation.  He constructs a list of people
who meet the profile, compares it to the Department of vehicles list,
and issues a warning to Patrol Officers to beware that these people
might be drug offenders.

Officer Dan I. Bail stops Fred Lardass for a minor traffic violation.
Before he leaves his vehicle, he punches the license number into his
on-board computer and, viola, the warning pops up.  The officer decides
to search the vehicle because he thought he saw the driver stuffing
something under his seat.

After a one hour intensive search, aided by the departments
drug-sniffing rhinoceros, the result is negative for drugs.  However,
their is evidence of chronic candy abuse, as evidenced from the 200
Snickers wrappers, 82 empty coke cans and a half-eaten doughnut.
Officer Bail enters Fred's name into the computer so that Social
Services will be able to contact Fred with information about Overeaters
Anonymous.

These examples suggest that the question is one of storing the data at
all, not just for how long.  Someone could always make a "bootleg" copy
before the master is erased.


------------------------------

From: aja@cad.vmss.gmeds.com (Andrew J. Allen)
Date: 04 Oct 1994 18:05:39 GMT
Subject: Re: Eastwood Door Problem
Organization: Cadillac World Headquarters

    "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> writes: A good
    question might be asked.  "How long should the data be kept, who
    should be allowed to see it before it is deleted, and under what
    conditions should the data be made available?"  Investigation has
    shown that this question is rarely, if ever, asked.  The data
    points are collected only to help detect the perpetrators of theft
    and vandalism and to secure the structure.  They are not collected
    to identify the comings and goings of the residents, to aid lawyers
    in divorce cases, satisfy the curious, or collect statistics on
    wear and tear on the door latches.

To me, this is an easy one.  Although it requires a cooperative
relationship between the Condo. board and the residents.

- All key usage records will, routinely, be deleted after 48 hours.
     . This is to ensure maximum privacy while providing the residents the
      opportunity to identify any unwanted activity associated with their
      residence.
     . Optionally, records could be routinely retained for slightly longer
      periods to accomidate weekends and holidays (as one can count on
      at least one resident being away during these periods).

- Key usage records may be retained for longer periods, based on resident
  request.
     . This will facilitate retaining key usage information that may be
      of value if undesired activity is associated with a resident's unit
      while he is away for extended periods.
     . It is possible to create the methodology necessary to delete those
      key usage records when the resident returns, yet retain those key
      usage records that may be needed to accomidate another resident
      with overlaping absence dates.

- Key usage redcords may be retained for any or all keys for any length of
  of time in order to satisfy an appropriate police or court request/order.

- Key usage information shall not be devulged to any person other than
  that information necessary to satisfy an approptiate police or court
  request/order. Information shall only be provided to those who have a
  need to know.  This means, for example, that a parent who wants to
  verify the time his child got home last night will not be able to get that
  information from the key usage logs.

As a closing note:  It seems to me that the students responding to this
question need to read the requirements again and get out of the box.
They all seemed to be in the box that says that the record retention
rule must apply to all the records, all the time.  This is very
limiting and will not win much business.  To win contracts, you must
learn to read the customer's real needs and concerns, and design your
solution to meet them.  Be creative!!!

--
*---------------------------------------------------------------*
| aja@cad.vmss.gmeds.com | Opinions are my own and do not	|
| EDS/Cadillac World HQ  | necessarily reflect those of my	|
| 30009 Van Dyke	 | employer or customer.		|
| P.O. Box 9025		 |--------------------------------------*
| Warren MI 48090-9025 	 | Advise given without warranty.	|
*---------------------------------------------------------------*
| Any suficiently advanced technology is indistinguishable from	|
| magic.	A. C. Clarke					|
*---------------------------------------------------------------*


------------------------------

From: gordon@sneaky.lonestar.org (Gordon Burditt)
Date: 04 Oct 94 14:45 CDT
Subject: Re: Eastwood Door Problem
Organization: "Gordon Burditt"

I take considerable exceptions to the opinions of the students on the
subject of the Eastwood Door Problem.  The approach I'm taking isn't
strictly ethics, either, it touches a lot on safety and the system
design.

The purpose of the new security system includes:

- Selective access by residents into areas they are authorized to enter.
- Quick invalidation of access due to lost or stolen keys, a resident 
  moving out, failure to pay rent, etc.
- Convenient access by residents, not requiring multiple keys.
- Giving temporary access (a few days) is practical and not costly.
- Recordkeeping of who was where when, to be matched against reports of crimes.

Note that all but the last doesn't require any recordkeeping of entry
or exit events at all, but provides considerable benefit by
themselves.  I don't agree at all that recordkeeping is THE "primary
purpose of the system", if it is a purpose at all.  Recordkeeping may
endanger your tenants and it should not be done unless there is
sufficient benefit to overcome the risks.  The danger is especially
great when the system is thought to be infallible, but it isn't.  It
appears that this system is likely to have so many holes in it that
it's worse than useless in solving crimes.  A more accurate
record-keeping system could probably be forced on employees by an
employer but not on tenants by a landlord.  It's too inconvenient, even
if nobody objects on privacy issues.

Some digested forms of the data don't present much of a privacy danger
to the residents, but may be of use to management.  (Example:  door
traffic stats by hour, day of week, and season, without identifying any
residents, used to decide where to put more doors.  Because of seasonal
variations, you need at least a year of data.  Maybe two, to see
trends.  It's hard to sue someone or target them for burglary, or
accuse them of burglary with this kind of data).  Consider keeping this
kind of digested data rather than the raw, individually-identified
data.  Even this data shouldn't be public, as it gives muggers a good
idea of where to find people alone.

Now, some technical questions about the door system and its
management.

(1) How long does it really take to invalidate a key (a) in an
emergency, such as a key taken at gunpoint, or (b) for routine matters,
like a resident moving out, or a lost key report?

from the description, the doors aren't wired to a central computer.
Reprogramming 40 doors (well, for one key a subset of these would be
required, maybe 10 outside doors and one building door) might take
several hours with walking around to the doors taking most of the
time.  Ideally the desktop computer generates new lists and the doors
can be reprogrammed by downloading from some sort of portable storage
device/computer.  How often will the wrong list end up in the wrong
door?

For routine matters, are they going to BOTHER reprogramming the doors
more often than the weekly collect-the-data procedure?

(2) Does it require using a key to EXIT the complex?  If not, your
records are almost useless.  If so, I suggest having a talk with the
fire department.  An alternative method is having a way to exit the
door in an emergency that sounds an alarm (and logs it) but lets people
out.

Assuming you record entry and exit events, you should be able to model
the system as a number of areas (with "outside" being one of them), and
a set of doors that permit entry from one area to another.  Obviously,
you know what doors connect which areas.  All of the doors may not go
to the outside; you might have individual buildings in a courtyard,
each with their own doors, and doors from the courtyard to the outside
and to adjacent courtyards.  (Doors from one courtyard to another
present a problem:  you need an emergency exit in BOTH DIRECTIONS.  Is
there a need for keeping the two areas separate?)

In theory, but not in practice, you should be able to tell which area a
key is in at all times after it's been used once.  You should analyze
the data for keys doing things they shouldn't do: exiting an area twice
without entering, entering an area twice without exiting, exiting an
area other than the one the key is supposed to be in, etc.  This gives
an indication of the accuracy of the records.

I guarantee that there WILL be anomalies as described above.  Some of
the reasons are:

- Someone with two keys in his pocket, using whichever one he finds
  first.
- A group of people with keys walking through the door when it's been 
  opened by one person with a key.
- People who decide to exit (or enter), open the door, but don't go
  through it (see part about letting guests in below).  

(What are you supposed to do when a person tries to EXIT a building
with a key not authorized to be there?  Chances are good that his
excuse is "I was visiting with <resident of other building>" and if you
check it out with that resident, it turns out to be accurate.)

(3) How do people enter and exit the complex during a power failure?
Can these events be logged?

Backing up the door memory of authorized keys and entry/exit events is
not hard.  Having enough power to operate a door latch (hopefully
immune to such things as "carding") may be more difficult although one
car battery (with a charger) per door should last quite a while.  The
bad guys might consider causing a power failure to cover their tracks.

(4) How difficult is it to destroy the record of entry/exit events
and/or authorized keys in a door?

If I were a burglar, my first shot at it would be applying one of those
stun/shock self-defense gadgets to the ring where I'm supposed to put the
key as I exit.  This would probably do a lot to kill the electronics,
erase the records, and disable the door unless this system is ruggedly
built (opto-isolators & such).

(5) How do guests figure into this scheme?  How do they get into the
buildings?  How about delivery people and maintenance workers?
Residents who wish to visit other residents in different areas?

Possibly the best way would be to have guests sign in with a live
security guard, but it costs a lot of $$ to keep enough security guards
on duty 24 hours a day to avoid complaints that guests have to walk a
long distance.  If you have all these guards, why have an automated
door system?  One guard on duty during daytime hours could probably
handle the building maintenance people and much of the package
delivery.

If residents have to come to a door to let their guests in, then you
will have a lot of cases where the resident comes to the door, opens
it, generating an exit event, does not exit, and lets the guests in,
unless you do something to prevent it.  You don't know who the guests
are, and you don't know that ANYONE entered.  You might get a hint that
the resident didn't exit when the key is used again to enter an
individual building from the courtyard, and the key isn't supposed to
be in the courtyard.  Then again, maybe they realized while finding the
key that they forgot the car keys.

Guests are likely to try and follow residents with keys through the
door.  Some residents may be polite and cooperate.  Some residents may
be intimidated or conned into cooperating (without the guest even
realizing he's doing so - just having the build of a football player
can be intimidating to a "little old lady") but not so intimidated
they'd even consider it something worth reporting.  The friendly "pizza
delivery" burglar might not be remembered by the person who let them
in.

Doors that only let one person through at a time are going to be rather
difficult for the handicapped to negotiate and may make getting
furniture in and out nearly impossible.

You should have a policy that makes it easy for residents to get guest
keys for longer-term (days to weeks) guests without a lot of hassle or
deposits.  This makes them easier to track.  The key can also be set up
to expire when it's issued.

(6) How many individual residences are there in a secured area?

The system doesn't help much if one building contains 50 residences,
one of them is a thief, and the time of the crime isn't pinned down
much (e.g. known within 24 hours, not better) so someone from most of
the residences could have done it.  There will probably be a few guests
and delivery people as suspects, too.  It's much more helpful if one
secured floor contains 3 residences.  From the figures of 250
residences and 40 doors, there can't be less than an average of 6
residences per secure area.  Fire laws (more than one exit per area)
probably raise this to 12.

It's also important to realize that keys don't correspond to people,
and you don't have a list of all people in an area at a given time.

- Not everyone has a key.  Do you want an 8-year-old to have his own
  key?  Probably not (he may lose it often), but he will need one at 
  times to get from the car to the apartment to help unload groceries.
  Then again, maybe he needs it to get in when he comes home on the
  school bus.
- Not everyone needs a key.  Grandma Smith doesn't have a key because 
  she moved in before the lock system was installed, she can't walk very
  well, and if she leaves she will probably leave in an ambulance or 
  coroner's wagon and never come back.  She's not beyond throwing rocks
  at nearby apartments having a loud party, though.  Her daughter
  (not an official resident but she stays overnight often, and has Grandma's
  key, and this may NOT be reflected in the records) brings her what she needs.
  Short-term guests don't need their own keys.
- People lend keys, regardless of how much you tell them not to.
- Multiple keys in a household get mixed up with each other.

In short, you've got a logging system that can accuse a RESIDENT of a
burglary, but it can't accuse an outsider or really even prove an
outsider was there.  There are so many ways for someone supposedly not
there to be there that it's a joke.  Fixing these will result in
complaints from residents that the system is inconvenient and
draconian.  If you keep this information, it WILL manage to get into
the hands of divorce lawyers by subpoena.  The police, not familiar
with all the holes in the system, will accuse a resident of a burglary
or vandalism done by an outsider.

Is keeping these records worth the risk?  Or is it like hiring a cop
to hang around and use a radar gun to enforce the speed limit in your
driveway?  YOU are going to be the one caught the most.

--
Gordon L. Burditt
sneaky.lonestar.org!gordon


------------------------------

From: sgs@access.digex.net (Steve Smith)
Date: 04 Oct 1994 19:44:16 -0400
Subject: Re: Eastwood Door Problem
Organization: Agincourt Computing

    Prof. L. P. Levine <levine@blatz.cs.uwm.edu> wrote: A condominium,
    let's call it Eastwood, is planning to electrify the outside
    locking of its door system.  What will be installed is electrical
    latches controlled by computers  ....  If the key number is in the
    list, the door opens and the key number, the time of entry and date
    are recorded in the computer RAM.  The entry data can be copied
    into a desktop microcomputer from time to time allowing it to be
    held for any period desired.  A good question might be asked.  "How
    long should the data be kept, who should be allowed to see it
    before it is deleted, and under what conditions should the data be
    made available?"

Interesting discussion.  The question is "how long should data be
kept?", but the problem is "is there any use for the stored data?".

Note that the only data that will be stored is the dates and times that
authorized users went through their own doors.  A thief will not use a
key -- he will wait until service or delivery people block an outer
door open, and then break the lock on the inner door.  A vandal will
not use a key -- vandalizing one's own property is not a popular
activity.  Keeping a log at all will only give a target to potential
burglars, stalkers, jealous spouses, and others that we're presumably
not going out of our way to help.

In the case of a lost or stolen key, the resident should notify the
manager *immediately*, and the manager should *immediately* void the
key.  If his apartment is robbed, we will already be able to figure out
the time to a reasonable degree of accuracy.

If someone is going away for more than a couple of days, they should
notify the manager.  This is normal practice anyway.

The only use that I see for the stored data is in the case of a
building superintendent who was a thief.  (Been there, done that, no
fun. (:-)  A smart thief could figure out how to tamper with the
record.  Fortunately, most thieves aren't smart.

So the recommendations that I would make are:

1.  No logging at all of residents' keys.
2.  Log all uses of master keys.  Keep the logs indefinitely.
3.  If a resident has told the management that he or she is going away,
    sound an alarm on any entry using a key registered to that resident
    -- it will probably be a lost or stolen key.

There's also the problem of what happens when the power goes down or
the locking system goes out for another reason.  Choices -- fail
unlocked or fail locked.  Both are disasters.

-- 
Steve Smith                     Agincourt Computing
sgs@access.digex.net            (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 26 Sep 1994 12:45:51 -0500 (CDT)
Subject: Info on CPD, Contributions, Subscriptions, FTP, etc.
Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa.  The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.

If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution.  As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute.  If you
do so, it is best to modify the "Subject:" line of your mailing.

Contributions generally are acknowledged within 24 hours of
submission.  An article is printed if it is relevant to the charter of
the digest.  If selected, it is printed within two or three days.  The
moderator reserves the right to delete extraneous quoted material.  He
may change the subject line of an article in order to make it easier
for the reader to follow a discussion.  He will not, however, alter or
edit or append to the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite.  The archives
are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.

Mosaic users will find it at gopher://gopher.cs.uwm.edu.

Older archives are also held at ftp.pica.army.mil [129.139.160.133].

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Mosaic:        gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V5 #044
******************************
.