Date: Wed, 30 Nov 94 14:50:59 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#068
Computer Privacy Digest Wed, 30 Nov 94 Volume 5 : Issue: 068
Today's Topics: Moderator: Leonard P. Levine
Happy Anniversary
DC Metro Smart Cards
Re: DMV Records
Re: DMV Records
Re: DMV Records
Re: Clarifying answers to TEN QUESTIONS
Re: Clarifying answers to TEN QUESTIONS
Re: Clarifying answers to TEN QUESTIONS
Requesting Information about Computerbanking
Re: Mother's Maiden Name
List of Speakers: Privacy Conference
Info on CPD, (unchanged since 11/28/94)
----------------------------------------------------------------------
From: "Dennis G. Rears" <drears@Pica.Army.Mil>
Date: 28 Nov 94 15:00:47 EST
Subject: Happy Anniversary
December 2 will mark the one year anniversary of Prof. Levine taking
over the Computer Privacy Digest. I would like to thank him for doing
an outstanding job over the last year. He took over on rather quick
notice and made several enhancements to the Digest. I think all your
readers appreciate the work you have done. Congratulations on a job
weel done.
--
dennis
------------------------------
From: Dave Moore <davem@garnet.spawar.navy.mil>
Date: 28 Nov 1994 14:06:14 -0500 (EST)
Subject: DC Metro Smart Cards
I saw an interesting article in yesterdays (27 Nov. 94) Washington
Post. It was an article on the planned introduction of a Smart Card
for using the DC Metro. That's the local subway for those few people
in the world that don't live near DC <G>.
There were several aspects about this smart card that caught my
interest.
The article stated that the card only needed to be brought within about
14 inches of the reader, thus allowing the user to keep it within his
or her purse or wallet. I infer from this that it is an RF reader and
not optical.
It also stated that it was far more secure than a standard fare card
because if you lost it, you could report it stolen and have it
disabled. I infer from this that your personal ID is tied to the card
and that it is not anonymous.
Although it may not be intended, this automatically gives the ability
to track your personal use of the subway. Granted that this is pretty
benign for most people, it is nevertheless interesting.
Other possibilities present themselves. Since the "scan" of the card
is non-contact and not optical, the possibility exists of covertly
scanning from other locations. What if stores added a smart card
detector to their current theft detectors?
The other thing that struck me is that they (Metro Authority) plan on
charging a "Premium" for the card. A discount I could understand to
encourage its use, but why would anyone want to pay extra for this
thing?
------------------------------
From: bcn@world.std.com (Barry C Nelson)
Date: 29 Nov 1994 08:00:04 GMT
Subject: Re: DMV Records
Organization: The World Public Access UNIX, Brookline, MA
John Medeiros <71604.710@compuserve.com> wrote: The following
article was printed in the "Orange County Register", Tuesday,
November 22, 1994, news section, page 2: Car-rental firms checking
on drivers [...] rental-car companies are taking advantage of a
California system to allow instantaneous access to drivers'
records. [...]
The recently enacted Violent Crime Act changes the federal law with
regard to granting access to state DMV records. Sec 300001 adds a new
chapter in Title 18 U.S.C., Chapter 123, Section 2721 (a): "Except as
provided in subsection (b) a State department of motor vehicles and any
officer, employee, or contractor thereof, shall not knowingly disclose
or otherwise make available to any person or entity personal
information about any individual obtained by the department in
connection with a motor vehicle record."
Interestingly, "personal information" does not include information on
vehicle accidents, violations or driver's status or zip code.
Of course, one of the exceptions is for "legitimate" business use to
verify personal information submitted by the individual, and another
allows disclosure if the requester demonstrates written consent by the
individual. Also, State law may authorize any other use related to
motor vehicle operation or public safety. Effective 9/97. There are
criminal and civil penalties for violations. $5,000 per day for a state
found in violation.
Should be interesting to see how states are going to deal with this
one.
--
BCNelson
------------------------------
From: "Richard Schroeppel" <rcs@cs.arizona.edu>
Date: 29 Nov 1994 14:41:03 MST
Subject: Re: DMV Records
Car-rental firms checking on drivers The companies turn down about
8 percent of drivers for accidents, tickets and other telltale
signs that a driver might wreck their car. More than 1 million
drivers have had their records checked in the first year of the
Department of Motor Vehicles program. Alamo, Avis, budget, Dollar,
Hertz and Thrifty rental companies are the major ones tapped into
California driver records. Enterprise and National are not.
The thing that annoyed me about this was that Budget accepted a rental
reservation over the phone, and then did the checking (weeks later)
when I showed up at the car rental desk. To my mind, accepting the
reservation implies a commitment to do business.
--
Rich Schroeppel rcs@cs.arizona.edu
------------------------------
From: John Kwiatkowski <0007152212@mcimail.com>
Date: 29 Nov 94 23:15 EST
Subject: Re: DMV Records
I have seen it mentioned here and elsewhere about DMV databases from
various state that are actually available to the public via on-line
services. However,no one has said exactly which services provide this
DMV information to subscribers. If anyone knows which services re
available out there that make these databases available,I would sure
like to know who they are and most everyone reading this Digest,I am
sure,would like to know also.ANy information is appreciated.
--
John
------------------------------
From: "(NCSA) Bob Bales" <74774.1326@compuserve.com>
Date: 29 Nov 94 13:07:36 EST
Subject: Re: Clarifying answers to TEN QUESTIONS
Professor Levine,
I see that you re-posted the RISKS article re: Ten Questions; following
is my response to the RISKS forum based on that posting. If
appropriate, would appreciate it if you would post this in your forum
as well:
-----------------------------------------------------
In Volume 16 : Issue 57, "A well-known but suitably anonymized
contributor" addresses "Clarifying answers to TEN QUESTIONS PARENTS
SHOULD ASK THEIR CHILDREN".
Let me start by offering my congratulations to the moderator of the
RISKS newsgroup. That forum makes a valuable contribution to the
community at large, and is handled in a most professional manner.
Thank you for your excellent work.
In the case at hand, however, I regret that the moderator has made an
exception to one of the established rules of that forum: "**PLEASE**
include your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted". The
article in question is a good example of why anonymous postings should
not be allowed in this forum.
The author is wrong to equate privacy with anonymity. While the two
are related, they are not the same. Privacy is the principle (right,
if you will) to avoid unwanted intrusions into your life. Anonymity is
one technique for achieving that. However, the author takes this
priciple too far. For with a right such as privacy comes
responsibility. Rather than protecting his privacy, I believe that
this author is using anonymity to avoid responsibility. I believe
that this is a violation of other people's rights. Contrary to his
assertions, we _do_ have a right to know with whom we are dealing.
The hallmark of a free society is the right to openly and publicly
debate an issue. In truth, _that_ is what is missing in a closed
society. Privacy to the extreme advocated by the author is a
_response_ to tyranny, not a deterrent. In fact, if I understood Donn
Parker's speach at the NCSC in Baltimore this year, he believes that
_absolute_ privacy is actually a <threat> to freedom. [Don't want to
put words in your mouth, Donn.]
This contributor has missed the point in several other ways.
First, the work being condemned was developed by Peter Tippett, Ph.D.,
M.D., in support of the National Computer Ethics and Responsibilities
Campaign (NCERC). He developed it as a guide to help _parents_ (not
cyber-warriors) have an intelligent discussion with their
cyber-literate offspring. Although the commentary's author is
obviously cyber-literate (not to be confused with being cyber-ethical),
most parents don't have a clue about ethics in cyberspace. Rather than
disparage Dr Tippett's efforts point-by-point, the anonymous author's
time would have been much better spent offering _constructive_
criticism.
Second, I guess that this contributor has spent too much time in the
trenches with the hacker underground. The following is taken verbatim
from his article:
"Privacy through deception is not wrong. Even becoming
someone's friend by lying to them about having something in
common is not particularly wrong. Certainly giving a
salesperson a polite wrong number and address is a reasonable
privacy precaution against getting on mailing lists. It is
probably even good to lie if you think someone is stalking you
over the net. I think we have a right to lie, perhaps even a
social responsibility to do so under certain circumstances."
For a professional to make statements like that above is absurd. It is
again clear that the author advocates anonymity as a means to avoid
responsibility. What's wrong with being honest and then dealing with
the consequences of that honesty? In the case of the salesperson, why
not simply refuse to provide an address? It may generate some
feedback, even hostility, but unless you have the courage of your
convictions, you are just blowing smoke. Anonymity is also what
permits the stalker from the above quote to get away with his
anti-social behavior. I'm sure most people would defend the stalkers
"right to privacy", but what about his "right to anonymity"?
The author also states:
"I almost never get permission to look at each file I view. I
go under the assumption that I may view anything that allows
read access by me without going outside of the normal methods
in use to read files".
Does this sound familiar? This is the standard rationalization used by
hackers when they crack computer systems. Gee, I got in so it must be
OK. This represents an immature view of life and fails to acknowledge
_personal_ responsibility. Just because it's not against the law does
not make it right. Does grandma know that you think its OK to read her
diary? (Of course, only if she leaves it where you can get at it
without violating her "privacy").
I find it bizarre that a security professional would advocate anonymity
for the purpose of willful deception. He seems to think that deception
is OK and seems proud of it--although not quite proud enough to make
these off-the-wall statements on the record.
Dr. Tippett developed "TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN"
as an aid to _parents_ in dealing with the confusing world of ethics in
cyberspace. He--and supporters of the National Computer Ethics and
Responsibility Campaign--would greatly appreciate constructive
criticism which might make this document of even greater value to that
audience. However, reviews which purposely distort the basic intent of
the document are unwanted and unwarranted. When hidden under the cloak
of anonymity, such distortions are unprofessional and tasteless.
--
Bob Bales | CompuServe InfoSec Forum: GO NCSA
Natl Computer Security Assoc| Phone: 717-258-1816
10 South Courthouse Avenue | Fax: 717-243-8642
Carlisle, PA 17013 | Email: 74774.1326@compuserve.com
------------------------------
From: "Michael O'Donnell" <mod@osf.org>
Date: 30 Nov 1994 07:34:06 -0500
Subject: Re: Clarifying answers to TEN QUESTIONS
I believe that our "well-known but suitably anonymized contributor"
(WKBSAC) composed his indignant response to the Ten Questions as if
they were posed by an adult to another adult, and then tacked on the
bit about it also being applicable to children as an afterthought.
That's the only way I can imagine him missing the point so completely.
When I read WKBSAC's posting while imagining my child speaking thus to
me I find the tone contemptuous - if my child responded to me in the
manner so portrayed he'd quickly discover it to be a losing strategy.
WKBSAC's response sounds to me like the embodiment of the "Yer not the
boss of ME!" attitude.
Practically, culturally and legally, we are obliged to treat children
differently than we do adults specifically because, um, children are
NOT adults. We deny children various adult privileges (driving,
voting, weapons, sex, alcohol, etc) because they do not yet have the
experience or intellectual faculties required to evaluate critical
situations with the perspective likely to result in correct (or even
survivable) decisions. A fundamental tension of growing up, for both
parent and child, involves finding a balance between the parent's
responsibility and the child's quest for autonomy - a moving target if
ever there was one.
Even though I am bothered by some of the phrasing and assumptions
illustrated in the Ten Questions, the intent is right on target - it
definitely falls to the parent to be aware of the child's actions and
the consequent risks, in order that some course-correction be applied
when necessary. The child's "right" (a questionable notion, at best)
to privacy is subordinate to the parent's responsibility for the child,
which will inevitably involve some monitoring of the child's actions.
So, the point missed by WKBSAC is the fact that, to a degree which
diminishes with time, I *am* the boss of my child...
--
Regards,
---------------------------------------------
Michael O'Donnell mod@osf.org/mod@std.com
---------------------------------------------
------------------------------
From: geoff@ficus.CS.UCLA.EDU (Geoff Kuenning)
Date: 29 Nov 1994 23:22:36 GMT
Subject: Re: Clarifying answers to TEN QUESTIONS
Organization: Ficus Research Project, UCLA Computer Science Department
Rarely have I seen a net posting that so consistently engages in
deliberate misinterpretation in an attempt to invalidate the original
poster's very good point.
I will point out that the anonymous poster of these "clarifying
answers" (I'd call them muddying answers) is obviously an adult, and is
answering as one. This is an inappropriate response to questions that
were explicitly titled as being parent-to-child.
In the following, I will speak as if I were a parent, replying to my
son Joey's rather snotty answers to my questions. I use the term
"snotty" advisedly, because that is the tone of the anonymous poster's
comments.
Where are the manuals, boxes, license agreements for the programs
you have or use? They don't have manuals or boxes. Should I not
use them?
We'll take that on a case-by-case basis, Joey. For example, what about
this game you were playing, Flight Simulator. Does it have a manual or
a box? There's nothing wrong with using a program without a box, so
long as it's not stolen. Lack of a manual is one clue that I should
dig a bit deeper, with the following questions.
Where did you get that game? (program?, floppy?, software?) Usually
over the net - how do I tell if it's legitimate?
There are a number of ways. For example, can the same game be found at
the computer store in the mall where you're always hanging out? Are
there obvious copyright messages?
When programs first start running on your computer, whose name
comes on the screen as the "owner" or "licensed-to." Very few have
this feature.
Fine. What about those "very few"? You didn't answer my question,
Joey. Show me all the ones that *do* have the feature. Now.
Did you write/create/author what you're passing off as your own
work? I resent the use of 'passing off'. Almost all modern works
are collaborative in nature - the selection of citations is not a
trivial issue. Where did you get these questions? Are you passing
off some of it as your work when in fact others first came up with
some of these ideas? Where are your citations?
Don't talk back to me, young man. I got these questions from a
suggested list intended to help parents be aware of possible
intellectual-property violations by their children. I am fully aware
of the nature and difficulty of citations in scholarly works,
especially in fields such as history. If you want to see the original
list of questions, I will happily show it to you, complete with news
headers that identify the source. But we're talking about *you* here,
not me. Have you submitted any school papers as your own work when in
fact you got them from a bulletin board? Or by copying them from the
encyclopedia? You are attempting to evade the answer to what is a
legitimate question: are you or are you not a plagiarist? If there is
a gray area to discuss, fine, we'll discuss it when it arises.
Where did you get the text and images you're using? Many of them
come from on-line sources. Does that make them legitimate or
illegitimate?
Again, we'll take this on a case-by-case basis. Being on-line doesn't
give us a clue as to legitimacy. Which on-line source did they come
from? If it was alt.sex.pictures, did the poster explicitly state the
source of the image? If not, I'd assume it was pirated from Playboy or
a similar publication. For alt.binaries.pictures.girlfriends, on the
other hand, I'd tend to assume the poster was legitimate unless he/she
stated otherwise.
If you copied text and images from another source, did you have
permission? Rarely - in most cases, fair use allows you to use them
without getting formal permission. Kind of like these questions of
yours.
Not true. You need to study up on copyright law, son, as well as on
manners. Fair use allows you to photocopy and scan in pictures from an
issue of a magazine, probably even if you borrowed the issue from a
friend. It does not allow someone else to scan in the picture and post
it to the net, and although there has never been a court case, it
probably does not allow you to make a copy of an illegally-posted
picture, since that would be derivative of an *unfair* use. And until
there is a court case to the contrary, I will take a very dim view of
such use.
If you didn't need permission from the "owners" of the information
you're using, did you credit them for the material? Only if I
republish it. I have lots of on-line information without citations
attached to it. But I see the author of this questionnaire thinks
it's legitimate to do this without citation. I guess I should stop
giving as much credit where due as I do.
You're getting awfully snotty again, Joey. It should be obvious from
the question that we are talking here about information you are
redistributing, rather than that which you have archived. And again
you are trying to turn the questioning from yourself by pointing
fingers elsewhere and acting holier-than-thou. Your attitude is
beginning to make me thing you have something to hide.
But if, as you say, you are giving credit whenever you republish
information, you are doing the right thing, and I'm proud of my son.
3. Do you ever use other people's computer, disk-space or
processing capability, or look at or copy their files or
information, without their knowledge or permission? I almost never
get permission to look at each file I view. I go under the
assumption that I may view anything that allows read access by me
without going outside of the normal methods in use to read files.
If it is interesting, I copy it for future reference. I hope they
do not know any details about my use. After all, I want to retain
my privacy and they should not be watching what I do.
As usual, you are attempting to avoid the question. Let me be more
explicit: have you ever logged into or otherwise used another person's
computer, without getting appropriate permission to use that computer?
"Appropriate permission" can sometimes mean being connected to a
network in a permissive way, of course; in other cases it can mean
getting a password and an account. The real question is, "have you
ever used a computer, knowing that if the owner found out, he or she
would be upset?"
As to reading files, you need to learn some electronic manners, Joey.
On timeshared and networked computers, there are many users who do not
have the sophistication to protect their sensitive files. When you
assume that having read access to a file means it's OK to read it, you
risk invading the privacy of a naive user who thinks that everything is
automatically protected. I don't mind a bit of exploration, but I'd be
deeply troubled if you dove into a directory named "personal" and
started reading another user's love letters, simply because they were
world-readable.
Finally, as to your concern about your own privacy, I think that I
would be more impressed if you had more concern for that of others.
The owners of a computer have every right to watch what you are doing
to see whether you are misbehaving. It's part of the price you pay for
the use of their computer. That's the way the world works, Joey.
4. Do you have any prank programs, computer viruses, worms, trojan
horse programs, bombs, or other malicious software? Several
thousand of them. What's wrong with that? Don't you have some
too?
Why do you keep trying to turn the questions around, Joey? To answer
you accusation first, I have precisely two such programs. One is a
research worm that will only propagate itself to machines that have the
file "/tmp/ENABLE_WORM". The other is a research virus that will only
infect software containing the string "PLEASE INFECT ME", and then only
under many other controlled conditions. Neither of these can be
described as "malicious" or even "prank."
Joey, if you have "several thousand" pieces of malicious software, and
don't understand what's wrong with that, I think we need to sit down
and have a long discussion about personal responsibility. Until then,
I'm afraid I'll have to unplug your computer and lock it in the
closet. I will not risk allowing a son of mine to inflict malicious
software to unsuspecting victims, even if he didn't intend to, and
especially when his response is "what's wrong with that?"
Do you use bulletin boards or systems that contain these things, or
have friends or acquaintances who do? Certainly. The Internet has
lots of these things, and I use it. The telephone system is used
for abusive phone calls and I use it too. I don't really know what
my friends do when they use computers. They have privacy rights
too, and we rarely talk about what information service we use.
Always trying to defend yourself with misdirection, huh, Joey? The
"Internet" is a network, not a repository. I explicitly asked about
"systems," meaning "computer systems." Let's try it this way: do you
ever intentionally visit computers on the Internet, or bulletin boards,
that contain illegal or malicious software or files? If so, are you
being careful to avoid the "bad" stuff? Are you doing anything to try
to reduce the amount of "bad" stuff around, or to find substitute
places that are less polluted?
As to the question about your friends, I withdraw it as being
badly-phrased. Instead, let me ask whether you ever share "neat
things" you found on the net with your friends, and vice versa. If
so, what steps do you take to make sure that you are getting at those
things legally, and that they are not malicious and are not infected
with viruses?
Do you write or create any software like this or deal with people
who do? All the time. I deal with Microsoft, Lotus, and many other
companies that have widely distributed this sort of thing. I also
know and deal with individuals who have done this, and I do it all
the time. Is there something wrong with that?
Joey, I think I'm going to start calling you "the Artful Dodger." I
asked about "writing and creating," not about distribution. Microsoft
and Lotus have both accidentally distributed infected software, but
there is not one shred of evidence that either company has ever
participated in creating any malicious program whatsoever. Let's split
this up as two questions, and I want an honest yes-or-no answer, not a
snotty one. First, have you ever written or created any malicious
software? Second, do you know of any other person who has done so?
(And if so, please describe your dealings with that person. Remember
that you are my son, not a colleague and equal.)
Are they things you would be comfortable showing me? Showing your
grandmother? I would not show either you or my grandmother my
files, but it has nothing to do with embarrassment. It is called
privacy.
I didn't ask you to show them to us. I asked you whether you would be
*comfortable* showing them to us. Different question. Let me put it
this way: if you were working on them, and I walked into your room,
would your first instinct be to cover the screen? Or would you not
care that your father had stumbled across them?
Do you have any pictures, video clips, sound clips, articles, text,
or other software or files which contain pornography, violence,
dangerous instructions other distasteful material? Lots of them.
It this wrong for some reason?
In general, it's not wrong. But you are my son, and as such I am
responsible for your welfare. If you have pornographic images on your
computer, I'd like to know about it so I can better protect you from
zealots who think you shouldn't. If you have dangerous instructions,
such as how to make explosives, I'd like to discuss safety issues with
you before you try them out.
Do you access or view any of these kinds of things when using the
net? All the time. In fact, if you know of any, I would be happy
if you would forward information on them to me.
All in all, Joey, I think I'd prefer it if you could demonstrate both
better manners and a much greater sense of personal responsibility
before I would encourage you to continue on your immature path of
computer misuse.
6. Do you have any newsletters, plans, guidelines, or "how-to"
documents or files that you would not be comfortable showing to
your mother? Same answer as above. I value my privacy.
Same repeat as above. Like it or not, Joey, you are still a child, and
your privacy is not the same as that of an adult.
Making Bombs, breaking into systems, stealing telephone access,
stealing computer access, stealing passwords, pornographic or
violent text, guides, descriptions, ...... Do you create,
contribute to or receive anything like this? All the time. In
fact, the Risks Forum is one of my best sources for this
information. Should you stop making it available to me?
In something like 10 years of reading Risks, Joey, I have never once
seen instructions for making a bomb. I will grant you that
occasionally the forum contains material that reveals a system
vulnerability. But again you are deliberately misinterpreting my
question. I don't care if you read about instances of misbehavior. I
want to know whether you are engaged in misbehavior yourself, or
whether you are actively seeking out information about how to
misbehave.
7. Do you ever connect your computer to a telephone, use a modem,
or otherwise use a network? All the time.
8. Who do you associate with when you use the Net? [lots of
polemic deleted here]
Joey, you are being awfully defensive. I didn't pass judgment on your
net companions. I simply asked who they are. You may recall that last
week I asked you about your new friend Susan. I would prefer it if you
could think for yourself and make decisions about whether or not to
associate with particular individuals. Perhaps if you could give me
examples of some of your network friends, and pointed me to some of
their postings, you could demonstrate that you do indeed have that
quality of judgment. But when you go off on a wild tirade about the
inaccuracy of network identifications (which is irrelevant anyway: who
is David Sternlight really?), I hope you will forgive me for being a
bit suspicious of your motives.
9. Do you ever use an assumed name, a handle, or an alias instead
of your real name? Sure. I have asked this posting to be made
anonymously in order to allow it to be judged based on its content
rather than it's source.
Maybe we would all be better off if all postings were anonymous
(with a return address that permits response without identity).
Again, you're being defensive. There's nothing wrong with using an
alias under most circumstances. I'm just trying to get you to think a
little bit about responsibility. Or think a lot.
Do supply a false information about yourself when using a bulletin
board, a news group, a message group, or forum, any part of the
net, or when using e-mail or when otherwise communicating? At
times. Especially when bbs systems ask extensive questions about
who I am, my SSN, credit information, or other information that I
don't think they have a right to have. I have also lied when
connecting to hacker BBS systems because I don't think they have a
right to know who I am when they all use handles instead of names
anyway. I have also used telnet (25) into SMTP sites to forge
e-mail as if I were Captain Kirk from the enterprise in order to
have fun when communicating with friends. Is there something wrong
with having fun in this way, or is the Internet only for serious
work and not for having fun or playing around. If so, why are
there thousands of fun and games forums in the Internet?
Joey, I am troubled by your attitude that it is OK to forge e-mail "to
have fun." We all like to play pranks, but this sort of prank can
easily lead to trouble. Tomorrow evening, I'd like to have a
discussion with you about the ways that sort of trouble can crop up
unexpectedly, and how you can avoid it.
Do you use your real age & sex when communicating with your
computer? I rarely use either. Nobody has ever asked my sex (my
name is probably a giveaway on that one) or my age. Besides, I
think that discrimination based on age and sex are wrong, are
against the law, and that forging a sex or age in order to have
equal access is fair, reasonable, and appropriate in the network
environment.
You need to study a bit more law, Joey. It's not age discrimination
when the liquor store asks you for ID before selling you beer. And
once again, you're being defensive when you haven't been accused. If
you are asked about your age and sex, have you ever lied? If so, what
was your purpose in this lie? When I have the answers to those
questions, then we can reasonably discuss whether you were behaving
responsibly.
Do you use any false information like addresses, or phone numbers
or use someone else's credit card number when using your computer?
Yes, yes, and no respectively. Theft (by deception) is very
different than not telling someone where you live or what your
phone number is. These are privacy issues, and privacy is a very
important thing to have. Privacy through deception is not wrong.
Even becoming someone's friend by lying to them about having
something in common is not particularly wrong. Certainly giving a
salesperson a polite wrong number and address is a reasonable
privacy precaution against getting on mailing lists. It is
probably even good to lie if you think someone is stalking you over
the net. I think we have a right to lie, perhaps even a social
responsibility to do so under certain circumstances.
I'm proud of you, son. You have shown wisdom beyond your years in this
answer, by understanding that the intent of the question is to discover
whether you have harmed anyone rather than to simply pin you to the
wall and make you feel uncomfortable.
Do you ever send messages or e-mail in such a way that the
recipient cannot tell that you sent it? In what sense? I have
certainly sent e-mail that never got through - the intended
recipient didn't know I sent it. I have sent e-mail from group
accounts where the individual was not identified, but the group
was. This is quite common in customer support. I have also forged
e-mail addresses so that I could remain anonymous. Is that
supposed to be wrong?
We'll talk more about the difference between malice and "fun" tomorrow
night. Until then, I will simply note that I was talking about
deliberate actions, not accidents such as mailer failures, and that I
do not consider all anonymity inappropriate, but that it is a service
that can be abused and I would like to know more about how you have
used it.
Have you ever modified data, text, messages, or other computer
information so that it looks like someone other than you created it
or made the changes? Certainly. I had to make a change to the TeX
sources once to get them to compile right, and I used the TeX user
ID to do so in order to allow the compilation to work right.
That's not what I mean, Joey, and I suspect that you know it. The
question is whether you ever behaved in a manner that attempted to
deceive, and specifically whether the deception had a harmful effect.
What are you trying to hide by not using your real name? My
identity. It's called privacy and anonymity. It's one of the basic
principles of a free society [more polemic deleted]
Why do you want to hide your identity, Joey? Do you have a good
reason, like fear of retribution? Of prejudice? Or are you simply
using it as a cloak to keep from taking responsibility for
misbehavior?
Our society has varying degrees of anonymity. Telephones can be very
anonymous, and usually it's not a problem -- but obscene phone calls
are an exception. When you stop at the candy store, you are
effectively anonymous, unless you go there daily -- but if you steal
candy, the clerk can probably give the police a description. I don't
care if you hide your identity, Joey, as long as that's the *only*
thing you're hiding and you're not also hiding something harmful.
Are you trying to pretend you are something or someone you are not?
I have a right to be whatever I want to be. ... There is nothing
wrong with pretending, as long as you don't lie in order to take
advantage of someone else. Theft by deception requires theft.
...
Again, you show a good grasp of the underlying issues. However, I
think we need to discuss what it means to "take advantage of" someone
else. Theft is not the only way to harm someone.
> 10. Do use telephone, video, cable-TV, computer network, bulletin
> board, or other network services without paying for them?
> All the time. When I am at a friend's house and I make a phone
> call, I don't pay for it.
[polemic deleted]
Again, a deliberate misinterpretation of the question, Joey. I am
trying to find out whether you are stealing. Using a supplied
service, whether a friend's phone or the Internet, is not stealing.
So let me ask you flat out: have you ever stolen any of the above
services?
The bottom line: Are these things also true for my children? Yes, I
think they are. I hope that they learn how to do the same things I
have learned how to do in order to protect themselves from the
tyranny of the majority - or is it the vocal minority? I hope they
keep things private from me when appropriate, and if they look at
some dirty pictures once in a while, it won't greatly offend me.
Reverting from my discussion with "Joey," back to a direct reply to Mr.
Anonymous:
If your children show as weak a grasp of moral responsibility as you
show in this posting, then I wouldn't want your family for a neighbor.
Please consider that most issues of right and wrong are matters of
degree and circumstance. [polemic deleted]
And the "Ten Questions" are designed to initiate a discussion of that
right and wrong, not to imply that certain yes-or-no answers are in and
of themselves right or wrong. I suspect that Mr. Anonymous actually
understands this, and is engaging in deliberate misinterpretation and
overstatement because that is his fashion. I also suspect that he is
indeed a "well-known contributor" to the net but that his fame is more
due to inflammatory style than useful substance.
--
Geoff Kuenning g.kuenning@ieee.org geoff@ITcorp.com
------------------------------
From: A.A.J.vdnBeemt@kub.nl (BEEMT A.A.J.VAN DEN)
Date: 29 Nov 1994 20:22 MET
Subject: Requesting Information about Computerbanking
Organization: Tilburg University / The Netherlands
Hello,
I am looking for information on the limits to the computerisation of
banking. I need this to write a masters thesis on this topic.
In the thesis, I want to present the whole thing from the consumers
point of view. This means: does (s)he want yet another PIN-code,
another smart card or just plain cash.
I am looking for scientific work on this topic.
Please help me out. Thanks at forehand for responding!
--
Antoine
e-mail: tallguy@dds.dds.nl
a.a.j.vdnbeemt@kub.nl j.h.g.arends@kub.nl
------------------------------
From: Barry Margolin <barmar@nic.near.net>
Date: 29 Nov 1994 14:59:27 -0500
Subject: Re: Mother's Maiden Name
Organization: NEARnet, Cambridge, MA
Robert Ellis Smith <0005101719@mcimail.com> writes: What good is a
personal password that can be bought and sold in the marketplace by
strangers? And isn't it a deception for banks and others to imply
that a mother's maiden name is some kind of secure password?
I suspect that most people who don't realize how insecure this password
scheme is are also not clever enough to try giving something other than
their mother's true maiden name. But in that case they should realize
that it's not extremely secret information.
No one claims that mother's maiden name is a secure authentication
mechanism. It's good for protecting against many amateur impersonation
attempts, such as pickpockets who try to use your credit cards.
Probably one of the better methods is American Express's. If they
notice a shift in your purchasing style they'll ask the merchant to put
you on the line, and they ask you for recent purchases prior to the
style change.
--
Barry Margolin
BBN Internet Services Corp.
barmar@near.net
------------------------------
From: vberdaye@magnus.acs.ohio-state.edu (Vicente Berdayes)
Date: 29 Nov 1994 03:07:19 GMT
Subject: List of Speakers: Privacy Conference
Organization: The Ohio State University
PRIVACY, THE INFORMATION INFRASTRUCTURE
AND HEALTHCARE REFORM
A One Day Symposium
presented by
The Center for Advanced Study
in Telecommunications
&
The National Regulatory Research Institute
at The Ohio State University
Co-sponsored by
Department of Communication,
The Ohio State University Hospitals
&
The Ohio Supercomputer Center
at The Ohio State University
Friday, January 27, 1995
The Ohio State University's Ohio Union
1739 N High Street, Columbus, Ohio 43210
LIST OF CONFIRMED SPEAKERS:
Robert Belair. Mr. Belair is Editor of Privacy and American Business and CEO
of Privacy and Legislative Associates, a legal and policy consulting firm.
Prior to entering private practice Mr. Belair served as an attorney for the
Federal Trade Commission assigned to, among other things, Fair Credit
Reporting Act matters. Mr. Belair later served as Deputy counsel of the White
House Office on the Right of Privacy. He has served as a legal consultant on
privacy, freedom of information and information policy matters to numerous
government agencies and commissions and was lead amicus counsel in the
Supreme Court's 1989 landmark privacy and freedom of information decision,
Reporters Committee for Freedom of the Press v. Department of Justice.
Janlori Goldman, is Director of the Privacy and Technology Project of the
Electronic Frontier Foundation. Ms. Goldman is a member of the Committee on
Regional Health Data Networks of the Institute of Medicine. Formerly Director
of the Project on Privacy and Technology at the American Civil Liberties
Union, she is involved in current efforts to pass healthcare record privacy
legislation. Prior to joining the Washington Office of the ACLU, Ms. Goldman
was Legal Counsel to the Minnesota ACLU.
Mary Gardiner Jones, formerly with the Federal Trade Commission, Ms. Jones is
President of the Consumer Interest Research Institute. She is an expert on
medical records privacy and telemedicine issues and is co-author of 21st
Century Learning and Health Care in the Home: Creating a National
Telecommunications Network.
Pierrot Peladeau, Vice-president of the Canadian information security
consulting and audit firm, Societe Progestacces and member of the expert
committee advising the Canadian government on the privacy issues related to
the Canadian information superhighway initiative. Mr. Peladeau has written
extensively on both telecommunication and healthcare related privacy issues,
and is recognized as the leading expert on the comprehensive data protection
law recently enacted in Quebec.
Jeffrey Ritter, Program Director of the Electronic Commerce, Law, and
Information Policy Strategies Initiative of the Ohio Supercomputer Center.
Formerly a partner of Vorys, Sater, Seymour & Pease. Mr. Ritter serves as
Rapporteur on Legal Questions for the United Nations Working Party on
Facilitation of International Trade Procedures, and has worked extensively on
issues of electronic data interchange pertaining to health delivery systems.
Mr. Ritter is Chair of the American Bar Association Subcommittee on electronic
Commercial Practices.
James Rule, Professor of Sociology, State University of New York, Stony Brook,
NY. Professor Rule is author of The Politics of Privacy (with D. McAdam, L.
Stearns, & D. Uglow) and Private Lives and Public Surveillance. Recipient of
the C. Wright Mills Award; Rockefeller Foundation Humanities Fellow;
Guggenheim Fellow, and Member of the School of Social Science, Institute for
Advanced Study, Princeton. Professor Rule is currently working on property
rights based solutions to privacy problems.
Bruce Schneier. Mr. Schneier is with Counterpane Systems, a Chicago area
cryptography consulting firm. He is best known as the author of Applied
Cryptography (John Wiley, 1994). This book has been held unexportable in
diskette form for national security reasons. His next book on electronic-mail
privacy will be released in December. Mr. Schneier is currently working on a
book with David Banisar of the Electronic Privacy Information Center on
cryptographic privacy policy.
REGISTER NOW!
Conference fee is $100.00 including meals and materials
Direct registration fee and inquiries to:
CAST/OSU
3016 Derby Hall/154 N. Oval Mall
Columbus, OH 43210-1339
PH: 614/292-8444
FAX: 614/292-2055
General Inquiries should be directed to:
Vicente Berdayes
Conference Coordinator
614/292-0080
E-Mail: vberdaye@magnus.acs.ohio-state.edu
Register now by printing the following form and mailing it along
with the registration fee of $100 to:
CAST, 3016 Derby Hall, 154 N. Oval Mall, Columbus, OH 43210-1339.
Phone 614-292-8444. FAX 292-2055.
For further information, parking, directions, lodging, or bus
schedules, contact the CAST office.
Name:
Affiliation:
Address:
Phone:
E-Mail:
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Nov 1994 08:46:14 -0600 (CST)
Subject: Info on CPD, (unchanged since 11/28/94)
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions generally are acknowledged within 24 hours of
submission. An article is printed if it is relevant to the charter of
the digest and is not redundant or insulting. If selected, it is
printed within two or three days. The moderator reserves the right to
delete extraneous quoted material. He may change the subject line of
an article in order to make it easier for the reader to follow a
discussion. He will not, however, alter or edit or append to the text
except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #068
******************************
.