Date: Thu, 12 Jan 95 14:36:52 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#005
Computer Privacy Digest Thu, 12 Jan 95 Volume 6 : Issue: 005
Today's Topics: Moderator: Leonard P. Levine
Re: Signature Digitizers
Re: Signature Digitizers
Re: Signature Digitizers
Re: Signature Digitizers
Re: CallerID Opinion
Re: Opening Mail
CallerID is Here, Get Used to It.
Electronic Newsstand Solicitations
Ethics Essay Competition
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: rod@hopi.dtcc.edu (Rod Rickenbach)
Date: 10 Jan 1995 11:22:51 -0500
Subject: Re: Signature Digitizers
Organization: Delaware Technical & Community College
mcdunbar <mcdunbar@crems.rockwell.com> wrote: On another subject...
I called the local cable company to get service installed. They
wanted my SSN. When I asked why, I was told thay needed to verify
who I was. When I told them they didn't need my SSN, they backed
down and hooked up my service anyway. What on earth do they need
the SSN for??
They use the SSN for account tracking purposes. I used to do
collections for a cable company, which used a "CableData" computer
system. Nothing too fancy- basically a large database. Anyway, they
check the SSN to see if you had any previous accounts that owe or are
owed money. They don't go and check your credit history or anything
like that (at least not where I used to work.)
--
--------------------------------------------------------------
Rod Rickenbach Delaware Tech Computer Services
rod@dtcc.edu Stanton/Wilmington Campus
------------------------------
From: "David C. Frier" <duvie@digex.com>
Date: 10 Jan 1995 14:26:28 -0500
Subject: Re: Signature Digitizers
Organization: Express Access Online Communications, USA
On 9 Jan 1995, mcdunbar wrote: On another subject... I called the
local cable company to get service installed. They wanted my SSN.
When I asked why, I was told thay needed to verify who I was. When
I told them they didn't need my SSN, they backed down and hooked up
my service anyway. What on earth do they need the SSN for??
They'll use it as a quick & dirty ID/security check if you call to
order new services or pay-per-view events. You request something that
costs extra, they ask you for your SSN, if they match you get what you
wanted.
Not very secure but probably better than nothing. Any ideas what would
be better (and the proto-human clerkoids who answer the phone for the
cable companies must be able to operate the system)? You could
probably give them a made-up 9-digit sequence as long as you're sure
you'd remember it when you needed it.
--David GB/CM
Life is complex: d++(-) H-
part real, s+:+ g+ p+ w+
part imaginary. a37 v++ C+++$ N++
------------------------------
From: cfarley@trex.smoky.ccsd.k12.co.us (Chris Farley)
Date: 10 Jan 1995 13:22:18 -0700
Subject: Re: Signature Digitizers
Organization: Smoky Hill High School
On 7 Jan 1995 Moodperson@aol.com wrote about having his signature
digitized as part of the process of opening a Sears charge
account.
"David C. Frier" <duvie@digex.com> wrote: In Maryland now, when you
obtain or renew your driver's license, your signature is digitized
and stored. The process involves your signing your name on a 3x5
card which is fixed over a tablet. The 3x5 card....
Colorado's Department of Motor Vehicles has a similar system in use.
Like David wrote, I too would be interested in finding out exactly what
the DMV has on me. Its a big matter of speculation....
--
Chris Farley
cfarley@trex.smoky.ccsd.k12.edu
------------------------------
From: hsd@swl.msd.ray.com (Herbert DaSilva {75303})
Date: 11 Jan 1995 18:19:12 GMT
Subject: Re: Signature Digitizers
Organization: Raytheon Company, Tewksbury, MA
mcdunbar@crems.rockwell.com (mcdunbar) writes: I made a purchase at
a Sears store yesterday using a non-Sears credit card. When I
refused to sign the receipt on the digitizing pad, I was also told
it was to prevent forgery. When I asked for a manager, the clerk
immediately relented and let me sign the paper receipt. The cleck
explained that the signature was "only going into the computer" and
that Sears would never do anything bad with it.
I confronted a Sears employee when asked to sign on the tablet and was
told that Sears was now "paperless" on charges - the store keeps no
paper record of the transaction (which apparently was true, the printer
only printed one receipt - mine, instead of the two copies that have
become the norm), and to combat EMPLOYEE fraud they want the customer's
signature. I told him I was uncomfortable giving my signature, and
that my initials were as far as I would go. He didn't have a problem
with that, and seemed to be aware of the issues. Ever since, I have
simply initialed Sears charge slips and have not been questioned...
On another subject... I called the local cable company to get
service installed. They wanted my SSN. When I asked why, I was
told thay needed to verify who I was. When I told them they didn't
need my SSN, they backed down and hooked up my service anyway.
What on earth do they need the SSN for??
I was told they wanted to "check my credit". This I believe, they
simply want to make sure that you will pay your bill - that they won't
have any bill collection hassles. (I ended up not giving them my SSN,
and not getting cable anyway, but that's another story...)
--
Herb DaSilva
hsd@swl.msd.ray.com
------------------------------
From: doug@cc.ysu.edu (Doug Sewell)
Date: 09 Jan 1995 15:13:41 -0500
Subject: Re: CallerID Opinion
Organization: Youngstown State University
Don Skidmore (dskidmo@halcyon.com) wrote: Looks like you are about
to get at least some of your wish. Effective in April, new FCC regs
will require passing Caller-ID info long distance to the extent
possible and limits call blocking to per-call blocking. Anonymous
call rejection would be a local issue. Sure wish US West would
offer it--I'd sign up in a flash.
The next best thing, currently available, is a CNID box from Sears (I
don't remember who actually makes it). It has a button on the front,
that when activated, answers all blocked calls with a voice message
like "We're sorry, this phone line does not accept calls that block
Caller ID". The phone still rings once, but it dies after that.
As for a blocked-call defeater, it's my understanding from talk in
comp.dcom.telecom.tech and other places that the CNID information is
not sent down the line from the switch if the information is blocked,
it stops there. If this is the case, then modifying a CNID box to
ignore the block bit won't do it. It's hard to tell whether this offer
is a scam, or technological ignorance, or based on an old CNID spec.
--
Doug Sewell (doug@cc.ysu.edu) (http://cc.ysu.edu/doug)
de-moc-ra-cy (di mok' ra see) n. Three wolves and a sheep voting on what's
for dinner -- Bill Gunshannon, bill@cs.uofs.edu
------------------------------
From: travis@netrix.com (Travis Low)
Date: 11 Jan 1995 01:16:44 GMT
Subject: Re: Opening Mail
Organization: Netrix Corporation
ddg@cci.com (D. Dale Gulledge) writes: It is not the offer arriving
in the mail that is an invasion of privacy. The personal
information that they are using for their mailing lists is.
It is also the *pile* of offers that are an invasion of privacy. I get
6" of mail per day, since my way-deceased father was a direct
marketer's dream. All attempts to stop the flow of junk mail have
failed. The information is repropagated within weeks. (Though the
datum that my father and his wife are dead seems to perpetually escape
the mail houses.) The next time I move, I will change all of my credit
cards and I will not file a change of address with the post office.
I can get an unlisted phone number and distribute it in a controlled
fashion. Why not my address? I believe I should have the option to
refuse all direct mail marketing.
A correction to an earlier post: I believe the post office does not
get any taxpayer dollars, but rather, its income derives only from user
fees (stamps, etc.). In fact, I believe that junk mail subsidizes
first class mail. If this is so, then the post office has scant
motivation to stem this tide.
--
Travis
travis@netrix.com
------------------------------
From: Panopticon@oubliette.COM (Eric Shook)
Date: 11 Jan 95 04:30:03 CST
Subject: CallerID is Here, Get Used to It.
I always like to think backward to this moment as if looking at it from
the near future, after the dust has fallen. For example, we would have
never thought that all of those "rad" 60's groups would later sound so
old fashioned, slow, and similar to the 50's and even the 40's music,
right? But we could have guessed it because it fit a cyclic
pattern...we knew that our grandparents thought that all of that
crooning was "hep." Why shouldn't we have expected that folk tunes,
beach boys and some guy named Country Joe would begin to sound equally
as old? Eventually some of us do begin to accept the fact that we are
much more contemporary than right now.
I'm talking about being slightly jaded. Not apathetic, just weary of
the CallerID arguments that _seem_ so pertinent right now.
Look at CallerID after we figure out how best to satisfy all parties to
the argument: Right now it would seem that any one phone number can be
virtually seen as an electronic address. This is because some
businesses depend on that number to remain unchanged so that they may
advertise its accessability in a consistent manner; and although the
business may move, the phone company still provides that calls from
that number are forwarded to their new number. Similar residential
services are not YET provided in the residential billing scheme (that I
know of.) So, given the the costs involved with number change we can
effectively argue that a current phone number is indeed an electronic
identity.
But, we should expect the communications companies to introduce an even
more new, and perhaps an even more controversial element into the wire
medium after CID, because they make money from the controversy of all
new tech regardless of its end use, after it is adapted, admitted, and
finally accepted. Instead of acting so astonished over each new breech
of our "regular" existence, as if we were being raped by the new, we
should really take control of our senses and accept that we must always
set boundries which define our personal identity. We've always had to
set and maintain these boundries, and in this electronic "frontier" our
government's recent clipper chip attempt should really serve as a hint
at the reality of the medium.....there can be no certain security. Why
would the government attempt to create a standard if not to stagnate
the constant innovation that is permissible within the electronic,
information based realm of communications technology? This is a
plastic medium.
So, If I had to guess what new service would appear next, like a trump
card entering play, it would have to be transient address services.
Phone numbers will become more and more liquid to change as the phone
companies update their equipment. Even after the CID begins to display
all of the alpha-info, wouldn't even some of the more paranoid still
pick up a call from a company with a government agency sounding name? A
poor example: in Milwaukee, CIA (motors). If we had more levels of ID
hooked to a set of numbers, wouldn't that be convenient? And really,
there is no such thing as a phone number that is secret unless you make
certain that everyone you've given your number out to is as paranoid as
yourself. (Your neighbors are likely to have your unlisted number, and
they are identifiable in reverse directories.) But, if you had several
numbers you could always reserve just one of your numbers to switch to
in an emergency, or to be called by someone only in an emergency....in
which case it could be set to ring like an elephant! Of course, the
best anonymity is to call using a number out of use this last year
which also was registered under the name of your son, or some false
company name.
You cannot EVER be certain who is calling. You will not always be able
to block AND call if you expect an answer. You will always have to make
choices, and you won't always have an electronic device to
automatically make them for you. You will be affected by every
technological advance in the the communications market, and you will
need to become aware of every opportunity for your identity to be
excerpted. Of course, the secret is that the world has always been like
this...an insecure place for the individual identity. To create and
maintain a self, to live we must be conscious of our environment.
If there is anything the cold war should have taught us its that there
is no security, even electronic cryptographic security, without human
vigilance.
--
Eric Shook, LPD Panopticon Investigative Services Milwaukee, WI
Voice/DATA/Fax: (414) 372-6418 E-mail: Panopticon@Oubliette.COM
------------------------------
From: ae277@yfn.ysu.edu (Stewart Rowe)
Date: 11 Jan 1995 22:31:15 GMT
Subject: Electronic Newsstand Solicitations
Organization: St. Elizabeth Hospital, Youngstown, OH
Several times in the last few months I have received mail solicitations
at my home address to subscribe to certain magazines. In many cases,
these magazines are so different from those I usually read that I think
it unlikely that my current mags are selling subscriber lists.
However, on rethinking this puzzle, I noted that many if not all of
these inquiries came from magazines whose articles I had downloaded
from the "Electronic Newsstand". The sysadmin at my Freenet says
"impossible" that a remote system could get my address from his system.
On this Freenet I usually use (s)ave on the gopher to get the article.
However, I sometime use gophers on other systems, which do not permit
(s)ave but do permit (m)ail. In that case, the originating system could
capture my e-mail address, and the other system where I was logged-on
could be selling myname and address.
I have some experiments underway to see if I can identif the leak. Has
anyone else had this experience?
--
Stewart Rowe srowe@tso.uc.edu
------------------------------
From: Simon Rogerson <srog@de-montfort.ac.uk>
Date: 12 Jan 1995 13:54:57 +0000 (GMT)
Subject: Ethics Essay Competition
Ethics Essay Competition for Doctoral Students
----------------------------------------------
Please bring this notice to the attention of all doctoral students.
A major international conference, ETHICOMP95, is to be held at De
Montfort University, UK from 28 March to 30 March. ETHICOMP95 will
focus on the ethical issues surrounding Information Technology. It will
provide an excellent forum for stimulating debate on the key issues
relating to both the development and use of Information Technology and
Information Systems.
A limited number of sponsored places is available for doctoral students
working in this and associated areas. Places will be awarded through
competition.
The Prize comprises
-------------------
** Free attendance at ETHICOMP95 (including lunches and the
conference dinner)
** Copy of the conference proceedings
** 3 nights bed and breakfast accommodation
** Inclusion of the essay in the conference proceedings
** Acting as a discussion leader at a special workshop based on
the winning entries
Sponsors
________
The conference organisers gratefully acknowledge
Institute of Administrative Management
Institute of Data Processing Management
Pitman Publishing
for kindly sponsoring this competition.
Competition details
-------------------
An essay of no more than 1000 words is required addressing the issue of
future ethical dilemmas in the application of computer technology.
Essays must be submitted to Simon Rogerson via e-mail (srog@dmu.ac.uk)
no later than 15 February. A submission should comprise
Author's Name, Title
Doctoral Title
Department, Institution, Country
Name and Affiliation of Supervisor
Essay Title
The Essay (no more than 1000 words)
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #005
******************************
.