Date: Fri, 02 Jun 95 18:50:42 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#050
Computer Privacy Digest Fri, 02 Jun 95 Volume 6 : Issue: 050
Today's Topics: Moderator: Leonard P. Levine
Visual Recognition Systems
UK Identity Cards & Smart Cards
Re: CIBC and Royal Bank to do MONDEX pilot
Credit Cards in Grocery Stores
The Microsoft Win95 Virus - update
Text Filter for the Very Good
Anti-abortion Constable Charged with Offence
Sending VISA Card Details by e-Mail (follow-up)
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 29 May 95 21:05:15 EDT
Subject: Visual Recognition Systems
The following was reported in stories by Elisa Williams in the Orange
County Register on May 14, 1995, Section 4:
University of California (USC) is developing a facial recognition
program called Eidos (from the Greek for "essence"). The program is
designed to key in on approximately 45 landmarks on the human face.
According to Michael J. Lyons, a research assistant professor at USC,
the program concentrates on the area around the eyes because that area
is least likely to change. In addition the program differentiates by
sking texture and presence of facial hair. It identifies the face by
comparing the landmarks with the faces in it's gallery (database). The
system is more accurate when given multiple images of the same face to
compare. Like a fingerprint identification system, the program calls
up the faces of the nearest matches.
Massachusetts Institute of Technology (MIT) is working on a competing
system called Photobook. Taking a different approach, the MIT system
works with information about an average face and then uses complex
calculations to compare the average face to the face being examined.
Their system is most successful when working with images of the same
size and the same viewpoint.
The third competitor is TrueFace from Miros, a Massachussetts based
company. Miros uses neural network algorithms. Basically, the
computer learns a face by examining it repeatedly. The computer
generates a compressed image of the face which it stores as a a
reference. Of the three competing systems, Miros is billed as being
able to run successfully on existing desktop PCs.
The systems are being sought by both governmental entities such as
Department of Motor Vehicles and by industry. At this time, the
programs are most successful at verification, matching a subject face
against the known face in the database for identity confirmation.
Recognition, or picking a face out of a crowded, moving picture, is far
more complex.
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 30 May 95 14:47:39 EDT
Subject: UK Identity Cards & Smart Cards
from the Press Association (U.K.) news wire via CompuServe's Executive
News Service:
PA 05/24 1552 ROW BEGINS OVER ID CARDS
By Teilo Colley, Crime Correspondent, PA News
The Government sparked off an immediate and fierce debate today
with its consultation paper on the introduction of identity
cards.
And there were clear signs of division on the issue within the
Government's own ranks.
Civil rights groups reacted furiously, decribing the Green
Paper as a "giant con" and claiming an ID card system would be
a "solution looking for a problem".
Key points:
o Profound objections to entire idea of identify cards among some
back-bench Tories.
o Other Members of Parliament report strong support for ID cards
as part of the fight against crime.
o Cabinet and police officials support ID cards for many stated
benefits, including ease of investigation & fraud reduction.
o Preventing forgeries will be crucial to success.
o Civil liberties association, Liberty, "... claimed a voluntary
card would soon become "compulsory in all but name" with people
who refused to carry one becoming the target of suspicion."
o Liberty also argued that "An electronic smart card would become
a `portable dossier' of personal information, which the holder
could not see, and which would bring with it no data protection
controls."
o Questions about effectiveness; Justice, a legal-reform group,
and "the Institute for Public Policy Research, said there was
no evidence to support such a claim in this country, or in
countries such Germany and Spain, where ID cards are compulsory."
--
M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA)
------------------------------
From: Christian.Reiser@aut.alcatel.at (Christian Reiser)
Date: 31 May 95 07:51:04 +0200
Subject: Re: CIBC and Royal Bank to do MONDEX pilot
bo774@freenet.carleton.ca (Kelly Bert Manning) said: The Canadian
Imperial Bank of Commerce and the Royal Bank have announced plans
to pilot a "smart" cash card. Apparently this is based on a chip
based card used in Europe. Unlike a credit card there would be no
name or other personal data on it. Users would supposedly refill it
at an ATM or by dialing into their bank if they are unconcerned
enough about banking by phone to get it activated for their
account.
Don't get impressed by the anonymity you seem to have. All these cards
have a serial number and as soon as this number once gets connected to
some personal data, every newspaper you pay with this card can be
tracked down.
In Austria such a system should be installed beginning next year, but I
am afraid of security and safety aspects. The Company, which introduces
these cards here, does not tell you anything about the means they use.
And if their security depends on obscurity, I do not want to use this
system.
Greatings from Vienna/Austria
--
Christian Reiser e-mail: Christian.Reiser@aut.alcatel.at
Ofc: +431 277 22 / 3657 priv: C.Reiser@ieee.org
Fax: +431 277 22 / 3955 http://www.egi.co.at/egi/reiser.htm
For PGP-Key (private purpose) send e-mail with Subject: Query PGP Key
------------------------------
From: wmcclatc@internext.com (Bill McClatchie)
Date: 31 May 1995 03:03:41 -0400
Subject: Credit Cards in Grocery Stores
I have seen something new added to my credit cards slips when purching
goods at a couple of Washington DC area grocers. They are adding the
card holders name to the slips.
Wouldn't this make it easier for someone to pick up one of these slips
(which many peole just toss in the trash) and use them? The slips now
provide almost all of the needed information for usage with phone
orders (Name, Card number, expiration date) and for those who know
something about credit card numbering, what type of card it is. like
all Discover Cards start with the same 4 digits, AT&T Visa starts wtih
the same 3 digit sequence, etc.
--
Bill McClatchie
wmcclatc@internext.com
http://nyx10.cs.du.edu:8001/~wmcclatc
------------------------------
From: "Dr. Ethan V. Munson" <munson@blatz.cs.uwm.edu>
Date: 30 May 95 17:50:07 -0500
Subject: The Microsoft Win95 Virus - update
While this message sounds kind of alarmist and I have no confirmation
of the validity of its contents, it should be of interest to several
people in our department.
------- Forwarded Message
Subject: The Microsoft Win95 Virus - update
To: net.cool@ginsberg.CS.Berkeley.EDU
Date: 26 May 1995 01:36:32 -0700 (PDT)
The actual 'Win95 virus' is old news, but I thought the technical
tidbit that follows this was worth noting. I'm surprised there
hasn't been a stronger backlash against this. -San
Newsgroups: comp.risks
From: cnorloff@tecnet1.jcte.jcs.mil
Date: 17 May 95 13:44:40 EDT
Microsoft officials confirm that beta versions of Windows 95 include a
small viral routine called Registration Wizard. It interrogates every
system on a network gathering intelligence on what software is being
run on which machine. It then creates a complete listing of both
Microsoft's and competitors' products by machine, which it reports to
Microsoft when customers sign up for Microsoft's Network Services, due
for launch later this year.
"In Short" column, page 88, _Information Week_ magazine, May 22, 1995
--
The implications of this action, and the attitude of Microsoft to plan
such action, beggars the imagination.
Chris Norloff cnorloff@tecnet1.jcte.jcs.mil
An update on this. A friend of mine got hold of a copy of the beta test
CD of Win95, and set up a packet sniffer between his serial port and
the modem. When you try out the free demo time on The Microsoft
Network, it transmits your entire directory structure in background.
This means that they have a list of every directory (and, potentially
every file) on your machine. It would not be difficult to have
something like a FileRequest from your system to theirs, without you
knowing about it. This way they could get ahold of any juicy routines
you've written yourself and claim them as their own if you don't have
them copyrighted.
Needless to say, I'm rather annoyed about this.
So spread the word as far and wide as possible: Steer clear of Windows
95. There's nothing to say that this "feature" will be removed in the
final release.
------- End of Forwarded Message
------------------------------
From: ramole@aol.com (RAMole)
Date: 01 Jun 1995 02:20:19 -0400
Subject: Text Filter for the Very Good
Organization: America Online, Inc. (1-800-827-6364)
Although I have met few people who will admit to being unable to handle
strong language, I suppose there must be some somewhere, or to whom can
Exon be pandering?
It should be possible to write software to filter any incoming text
stream and blank out the horrible awful dirty words just as newspapers
do, e.g. "Senator Exon is an *******!"
Availability of such a filter -- and the AOLs and Compuserves could
offer it free -- could remove one of the last reasons that the
Aggressively Fragile could find for needing protection via the Exon
Bill. They can already get software to lock out access to "dirty ftp
sites", but could still be subjected to frightful e-mail, ads for F***
magazine on the alt.poetry newsgroup and so on. This way they could be
totally SAFE! They could even add their own "fainting words" (heck,
durn and drat!) to an Extra file.
I'm tempted to say this should be freeware, but on second thought maybe
they ought to pay through the nose, and make the author rich.
Anyone else have some ideas on this?
--
Alan Mole ramole@aol.com
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 01 Jun 1995 07:15:52 GMT
Subject: Anti-abortion Constable Charged with Offence
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
Constable Steve Parker of Delta, BC has been charged with
"discreditable conduct" under the BC Police Act after investigators
advised that it would be unlikely that a succesful prosecution for
criminal Breach of Trust could be obtained. There was no evidence that
he benefited directly when he used the Canadian Police Information
Computer to obtain the vehicle registration details of cars parked near
a Vancouver Abortion clinic.
The victims of this breach of the BC FOI/POP act, and the Information
and Privacy Commissioner, have commented on the lack of civil remedies
and criminal sanctions demonstrated by this case.
Constable Parker at the time was the treasurer of a BC anti-abortion
group and says that he did the searches after being called by his
mother, who jotted down licence numbers while protesting at the
clinic.
------------------------------
From: NRA@maxwell.ph.kcl.ac.uk
Date: 02 Jun 1995 17:07:21 GMT
Subject: Sending VISA Card Details by e-Mail (follow-up)
Organization: Dept Physics, Kings College London
Sorry if the subjest doesn't match my last post -- my original post has
expired off the server.
Anyway, I was interested to see an article about fraud caused by
e-mailing Visa numbers in today's "Independant" (UK national newspaper)
which cast some light on my question.
Firstly, it's worth repeating the quote from Barclay's bank: "... but
we would make it clear that for someone to send their credit card
number unencrypted across the Internet breaks their agreement with the
bank that issued the card." That's pretty clear: DON'T DO IT! (or you
may indeed wind up footing the bill when a hacker grabs your number).
Second, the banks are suffering BADLY from this problem and are
actively investigating means to encrypt card numbers across the net
(one that doesn't fall foul of the silly USA DoD restriction that PGP
and its ilk are restricted exports).
Third, there seems to be a divide between USA and non-USA which means
that USA customers fare worst. In the UK, a retailer must confirm that
the address to which he ships gods* is the same as the address of the
credit card owner (or risk not being paid for a fraudulent order).
"American banks refuse to let mail-order companies check the address of
the card's owner". So, if I know the number of a USA-issued card I can
use it to order stuff to be delivered to any address I choose, like a
few grand's worth of SIMMS to an accomodation address!
This is of course a privacy issue. It seems to me that a valuable
safeguard is being disabled. I wouldn't want a bank to tell someone
what my address was, but that's quite different to confirming (or
denying) an address that I have already volunteered to the enquirer.
Hope this is of interest,
--
Nigel Arnot
NRA@MAXWELL.PH.KCL.AC.UK
* or goods for that matter: one of my better typos.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #050
******************************
.