Date: Wed, 29 May 96 08:36:31 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#043
Computer Privacy Digest Wed, 29 May 96 Volume 8 : Issue: 043
Today's Topics: Moderator: Leonard P. Levine
Re: Biometric Encryption
Re: Biometric Encryption
All Calls are Logged
Equifax for Employee Background Checks
Announcement about Privacy legislation in Canada
Re: Free PGP shell available for Windows
unsolicited email ?
Re: Privacy Phone Guard
How Secure are 900 MHz Digital Cordless Phones?
Re: Privacy Phone Guard
Re: Drafts of Medical Records Privacy Legislation
Stalker's Home Page UPDATE
New Journal of Electronic Privacy Issues
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: Phil Agre <pagre@weber.ucsd.edu>
Date: 26 May 1996 17:27:30 -0700 (PDT)
Subject: Re: Biometric Encryption
Charles Bryant suggests that the Mytec fingerprint-based biometric
encryption device could be fooled by a simulated fingerprint. Mytec's
advertising literature addresses this point at some length, claiming
that a copy of a fingerprint generates a much different image in the
device than a real fingerprint, given the light-scattering properties
of fingerprint ridges and skin oils. Someone could indeed sever your
finger to fool the machine, but stronger protection than simple
fingerprint identification would seem indicated for any application so
important that someone would be willing to dismember a person to break
into it.
--
Phil Agre, UCSD
------------------------------
From: Lewis L Hart <lewish@Federal.Unisys.COM>
Date: 28 May 1996 12:45:24 GMT
Subject: Re: Biometric Encryption
Organization: Unisys Solutions Integration
References: <comp-privacy8.38.10@cs.uwm.edu> <comp-privacy8.41.5@cs.uwm.edu>
Sorry if any of this has been discussed already, I missed the begining
of the thread. Many of the issues that are being discussed about
fingerprints are not valid concerns. There are several aspects of
current finger scanning technology that make the forgery of a
fingerprint very difficult:
1. Most scanners rely on the fact that a finger is a three-dimensional
object. The scan is based on where the ridges touch the scanning
surface. They are not photograpic, and a two-dimensional image of a
print will not work.
2. The algorithms for matching are very sensitive to the strucuture of
the ridges. A three dimensional model would have to be very exact. Any
extra breaks or filled-in spaces would cause the match to fail.
3. It is very easy to tell if a finger is attached and alive. Current
medical technology can measure pulse and blood oxygen saturation
through a non-envasive finger probe. A severed finger would of course
have no pulse and a low oxygen sat.
IMHO, the highest risk is being forced to supply the live finger by an
armed criminal. At least with a PIN, you can give up the code and hope
the bad guy goes away.
--
Lewis Hart
lewish@unisys.federal.com
------------------------------
From: crissiet@ix.netcom.com (Crissie Trigger )
Date: 26 May 1996 20:03:54 -0700
Subject: All Calls are Logged
For those who are upset about caller I.D., I have been informed by
several private investigators that every telephone call, local as well
as long distance made through a typical phone company is registered on
a computer as to the number of the caller and callee, date & time of
the call, and the length of the call. Big brother isn't always
listening, but he can usually go back and check the records.
------------------------------
From: anonymous <levine@blatz.cs.uwm.edu>
Date: 27 May 1996 10:03:42 -0500 (CDT)
Subject: Equifax for Employee Background Checks
Organization: University of Wisconsin-Milwaukee
(You are encouraged to disseminate this, but please withhold my name)
[moderator: I will post this under my own userid]
information on people, does credit checks, check verifications, is a
collection agency, and and keeps and disseminates a lot of bad
information, misinformation, and are in my opinion generally bad people
compared to others in the business. They are also hired to snoop on
people, question neighbors and do public records checks.
I, and many others have always felt it is extremely unethical and
improper for a company like this to be a credit reporting agency, and
at the same time be in the credit collection business. They threaten
to ruin your credit if you don't pay, then report you as bad in their
reports.
They are very intrusive into your private life, and once info gets into
their computers it is hard to get it out.
------------------------------
From: COLIN BENNETT <cjb@UVic.CA>
Date: 27 May 1996 11:06:09 -0700 (PDT)
Subject: Announcement about Privacy legislation in Canada
Further to my previous message about the promise of private sector
privacy legislation in Canada, the full text of the Canadian
government's announcement can be found at:
http://info.ic.gc.ca/infor-highway/ih.html
The government's announcement has been greeted publicly by both the
Federal Privacy Commissioner, Bruce Phillips, and by the Canadian
Direct Marketing Association.
--
Colin J. Bennett
Associate Professor
Department of Political Science
University of Victoria
Victoria, B.C. CANADA. V8W 3P5
CJB@UVIC.CA
(604) 721-7495 (voice)
(604) 721-7485 (fax)
------------------------------
From: "Dr. Tom Blinn, 603-881-0646" <tpb@zk3.dec.com>
Date: 27 May 96 20:26:37 -0400
Subject: Re: Free PGP shell available for Windows
alpha1@znet.com reported: I have uploaded to Simtel.Net:
pn123-01.zip Free Windows PGP shell for any e-mail program
Just out of curiosity, who will vouch for the purported author of this
program that it does, in fact, do what it claims, and isn't some subtle
and pernicious virus or trojan horse?
--
Dr. Thomas P. Blinn, UNIX Software Group, Digital Equipment Corporation
110 Spit Brook Road, MS ZKO3-2/U20 Nashua, New Hampshire 03062-2698
Technology Partnership Engineering Phone: (603) 881-0646
Internet: tpb@zk3.dec.com Digital's Easynet: alpha::tpb
Worry kills more people than work because more people worry than work.
My favorite palindrome is: Satan, oscillate my metallic sonatas.
-- Phil Agre, pagre@ucsd.edu
Opinions expressed herein are my own, and do not necessarily represent
those of my employer or anyone else, living or dead, real or imagined.
------------------------------
From: dorsett@coastalnet.com (Stephen Dorsett)
Date: 28 May 1996 09:38:22 -0400
Subject: unsolicited email ?
Organization: Global Information Exchange Corp.
Please excuse if this has been beaten up here before, but I am
interested in any legal precedents for fighting unsolicited email. The
case in point is a company that has apparantly pulled together a list
of email addresses from usenet news. They mass mail these individuals
with advertisements from individuals or organizations who presumably
pay for this "service".
There are instructions in each message explaining how to "unsubscribe"
from their list, but two attempts to date have proven unsuccessful.
What are my legal right here ? Is there any legislation concerning this
? Are there any court cases so far ? What
Please respond via email also.
--
========================================================================
J. Stephen Dorsett Senior Systems Administrator, IBM PowerPC Solutions
dorsett@coastalnet.com (919) 254-2411 (office)
========================================================================
------------------------------
From: peter@baileynm.com (Peter da Silva)
Date: 28 May 1996 17:31:17 GMT
Subject: Re: Privacy Phone Guard
Organization: Network/development platform support, NMTI
References: <comp-privacy8.38.2@cs.uwm.edu> <comp-privacy8.42.4@cs.uwm.edu>
Wouter Janssen <wjanssen@cs.vu.nl> wrote:
If you walked up to my door and rang the doorbell with a bag
over your head, would you be surprised that I would be unlikely
to let you in? Is it be a violation of your privacy for me to
request that you identify yourself before I decide whether to
open the door?
No, not at all, but when I ring your doorbell without that bag and
came to ask you how to get to the railwaystation would you still
ask me for some ID ?
In the absence of videophone technology it's not possible to remove
that bag from your head.
Because I wouldn't like the idea of you putting me into some sort
of database and then sending me add's about the things you/your
company sells.
I don't like being called by companies selling me things without
knowing who they are. It's amazing how many calls I get that say
they're from so-and-so services or such-and-such roofing.
I don't understand why you should always know who you're
talking to. If someone on the street asks you something, do
you ask his/er name, phone# and an ID as well? I don't..
I can see his face. I don't have the technology to see your face on the
telephone.
Why do you want the phone system to reveal the other calling party?
Because I get a lot of phone calls from people I know I don't want to
talk to (so-and-so services or such-and-such roofing, for example).
I simply don't pick up the phone in those cases.
I hope I wasn't offensive, because I didn't intend to be, I just
wanted to clarify some of us like to keep some info about ourselves
for ourselves.
And when that fails, it's nice to know who has that info.
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
------------------------------
From: asinghal@tti.com (as)
Date: 28 May 1996 22:14:26 GMT
Subject: How Secure are 900 MHz Digital Cordless Phones?
Organization: Transaction Technology, Inc.
Hi all!
If there is a FAQ that discusses the following, please pardon my
ignorance!
I keep hearing that digital cordless phone conversations are private.
Could someone please explain to me why? Is it simply because scanners
which intercept digital transmissions are not commonly available? Or is
there something about digital transmission technology that makes the
transmissions un-decodable?
If I use a 900 MHz digital cordless phone, is it safe to discuss credit
card numbers, SSN, and other personal information without worrying that
someone may be listening? How safe is it to do touch-tone banking?
Do digital cordless phones routinely scramble their transmissions? If
so, what kind of algorithms are used for scrambling? How hard would it
be to unscramble if someone was reasonably determined?
Thanks in advance. Please post or email to asinghal@tti.com.
------------------------------
From: jonathon <grafolog@netcom.com>
Date: 27 May 1996 20:00:41 +0000 (GMT)
Subject: Re: Privacy Phone Guard
EricF@microhouse.com (Eric Fowler) wrote: CallerID by itself means
very little. What happens when the calling/receiving phone numbers
are indexed into one database? I don't want such a record of my
calls to exist, and I really have nothing to
You are about 70 years to late to object to that one.
records of individual's calling patterns. This is not happening
yet but mark my words, it will.
Again, Erik, you are way to late in your prediction.
Currently your calling record << local & long distance >> is available
for around $100 per month wanted, from various information brokers.
That information has been available for sale for at least the last two
decades, probably longer.
--
jonathon
grafolog@netcom.com
------------------------------
From: cs115-009 <>
Date: 28 May 1996 09:59:40 -0400
Subject: Re: Drafts of Medical Records Privacy Legislation
Organization: Armstrong State College, Savannah, GA
References: <comp-privacy8.41.14@cs.uwm.edu>
With all the problems arising in the health care field, could you just
give me a thorough defintion of a "health professional".
--
Rebecca Austin 6649
cs115009@solaris.armstrong.edu
E-mail! It's real!
------------------------------
From: glr@ripco.com (Glen L. Roberts)
Date: 27 May 1996 13:43:36 GMT
Subject: Stalker's Home Page UPDATE
Organization: Full Disclosure
The Stalker's Home Page -- your source for freely available information
from internet databases, which recently came under attack by Banyan
Systems Inc (creators of Switchboard.com), has expanded.
A number of new resources have been added. Military Locator, FAA
database, SEC Filings, and more!
Check it out. Get all that great data -- join the debate about privacy!
Find out if the internet holds personal or private data about you! Find
out if it is correct or not! Remember, if it is there, OTHERS will
PRESUME it is correct!
http://pages.ripco.com:8080/~glr/stalk.html
--
Web Page Under Attack by Corp Lawyers! Is the web for Corp
Profit & Power?
http://pages.ripco.com:8080/~glr/stalk.html
------------------------------
From: benson@sorted.com (E. Benson`)
Date: 28 May 1996 05:38:52 GMT
Subject: New Journal of Electronic Privacy Issues
Organization: sorted - electronic issues on an insecure planet
Electronic privacy, security journal to premier June 1
"sorted," a journal of electronic issues on an insecure plant, will
debut on the World Wide Web June 1, 1996. Located at
"http://www.sorted.com", the journal will address issues related to
electronic privacy, wiretapping, surveillance, encryption, the V-Chip
and Clipper Chip, and related issues.
Issue No. 1 contains feature articles by internationally known author
and NPR commentator Andrei Codrescu and computer privacy consultant and
Private Idaho author Joel McNamara.
The journal also features an FTP site which includes a full mirror of
Cypherpunks PGP archive and related files. The address is
"ftp.sorted.com/pub/encryption".
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 May 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #043
******************************
.