Date: Fri, 30 Oct 92 09:57:18 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#094 Computer Privacy Digest Fri, 30 Oct 92 Volume 1 : Issue: 094 Today's Topics: Moderator: Dennis G. Rears "M" Article: Dan Rather Reconaissance Re: Posting grades by SSN Re: encryption Re: question on surrepticious Re: ssn and traffic tickets Re: public access to state info Virginia Bug: FBI Finds No Basis For Prosecution The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: Todd VanderHeyden Subject: "M" Article: Dan Rather Reconaissance Organization: Software Engineering Institute Date: Wed, 28 Oct 1992 15:46:41 GMT The current issue of "M" ("for the civilized man")-- the one with David Letterman on the cover-- has an article about how the writer decided to find out how much confidential information he could obtain about a private citizen, and used Dan Rather as a test case. Todd VanderHeyden ------------------------------ From: Michael Mogensen-Vermillion Subject: Re: Posting grades by SSN Organization: Vanderbilt University Mathematics Department Date: Wed, 28 Oct 1992 16:23:13 GMT In article David Ratner writes: > >It seems much easier for all parties if grades can be posted. I personally >don't care if my grade is posted by my ssn. In one class at Cornell a >waiver was actually sent to all students, and if they signed it they >authorized the posting of their grade by ssn --- otherwise they had to >physically ask the prof. Why not have each student make up some random >number to post grades by, if that's what it takes. > When I taught at Middle Tennessee State University, my department was advised by an attorney for the Board of Regents that it was illegal to post by ssn. We were directed instead to ask each student to both grant permission _and_ make up some random identifying phrase (not necessarily a number) if they wanted his/her grade posted. If a student declined to sign or to make up a code word, that student's grade was not to be posted. One bonus of this method was that some of the students came up with rather entertaining and illuminating phrases (some of which could not be posted in a public place :^). ------------------------------ From: Michael Mogensen-Vermillion Subject: Re: encryption Organization: Vanderbilt University Mathematics Department Date: Wed, 28 Oct 1992 16:35:05 GMT In article REDELSS JOHN W writes: >Will it ever be possible to network with computers in privacy and security? >Several years ago in an OMNI article I read that encryption would eventually >make true privacy possible for everyone. It went into the math and the >software technology more than I can remember, but it sounded good to me. Deos >anyone know anything about this? > According to Macworld magazine, the NSC is trying to hamstring the power of the encryption algorithms that network retailers are allowed to incorporate, the justification being that the more powerful algorithms would inhibit the ability of law enforcement angency to perform lawful datataps in the process of criminal investigations. In a similar vein, the FBI wants fiber optic phone systems designed with ease-of-wire-tap in mind. This has been compared to requiring furniture manufacturers to include built-in microphones in their sofas in case a suspected criminal ever buys one. ------------------------------ Date: 28 Oct 1992 21:31:09 +0000 (GMT) From: Dick Rinewalt Subject: Re: question on surrepticious Organization: Texas Christian Univ Comp Sci Dept In article james.j.menth, jjm@cbnewsb.cb.att.com writes: >In article bu676@cleveland.freenet.edu >(Cheryl L. Kerr) writes: >> >>During a recent legal problem, I was advised by my attorney that >>it is completly legal to tape a face-to-face or phone conversation >>with out notifying the other party(ies) involved as long as YOU ARE >>A PARTY TO THE CONVERSATION (e.g. Only you need to know it is being >>taped). Since I wasn't involved in any clandestined work, I didn't >>get any legal info on wire taps. >> >This was probably good advice in your state, as it is in mine, however >although individual states may not pass legislation less restrictive >than Federal laws they can usually go the other way. The phone books >usually have a section in the front (Mine was titled "Your Responsi- >bilities") that gives the policy applicable in your area. However, I was advised by an attorney that that section of the phone book is merely part of the phone company tariff. I was told that it is policy not law (in Texas, at that time,...). Dick Rinewalt Computer Science Dept Texas Christian Univ rinewalt@gamma.is.tcu.edu 817-921-7166 ------------------------------ Date: Wed, 28 Oct 92 12:46:57 -0600 From: Eric Hunt Subject: Re: ssn and traffic tickets > In article fns-nc1!fns-nc1.fns.com!vib@concert.net (Victor Bur) writes: > As for traffic tickets, I don't think it's illegal to forget your SSN > and to not have it written down anywhere handy. Just tell the cop he > will have to forgive your traffic infraction because your SSN is not > available. In Alabama, your SSN is printed on your driver's license. It's *not* the DL#, but it is printed on the card itself. How many other states also have the SSN printed on the license? --- Eric Hunt | bsc835!ehunt@uunet.uu.net (preferred) Birmingham-Southern College | eric.hunt@the-matrix.com Birmingham, Alabama 35254 | ^--- Nothing longer than 100 lines ------------------------------ Date: Thu, 29 Oct 92 17:21:05 -0800 From: "Harry I. Rubin" Subject: Re: public access to state info An article titled "Car Break-in Ring Cracked," by Tom Alex of the Des Moines (Iowa) Register, appearing Friday, October 9, 1992 (page 1M) tells how "youths" (is that like juvenile delinquents?) used computer records to facilitate auto break-ins. These "youths" would spot cars with expensive stereo gear in parking lots during the day and note the license plate numbers. They then went to an Iowa State Department of Transportation office at a local shopping mall which provides public access computer terminals, and used the terminals to look up the names and home addresses of the owners of the cars! The thieves would then break into the cars at night, at times and places where they were unlikely to be discovered and could burgle at their leisure. From the article, it sounds like they have had security problems with the public access terminals for a while. The "solution" the state developed is to require people to identify themselves by some sort of sign-on procedure to look up license plate numbers; "that does provide at least some tracking of inquires," according to one official. I have mixed feelings about this. Part of me is horrified that any bozo is allowed to walk up and look up people's home addresses and such. On the other hand, it is "public information." I must applaude the state for trying to make information available in an easy way. "They should have more safeguards" is one reaction, but what safeguards? They can't give every person in the state a password, and without something like that, and access controls on what every person can look at, there are no safeguards. The scheme that the article mentions so briefly sounds ridiculous; what do they do, make you type your name? OK: "John Q. Public." The only other approach would be to make the counter clerks check and record some sort of ID before you can use the public access terminals, but I presume that would defeat part of the reason for having them there, to off-load the clerks. Maybe the bottom line is that it really is too dangerous to allow the general public to get at data. I would hate to think that is really true. And there will always be some people who can wangle access, then they have an advantage over the rest of us. ------------------------------ From: Nigel Allen Subject: Virginia Bug: FBI Finds No Basis For Prosecution Organization: Nyx, Public Access Unix @ U. of Denver Math/CS dept. Date: Fri, 30 Oct 92 02:46:21 GMT Here is a press release from the U.S. Department of Justice. FBI Finds No Basis For Prosecution in Case of Transmitting Device Found in Va. Capitol Building To: State Desk Contact: Elizabeth Smith of the U.S. Department of Justice, 202-514-2007 RICHMOND, Oct. 29 -- Richard Cullen, United States Attorney for the Eastern District of Virginia, announced today that the Federal Bureau of Investigation has concluded its investigation into events surrounding the transmitting device found in the office of the governor's chief of staff. Cullen has concluded that there is no basis for federal prosecution. The device was discovered in the afternoon of Aug. 20 and was reported to the FBI on the following day. Robert Satkowski, special agent in charge of the Richmond field office of the FBI, stated that upon examination by the FBI, the transmitting device had no battery, was turned off, and the antenna was broken. Further, the device was of a type manufactured without any serial number or other identifying markings and was distributed to a large number of sales outlets across the nation. Accordingly, it is not traceable to a particular buyer. The device cost between $300 and $600. -30- ------------------------------ End of Computer Privacy Digest V1 #094 ******************************