Date: Tue, 08 Dec 92 17:39:26 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#110 Computer Privacy Digest Tue, 08 Dec 92 Volume 1 : Issue: 110 Today's Topics: Moderator: Dennis G. Rears Re: SSN Re: SSN Re: Privacy in VA Re: Privacy in VA Re: User-transparent encryption? Local Telephone records Re: Radar Detector Prohibitions Re: SSN and privacy Digitized Voting Records (was Re: NY Liscenses) Digitized Pictures and Signatures The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "BLACKMAN, EDWARD B" Subject: Re: SSN Date: 6 Dec 1992 02:49 CST Organization: Texas A&M University, Academic Computing Services > I don't think the telephone company "owns" your phone number. They have >obviously got certain rights in the number - but that's not like >"owning" a house or a trademark. They have the right to prevent >issuance of the same number to different customers in the same Area >Code (though I think the right of the customer to have exclusive use of >a number might be as strong as any interest the phone company has in >the number). Again, here in Massachusetts, it is possible - by dint of >regulatory decision - to opt out of the caller id system. I was told by >the New England tel representative that blocking the id worked on all >systems within their purview. It troubles me to know that Virginia does >not have to respect my desire for privacy in this regard. And she a >fellow "commonwealth" and guardian of freedom! >[Moderator's Note: It is the phone company's number. They can take it >away from you and give you another number. ._dennis ] Only because we allow them to. Local carriers (the ones that assign your number) are regulated monopolies. If the entity in charge of regulating the telcos took away the power to reassign numbers, there isn't a thing they could do about it. [Moderator's Note: I'll let John Hidgon respond to this one. ._dennis ] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Ed Blackman | Another PROUD user of OS/2!!! | | Internet: EBB7683@venus.tamu.edu |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | Fido : 1:117/331.10 | For you anti-RTKBA people: The era | |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= of the American Police State is | | approaching - brace yourselves. In our zealotry to conduct the "war on | | drugs" and to "make society safe from gun violence" we are dooming the | | Bill of Rights. | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=( Boycott Microsoft )=-=-=-=-=-=-=-=-=-=-=- ------------------------------ Date: Tue, 8 Dec 1992 14:23:28 EST From: Jerry Bryan Subject: Re: SSN One reason that the SSN is such an issue is that it is so permanent. For example, if you have an unlisted phone number that is compromised, you can get a new one. If you move to a new state, you get a new driver's license numbers. You can close out a checking account and open a new one with a new number, etc. It is hard to get a new (legitimate) SSN. I wonder if the same permanence may not eventually come about with respect to phone numbers. The moderator noted that phone numbers belong to the phone companies. However, a great deal of thought has been given to making phone numbers belong to the person. We may be twenty years away technologically, but the idea is that your phone number would follow you around for life. If you moved, or were in your car using a mobile phone, if you were visiting a friend's house, if you were traveling, etc., the technology would use your one and only lifetime telephone number to get your phone calls to you. Quite a convenience. And quite a potential invasion of privacy, I think. [Moderator's Note: I have a 800 number that follows me around. ._dennis ] ------------------------------ Subject: Re: Privacy in VA From: Ed Boston Date: 6 Dec 92 22:26:00 GMT Organization: Phantasia BBS - Boise, ID - 208-939-1350 Reply-To: Ed Boston CO>New York State has a law that they cannot make you give your phone number CO>or address for a credit card slip. The idea is that the store has already CO>gotten credit approval for the charge slip and has no legitimate CO>need to know anything else. Both Visa and MasterCard, from what I have been told, have in the agreements with the stores that they may NOT ask for any other info such as phone numbers, drivers licenses, or SSN on the transactions. Ed Boston --- . OLX 2.1 TD . "Maytag" is my middle name; I'm an agitator. ------------------------------ Date: Mon, 7 Dec 1992 12:32:30 -0500 From: Bob Goudreau Subject: Re: Privacy in VA >Paul Olson writes: > > Well, you're right about the radar detectors at least. But I thought > that Connecticut also outlawed detectors... Not anymore. The repeal of the detector ban went into effect on October first. [Moderator's Note: Tom Talpey posted a similiar comment. ._dennis ] ---------------------------------------------------------------------- Bob Goudreau Data General Corporation goudreau@dg-rtp.dg.com 62 Alexander Drive +1 919 248 6231 Research Triangle Park, NC 27709, USA ------------------------------ From: Carl Ellison Subject: Re: User-transparent encryption? Date: 7 Dec 1992 07:15:48 GMT Organization: Stratus Computer, Software Engineering In article egyed@lns598.tn.cornell.edu (Zoltan Egyed) writes: >[Moderator's Note: I know of nothing. Either you trust your >adminstrators or you don't. If a sysadmin wanted to read your mail it >would be easy for him to get copies of it when you send it or recieve >it. ._dennis ] Worse than that, I believe root can read the memory of any running program, under UNIX. Therefore, any program which kept a password in memory would let root find it. root can also capture all keystrokes, I believe. The only answer is to be on a single-user machine -- not allow any other logins (or any remote access via RPC) while you're logged in. Once you've done that, PEM can take care of mail privacy and DES can handle file privacy. -- -- <> -- Carl Ellison cme@sw.stratus.com -- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 -- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 ------------------------------ Date: Mon, 7 Dec 92 12:21:59 -0500 From: Susanna Elaine Johnson Subject: Local Telephone records I don't normally post because who knows where these things end up and who is listening, but... I am not a US citizen and am in a fairly sensitive (it sez here) profession. Not only do I have trouble from time to time with DIS and DOE, but the last time Immigration came to talk to me (which they like to do periodically) they had not just the listing of local cals I had made but also TAPE of some of the calls. All of this without benefit of court order, and this is the Land of Liberty(??). Why they are interested in how many toppings I like on my pizza, Lord only knows. Regarding radar detectors in Virginia: It is in fact illegal to possess, in the vehicle and connected to a power supply, a radar detector in that state, and it is true that they use radar detector-detectors to peg you. The fine is $53, I know because they got me. However: According to the Federal Communications Comission Act of 1933 (as amended) any person may own any type of receiver, for any type of transmission whatsoever. Further, he may intercept on any transmission. What he may NOT do is pass on the contents of any such intercepted transmission to a third party. So, if my dog barks, I can use this information but cannot legally telly you that there is a "mountie taking pictures" up ahead... I also recall that New Jersey had or still has on the books a law forbidding the possession of "shortwave radios", on the grounds that they may be used for intercepting police transmissions. Comments from the legal beagles out there? General comments on Virginia: This is an interesting state. I was once arrested and spent some days in jail for having a necklace hanging from my rear view mirror. When I got out and went home, I found my front door kicked in by the local police, who had searched my house without a search warrant while I was in jail, and who had confiscated my gun collection. Their thesis was "Nobody needs this much fire power". If it's any consolation for Virginians or would-be Virginians, California appears to be even more fascist. Anna Johnson (VE7LKL/KA3TPG) (sej3e@virginia.edu) ------------------------------ From: David C Lawrence Subject: Re: Radar Detector Prohibitions Date: 7 Dec 1992 18:45:01 GMT Organization: UUNET Technologies, Inc. In dileo@brl.mil (John DiLeo, CSB) writes: > Actually, I'm not so sure about DC. However, radar detectors are > illegal in Connecticut, and the presence of one in the passenger > compartment of a vehicle (including under the seat, unplugged) can > (or at least once did) carry a pretty hefty penalty. If one was > permanently installed in another state (the variety where the > transceiver is behind the grill, and the control unit is in the > dash) you could only be ticketed if they believed it was operating. This isn't directly a privacy issue, but ... The District and VA are the only two jurisdictions on their level in the US to have a full ban on all radar detectors. CT repealed theirs. There are various limited detector laws around (like bans on truckers having them, but the truckers don't care because the CB works better for their purposes anyway) but that's not quite the same. (VA is remarkably confused about its highway policy overall. It rather distresses me, even having come most recently from upstate NY, where "NY is tough on speeders --- speeding is no cheap thrill." It's not just that they're somewhat fascist (*cough*) down here, but really _confused_ about just what they're trying to accomplish. There's a lot of inconsistency.) People concerned specifically about the involvement on government with motorists should look into the National Motorists Association. They are a motorists' advocacy group which deals with all aspects of our highways, including the various issues of law enforcement like harassment, unreasonable search and seizure and other activities which readers of this forum are likely concerned about. Contact info: National Motorists Association 6678 Pertzborn Road Dane WI 53529 800 882 2785 David Lawrence ------------------------------ From: "Jeffrey I. Schiller" Subject: Re: SSN and privacy Organization: Massachusetts Institute of Technology Date: Tue, 8 Dec 1992 05:08:30 GMT Although I cannot speak for MIT administrative offices and how they treat privacy when dealing with them "manually", I can comment on how our efforts to provide information electronically are protected. Privacy is a major concern with our system for providing registration information online. To use the on line registration information system, students first need to have an account on our Athena distributed computing system. In addition to being logged in to their Athena account (which requires a password), students must also be in possession of a second "secure" password in order to access electronic data on themselves. All information that is sent over the network is encrypted (using keys setup by our Kerberos authentication system). A network easedropper will not be able to either learn their password(s) nor snoop at the data itself when it goes across the network. In order to register for the second "secure" password, a student must first run a registration program (from their Athena account). This program can only be run once (i.e., once they have their "secure" password, they may not again register for one, if they forget it they need to go see someone in person WITH AN ID CARD to have it changed). Once the registration program is run, a Postal Mail verification is mailed to them announcing that a secure password was requested and giving instructions on what to do if they were NOT the person who applied for it. Secure passwords are not valid for two weeks after request to ensure enough time for this paper verification to be delivered to the student. Perhaps the system isn't perfect, but not because we didn't consider student privacy in its design. Oh, and by the way, any student can "opt out" of the system by request. If they do, their information will not be available on-line at all. -Jeff P.S. In many systems it is the human clerk who doesn't understand privacy, that results in abuse or lack of security. By replacing such systems with computerized systems WHERE THOUGHT WAS GIVEN TO PRIVACY PROTECTION we can actually improve the level of privacy that the general populace has! ------------------------------ Date: Tue, 8 Dec 1992 7:57:08 -0500 (EST) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Digitized Voting Records (was Re: NY Liscenses) In Computer Privacy Digest Volume 1 : Issue: 109 Mitch Collinsworth writes: >In article shearson!jenny!mjohnsto@uunet.uu.net (Mike Johnston) writes: > >>Today's (12/3/92) New York Times carried a small article in the Metro >>section describing NY's new licenses. In a nutshell, drivers will >>have *both* their pictures and signatures digitally stored on the >>state's computers. This makes me nervous. > > ... I walked into the polling place for the >primary election and was presented with a new form of sign-in book in >which I was instructed to sign below my name. The book was clearly the >output of a laser printer. My name appeared twice, once in type and >once in a pixel reproduction of my signature. I decided it was already >too late... > >Interestingly, when I returned in November for the general election, I >found the familiar old sign-in method which had my name on a card of its >own and the original ink version of my signature from each time I had >voted there in the past, each on succeeding lines. I worked as an Election Inspector this year and maybe I can shed some light on this. New York is in the process of updating the records of every voter, adding some and deleting some information (SSN for one) so new buff cards are being phased in as the older ones fill up with signatures. The double signatures for the first entry on the new cards is to provide a check for later elections. The first signature should be done when registering for the first time, but additional cards have to be signed twice at the polling place (and even that isn't foolproof). These records are a mess and having the Boards of Elections in the Cities and Counties digitize the signatures will take years and still not be accurate. Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ Date: Tue, 8 Dec 1992 8:09:05 -0500 (EST) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Digitized Pictures and Signatures Several people have discussed digitizing drivers liscense signatures and pictures and also digitized signatures on voting records. My employer issues digitized IDs for every employee, guest employee and contractor on site (the ID number IS NOT the SSN). The signature is made using an ordinary felt tip pen and when the picture is taken, both are recorded on a CD for later reproduction on a credit card-like piece of plastic with a magnetic stripe on the back (no, I can't find out what if anything is on that stripe according to Personnel and Security). I do worry about the NY DMV having this kind of information though, since it is not the world's most efficient organization. Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ End of Computer Privacy Digest V1 #110 ******************************