Date: Tue, 22 Dec 92 16:58:46 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#117 Computer Privacy Digest Tue, 22 Dec 92 Volume 1 : Issue: 117 Today's Topics: Moderator: Dennis G. Rears Holiday Schedule Policy on Submissions Re: The UPS clipboard Re: Digital Licenses in NY State Re: More on SSNs as used by VA DMV Re: Comm Week article omits PGP Re: Schools and SSN Re: Sallie Mae and SSNs Re: SSN and Schools The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Tue, 22 Dec 92 16:54:10 EST From: Computer Privacy List Moderator Subject: Holiday Schedule Due to the holidays I will not be publishing the digest from Dec 25 - Dec 29. The last digest will go out the morning of the 24th. I will save all submissions for when I come back. I extend best wished for a happy holiday season to everyone. dennis ------------------------------ Date: Tue, 22 Dec 92 16:55:31 EST From: Computer Privacy List Moderator Subject: Policy on Submissions Policy on Posting to the Computer Privacy Digest. Revision 1.0 27 Nov 1992 Introduction: The Computer Privacy Digest is an electronic digest dedicated to the discussion of how technology affects privacy. The digest is burst into separate articles and fed into the USENET newsgroup comp.society.privacy. The newsgroup and digest are different forms of the same forum. Discussions should be centered around the following topics: o Technology - What devices are out there now and are on the drawing boards that will enhance or take away privacy from individuals and entities. o Ramifications - What are the ramifications are current and new technology. o Public Policy - What should public policy be in regulating, not regulating, and/or using the technology. Privacy includes the right of the individual/entitity to privacy against other individuals, entities, businesses, and the various forms of government. o Education - This kind of goes with ramification. One of the functions of this forum should be to educate people on how current technology affect their privacy. This can range from corporate data bases to credit card usage. 1. Submissions: a. All submissions should be emailed to comp-privacy@pica.army.mil or posted to the comp.society.privacy newsgroup. Only submissions that are relavant to the charter of the forum will be published. Please keep text to under 76 characters per line. Personal attacks, excess flamage, or libelous postings will not be published. b. Submissions should not be sent to comp-privacy-request@pica.army.mil. This address is for drop/add requests, administrative changes, and confidential requests to the moderator. Those submissions sent to that address will only be published is explicit permission is granted to publish by the poster. c. Anonymous submissions 2. Copyright Issues a. It is assumed that the copyright on material submitted to the CPD will remain with the author. In the case where the author is the submitter, it is assumed that the author explicitely grants (by the act of submitting the material) permission for the material to be published in the CPD, to be posted to the USENET group comp.society.privacy, and to any archiving of either medium. b. When the submitter is not the owner of the copyright, only those submissions which carry a notice from the submitter that the permission of the copyright holder has been obtained will be accepted. This does not apply to limited inclusions of copyrighted material that meet the fair use criteria. 3. Signal to Noise Ratio: It is my desire to keep a high signal to noise ratio. As a result a particular posting may not be published or a subject thread might be terminated when postings start to fail to shed new insight into the subject. I welcome submissions on new topics and encourage them. The quality of the digest is up the readers and posters. Dennis G. Rears Moderator, The Computer Privacy Digest ------------------------------ From: dcg5662@hertz.njit.edu (Dave Grabowski (KxiK)) Subject: Re: The UPS clipboard Organization: New Jersey Institute of Technology, Newark, N.J. Date: Sun, 20 Dec 1992 07:22:50 GMT In article roy@cybrspc.uucp (Roy M. Silvernail) writes: >Consider that instead of a physical paper trail, you have valuable data >being stored electronically. No one at UPS could tell me if that data >was stored in the clear. The most knowledgable person I spoke to did >not know the term 'encryption'. Given that I'm familiar with the >company building the clipboards, if this product follows their usual >design practices, it's implemented around an 8051 derivative processor >and static RAM. It may, in fact, store data in EEPROM to avoid >inadvertant power loss. Both memories' contents can be recovered by a >skilled tech, regardless of the wishes of the host processor. Even if >they have gone to a more powerful processor, the memory must be held >static for the duration of the shift. The stored data are therefore >vulnerable. > >Consider, also, that the signature may actually be the least valuable >piece of information in that record. How much could you tell about a >competitor if you had access to their UPS shipping records? In many >cases, even the insured value of packages is recorded. > >No one at UPS knew of any audit trail established for the clipboards. >The one rep told me the boards were 'dumped and cleared' at the end of >each shift, but could not confirm that residual data was actually >overwritten. He also didn't know if a board could be dumped more than >once. My roommate (who works for UPS) just told me a bit about the "DIAD" boards. When UPS started with the boards, the printed a bunch of info about them in the UPS newsletter. According to it, the boards are "dumped and cleared" at the end of every shift. They're all placed in one big matrix and are all basically read at once, and sit there until the next shift. Once cleared, the information can NOT be "dumped" again. BTW - Apparently, those little touch-sensitive signature pads have to be replaced about once every two weeks. -Dave -- ----------------------------------------------------------------------------- Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu 9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com ------------------------------ From: Mitch Collinsworth Subject: Re: Digital Licenses in NY State Date: 21 Dec 1992 11:54:07 -0500 Organization: Cornell University Program of Computer Graphics In James Hess writes: >In article Mitch Collinsworth writes: >>But then a few days later I walked into the polling place for the >>primary election and was presented with a new form of sign-in book in >>which I was instructed to sign below my name. The book was clearly the >>output of a laser printer. My name appeared twice, once in type and >>once in a pixel reproduction of my signature. I decided it was already >>too late... >>Needless to say, I voted for the candidate who said we need to reduce >>government rather than the one who wanted to expand it. >Not to question your politics, but remember that Bush was director of the CIA, >which is not noted for its concerns for privacy or legality. Ask yourself, >which parts of government did he propose to reduce or expand? Of course, >if you run the country off the books, through Ollie North, you can reduce >the visible government... ;-) Not to question your intelligence, but I didn't say which party I belong to. I also don't recall there being a Republican primary for presidential candidates in New York State. What makes you think I was referring to Bush? -Mitch Collinsworth mitch@graphics.cornell.edu ------------------------------ From: Mikki Barry Subject: Re: More on SSNs as used by VA DMV Date: Mon, 21 Dec 1992 17:49:18 -0500 Organization: InterCon Systems Corporation The good news is that after testimony at a VA Senate Subcommittee by Dave Banisar of CPSR, two of us from InterCon, and many other very annoyed people, the Subcommittee voted to draft legislation removing the SSN from the VA Driver's license. They also are looking into setting up an "Information Czar" to overlook electronic privacy issues. Seems the subcommittee was very frightened by the spectre of fraud and SSN's. They were especially amused by Banisar's recounting of a story of a fat farm selling customer information to a chocolate factory :-) Bottom line is, they believed that the SSN should be kept more private, and should not be used as a default identifier. ------------------------------ From: Sharon Fisher Subject: Re: Comm Week article omits PGP Organization: Netcom - Online Communication Services (408 241-9760 guest) Date: Mon, 21 Dec 1992 22:41:23 GMT oppedahl@panix.com (Carl Oppedahl) writes: >An article in the December 14, 1992 Communications Week describes >an encryption arrangement said to be used by "many users", namely >using a public-key method to encrypt a DES key which is then used >to encrypt the message. >The article goes on at length but somehow manages to miss PGP, which >I suspect is the most widely used software that does this. The article I turned in included a reference to PGP; it was cut out in the editing process, of which I am not a part. ------------------------------ From: Harry Erwin Subject: Re: Schools and SSN Organization: TRW Systems Division, Fairfax VA Date: Mon, 21 Dec 1992 23:37:50 GMT What is the status of aliens lacking SSNs? For example, the children of diplomats... ??? -- Harry Erwin Internet: erwin@trwacs.fp.trw.com ------------------------------ Date: Mon, 21 Dec 1992 20:51:27 -0800 Subject: Re: Sallie Mae and SSNs From: David Ruggiero Organization: [little or none, I'm afraid] Reply-To: David Ruggiero Dave Niebuhr writes: >The problem is that Sallie Mae uses my SSN, not my daughter's, as >the account number. I called Sallie Mae and the person on the >other side stated that he couldn't do anything about it and that >I should address a letter to his supervisor (naturally). Depends on the type of student loan. If this was a "PLUS" loan, it's actually issued to your daughter but guaranteed by you, the parent. In this case, SallieMae having *your* SSN makes pretty good sense. If, however, it was another kind of loan ("Stafford", "GSL", "SLS", etc.), this isn't as easy to see. It could be that they want *your* number to make it easier to find *her* current address if she later defaults on the loan (parents usually being more stable and easier to trace than their recently-graduated offspring). Just a guess.... One of my clients is a large student-loan guarantee organization - I'll make some enquiries there and report anything interesting that's said. ------------------------------ From: "Wm. L. Ranck" Subject: Re: SSN and Schools Date: 22 Dec 92 13:38:12 GMT Eric Hunt (bsc835!ehunt%bsc835bsc.edu@uunet.uu.net) wrote: : : > Alabama recently (last 2 years) began requiring SSN's for all students : > entering school. No SSN, no school. : : It was her 10th grade year. She's in the 11th now. Public School. Very pissed : off mother, incedentally. "If the number is good for the IRS, by god it should : be good enough for [insert principal's name]" [grin] Our school district tried to 'require' SSN of its students a couple of years ago. I told them no and they didn't give me a hard time. If the school had tried to keep my kids from attending because of it I would have been on the phone to the ACLU and any other legal aide group I could think of. They can't deny someone an education because they don't have a SSN. They *aren't* required you know. If you don't take the deductions for your children off your taxes there is no law that forces you to have the number for them. Also there must me *some* foreign nationals enrolled who don't have SSNs. -- ******************************************************************************* * Bill Ranck ranck@joesbar.cc.vt.edu * * Computing Center at Virginia Tech, not Vermont ----------------------^^ * ******************************************************************************* ------------------------------ End of Computer Privacy Digest V1 #117 ******************************