Date: Wed, 17 Feb 93 13:57:24 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#017 Computer Privacy Digest Wed, 17 Feb 93 Volume 2 : Issue: 017 Today's Topics: Moderator: Dennis G. Rears Digitizing signatures for credit card purchases Re: SSN as a red herring Username, real names, and privacy privacy in communication technologies privacy The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 11 Feb 93 16:33:24 -0800 From: "Glenn S. Tenney" Subject: Digitizing signatures for credit card purchases If you thought that signing for a package onto a notebook computer was bad, you ain't seen nothing yet... My wife just told me that The Gap (a large clothing store chain) store near to us has a new computerized system. When making a credit card purchase with a Visa card, she had to "sign" on a digitizing tablet. Then, they printed out her receipt just like a cash register receipt with our credit card number on it, but no signature. I called BankAmericard who bounced me around and then they bounced me to the 1-800-VISA-911 line. I finally called the Visa International main office which is nearby and their customer relations person told me: If I didn't like that system, it was my choice to not buy from that merchant -- but the merchant can use any system they want. She said that there was no need to give me a receipt with my signature on it, since I could request one from my bank. When I sign for packages, I just print my name. For this, I might do the same if push came to shove, but I do *NOT* like the idea of some store having my signature actually "on-file" digitally! --- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER Voice: (415) 574-3420 Fax: (415) 574-0546 ------------------------------ Subject: Re: SSN as a red herring From: Brian Pirie Date: Sun, 14 Feb 1993 07:38:41 -0500 Organization: BP ECOMM Systems, Ottawa, Ontario, Canada p-hurley1@tamu.edu (Philip Hurley) writes: > I have considered the ramifications of writing a virus program (I don't know > how and never have) that will delete any reference it finds with my name in > it. > > I figure, the worst that can happen is that my bank "forgets" who I am. I > might be willing to deal with the hassle of correcting such an error face-to- > face with my bank in exchange for knowing that other data bases will also " > forget" who I am. This would not work, and it would lead the authorities right to your doorstep. First of all, the chances of such a virus infiltrating a system such as your bank's computer is next to nil. Their security will be good enough that they simply wouldn't allow a virus to get into the system. Secondly, such a virus that operated on one hardware/software platform would most likely not function on others. You would have to write a different virus for every hardware/software platform that might be used for maintaining some database that includes your name. Also, even if it were possible to write such a virus, you would have the FBI or CIA (or whatever is the relavent authority in your country) knocking on your door, probably before your virus has had a chance to do any damage. Regardless of how sophisticated an encryption scheme is used by the virus program, if it is written specifically delete every occurance of your name, it wouldn't take them long to find the Philip Hurley who wrote the virus. -- Brian Pirie, brian@bpecomm.ocunix.on.ca (Ottawa, Ontario, Canada) PGP 2 key available upon request ------------------------------ From: ae@ac.dal.ca Subject: Username, real names, and privacy Date: 16 Feb 93 19:09:03 -0400 Organization: Dalhousie University, Halifax, Nova Scotia, Canada I'd like to get some comments on the following issue. We have a facility, called "FIND", on our main academic computer system where users can voluntarily put information about themselves, including their name. They are informed about the existence and purpose of FIND (primarily promoting good communication among users) the first time they login. No one is required to have a FIND listing but most people do. It has been the practice that if someone enquires about the name of the owner of a username, and that username is not listed in FIND, we will not give out the person's name in order to protect their privacy. After an incident where we would not release the owner's name to a user who complained about an e-mail message from a username not listed in FIND, it has been suggested that we change our policy and provide a public username to real name correspondence for all usernames. In this case we were protecting the privacy of a person who had obviously violated the university's "Responsible Computing" policy. If the complainer had wanted (or rather, not asked that we refrain from doing so) we would have got in touch with the offender and asked for a change in behaviour, but we would not reveal the identity of that person. The policy change is directed against people who abuse the anonymity we make possible (users may have any username of two to eight letters and digits within reasonable limits). Should it be a condition of getting a computer username that the owner's real name be public? Of course it is well known that e-mail can be forged so that the identity of the sender is not, at the very least, immediately apparent. I'd be interested to know what formal policies other universities have in this area (I hope for some Canadian responses). Aidan Evans (AE@AC.Dal.CA), Computer Facilities & Operations, University Computing & Information Services, Dalhousie University, Halifax, N.S., Canada, B3H 4H8 ------------------------------ From: Deborah Parker Subject: privacy in communication technologies Date: Wed, 17 Feb 1993 04:04:20 GMT Organization: University of Illinois I am looking for information concerning privacy/security in communication technologies, especially concerning caller identification, electronic mail, and cellular communication. I am also interested in the regulation of communication technologies under the Federal Communication Commission. I am working on a project at the University of Illinois-Urbana/Champaign and would appreciate any information available. Thanks! Deb Parker ------------------------------ From: Thomas Chen Subject: privacy Organization: Hughes Network Systems Inc. Date: Tue, 16 Feb 1993 20:23:17 GMT well, with the advancement of technology in moderm society, privacy is something we will have to give up eventually. when we move to a society where there is no more money but just a card, everything we do, everything we spend are logged somewhere. but what is the big deal??? as of now, if you have a mobile phone, the cellular company knows where you are (within a cell), when you shop in department stores with your credit cards, they compile your shopping habit profile, when you subscribe a magazine, you are automatically categorized into a group. what we are doing is exchange part of our personal information for a lot of other people's information. Tom As the people here grow colder I turn to my computer and spend my evenings with it like a friend I was loading a new program I had ordered from a magazine "Are you lonely, are you lost? This voice console is a must" I press EXECUTE Well, I've never felt such pleasure Nothing else seemed to matter I neglected my bodily needs I did not eat, I did not sleep The intensity increasing 'Til my family found me and intervened But I was lonely, I was lost Without my little black box I pick up the phone and go EXECUTE --- Kate Bush, "Deeper Understanding" ------------------------------ End of Computer Privacy Digest V2 #017 ******************************