Date: Thu, 18 Feb 93 17:54:59 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#018 Computer Privacy Digest Thu, 18 Feb 93 Volume 2 : Issue: 018 Today's Topics: Moderator: Dennis G. Rears Misattribution of article House Bill filed to limit public access.... (fwd) Re: Digitizing signatures for credit card purchases Re: Digitizing signatures for credit card purchases Re: Digitizing signatures for credit card purchases Re: Digitizing signatures for credit card purchases Re: Digitizing signatures for credit card purchases The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 18 Feb 93 17:50:32 EST From: Computer Privacy List Moderator Subject: Misattribution of article I have discovered a bug in the software that I use to break up a digest into individual news articles. In the last issue (Vol 2, Issue 017). the bug appeared in the second article. It took the 'From:' field from the first article and placed it in the second displacing the real from field. The first article was from '"Glenn S. Tenney" ' and the second was from 'Brian Pirie '. '"Glenn S. Tenney" ' was noted as the original author when he fact was not. I apologize for any difficulties that this has caused. I am still trying to find and fix the bug. I would appreciate submitters checking the articles out once they appear on their systems. dennis ------------------------------ From: Dewey Coffman Subject: House Bill filed to limit public access.... (fwd) Date: Wed, 17 Feb 93 13:42:43 CUT [While this is Texas Political News, I thought it would be good info for everyone to have. -dewey ] State Bill filed to limit public access to private numbers, addresses By David Elliot 2/16/93 Austin American-Statesman Capitol Staff Elizabeth Trower was befuddled when a city employee called to say a woman claiming to be her friend had obtained her home address and unlisted telephone number from Austin's electric utility. At first, Trower was puzzled and irritated. But two days later, after hundreds of harassing phone calls began pouring in, the irritation turned to fear and left Trower with two questions: Who was the mystery woman? And by what fight did the city-owned electric company give out Trower's unlisted number? Under state law, if you apply for a driver's license, a vehicle title or for service with a publicly owned utility company, your address and sometimes your phone number are considered public information. That means it is available to anyone: a journalist, a company that wants to send you junk mail -- or someone who wants to harass you. Monday, state Rep. Sherri Greenberg, D-Austin, filed two bills to change that: * One proposal would let applicants for a driver's license or vehicle title list only an address where, if necessary, they could be served with legal papers. That way, the address of their residence would not be public information. * Under the other bill, public utilities could keep confidential their customers' home phone numbers and addresses. At issue are two competing rights: an individual's right to pri- vacy rs. the public's right to certain information held by public entities. Greenberg's bills enjoy widespread support from a coalition of law enforcement officials, advocates for battered women and other crime victims. "This legislation will help protect the celebrity stalked by a crazy fan and the woman who fears for her life because her parents' murderers are being paroled," Greenberg said. "It will help Elizabeth Trower, the constituent who came to me with her story, and for whom the harassment continues today. This legislation addresses the issue closest to the hearts of women and men across this state today: public safety." But the proposals have drawn caution to outright opposition from media representatives, who note that the information Greenberg wants to keep secret is available elsewhere -- in real estate records, voter registration documents and county tax records, for example. Indeed, massive information about individuals is available through the state's open records process. For instance, the Texas Parks and Wildlife Department, the Texas Department of Transportation and the secretary of state's office provide addresses of people who buy a hunting or fishing license, register a car or boat or register to vote. Such information might be sought by a company trying to sell goods through direct mail, a motorist trying to track down a hit- and-run driver or a politician running for office. Nancy Monson, a spokeswoman for the Freedom of Information Foandation, said the organization respects the privacy and, above all, the safety of individuals. But she added, "We really believe it's a bad precedent to start closing up records." She compared the issue to the situation in department stores, which use various electronic devices to catch shoplifters. "Because there are so many thieves, they are going to penalize me," Monson said. "I am not a thief, but 1 still have to deal with this thing that is all wrapped up in wires, this piece of clothing I can- not get off the rack. "We certainly do empathize with the situation with regard to the safety of individuals. We would prefer, however, not to close up ac- cess to public information in response to wrongdoing on the part of some people." Tom Leatherbury, president of the Freedom of Information Foun- dation, expressed concern that Greenberg's legislation would "further erode the Open Records Act." "We are of course sensitive to Rep. Greenberg's concern about individual privacy, particularly women's privacy," Leatherbury said. "But in my view, the thing that should be done is, conduct should be criminalized. That is, stalking should be a criminal offense. This cuts too broadly." However, Greenberg said her bill is narrowly drawn and has earned the support of Barbara Jordan, who as a state senator in the 1970s helped write the state's Open Records Act. Also supporting the bill is Common Cause, which has made open government a priority for two decades. Greenberg said her bill "will not stop stalking. It will not prevent junk mail. But it will guarantee that individuals can close the most common outlets for unlisted addresses and phone numbers." ### ------------------------------ From: Mike McNally Subject: Re: Digitizing signatures for credit card purchases Organization: University of Michigan EECS Dept., Ann Arbor, MI Date: Wed, 17 Feb 1993 21:25:10 GMT "Glenn S. Tenney" writes: >My wife just told me that The Gap (a large clothing store chain) store near >to us has a new computerized system. When making a credit card purchase >with a Visa card, she had to "sign" on a digitizing tablet. Then, they >printed out her receipt just like a cash register receipt with our credit >card number on it, but no signature. > >I called BankAmericard who bounced me around and then they bounced me to >the 1-800-VISA-911 line. I finally called the Visa International main >office which is nearby and their customer relations person told me: If I >didn't like that system, it was my choice to not buy from that merchant -- >but the merchant can use any system they want. She said that there was no >need to give me a receipt with my signature on it, since I could request >one from my bank. > >When I sign for packages, I just print my name. For this, I might do the >same if push came to shove, but I do *NOT* like the idea of some store >having my signature actually "on-file" digitally! Perhaps you should point out (truthfully or otherwise) to Visa International that you consider the option of conducting a cash transaction with the merchant a more realistic alternative than refusing to deal with the merchant at all. Stress the fact that you use your credit card as a matter of convenience but that you feel that privacy considerations take precedence in such a case. Visa International and/or the bank that issued your Visa card couldn't care less if you take your business to another store but if they come to believe than many customers are using cash for purchases instead they'll be a lot more motivated to lean on the chain for the sort of merchant agreement you prefer. Anytime you use your Visa they (the bank / Visa) collect a non-negligible percentage of the transaction amount as well as any interest that might accumulate from failure to pay off your balance every month. When you don't use your Visa, they're losing money and the ability to effect their bottom line is the only influence you wield over them that they understand.. (I'm a little bit perplexed as to *why* you want another piece of paper floating around with your Visa information *and* your signature, but that's another issue. If you want Visa to take you seriously, you have to make them see that they have something to lose from the situation..) -mcnally. ------------------------------ Subject: Re: Digitizing signatures for credit card purchases Organization: I.E.C.C. Date: 17 Feb 93 20:44:33 EST (Wed) From: "John R. Levine" >I do *NOT* like the idea of some store >having my signature actually "on-file" digitally! If you think about it for a few minutes, digital signature systems don't introduce any new problems that we don't already have with paper signatures. After all, any bad guy with $300 can buy a scanner or fax machine and digitize any paper signatures he has lying around. As a relatively innocuous example, I have my computer set up to automatically take troff input for outgoing correspondence and rasterize it, insert a bitmap copy of my signature at the appropriate place and fax it off to the recipient using a fax modem. Recipients are often surprised to hear that there is no paper original version of the letter they received. I'm too cheap to buy a scanner, so to get the signature, I signed a piece of blank paper a few times, faxed it to myself using a friend's fax machine, and clipped the best looking signature out of the bitmap file. What would be appropriate is public education to remind people that it is so easy to doctor computer-stored images that a any digitzed version of an alleged document should be treated with extreme scepticism if there is the least question about its authenticity. Regards, John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl ------------------------------ From: John De Armond Subject: Re: Digitizing signatures for credit card purchases Date: Thu, 18 Feb 93 08:32:50 GMT Organization: Dixie Communications Public Access. The Mouth of the South. "Glenn S. Tenney" writes: >If you thought that signing for a package onto a notebook computer was bad, >you ain't seen nothing yet... >My wife just told me that The Gap (a large clothing store chain) store near >to us has a new computerized system. When making a credit card purchase >with a Visa card, she had to "sign" on a digitizing tablet. Then, they >printed out her receipt just like a cash register receipt with our credit >card number on it, but no signature. >When I sign for packages, I just print my name. For this, I might do the >same if push came to shove, but I do *NOT* like the idea of some store >having my signature actually "on-file" digitally! This is a bug in the system. There is a workaround :-) What I do is two-fold. One, I have a markedly different signature that I use for non-negotiable things such as shipment receipts as opposed to the one I use for negotiable instruments. The second tact is to simply mark an "X" on electronic signature devices. This isn't as satisfying as organizing a boycott or a protest but it does work and it let you have one less thing to worry about. John -- John De Armond, WD4OQC |Interested in high performance mobility? Performance Engineering Magazine(TM) | Interested in high tech and computers? Marietta, Ga | Send ur snail-mail address to jgd@dixie.com | perform@dixie.com for a free sample mag Need Usenet public Access in Atlanta? Write Me for info on Dixie.com. ------------------------------ From: "Glenn S. Tenney" Subject: Re: Digitizing signatures for credit card purchases Organization: Netcom - Online Communication Services (408 241-9760 guest) Date: Thu, 18 Feb 1993 09:38:25 GMT I got some email from someone basically asking "What's so wrong, they could digitize your signature from a piece of paper?" If you use a computerized credit card charge system where the ONLY receipt with your signature on it is one that THEY print when a charge is disputed, then you have no possibility of proving that you didn't make a purchase. *IF* someone took your carbons or forged your signature, then the signature would not be yours. You could go through all of your receipts and see for yourself. The merchant could NOT produce a forged receipt with un-forged signature. However, if a merchant (or actually someone working there) wanted to defraud someone, they could claim you had made purchases when you had not. When the bank or credit card company asked for a receipt, they could easily produce one with your signature on it -- just like the other ten thousand receipts they "keep on-line". Obviously, you did make the purchase since the signature is yours and is not forged. Does that clarify why this is a problem? If not, I can get even more verbose :-) -- Glenn Tenney voice: (415) 574-3420 fax: (415) 574-0546 tenney@netcom.com Ham radio: AA6ER ------------------------------ From: Scott Coleman Subject: Re: Digitizing signatures for credit card purchases Date: Thu, 18 Feb 1993 15:11:42 GMT Organization: University of Illinois at Urbana Apparently-To: comp-society-privacy@ux1.cso.uiuc.edu In article "Glenn S. Tenney" writes: >If you thought that signing for a package onto a notebook computer was bad, >you ain't seen nothing yet... [...] >When I sign for packages, I just print my name. For this, I might do the >same if push came to shove, but I do *NOT* like the idea of some store >having my signature actually "on-file" digitally! I, too, was disturbed by the privacy implications of the UPS digital notepad computers and other similar systems, but after some reflection I've decided it's really a non-issue. Slick new pen-based systems aside, ANY store can build up a collection of digitally encoded electronic versions of your signature. Take an HP scanner and some software, slap the credit card receipt you just signed onto the glass surface, and voila! They have a digital image of your signature for their files. In short, boycotting merchants who use such systems won't prevent the collection of digitized signatures. If a merchant wants to badly enough, he can do it already. ------------------------------ End of Computer Privacy Digest V2 #018 ******************************