Date: Sat, 27 Feb 93 10:29:09 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#021 Computer Privacy Digest Sat, 27 Feb 93 Volume 2 : Issue: 021 Today's Topics: Moderator: Dennis G. Rears Re: Digitizing signatures for credit card purchases Re: Digitized Signatures Digitized Voting Records Police Intelligence Files Re: Privacy of Police Reports Mass electronic scanning of UK international telexes from London The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 25 Feb 93 18:30:46 -0800 From: "Glenn S. Tenney" Subject: Re: Digitizing signatures for credit card purchases wicklund@intellistor.com says: >Many stores are going to non-computerized forms of this -- they print >you a receipt, then print a second receipt which you sign and they >keep. You don't have a receipt with your signature. Actually, just like simple contracts, you are given a copy for your signature. The copy you have, is the exact same as the copy they have. It is up to them to have your signature on their copy, just as it would be up to you to have THEIR signature on a credit voucher. You would be amazed at how many stores want ME to sign the credit voucher when I return something. I have to tell them that THEY have to sign it, since they are giving me money -- yes, the store does have to authorize the credit just as you have to authorize the charge. >Since I doubt the store physically sends the signed receipt to the >bank, your bank also doesn't have a signed receipt unless they get it >from the store, which will have a hard time finding a particular >receipt out of the hundreds for a certain day. But the store must do just that if you dispute the bill. >True, this will be simpler -- though for systems like the one >originally described I'm not too worried -- I doubt it has a built in >ability to patch an arbitrary signature on an arbitrary receipt. Well, I haven't audited their system, have you? Well, neither has Visa International -- a reasonable assumption, since Visa says a merchant can use ANY system they choose. Let's not get into arguing whether a paper slip with signature can be forged or not. We agree that it can. The difference is that with the well established system (based on contract law I would assume) of both you and the merchant having the same receipts, theirs with a signature and yours for you to sign, there is an audit trail. You might trust The Gap, but if Joe's Midnight Auto Parts used such a system would you trust them? If you use a paper credit card slip at Joe's, it is much easier to determine if a forgery has been committed, and it is easier to "trust" Joe's. Perhaps, my greatest concern is the utter lack of controls or regulation on these systems. There are rules governing the banks and credit card companies, but when the credit card companies start allowing merchants to devise their own systems, I am VERY worried. >I wonder how important the signature is. Many companies operate mail >order by taking phone orders. These companies never get a signature >from the purchaser, yet I haven't heard of either massive abuse of >credit card numbers (there are some, but it's not industry wide). >Hotels also routinely take card numbers for guaranteed reservations >and I assume they sometimes run the charges through. Then you may not been keeping up with the news... :-) Credit card fraud of mail order companies is happening on a massive scale. The companies are not defrauding the people, the companies are being defrauded by the use of stolen cards. They do not have your signature, but they get your address, verify the number and address from one of many firms, and then ship to that address -- all in an effort to hold down fraud. --- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER Voice: (415) 574-3420 Fax: (415) 574-0546 ------------------------------ Subject: Re: Digitized Signatures Date: Fri, 26 Feb 93 0:44:01 EST From: Alex Batyi I remember the first time I was faced with a digital signing board. United Parcel Service showed up with one one day and instead of the usual "Sign at 42.", he handed my the new gadget and asked me to sign it. At first I wouldn't do it. I had the same reservations that started this discussion. I had to think fast since this guy is trained to do his paperwork at a fast trot on the way up to the building. I didn't want my signature in a file but I wanted my goods. After a few words with the U.P.S. man I remembered that a signature is more than a two dimensional shape. Don't they have to get an analyst who looks at the way the pen distorts the paper fibers and the different pressures and speeds with which the pen travels over the paper and such? I can see that the new method might have varying widths as the pressure changed but I can't see them getting as much info from the digital pad as they would from the pen and paper method. I told the guy that I would sign it but that I didn't see how they could use it for anything legal. Half the time I just make a bunch of loops on the page anyway. I imagine the legalities of the digital signature were thoroughly examined before they invested any capital in the device but I also imagine that if it saved them enough time, space and processing steps that they would dismiss any negative legal hangups if the chances of them costing the company money were small enough. Usually when there is a question about a parcel, the deciphered name given over the phone is enough to satisfy the customer as to who received the package. I doubt they can use the same method to get a signature on a contract or other legal document. There just doesn't seem to be enough data recorded in the electronic pad to make it a legal signature. -- AJB N3JQB +1 215 785 6644 UUCP:rescon!bud Quote:"If you lose your memory, forget it!" bud@pacs.pha.pa.us Proverb:"The sooner you get behind, the longer you have to catch up." ------------------------------ Date: Fri, 26 Feb 1993 8:00:11 -0500 (EST) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Digitized Voting Records There have been discussions about digitizing signatures on drivers liscenses and UPS receipts; I'm now going to address that in another area: voting. Suffolk County, New York, is going to digitized voting records which will be used when a person votes in an election. This process reduces the massive books that contain voter registration cards in every election district in the county. The current records for each registered voter in each election district are kept in 11x14x3 (or larger in depth) books which are very clumsy to handle to say the least (I'm an election inspector on a part-time basis). Now they will be in 8x11 books which will contain all of the necessary information such as: full name, current address, citizenship (if not born in the US, then proof of naturalization), signatures obtained each time a voter voted, party affiliation, inspector's initials, etc. Note that I didn't mention SSNs; that portion was done away with because of a lawsuit, I think. According to election officials, a test was made in the smaller half of the county (population by geographical location; if anyone wants a description of that, e-mail me) during the 1992 general election and was successful. Full implementation will occur in the 1993 general election (I'm talking about New York). They also hope to reduce the number of voters who have to vote by affidavit (insist that they are a registered voter in a district but the voter registration card is missing; most of these instances are the voter not remembering the correct election district). Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ From: KitchenRN@ssd0.laafb.af.mil Subject: Police Intelligence Files Date: Fri, 26 Feb 93 09:01:00 The Los Angeles Times this morning (Feb 26) had a big front-page article about a scandal that is rocking the San Francisco Police Department. Apparently, the SFPD had an intelligence unit that kept track of "potential troublemakers." As far as I know, this unit still exists. Anyway, information from their files was leaked to the Jewish Defense League, which sent it on to Israeli intelligence. In addition, the information also made it into the hands of South African intelligence. An SFPD officer has been accused of leaking this data. The article also said that the Los Angeles Police Department and the San Francisco Police Department were sharing intelligence information, and some of the data from the LAPD also was included in this leaked information. This is all very interesting, because, even with a new police chief, the LAPD continues to insist that it has never had an intelligence unit. All of the data involved people who were never convicted of any crimes. Such targets as Arab-American groups and skinhead groups were infiltrated in order to obtain this information. Rick Kitchen kitchenrn@ssd0.laafb.af.mil ------------------------------ Date: Fri, 26 Feb 93 15:06:51 -0600 From: Jonathan Thornburg Subject: Re: Privacy of Police Reports The references in chapter 4 of "Your Right to Privacy: A Basic Guide to Legal Rights in an Information Society" % "An American Civil Liberties Union Handbook" 2nd Edition Evan Hendricks, Trudy Hayden, and Jack D. Novik Southern Illinois University Press, 1980, ISBN 0-8093-1632-3 discuss the question of "public" access to police blotter information in some detail. - Jonathan Thornburg or [until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity and [until ~Apr/93] U of British Columbia / {Astronomy,Physics} ------------------------------ Date: Fri, 26 Feb 93 17:30:55 From: James Faircliffe Subject: Mass electronic scanning of UK international telexes from London A few months ago, a well-respected British TV documentary show (might have been 'World in Action') discovered that all out-going telexes from the Uk were electronically scanned by British Telecom (the main phone company) personnel, supervised by the security services. Direct scanning by the security services would have been illegal. They were looking for words like 'terrorist' & 'bomb', but the civil liberties implications are far-reaching. Obviously, this could affect the privacy of American telexes to the U.K. J.F. Faircliffe. i_userid_4@uk.ac.uclan.p1 ------------------------------ End of Computer Privacy Digest V2 #021 ******************************