Date: Thu, 19 Aug 93 16:37:52 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#017 Computer Privacy Digest Thu, 19 Aug 93 Volume 3 : Issue: 017 Today's Topics: Moderator: Dennis G. Rears Trusted source for PGP keys Re: License Photo Images Re: License Photo Images Re: Enhanced Driver's License Re: Digital Cellular - was Re: First Person broadcast on privacy Terminal Compromise (was: About Terminal Compression) ----- Re: Beepers restrict or give freedom Sharing government databases The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Marcos Javier Polanco Subject: Trusted source for PGP keys Date: 15 Aug 93 18:11:54 GMT Organization: Stanford University Sorry if this is in a FAQ, but is there some trusted entity in the internet which publishes the public keys of individuals using PGP? Thanks. -marcos j. polanco -shiva@vega.stanford.edu ------------------------------ From: John Kennedy Subject: Re: License Photo Images Date: 16 Aug 1993 00:04:32 GMT Organization: California State University, Chico In article , Quagga wrote: --> Do states have a right to retain an image of you when you get your --> Driver's License? My sister recently got hers renewed and was sure --> that the image was digitized. In CA, I _know_ mine was digitized, as well as my fingerprint. I've heard that the image is kept, although there are some restrictions on what information the DMV can release (although I haven't heard them applied to the pictures... more for the SS#). I suspect that the images are at least forwarded down to the "primary" DMV where the new driver's licenses (at least for CA) are made. -- Windows/NT - From the people who brought you EDLIN ------------------------------ Date: Mon, 16 Aug 93 12:41:46 PDT From: Kelly Bert Manning Subject: Re: License Photo Images The use of digitized pictures protects against alteration of driver's licence card if they are stolen and allows them to be authenticated quickly. BC uses this kind of system for some kinds of ID, eg Ministry of Social Service(formerly welfare) staff, but not clients(recipients). The point is that the strip on the back can be quickly scanned and used to bring up a recorded picture to match against the picture on the card. Seeing someone's picture on something that looks like a valid ID card is no guarantee that it is a valid ID unless it is authenticated in some way. Don't California and some other states already require drivers to give finger print impressions? This seems like a relatively minor issue compared to that. With workstations in police cars this can now be used to check on people who say that they have "lost" or left their card at home, without having to eat up a lot of time taking them down to a station. A man here in Victoria successfully used this line to impersonate someone else for about 5 or 6 stops until he got caught is a speed trap and the police overheard a friend of his asking why he had used someone else's name and address. A woman in vancover had her life turned into a nightmare after a young man who walked into her place of work distracted her, took her ID and credit cards and disappeared. Her credit cards had been rung up past her credit limit by the time she finished work and reported them stolen. Her driver's license was altered with the photo of a younger woman and used for over a year to purchase cars, open phoney credit accounts, and to buy cars and insurance with rubber checks. The victim was arrested several times and had to deal with (private sector)sheriffs trying to seize her own car at her home at least once, as well as having to explain a never ending series of police and collection agency visits to her neighbours before the impersonator was arrested. In a previous article, quagga@trystero.com (Quagga) says: >Do states have a right to retain an image of you when you get your >Driver's License? My sister recently got hers renewed and was sure >that the image was digitized. > >The state's logic is probably: >"Oh goodie we can use this for identification and forward your > picture to the police if necessary." > >My logic is probably: >"Mind yer own business!" > >Any thoughts? > >equus quagga. >quagga@trystero.com >"But you can call me Cheryl.." > \o/ "Ich habe festgestellt, das es N I C H T S gibt, was Deine > (( Aufmerksamkeit schneller und vollstaendiger fesselt, als ein > \\ sich nicht oeffender Fallschirm!" -moi. =) > ------------------------------ Date: Wed, 18 Aug 93 02:48 GMT From: Christopher Zguris <0004854540@mcimail.com> Subject: Re: Enhanced Driver's License This may be a little off-topic, but I just got my New York non-drivers photo ID (I don't drive, so I never had the need until recently when everyone seems to want photo ID for credit card purchases) and on the back it has a bar code and a magnetic strip. Friends drivers licenses don't have these, but their licenses haven't been renewed so maybe NY is in the process of phasing this in (I got my ID from the DMV, so it's the same card). I was wondering what this is for? I've seen reports of our local police and traffic cops using computers to write tickets instead of hand-writing them. Do other states use the bar code/mag strip to directly tie into the DMV? I know the NY DMV lags behind the rest of the country, so what other applications are these things being used for (they would put the bar code & mag strip there for no reason)? Christopher Zguris CZGURIS@MCIMail.com ------------------------------ Date: Wed, 18 Aug 93 02:49 GMT From: Christopher Zguris <0004854540@mcimail.com> Subject: Re: Digital Cellular - was Re: First Person broadcast on privacy I wrote: > Or are the bulk of the eavesdroppers out there using > hacked cellular phones that would automatically follow the freq. shifts > to provide continuous coverage like the real phone? In Computer Privacy Digest V3#015 Brinton Cooper responded, in part: >Cellular phones generally don't do spread spectrum, so hacking them is >as much work (see above) as hacking any radio receiver to do the job. > Somehow I missed the fact that cellular AND cordless were being discussed, I thought we were just talking about cellular. I seem to remember messages in TELECOM DIGEST about cellular phones being receivers and if they are hacked/modified/programmed with another cell phones ID they will follow whatever is happening with the legit phone, moving from freq to freq. From what has been said, I am assuming this would be impossible with a protected/encrypted ESN since it would be difficult to find it by monitoring other cell phones. Christopher Zguris CZGURIS@MCIMail.com ------------------------------ Date: Wed, 18 Aug 1993 13:01:49 -0400 (EDT) From: Paul Robinson Reply-To: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Terminal Compromise (was: About Terminal Compression) ----- As pointed out by someone who read my message reviewing the book, it's name is 'Terminal Compromise' not 'Terminal Compression'. From the announcement of the book: THE WORLD'S FIRST NOVEL-ON-THE-NET (tm) SHAREWARE!!! By Inter.Pact Press "TERMINAL COMPROMISE" by Winn Schwartau --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: Nothing is as inevitable as a mistake whose time has come. ------------------------------ From: Scott Coleman Subject: Re: Beepers restrict or give freedom Date: Wed, 18 Aug 1993 16:03:24 GMT Organization: University of Illinois at Urbana My pager gives me freedom. I have a computerized voice mail setup at home which will page me whenever an incoming message is taken. I can then phone home and retrieve my messages and, if I wish, call the party back. The beauty of this system is that nobody need know I have the pager; from outward appearances, they're just leaving a message on an answering machine (and possibly receiving a very quick call-back). If the message is not important, I can ignore it/deal with it later. Thus, I get all the benfits of being always reachable without the drawbacks of having to give a pager number to everybody (or having those people know that I have a pager and thus expect immediate reponses). -- Scott Coleman, President ASRE (American Society of Reverse Engineers) tmkk@uiuc.edu Q: What's the difference between Jurassic Park and IBM? A: One is a complex and expensive theme park, filled with dinosaurs and unreliable equipment -- and the other is a Steven Spielberg movie... Q: What's the similarity? A: They both have clones. ------------------------------ From: Phil Karn Subject: Sharing government databases Reply-To: karn@qualcomm.com Organization: Qualcomm, Inc Date: Wed, 18 Aug 1993 18:44:28 GMT With all the talk about the risks of governments sharing or cross-correlating separate databases, I thought I'd describe one case where I erroneously assumed to my detriment that the government *was* correlating its databases. When I bought a house in San Diego a year ago, I dutifully notified the DMV of my new mailing address by filling out a change-of-address form for my drivers' license. Silly me foolishly assumed that by doing so, all of the DMV's records (specifically vehicle registration) would be similarly updated. After all, it's the same state agency, and they even share the same large room in the local DMV office. Not so. Recently I noticed the "AUG" on my license plate, and suddenly realized that I hadn't gotten a renewal notification in the mail. Worse still, I checked my registration and discovered that it lapsed 9 days earlier. I immediately went to the DMV office and asked why I hadn't gotten a renewal notification even though I had filed a change of address. The droid behind the counter checked their records, which actually showed that the renewal notice had been sent to my old address and returned "unclaimed". Furthermore, they mark the notices "do not forward", so it didn't matter that my forwarding order had long expired. I asked why they didn't learn about my new address from my drivers' license, and was told that "they're two separate entities". Gee, I guess I was pretty dumb for thinking they were all part of the same California DMV, and that they would actually make practical use of the drivers' license number I originally put down on my registration application. So this little screwup cost me a 40% penalty in the renewal fee. It seems that governments are more than willing to keep their databases rigorously separated if the practical effect is a little "revenue enhancement"... Hmm. 40% interest for 9 days...no doubt the state has found a way to exempt itself from the usury laws it applies to everyone else. Of the four state DMVs with which I've done business (Maryland, Illinois, New Jersey and California), California is definitely the worst. Phil ------------------------------ End of Computer Privacy Digest V3 #017 ******************************