Date: Wed, 05 Oct 94 15:00:50 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#044 Computer Privacy Digest Wed, 05 Oct 94 Volume 5 : Issue: 044 Today's Topics: Moderator: Leonard P. Levine Re: 2020 World Re: 2020 World Re: The Crypto Dilemma Re: How to verify your phone number Re: How to Verify Your Phone Number Re: How to verify your phone number Re: Background Check For Job Re: Background Check For Job MCI Employee Charged in $50 Million Calling Card Fraud DT in the House: Today's the day! Really! Almost certainly! Re: Eastwood Door Problem Re: Eastwood Door Problem Re: Eastwood Door Problem Re: Eastwood Door Problem Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: craig@killerbee.jsc.nasa.gov (Craig Biggerstaff) Date: 03 Oct 1994 22:04:45 GMT Subject: Re: 2020 World Organization: NASA Johnson Space Center, Houston, TX, USA Paul Robinson (PAUL@tdr.com) wrote some reasons why it is foolish to disregard reading and writing in favor of multimedia technology: Mr. Robinson is correct in pointing out the dangers of video; I have seen "multimedia" used as a synonym for "propaganda". An observation or two of my own: 11. The simpler solution is usually the more effective (a basic engineering virtue). No one takes a laptop to the store to read a grocery list; it requires more work to achieve the same result. 12. Printed material moves at the reader's own pace. For something hard to comprehend upon first reading (e.g., quantum physics lessons), the reader can stop and ponder each word. This is much simpler than using the "rewind" button repeatedly. But there is one point he is correct upon; the average 9-year-old will be less educated than the 6-year-old of today because the public schools will be more expensive and less effective than they are now. By the time someone comes out of college, his 2-year or 4-year degree won't even be the functional equivalent of the high-school diploma of 1950. I am less convinced of this; Parkinson's Law applies to education as to most other things. The amount of "necessary" knowledge expands to fill the time available. We do not learn about the Middle Ages anymore, or Latin and Greek; they are not considered priorities now. In twenty years, much of what we have learned will be ignored in favor of something else. What we do not learn is a function of priorities. (Right now it is essential that our offspring feel good about themselves, whether they learn anything else or not: we give them a cheap substitute for the true, lasting satisfaction that comes with mastery of a task.) ---------------------------------------------------------------------- Craig Biggerstaff Software Engineer craig@killerbee.jsc.nasa.gov Unisys, Houston, TX ------------------------------ From: idela!markb@ide.com (Mark Bells Home Account) Date: 04 Oct 94 16:52:55 PDT Subject: Re: 2020 World 2020world column title: Emily is illiterate The information superhighway -- aren't you tired of reading about it? And it doesn't even exist! Well, for some of us it does now... But it will. And after it's built, we will live in a very different world. ... It's the year 2020, your daughter Emily is 9 years old, and she can't read or write. Is this your worst nightmare about our schools come true? Nope, Emily just doesn't need to read or write anymore. Look inside your own head. Do you store information as written words? Do you dream in written words? No, you don't. Visual images and spoken languages are our natural form of information. Writing is nothing more than a technology. Well, writing is special. Who knows why we have evolved being able to read and write? But, once someone has spent the 100 hours it takes to get enough proficiency, he or she can launch into the print world in any direction, with RANDOM ACCESS. That is, the reader can jump instantly from topic to topic or paragraph with equal ease. I'll bet you are now in the "but what about..." stage: Um, yes, I am... But what about education? Video can do anything books can do; ARRGH! well-produced video can do many things better. Which is the better way to learn about the Civil War -- reading a text for 10 hours or watching 10 hours of Ken Burns' PBS production on the Civil War? They both offer something of value. But print has the crucial advantage that the READER decides how to access it, whereas video or audio the AUTHOR decides how it is accessed. Most of the time when I need information, I turn to a print source and skim until the parts I need. I may be skimming over stuff I already have learned or simply don't need. Yet I do see that it is there and make mental notes of that in case I need it later. The other important distinction is that video (usually with evocative music) is a much more emotional medium than ordinary print. One's reactions to a problem are powerfully colored by whether the problem is presented in print or video. Certain problems respond well to video. However, note that today people live in more anxiety than previously, in great measure because of repeated exposure to crime and violence on TV "news." In fact, where I live (Northridge, CA) violent crime has DECREASED 18% in two years yet most people believe it has increased and are more uneasy than before. Those who get their news from print are much less likely to feel this way. But what about the law? Don't we need the precision implied by written rules? Perhaps, but wouldn't videos of the original trials, legislative debates, rulings and precedents be a better guide to future generations than law books? How oh how could this be? Since one has to watch a trial video in real time, reviewing it takes as long as it took originally. One can find legal citations REAL FAST with legal software or actual lawbooks. Even with videos, someone would have to index them and prepare machine-scannable summaries, etc. (One note in defense of the 2020world scenario is that one could somewhat overcome the crippling real-time hurdle by compressed viewing. That is, humans can understand speech at about twice normal spoken speed and there are or will be viewing devices that speed up the original yet shift the speech so it is still intelligible. But even there, you are looking at 200 words per minute tops, whereas a good reader can read FIVE TIMES that fast; much faster still if they're scanning for only useful portions.) Send me your own "but what abouts." But make sure to include your thoughts about how the 2020world would deal with those situations, too. Does Emily really need to read and write in 2020world? I don't think so. Do you? Well, she does if she is not to be at the mercy of the slow. I believe there will be many technopeasants who have severely limited reading skills but those who would assume positions of authority and importance will WITHOUT QUESTION need to read. So here's a "but what about." What I think will happen is that print's importance will not diminish at all for parents who want their kids to be able to make their own, independent way in life. What probably will happen, however, is that our schools will continue to wither and parents will be empowered by the network. Since children can usually learn to read in one hundred hours and since more and more schools seem to not be doing that, the net will provide support for parents who want to take alternative routes. I can give you two major examples. First, visit any of the consumer oriented nets (Prodigy, America Online, etc,) and get into the bulletin boards on homeschooling. There is an absolute wealth of information there which, viewed through the Establishment lens, is subversive. People are most forthcoming and willing to help the neophyte. Second, consider that there was a recent Federal law drafted that would have placed all homeschoolers nationwide under the regulation of the government and the teacher's unions. This law was defeated (to the shock of those who had backed it) by a storm of grassroots protest. Much, perhaps half, of the protest was facilitated by the Net. Quite an accomplishment. So now, in some measure because of the Net, homeschoolers may be past the point of the government stopping them. This in turn creates centrifugal forces in our society, yet the Net then acts as a unifying force for all the newly created disparate interests to reunite in birds-of-a-feather groupings. Thanks for taking the time to read this loonnggg e-mail. Please join in and help us understand the real nature of our world after the information highway is built. Send your subscription e-mail right now! I'm looking forward to adding your thoughts to our discussion. Good luck with your enterprise! -- Mark Bell 43-yr old father of 10 year old girl who is print literate... ------------------------------ From: tro@ping.com (Tom Olin) Date: 03 Oct 1994 21:53:35 +0500 Subject: Re: The Crypto Dilemma Shayne Weyker writes: It's an ugly choice. And I've heard too many people dismiss the folks on the other side as either voyeuristic fascists or paranoid anarchists with a "don't worry, be happy" attitude towards public safety. Both sides are doing public who depend upon the quality of the debate a disservice. The debate should have less fear-mongering about what is goin to happen if "the other side" wins, and more brainstorming about exactly what new technology, new laws, and new behaviors we can develop which will protect us against the very real dangers of a world with too much or too little crypto in the public's hands. While I agree that we should avoid fear-mongering and instead concentrate on a cool, calm discussion of the issues, Mr. Weyker fails to acknowledge the major practical difference between the advocates and the opponents of Clipper, Digital Telephony, etc.: The advocates are attempting to enact legislation; the opponents are merely trying to prevent its passage. Reasoned discussion would be much more likely if the advocates weren't so busy trying to ram legislation through Congress with little or no public debate. Repealing any such law will be much more difficult than preventing its passage in the first place. Since the advocates show no interest in suspending their legislative efforts in order to give the public a chance to fully consider all the issues, opponents of the measures have no choice but to resist as best they can. -- Tom Olin Internet: tro@ping.com Waterville, NY tro@speedway.net Voice/fax: +1 315 861 7712 ------------------------------ From: stark@rtsg.mot.com (George Stark) Date: 04 Oct 1994 03:20:27 GMT Subject: Re: How to verify your phone number Organization: Motorola Cellular Infrastructure Group pp000837@interramp.com wrote: If you dial 1-800-MY-ANI-IS (1-800-692-6447), you should be able to ascertain/verify the number you are calling from. This technique is particularly useful when calling from a pay phone (that accepts incoming calls but is missing a listed number) or when calling from an unlisted phone that you want to crack. When calling from my work phone, it gave the wrong number for the extension I was at. Otherwise is worked in (708) land. -- George stark@rtsg.mot.com ------------------------------ From: cbarnard@cs.uchicago.edu Date: 04 Oct 94 12:39:51 CDT Subject: Re: How to Verify Your Phone Number johnny@.interramp.com If the corrected number still does not work, please let me know. I have found this number to work from many phones around the country. However, I do not know whether it works from all phones or geographic areas. I also don't know who the sponsor of this service is or how long it will be available. This number works from Chicago (312), but it doesn't return the correct phone number (it wasn't even close). I tried dialing the number that was returned and was told that "this number is not in service". The University's telephone switch might be confusing it, though... +----------------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@cs.uchicago.edu / \ anybody could become president. | | (312) 702-8850 O---O Now I'm beginning to believe it. | | http://cs-www.uchicago.edu/~cbarnard --Clarence Darrow | +---------------------finger me for my PGP public key------------------------+ ------------------------------ From: "M. Otto" Date: 05 Oct 1994 09:36:01 GMT Subject: Re: How to verify your phone number Organization: Zetetic Institute pp000837@interramp.com writes: If you dial 1-800-MY-ANI-IS (1-800-692-6647), you should be able to ascertain/verify the number you are calling from. 1-800-MY-ANI-IS translates out to 1-800-692-6447. Try that instead. It worked just fine for me in 817 land. -- __ ____ __ otto@vaxb.acs.unt.edu /|/| / / / / / / A virtual prisoner of the VAX // I'm sorry; my karma / |. /_/ / / /_/ at The University of North Texas \X/ ran over your dogma Denton, USA ------------------------------ From: kazmarek@ix.netcom.com (Edward Kazmarek) Date: 04 Oct 1994 23:32:56 GMT Subject: Re: Background Check For Job Organization: Netcom lindline@rice.edu (Ann Lindline) writes: Is this legal? If you want to work for certain government agencies, I know you have to submit to, and subject your family and friends to, a lot of poking and prying into backgrounds. Is working for a defense contractor basically the same as working for the government? What rights to refuse would these roommates have? Any feedback is much appreciated. I'm not sure, but I suspect it's legal. At least, it's pretty common. For security clearance background checks, it is quite common to assess someone's potential security risk by the character of the company they keep. Even more, it's quite common to pursue what are called "developed references." You ask a listed reference, "Who else knows this person?" You ask the same question to two or three names on that list, and so on for two or three levels. You'd be surprised that you don't have to go very far in a chain of developed references before you're talking to people who are NOT friends of the candidate. And you get some REAL interesting information. That's life. -- E.A. Kazmarek kazmarek@ix.netcom.com Long, Aldridge & Norman ekazmarek@attmail.com 303 Peachtree Street, #5300 (404) 527-4160 Atlanta, GA 30308 fax (404) 527-4198 ------------------------------ From: anonymous Date: 05 Oct 1994 12:00:00 Subject: Re: Background Check For Job Moderator, if you catch this message, I would appreciate having my name and affiliation removed, due to the sensitivity of the topic. lindline@rice.edu (Ann Lindline) wrote: Is this legal? If you want to work for certain government agencies, I know you have to submit to, and subject your family and friends to, a lot of poking and prying into backgrounds. Is working for a defense contractor basically the same as working for the government? What rights to refuse would these roommates have? Yes, I believe it is. My sister works for a nave contractor, and although her job may not be charaterized as "high risk" the level of security clearance that she has is relatively high. Because of that, her family and friends were checked out. I personally did not have to undergo any interviewing, but that may be because I'm relatively "clean." in addition, her husband works for the CIA, so they may think that he'll keep on eye on her (even though that's beyond their charter, I think that's the NSA's ). The FBI does the same thing. My girlfriend in college had a friend (who didn't even go to the same school) who was applying for an FBI-related appointment, and the FBI sent someone from one of their field offices to interview her. He spent the better part of a day "lurking" until he presented himself and his badge to explain what he was doing their. Although we may not like it, when subjects of "national security" come up, it appears that the government can take whatever measures they feel are necessary... ------------------------------ From: Monty Solomon Date: 05 Oct 1994 04:05:41 -0400 Subject: MCI Employee Charged in $50 Million Calling Card Fraud Excerpt from TELECOM Digest V14 #385 Date: 04 Oct 94 12:47:54 CDT From: telecom@eecs.nwu.edu (Patrick Townson) Subject: MCI Employee Charged in $50 Million Calling Card Fraud Felony charges of access device fraud involving over one hundred thousand telephone calling cards -- mostly those of MCI customers but including cards of local telcos and in a few instances AT&T and Sprint have been filed against Ivy James Lay of Charlotte, NC. Lay, employed as a switch engineer by MCI in its Charlotte switching center until his arrest and indictment at the end of last week, is also known by his phreak name 'Knightshadow'. He was fired late last week when MCI concluded its investigation into his activities. According to Secret Service Special Agent Steven Sepulveda, Lay had installed special software in MCI switching equipment which trapped the calling card numbers and personal identification codes of callers. He then sold these stolen calling card numbers to other phreaks all over the USA and Europe. MCI claims that about one hundred thousand of its customers' calling cards have been compromised as a result. In addition, several thousand calling cards issued by AT&T, Sprint and/or local telephone companies have been compromised as a result of traffic from those carriers being routed for whatever reason through the MCI center in Charlotte. The dollar value of the fraud is estimated to be fifty million dollars by the Secret Service and MCI. Some of the fraud traffic occurred as recently as the last two weeks and has not yet been billed to customers. According to MCI and the federal indictment, Ivy James Lay is the leader of an international fraud ring operating in Los Angeles and several other US cities as well as Spain, Germany and the UK. The indictment claims he supplied stolen calling card numbers to phreaks all over the USA and other parts of the world. A spokesperson for the Secret Service called the case unprecedented in its sophisticated use of computers and the manner in which the fraud ring coordinated its activities on a global scale. MCI spokesperson Leslie Aun characterized the case as the largest of its kind in terms of known losses, both in dollar amount and number of customers who were victimized. Ms. Aun added that Ivy James Lay was immediatly fired once the joint investigation by MCI and the Secret Service was finished late last week. In raids conducted simultaneously at the homes of Mr. Lay and other co-conspirators last week, agents seized many items including six computers with pirated commercial copyrighted software and many boxes full of computer disks with thousands of calling card numbers on each. Telephone toll records of Mr. Lay and other phreaks involved in the scam have also been obtained showing examples of fraudulent traffic. Spokespersons for Sprint, AT&T and MCI are encouraging customers who believe their calling cards were compromised in the scam to contact the appropriate customer service department immediatly so their cards can be cancelled and re-issued. Customers should bear in mind that the vast majority of the fraud was against MCI customers whose traffic went through the Charlotte center. If convicted, 'Knightshadow' as he known to other phreaks and his co-conspirators face ten years in a federal penitentiary. It must be remembered that in the United States, our constitution requires a presumption of innocence on the part of Ivy James Lay and the other phreaks involved until their guilt is proven by the government in a court of law. ------------------- In certain other prominent e-journals on the Internet, we have read in recent days that computer crime is not nearly the serious matter the government claims it to be. It sounds to me like the sneak-thievery of a hundred thousand plus calling card numbers and fifty million dollars in phreak phone calls is serious enough. We have long known about telco employees who themselves are as corrupt as the day is long; who think nothing of taking bribes for providing confidential information about their employer and its customers. But most of it to-date has been petty ante stuff; a few dollars under the table for a non-pub phone number, or maybe a hackerphreak who gets a job with telco then uses information and technology at his (legitimate) disposal to cover his own tracks where obscene/harassing calls are concerned. But a hundred thousand calling cards and fifty million dollars in traffic???? At what point are certain publishers/editors on the Internet going to wake up? Computer crime is growing expotentially. I think it is time to have another massive crackdown, similar to Operation Sun Devil a few years ago. Let's start getting really tough on hackers and phreaks. -- Patrick Townson ------------------------------ From: steven cherry Date: 05 Oct 1994 12:10:51 -0400 (EDT) Subject: DT in the House: Today's the day! Really! Almost certainly! FOR THE HOUSE, TODAY IS THE DAY The debate, such as it was, was last night. The vote could be anytime today. Please call your Rep today, register your opposition, and demand to know how they will be voting today. Please let us know as soon as they've committed either way. Thanks. We get a second chance if needed in the Senate, but we could win the whole thing today. If you don't know your Rep's number, and don't have gopher access (see unix command line below or just gopher to gopher.panix.com), write and we'll look it up. To summarize, the bill is included in the Suspension Calendar, which allows only 40 minutes of debate, no amendments, and items require a 2/3 vote to pass. Some other items on the suspension calendar have failed already. Our position is that Congress needs more time to study the issue, and therefore the Suspension Calendar vote should be "no". In particular, the following questions remain unanswered about the FBI's bill: * Law enforcement has yet to demonstrate the need for this bill * No study has been made showing how much it will cost to fulfill the requirements of the bill * No study has been made showing the impact on smaller local telephone companies * No evidence has been presented showing that once the mandates of the legislation have been carried out, that law enforcement will be able to execute wiretap orders in the face of continually changing telecomm technologies -- Steven Cherry Media contact Voters Telecommunications Watch (718)596-2851 gopher -p 1/vtw gopher.panix.com ------------------------------ From: rgoggans@mason1.gmu.edu (Robert Goggans) Date: 03 Oct 1994 21:08:33 -0400 Subject: Re: Eastwood Door Problem As I was reading the dilemma about the Eastwood Door, it occurred to me that any data collected will be kept forever. Storage is relatively cheap, and information is worth something. Assume that the data from the entry program is collected by a security firm and then compared to the database on the NCIC to establish any correlation. Joe Friday, the CIO at the security firm notices that people who had been convicted of burglary often opened their doors between 0200 and 0500. Being the great crime fighter that he is, Joe issues a list of the people who frequently open their doors during these hours and tells his security guards to keep an eye on these "potential criminals". Jane Greasyspoon, a waitress at an all night truck-stop, begins to notice that the security guards at the condominium seem to be following her and looking inside her car. She just thinks she is being a little paranoid. A few months later, a burglary takes place in the neighborhood. Although Jane has never received even a traffic ticket, she is questioned by the authorities on an anonymous tip. Has her privacy been invaded? One more example. Fred Lardass goes to the local supermarket four or five times a week to get cookies, doughnuts, and milk, along with other things. He always uses his debit card at the checkout and his purchases are recorded in a database. This database is in turn sold to a data wholesaler for further sale to advertising companies to be used to target potential customers for direct mailings. But these lists are for sale to anyone, and Bill Bureaucrat at the local police department gets a copy. Bill compares purchasing patterns with convictions for marijuana arrests and establishes a correlation. He constructs a list of people who meet the profile, compares it to the Department of vehicles list, and issues a warning to Patrol Officers to beware that these people might be drug offenders. Officer Dan I. Bail stops Fred Lardass for a minor traffic violation. Before he leaves his vehicle, he punches the license number into his on-board computer and, viola, the warning pops up. The officer decides to search the vehicle because he thought he saw the driver stuffing something under his seat. After a one hour intensive search, aided by the departments drug-sniffing rhinoceros, the result is negative for drugs. However, their is evidence of chronic candy abuse, as evidenced from the 200 Snickers wrappers, 82 empty coke cans and a half-eaten doughnut. Officer Bail enters Fred's name into the computer so that Social Services will be able to contact Fred with information about Overeaters Anonymous. These examples suggest that the question is one of storing the data at all, not just for how long. Someone could always make a "bootleg" copy before the master is erased. ------------------------------ From: aja@cad.vmss.gmeds.com (Andrew J. Allen) Date: 04 Oct 1994 18:05:39 GMT Subject: Re: Eastwood Door Problem Organization: Cadillac World Headquarters "Prof. L. P. Levine" writes: A good question might be asked. "How long should the data be kept, who should be allowed to see it before it is deleted, and under what conditions should the data be made available?" Investigation has shown that this question is rarely, if ever, asked. The data points are collected only to help detect the perpetrators of theft and vandalism and to secure the structure. They are not collected to identify the comings and goings of the residents, to aid lawyers in divorce cases, satisfy the curious, or collect statistics on wear and tear on the door latches. To me, this is an easy one. Although it requires a cooperative relationship between the Condo. board and the residents. - All key usage records will, routinely, be deleted after 48 hours. . This is to ensure maximum privacy while providing the residents the opportunity to identify any unwanted activity associated with their residence. . Optionally, records could be routinely retained for slightly longer periods to accomidate weekends and holidays (as one can count on at least one resident being away during these periods). - Key usage records may be retained for longer periods, based on resident request. . This will facilitate retaining key usage information that may be of value if undesired activity is associated with a resident's unit while he is away for extended periods. . It is possible to create the methodology necessary to delete those key usage records when the resident returns, yet retain those key usage records that may be needed to accomidate another resident with overlaping absence dates. - Key usage redcords may be retained for any or all keys for any length of of time in order to satisfy an appropriate police or court request/order. - Key usage information shall not be devulged to any person other than that information necessary to satisfy an approptiate police or court request/order. Information shall only be provided to those who have a need to know. This means, for example, that a parent who wants to verify the time his child got home last night will not be able to get that information from the key usage logs. As a closing note: It seems to me that the students responding to this question need to read the requirements again and get out of the box. They all seemed to be in the box that says that the record retention rule must apply to all the records, all the time. This is very limiting and will not win much business. To win contracts, you must learn to read the customer's real needs and concerns, and design your solution to meet them. Be creative!!! -- *---------------------------------------------------------------* | aja@cad.vmss.gmeds.com | Opinions are my own and do not | | EDS/Cadillac World HQ | necessarily reflect those of my | | 30009 Van Dyke | employer or customer. | | P.O. Box 9025 |--------------------------------------* | Warren MI 48090-9025 | Advise given without warranty. | *---------------------------------------------------------------* | Any suficiently advanced technology is indistinguishable from | | magic. A. C. Clarke | *---------------------------------------------------------------* ------------------------------ From: gordon@sneaky.lonestar.org (Gordon Burditt) Date: 04 Oct 94 14:45 CDT Subject: Re: Eastwood Door Problem Organization: "Gordon Burditt" I take considerable exceptions to the opinions of the students on the subject of the Eastwood Door Problem. The approach I'm taking isn't strictly ethics, either, it touches a lot on safety and the system design. The purpose of the new security system includes: - Selective access by residents into areas they are authorized to enter. - Quick invalidation of access due to lost or stolen keys, a resident moving out, failure to pay rent, etc. - Convenient access by residents, not requiring multiple keys. - Giving temporary access (a few days) is practical and not costly. - Recordkeeping of who was where when, to be matched against reports of crimes. Note that all but the last doesn't require any recordkeeping of entry or exit events at all, but provides considerable benefit by themselves. I don't agree at all that recordkeeping is THE "primary purpose of the system", if it is a purpose at all. Recordkeeping may endanger your tenants and it should not be done unless there is sufficient benefit to overcome the risks. The danger is especially great when the system is thought to be infallible, but it isn't. It appears that this system is likely to have so many holes in it that it's worse than useless in solving crimes. A more accurate record-keeping system could probably be forced on employees by an employer but not on tenants by a landlord. It's too inconvenient, even if nobody objects on privacy issues. Some digested forms of the data don't present much of a privacy danger to the residents, but may be of use to management. (Example: door traffic stats by hour, day of week, and season, without identifying any residents, used to decide where to put more doors. Because of seasonal variations, you need at least a year of data. Maybe two, to see trends. It's hard to sue someone or target them for burglary, or accuse them of burglary with this kind of data). Consider keeping this kind of digested data rather than the raw, individually-identified data. Even this data shouldn't be public, as it gives muggers a good idea of where to find people alone. Now, some technical questions about the door system and its management. (1) How long does it really take to invalidate a key (a) in an emergency, such as a key taken at gunpoint, or (b) for routine matters, like a resident moving out, or a lost key report? from the description, the doors aren't wired to a central computer. Reprogramming 40 doors (well, for one key a subset of these would be required, maybe 10 outside doors and one building door) might take several hours with walking around to the doors taking most of the time. Ideally the desktop computer generates new lists and the doors can be reprogrammed by downloading from some sort of portable storage device/computer. How often will the wrong list end up in the wrong door? For routine matters, are they going to BOTHER reprogramming the doors more often than the weekly collect-the-data procedure? (2) Does it require using a key to EXIT the complex? If not, your records are almost useless. If so, I suggest having a talk with the fire department. An alternative method is having a way to exit the door in an emergency that sounds an alarm (and logs it) but lets people out. Assuming you record entry and exit events, you should be able to model the system as a number of areas (with "outside" being one of them), and a set of doors that permit entry from one area to another. Obviously, you know what doors connect which areas. All of the doors may not go to the outside; you might have individual buildings in a courtyard, each with their own doors, and doors from the courtyard to the outside and to adjacent courtyards. (Doors from one courtyard to another present a problem: you need an emergency exit in BOTH DIRECTIONS. Is there a need for keeping the two areas separate?) In theory, but not in practice, you should be able to tell which area a key is in at all times after it's been used once. You should analyze the data for keys doing things they shouldn't do: exiting an area twice without entering, entering an area twice without exiting, exiting an area other than the one the key is supposed to be in, etc. This gives an indication of the accuracy of the records. I guarantee that there WILL be anomalies as described above. Some of the reasons are: - Someone with two keys in his pocket, using whichever one he finds first. - A group of people with keys walking through the door when it's been opened by one person with a key. - People who decide to exit (or enter), open the door, but don't go through it (see part about letting guests in below). (What are you supposed to do when a person tries to EXIT a building with a key not authorized to be there? Chances are good that his excuse is "I was visiting with " and if you check it out with that resident, it turns out to be accurate.) (3) How do people enter and exit the complex during a power failure? Can these events be logged? Backing up the door memory of authorized keys and entry/exit events is not hard. Having enough power to operate a door latch (hopefully immune to such things as "carding") may be more difficult although one car battery (with a charger) per door should last quite a while. The bad guys might consider causing a power failure to cover their tracks. (4) How difficult is it to destroy the record of entry/exit events and/or authorized keys in a door? If I were a burglar, my first shot at it would be applying one of those stun/shock self-defense gadgets to the ring where I'm supposed to put the key as I exit. This would probably do a lot to kill the electronics, erase the records, and disable the door unless this system is ruggedly built (opto-isolators & such). (5) How do guests figure into this scheme? How do they get into the buildings? How about delivery people and maintenance workers? Residents who wish to visit other residents in different areas? Possibly the best way would be to have guests sign in with a live security guard, but it costs a lot of $$ to keep enough security guards on duty 24 hours a day to avoid complaints that guests have to walk a long distance. If you have all these guards, why have an automated door system? One guard on duty during daytime hours could probably handle the building maintenance people and much of the package delivery. If residents have to come to a door to let their guests in, then you will have a lot of cases where the resident comes to the door, opens it, generating an exit event, does not exit, and lets the guests in, unless you do something to prevent it. You don't know who the guests are, and you don't know that ANYONE entered. You might get a hint that the resident didn't exit when the key is used again to enter an individual building from the courtyard, and the key isn't supposed to be in the courtyard. Then again, maybe they realized while finding the key that they forgot the car keys. Guests are likely to try and follow residents with keys through the door. Some residents may be polite and cooperate. Some residents may be intimidated or conned into cooperating (without the guest even realizing he's doing so - just having the build of a football player can be intimidating to a "little old lady") but not so intimidated they'd even consider it something worth reporting. The friendly "pizza delivery" burglar might not be remembered by the person who let them in. Doors that only let one person through at a time are going to be rather difficult for the handicapped to negotiate and may make getting furniture in and out nearly impossible. You should have a policy that makes it easy for residents to get guest keys for longer-term (days to weeks) guests without a lot of hassle or deposits. This makes them easier to track. The key can also be set up to expire when it's issued. (6) How many individual residences are there in a secured area? The system doesn't help much if one building contains 50 residences, one of them is a thief, and the time of the crime isn't pinned down much (e.g. known within 24 hours, not better) so someone from most of the residences could have done it. There will probably be a few guests and delivery people as suspects, too. It's much more helpful if one secured floor contains 3 residences. From the figures of 250 residences and 40 doors, there can't be less than an average of 6 residences per secure area. Fire laws (more than one exit per area) probably raise this to 12. It's also important to realize that keys don't correspond to people, and you don't have a list of all people in an area at a given time. - Not everyone has a key. Do you want an 8-year-old to have his own key? Probably not (he may lose it often), but he will need one at times to get from the car to the apartment to help unload groceries. Then again, maybe he needs it to get in when he comes home on the school bus. - Not everyone needs a key. Grandma Smith doesn't have a key because she moved in before the lock system was installed, she can't walk very well, and if she leaves she will probably leave in an ambulance or coroner's wagon and never come back. She's not beyond throwing rocks at nearby apartments having a loud party, though. Her daughter (not an official resident but she stays overnight often, and has Grandma's key, and this may NOT be reflected in the records) brings her what she needs. Short-term guests don't need their own keys. - People lend keys, regardless of how much you tell them not to. - Multiple keys in a household get mixed up with each other. In short, you've got a logging system that can accuse a RESIDENT of a burglary, but it can't accuse an outsider or really even prove an outsider was there. There are so many ways for someone supposedly not there to be there that it's a joke. Fixing these will result in complaints from residents that the system is inconvenient and draconian. If you keep this information, it WILL manage to get into the hands of divorce lawyers by subpoena. The police, not familiar with all the holes in the system, will accuse a resident of a burglary or vandalism done by an outsider. Is keeping these records worth the risk? Or is it like hiring a cop to hang around and use a radar gun to enforce the speed limit in your driveway? YOU are going to be the one caught the most. -- Gordon L. Burditt sneaky.lonestar.org!gordon ------------------------------ From: sgs@access.digex.net (Steve Smith) Date: 04 Oct 1994 19:44:16 -0400 Subject: Re: Eastwood Door Problem Organization: Agincourt Computing Prof. L. P. Levine wrote: A condominium, let's call it Eastwood, is planning to electrify the outside locking of its door system. What will be installed is electrical latches controlled by computers .... If the key number is in the list, the door opens and the key number, the time of entry and date are recorded in the computer RAM. The entry data can be copied into a desktop microcomputer from time to time allowing it to be held for any period desired. A good question might be asked. "How long should the data be kept, who should be allowed to see it before it is deleted, and under what conditions should the data be made available?" Interesting discussion. The question is "how long should data be kept?", but the problem is "is there any use for the stored data?". Note that the only data that will be stored is the dates and times that authorized users went through their own doors. A thief will not use a key -- he will wait until service or delivery people block an outer door open, and then break the lock on the inner door. A vandal will not use a key -- vandalizing one's own property is not a popular activity. Keeping a log at all will only give a target to potential burglars, stalkers, jealous spouses, and others that we're presumably not going out of our way to help. In the case of a lost or stolen key, the resident should notify the manager *immediately*, and the manager should *immediately* void the key. If his apartment is robbed, we will already be able to figure out the time to a reasonable degree of accuracy. If someone is going away for more than a couple of days, they should notify the manager. This is normal practice anyway. The only use that I see for the stored data is in the case of a building superintendent who was a thief. (Been there, done that, no fun. (:-) A smart thief could figure out how to tamper with the record. Fortunately, most thieves aren't smart. So the recommendations that I would make are: 1. No logging at all of residents' keys. 2. Log all uses of master keys. Keep the logs indefinitely. 3. If a resident has told the management that he or she is going away, sound an alarm on any entry using a key registered to that resident -- it will probably be a lost or stolen key. There's also the problem of what happens when the power goes down or the locking system goes out for another reason. Choices -- fail unlocked or fail locked. Both are disasters. -- Steve Smith Agincourt Computing sgs@access.digex.net (301) 681 7395 "Truth is stranger than fiction because fiction has to make sense." ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #044 ****************************** .