Date: Wed, 30 Nov 94 14:50:59 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#068 Computer Privacy Digest Wed, 30 Nov 94 Volume 5 : Issue: 068 Today's Topics: Moderator: Leonard P. Levine Happy Anniversary DC Metro Smart Cards Re: DMV Records Re: DMV Records Re: DMV Records Re: Clarifying answers to TEN QUESTIONS Re: Clarifying answers to TEN QUESTIONS Re: Clarifying answers to TEN QUESTIONS Requesting Information about Computerbanking Re: Mother's Maiden Name List of Speakers: Privacy Conference Info on CPD, (unchanged since 11/28/94) ---------------------------------------------------------------------- From: "Dennis G. Rears" Date: 28 Nov 94 15:00:47 EST Subject: Happy Anniversary December 2 will mark the one year anniversary of Prof. Levine taking over the Computer Privacy Digest. I would like to thank him for doing an outstanding job over the last year. He took over on rather quick notice and made several enhancements to the Digest. I think all your readers appreciate the work you have done. Congratulations on a job weel done. -- dennis ------------------------------ From: Dave Moore Date: 28 Nov 1994 14:06:14 -0500 (EST) Subject: DC Metro Smart Cards I saw an interesting article in yesterdays (27 Nov. 94) Washington Post. It was an article on the planned introduction of a Smart Card for using the DC Metro. That's the local subway for those few people in the world that don't live near DC . There were several aspects about this smart card that caught my interest. The article stated that the card only needed to be brought within about 14 inches of the reader, thus allowing the user to keep it within his or her purse or wallet. I infer from this that it is an RF reader and not optical. It also stated that it was far more secure than a standard fare card because if you lost it, you could report it stolen and have it disabled. I infer from this that your personal ID is tied to the card and that it is not anonymous. Although it may not be intended, this automatically gives the ability to track your personal use of the subway. Granted that this is pretty benign for most people, it is nevertheless interesting. Other possibilities present themselves. Since the "scan" of the card is non-contact and not optical, the possibility exists of covertly scanning from other locations. What if stores added a smart card detector to their current theft detectors? The other thing that struck me is that they (Metro Authority) plan on charging a "Premium" for the card. A discount I could understand to encourage its use, but why would anyone want to pay extra for this thing? ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 29 Nov 1994 08:00:04 GMT Subject: Re: DMV Records Organization: The World Public Access UNIX, Brookline, MA John Medeiros <71604.710@compuserve.com> wrote: The following article was printed in the "Orange County Register", Tuesday, November 22, 1994, news section, page 2: Car-rental firms checking on drivers [...] rental-car companies are taking advantage of a California system to allow instantaneous access to drivers' records. [...] The recently enacted Violent Crime Act changes the federal law with regard to granting access to state DMV records. Sec 300001 adds a new chapter in Title 18 U.S.C., Chapter 123, Section 2721 (a): "Except as provided in subsection (b) a State department of motor vehicles and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record." Interestingly, "personal information" does not include information on vehicle accidents, violations or driver's status or zip code. Of course, one of the exceptions is for "legitimate" business use to verify personal information submitted by the individual, and another allows disclosure if the requester demonstrates written consent by the individual. Also, State law may authorize any other use related to motor vehicle operation or public safety. Effective 9/97. There are criminal and civil penalties for violations. $5,000 per day for a state found in violation. Should be interesting to see how states are going to deal with this one. -- BCNelson ------------------------------ From: "Richard Schroeppel" Date: 29 Nov 1994 14:41:03 MST Subject: Re: DMV Records Car-rental firms checking on drivers The companies turn down about 8 percent of drivers for accidents, tickets and other telltale signs that a driver might wreck their car. More than 1 million drivers have had their records checked in the first year of the Department of Motor Vehicles program. Alamo, Avis, budget, Dollar, Hertz and Thrifty rental companies are the major ones tapped into California driver records. Enterprise and National are not. The thing that annoyed me about this was that Budget accepted a rental reservation over the phone, and then did the checking (weeks later) when I showed up at the car rental desk. To my mind, accepting the reservation implies a commitment to do business. -- Rich Schroeppel rcs@cs.arizona.edu ------------------------------ From: John Kwiatkowski <0007152212@mcimail.com> Date: 29 Nov 94 23:15 EST Subject: Re: DMV Records I have seen it mentioned here and elsewhere about DMV databases from various state that are actually available to the public via on-line services. However,no one has said exactly which services provide this DMV information to subscribers. If anyone knows which services re available out there that make these databases available,I would sure like to know who they are and most everyone reading this Digest,I am sure,would like to know also.ANy information is appreciated. -- John ------------------------------ From: "(NCSA) Bob Bales" <74774.1326@compuserve.com> Date: 29 Nov 94 13:07:36 EST Subject: Re: Clarifying answers to TEN QUESTIONS Professor Levine, I see that you re-posted the RISKS article re: Ten Questions; following is my response to the RISKS forum based on that posting. If appropriate, would appreciate it if you would post this in your forum as well: ----------------------------------------------------- In Volume 16 : Issue 57, "A well-known but suitably anonymized contributor" addresses "Clarifying answers to TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN". Let me start by offering my congratulations to the moderator of the RISKS newsgroup. That forum makes a valuable contribution to the community at large, and is handled in a most professional manner. Thank you for your excellent work. In the case at hand, however, I regret that the moderator has made an exception to one of the established rules of that forum: "**PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted". The article in question is a good example of why anonymous postings should not be allowed in this forum. The author is wrong to equate privacy with anonymity. While the two are related, they are not the same. Privacy is the principle (right, if you will) to avoid unwanted intrusions into your life. Anonymity is one technique for achieving that. However, the author takes this priciple too far. For with a right such as privacy comes responsibility. Rather than protecting his privacy, I believe that this author is using anonymity to avoid responsibility. I believe that this is a violation of other people's rights. Contrary to his assertions, we _do_ have a right to know with whom we are dealing. The hallmark of a free society is the right to openly and publicly debate an issue. In truth, _that_ is what is missing in a closed society. Privacy to the extreme advocated by the author is a _response_ to tyranny, not a deterrent. In fact, if I understood Donn Parker's speach at the NCSC in Baltimore this year, he believes that _absolute_ privacy is actually a to freedom. [Don't want to put words in your mouth, Donn.] This contributor has missed the point in several other ways. First, the work being condemned was developed by Peter Tippett, Ph.D., M.D., in support of the National Computer Ethics and Responsibilities Campaign (NCERC). He developed it as a guide to help _parents_ (not cyber-warriors) have an intelligent discussion with their cyber-literate offspring. Although the commentary's author is obviously cyber-literate (not to be confused with being cyber-ethical), most parents don't have a clue about ethics in cyberspace. Rather than disparage Dr Tippett's efforts point-by-point, the anonymous author's time would have been much better spent offering _constructive_ criticism. Second, I guess that this contributor has spent too much time in the trenches with the hacker underground. The following is taken verbatim from his article: "Privacy through deception is not wrong. Even becoming someone's friend by lying to them about having something in common is not particularly wrong. Certainly giving a salesperson a polite wrong number and address is a reasonable privacy precaution against getting on mailing lists. It is probably even good to lie if you think someone is stalking you over the net. I think we have a right to lie, perhaps even a social responsibility to do so under certain circumstances." For a professional to make statements like that above is absurd. It is again clear that the author advocates anonymity as a means to avoid responsibility. What's wrong with being honest and then dealing with the consequences of that honesty? In the case of the salesperson, why not simply refuse to provide an address? It may generate some feedback, even hostility, but unless you have the courage of your convictions, you are just blowing smoke. Anonymity is also what permits the stalker from the above quote to get away with his anti-social behavior. I'm sure most people would defend the stalkers "right to privacy", but what about his "right to anonymity"? The author also states: "I almost never get permission to look at each file I view. I go under the assumption that I may view anything that allows read access by me without going outside of the normal methods in use to read files". Does this sound familiar? This is the standard rationalization used by hackers when they crack computer systems. Gee, I got in so it must be OK. This represents an immature view of life and fails to acknowledge _personal_ responsibility. Just because it's not against the law does not make it right. Does grandma know that you think its OK to read her diary? (Of course, only if she leaves it where you can get at it without violating her "privacy"). I find it bizarre that a security professional would advocate anonymity for the purpose of willful deception. He seems to think that deception is OK and seems proud of it--although not quite proud enough to make these off-the-wall statements on the record. Dr. Tippett developed "TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN" as an aid to _parents_ in dealing with the confusing world of ethics in cyberspace. He--and supporters of the National Computer Ethics and Responsibility Campaign--would greatly appreciate constructive criticism which might make this document of even greater value to that audience. However, reviews which purposely distort the basic intent of the document are unwanted and unwarranted. When hidden under the cloak of anonymity, such distortions are unprofessional and tasteless. -- Bob Bales | CompuServe InfoSec Forum: GO NCSA Natl Computer Security Assoc| Phone: 717-258-1816 10 South Courthouse Avenue | Fax: 717-243-8642 Carlisle, PA 17013 | Email: 74774.1326@compuserve.com ------------------------------ From: "Michael O'Donnell" Date: 30 Nov 1994 07:34:06 -0500 Subject: Re: Clarifying answers to TEN QUESTIONS I believe that our "well-known but suitably anonymized contributor" (WKBSAC) composed his indignant response to the Ten Questions as if they were posed by an adult to another adult, and then tacked on the bit about it also being applicable to children as an afterthought. That's the only way I can imagine him missing the point so completely. When I read WKBSAC's posting while imagining my child speaking thus to me I find the tone contemptuous - if my child responded to me in the manner so portrayed he'd quickly discover it to be a losing strategy. WKBSAC's response sounds to me like the embodiment of the "Yer not the boss of ME!" attitude. Practically, culturally and legally, we are obliged to treat children differently than we do adults specifically because, um, children are NOT adults. We deny children various adult privileges (driving, voting, weapons, sex, alcohol, etc) because they do not yet have the experience or intellectual faculties required to evaluate critical situations with the perspective likely to result in correct (or even survivable) decisions. A fundamental tension of growing up, for both parent and child, involves finding a balance between the parent's responsibility and the child's quest for autonomy - a moving target if ever there was one. Even though I am bothered by some of the phrasing and assumptions illustrated in the Ten Questions, the intent is right on target - it definitely falls to the parent to be aware of the child's actions and the consequent risks, in order that some course-correction be applied when necessary. The child's "right" (a questionable notion, at best) to privacy is subordinate to the parent's responsibility for the child, which will inevitably involve some monitoring of the child's actions. So, the point missed by WKBSAC is the fact that, to a degree which diminishes with time, I *am* the boss of my child... -- Regards, --------------------------------------------- Michael O'Donnell mod@osf.org/mod@std.com --------------------------------------------- ------------------------------ From: geoff@ficus.CS.UCLA.EDU (Geoff Kuenning) Date: 29 Nov 1994 23:22:36 GMT Subject: Re: Clarifying answers to TEN QUESTIONS Organization: Ficus Research Project, UCLA Computer Science Department Rarely have I seen a net posting that so consistently engages in deliberate misinterpretation in an attempt to invalidate the original poster's very good point. I will point out that the anonymous poster of these "clarifying answers" (I'd call them muddying answers) is obviously an adult, and is answering as one. This is an inappropriate response to questions that were explicitly titled as being parent-to-child. In the following, I will speak as if I were a parent, replying to my son Joey's rather snotty answers to my questions. I use the term "snotty" advisedly, because that is the tone of the anonymous poster's comments. Where are the manuals, boxes, license agreements for the programs you have or use? They don't have manuals or boxes. Should I not use them? We'll take that on a case-by-case basis, Joey. For example, what about this game you were playing, Flight Simulator. Does it have a manual or a box? There's nothing wrong with using a program without a box, so long as it's not stolen. Lack of a manual is one clue that I should dig a bit deeper, with the following questions. Where did you get that game? (program?, floppy?, software?) Usually over the net - how do I tell if it's legitimate? There are a number of ways. For example, can the same game be found at the computer store in the mall where you're always hanging out? Are there obvious copyright messages? When programs first start running on your computer, whose name comes on the screen as the "owner" or "licensed-to." Very few have this feature. Fine. What about those "very few"? You didn't answer my question, Joey. Show me all the ones that *do* have the feature. Now. Did you write/create/author what you're passing off as your own work? I resent the use of 'passing off'. Almost all modern works are collaborative in nature - the selection of citations is not a trivial issue. Where did you get these questions? Are you passing off some of it as your work when in fact others first came up with some of these ideas? Where are your citations? Don't talk back to me, young man. I got these questions from a suggested list intended to help parents be aware of possible intellectual-property violations by their children. I am fully aware of the nature and difficulty of citations in scholarly works, especially in fields such as history. If you want to see the original list of questions, I will happily show it to you, complete with news headers that identify the source. But we're talking about *you* here, not me. Have you submitted any school papers as your own work when in fact you got them from a bulletin board? Or by copying them from the encyclopedia? You are attempting to evade the answer to what is a legitimate question: are you or are you not a plagiarist? If there is a gray area to discuss, fine, we'll discuss it when it arises. Where did you get the text and images you're using? Many of them come from on-line sources. Does that make them legitimate or illegitimate? Again, we'll take this on a case-by-case basis. Being on-line doesn't give us a clue as to legitimacy. Which on-line source did they come from? If it was alt.sex.pictures, did the poster explicitly state the source of the image? If not, I'd assume it was pirated from Playboy or a similar publication. For alt.binaries.pictures.girlfriends, on the other hand, I'd tend to assume the poster was legitimate unless he/she stated otherwise. If you copied text and images from another source, did you have permission? Rarely - in most cases, fair use allows you to use them without getting formal permission. Kind of like these questions of yours. Not true. You need to study up on copyright law, son, as well as on manners. Fair use allows you to photocopy and scan in pictures from an issue of a magazine, probably even if you borrowed the issue from a friend. It does not allow someone else to scan in the picture and post it to the net, and although there has never been a court case, it probably does not allow you to make a copy of an illegally-posted picture, since that would be derivative of an *unfair* use. And until there is a court case to the contrary, I will take a very dim view of such use. If you didn't need permission from the "owners" of the information you're using, did you credit them for the material? Only if I republish it. I have lots of on-line information without citations attached to it. But I see the author of this questionnaire thinks it's legitimate to do this without citation. I guess I should stop giving as much credit where due as I do. You're getting awfully snotty again, Joey. It should be obvious from the question that we are talking here about information you are redistributing, rather than that which you have archived. And again you are trying to turn the questioning from yourself by pointing fingers elsewhere and acting holier-than-thou. Your attitude is beginning to make me thing you have something to hide. But if, as you say, you are giving credit whenever you republish information, you are doing the right thing, and I'm proud of my son. 3. Do you ever use other people's computer, disk-space or processing capability, or look at or copy their files or information, without their knowledge or permission? I almost never get permission to look at each file I view. I go under the assumption that I may view anything that allows read access by me without going outside of the normal methods in use to read files. If it is interesting, I copy it for future reference. I hope they do not know any details about my use. After all, I want to retain my privacy and they should not be watching what I do. As usual, you are attempting to avoid the question. Let me be more explicit: have you ever logged into or otherwise used another person's computer, without getting appropriate permission to use that computer? "Appropriate permission" can sometimes mean being connected to a network in a permissive way, of course; in other cases it can mean getting a password and an account. The real question is, "have you ever used a computer, knowing that if the owner found out, he or she would be upset?" As to reading files, you need to learn some electronic manners, Joey. On timeshared and networked computers, there are many users who do not have the sophistication to protect their sensitive files. When you assume that having read access to a file means it's OK to read it, you risk invading the privacy of a naive user who thinks that everything is automatically protected. I don't mind a bit of exploration, but I'd be deeply troubled if you dove into a directory named "personal" and started reading another user's love letters, simply because they were world-readable. Finally, as to your concern about your own privacy, I think that I would be more impressed if you had more concern for that of others. The owners of a computer have every right to watch what you are doing to see whether you are misbehaving. It's part of the price you pay for the use of their computer. That's the way the world works, Joey. 4. Do you have any prank programs, computer viruses, worms, trojan horse programs, bombs, or other malicious software? Several thousand of them. What's wrong with that? Don't you have some too? Why do you keep trying to turn the questions around, Joey? To answer you accusation first, I have precisely two such programs. One is a research worm that will only propagate itself to machines that have the file "/tmp/ENABLE_WORM". The other is a research virus that will only infect software containing the string "PLEASE INFECT ME", and then only under many other controlled conditions. Neither of these can be described as "malicious" or even "prank." Joey, if you have "several thousand" pieces of malicious software, and don't understand what's wrong with that, I think we need to sit down and have a long discussion about personal responsibility. Until then, I'm afraid I'll have to unplug your computer and lock it in the closet. I will not risk allowing a son of mine to inflict malicious software to unsuspecting victims, even if he didn't intend to, and especially when his response is "what's wrong with that?" Do you use bulletin boards or systems that contain these things, or have friends or acquaintances who do? Certainly. The Internet has lots of these things, and I use it. The telephone system is used for abusive phone calls and I use it too. I don't really know what my friends do when they use computers. They have privacy rights too, and we rarely talk about what information service we use. Always trying to defend yourself with misdirection, huh, Joey? The "Internet" is a network, not a repository. I explicitly asked about "systems," meaning "computer systems." Let's try it this way: do you ever intentionally visit computers on the Internet, or bulletin boards, that contain illegal or malicious software or files? If so, are you being careful to avoid the "bad" stuff? Are you doing anything to try to reduce the amount of "bad" stuff around, or to find substitute places that are less polluted? As to the question about your friends, I withdraw it as being badly-phrased. Instead, let me ask whether you ever share "neat things" you found on the net with your friends, and vice versa. If so, what steps do you take to make sure that you are getting at those things legally, and that they are not malicious and are not infected with viruses? Do you write or create any software like this or deal with people who do? All the time. I deal with Microsoft, Lotus, and many other companies that have widely distributed this sort of thing. I also know and deal with individuals who have done this, and I do it all the time. Is there something wrong with that? Joey, I think I'm going to start calling you "the Artful Dodger." I asked about "writing and creating," not about distribution. Microsoft and Lotus have both accidentally distributed infected software, but there is not one shred of evidence that either company has ever participated in creating any malicious program whatsoever. Let's split this up as two questions, and I want an honest yes-or-no answer, not a snotty one. First, have you ever written or created any malicious software? Second, do you know of any other person who has done so? (And if so, please describe your dealings with that person. Remember that you are my son, not a colleague and equal.) Are they things you would be comfortable showing me? Showing your grandmother? I would not show either you or my grandmother my files, but it has nothing to do with embarrassment. It is called privacy. I didn't ask you to show them to us. I asked you whether you would be *comfortable* showing them to us. Different question. Let me put it this way: if you were working on them, and I walked into your room, would your first instinct be to cover the screen? Or would you not care that your father had stumbled across them? Do you have any pictures, video clips, sound clips, articles, text, or other software or files which contain pornography, violence, dangerous instructions other distasteful material? Lots of them. It this wrong for some reason? In general, it's not wrong. But you are my son, and as such I am responsible for your welfare. If you have pornographic images on your computer, I'd like to know about it so I can better protect you from zealots who think you shouldn't. If you have dangerous instructions, such as how to make explosives, I'd like to discuss safety issues with you before you try them out. Do you access or view any of these kinds of things when using the net? All the time. In fact, if you know of any, I would be happy if you would forward information on them to me. All in all, Joey, I think I'd prefer it if you could demonstrate both better manners and a much greater sense of personal responsibility before I would encourage you to continue on your immature path of computer misuse. 6. Do you have any newsletters, plans, guidelines, or "how-to" documents or files that you would not be comfortable showing to your mother? Same answer as above. I value my privacy. Same repeat as above. Like it or not, Joey, you are still a child, and your privacy is not the same as that of an adult. Making Bombs, breaking into systems, stealing telephone access, stealing computer access, stealing passwords, pornographic or violent text, guides, descriptions, ...... Do you create, contribute to or receive anything like this? All the time. In fact, the Risks Forum is one of my best sources for this information. Should you stop making it available to me? In something like 10 years of reading Risks, Joey, I have never once seen instructions for making a bomb. I will grant you that occasionally the forum contains material that reveals a system vulnerability. But again you are deliberately misinterpreting my question. I don't care if you read about instances of misbehavior. I want to know whether you are engaged in misbehavior yourself, or whether you are actively seeking out information about how to misbehave. 7. Do you ever connect your computer to a telephone, use a modem, or otherwise use a network? All the time. 8. Who do you associate with when you use the Net? [lots of polemic deleted here] Joey, you are being awfully defensive. I didn't pass judgment on your net companions. I simply asked who they are. You may recall that last week I asked you about your new friend Susan. I would prefer it if you could think for yourself and make decisions about whether or not to associate with particular individuals. Perhaps if you could give me examples of some of your network friends, and pointed me to some of their postings, you could demonstrate that you do indeed have that quality of judgment. But when you go off on a wild tirade about the inaccuracy of network identifications (which is irrelevant anyway: who is David Sternlight really?), I hope you will forgive me for being a bit suspicious of your motives. 9. Do you ever use an assumed name, a handle, or an alias instead of your real name? Sure. I have asked this posting to be made anonymously in order to allow it to be judged based on its content rather than it's source. Maybe we would all be better off if all postings were anonymous (with a return address that permits response without identity). Again, you're being defensive. There's nothing wrong with using an alias under most circumstances. I'm just trying to get you to think a little bit about responsibility. Or think a lot. Do supply a false information about yourself when using a bulletin board, a news group, a message group, or forum, any part of the net, or when using e-mail or when otherwise communicating? At times. Especially when bbs systems ask extensive questions about who I am, my SSN, credit information, or other information that I don't think they have a right to have. I have also lied when connecting to hacker BBS systems because I don't think they have a right to know who I am when they all use handles instead of names anyway. I have also used telnet (25) into SMTP sites to forge e-mail as if I were Captain Kirk from the enterprise in order to have fun when communicating with friends. Is there something wrong with having fun in this way, or is the Internet only for serious work and not for having fun or playing around. If so, why are there thousands of fun and games forums in the Internet? Joey, I am troubled by your attitude that it is OK to forge e-mail "to have fun." We all like to play pranks, but this sort of prank can easily lead to trouble. Tomorrow evening, I'd like to have a discussion with you about the ways that sort of trouble can crop up unexpectedly, and how you can avoid it. Do you use your real age & sex when communicating with your computer? I rarely use either. Nobody has ever asked my sex (my name is probably a giveaway on that one) or my age. Besides, I think that discrimination based on age and sex are wrong, are against the law, and that forging a sex or age in order to have equal access is fair, reasonable, and appropriate in the network environment. You need to study a bit more law, Joey. It's not age discrimination when the liquor store asks you for ID before selling you beer. And once again, you're being defensive when you haven't been accused. If you are asked about your age and sex, have you ever lied? If so, what was your purpose in this lie? When I have the answers to those questions, then we can reasonably discuss whether you were behaving responsibly. Do you use any false information like addresses, or phone numbers or use someone else's credit card number when using your computer? Yes, yes, and no respectively. Theft (by deception) is very different than not telling someone where you live or what your phone number is. These are privacy issues, and privacy is a very important thing to have. Privacy through deception is not wrong. Even becoming someone's friend by lying to them about having something in common is not particularly wrong. Certainly giving a salesperson a polite wrong number and address is a reasonable privacy precaution against getting on mailing lists. It is probably even good to lie if you think someone is stalking you over the net. I think we have a right to lie, perhaps even a social responsibility to do so under certain circumstances. I'm proud of you, son. You have shown wisdom beyond your years in this answer, by understanding that the intent of the question is to discover whether you have harmed anyone rather than to simply pin you to the wall and make you feel uncomfortable. Do you ever send messages or e-mail in such a way that the recipient cannot tell that you sent it? In what sense? I have certainly sent e-mail that never got through - the intended recipient didn't know I sent it. I have sent e-mail from group accounts where the individual was not identified, but the group was. This is quite common in customer support. I have also forged e-mail addresses so that I could remain anonymous. Is that supposed to be wrong? We'll talk more about the difference between malice and "fun" tomorrow night. Until then, I will simply note that I was talking about deliberate actions, not accidents such as mailer failures, and that I do not consider all anonymity inappropriate, but that it is a service that can be abused and I would like to know more about how you have used it. Have you ever modified data, text, messages, or other computer information so that it looks like someone other than you created it or made the changes? Certainly. I had to make a change to the TeX sources once to get them to compile right, and I used the TeX user ID to do so in order to allow the compilation to work right. That's not what I mean, Joey, and I suspect that you know it. The question is whether you ever behaved in a manner that attempted to deceive, and specifically whether the deception had a harmful effect. What are you trying to hide by not using your real name? My identity. It's called privacy and anonymity. It's one of the basic principles of a free society [more polemic deleted] Why do you want to hide your identity, Joey? Do you have a good reason, like fear of retribution? Of prejudice? Or are you simply using it as a cloak to keep from taking responsibility for misbehavior? Our society has varying degrees of anonymity. Telephones can be very anonymous, and usually it's not a problem -- but obscene phone calls are an exception. When you stop at the candy store, you are effectively anonymous, unless you go there daily -- but if you steal candy, the clerk can probably give the police a description. I don't care if you hide your identity, Joey, as long as that's the *only* thing you're hiding and you're not also hiding something harmful. Are you trying to pretend you are something or someone you are not? I have a right to be whatever I want to be. ... There is nothing wrong with pretending, as long as you don't lie in order to take advantage of someone else. Theft by deception requires theft. ... Again, you show a good grasp of the underlying issues. However, I think we need to discuss what it means to "take advantage of" someone else. Theft is not the only way to harm someone. > 10. Do use telephone, video, cable-TV, computer network, bulletin > board, or other network services without paying for them? > All the time. When I am at a friend's house and I make a phone > call, I don't pay for it. [polemic deleted] Again, a deliberate misinterpretation of the question, Joey. I am trying to find out whether you are stealing. Using a supplied service, whether a friend's phone or the Internet, is not stealing. So let me ask you flat out: have you ever stolen any of the above services? The bottom line: Are these things also true for my children? Yes, I think they are. I hope that they learn how to do the same things I have learned how to do in order to protect themselves from the tyranny of the majority - or is it the vocal minority? I hope they keep things private from me when appropriate, and if they look at some dirty pictures once in a while, it won't greatly offend me. Reverting from my discussion with "Joey," back to a direct reply to Mr. Anonymous: If your children show as weak a grasp of moral responsibility as you show in this posting, then I wouldn't want your family for a neighbor. Please consider that most issues of right and wrong are matters of degree and circumstance. [polemic deleted] And the "Ten Questions" are designed to initiate a discussion of that right and wrong, not to imply that certain yes-or-no answers are in and of themselves right or wrong. I suspect that Mr. Anonymous actually understands this, and is engaging in deliberate misinterpretation and overstatement because that is his fashion. I also suspect that he is indeed a "well-known contributor" to the net but that his fame is more due to inflammatory style than useful substance. -- Geoff Kuenning g.kuenning@ieee.org geoff@ITcorp.com ------------------------------ From: A.A.J.vdnBeemt@kub.nl (BEEMT A.A.J.VAN DEN) Date: 29 Nov 1994 20:22 MET Subject: Requesting Information about Computerbanking Organization: Tilburg University / The Netherlands Hello, I am looking for information on the limits to the computerisation of banking. I need this to write a masters thesis on this topic. In the thesis, I want to present the whole thing from the consumers point of view. This means: does (s)he want yet another PIN-code, another smart card or just plain cash. I am looking for scientific work on this topic. Please help me out. Thanks at forehand for responding! -- Antoine e-mail: tallguy@dds.dds.nl a.a.j.vdnbeemt@kub.nl j.h.g.arends@kub.nl ------------------------------ From: Barry Margolin Date: 29 Nov 1994 14:59:27 -0500 Subject: Re: Mother's Maiden Name Organization: NEARnet, Cambridge, MA Robert Ellis Smith <0005101719@mcimail.com> writes: What good is a personal password that can be bought and sold in the marketplace by strangers? And isn't it a deception for banks and others to imply that a mother's maiden name is some kind of secure password? I suspect that most people who don't realize how insecure this password scheme is are also not clever enough to try giving something other than their mother's true maiden name. But in that case they should realize that it's not extremely secret information. No one claims that mother's maiden name is a secure authentication mechanism. It's good for protecting against many amateur impersonation attempts, such as pickpockets who try to use your credit cards. Probably one of the better methods is American Express's. If they notice a shift in your purchasing style they'll ask the merchant to put you on the line, and they ask you for recent purchases prior to the style change. -- Barry Margolin BBN Internet Services Corp. barmar@near.net ------------------------------ From: vberdaye@magnus.acs.ohio-state.edu (Vicente Berdayes) Date: 29 Nov 1994 03:07:19 GMT Subject: List of Speakers: Privacy Conference Organization: The Ohio State University PRIVACY, THE INFORMATION INFRASTRUCTURE AND HEALTHCARE REFORM A One Day Symposium presented by The Center for Advanced Study in Telecommunications & The National Regulatory Research Institute at The Ohio State University Co-sponsored by Department of Communication, The Ohio State University Hospitals & The Ohio Supercomputer Center at The Ohio State University Friday, January 27, 1995 The Ohio State University's Ohio Union 1739 N High Street, Columbus, Ohio 43210 LIST OF CONFIRMED SPEAKERS: Robert Belair. Mr. Belair is Editor of Privacy and American Business and CEO of Privacy and Legislative Associates, a legal and policy consulting firm. Prior to entering private practice Mr. Belair served as an attorney for the Federal Trade Commission assigned to, among other things, Fair Credit Reporting Act matters. Mr. Belair later served as Deputy counsel of the White House Office on the Right of Privacy. He has served as a legal consultant on privacy, freedom of information and information policy matters to numerous government agencies and commissions and was lead amicus counsel in the Supreme Court's 1989 landmark privacy and freedom of information decision, Reporters Committee for Freedom of the Press v. Department of Justice. Janlori Goldman, is Director of the Privacy and Technology Project of the Electronic Frontier Foundation. Ms. Goldman is a member of the Committee on Regional Health Data Networks of the Institute of Medicine. Formerly Director of the Project on Privacy and Technology at the American Civil Liberties Union, she is involved in current efforts to pass healthcare record privacy legislation. Prior to joining the Washington Office of the ACLU, Ms. Goldman was Legal Counsel to the Minnesota ACLU. Mary Gardiner Jones, formerly with the Federal Trade Commission, Ms. Jones is President of the Consumer Interest Research Institute. She is an expert on medical records privacy and telemedicine issues and is co-author of 21st Century Learning and Health Care in the Home: Creating a National Telecommunications Network. Pierrot Peladeau, Vice-president of the Canadian information security consulting and audit firm, Societe Progestacces and member of the expert committee advising the Canadian government on the privacy issues related to the Canadian information superhighway initiative. Mr. Peladeau has written extensively on both telecommunication and healthcare related privacy issues, and is recognized as the leading expert on the comprehensive data protection law recently enacted in Quebec. Jeffrey Ritter, Program Director of the Electronic Commerce, Law, and Information Policy Strategies Initiative of the Ohio Supercomputer Center. Formerly a partner of Vorys, Sater, Seymour & Pease. Mr. Ritter serves as Rapporteur on Legal Questions for the United Nations Working Party on Facilitation of International Trade Procedures, and has worked extensively on issues of electronic data interchange pertaining to health delivery systems. Mr. Ritter is Chair of the American Bar Association Subcommittee on electronic Commercial Practices. James Rule, Professor of Sociology, State University of New York, Stony Brook, NY. Professor Rule is author of The Politics of Privacy (with D. McAdam, L. Stearns, & D. Uglow) and Private Lives and Public Surveillance. Recipient of the C. Wright Mills Award; Rockefeller Foundation Humanities Fellow; Guggenheim Fellow, and Member of the School of Social Science, Institute for Advanced Study, Princeton. Professor Rule is currently working on property rights based solutions to privacy problems. Bruce Schneier. Mr. Schneier is with Counterpane Systems, a Chicago area cryptography consulting firm. He is best known as the author of Applied Cryptography (John Wiley, 1994). This book has been held unexportable in diskette form for national security reasons. His next book on electronic-mail privacy will be released in December. Mr. Schneier is currently working on a book with David Banisar of the Electronic Privacy Information Center on cryptographic privacy policy. REGISTER NOW! Conference fee is $100.00 including meals and materials Direct registration fee and inquiries to: CAST/OSU 3016 Derby Hall/154 N. Oval Mall Columbus, OH 43210-1339 PH: 614/292-8444 FAX: 614/292-2055 General Inquiries should be directed to: Vicente Berdayes Conference Coordinator 614/292-0080 E-Mail: vberdaye@magnus.acs.ohio-state.edu Register now by printing the following form and mailing it along with the registration fee of $100 to: CAST, 3016 Derby Hall, 154 N. Oval Mall, Columbus, OH 43210-1339. Phone 614-292-8444. FAX 292-2055. For further information, parking, directions, lodging, or bus schedules, contact the CAST office. Name: Affiliation: Address: Phone: E-Mail: ------------------------------ From: "Prof. L. P. Levine" Date: 28 Nov 1994 08:46:14 -0600 (CST) Subject: Info on CPD, (unchanged since 11/28/94) Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest and is not redundant or insulting. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #068 ****************************** .