Date: Thu, 12 Jan 95 14:36:52 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#005 Computer Privacy Digest Thu, 12 Jan 95 Volume 6 : Issue: 005 Today's Topics: Moderator: Leonard P. Levine Re: Signature Digitizers Re: Signature Digitizers Re: Signature Digitizers Re: Signature Digitizers Re: CallerID Opinion Re: Opening Mail CallerID is Here, Get Used to It. Electronic Newsstand Solicitations Ethics Essay Competition Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: rod@hopi.dtcc.edu (Rod Rickenbach) Date: 10 Jan 1995 11:22:51 -0500 Subject: Re: Signature Digitizers Organization: Delaware Technical & Community College mcdunbar wrote: On another subject... I called the local cable company to get service installed. They wanted my SSN. When I asked why, I was told thay needed to verify who I was. When I told them they didn't need my SSN, they backed down and hooked up my service anyway. What on earth do they need the SSN for?? They use the SSN for account tracking purposes. I used to do collections for a cable company, which used a "CableData" computer system. Nothing too fancy- basically a large database. Anyway, they check the SSN to see if you had any previous accounts that owe or are owed money. They don't go and check your credit history or anything like that (at least not where I used to work.) -- -------------------------------------------------------------- Rod Rickenbach Delaware Tech Computer Services rod@dtcc.edu Stanton/Wilmington Campus ------------------------------ From: "David C. Frier" Date: 10 Jan 1995 14:26:28 -0500 Subject: Re: Signature Digitizers Organization: Express Access Online Communications, USA On 9 Jan 1995, mcdunbar wrote: On another subject... I called the local cable company to get service installed. They wanted my SSN. When I asked why, I was told thay needed to verify who I was. When I told them they didn't need my SSN, they backed down and hooked up my service anyway. What on earth do they need the SSN for?? They'll use it as a quick & dirty ID/security check if you call to order new services or pay-per-view events. You request something that costs extra, they ask you for your SSN, if they match you get what you wanted. Not very secure but probably better than nothing. Any ideas what would be better (and the proto-human clerkoids who answer the phone for the cable companies must be able to operate the system)? You could probably give them a made-up 9-digit sequence as long as you're sure you'd remember it when you needed it. --David GB/CM Life is complex: d++(-) H- part real, s+:+ g+ p+ w+ part imaginary. a37 v++ C+++$ N++ ------------------------------ From: cfarley@trex.smoky.ccsd.k12.co.us (Chris Farley) Date: 10 Jan 1995 13:22:18 -0700 Subject: Re: Signature Digitizers Organization: Smoky Hill High School On 7 Jan 1995 Moodperson@aol.com wrote about having his signature digitized as part of the process of opening a Sears charge account. "David C. Frier" wrote: In Maryland now, when you obtain or renew your driver's license, your signature is digitized and stored. The process involves your signing your name on a 3x5 card which is fixed over a tablet. The 3x5 card.... Colorado's Department of Motor Vehicles has a similar system in use. Like David wrote, I too would be interested in finding out exactly what the DMV has on me. Its a big matter of speculation.... -- Chris Farley cfarley@trex.smoky.ccsd.k12.edu ------------------------------ From: hsd@swl.msd.ray.com (Herbert DaSilva {75303}) Date: 11 Jan 1995 18:19:12 GMT Subject: Re: Signature Digitizers Organization: Raytheon Company, Tewksbury, MA mcdunbar@crems.rockwell.com (mcdunbar) writes: I made a purchase at a Sears store yesterday using a non-Sears credit card. When I refused to sign the receipt on the digitizing pad, I was also told it was to prevent forgery. When I asked for a manager, the clerk immediately relented and let me sign the paper receipt. The cleck explained that the signature was "only going into the computer" and that Sears would never do anything bad with it. I confronted a Sears employee when asked to sign on the tablet and was told that Sears was now "paperless" on charges - the store keeps no paper record of the transaction (which apparently was true, the printer only printed one receipt - mine, instead of the two copies that have become the norm), and to combat EMPLOYEE fraud they want the customer's signature. I told him I was uncomfortable giving my signature, and that my initials were as far as I would go. He didn't have a problem with that, and seemed to be aware of the issues. Ever since, I have simply initialed Sears charge slips and have not been questioned... On another subject... I called the local cable company to get service installed. They wanted my SSN. When I asked why, I was told thay needed to verify who I was. When I told them they didn't need my SSN, they backed down and hooked up my service anyway. What on earth do they need the SSN for?? I was told they wanted to "check my credit". This I believe, they simply want to make sure that you will pay your bill - that they won't have any bill collection hassles. (I ended up not giving them my SSN, and not getting cable anyway, but that's another story...) -- Herb DaSilva hsd@swl.msd.ray.com ------------------------------ From: doug@cc.ysu.edu (Doug Sewell) Date: 09 Jan 1995 15:13:41 -0500 Subject: Re: CallerID Opinion Organization: Youngstown State University Don Skidmore (dskidmo@halcyon.com) wrote: Looks like you are about to get at least some of your wish. Effective in April, new FCC regs will require passing Caller-ID info long distance to the extent possible and limits call blocking to per-call blocking. Anonymous call rejection would be a local issue. Sure wish US West would offer it--I'd sign up in a flash. The next best thing, currently available, is a CNID box from Sears (I don't remember who actually makes it). It has a button on the front, that when activated, answers all blocked calls with a voice message like "We're sorry, this phone line does not accept calls that block Caller ID". The phone still rings once, but it dies after that. As for a blocked-call defeater, it's my understanding from talk in comp.dcom.telecom.tech and other places that the CNID information is not sent down the line from the switch if the information is blocked, it stops there. If this is the case, then modifying a CNID box to ignore the block bit won't do it. It's hard to tell whether this offer is a scam, or technological ignorance, or based on an old CNID spec. -- Doug Sewell (doug@cc.ysu.edu) (http://cc.ysu.edu/doug) de-moc-ra-cy (di mok' ra see) n. Three wolves and a sheep voting on what's for dinner -- Bill Gunshannon, bill@cs.uofs.edu ------------------------------ From: travis@netrix.com (Travis Low) Date: 11 Jan 1995 01:16:44 GMT Subject: Re: Opening Mail Organization: Netrix Corporation ddg@cci.com (D. Dale Gulledge) writes: It is not the offer arriving in the mail that is an invasion of privacy. The personal information that they are using for their mailing lists is. It is also the *pile* of offers that are an invasion of privacy. I get 6" of mail per day, since my way-deceased father was a direct marketer's dream. All attempts to stop the flow of junk mail have failed. The information is repropagated within weeks. (Though the datum that my father and his wife are dead seems to perpetually escape the mail houses.) The next time I move, I will change all of my credit cards and I will not file a change of address with the post office. I can get an unlisted phone number and distribute it in a controlled fashion. Why not my address? I believe I should have the option to refuse all direct mail marketing. A correction to an earlier post: I believe the post office does not get any taxpayer dollars, but rather, its income derives only from user fees (stamps, etc.). In fact, I believe that junk mail subsidizes first class mail. If this is so, then the post office has scant motivation to stem this tide. -- Travis travis@netrix.com ------------------------------ From: Panopticon@oubliette.COM (Eric Shook) Date: 11 Jan 95 04:30:03 CST Subject: CallerID is Here, Get Used to It. I always like to think backward to this moment as if looking at it from the near future, after the dust has fallen. For example, we would have never thought that all of those "rad" 60's groups would later sound so old fashioned, slow, and similar to the 50's and even the 40's music, right? But we could have guessed it because it fit a cyclic pattern...we knew that our grandparents thought that all of that crooning was "hep." Why shouldn't we have expected that folk tunes, beach boys and some guy named Country Joe would begin to sound equally as old? Eventually some of us do begin to accept the fact that we are much more contemporary than right now. I'm talking about being slightly jaded. Not apathetic, just weary of the CallerID arguments that _seem_ so pertinent right now. Look at CallerID after we figure out how best to satisfy all parties to the argument: Right now it would seem that any one phone number can be virtually seen as an electronic address. This is because some businesses depend on that number to remain unchanged so that they may advertise its accessability in a consistent manner; and although the business may move, the phone company still provides that calls from that number are forwarded to their new number. Similar residential services are not YET provided in the residential billing scheme (that I know of.) So, given the the costs involved with number change we can effectively argue that a current phone number is indeed an electronic identity. But, we should expect the communications companies to introduce an even more new, and perhaps an even more controversial element into the wire medium after CID, because they make money from the controversy of all new tech regardless of its end use, after it is adapted, admitted, and finally accepted. Instead of acting so astonished over each new breech of our "regular" existence, as if we were being raped by the new, we should really take control of our senses and accept that we must always set boundries which define our personal identity. We've always had to set and maintain these boundries, and in this electronic "frontier" our government's recent clipper chip attempt should really serve as a hint at the reality of the medium.....there can be no certain security. Why would the government attempt to create a standard if not to stagnate the constant innovation that is permissible within the electronic, information based realm of communications technology? This is a plastic medium. So, If I had to guess what new service would appear next, like a trump card entering play, it would have to be transient address services. Phone numbers will become more and more liquid to change as the phone companies update their equipment. Even after the CID begins to display all of the alpha-info, wouldn't even some of the more paranoid still pick up a call from a company with a government agency sounding name? A poor example: in Milwaukee, CIA (motors). If we had more levels of ID hooked to a set of numbers, wouldn't that be convenient? And really, there is no such thing as a phone number that is secret unless you make certain that everyone you've given your number out to is as paranoid as yourself. (Your neighbors are likely to have your unlisted number, and they are identifiable in reverse directories.) But, if you had several numbers you could always reserve just one of your numbers to switch to in an emergency, or to be called by someone only in an emergency....in which case it could be set to ring like an elephant! Of course, the best anonymity is to call using a number out of use this last year which also was registered under the name of your son, or some false company name. You cannot EVER be certain who is calling. You will not always be able to block AND call if you expect an answer. You will always have to make choices, and you won't always have an electronic device to automatically make them for you. You will be affected by every technological advance in the the communications market, and you will need to become aware of every opportunity for your identity to be excerpted. Of course, the secret is that the world has always been like this...an insecure place for the individual identity. To create and maintain a self, to live we must be conscious of our environment. If there is anything the cold war should have taught us its that there is no security, even electronic cryptographic security, without human vigilance. -- Eric Shook, LPD Panopticon Investigative Services Milwaukee, WI Voice/DATA/Fax: (414) 372-6418 E-mail: Panopticon@Oubliette.COM ------------------------------ From: ae277@yfn.ysu.edu (Stewart Rowe) Date: 11 Jan 1995 22:31:15 GMT Subject: Electronic Newsstand Solicitations Organization: St. Elizabeth Hospital, Youngstown, OH Several times in the last few months I have received mail solicitations at my home address to subscribe to certain magazines. In many cases, these magazines are so different from those I usually read that I think it unlikely that my current mags are selling subscriber lists. However, on rethinking this puzzle, I noted that many if not all of these inquiries came from magazines whose articles I had downloaded from the "Electronic Newsstand". The sysadmin at my Freenet says "impossible" that a remote system could get my address from his system. On this Freenet I usually use (s)ave on the gopher to get the article. However, I sometime use gophers on other systems, which do not permit (s)ave but do permit (m)ail. In that case, the originating system could capture my e-mail address, and the other system where I was logged-on could be selling myname and address. I have some experiments underway to see if I can identif the leak. Has anyone else had this experience? -- Stewart Rowe srowe@tso.uc.edu ------------------------------ From: Simon Rogerson Date: 12 Jan 1995 13:54:57 +0000 (GMT) Subject: Ethics Essay Competition Ethics Essay Competition for Doctoral Students ---------------------------------------------- Please bring this notice to the attention of all doctoral students. A major international conference, ETHICOMP95, is to be held at De Montfort University, UK from 28 March to 30 March. ETHICOMP95 will focus on the ethical issues surrounding Information Technology. It will provide an excellent forum for stimulating debate on the key issues relating to both the development and use of Information Technology and Information Systems. A limited number of sponsored places is available for doctoral students working in this and associated areas. Places will be awarded through competition. The Prize comprises ------------------- ** Free attendance at ETHICOMP95 (including lunches and the conference dinner) ** Copy of the conference proceedings ** 3 nights bed and breakfast accommodation ** Inclusion of the essay in the conference proceedings ** Acting as a discussion leader at a special workshop based on the winning entries Sponsors ________ The conference organisers gratefully acknowledge Institute of Administrative Management Institute of Data Processing Management Pitman Publishing for kindly sponsoring this competition. Competition details ------------------- An essay of no more than 1000 words is required addressing the issue of future ethical dilemmas in the application of computer technology. Essays must be submitted to Simon Rogerson via e-mail (srog@dmu.ac.uk) no later than 15 February. A submission should comprise Author's Name, Title Doctoral Title Department, Institution, Country Name and Affiliation of Supervisor Essay Title The Essay (no more than 1000 words) ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #005 ****************************** .