Date: Fri, 02 Jun 95 18:50:42 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#050 Computer Privacy Digest Fri, 02 Jun 95 Volume 6 : Issue: 050 Today's Topics: Moderator: Leonard P. Levine Visual Recognition Systems UK Identity Cards & Smart Cards Re: CIBC and Royal Bank to do MONDEX pilot Credit Cards in Grocery Stores The Microsoft Win95 Virus - update Text Filter for the Very Good Anti-abortion Constable Charged with Offence Sending VISA Card Details by e-Mail (follow-up) Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: John Medeiros <71604.710@compuserve.com> Date: 29 May 95 21:05:15 EDT Subject: Visual Recognition Systems The following was reported in stories by Elisa Williams in the Orange County Register on May 14, 1995, Section 4: University of California (USC) is developing a facial recognition program called Eidos (from the Greek for "essence"). The program is designed to key in on approximately 45 landmarks on the human face. According to Michael J. Lyons, a research assistant professor at USC, the program concentrates on the area around the eyes because that area is least likely to change. In addition the program differentiates by sking texture and presence of facial hair. It identifies the face by comparing the landmarks with the faces in it's gallery (database). The system is more accurate when given multiple images of the same face to compare. Like a fingerprint identification system, the program calls up the faces of the nearest matches. Massachusetts Institute of Technology (MIT) is working on a competing system called Photobook. Taking a different approach, the MIT system works with information about an average face and then uses complex calculations to compare the average face to the face being examined. Their system is most successful when working with images of the same size and the same viewpoint. The third competitor is TrueFace from Miros, a Massachussetts based company. Miros uses neural network algorithms. Basically, the computer learns a face by examining it repeatedly. The computer generates a compressed image of the face which it stores as a a reference. Of the three competing systems, Miros is billed as being able to run successfully on existing desktop PCs. The systems are being sought by both governmental entities such as Department of Motor Vehicles and by industry. At this time, the programs are most successful at verification, matching a subject face against the known face in the database for identity confirmation. Recognition, or picking a face out of a crowded, moving picture, is far more complex. ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 30 May 95 14:47:39 EDT Subject: UK Identity Cards & Smart Cards from the Press Association (U.K.) news wire via CompuServe's Executive News Service: PA 05/24 1552 ROW BEGINS OVER ID CARDS By Teilo Colley, Crime Correspondent, PA News The Government sparked off an immediate and fierce debate today with its consultation paper on the introduction of identity cards. And there were clear signs of division on the issue within the Government's own ranks. Civil rights groups reacted furiously, decribing the Green Paper as a "giant con" and claiming an ID card system would be a "solution looking for a problem". Key points: o Profound objections to entire idea of identify cards among some back-bench Tories. o Other Members of Parliament report strong support for ID cards as part of the fight against crime. o Cabinet and police officials support ID cards for many stated benefits, including ease of investigation & fraud reduction. o Preventing forgeries will be crucial to success. o Civil liberties association, Liberty, "... claimed a voluntary card would soon become "compulsory in all but name" with people who refused to carry one becoming the target of suspicion." o Liberty also argued that "An electronic smart card would become a `portable dossier' of personal information, which the holder could not see, and which would bring with it no data protection controls." o Questions about effectiveness; Justice, a legal-reform group, and "the Institute for Public Policy Research, said there was no evidence to support such a claim in this country, or in countries such Germany and Spain, where ID cards are compulsory." -- M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: Christian.Reiser@aut.alcatel.at (Christian Reiser) Date: 31 May 95 07:51:04 +0200 Subject: Re: CIBC and Royal Bank to do MONDEX pilot bo774@freenet.carleton.ca (Kelly Bert Manning) said: The Canadian Imperial Bank of Commerce and the Royal Bank have announced plans to pilot a "smart" cash card. Apparently this is based on a chip based card used in Europe. Unlike a credit card there would be no name or other personal data on it. Users would supposedly refill it at an ATM or by dialing into their bank if they are unconcerned enough about banking by phone to get it activated for their account. Don't get impressed by the anonymity you seem to have. All these cards have a serial number and as soon as this number once gets connected to some personal data, every newspaper you pay with this card can be tracked down. In Austria such a system should be installed beginning next year, but I am afraid of security and safety aspects. The Company, which introduces these cards here, does not tell you anything about the means they use. And if their security depends on obscurity, I do not want to use this system. Greatings from Vienna/Austria -- Christian Reiser e-mail: Christian.Reiser@aut.alcatel.at Ofc: +431 277 22 / 3657 priv: C.Reiser@ieee.org Fax: +431 277 22 / 3955 http://www.egi.co.at/egi/reiser.htm For PGP-Key (private purpose) send e-mail with Subject: Query PGP Key ------------------------------ From: wmcclatc@internext.com (Bill McClatchie) Date: 31 May 1995 03:03:41 -0400 Subject: Credit Cards in Grocery Stores I have seen something new added to my credit cards slips when purching goods at a couple of Washington DC area grocers. They are adding the card holders name to the slips. Wouldn't this make it easier for someone to pick up one of these slips (which many peole just toss in the trash) and use them? The slips now provide almost all of the needed information for usage with phone orders (Name, Card number, expiration date) and for those who know something about credit card numbering, what type of card it is. like all Discover Cards start with the same 4 digits, AT&T Visa starts wtih the same 3 digit sequence, etc. -- Bill McClatchie wmcclatc@internext.com http://nyx10.cs.du.edu:8001/~wmcclatc ------------------------------ From: "Dr. Ethan V. Munson" Date: 30 May 95 17:50:07 -0500 Subject: The Microsoft Win95 Virus - update While this message sounds kind of alarmist and I have no confirmation of the validity of its contents, it should be of interest to several people in our department. ------- Forwarded Message Subject: The Microsoft Win95 Virus - update To: net.cool@ginsberg.CS.Berkeley.EDU Date: 26 May 1995 01:36:32 -0700 (PDT) The actual 'Win95 virus' is old news, but I thought the technical tidbit that follows this was worth noting. I'm surprised there hasn't been a stronger backlash against this. -San Newsgroups: comp.risks From: cnorloff@tecnet1.jcte.jcs.mil Date: 17 May 95 13:44:40 EDT Microsoft officials confirm that beta versions of Windows 95 include a small viral routine called Registration Wizard. It interrogates every system on a network gathering intelligence on what software is being run on which machine. It then creates a complete listing of both Microsoft's and competitors' products by machine, which it reports to Microsoft when customers sign up for Microsoft's Network Services, due for launch later this year. "In Short" column, page 88, _Information Week_ magazine, May 22, 1995 -- The implications of this action, and the attitude of Microsoft to plan such action, beggars the imagination. Chris Norloff cnorloff@tecnet1.jcte.jcs.mil An update on this. A friend of mine got hold of a copy of the beta test CD of Win95, and set up a packet sniffer between his serial port and the modem. When you try out the free demo time on The Microsoft Network, it transmits your entire directory structure in background. This means that they have a list of every directory (and, potentially every file) on your machine. It would not be difficult to have something like a FileRequest from your system to theirs, without you knowing about it. This way they could get ahold of any juicy routines you've written yourself and claim them as their own if you don't have them copyrighted. Needless to say, I'm rather annoyed about this. So spread the word as far and wide as possible: Steer clear of Windows 95. There's nothing to say that this "feature" will be removed in the final release. ------- End of Forwarded Message ------------------------------ From: ramole@aol.com (RAMole) Date: 01 Jun 1995 02:20:19 -0400 Subject: Text Filter for the Very Good Organization: America Online, Inc. (1-800-827-6364) Although I have met few people who will admit to being unable to handle strong language, I suppose there must be some somewhere, or to whom can Exon be pandering? It should be possible to write software to filter any incoming text stream and blank out the horrible awful dirty words just as newspapers do, e.g. "Senator Exon is an *******!" Availability of such a filter -- and the AOLs and Compuserves could offer it free -- could remove one of the last reasons that the Aggressively Fragile could find for needing protection via the Exon Bill. They can already get software to lock out access to "dirty ftp sites", but could still be subjected to frightful e-mail, ads for F*** magazine on the alt.poetry newsgroup and so on. This way they could be totally SAFE! They could even add their own "fainting words" (heck, durn and drat!) to an Extra file. I'm tempted to say this should be freeware, but on second thought maybe they ought to pay through the nose, and make the author rich. Anyone else have some ideas on this? -- Alan Mole ramole@aol.com ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 01 Jun 1995 07:15:52 GMT Subject: Anti-abortion Constable Charged with Offence Organization: The National Capital FreeNet, Ottawa, Ontario, Canada Constable Steve Parker of Delta, BC has been charged with "discreditable conduct" under the BC Police Act after investigators advised that it would be unlikely that a succesful prosecution for criminal Breach of Trust could be obtained. There was no evidence that he benefited directly when he used the Canadian Police Information Computer to obtain the vehicle registration details of cars parked near a Vancouver Abortion clinic. The victims of this breach of the BC FOI/POP act, and the Information and Privacy Commissioner, have commented on the lack of civil remedies and criminal sanctions demonstrated by this case. Constable Parker at the time was the treasurer of a BC anti-abortion group and says that he did the searches after being called by his mother, who jotted down licence numbers while protesting at the clinic. ------------------------------ From: NRA@maxwell.ph.kcl.ac.uk Date: 02 Jun 1995 17:07:21 GMT Subject: Sending VISA Card Details by e-Mail (follow-up) Organization: Dept Physics, Kings College London Sorry if the subjest doesn't match my last post -- my original post has expired off the server. Anyway, I was interested to see an article about fraud caused by e-mailing Visa numbers in today's "Independant" (UK national newspaper) which cast some light on my question. Firstly, it's worth repeating the quote from Barclay's bank: "... but we would make it clear that for someone to send their credit card number unencrypted across the Internet breaks their agreement with the bank that issued the card." That's pretty clear: DON'T DO IT! (or you may indeed wind up footing the bill when a hacker grabs your number). Second, the banks are suffering BADLY from this problem and are actively investigating means to encrypt card numbers across the net (one that doesn't fall foul of the silly USA DoD restriction that PGP and its ilk are restricted exports). Third, there seems to be a divide between USA and non-USA which means that USA customers fare worst. In the UK, a retailer must confirm that the address to which he ships gods* is the same as the address of the credit card owner (or risk not being paid for a fraudulent order). "American banks refuse to let mail-order companies check the address of the card's owner". So, if I know the number of a USA-issued card I can use it to order stuff to be delivered to any address I choose, like a few grand's worth of SIMMS to an accomodation address! This is of course a privacy issue. It seems to me that a valuable safeguard is being disabled. I wouldn't want a bank to tell someone what my address was, but that's quite different to confirming (or denying) an address that I have already volunteered to the enquirer. Hope this is of interest, -- Nigel Arnot NRA@MAXWELL.PH.KCL.AC.UK * or goods for that matter: one of my better typos. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #050 ****************************** .