Date: Wed, 29 May 96 08:36:31 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#043 Computer Privacy Digest Wed, 29 May 96 Volume 8 : Issue: 043 Today's Topics: Moderator: Leonard P. Levine Re: Biometric Encryption Re: Biometric Encryption All Calls are Logged Equifax for Employee Background Checks Announcement about Privacy legislation in Canada Re: Free PGP shell available for Windows unsolicited email ? Re: Privacy Phone Guard How Secure are 900 MHz Digital Cordless Phones? Re: Privacy Phone Guard Re: Drafts of Medical Records Privacy Legislation Stalker's Home Page UPDATE New Journal of Electronic Privacy Issues Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: Phil Agre Date: 26 May 1996 17:27:30 -0700 (PDT) Subject: Re: Biometric Encryption Charles Bryant suggests that the Mytec fingerprint-based biometric encryption device could be fooled by a simulated fingerprint. Mytec's advertising literature addresses this point at some length, claiming that a copy of a fingerprint generates a much different image in the device than a real fingerprint, given the light-scattering properties of fingerprint ridges and skin oils. Someone could indeed sever your finger to fool the machine, but stronger protection than simple fingerprint identification would seem indicated for any application so important that someone would be willing to dismember a person to break into it. -- Phil Agre, UCSD ------------------------------ From: Lewis L Hart Date: 28 May 1996 12:45:24 GMT Subject: Re: Biometric Encryption Organization: Unisys Solutions Integration References: Sorry if any of this has been discussed already, I missed the begining of the thread. Many of the issues that are being discussed about fingerprints are not valid concerns. There are several aspects of current finger scanning technology that make the forgery of a fingerprint very difficult: 1. Most scanners rely on the fact that a finger is a three-dimensional object. The scan is based on where the ridges touch the scanning surface. They are not photograpic, and a two-dimensional image of a print will not work. 2. The algorithms for matching are very sensitive to the strucuture of the ridges. A three dimensional model would have to be very exact. Any extra breaks or filled-in spaces would cause the match to fail. 3. It is very easy to tell if a finger is attached and alive. Current medical technology can measure pulse and blood oxygen saturation through a non-envasive finger probe. A severed finger would of course have no pulse and a low oxygen sat. IMHO, the highest risk is being forced to supply the live finger by an armed criminal. At least with a PIN, you can give up the code and hope the bad guy goes away. -- Lewis Hart lewish@unisys.federal.com ------------------------------ From: crissiet@ix.netcom.com (Crissie Trigger ) Date: 26 May 1996 20:03:54 -0700 Subject: All Calls are Logged For those who are upset about caller I.D., I have been informed by several private investigators that every telephone call, local as well as long distance made through a typical phone company is registered on a computer as to the number of the caller and callee, date & time of the call, and the length of the call. Big brother isn't always listening, but he can usually go back and check the records. ------------------------------ From: anonymous Date: 27 May 1996 10:03:42 -0500 (CDT) Subject: Equifax for Employee Background Checks Organization: University of Wisconsin-Milwaukee (You are encouraged to disseminate this, but please withhold my name) [moderator: I will post this under my own userid] information on people, does credit checks, check verifications, is a collection agency, and and keeps and disseminates a lot of bad information, misinformation, and are in my opinion generally bad people compared to others in the business. They are also hired to snoop on people, question neighbors and do public records checks. I, and many others have always felt it is extremely unethical and improper for a company like this to be a credit reporting agency, and at the same time be in the credit collection business. They threaten to ruin your credit if you don't pay, then report you as bad in their reports. They are very intrusive into your private life, and once info gets into their computers it is hard to get it out. ------------------------------ From: COLIN BENNETT Date: 27 May 1996 11:06:09 -0700 (PDT) Subject: Announcement about Privacy legislation in Canada Further to my previous message about the promise of private sector privacy legislation in Canada, the full text of the Canadian government's announcement can be found at: http://info.ic.gc.ca/infor-highway/ih.html The government's announcement has been greeted publicly by both the Federal Privacy Commissioner, Bruce Phillips, and by the Canadian Direct Marketing Association. -- Colin J. Bennett Associate Professor Department of Political Science University of Victoria Victoria, B.C. CANADA. V8W 3P5 CJB@UVIC.CA (604) 721-7495 (voice) (604) 721-7485 (fax) ------------------------------ From: "Dr. Tom Blinn, 603-881-0646" Date: 27 May 96 20:26:37 -0400 Subject: Re: Free PGP shell available for Windows alpha1@znet.com reported: I have uploaded to Simtel.Net: pn123-01.zip Free Windows PGP shell for any e-mail program Just out of curiosity, who will vouch for the purported author of this program that it does, in fact, do what it claims, and isn't some subtle and pernicious virus or trojan horse? -- Dr. Thomas P. Blinn, UNIX Software Group, Digital Equipment Corporation 110 Spit Brook Road, MS ZKO3-2/U20 Nashua, New Hampshire 03062-2698 Technology Partnership Engineering Phone: (603) 881-0646 Internet: tpb@zk3.dec.com Digital's Easynet: alpha::tpb Worry kills more people than work because more people worry than work. My favorite palindrome is: Satan, oscillate my metallic sonatas. -- Phil Agre, pagre@ucsd.edu Opinions expressed herein are my own, and do not necessarily represent those of my employer or anyone else, living or dead, real or imagined. ------------------------------ From: dorsett@coastalnet.com (Stephen Dorsett) Date: 28 May 1996 09:38:22 -0400 Subject: unsolicited email ? Organization: Global Information Exchange Corp. Please excuse if this has been beaten up here before, but I am interested in any legal precedents for fighting unsolicited email. The case in point is a company that has apparantly pulled together a list of email addresses from usenet news. They mass mail these individuals with advertisements from individuals or organizations who presumably pay for this "service". There are instructions in each message explaining how to "unsubscribe" from their list, but two attempts to date have proven unsuccessful. What are my legal right here ? Is there any legislation concerning this ? Are there any court cases so far ? What Please respond via email also. -- ======================================================================== J. Stephen Dorsett Senior Systems Administrator, IBM PowerPC Solutions dorsett@coastalnet.com (919) 254-2411 (office) ======================================================================== ------------------------------ From: peter@baileynm.com (Peter da Silva) Date: 28 May 1996 17:31:17 GMT Subject: Re: Privacy Phone Guard Organization: Network/development platform support, NMTI References: Wouter Janssen wrote: If you walked up to my door and rang the doorbell with a bag over your head, would you be surprised that I would be unlikely to let you in? Is it be a violation of your privacy for me to request that you identify yourself before I decide whether to open the door? No, not at all, but when I ring your doorbell without that bag and came to ask you how to get to the railwaystation would you still ask me for some ID ? In the absence of videophone technology it's not possible to remove that bag from your head. Because I wouldn't like the idea of you putting me into some sort of database and then sending me add's about the things you/your company sells. I don't like being called by companies selling me things without knowing who they are. It's amazing how many calls I get that say they're from so-and-so services or such-and-such roofing. I don't understand why you should always know who you're talking to. If someone on the street asks you something, do you ask his/er name, phone# and an ID as well? I don't.. I can see his face. I don't have the technology to see your face on the telephone. Why do you want the phone system to reveal the other calling party? Because I get a lot of phone calls from people I know I don't want to talk to (so-and-so services or such-and-such roofing, for example). I simply don't pick up the phone in those cases. I hope I wasn't offensive, because I didn't intend to be, I just wanted to clarify some of us like to keep some info about ourselves for ourselves. And when that fails, it's nice to know who has that info. -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. My opinions probably scare them ------------------------------ From: asinghal@tti.com (as) Date: 28 May 1996 22:14:26 GMT Subject: How Secure are 900 MHz Digital Cordless Phones? Organization: Transaction Technology, Inc. Hi all! If there is a FAQ that discusses the following, please pardon my ignorance! I keep hearing that digital cordless phone conversations are private. Could someone please explain to me why? Is it simply because scanners which intercept digital transmissions are not commonly available? Or is there something about digital transmission technology that makes the transmissions un-decodable? If I use a 900 MHz digital cordless phone, is it safe to discuss credit card numbers, SSN, and other personal information without worrying that someone may be listening? How safe is it to do touch-tone banking? Do digital cordless phones routinely scramble their transmissions? If so, what kind of algorithms are used for scrambling? How hard would it be to unscramble if someone was reasonably determined? Thanks in advance. Please post or email to asinghal@tti.com. ------------------------------ From: jonathon Date: 27 May 1996 20:00:41 +0000 (GMT) Subject: Re: Privacy Phone Guard EricF@microhouse.com (Eric Fowler) wrote: CallerID by itself means very little. What happens when the calling/receiving phone numbers are indexed into one database? I don't want such a record of my calls to exist, and I really have nothing to You are about 70 years to late to object to that one. records of individual's calling patterns. This is not happening yet but mark my words, it will. Again, Erik, you are way to late in your prediction. Currently your calling record << local & long distance >> is available for around $100 per month wanted, from various information brokers. That information has been available for sale for at least the last two decades, probably longer. -- jonathon grafolog@netcom.com ------------------------------ From: cs115-009 <> Date: 28 May 1996 09:59:40 -0400 Subject: Re: Drafts of Medical Records Privacy Legislation Organization: Armstrong State College, Savannah, GA References: With all the problems arising in the health care field, could you just give me a thorough defintion of a "health professional". -- Rebecca Austin 6649 cs115009@solaris.armstrong.edu E-mail! It's real! ------------------------------ From: glr@ripco.com (Glen L. Roberts) Date: 27 May 1996 13:43:36 GMT Subject: Stalker's Home Page UPDATE Organization: Full Disclosure The Stalker's Home Page -- your source for freely available information from internet databases, which recently came under attack by Banyan Systems Inc (creators of Switchboard.com), has expanded. A number of new resources have been added. Military Locator, FAA database, SEC Filings, and more! Check it out. Get all that great data -- join the debate about privacy! Find out if the internet holds personal or private data about you! Find out if it is correct or not! Remember, if it is there, OTHERS will PRESUME it is correct! http://pages.ripco.com:8080/~glr/stalk.html -- Web Page Under Attack by Corp Lawyers! Is the web for Corp Profit & Power? http://pages.ripco.com:8080/~glr/stalk.html ------------------------------ From: benson@sorted.com (E. Benson`) Date: 28 May 1996 05:38:52 GMT Subject: New Journal of Electronic Privacy Issues Organization: sorted - electronic issues on an insecure planet Electronic privacy, security journal to premier June 1 "sorted," a journal of electronic issues on an insecure plant, will debut on the World Wide Web June 1, 1996. Located at "http://www.sorted.com", the journal will address issues related to electronic privacy, wiretapping, surveillance, encryption, the V-Chip and Clipper Chip, and related issues. Issue No. 1 contains feature articles by internationally known author and NPR commentator Andrei Codrescu and computer privacy consultant and Private Idaho author Joel McNamara. The journal also features an FTP site which includes a full mirror of Cypherpunks PGP archive and related files. The address is "ftp.sorted.com/pub/encryption". ------------------------------ From: "Prof. L. P. Levine" Date: 29 May 1996 09:14:50 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #043 ****************************** .