Date: Wed, 03 Feb 93 17:58:23 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#013 Computer Privacy Digest Wed, 03 Feb 93 Volume 2 : Issue: 013 Today's Topics: Moderator: Dennis G. Rears Prodigy class action suit Computers Freedom and Privacy '93, Mar 9-12 How to contact the Clinton White House Re: Ohio requires SSN for children to go to school?!!!? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Sun, 6 Dec 1992 11:45:33 -0500 (EST) From: Eugene Levine Subject: Prodigy class action suit Attached is a text article receivedfrom a local BBS. I apologize if this is not theway to send such material to a moderated list, and would appreciate information about how to do this properly (I've only been using the Internet for two months, and am still in need of nurturing advice on netiguette. --Gene Levine elevine@world.std.com [Moderator's Note: I got this a while ago. I had misfiled it. ._dennis ] FROM: Tim Pearson Area # 39 ( 14_REC ) TO: All MSG # 9603, May-8-91 1:56am SUBJECT: Prodigy Article ============================================================================= * Forwarded by Tim Pearson (1:286/703) using GoldED 2.30 * Area : OZARK_NET (Ozark Net) * From : Joel Dannelley, 1:286/730.2 (07 May 91 21:59) * To : Tim Pearson * Subj : Prodigy Article ============================================================================= Heres something I found taht you might be interested in. MORE OF A PRODIGY THAN WE THINK? ================================ By Linda Houser Rohbough The Los Angeles County D.A's Office made known that it is considering additional charges against Prodigy, a computer information service oper- ated by Sears Roebuck & Co and IBM. The D.A.'s office said its investiga- tion into Prodigy to include possible criminal and civil violations invol- ving alleged unfair business practices and unauthorized access to com- puters and computer data. They said a file called STAGE. DAT created by Prodigy software to facilitate processing is the file in question and the reason for the expanded investigation. The L. A. County District Attorney is formally investigating PRODIGY for deceptive trade practices. Computer users nationwide, are free to an- nounce the fact of the investigation. Anyone can file a complaint. From anywhere. The address is: District Attorney's Office Department of Consumer Protection Attn: RICH GOLDSTEIN, Investigator Hall of Records Room 540320 West Temple Street Los Angeles, CA 90012 Please, Goldstein doesn't want phone calls, he wants simple written statements and copies (no originals) of any relevant documents attached. He will call the individuals as needed, he doesn't want his phone ringing off the hook, but you may call him if it is urgent at 1-213-974-3981. PLEASE READ THIS SECTION EXTRA CAREFULLY. YOU NEED NOT BE IN CALIFORNIA TO FILE!! THE COUNTY IS REPRESENTING THE STATE OF CALIFORNIA. This ISN'T limited to L. A. County and complaints are welcome from ANYWHERE in the Country or the world. The idea is investigation of specific Code Sections and if a Nationwide Pattern is shown, all the better. The stigma that haunts child prodigies is that they are difficult to get along with, mischievous and occasionally, just flat dangerous, using innocence to trick us. I wonder if that label fits Prodigy, Sears and IBM's telecommunications network? Those of you who read my December article know that I was tipped off at COMDEX to look at a Prodigy file, created when Prodigy is loaded ST- AGE.DAT. I was told I would find in that file personal information from my hard disk unrelated to Prodigy. As you know, I did find copies of the source code to our product FastTrack, in STAGE.DAT. The fact that they were there at all gave me the same feeling of violation as the last time my home was broken into by burglars. I invite you to look at your own STAGE.DAT file, if you're a Prodigy user, and see if you found anything suspect. Since then I have had nume- rous calls with reports of similar finds, everything from private patient medical information to classified government information. The danger is Prodigy is uploading STAGE.DAT and taking a look at your private business. Why? My guess is marketing research, which is expen- sive through legitimate channels, and unwelcomed by you and I. The ques- tion now is: Is it on purpose, or a mistake? One caller theorizes that it is a bug. He looked at STAGE.DAT with a piece of software he wrote to look at the physical location of data on the hardisk, and found that his STAGE.DAT file allocated 950,272 bytes of disk space for storage. Prodigy stored information about the sections viewed frequently and the data needed to draw those screens in STAGE.DAT. Service would be faster with information stored on the PC rather then the same information being downloaded from Prodigy each time. That's a viable theory because ASCII evidence of those screens shots can be found in STAGE.DAT, along with AUTOEXEC.BAT and path information. I am led to believe that the path and system configuration (in RAM) are diddled with and then restored to previous settings upon exit. So the theory goes, in allocating that disk space, Prodigy accidently includes data left after an erasure (As you know, DOS does not wipe clean the space that deleted files took on the hard disk, but merely marked the space as vacant in the File Allocation Table.) There are a couple of problems with this theory. One is that it as- sumes that the space was all allocated at once, meaning all 950,272 bytes were absorbed at one time. That simply isn't true. My STAGE.DAT was 250,000+ bytes after the first time I used Prodigy. The second assumption is that Prodigy didn't want the personal information; it was getting it accidently in uploading and downloading to and from STAGE.DAT. The E-mail controversy with Prodigy throws doubt upon that. The E-mail controversy started because people were finding mail they sent with comments about Prodigy or the E-mail, especially negative ones, never arrive. Now Pro- digy is saying they don't actually read the mail, they just have the computer scan it for key terms, and delete those messages because they are responsible for what happens on Prodigy. I received a call from another user group who read our newsletter and is very involved in telecommunications. He installed and ran Prodigy on a freshly formatted 3.5 inch 1.44 meg disk. Sure enough, upon checking STAGE.DAT he discovered personal data from his hard disk that could not have been left there after an erasure. He had a very difficult time trying to get someone at Prodigy to talk to about this. There's a file called 'fraudigy.Zip' that I suggest all who use the prodigy service take very seriously. The file describes how the Prodigy service seems to scan your hard drive for personal information, dumps it into a file in the prodigy sub-directory called 'STAGE.DAT' and while you're waiting and waiting for that next menu come up, they're uploading your stuff and looking at it. Today while in Babbages's, I was talking to a friend when a gentleman walked in, heard our discussion, and piped in that he was a columnist on Prodigy. He said that the info found in 'fraudigy.Zip' was indeed true and that if you read your on-line agreement closely, it says that you sign all rights to your computer and its contents to Prodigy, IBM & Sears when you agree to the service. I tried the tests suggested in 'fraudigy.Zip' with a virgin 'Prodigy' Kit. I did two installations, one to my often used hard drive partition, and one onto a 1.2Mb floppy. On the floppy version, upon installation (without logging on), I found that the file 'stage.Dat' contained a lis- ting of every .Bat and setup file contained in my 'c:' drive boot direc- tory. Using the hard drive directory of Prodigy that was set up, I proceeded to log on. I logged on, consented to the agreement, and logged off. Remember, this was a virgin setup kit. After logging off I looked at 'stage.Dat' and 'cache.Dat' found in the Prodigy subdirectory. In those files, I found pointers to personal notes that were buried three sub-directories down on my drive, and at the end of 'stage.Dat' was an exact image copy of my pc-desktop appointments calender. Check it out for yourself. I had my lawyer check his STAGE.DAT file and he found none other than CONFIDENTIAL CLIENT INFO in it. Needless to say he is no longer a Prodigy user. --------------------------------------------------------------------------- Kinda interesting ain't it? Enjoy........... -!- LED ST 0.10 ! Origin: Friends don't let Friends drive Fords! (1:286/730.2) ============================================================================= Tim --- GoldED 2.30 * Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703) FROM: Tim Pearson Area # 39 ( 14_REC ) TO: All MSG # 9602, May-8-91 1:26am SUBJECT: Prodigy Service Hello All, This message is going to sound too incredible to believe. If anyone reading this echo subscribes to the "Prodigy" service, I encourage you to look inside the file called "STAGE.DAT" in your \Prodigy sub-directory. I was alerted to this by one of my users. You should be amazed at what you'll find. I was. To explain: Prodigy is a service like CompuServe and is owned by Sears. To access Prodigy, you use their proprietary terminal software. One of the files the Prodigy software uses is called "Stage.Dat". It is quite large and is supposed to be used to store prodigy menus, text, and other information so as to actually place part of the prodigy service on your computer's hard drive. When you are just sitting there reading a prodigy menu, the software sends and receives data from and to the STAGE.DAT file as a background process. If you have an external modem, watch the lights when you're not doing anything. You'll see that data is still being exchanged. Now to the incredible part... When I examined my "Stage.Dat" file with Norton, I found all kinds of information in there that the prodigy "terminal" software had gleaned from dozens, if not hundreds, of other files on my system's hard drive. Examples include: - Text from private FidoNet netmail messages - A portion of the FidoNet nodelist - Eddie Seasholtz's name (NC 284). - AreaFix and Session passwords from my D'Bridge config file. - Routing information from my D'Bridge config file. - The name of almost every .BAT file on my computer The clear implication is that Prodigy is capturing and uploading information from its users' computers. I have no proof that the prodigy terminal software acutally transmitted any of this information to the prodigy host. However, if it were not to be transmitted then why in the heck did they include obviously sophisticated code in the program to glean this information from my hard drive and place it in their STAGE.DAT file? The algorythm they use seems to like "D'Bridge", as well as the words "Control", "Password", "Config", and anything preceeded or followed or enclosed in asterisks or dashes. Needless to say, I'll no longer be running the Prodigy.Exe terminal program. I would encourage any of you who use Prodigy to examine your own STAGE.DAT file. You may be horrified at what you find. You'll need to be patient. My Stage.Dat file was over 900K and most of the interesting stuff was near the end of the file. I'd be interested to hear from anyone who makes similar discoveries. Perhaps, if we can show that they've violated FidoNet's copyright, some legal action might be indicated. Take care... Tim P.S. Feel free to forward this message to your own local sysop echoes if you so desire. --- GoldED 2.30 * Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703) ysop echoes if you so desire. --- GoldED 2.30 * Origin: Region 14 Coordinator - [1:286/703@fidonet] (FidoNet 1:286/703 --1073741863-647511930-723660492:#29363-- ------------------------------ From: Al Subject: Computers Freedom and Privacy '93, Mar 9-12 Date: 28 Jan 93 16:10:49 GMT CFP'93 The Third Conference on Computers, Freedom and Privacy 9-12 March 1993 San Francisco Airport Marriott Hotel, Burlingame, CA The CFP'93 will assemble experts, advocates and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to address the impact of computer and telecommunications technologies on freedom and privacy in society. Participants will include people from the fields of computer science, law, business, research, information, library science, health, public policy, government, law enforcement, public advocacy and many others. Some of the topics in the wide-ranging CFP'93 program will include: ELECTRONIC DEMOCRACY - looking at how computers and networks are changing democratic institutions and processes. ELECTRONIC VOTING - addressing the security, reliability, practicality and legality of automated vote tallying systems and their increasing use. CENSORSHIP AND FREE SPEECH ON THE NET - discussing the problems of maintaining freedom of electronic speech across communities and cultures. PORTRAIT OF THE ARTIST ON THE NET - probing the problems and potential of new forms of artistic expression enabled by computers and networks. DIGITAL TELEPHONY AND CRYPTOGRAPHY - debating the ability of technology to protect the privacy of personal communications versus the needs of law enforcement and government agencies to tap in. HEALTH RECORDS AND CONFIDENTIALITY - examining the threats to the privacy of medical records as health care reform moves towards increasing automation. THE MANY FACES OF PRIVACY - evaluating the benefits and costs of the use of personal information by business and government. THE DIGITAL INDIVIDUAL - exploring the increasing capabilities of technology to track and profile us. GENDER ISSUES IN COMPUTING AND TELECOMMUNICATIONS - reviewing the issues surrounding gender and online interaction. THE HAND THAT WIELDS THE GAVEL - a moot court dealing with legal liability, responsibility, security and ethics of computer and network use. THE POWER, POLITICS AND PROMISE OF INTERNETWORKING - covering the development of networking infrastructures, domestically and worldwide. INTERNATIONAL DATA FLOW - analyzing the issues in the flow of information over the global matrix of computer networks and attempts to regulate it. The conference will also offer a number of in-depth tutorials on subjects including: * Information use in the private sector * Constitutional law and civil liberties * Investigating telecom fraud * Practical data inferencing * Privacy in the public and private workplace * Legal issues for sysops * Access to government information * Navigating the Internet INFORMATION For more information on the CFP'93 program and advance registration call, write or email to: CFP'93 INFORMATION 2210 SIXTH STREET BERKELEY, CA 94710 (510) 845-1350 cfp93@well.sf.ca.us A complete electronic version of the conference brochure with more detailed descriptions of the sessions, tutorials, and registration information is also available via anonymous ftp from sail.stanford.edu in the file: /pub/les/cfp-93 or from sunnyside.com in the file: /cfp93/cfp93-brochure or via email from listserv@sunnyside.com by sending mail with this text: GET CFP93 CFP93-BROCHURE [Moderator's Note: This has appeared once before. I figured I would give it more shot. ._dennis ] ------------------------------ From: Bruce Schneier Subject: How to contact the Clinton White House Organization: Chinet - Public Access UNIX Date: Fri, 29 Jan 1993 20:32:42 GMT The White House is on-line. Send mail to them at: 75300.3115@Compuserve.COM Bruce **************************************************************************** * Bruce Schneier * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 * schneier@chinet.chi.il.us **************************************************************************** ------------------------------ From: Dave Andrews Subject: Re: Ohio requires SSN for children to go to school?!!!? Date: Sat, 30 Jan 1993 14:00:54 GMT In article Paul Scheidler writes: > >I am informed by the school that the state of Ohio requires a SSN for the >child to go to school. If you don't have one, they will assign you a >temporary number until you get your official SSN. I have not fully >investigated the actual law, but I plan on fighting this law. > >What are my options here? Can they deny my child an education because >she is not numbered? I don't see the big deal here. They asked for the SSN, you refuse, so they make up a number for their own use. You get what you want, they have a number to index you in their own accounting systems. The FAA assigned me an alternate number when I got my PP license and refused my SSN.... no big deal. My university does (um, did -- it's been a lonnng time) the same thing. - David Andrews dandrews@bilver.oau.org ------------------------------ End of Computer Privacy Digest V2 #013 ******************************