Date: Sat, 03 Dec 94 08:22:21 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#069 Computer Privacy Digest Sat, 03 Dec 94 Volume 5 : Issue: 069 Today's Topics: Moderator: Leonard P. Levine Re: DC Metro Smart Cards Re: DC Metro Smart Cards Re: DC Metro Smart Cards Parents' SSNs wanted for Fundraising Re: Mother's Maiden Name Re: Proof of Birth Re: DMV Records Is Per-Call Blocking Worthless? Re: Clarifying answers to TEN QUESTIONS Re: Clarifying answers to TEN QUESTIONS Info on CPD, (unchanged since 11/28/94) ---------------------------------------------------------------------- From: huggins@quip.eecs.umich.edu (Jim Huggins) Date: 30 Nov 1994 22:41:29 GMT Subject: Re: DC Metro Smart Cards Organization: University of Michigan EECS Dept., Ann Arbor, MI Dave Moore writes: [NY Post reports on] the planned introduction of a Smart Card for using the DC Metro. The other thing that struck me is that they (Metro Authority) plan on charging a "Premium" for the card. A discount I could understand to encourage its use, but why would anyone want to pay extra for this thing? Convenience. Presuming that the system works and that privacy doesn't become a problem, you don't have to fish through your pocket to find correct change or a token, and you don't have to stand in line to get through a tiny turnstyle which inevitably slows you down during rush hour. It's the same way with other technologies which have the capability of invading privacy. Sure, I could pay cash for everything I bought, but I trade the possible loss of privacy in using checks and credit cards for the convenience of not having to carry lots of cash. -- Jim Huggins, Univ. of Michigan huggins@eecs.umich.edu "You cannot pray to a personal computer no matter how user-friendly it is." (PGP key available upon request) W. Bingham Hunter ------------------------------ From: rutgera@rd.mey.nl (Rutger Alsbach) Date: 01 Dec 1994 11:42:41 GMT Subject: Re: DC Metro Smart Cards Dave Moore writes about the DC Metro Smart Card: It also stated that it was far more secure than a standard fare card because if you lost it, you could report it stolen and have it disabled. I infer from this that your personal ID is tied to the card and that it is not anonymous. It could also be that the card is identifiable by a number. You could write that down and keep it at a safe place (away from the card). If the card is stolen, DC Metro can disable the card and pay a refund (minus charges) to the person that reports its number. All this can be done anonymously (as long as you pay cash and receive a cash refund). DC Metro could still track the use of the card but they don't have a name to connect it with. Additional advantage is, that it is harder for personal enemies or practical jokers to have your card disabled (and get the refund) by saying your name and reporting it stolen - they need the number. -- Rutger ------------------------------ From: Raul Deluth Miller Date: 01 Dec 1994 13:38:57 -0500 Subject: Re: DC Metro Smart Cards Interestingly enough, the DC Metro system looks like it was designed to enable tracking the movement of all individuals who pass through it. [A] There are numerous security cameras at the stations. In the past, many have been positioned to observe people at the farecard machines as well as at the gates. [B] A debit card is used, which lasts across multiple trips, and which must be used both to enter and exit the system. [C] Typically, a debit card "session" will last across multiple cards [the card has a fractional fare, and is redeemed and reissued on a new card.] [D] Other interactions with the system typically involve the acquisition of identification information from patrons. For example, At one point, people were asked to sign the metro cards but this request was widely disregarded... People who use an ATM card to buy a metro card either get their picture taken or are asked for a signature. Obviously, this is not a complete tracking system, most metro users will establish a regular pattern of use, greatly simplifying the analysis and reduction of such data. To use the present system for tracking, you would need: [A] High bandwidth connection between the video system and some sophisticated analysis site. [B] Similar (but lower bandwidth) connection between the fare card machines and gates and the analysis site. [C] Classification software which roughly categorizes each card user. [D] Analysis personnel and correlation systems sufficient to annotate and give attention to records which match "high risk" profiles. Of course, there are difficulties with such a system: Automated camera identification of people -- even when assisted by typical patterns of behavior -- is not likely to be particularly effective or efficient. Many users discard low-value metro cards, rather than redeem them. The probability of a lost metro card is high enough that many people opt for single trip cards. Etc. The expense of such a system would make it hard to justify. However, it's plausible that national security concerns might be used to put at least some of the above mechanisms in place [if this were the case, then there should also be mechanisms in place to look for other indicators, such as electromagnetic field signatures of common weapons]. Anyways, this is all speculation. -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d ------------------------------ From: wrf@ecse.rpi.edu (Wm. Randolph U Franklin) Date: 01 Dec 1994 01:11:35 GMT Subject: Parents' SSNs wanted for Fundraising Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA This is from Chronicle of Higher Ed, Nov 30, page A35, an article on getting students' parents to contribute money even before the student has graduated. George Wash U asks parents to fill out and return an info card, which appears to be from the Registrar, but is in fact from Development (=fundraising). The card asks for the parent's SSNs. The article says that Development can use this info to get the parent's income and property that they own, tho it doesn't outright say that GWU is doing this. -- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA More info: (1) finger -l wrf@ecse.rpi.edu (2) http://www.ecse.rpi.edu/wrf.html ------------------------------ From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500) Date: 01 Dec 94 08:36:06 EST Subject: Re: Mother's Maiden Name Barry Margolin said: Probably one of the better methods is American Express's. If they notice a shift in your purchasing style they'll ask the merchant to put you on the line, and they ask you for recent purchases prior to the style change. This is clearly a reasonable approach. SPRINT at least used to use something *sort of* similar: in 1988, after having used SPRINT for 2 years, I started travelling a fair bit on business. Mostly I used my company card for long distance; on one occasion, however, I was in New York and called my parents, in Canada. A few MONTHS later I tried to use the FON card again and (after successive tries, then a call to Customer Service) found that it had been cancelled. Why? Because the call to my parents was "outside my normal calling pattern". Never mind that such calls are presumably the main purpose of such a card for an individual; never mind that I call my parents regularly, and that the odds of a thief stealing my card in order to call them were small; never mind that SPRINT didn't bother to notify me in the intervening months (July to December, in fact). Actually, they did claim that they try to contact people, but they won't leave messages on answering machines. Never mind that the answering machine is on the primary line to which the card was billed -- hence if that machine is compromised, I'm hardly going to be able to complain. When I suggested that, given their policy, they should just send me several dozen cards so that, after using each once, I could cut it up and throw it away so they could cancel it, they stopped being friendly and suggested that I change my service if I was displeased with it. And, of course, the promised callback from a supervisor never came (and I lost interest in following up on it). -- phsiii ------------------------------ From: jwendt@kosepc02.delcoelect.com (John Wendt) Date: 01 Dec 1994 17:50:28 GMT Subject: Re: Proof of Birth Organization: Delco Electronics Corp. Eric Poulsen writes: few years ago, I was going to do some travelling, so I set about obtaining a passport. I was told that I need a "record of birth" (different from a birth certificate), and they gave me an address to write to my state of birth (AK) to obtain this document. Well, I wrote to them, and simply told them my name and address (my name isn't very common, so I figured it was unlikely to be two people born in AK -> A few weeks later, I recieved a "record of birth" for someone 9 years older than I. Turns out that he had the same first & last name as myself, but a different middle name,>Then it occured to me ... I could probably obtain this sort of document for *ANYONE* as long as I knew their place of birth. I could have easily obtained a passport with the other fellow's name, etc, etc ..., but with MY picture on it. As long as I picked someone who was near the same age, race, eye, & hair color (not that farfetched), I could "assume" someone else's identity! T It used to be a not-uncommon scam to look in a newspaper from about the time of your own birth, pick someone who had died in infancy, then apply for a birth certificate in the name of that person. "60 Minutes" once showed one of their reporters going through the process. You have no past, of course, no school or credit record, but credit is still available. I believe that Indiana now requires a photo ID to get a BC. But what do you use to get that first photo ID...? ======================================================================== John M. Wendt | Ah, but a man's reach should Software Engineer | exceed his grasp, Service Test Equipment Engineering | Else what's a metaphor? Delco Electronics Corp., Kokomo IN, USA | | -- Marshall McCluhan (Standard Disclaimers Apply) ------------------------------ From: thwong@cs.cornell.edu (Ted Wong) Date: 01 Dec 1994 22:04:11 GMT Subject: Re: DMV Records Organization: Cornell Univ. CS Dept, Ithaca NY 14853 Barry C Nelson (bcn) wrote: The recently enacted Violent Crime Act changes the federal law with regard to granting access to state DMV records. Sec 300001 adds a new chapter in Title 18 U.S.C., Chapter 123, Section 2721 (a): "Except as provided in subsection (b) a State department of motor vehicles and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record." Interestingly, "personal information" does not include information on vehicle accidents, violations or driver's status or zip code. How will this new law affect the following procedure: Cornell University has its own traffic department that enforces the on-campus parking rules. If a student gets a parking ticket, and was registered previously with the Traffic Department (through purchase of a parking permit), the ticket will be applied to that student's bursar bill if he fails to send in a check for the fine. However, most students don't buy parking permits since they're fairly expensive, and thus TD doesn't have a record cross-referencing the car registration number to the owner; if the student doesn't pay by check, TD can't get the fine. What happens then is that TD contacts the Department of Motor Vehicles in the state the car was registered, and gets the name of the owner. The name is cross-refed against the student list, and the fine applied to the matching account if one exists. With the change in law, will state DMVs still be able to provide Cornell with information it wants? -- Ted Wong |DISCLAIMER: |Cornell's opinions are its own, Computer Science |and do not necessarily reflect Cornell University |those of the author. ------------------------------ From: "Prof. L. P. Levine" Date: 01 Dec 1994 20:55:52 -0600 (CST) Subject: Is Per-Call Blocking Worthless? Organization: University of Wisconsin-Milwaukee I have been asked the question: I have been told that when using the per call blocking feature (i.e., *67) to suppress my phone number, that the number is *still* being sent, but with a 'packet' that only suppresses it being displayed. Can this be confirmed? I am currently on hold from my phone company -- Ameritech in Indianapolis (whose motto seems to be: "we don't care -- we don't have to -- we're the phone company") to get the 'official' response. I was also informed that per line blocking is neither available, nor would it be. The problem is, then, if it only suppresses the display of the information, then it is as useless as my unlisted phone number. The woman from the phone company couldn't even understand the difference betwen the two cases... Does anyone *know*? My understanding is that unlisted phone numbers with per-line blocking have no greater security; that the calling number information is passed through the entire network and is stopped only at the very end, before the final user. Is that correct? I think that we are waiting on the Federal Communication Commission for a federal ruling, and that ruling may well totally disable blocking of any kind for inter-state calls. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: "BRENDZA, TOM" Date: 01 Dec 94 11:34:23 EST Subject: Re: Clarifying answers to TEN QUESTIONS I appreciated your response to the Anonymous posting regarding the Ten Questions previously posted. I am a married computer professional who has no children, but if I did, the Ten Questions are the types of questions I would ask my child. They are also the types of questions that I would give to my non-computer literate friends and relatives to ask their more-literate children. Actually, if you could send me a copy of the original Ten Questions, I would appreciate it. I believe that the scope, content, and intent of the the Ten Questions is no different than any other issue that parents must address with their children, be it the type of music that they listen to, or books they read, or what have you. Specifically it centers on the fact that there are wrong and irresponsible actions and right and responsible actions. A child must first be made aware that an action is wrong, and then a parent must be sure that the child refrains from performing the wrong actions. The Ten Questions are an aid to parents to determine and enforce appropriate behavior from their children. This is a good thing. A child has a limited right to privacy. The amount of privacy that a child should be granted is in proportion to the responsiblity exhibited by a child and the subsequent trust a parent develops. The only way to determine the level of trust and privacy granted is by discussion, observation and feedback with the child. I believe that this used to be called responsible parenting. The Ten Questions are a good starting point for parents to discuss what otherwise might be a foreign subject. Please keep up the good work. -- Tom Brendza brendza@gould-tm.mhs.compuserve.com ------------------ General disclaimer: My opinions are my own and are neither endorsed nor recognized by Gould Instrument Systems. ------------------------------ From: Paul Robinson Date: 01 Dec 1994 06:58:28 -0500 (EST) Subject: Re: Clarifying answers to TEN QUESTIONS Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Bob Bales ("(NCSA) Bob Bales" <74774.1326@compuserve.com>) writes about the anonymous poster to Comp Privacy: "I almost never get permission to look at each file I view I go under the assumption that I may view anything that allows read access by me without going outside of the normal methods in use to read files". Does this sound familiar? This is the standard rationalization used by hackers when they crack computer systems. Gee, I got in so it must be OK. This represents an immature view of life and fails to acknowledge _personal_ responsibility. Excuse me, but the original poster's statement of his method is the *standard* for accessing most computer systems over the Internet. It's called "anonymous ftp" and part of the procedure allows anyone who can connect to a site (which is essentially anyone with IP connectivity) to obtain any public file from that system. It is generally assumed - I have never seen any evidence or published statements to the contrary - that any file on an FTP server that accepts "anonymous" or "ftp" as the user id is allowing anyone to copy any file that appears on that server. *Without asking for permission*. Does grandma know that you think its OK to read her diary? (Of course, only if she leaves it where you can get at it without violating her "privacy"). Many diaries have been sold with little locks on them, or you can, if you trust people, ask them not to read it or to put a notice on the item asking people not to do so. If you don't lock it up and you don't make any indication on a book not to read it, well... Dr. Tippett developed "TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN" as an aid to _parents_ in dealing with the confusing world of ethics in cyberspace. He--and supporters of the National Computer Ethics and Responsibility Campaign--would greatly appreciate constructive criticism which might make this document of even greater value to that audience. However, reviews which purposely distort the basic intent of the document are unwanted and unwarranted. When hidden under the cloak of anonymity, such distortions are unprofessional and tasteless. Is this the whining of someone who got caught with a poorly designed questionaire and is complaining because someone caught the ambiguities and badly phrased questions? Taken as it was written, many of the questions - such as asking if the person has text files that explain how to make explosives or anti-personnel materiel - make the whole questionaire sound as if it is a list of "don'ts". One of the items included asking whether the person had a modem and a phone line. Taken in the context of the whole questionaire, it could be believed - based on misinformation in the media and the tone and content of the questionaire - that having a modem and phone line connected to a kid's computer is a danger sign. I agreed with some of the anonymous poster's comments, that there are some things you would not show to other people because you want to keep things private. When I was younger, I kept a diary; I kept my most personal and intimate thoughts in that diary, and would expect to keep it private I would not dream of (at that time) having other people read it. While there are exceptions, even children are entitled to privacy. (Do you think children should masturbate in private or in front of their parents?) :) 3. Do you ever use other people's computer, disk-space or processing capability, or look at or copy their files or information, without their knowledge or permission? I almost never get permission to look at each file I view. I go under the assumption that I may view anything that allows read access by me without going outside of the normal methods in use to read files. If it is interesting, I copy it for future reference. I hope they do not know any details about my use. After all, I want to retain my privacy and they should not be watching what I do. As usual, you are attempting to avoid the question. Let me be more explicit: have you ever logged into or otherwise used another person's computer, without getting appropriate permission to use that computer? "Appropriate permission" can sometimes mean being connected to a network in a permissive way, of course; in other cases it can mean getting a password and an account. The real question is, "have you ever used a computer, knowing that if the owner found out, he or she would be upset?" Then the question should be asked that way; if you ask an improperly formed question, you risk getting the answer that matches the badly asked question. If you asked me is it ever right to steal, I would say "yes". Then you would label me dishonest. If the question were phrased, "Other than in extreme emergency (such as when survival is at stake) is it ever right to steal?" then my answer would be "no". But if you ask a question badly, you have to accept the lousy quality of answers to that question. As to reading files, you need to learn some electronic manners, Joey. On timeshared and networked computers, there are many users who do not have the sophistication to protect their sensitive files. Then let them learn. When we know what the rules are, e.g. that when you make something public you invite us to look - which is the typical practice on most networked computer systems - then those who expect something other than the standard are in for some rude disappointments. Whatever the rules are, people can learn to live with them. But the rules had better be consistent or people have a right to complain. If files are generally public and you're not supposed to look at them unless invited, fine; but publicize that as the rule. Then explain why this is a different standard than what is common practice. Beyond that, I'd like to know why the administrator on that site was asleep at the switch and hasn't been disciplined or fired. I have used systems ranging from IBM and CDC mainframes, to PDP 11 Minicomputers, to networked systems. The typical, usual and customary practice on these systems is to default accounts to having all files private UNLESS AND UNTIL the owner explicitly makes them public. Expecting people to live under an entirely different standard of rules without notice, is ludicrous. When you assume that having read access to a file means it's OK to read it, you risk invading the privacy of a naive user who thinks that everything is automatically protected. I don't mind a bit of exploration, but I'd be deeply troubled if you dove into a directory named "personal" and started reading another user's love letters, simply because they were world-readable. Just because a directory is marked "personal" does not mean the material is something the owner doesn't want anyone to read. It may mean this is where the stuff that is his own - such as the source code he personally wrote - as opposed to stuff written as part of his job, or production work, or whatever. We have doors on houses and curtains across windows to keep people from watching our private business. If you live in a glass house, you have to expect some people may stare. If you don't know enough about home furnishings to know that drapes and shades cover windows, then you have to accept the risk that people might look in on you. If you keep all of your files publicly readable, some people are going to look at them. Systems that have protections to make files not readable are available for that reason and are usually set by default for that reason. If you don't know enough that protections cover files from people looking at them, then you have to accept the risk that people might look at your files. I expect people who use a dangerous tool should have at least the minimum understanding necessary to keep from injuring themselves during use thereof. A computer is an even more dangerous tool if you only know how to use part of its capability. --- Paul Robinson - Paul@TDR.COM Reports on Security Problems: To Subscribe write PROBLEMS-REQUEST@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: "Prof. L. P. Levine" Date: 28 Nov 1994 08:46:14 -0600 (CST) Subject: Info on CPD, (unchanged since 11/28/94) Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest and is not redundant or insulting. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #069 ****************************** .