Date: Tue, 16 Mar 93 17:27:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#025 Computer Privacy Digest Tue, 16 Mar 93 Volume 2 : Issue: 025 Today's Topics: Moderator: Dennis G. Rears What is passwording? Re: Credit Card Validation Re: Dorothy Denning's article in Comm. of ACM Re: Credit Card Validation Re: Social Security Numbers as ID Employee Monitoring Systems The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: 11 Mar 1993 18:55:18 -0600 (CST) From: "Michael A. Vitale" Subject: What is passwording? Computer Privacy Digest Moderator says: > > Computer Privacy Digest Thu, 11 Mar 93 Volume 2 : Issue: 024 > > >[Moderator's Note: I don't use the Diner Card Club. It's one less card > >I have to carry around. On the other hand I have passworded all my > >accounts (credit card, utilities, insurance, etc) that can be accessed > >by phone. I started this after my phone and electric service was cut off > >by someone claiming to be me. The "Mother's maiden name" is no security. > > ._dennis ] > Dennis, what is passwording and how does one do it? [Moderator's Note: It's calling up all your accounts and telling the person you want to 'password' you account. After your account is passworded no information can be given out unless the requestor knows the password. ._dennis ] ------------------------------ From: Steve Johnson Subject: Re: Credit Card Validation Organization: TRW Systems Division, Fairfax VA Date: Fri, 12 Mar 1993 09:53:15 GMT Brinton Cooper writes: [...] > Mother's Maiden Name (My hospital asks for this one, too.) [...] >_Brint >[Moderator's Note: [...] The "Mother's maiden name" is no security. > ._dennis ] I haven't given out my mother's mainden name yet (I agree with Dennis on this one) and have used an "alternate" piece of information (something which is not "public" information) instead. The folks that ask for the information don't seem to care as long as they have something "to fill in the box". -- ------- Any views expressed are those of myself and not my employer. -------- Steven C. Johnson, WB3IRU / VK2GDS | TRW | johnson@trwacs.fp.trw.com FP1 / 3133 | [129.193.172.90] ------------------------------ From: "Michael T. Palmer" Subject: Re: Dorothy Denning's article in Comm. of ACM Date: 12 Mar 1993 13:16:56 GMT Organization: NASA Langley Research Center, Hampton, VA In article Carl Ellison writes: >Among other things, the gov't side focuses on only 1 of 8 scenarios: > > variable values Denning's focus > > good guy: (govt, private) govt (eg., FBI saint) > bad guy: (govt, private) private (eg., drug dealer) > encrypter: (good guy, bad guy) bad guy > >If that's the only scenario you look at or give reasonable weight to, it's >very hard to justify private crypto. So -- we need to prohibit such a >focus from being established. Actually, it's even simpler than that: Federal Law Enforcement: (good guys) Private Citizens: (bad guys) I noticed in her "Final Thoughts" that she said "Wiretapping is used against major drug traffickers, organized crime leaders, and terrorists." Well! Maybe it's just me, but I thought wiretapping was used against SUSPECTS that MAY have committed a crime. Hmmm. Now we really open that can of worms, don't we? Because this means that private citizens who MAY or MAY NOT have committed a crime (and all the people who talk with them over the phone about ANY topic) will be subject to remote monitoring by the federal government. Kinda broadens your perspective a bit, doesn't it? Claiming that wiretapping is only used against "bad guys" sweeps this whole issue under the rug. And claiming that the cost is so prohibitive that only "bad guys" that have other evidence against them already will get the wiretaps just won't cut it: they want a system where the cost will be so LOW that wiretaps may become the primary means of gaining the INITIAL evidence that "wrongdoing" has occurred. I believe Ms. Denning to be a thoughtful and intelligent person who has been misled into discounting the potential for a government to abuse (either in the short or long term) the power it wields over its citizens. She should ponder the quote of Ben Franklin that Mike Godwin supplied, and not just brush it off. I think Ben would be incredulous that we were even discussing giving the federal gov't the power to monitor conversations, with only an aquiescent judge or an intimidated service provider standing in the way. Nor does Ms. Denning even acknowledge that new digital switching technology has made it EASIER to get MORE information from the phone lines (as Marc Rotenberg pointed out). Orwell's 1984 may have been fiction, but it was social commentary nonetheless about trends in government-citizen relationships. And NO, Ms. Denning, our system has NOT been very successful at either preventing or exposing abuses, at least not within a decade time-frame. Please. Look around the blinders that you have inadvertantly placed on yourself by accepting the FBI's paradigm. Look at the larger picture. If you admit that it is POSSIBLE that the following situation may exist: Federal Law Enforcement: (bad guys) Private citizens: (good guys) Then think about the impact the Digital Telephony Proposal will have. What are the alternatives that may help the first situation without being so devastative to the second? Why, as Rotenberg and Marx observe, have no other options been discussed in a public forum? Secrecy breeds mistrust... especially about motives. Michael T. Palmer | "A man is crazy who writes a secret in any m.t.palmer@larc.nasa.gov | other way than one which will conceal it RIPEM key on server | from the vulgar." - Roger Bacon ------------------------------ From: Chris Johnston Subject: Re: Credit Card Validation Organization: AM Investors, Chicago Date: Fri, 12 Mar 1993 15:13:11 GMT >[Moderator's Note: ... I have passworded all my accounts (credit >card, utilities, insurance, etc) that can be accessed by phone. ... >The "Mother's maiden name" is no security. ._dennis ] Is this easy to do? A wide spread option? Are some outfits better able to handle these requests? Any hints as to how to easily/effectively achieve this? Is this in the FAQ? regards, cj [Moderator's Note: I haven't had problems with any companies yet. I have dealt with insurance, credit card, utility, and other companies. ._dennis ] ------------------------------ From: Wm Randolph Franklin Subject: Re: Social Security Numbers as ID Organization: Rensselaer Polytechnic Institute, Troy, NY Date: Fri, 12 Mar 1993 19:10:07 GMT Apparently-To: comp-society-privacy@cis.ohio-state.edu In article on Tue, 9 Mar 93 16:52:25 EST, Matthew B Cravit writes: > (The policeman) said that quite apart from the fact that this is not > a good idea from a privacy standpoint (I already knew that), putting > a SSN on articles for identification was quite useless because he > said that the Social Security Administration will NOT release the > name belonging to a particular SSN to any local or state law > enforcement agency FOR ANY REASON UNDER ANY CIRCUMSTANCES. Is this > assertion of his correct? > > [Moderator's Note: This is true. The few law enforcement agencies I > have dealt with have always recommended to use you driver license > number. Of course this was before states starting using a SSN as a > driver license number. ._dennis ] That's interesting, because in some (most?) places, the police want an SSN when they arrest you. There was a local case a few years back, where someone was charged with, approx, obstruction of governmental administration for refusing. He beat that charge, but it probably took some work. Sorry, but I have no way of finding the citation. Local newspapers are not indexed, at least accessibly to average people. [Moderator's Note: I would follow this up to misc.legal. I do not think it can be a criminal violation not give you one's SSN. ._dennis ] -- --------------------- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ Date: Sat, 13 Mar 93 01:06:27 EST From: Ellen Wentz Organization: The American University Subject: Employee Monitoring Systems cc: Ellen Wentz I am currently doing research on the impacts of computer-based monitoring systems on employee behavior. Proponents of the system argue that it provides incentives to workers and ensures the fair distribution of rewards. I suspect, however, that many would view this monitoring as an invasion and would resist its implementation. I would appreciate any comments. ------------------------------ End of Computer Privacy Digest V2 #025 ******************************