TUCoPS :: Privacy :: priv_230.txt

Privacy Digest 2.30 8/30/93

PRIVACY Forum Digest       Monday, 30 August 1993       Volume 02 : Issue 30

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	Newton (David W. Crawford)
	Child-Prodigy or Prodigy-Child?  14-year-old triggers alarms
	   (Dan Wing)
	Oh, let *us* do it for you... (Alan Wexelblat)
	Lapses of Consciousness in California (Henry Unger)
	Re: DMV vs Fainting (Mel Beckman)
	CheckFree's answer to SSN inquiry (Bob Stratton)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

	"Six drops of the Essence of Terror,
	 Five Drops of Sinister Sauce..."

	 "When the stirring's done,
	  May I lick the spoon?"

	 "Of course!  Ah ha!  Of course!"

		-- Professor Weirdo and Count Kook
		   "Milton the Monster" (1965-1968)


Date:    Mon, 23 Aug 1993 00:29:14 -0700 (MST)
From:    crawford@fido.econlab.arizona.edu (David W. Crawford)
Subject: Newton

I was wondering about the security features of the Newton.
For those of you reading on comp.risks or comp.privacy, the Newton is
Apple Computer's latest toy.  The first model is a PIM called "Message Pad".
Message Pad weights one pound and can communicate via modem,fax, radio,
pager, infared remote control beam and serial port.

I don't expect the standard issue message pad makes it up 
to C2 snuff (Mitre Orange Book), has  or Kerberotic file 
synchronization, but ...

What security features does Apple build in ?
What have security hardware or software have third parties announced ?  

I'm quite satisfied with the security of my powerbook using third party 
I'm looking for the same capability in a Newton before I depend on one.

I have a notebook Apple Macintosh (PowerBook 165c) and use a program
called Citadel made by Datawatch.  Citadel offers:

   *   Encryption by up to full DES on a file by file basis. The password
       to unencrypt a file is used as a basis for the encryption key,
       and must be a string of 8 to 12 case sensitive characters.

   *   A Shredder program that writes over deleted files at the time of 
       deletion to prevent file recovery using a program like Norton Unerase 
       or Datawatch Complete Undelete.

   *   A Disk Cleaner program that writes over all unused disk space at 
       any time to prevent file recovery of deleted but unshredded files.

How I use Citadel:

I keep a PIM generated database document with my bank account numbers on my 
PowerBook's hard drive.  I keep this data file encrypted unless I need 
immediate access to this database.  When I need it, I unencrypt the datafile
and load it into Aldus TouchBase, look up what I need, close the data file, 
and re-encrypt the data file and shred the unencypted data file.  

Is there a similarly secure way to maintain access to sensitive data 
on a Newton ?

Citadel also

   *   Locks any harddisk or partition thereof, and also locks floppy drives
   *   Provides both a user and administrator password feature so that 
       I can grant access to other users by telling them the user password.
       But to change the user password, the administrator password is needed.
       This administrator / user differentiation prevents me from being 
       locked out of my machine by some who either knows the user password 
       or finds the machine in an unlocked state.   The lack of permission 
       layers is a major weakness of the security offered by Norton Essentials
       for Powerbook.  If someone finds you PB unlocked they can make up a 
       password and lock it and walk away. Citadel builds in a master 
       administrator's password at the time of installation.

   *   A "screenlocking option which is really a keyboard locking feature 
       which can be invoked by a programmable idle time cue or by hot key.  
       Screenlocking optionally erases the screen before running an AfterDark
       compatible module.

Citadel's shortcoming: there's no efficient way to protect the system folder
[directory] while allowing multiple users.   Encrypting the system I need to 
boot up with won't work.   I need to assign user partitions and duplicate the
system so there's one copy of my 17 megabyte system folder in each user's 
partition.  FolderBold by Kent Marsh offers such a feature.

Is there a way to lock a Newton so nobody else can use it ?
Is there a way to hide sensitive files ?
Is there a way to allow read access but not allow write access to files ?

Well, there's something to think about before you put your calling card
numbers into autodial.

David Crawford


Date:    Mon, 23 Aug 1993 14:38:44 MDT
From:    Dan Wing <dwing@uh01.Colorado.EDU>
Subject: Child-Prodigy or Prodigy-Child?  14-year-old triggers alarms

Something from RISKS 14.85 that might be interesting to readers of PRIVACY
digest -- Prodigy's censorship taken further than normal.


   Date: Fri, 20 Aug 93 12:49:36 -0700
   From: harrison@cs.ubc.ca
   Subject: Child-Prodigy or Prodigy-Child?  14-year-old triggers alarms

   As a supposed joke, a 14-year-old Seattle-area girl sent a Prodigy
   message to her boyfriend in New Jersey containing a phony death threat
   against Baltimore Orioles' shortstop Cal Ripkin, Jr., who is getting ever
   closer to Lou Gehrig's record for consecutive games.  Seattle and
   Baltimore were playing in the Kingdome in Seattle, and her boyfriend is
   an avid Orioles' fan.  Known for its monitoring of messages, Prodigy
   alerted the police --- who tightened security at the Kingdome and also
   camped out waiting for the girl to return home.  They apparently
   reprimanded the girl, but she was not charged.  Police said she was
   ``very embarrassed and apologetic'' and added, ``By the time her
   [28-year-old] sister got done chewing her out, that was enough.''
   [Source: A UPI item datelined Seattle, 19 Aug 93, PGN Excerpting and
   Extrapolating Service]

   [The news on 20 Aug 93 noted that Kingdome officials are planning on
   charging the cost of the extra security assigned to Ripkin to the
   girl. - Jason]

   ----- End of material from RISKS -----

[ It is worth noting that subsequent e-mail from a Prodigy engineer
  indicated that the offending message in question was *not* a private
  e-mail message, but was a message posted on a *public* Prodigy area.  This
  was not clear solely from the text above, and was an important
  clarification.  The person at Prodigy emphasized that they do not monitor
  private e-mail, in accordance with applicable law.  -- MODERATOR ]


Date:    Mon, 23 Aug 93 17:44:55 -0400
From:    "Alan (Gesture Man) Wexelblat" <wex@media.mit.edu>
Subject: Oh, let *us* do it for you...

So, I called up Sprint to tell them I was moving and in addition to giving
me 5,000 bonus points in their buy-our-trash club for staying with them over
a move, they sent me a "We'll help you move" kit.  I expected the usual sort
of advice... "Don't forget to turn off your utilities" etc.  UHaul already
sent me one of those.

Instead I got a form that I could fill out which would empower Sprint to
tell all my correspondents my new address.  Credit cards, magazines, clubs,
services, you name it.  All I have to do is list them, and sign the form
saying Sprint has my permission to send them change of address forms for me.

What a bargain, think I.  Saves me ~$20 in stamps and postcards (I get a
*lot* of magazines), not to mention hours of time.  Then I start to wonder
what Sprint is going to do with all that lovely info I'm supposed to give
them.  Bet they can sell it enough times to more than recoup the cost, not
to mention how it would beef up *their* marketing database...

Bargains like this I can do without.  I am tempted to fill it out with bogus
info and see if anyone is dumb enough to start sending me free issues of
'zines.  But I probably won't.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex@media.mit.edu
Voice: 617-258-9168, Pager: 617-945-1842	wexelblat.chi@xerox.com


Date:    Mon, 23 Aug 93 15:02:50 -0700
From:    Henry Unger <hunger@hitech.com>
Subject: Lapses of Consciousness in California

The complete text (as of 1992) of the section from the California
Health and Safety Code relating to the recent discussion on
Lapses of Consciousness is as follows.  Note especially (f) below.

S410.  Reporting Disorders Characterized by Lapses of Consciousness.

     (a) Every physician and surgeon shall report immediately to
the local health officer in writing, the name, date of birth, and
address of every patient at least 14 years of age or older whom
the physician and surgeon has diagnosed as having a case of a
disorder characterized by lapses of consciousness.  However, if a
physician and surgeon reasonably and in good faith believes that
the reporting of a patient will serve the public interest, he or
she may report a patient's condition even if it may not be
required under the state department's definition of disorders
characterized by lapses of consciousness pursuant to subdivision

     (b) The local health officer shall report in writing to the
Department of Motor Vehicles the name, age, and address, of every
person reported to it as a case of a disorder characterized by
lapses of consciousness.

     (c) These reports shall be for the information of the
Department of Motor Vehicles in enforcing the Vehicle Code, and
shall be kept confidential and used solely for the purpose of
determining the eligibility of any person to operate a motor
vehicle on the highways of this state.

     (d) The state department, in cooperation with the Department
of Motor Vehicles, shall define disorders characterized by lapses
of consciousness based upon existing clinical standards for that
definition for purposes of this section and shall include
Alzheimer's disease and those related disorders which are severe
enough to be likely to impair a person's ability to operate a
motor vehicle in the definition.  The state department, in
cooperation with the Department of Motor Vehicles, shall list
those circumstances which shall not require reporting pursuant to
subdivision (a) because the patient is unable to ever operate a
motor vehicle or is otherwise unlikely to represent a danger
which requires reporting.  The state department shall consult
with professional medical organizations whose members have
specific expertise in the diagnosis and treatment of those
disorders in the development of the definition of what
constitutes a disorder characterized by lapses of consciousness
as well as definitions of functional severity to guide reporting
so that diagnosed cases reported pursuant to this section are
only those where there is reason to believe that the patients'
conditions are likely to impair their ability to operate a motor
vehicle.  The state department shall complete the definition on
or before January 1, 1992.

     (e) The Department of Motor Vehicles shall, in consultation
with the professional medical organizations specified in
subdivision (d), develop guidelines designed to enhance the
monitoring of patients affected with disorders specified in this
section in order to assist with the patients' compliance with
restrictions imposed by the Department of Motor Vehicles on the
patients' licenses to operate a motor vehicle.  The guidelines
shall be completed on or before January 1, 1992.

     (f) A physician and surgeon who reports a patient diagnosed
as a case of a disorder characterized by lapses of consciousness
pursuant to this section shall not be civilly or criminally
liable to any patient for making any report required or
authorized by this section. (Amended by Stats 1987 ch 321 S1;
Stats 1990 ch 911 S2, eff. 1/1/91.)


Date:    Thu, 26 Aug 93 13:28:18 PST
From:    mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Reply-To: mbeckman@mbeckman.com
Subject: Re: DMV vs Fainting

In a message dated 8/16 Brett Glass writes:
> To determine whether this was true or not, I interviewed Celeste, a
> physician's nurse at Kaiser Permanente's Redwood City health clinic.
> (Because she fills out the forms, she needs to understand exactly what the
> law requires.) She says that a report must be filed with the DMV "ANYTIME 
> a patient has a lapse of consciousness, or even a change in mental status
> (such as disorientation)." According to Celeste, the law makes no
> exceptions for lapses of consciousness whose cause is known. (Anaesthesia,
> incidentally, is not considered to be a "lapse" of consciousness.)

This doesn't show what the law is -- only one PN's interpretation of it.
According to the DMV she is wrong, probably due to misinterpreting the
phrase "disorders characterized by lapse of consciousness" as "lapse of

I have reviewed the specific text of the statute (S410) with the DMV's
Driver Control Division. According to them, it is _unexplained_ lapse of
conciousness and _recurrable_ LOCs that they're interested in, not simply
"any" LOC. They also said that the LOC must be witnessed by a medical
doctor, specifically the diagnosing physician,
 -- not anecdotal (e.g. an EMT remarking "I think she passed out") to be
considered in the DMV's evaluation.

That's for the _unexplained_ LOCs. The law only calls for reporting
"disorders characterized by lapse of consciousness" -- whether or not a
lapse is observed by a physician. For example, EKG-detected epilepsy, or
test-detected diabetes. Note that this is the *only* thing the law asks for
-- it never requires reporting of the LOC incidents themselves, only
_disorders_ charactersized by LOC. So, while the DMV wants to hear about
unexplained LOCs, the law does not require reporting these.  Reporting is
only required upon diagnosis, and then only when a specific
LOC-characterized disorder is diagnosed.

According to the DMV, the Department of Health Services is producing a list
of conditions that are reportable. As of today, the DMV emphasized that
unexplained losses are not required by law, but can be reported at the
physician's option. The DMV also pointedly stated that no reporting is EVER
REQUIRED OR REQUESTED for isolated episodes of LOC, such as heat
prostration, etc.  and that the DMV will not take any action against a
driver even if a physician should choose to report such episodes.

BTW, the DMV's official definition of LOC disorders is:

   "Persons subject to losses of conciousness or episodes of marked confusion
resulting from neurological disorders, senility, diabetes melitus,
cardiovascular disease, alcoholism, or excessive use of alcohol sufficient
to bring about blackouts." 

The privacy problems reported likely is due to *some* physicians going
overboard on reporting, just as *some* physicians go overboard on tests,
etc. My wife, a cardiac surgical RN, says nobody on her staff knows anything
about filing LOC reports with the DMV, and as virtually every patient
undergoing cardiac procedures goes in and out of conciousness in the days
postop, they'd have a tremendous burden filing the DMV paperwork! (The DMV,
incidentally, told me that such lapses are definitely not reportable).

Anytime someone makes a statement claiming "all", "every", or "any", suspect
the statement (including this one <g>) The DMV has a legitimate need to be
notified of LOC conditions, and the requirement for physicians is not
onerous, as implied by other's comments here. While there may be isolated
cases of abuse, as there are with most every law, the problem is not the law
but individuals who overstep their authority.

| Mel beckman                  |   Internet: mbeckman@mbeckman.com     |
| Beckman Software Engineering | Compuserve: 75226,2257                |
| Ventura, CA 93003            |  Voice/fax: 805/647-1641 805/647-3125 |


Date:    Thu, 26 Aug 1993 18:00:25 -0500
From:    Bob Stratton <strat@intercon.com>
Subject: CheckFree's answer to SSN inquiry

Hello all,

I recently sent a note to the operators of the "CheckFree" electronic bill 
payment service via GEnie. In my note, I asked why they requested the SSN in 
their service application and whether they'd consider another choice for a 
unique identifier for customers. I also briefly described problems with the 
use of the SSN, such as the lack of a check digit mechanism, etc. 

Here's the reply I received. I should have learned by now, but as an engineer 
in the computer industry, I'm continually surprised at how complacent people 
are about their choices for database keys and unique identifiers.

>From the almost terse tone, I can't help but wonder whether more than a few 
people have asked this question, and they're tired of answering it. 

=== forwarded message follows ===

Item    9467013                 93/07/26        12:20
From:   CHECKFREE                       CheckFree Mall Store
To:     R.STRATTON32                    Robert J. Stratton 3rd

Sub: Customer Inquiry
Reply:  Item #7307514 from R.STRATTON32 on 93/07/24 at 08:19

Dear Bob,

Thank you for your interest into the CheckFree bill payment service.
To answer you question about SSN#'s, we ask for the SSN#, for ID
purposes only.  Since this number is unique to you and you alone, no
one else has it, thus preventing problems on our system.
Also, if a court order comes down to where we are told to pull your
records ( IRS,etc...) the SSN# would be there.  Basically, since we
started this company in 1981, we have had no problem with using the
SSN#'s.  We do not have an alternative and are not going to develop one.
This works just fine.

thank you again, for your interest into CheckFree.


===forwarded message ends===

Bob Stratton
Engineer, InterCon Systems Corp.
+1 703 709 5525 (Office)


End of PRIVACY Forum Digest 02.30

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH