TUCoPS :: Privacy :: priv_507.txt

Privacy Digest 5.07 3/23/96

PRIVACY Forum Digest       Saturday, 23 March 1996       Volume 05 : Issue 07

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
	Privacy Briefs (Lauren Weinstein; PRIVACY Forum Moderator)
	Re: Flying the friendly skies anonymously (Colin Rafferty)
        Code grabbers for garage door openers (bartdoug@cts.com)
	Re: Garage Door Openers (Tad Cook)
	Re: Garage Door Openers (Phil Karn)
	Privay on the Internet: A Survey (Martina Schollmeyer)
	Credit Card Info Via the Web? (Stephen Satchell)
	Netscape's magic cookie (Andrew Hagen)
        Doctors Group Criticizes Senate Medical Bill [From EPIC Alert]
	   (Marc Rotenberg)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 05, ISSUE 07

   Quote for the day:

	"If Thomas Edison had had you helping him, we'd all 
	 be watching gas television."

	   -- Grandpa ("The Count") Munster (Al Lewis),
	      to Herman Munster (Fred Gwynne)
	      "The Munsters" (CBS, 1964-1966)

----------------------------------------------------------------------

Privacy Briefs (from the Moderator)

---

The battle over sales of mailing lists has taken a new twist, with concerns
that information about children, including names, ages, addresses, and other
personal info, is often available from readily obtainable commercial mailing
lists.  Parents have been advised to think twice about including information
regarding their children on the survey forms that accompany many
products--the apparent source for much of this data.

---

A couple who has refused to let local officials in their community inspect
the *inside* of their home, part of an annual "safety" inspection mandated
by their local ordinances, is facing legal action.  The couple feels that
such an inspection amounts to an unreasonable search.  Some other residents
of the community have stated that they think the inspections are a great
idea, and that they feel more secure as a result.

------------------------------

Date:    12 Mar 1996 11:19:37 -0500
From:    craffert@ml.com (Colin Rafferty)
Subject: Re: Flying the friendly skies anonymously

In talking about "Flying the friendly skies anonymously", Wulf Losee writes:
> It occurs to me that the days when one could anonymously purchase a
> ticket with cash are over.  

Actually, it has been longer than you think since you could really
travel anonymously by plane.  In 1986, I tried to buy a plane ticket at
the airport with cash.  Of course, they had to find a manager to figure
out how to accept cash payments.  When they asked me for ID, I asked why
they needed it, since I wasn't using a credit card or check.  They said
it was an FAA regulation for people paying cash.

Maybe that regulation was what killed People's Express (the flying bus).

-- 
Colin Rafferty

------------------------------

Date:    Tue, 12 Mar 96 22:49:55 PST
From:    bartdoug@cts.com  (That Doug Guy)
Subject: Code grabbers for garage door openers (Re: V 05-06)

----------- Begin Quoted Text ----------------------------

Date:    Mon, 26 Feb 1996 14:50:33 -0500
From:    Carl Minie <CarlM@qsc1po.qstr.com>

Greetings:
I have heard several "teasers" for local and/or national news programs
lately which promise to tell me how a crook could get into my house
"with the touch of a button".  I never watch TV long enough to hear
the actual program, but I assume they are referring to machines which
cycle through the limited number of infrared frequencies and/or
patterns used by garage door openers until they hit the one that opens
your garage door.  

---------- End Quotation -------------------------

While such devices do exist, the local (San Diego, California, USA)
media has been all a-buzz lately over devices known as "code-grabbers"
which a thief can use to steal the actual code and frequency used by
your garage door opener.  I am an amateur radio operator and scanner
enthusiast, and see ads for these devices regularly in the equipment
catalogs I'm sent.  I have no personal experience with these devices,
but the word is that they work quite well.

As the moderator noted, there are high-tech garage door openers on the
market that use a pseudo-random code generation scheme that allows the
door and the opener to agree on the next code in line, preventing the
possibility of using the same code twice in a row.  

This issue is discussed occasionaly in the newsgroups
alt.radio.scanner and rec.radio.scanner for those interested in
further information.  

Blessings,
Doug

------------------------------

Date:    Wed, 13 Mar 1996 10:10:08 -0800 (PST)
From:    Tad Cook <tad@ssc.com>
Subject: Re: Garage Door Openers

Carl Minie asked about the TV news stories on opening garage doors,
and suspected that there was some kind of hi tech method of
scanning through available combinations.

Actually what these TV news stories were showing was that many
(or most?) owners of garage door openers don't bother to change
the combination on the unit when they install it.  Since there
are so many that are out there with the default factory code, its
a simple matter to drive around with a remote from one of these
units and watch the doors open.  A friend of mine discovered this
a few years ago, and was even opening the doors on commercial
buildings and condos.

tad@ssc.com | Tad Cook | Seattle, WA | KT7H 

------------------------------

Date:    Wed, 13 Mar 1996 00:42:51 -0800 (PST)
From:    Phil Karn <karn@qualcomm.com>
Subject: Re: Garage Door Openers

Regarding garage-door openers and RF sniffers for same, somewhere I
have a newspaper clipping of this attack actually being done in
California within the past few years.

If you have an alarm system, put a switch on the garage door itself
and wire it up on its own zone with an entry delay, just like you'd
alarm any other exterior door.  After you open the door with the
remote control, you have so many seconds to disarm the alarm or it
sounds.  My system has a "secondary entrance loop" that's ideal for
this purpose as it lets me set its entrance delay separately from the
front door.

This seemed like an obvious configuration to me, but my local alarm
dealer tried to sell me a bypass relay that simply shunted the garage
door alarm switch whenever the light on the door opener was on -- as
it would be whenever the door is opened with the remote control. The
big problem here is that someone who steals or spoofs your remote
control could enter your garage and close the door behind him without
ever tripping the alarm. I was rather surprised that a "security
professional" would suggest such a configuration, and I fear that may
mean it is common.

Another safeguard, of course, is to unplug your garage door opener when
you're away on an extended trip.

Phil

		[ I received a number of other submissions on this topic.
		  The bottom line is that as with most other
		  security issues, there is a range of protection available,
		  from weak to strong, depending upon your needs and
		  desires.  
			    -- MODERATOR ]

------------------------------

Date:    Wed, 13 Mar 1996 15:54:50 +0100
From:    Martina Schollmeyer <Martina.Schollmeyer@UniBw-Hamburg.DE>
Subject: Privay on the Internet: A Survey

    SECURITY, PRIVACY, COSTS AND MARKETING ON THE INTERNET: A SURVEY

Once again, the Centre for Technology Studies (University of Lethbridge, 
Lethbridge, Canada) is embarking on an Internet venture to shed some light 
on various issues affecting our privacy and the electronic media. Current 
attempts by U.S. Congress and the House of Representatives, Compuserve in 
Bavaria, the European Union and many others to censor our information and/or 
limit our freedom of speech through regulation and the gathering of data make 
this privacy survey a timely issue.

The Centre for Technology Studies is conducting this research in 
collaboration with a team of researchers from the University of the 
German Federal Armed Forces at Hamburg and Texas A&M-Corpus Christi. 
The study is strictly confidential and only aggregate results will be 
used.  The study runs from March 15 through May 15, 1996.

We would appreciate if you could help us in disseminating this information 
as widely as possible. For ease of access to the survey, please point your 
browser to either of the two sites listed below:

	http://www.unibw-hamburg.de/WWEB/bwl/urs/intro.html
OR
	http://www.sci.tamucc.edu/~martinas/Survey/intro.html

We would appreciate also if you could let your friends and colleagues know 
about this project. If you have any questions or comments, please 
contact Dr. Urs Gattiker (urs.gattiker@unibw-hamburg.de) or, for questions 
about the page itself, Martina Schollmeyer (martina@unibw-hamburg.de).

Sincerely,

Urs E. Gattiker

University of the German Federal Armed    
Forces at Hamburg                         phone: (+49)(40) 6541-2889
FB WOW                                    fax:   (+49)(40) 6541-2780 
Holstenhofweg 85                        
22039 Hamburg/Germany

------------------------------

Date:    Sat, 16 Mar 96 05:05:28 EST
From:    ssatchell@BIX.com
Subject: Credit Card Info Via the Web?

     When talking to a billing agent at one of the Visa issuer, I was told
that the particular Visa provider was going to make information on credit
cards and transactions available via the Web.  With the history of banks,
with their phone-in account systems using SSNs (or pieces of SSNs) as 
PINs, what can we expect from the credit card people in the way of
security?
     Anyone know the details?  Is this something that will be dumped out,
or does a credit card user have to subscribe before all the info is available
via the World Wide Web?

Stephen Satchell
Incline Village, NV
ssatchell@bix.com

		[ Many entities (e.g. banks) providing financial transaction
		  history information and related data over the net have (at
		  least so far) typically required the customer to explictly
		  request that their data be made available in that manner.
		  This leaves open the questions of how secure the
		  mechanisms are for making this request, exactly what data
		  will be made available, and whether or not a given customer
		  would want such financial transaction history information
		  flowing over the net at all.

			-- MODERATOR ]

------------------------------

Date:    Sat, 16 Mar 96 13:53:28 0600
From:    ah@rrnet.com (Andrew Hagen, symbolic analyst)
Subject: Netscape's magic cookie

Recently Netscape Communications Corp. CEO James Clark revealed in a
speech that the Netscape home page sends a "magic cookie" in the form of a
unique identification number to each Netscape Navigator browser the first
time it visits.

Apparently the ID number is tied to demographic information and other
items of interest to companies who are trying to sell their products to
Internet users. 

My question is whether this ID number can be accessed by home pages of
other companies seeking additional information about who browses their
site. For example, can Widgets-R-Us buy a database from Netscape that
links the 20 million Navigator users to information about every
individuals' income, social security number, credit history, habits, likes
& dislikes, medical records, educational achievements, address, phone
number and anything else that Widgets-R-Us might want? We must assume that
this is the case. 

In my opinion this constitutes a grievous threat to privacy on the
Internet.

-- 
Andrew Hagen, symbolic analyst
e-mail ah@rrnet.com 
http://rrnet.com/~ah/

		[ I don't think it's justified to *assume* that Netscape
		  makes any particular data available, so we shouldn't
		  simply assume a threat exists.  However, it would
		  certainly be useful if Netscape would publicly explain any
		  data collection practices, and let us know how that info
		  is used, to which outside entities (if any) it is made
		  available, and in what form (e.g. summary aggregated data,
		  detailed data, etc.) it is reported.  I would welcome a
		  statement from Netscape on these issues here in the Forum.

			-- MODERATOR ]

------------------------------

Date: 18 Mar 1996 16:46:11 -0500
From: "Marc Rotenberg" <rotenberg@epic.org>
Subject: Doctors Group Criticizes Senate Medical Bill [From EPIC Alert]

	      [ From EPIC Alert 3.06; March 18, 1996 ]

The American Medical Association has written to Sen. Nancy Kassenbaum (R-KS)
urging the Senate to revise S. 1360, the Medical Records Confidentiality Act
of 1995, before enacting it into law. The AMA cited inadequate privacy
safeguards as the primary problem.

The AMA called for substantial changes to the bill: "The bill as introduced
does not assure adequate confidentiality protections for personally
identifiable medical information, and the AMA would discourage the Senate
Labor and Human Resources Committee from reporting such language without
significant reexamination and modification."

The AMA recommended several changes to the bill, including limiting
disclosures of personally identifiable information, requiring law enforcement
to obtain a warrant based on a "probable cause" showing that the particular
information is needed for an immediate law enforcement purpose, preventing the
use of personally identifiable information for research without the consent of
the patient, and limiting federal pre-emption to allow states to enact
stronger laws.

The committee is expected to consider the comments of the AMA as well as
the proposal of the Medical Privacy Coalition, a group that includes
the Coalition for Patient Rights, the Justice Research Institute, EPIC,
the Consumer Project on Technology, the ACLU, and others, and mark-up 
the bill in early May. 

More information on medical privacy is available at:

     http://www.epic.org/privacy/medical/

------------------------------

End of PRIVACY Forum Digest 05.07
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH