Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 05 Issue 55
Computer underground Digest Sun July 21 1993 Volume 5 : Issue 55
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cpyp Editor: Etaoin Shrdlu, Senior
CONTENTS, #5.55 (July 21 1993)
File 1--"What is CPSR and how can we Join?"
File 2--Incident Response Workshop info
File 3--"Science & Tech Through Science Fiction" Conference
File 4--New hearing set for E-Fingerprinting in SF
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 19 Jul 93 13:04:39 PDT
From: Nikki Draper <draper@CSLI.STANFORD.EDU>
Subject: File 1--"What is CPSR and how can we Join?"
((MODERATORS' NOTE: CPSR, like EFF, is dedicated to improving
cyberspace. CPSR has been relatively low-key in expanding its
membership, and we asked them to provide some information on what they
do and how people can join. In our view, it's a dynamic and productive
organization, and one well worth supporting by joining. CPSR has been
instrumental in filing a number of FOIA suits related to Operation Sun
Devil and other law enforcement abuses, in lobbying efforts, and most
recently, in filing FOIA requests and suits to peruse the U.S. Secret
Service's role in the surveillance of the 2600 meeting in Washington,
D.C., last fall. As the following summary indicates, CPSR is
interested in a wide range of activities, and their track record over
the years has been rather impressive)).
************************************************************************
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY
************************************************************************
CPSR empowers computer professionals and computer users to
advocate for the responsible use of information technology and
empowers all who use computer technology to participate in the
public debate. As technical experts, CPSR members provide the
public and policymakers with realistic assessments of the power,
promise, and limitations of computer technology. As an organization
of concerned citizens, CPSR directs public attention to critical choices
concerning the applications of computing and how those choices
affect society.
Every project we undertake is based on five principles:
* We foster and support public discussion of and public
responsibility for decisions involving the use of computers in
systems critical to society.
* We work to dispel popular myths about the infallibility of
technological systems.
* We challenge the assumption that technology alone can solve
political and social problems.
* We critically examine social and technical issues within
the computer profession, nationally and internationally.
* We encourage the use of computer technology to improve the
quality of life.
Founded in 1981 by a small group of computer scientists concerned
about the use of computers in nuclear weapons systems, CPSR has
grown into a national public-interest alliance of computer industry
professionals dedicated to examining the impact of technology on
society.
************************************************************************
CPSR PROJECTS
************************************************************************
As computer technology becomes increasingly pervasive, the issues
facing us become more complex. CPSR provides a forum where we
can examine technology's impact on our lives, the lives of our fellow
citizens, and on society as a whole. By sponsoring both national and
local projects, CPSR serves as a catalyst for in-depth discussion and
effective action in key areas:
Civil Liberties and Privacy
The National Information Infrastructure
Workplace Issues and Participatory Design
Reliability and Risk
In addition, CPSR's chapter-based projects and national
working groups tackle issues ranging from the development
of nanotechnology and virtual reality to computing and ethics
to community computing to computers and education.
************************************************************************
HOW TO BECOME A MEMBER
************************************************************************
CPSR is a democratically organized grass roots alliance. Our
accomplishments are the result of the member activism. Many
CPSR members serve as national organizers
Just fill out the membership form, enclose a check and mail it to
CPSR, P.O. Box 717, Palo Alto, CA 94301.
CPSR's cost to provide members with services is covered by the
$75 dues. To keep CPSR membership open to a wide range of
people, we offer dues levels of $20 and $50.
************************************************************************
MEMBERSHIP BENEFITS
************************************************************************
When you become a member of CPSR, you are joining a nationwide
network of computer professionals who are committed to bringing
social responsibility to all aspects of computer technology. CPSR
sponsors, supports, and participates in conferences, roundtables and
meetings on advanced issues in computing, local civic networks,
cryptography, participatory design, and computers and social change.
Every fall the CPSR Annual Meeting brings together the foremost
representatives of the technology industry to explore current topics
in seminars and panel discussions. Our conferences and chapter
meetings provide important opportunities to meet other members
and share ideas and expertise.
************************************************************************
OTHER MEMBERSHIP BENEFITS INCLUDE:
************************************************************************
* a quarterly newsletter which provides in-depth analysis of key
issues in computing as well as updates on CPSR activities and
action alerts,
* an organized voice for socially responsible computing in
Washington,
* well-researched public testimony and public policy development,
* invitations and discounts to CPSR events,
* discounts on research papers, books.and educational videotapes,
* on-line information and discussion of key issues in computing,
* membership in a local CPSR chapter (where available) and notices
of chapter meetings and activities,
* participation in local and national working groups which allow you
to have effective impact on the issues you care about,
* information and referral about crucial issues in computing.
ORGANIZATIONAL INFORMATION
CPSR National Office
P.O. Box 717
Palo Alto, CA 94301
415-322-3778
415-322-3798 (FAX)
E-mail: cpsr@csli.stanford.edu
CPSR Washington Office
666 Pennsylvania Ave SE, Suite 303
Washington, D.C. 20003
202-544-9240
202-547-5481 FAX
rotenberg@washofc.cpsr.org
************************************************************************
PRIVACY NOTICE
************************************************************************
The CPSR membership database is never sold, rented, lent,
exchanged, or used for anything other than official CPSR
activity. CPSR may elect to send members mailings with
information from other groups, but the mailings will always
originate with CPSR.
============================ clip and mail ===========================
CPSR MEMBERSHIP FORM
Name ___________________________________________________________
Address ___________________________________________________________
___________________________________________________________
City/State/Zip _____________________________________________________
Home phone _____________________ Work phone ______________________
Company ___________________________________________________________
Type of work ______________________________________________________
E-mail address _____________________________________________________
CPSR Chapter
__ Acadiana __ Austin __ Berkeley
__ Boston __ Chicago __ Denver/Boulder
__ Los Angeles __ Madison __ Maine
__ Milwaukee __ Minnesota __ New Haven
__ New York __ Palo Alto __ Philadelphia
__ Pittsburgh __ Portland __ San Diego
__ Santa Cruz __ Seattle __ Washington, DC
__ No chapter in my area
CPSR Membership Categories
__ $ 75 REGULAR MEMBER
__ $ 50 Basic member
__ $ 200 Supporting member
__ $ 500 Sponsoring member
__ $1000 Lifetime member
__ $ 20 Student/low income member
__ $ 50 Foreign subscriber
__ $ 50 Library/institutional subscriber
Additional tax-deductible contribution to support CPSR projects:
__ $50 __ $75 __ $100 __ $250
__ $500 __ $1000 __ Other
Total Enclosed: $ ________
Make check out to CPSR and mail to:
CPSR
P.O. Box 717
Palo Alto, CA 94301
************************************************************************
CPSR has several different electronic resources available at no cost.
We established a list server to archive CPSR related materials and
make them available on request, and to quickly disseminate official,
short, CPSR announcements (e.g., press releases, conference
announcements, and project updates). Mail traffic will be light P
only the CPSR Board and staff can post to it.
We encourage you to subscribe to the list server and publicize it
widely to anyone else interested in CPSRUs areas of work. To
subscribe, send mail to:
listserv@gwuvm.gwu.edu (Internet) OR
listserv@gwuvm (Bitnet)
Your message needs to contain only one line:
subscribe cpsr <your first name> <your last name>
You will get a message that confirms your subscription. The message
also explains how to use the list server to request archived materials
(including an index of everything in CPSRUs archive)
If you have a problem with the list server, please contact
Paul Hyland (phyland@gwuvm.gwu.edu or phyland@gwuvm).
There is a second list server at cpsr.org. This list server also has
an extensive archive and houses several different lists on more
specialized subjects relating to computing. For more detailed
information on the listserv and other services, send email to
listserv@cpsr.org with the message:
GET CPSR/CPSR.ORG SOURCES or,
GET CPSR/CPSR.ORG QUICK_REF
If you have a problem using cpsr.org, contact ftp-admin@cpsr.org.
************************************************************************
We hope you enjoy this new service.
************************************************************************
------------------------------
Date: 8 Jul 1993 20:14:44 -0500
From: spaf@CS.PURDUE.EDU(Gene Spafford)
Subject: File 2--Incident Response Workshop info
** NOTE: July 10 is the deadline for discounted registration!! **
PRELIMINARY AGENDA
5th Computer Security Incident Handling Workshop
Sponsored by the Forum of Incident Response and Security Teams (FIRST)
August 10-13, 1993
St. Louis, MO
TUESDAY, August 10, 1993 Full-day Tutorials
1. Creating a Security Policy
presented by Charles Cresson Wood:
[no abstract available at time of posting]
2. Vulnerabilities of the IBM PC Architecture: Virus, Worms, Trojan
Horses, and Things That Go Bump In The Night
presented by A. Padgett Peterson:
An intensive look into the architecture of the IBM-PC and MS/PC-DOS --
What it is and why it was designed that way. An understanding of
assembly language and the interrupt structure of the Intel 80x86
processor is helpful.
The day will begin with the BIOS and what makes the PC a fully
functional computer before any higher operating system is introduced.
Next will be a discussion of the various operating systems, what they
add and what is masked. Finally, the role and effects of the PC and
various LAN configurations (peer-peer and client server) will be
examined with emphasis on the potential protection afforded by login
scripting and RIGHTS.
At each step, vulnerabilities will be examined and demonstrations
made of how malicious software exploits them. Demonstrations may
include STONED, MICHELANGELO, AZUSA, FORM, JERUSALEM, SUNDAY, 4096,
and EXEBUG viruses depending on time and equipment available.
On completion attendees will understand the vulnerabilities and how
to detect attempted exploitation using simple tools included with
DOS such as DEBUG and MEM.
3. Unix Security
presented by Matt Bishop:
Unix can be a secure operating system if the appropriate controls and
tools are used. However, it is difficult for even experienced system
administrators to know all the appropriate controls to use. This
tutorial covers the most important aspects of Unix security
administration, including internal and external controls, useful
tools, and administration techniques to develop better security.
Upon completion, Unix system administrators will have a better
understanding of vulnerabilities in Unix, and of methods to protect
their systems.
WEDNESDAY, August 11, 1993
8:30 - 8:45 Opening Remarks - Rich Pethia (CERT/CC)
8:45 - 9:30 Keynote Speaker - Dr. Vinton Cerf (XXXX)
9:30 - 10:00 Break
10:00 - 12:00 International Issues - Computer networks and communication lines
span national borders. This session will focus on how computer
incidents may be handled in an international context, and on
some ways investigators can coordinate their efforts.
SPEAKERS:
Harry Onderwater (Dutch Federal Police)
John Austien (New Scotland Yard)
other speakers pending
12:00 - 1:30 Lunch with Presentations by various Response Teams
1:30 - 3:00 Professional Certification & Qualification - how do you know if
the people you hire for security work are qualified for the
job? How can we even know what the appropriate qualifications
are? The speakers in this session will discuss some approaches
to the problem for some segments of industry and government.
SPEAKERS:
Sally Meglathery ((ISC)2)
Lynn McNulty (NIST)
Genevieve Burns (ISSA)
3:00 - 3:30 Break
3:30 - 6:00 Incident Aftermath and Press Relations - What happens after an
incident has been discovered? What are some of the
consequences of dealing with law enforcement and the press?
This session will feature presentations on these issues, and
include a panel to answer audience questions.
SPEAKERS:
Laurie Sefton (Apple Computer)
Jeffrey Sebring (MITRE)
Terry McGillen (Software Engineering Institute)
John Markoff (NY Times)
Mike Alexander (InfoSecurity News)
7:00 - 9:00 Reception
THURSDAY August 12
8:30 - 10:00 Preserving Rights During an Investigation - During an
investigation, sometimes more damage is done by the
investigators than from the original incident. This session
reinforces the importance of respecting the rights of victims,
bystanders, and suspects while also gathering evidence that may
be used in legal or administrative actions.
SPEAKERS:
Mike Godwin (Electronic Frontiers Foundation)
Scott Charney (Department of Justice)
other speaker pending
10:00 - 10:30 Break
10:30 - 12:00 Coordinating an Investigation - What are the steps in an
investigation? When should law enforcement be called in? How
should evidence be preserved? Veteran investigators discuss
these questions. A panel will answer questions, time permitting.
SPEAKER:
Jim Settle (FBI)
other speakers pending
12:00 - 1:30 Special Interest Lunch
1:30 - 3:00 Liabilities and Insurance - You organize security measures but
a loss occurs. Can you somehow recover the cost of damages?
You investigate an incident, only to cause some incidental
damage. Can you be sued? This session examines these and
related questions.
SPEAKERS:
Mark Rasch (Arent Fox)
Bill Cook (Willian, Brinks, Olds, Hoffer, & Gibson)
Marr Haack (USF&G Insurance Companies)
3:00 - 3:15 Break
3:15 - 5:30 Incident Role Playing -- An exercise by the attendees
to develop new insights into the process of
investigating a computer security incident.
Organized by Dr. Tom Longstaff of the CERT/CC.
7:30 - ? Birds of a Feather and Poster Sessions
FRIDAY August 13
8:30 - 10:00 Virus Incidents - How do you organize a successful virus
analysis and response group? The speakers in this session have
considerable experience ans success in doing exactly this. In
their talks, and subsequent panel, they will explain how to
organize computer virus response.
SPEAKERS:
Werner Uhrig (Macintosh Anti-virus Expert)
David Grisham (University of New Mexico)
Christoph Fischer (CARO)
Karen Picharczyk (LLNL/DoE CIAC)
Ken van Wyk (DISA/Virus-L)
10:00 - 10:15 Break
10:15 - 11:15 Databases - How do you store incident, suspect, and
vulnerability information safely, but still allow the
information to be used effectively? The speakers in this
session will share some of their insights and methods on this
topic.
SPEAKERS:
John Carr (CCTA)
Michael Higgins (DISA)
speaker pending
11:15 - 12:15 Threats - Part of incidence response is to anticipate riska and
threats. This session will focus on some likely trends and
possible new problems to be faced in computer security.
SPEAKERS:
Karl A. Seeger
speakers pending
12:15 - 12:30 Closing Remarks - Dennis Steinauer (NIST/FIRST)
12:30 - 2:00 Lunch
2:00 - 3:00 FIRST General Meeting and the Steering Committee Elections
3:00 - 4:00 FIRST Steering Committee Meeting
^^^^^^^^^^^^^^^^^^^^^Registration Information/Form Follows^^^^^^^^^^^^^^^^^^^^^
INQUIRES:
Direct questions concerning registration and payment to: Events at 412-268-6531
Direct general questions concerning the workshop to: Mary Alice "Sam" Toocheck
at 214-268-6933
Return to: Helen E. Joyce
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Facsimile: 412-268-7401
TERMS:
Please make checks or purchase orders payable to SEI/CMU. Credit
cards are not accepted. No refunds will be issued, substitutions are
encouraged.
The registrations fee includes materials, continental breakfast,
lunches (not included on August 13), morning and afternoon breaks and
an evening reception on August 11. Completed registration materials
must be received by the SEI no later than July 10, 1993.
A minimum of 7 attendees are needed for each tutorial and there will
be limit of 50 attendees. You MUST indicate which tutorial you would
like to attend and an alternate if your first choice is full.
GOVERNMENT TERMS:
If your organization has not made prior arrangements for reimbursement
of workshop expenses, please provide authorization (1556) from your
agency at the time of registration.
GENERAL REGISTRATION INFORMATION:
Workshop................................. ..............$300.00
All registrations received after July 10, 1993..........$350.00
Tutorials (Must be registered by July, 10, 1993)........$190.00
NAME:
TITLE:
COMPANY:
DIVISION:
ADDRESS:
CITY:
STATE:
ZIP:
BUSINESS PHONE:
EMERGENCY PHONE:
FACSIMILE NUMBER:
E-MAIL ADDRESS:
DIETARY/ACCESS REQUIREMENTS:
CITIZENSHIP: Are you a U.S. Citizen? YES/NO
Identify country where citizenship is held if not the U.S.:
(Note: there will be no classified information disclosed at this
workshop. There is no attendance restriction based on citizenship or
other criteria.)
GENERAL HOTEL INFORMATION:
RATES: A block of rooms has been reserved at the Hyatt Regency at
Union Station, One St. Louis Union Station, St. Louis, Missouri 63103.
The hotel will hold these rooms until July 10, 1993. Hotel
arrangements should be made directly with the Hyatt, 314-231-1234. To
receive the special rate of $65.00 per night, please mention the Fifth
Computer Security Incident Handling Workshop when making your hotel
arrangements.
ACCOMMODATIONS: Six-story hotel featuring 540 guest rooms, including
20 suites. All rooms have individual climate control, direct-dial
telephone with message alert, color TV with cable and optional pay
movies. Suites available with wet bar. Hotel offers three floors of
Regency accommodations, along with a Hyatt Good Passport floor, and a
special floor for women travelers.
LOCATION/TRANSPORTATION FACTS: Downtown hotel located in historic
Union Station one mile from Cervantes Convention Center and St. Louis
Convention Center and St. Louis Arch. Fifteen miles (30 minutes) from
St. Louis Zoo.
DINING/ENTERTAINMENT: Italian Cuisine is features at Aldo's, the
hotel's full-service restaurant. Enjoy afternoon cocktails in the
Grand Hall, an open-air, six-story area featuring filigree work,
fresco and stained glass windows. The station Grille offers a chop
house and seafood menu.
RECREATIONAL/AMUSEMENT FACILITIES: Seasonal outdoor swimming pool.
Full health club; suana in both men's and women's locker rooms.
Jogging maps are available at the hotel front desk.
SERVICES/FACILITIES/SHOPS: Over 100 specialty shops throughout the
hotel, including men's and women's boutiques, children's toy shops and
train stores.
--
Gene Spafford, COAST Project Director
Software Engineering Research Center & Dept. of Computer Sciences
Purdue University, W. Lafayette IN 47907-1398
Internet: spaf@cs.purdue.edu phone: (317) 494-7825
------------------------------
Date: Thu, 15 Jul 1993 14:24:18 UTC+0100
From: Miquel Barcelo <blo@LSI.UPC.ES>
Subject: File 3--"Science & Tech Through Science Fiction" Conference
Friends,
You will find here the CALL OF PAPERS of a new Workshop on
SCIENCE AND TECHNOLOGY THROUGH SCIENCE FICTION
to be held next summer in Barcelona, Spain (22nd and 23rd, June 1994).
This will be the first edition of such a Workshop so, if you
know more people that could be interested, please help in making this
information available just forwarding this message.
If you need more information, please feel free to ask to:
blo@lsi.upc.es
Yours,
Dr. Miquel Barcel%
Software Department - UPC
Pau Gargallo, 5
E 08028 BARCELONA (Spain)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
First Announcement and CALL FOR PAPERS
STSF '94
An International Workshop on
SCIENCE and TECHNOLOGY through SCIENCE FICTION
22nd-23rd June 1994 - BARCELONA (Spain)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Organized by:
CONSELL SOCIAL (Board of Trustees)
of Universitat Polit%cnica de Catalunya (UPC)
in cooperation with:
Software Department (UPC)
Physics and Nuclear Engineering Department (UPC)
WORLD SF (Hispanic Chapter)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
THE WORKSHOP
A good working definition of science fiction is "speculative ex-
trapolation about the effect of science and technology on society".
The aim of this International Workshop is to provide a forum for iden-
tifying, encouraging and discussing research about science and tech-
nology, or their consequences, as portrayed in science fiction. The
Workshop will bring together researchers, scientists, and other aca-
demics with science fiction professionals to share information and ex-
plore new ideas about the relationship between science fiction,
science and technology.
TOPICS OF INTEREST
The topics of interest include but are not limited to:
- Biotechnology, genetic engineering
- Computer science, robotics, artificial intelligence
- Macroengineering
- Nanotechnology
- Physics, astronomy, cosmology
- Professional activity of scientists and engineers
- Social impact of science and technology
- Teaching science and technology with science fiction
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PROGRAM COMMITTEE
* Miquel Barcel% (Software Dept., UPC, SPAIN)
* Joe Haldeman (SFWA president, M.I.T. Associate Professor, USA)
* Elizabeth A. Hull (SFRA past-president, USA)
* Frederik Pohl (SFWA and WSF past-president, USA)
* Vernor Vinge (Dept. of Math Sciences, SDSU, USA)
ORGANIZING COMMITTEE
* Miquel Barcel% (Software Dept., UPC)
* Laura Cabarrocas (Board of Trustees (secr.), UPC)
* Gay Haldeman (Writing Program, M.I.T.,USA)
* Pedro Jorge (Hispanic Chapter of WORLD SF)
* Jordi Jos% (Physics and Nuclear Engineering Dept., UPC)
* Louis Lemkow (Sociology Dept., UAB)
* Manel Moreno (Physics and Nuclear Engineering Dept., UPC)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INSTRUCTIONS TO AUTHORS
Paper submissions must be in English and no more than 6000 words long.
The Proceedings of the Workshop will be published by the organi-
zing institution.
Authors are requested to submit a "Letter of Intention" with the
title of the paper and a short abstract (less than one page) be-
fore November 30, 1993.
Authors must submit five copies of each paper, before January 31,
1994, to the:
Program Chairperson:
Miquel Barcel%
Facultat d'Inform%tica
Universitat Polit%cnica de Catalunya
Pau Gargallo, 5
E 08028 BARCELONA (Spain)
Tel: 34.3.401.6958
Fax: 34.3.401.7113
E-mail: blo@lsi.upc.es
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IMPORTANT DATES
* Deadline for Letter of Intention: November 30, 1993
* Deadline for Paper Submission: January 31, 1994
* Notification of Acceptance: March 15, 1994
* Camera Ready Papers Due: April 30, 1994
* Workshop: June, 22-23, 1994
------------------------------
Date: Wed, 21 Jul 1993 11:06:05 -0700
From: "James I. Davis" <jdav@WELL.SF.CA.US>
Subject: File 4--New hearing set for E-Fingerprinting in SF
NEW HEARING SET FOR JULY 27 on ELECTRONIC FINGERPRINTING for
WELFARE RECIPIENTS IN SAN FRANCISCO
Once again electronic fingerprinting for San Francisco welfare
recipients is on the Board of Supervisors agenda. A formal request has
been made by the SF Department of Social Services (DSS) to change the
ordinance governing General Assistance (GA) to begin requiring
electronic fingerprints as a condition for receiving GA benefits.
Prints are matched ostensibly to prevent people from obtaining aid
more than once.
A hearing on the ordinance has been set for TUESDAY, JULY 27 at 2:00
p.m. in Room 228 of City Hall, San Francisco.
The Automated Fingerprint Image Reporting and Match (AFIRM) system is
essentially a _political_ plan, using vague and unsubstantiated claims
of welfare fraud as a justification for installing the computer
system. That is, it is NOT a real fiscal savings plan and is incapable
of introducing "accountability" into the welfare system, because no
data exists to support its use (see below for details). As such the
only way that the AFIRM system will be stopped is by raising as much
noise about it as possible. If you think that electronic
fingerprinting is a bad idea, please let the following supervisors
know, and/or come to the hearing:
Supervisor Willie Kennedy
(415) 554-5734 (voice)
(415) 554-7034 (fax)
Supervisor Barbara Kaufman
(415) 554-4880 (voice)
(415) 554-4885 (fax)
Supervisor Annemarie Conroy
(415) 554-7788 (voice)
(415) 554-5163 (fax)
Mail address for all supervisors:
Room 235
City Hall
San Francisco, CA 94102
*******
Here are some abbreviated details on the situation. I have a
longer question/answer analysis type background piece which I'm
happy to send to you, you can also FTP it from cpsr.org
(/ftp/cpsr/fingerprints/sffinger.analysis)
Key points are:
-- IT'S NOT CLEAR THAT THERE IS A NEED FOR THE SYSTEM, OR THAT THE
SYSTEM WILL SAVE ANY MONEY
The Department of Social Services (DSS) has presented NO DATA to
substantiate how extensive the problem of "double-dipping" is, and
data from Los Angeles County (which has been using the same system for
two years) and Alameda County (using it since February) shows that the
problem may be quite minuscule. Wild claims of cost-savings by Los
Angeles and Alameda Counties do not stand up to careful scrutiny.
During a changeover period, cases are closed for "non-compliance" if
people fail to show up for their fingerprint appointment. I.e., no
evidence of "fraud deterred" exists. It appears that cases counted as
being closed because of the fingerprint program include cases that
would already have been closed because of the normal 15 - 20% monthly
turnover in GA cases (i.e., they would have been closed anyway, but
are assigned as savings to AFIRM). "Non-compliance" could be the
result of lost mail, lack of bus fare, paperwork screw-up, mental
disability, or confusion about the rule change. Actual fraud that does
occur may be caught by existing DSS security measures, including their
ID process, social security number matching with other counties, the
Fraud Early Detection Program, etc, so are unfairly assigned to the
AFIRM system. And the cost of the system is probably understated.
After an accurate cost-benefit accounting is made (none has been done
yet), it could very well show that the system does NOT save _any_
money.
-- THERE ARE PROFOUND PRIVACY CONCERNS.
EDS, the computer services giant, will store and process the data.
The data will be shared with other counties. The police, legally,
under specific conditions, may get information from DSS on recipients.
Conceivably this will include some kind of access to, or search
capability of, the fingerprint data. And laws governing access to
confidential welfare data may change. Historically, breaches in
privacy protection have started with welfare programs (e.g., computer
matching of data in 1977), and from their extend to other programs
after the precedent has been established.
-- IT PUSHES SOCIAL SERVICES TOWARDS BEING A LAW ENFORCEMENT ACTIVITY.
Regardless of its extension into many areas, fingerprinting is still
commonly perceived as a law enforcement technology. While
fingerprinting in some professions has a rationale because public
safety is involved, or for personal security reasons, these do not
apply to its use in welfare, where people must rely on the government
for their survival. Being poor is technically not a crime, but the
fingerprinting scheme reinforces this too common perception.
-- THE AFIRM SYSTEM IS DESIGNED FOR EXPANSION.
After GA, fingerprinting will extend to AFDC (mostly welfare mothers &
kids). LA County is planning to extend AFIRM to AFDC recipients, as a
pilot program this summer. This will quadruple the records on their
system to 400,000. Will they fingerprint the kids? After that, food
stamps is a likely candidate. Then we are well on the way to
establishing a national poverty database. As the system extends to
more government programs, it becomes a threat to everyone.
In short, the electronic fingerprinting scheme is a bad idea. It is an
expensive solution to a problem of unknown (but most likely
overstated) dimensions, which will have undetermined results, with
potentially serious negative side-effects. The proposed AFIRM system
is not focused, cheap, or safe enough to merit its social and
financial cost. The system is simply a poor use of taxpayer
money.
Again letters, faxes, and phone calls are important!
Jim Davis
Western Region Director
CPSR
Please repost where appropriate!
------------------------------
End of Computer Underground Digest #5.55
************************************