From ???@??? Mon Sep 02 08:40:48 1996 Received: from osf1.gmu.edu (osf1.gmu.edu [129.174.1.13]) by rembrandt.erols.com (8.6.12/8.6.9) with SMTP id IAA03556 for ; Mon, 2 Sep 1996 08:25:02 -0400 Received: from portal.gmu.edu by osf1.gmu.edu; (5.65v3.2/1.1.8.2/07Sep94-1001AM/GMUv3) id AA28016; Mon, 2 Sep 1996 08:24:57 -0400 Received: from ai.mit.edu by gmu.edu; (5.65v3.2/1.1.3.9/GMUv7) id AA22244; Mon, 2 Sep 1996 08:24:56 -0400 Received: (from daemon@localhost) by life.ai.mit.edu (8.7.5/8.7.5AI/life.ai.mit.edu:1.6) id IAA09497 for dcsb-outgoing; Mon, 2 Sep 1996 08:23:52 -0400 (EDT) Received: from maildeliver4.tiac.net (maildeliver4.tiac.net [199.0.65.168]) by life.ai.mit.edu (8.7.5/8.7.5AI/life.ai.mit.edu:1.6) with SMTP id IAA09491 for ; Mon, 2 Sep 1996 08:23:48 -0400 (EDT) Received: from mailserver1.tiac.net (mailserver1.tiac.net [199.0.65.232]) by maildeliver4.tiac.net (8.6.12/8.7.4) with ESMTP id IAA12029 for ; Mon, 2 Sep 1996 08:23:46 -0400 Received: from [206.119.69.46] (FlyingCloud.tiac.net [206.119.69.46]) by mailserver1.tiac.net (8.6.12/8.7.4) with ESMTP id IAA11828 for ; Mon, 2 Sep 1996 08:23:29 -0400 Date: Mon, 2 Sep 1996 08:23:29 -0400 X-Sender: rah@tiac.net Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit To: dcsb@ai.mit.edu From: Robert Hettinga Subject: fwd: fingerprinting by banks Sender: bounce-dcsb@ai.mit.edu Precedence: bulk Reply-To: Robert Hettinga For the record, I agree with Bear on all his points below. It's just so *hard* to resist the temptation every once in a while. :-). For the record, I saw this on com-priv, where I also believe Bear did, and, while I did send it on to e$pam ("It don't say e$pam until Hettinga says it says e$pam." :-)), I *didn't* send it to DCSB, even though it goes right to the heart of the distinction between book-entry and bearer certificate transaction systems. In my opinion, bearer certificate systems *don't* need all the biometric overhead of book-entry systems, and will eventually be much cheaper to use as a result. Looking at now, I agree with Bear that the article he's forwarding here *is* relevant to DCSB, so I send it on, with his comments. What's that?... It *is*! Someone out there's playing a Frank Zappa song: "Goin' to Montana soon... Gonna be a dental floss tycoon..." Get out your zircon-encrusted tweezers. *Ride* that pygmy pony... :-) Cheers, Bob --- begin forwarded text X-Sender: oldbear@pop.tiac.net Mime-Version: 1.0 Date: Mon, 02 Sep 1996 00:01:42 -0300 To: rah@shipwright.com From: The Old Bear Subject: fwd: fingerprinting by banks Robert: There appears to be a disquieting trend on dcsb to discuss issues which are purely matters of political philosophy and do not have direct bearing on digital commerce. Far be it for me to say what should or should not be discussed on dcsb, but these ramblings detract from what I understand to be the purpose of the list. I concede that a major issue confronting digital certificates will be their ability to protect privacy to the extent that conventional governmental entities can neither track transactions for purposes of statistical analysis or audit for purposes of taxation. That, and related issues would appear to be fair game. However, bogus passports notwithstanding, some of the discussion seems to head off into the Montana wilderness of paranoia. This does little to enhance the credibility of dcsb which, IMHO, has the makings of a very important organization in shaping how commercial transactions will occur in the next century. Having said that, I attach below a very interesting item which most certainly does lie on the thin line between the politics of privacy and the practice of commerce. Cheers, Will The Old Bear ---------begin included text--------- Date: Fri, 30 Aug 1996 10:57:23 -0400 From: jd@scn.org (SCN User) To: Multiple recipients of list Subject: fingerprinting by banks SEATTLE WEEKLY Copyright 1996 - used with permission July 24,1996 - "Quick and Dirty" column by Eric Scigliano Thumbprint, retinal or body-odor scan, sir? If you think those "Go to Jail" charity slumber parties are a scream, you may get a kick out of cashing checks after September 11. That's when US Bank will start requiring that non-customers cashing its checks consent to be finger--or, rather, thumb--printed. Other local banks are expected to join US Bank on the new security frontier in September, and at least one, Seafirst, plans to start taking thumbprints next year in step with its California parent, Bank America. The thumbprinting scheme is being pushed by the Washington Bankers Association, which wants all its members to take the plunge together. As Dan Doyle, regional manager over US Bank's Western Washington branches, notes, "I'm not sure any one bank wants to be the one to step out and do it--it probably sounds cold, hard, and not very customer-friendly." Indeed. "But it's really to protect customers." That protection is supposed to come from deterrence. Very few, if any, check forgers actually get caught via thumbprints in those states (most notably Texas, Nevada, and Arizona) whose banks already take them. Tellers can't (yet, anyway) check the prints for known forgers; the prints will merely be saved (on the checks themselves) for investigation in the event of a bounce. But Bruce Koppe, the Bankers Association's executive director, reports that bogus-check losses have declined by 40 percent in those states. Doyle says US Bank has charted 45 percent reductions in states where it's tried the system, and fewer than 1 percent of those asked decline to give prints. Some retailers, and reportedly at least one local credit union, are already taking prints on checks. Customers can at least be reassured that they won't have to bear the telltale black stains of traditional fingerprinting; the new "inkless" printing leaves no visible mark on the skin. Still, fingerprinting is, in the words of American Civil Liberties Union lobbyist Jerry Sheehan, "the archetypal metaphor of criminality, along with the mug shot and lineup." Some tellers are already grumbling at the prospect of having to do it. The banks take heart that they won't be demanding prints of their current customers. But the ill will may still come around to bite them; those are all potential customers they stand to infuriate, and account-holders may not like the idea of their checks being valid only when backed by thumbprints. And thumbprinting may be just the nose under the tent. That mixed bodily metaphor suits the brave new world of "biometric" identification in which we will, very soon, find ourselves. Down in Olympia, a working group of the joint Legislative Transportation Committee is considering what kind of biometric and/or computer technology to adopt in upcoming "smart" driver's licenses; its findings are due in December, preparatory to the next legislative session. Possibilities include a bar code or magnetic strip; a store scrutinizing your check or a cop writing a ticket could scan your full digitalized profile. All the drivers' license data that now fills a state warehouse could be consolidated in a single data base. And all those sci-fi and privacy-protectionist warnings about personal bar codes and instant snooping will come true. Transportation Committee staffer Jennifer Joly says that fingerprinting is still the most common form of biometric ID. But more exotic techniques are coming in: hand geometry scans, retinal scans, iris scans, computerized facial recognition, and (I am not making this up) body odor measurement. It seems unlikely that those who take IDs will stop at thumbprinting checks. Joly reports that bankers, retailers, and law-enforcement groups have joined in a coalition to weigh in on the new drivers' licenses. "We'll be pushing for legislation imposing severe restrictions" on fingerprinting, the ACLU's Sheehan vows. And they'll "continue to resist these pressures to create uniform identification papers from a document intended for driver's certification." [...] July 31, 1996 column by Eric Scigliano [...] They want to know it all If you feel queasy about being fingerprinted by a bank, imagine how tellers feel about all the information they're supposed to disclose. US Bank asks employees to fill out an "extortion readiness card" listing all their cars (by number and "markings") and neighbors, the names, schools, and daily routes and schedules of their children, and any meetings they themselves regularly attend. US Bancorp spokeswoman Mary Ruble says taking such data is a longtime standard banking practice done for the employees' "own safety," to protect them in "hostage situations" and to help authorities "follow up if a claim of kidnapping is made." She adds that US Bank has never encountered such a situation, but believes other banks have. The cards are kept confidential in a central office, and filling them out is "voluntary for employees." But one bank worker who objected recalls being told to fill out the card anyway, and got the feeling, despite the explanation, that the intent was really to guard against crimes by, rather than against, employees. "The extortion readiness card has nothing to do with embezzlement," says Ruble. -----------end included text----------- --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB@ai.mit.edu