Pleasant@Rutgers.ARPA (04/09/83)
HUMAN-NETS Digest Friday, 8 Apr 1983 Volume 6 : Issue 21
Today's Topics:
Technology - EFT (8 msgs)
----------------------------------------------------------------------
Date: 2 Apr 83 15:31:45-EST (Sat)
From: the soapbox of Gene Spafford <spaf.gatech@UDel-Relay>
Subject: EFT and such
My apologies for these comments being a bit out-of-date; March has
been a very bad month for me.
Re: Tracking your activities with EFT.
Isn't it a pity that we have an attitude in our society where we
have to hide so many things? We are ashamed of how much or how
little we make. Having "flings" seems to be a liability in some
quarters. Being human seems to be a problem, doesn't it? We don't
want people to know about us because they judge us not for what we
may be but by how we appear. If we are going to dream up EFT and
change the world, why not dream up a situation where people wouldn't
be hurt by others knowing about them? I worry more about people who
want to hide everything than I do about people who admit to being
human and having human activities. But as long as we sell so much
mouthwash and perfume and makeup and ... I guess people will want
to hide the fact that they are buying the stuff and aren't what they
seem to be. And as long as people are insecure in themselves and
need to look to someone else for an image, then I guess the moral
majority guy who goes to the Mustang Ranch will want to hide what it
is he's really been praying for.
Re: Automatic Teller machines.
Please note that I'm not advocating the following, but if you have
had any experience with the following I'd be interested in hearing
the results.
It seems to be human nature to get upset with these teller machines
which don't work after you've driven halfway across town for money
from the suckers. Therefore, it is no surprise that people come up
with methods of venting their frustrations on the machines. The
secret, as with getting mad at people and institutions, is not to
lose your temper and kick and scream. Rather, be clever. I have
heard that cutting a piece of cheese to the size of a teller card
and pushing it into the teller slot does amazing things to the
machine. It takes in the cheese and that's all it does for quite
some time. Hit 4 or 5 machines in the vicinity on a Friday evening
and the bank will have a lot of irate customers who may wish to
change their accounts. Another method is to take a can of that
compressed freon (or even foam or epoxy) and spray it in through the
slots. Freon under pressure comes out at something like -40F and
does wonders to hot thermal printer parts and electronics. I know
of one institution that had to scrap an employee ID system that the
employees hated due to acts like this.
There are more, but I don't want to suggest acts of vandalism,
merely point out that the more sophisticated we make our mechanisms,
the more sophisticated the vandals will become. Spur of the moment
may decrease a bit (how many of you carry Freon around with you?),
but acts by angry consumers may actually become more widespread
because now there is even more challenge. We are building more
impassive, heartless companies and institutions and increase the
feelings of rage and helplessness in the consumer. I seem to detect
more of an undercurrent of defiance to the systems (did YOU fudge
your income tax a bit...drive 55 all the time), more anger, and more
books appearing on how to disrupt your favorite target.
More electronics and more hardware isn't going to solve all our
problems. People already distrust computers, I don't see how full
EFT would ever be accepted. Maybe the next generation raised on
video games and home computers can deal with it. I really don't
know.
I'm not sure I asked a question in any of that, but does anyone have
any comments?
------------------------------
Date: 3 April 1983 01:27 EST
From: Steven A. Swernofsky <SASW @ MIT-MC>
Subject: privacy of banking records
It is unfair to cite U.S. v. Miller without also noting that it has
been disapproved by the legislature. Scant two years later,
Congress in response enacted the "Right to Financial Privacy Act of
1978," Pub. L. No. 95-630. This Act provides that any subpoena for
financial records must be served on the customer, who may then
challenge it in court. A judicial order must be obtained (the
equivalent of a search warrant) to void the notice requirement.
It looks like Congress, at least, believes that financial records
are within the individual's "reasonable expectation of privacy." As
well they should be.
In any event, we on HUMAN-NETS should be discussing the interactions
between people and computer networks. One aspect of the information
revolution is the discovery of problems which were only minimal
before the advent of new technology. This gives us an opportunity
to examine these problems and to build appropriate safeguards into
the technology so that the problems do not become magnified beyond
our capacity to control them. Ignoring these problems won't make
them go away.
-- Steve
------------------------------
Date: 3 April 1983 02:26 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Re: EFT, etc.
Date: 1 Apr 1983 0916-CST
From: CS.TEMIN at UTEXAS-20
And if the current methods for detecting fraudulent checks and
credit cards were a bit more reliable, the current system for
making personal monetary transactions should be acceptable to
everyone (vendors and purchasers).
I disagree. From my point of view the current method is already good
enough in the areas you list, yet I dislike the current method for
other reasons:
- Once a month I have to physically write out cheques for routine
bills like telephone, apartment rent, newspaper, credit card
account, medical insurance. Also each time I buy groceries with a
cheque I have to write out a cheque then wait at the approval window
to have it verified. (I presume you propose automating the
verification process; but the chequewriting would remain.) - I'd
rather have my personal computer handle this kind of stuff
automatically. Each time a bill comes in my computer would insert it
in my queue of things to cheque off. I'd look at the queue several
times a day, because it'd include incoming electronic mail,
appointments and dates, television and radio programs, regular
clubmeetings and dances, even bus schedules and computed optimal
routes for bus-transfer including time I have to start getting
dressed to meet the bus; all the sorts of things I have to remember
at the right time but my human memory just doesn't work that way
very well at all. When a bill-payable appears, it'd be shown with
not only the company-name and purpose of the bill but also a note as
to the previous payment to that same account, and it'd automatically
cheque to make sure the bill was reasonable (if not, a bright flag
to warn me to look more carefully). I'd press one key to clear that
item, causing the cheque to be written automatically. That would
cover all the regular billings. For grocery store I'd just charge it
and pay the bill at the end of the month automatically. -- But
equipment to interface to the physical-cheque industry is too
expensive for a single person to own, and I've never heard of a
service bureau willing to perform this task. -- Meanwhile it takes
several minutes of my attention to write each cheque (I have to get
out the stuff, including envelop and stamp, sit down and start
writing out stuff, then put all the stuff back when done, then make
a trip to the mailbox to post it.) The only alternative currently is
very very expensive, hiring another human to do it, an executive
secretary, a few thousand dollars month I estimate. - I'd rather
have EFT that I can invoke from my personal-computer using
public-key cryptosystems.
- Once a month I have to balance my chequebook, to make sure some
employee at the bank didn't goof. I'd rather the bank sent me the
info in machine readable form so I could balance it electronically.
Until EFT is up and running, what's the chance of automating the
bank-statement/consumer interface?
That's all for now. Unburden me of those and I'll be able to
perceive more subtle deficiencies with the cheque & credit-card
method.
------------------------------
Date: 3 April 1983 02:46 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Realism of EFT Proposals
Ah, a voice in the wilderness who also wants to change things for
the better rather than throw up hands in despair to "political
realities" that seemingly prevent anything from getting better.
Indeed perhaps a demonstration that a workable EFT system can be
done would increase its chance of being accepted. (Maybe Arpanet
could set up a prototype system that handles "funny money"? Just an
idea. Maybe PCNET or somesuch will set up a real prototype
someday...)
As for collecting taxes automatically as part of the EFT system. I
don't like the idea of taxing money every time it changes hands, but
I think a value-added tax would be acceptable to me and workable.
The EFT system could keep total track of income and expenses in any
venture, and compute the correct value added, a fixed percentage of
which would be the tax, computed and paid automatically. As for how
to make this work, here's my proposal. Each financial transaction
would have to go through a gateway, a part of the program that is
public. The data passing thru the gateway wouldn't be public, but
the source program would. Thus the tax authorities could inspect the
source program to verify it complies with taxation laws. The rest of
the program would be private, so nobody would know your heuristics
for approving and denying payment (like you might want bills to your
masseuse to be paid automatically and listed in all hardcopy output
reports as "entertainment" or "health care" without specifics).
------------------------------
Date: 3 April 1983 02:58 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: EFTS, Privacy, etc.
Your figures don't support your claims. You claim EFT will not be
done because it's too expensive. You show figures that indicate
cheques and credit cards are much more expensive than cash. The
reason is that a lot of paperwork has to be done with cheques and a
lot of risk has to be absorbed with both methods. With EFT neither
of these would apply. I think the cost of EFT when fully available
will be comparable to cash, and more convenient in most cases.
Simple example, when an EFT transponder costs $5.00, every public
transit bus will have one, and instead of standing at the front of
the bus looking for loose change while the bus driver holds the bus
and other passengers stand in line to board, you simply identify
your account by card or whatever. Since this one card handles all
your transactions, you don't have to look for it, it's right there
where it always is in your pocket or wallet or purse etc. in the
canonical place where it's easy to find instantly. Alternately if
you don't want your identity to be known, you can use an anonymous
prepaid account, similar to a rapid-transit (BART etc.) card.
------------------------------
Date: 4 April 1983 07:50 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Re: EFTS, Privacy, etc.
It's silly to cite the cost of a secretary putting a bank card in an
envelop and mailing it, just to replace a worn card, when the ATM
could dispense replacement cards at a cost of comparatively zero. In
fact the ATM could automatically warn you when it's starting to
wear, and if you ask for replacement charge you a nickel or whatever
it costs when fully automated (blank cards in machine, magstripe
recorded on the spot). I betcha the wear and tear on the printer
that makes the receipts is more expensive than the wear and tear on
a magnetic cardstripe initializer.
This is an example of where if you do it wrong it costs a bundle,
but if you are bright enough to think of an alternative, it's cheap.
Of course for new cards to first time customers, as well in case of
stolen/lost cards, you have to send them thru the mail. But that's
not necessary for simple wear&tear replacements where the old card
is still available and readable on retries.
------------------------------
Date: 4 Apr 1983 12:24:26-EST
From: csin!cjh at CCA-UNIX
Subject: fingerprint recognition
The last time I read anything about this, fingerprints were
increasingly a problem anyway, since there are only so many possible
points of difference; the estimate was that (for identification
purposes) there are something like 14 other people with your prints
(or perhaps that was 14 other people whose Xth print matches your
Xth print, which would make the problem still solvable, but with
difficulty). Note that this is somewhat better than the 15-bit word
that _Bob proposed; this would give 2**13 people in this country
alone who match each of your fingers (current population is pushing
2**28), but a point of correspondence usually amounts to more than
one bit of information.
------------------------------
Date: 5 April 1983 02:51 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Re: EFTS, Privacy, etc.
Right. When the magnetic stripe on the cards instead of the embossed
name is the primary means of use, having a supply of blanks in each
ATM won't be any problem. The embossing will be only to allow you to
sort out your card if you drop it or your spouse's and your card are
in the same purse, to be sure the storeowner didn't hand you the
wrong card back, etc. It'll be the secret ID numbers on the card
that are the true identification, which the supply of blank cards
won't impact. Even knowing the system for recording on the card,
and making a false account, won't work, since every transaction will
call the main computer to verify the account and its status. In fact
it should be possible for a person to create a duplicate card just
by visiting an ATM instead of having to phone or write the company
and have a human send it in the mail. That should actually be more
secure, since (1) it won't get lost in the mail or stolen (standard
trick, call up bank pretending to be somebody else, ask for a dupl
card, then watch that person's mailbox for the card to arrive; the
theft isn't reported because the victim didn't even know there was a
duplicate card arriving), and (2) next month's bill shows the
purchase of the duplicate card (5 cents surcharge or whatever), also
(3) each card has a different duplicate-index, so if you pass out
cards to your spouse and children an one of them misuses it you can
identify which clone was the problem and punish the misuser or split
the accounts so you'll no longer be responsible for debts by so and
so.
------------------------------
End of HUMAN-NETS Digest
************************