funsec mailing list archives

Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000

From: Blanchard_Michael () emc com
Date: Wed, 21 Jun 2006 09:33:26 -0400

I'm seeing the same thing stateside as well.  Although not sure about the no PIN deal.  But, self service checkouts are 
popping up all over the place, and all they require is a signature at most to complete the transactions.  No id needed, 
no staff interaction, nuthin....
 
  I have a problem with these self service checkouts in general, aside from the non-proof of ID.  I refuse to use them 
unless I get a 10% discount on my order.  Why should we do the work of the cashiers and not get paid as well?  Part of 
the cost of the product is the cashier's pay, if they no longer need the cashier, then they can provide a discount on 
the product....
 
Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 

 

________________________________

From: Michael Simpson [mailto:mikie.simpson () gmail com] 
Sent: Wednesday, June 21, 2006 6:59 AM
To: David Lodge
Cc: privacy () whitestar linuxbox org
Subject: Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13,000


a bit off topic but in the days when banks are requiring more info to prove id and we have become a chip and pin nation 
i have an observation to share.
 
tesco have introduced a self-service style checkout in their stores. this allows you to pay with a debit card after you 
have scanned your goods, there is no request for your pin - you just swipe the card and go. If the amount of goods is

£100 then you have to sign a slip of paper in front of a staff member to "prove" who you are, if <£100 then you just

go on your way.   
 
all i have to do is limit myself to £99.99 worth of goods and i have no need to remember any of those pesky 4 digit 
numbers and anybody's card will do (as long as they have the ca$h in their account)
 
anyhoo, nice to see one major company are heading in the opposite direction to everyone else with regards to the thorny 
issue of proof of identity


 
On 6/19/06, David Lodge <dave () cirt net> wrote: 

        On Mon, 19 Jun 2006 20:28:15 +0200, Drsolly < drsollyp () drsolly com <mailto:drsollyp () drsolly com> > wrote:
        >>  Sounds like you're not really a fan of the National ID cards.  I'm not
        >> either, for numerous reasons.
        > That's correct. When I'm asked to provide identification, I offer my 
        > library card, which contains nothing except my name and signature, but is
        > very nicely laminated.
        
        First off: we sort of have an SSN equivalent: the NI Number - though it's
        a lot more transient than the SSN (you can have a temporary one for years 
        and it can change quite easily).
        
        Second: What we've also got to be careful of is that the ID Card is
        pushing the whole concept of proving who you real are, rather than
        providing authorisation/authentication for what you want to do. 
        
        Banks have recently started to ask for passport or driving licence for any
        major transaction - why? I certainly didn't use a passport or driving
        licence when I opened my account (I didn't have either) - how do they know 
        that that is me, not just somebody with the same name?
        
        Even more stupid: under the nebulous threat of money laundering, most
        financial companies are requiring photo IDs for exchanging money for
        foreign money, but you can just take it out of the ATM with no hassles? 
        
        It's stupid: why should I have to prove my real name? It is not illegal to
        have more than one name. Why can't the government's/industries efforts on
        "Identity Theft" be concentrated, not on some pointless cataloguing of 
        every individual, but on known good ways of authenticating a person to a
        service.
        
        dave
        _______________________________________________
        privacy mailing list
        privacy () whitestar linuxbox org
        http://www.whitestar.linuxbox.org/mailman/listinfo/privacy

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy

Current thread:

Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
  - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
    - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
    - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
    - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 David Lodge (Jun 19)
    - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Michael Simpson (Jun 21)
    - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 21)
  - Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Ahmad Elkhatib (Jun 19)
- <Possible follow-ups>
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Gregory Hicks (Jun 19)