From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 3 Oct 1998 18:38:55 +0800
To: cypherpunks@cyberpass.net
Subject: IP: ISPI Clips 5.12: New Fingerprint Chip - Protection vs. Privacy
Message-ID: <199810032339.QAA27773@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




From: "ama-gi ISPI" <offshore@email.msn.com>
Subject: IP: ISPI Clips 5.12: New Fingerprint Chip - Protection vs. Privacy
Date: Sat, 3 Oct 1998 00:34:02 -0700
To: <Undisclosed.Recipients@majordomo.pobox.com>

ISPI Clips 5.12: New Fingerprint Chip - Protection vs. Privacy
News & Info from the Institute for the Study of Privacy Issues (ISPI)
Saturday October 3, 1998
ISPI4Privacy@ama-gi.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This From: The New York Times, September 28, 1998
http://www.nytimes.com


PERSONAL COMPUTING:

Tiny New Chip Could Pit Protection of Property Against Right of Privacy
http://www.nytimes.com/library/tech/98/09/cyber/compcol/29compcol-fixmer.ht
ml

By
ROB FIXMER, rob@nytimes.com


Tom Rowley seems uncomfortable in the role of braggart. A sheepish look
comes over his face when he tells you, "We're going to change the way
people live."

But Rowley's assertion is not to be taken lightly. For one thing, he said
those words once before, in the early 1980's, when the innovation he was
introducing was a concept he called voice mail. For better or worse, he did
change the way we live.

The product that inspires his boast today is a humble-looking chip, about
the size of a postage stamp and no thicker than a nickel. When attached to
a computer, it reads fingerprints with a precision that meets the Federal
Bureau of Investigation's standards for personal identification.

Beginning early next year, consumers will see the fingerprint chip
introduced in notebook computers, then in desktop devices. Every major
manufacturer of computer hardware in the United States is believed to be in
some stage of testing or developing products using the chip. Eventually, it
is all but certain to be embedded in door and car locks, bank cards,
cellular telephones, driver's licenses and the sundry other mundane objects
that identify us as consumers and citizens and give us access to places and
money.

Rowley is the chief executive of Veridicom [ http://www.veridicom.com/ ], a
tiny start-up company in Santa Clara, Calif. He is backed by venture
capital from, among others, the Intel Corporation, which recognizes the
chip's potential to open vast markets in consumer electronics, and Lucent
Technologies, which owns the patents accrued by Bell Laboratories, where
the chip was invented in the early and mid-1980's.

Although the product, known as OpenTouch, is cutting-edge technology, it is
low-tech by silicon standards, making it inexpensive to manufacture in
large numbers. The Korean and Taiwanese companies under contract to produce
it see Veridicom's chip as a way to milk a few more years from old
fabrication plants that have already been fully depreciated and might
otherwise be closed as obsolete.

All of which means that the fingerprint chip, is going to be very
inexpensive -- probably less than $10 per chip within 18 months of its
introduction, and eventually even less, industry experts said. A low price
means that it is almost certain to become far more widely used than voice
mail, whether as OpenTouch, which Veridicom will introduce in November at
the Comdex trade show, or as another company's competing product.

Far less certain is the social and political impact of the fingerprint
chip. It certainly can greatly enhance personal security. But depending on
how it is used, it could have a profound impact on privacy, for better or
worse.

The paranoid will no doubt see in this chip a conspiracy by the Government
or another Orwellian nightmare.

The real threat, though, is not from Big Brother but from a legion of what
a colleague refers to as "little brothers," business interests like
magazine publishers, banks and indemnity companies that want to track our
every move, profile our every passion, anticipate our every need either to
persuade us to part with our money or to assess us as risks for credit or
insurance.

Credible identification cuts two ways when it comes to security and
privacy. The same fingerprint reader that gives us secure access to our
home or car can be used to trace our movements through office buildings,
stores, schools and airports.

That can be good or bad depending on the circumstances and what we are up
to. I may not want anyone to know that I am in Room 1705 of the Acme
Professional Building visiting my lawyer or psychiatrist or heart
specialist or interviewing for a job -- unless the person tracking me is a
fire marshal clearing a burning building.

But if I lose my notebook computer on a flight to Seattle, I want to know
that no one will be able to rifle through my files, because the
manufacturer has frozen the code that reads the fingerprint chip so deeply
in my computer's electronics that no amount of tampering will allow another
person to boot it or to unscramble the data on my hard drive.

On the other hand, without safeguards, the same fingerprint-identified
passport that will be useless to a thief will allow governments around the
world to track my every move.

Perhaps the most ambiguous line between privacy threats and security will
be the use of Veridicom's technology on the Internet. In many ways, it will
be the ultimate "cookie," those files that Web sites place on our hard
drives to identify us, or at least our computers, when we point our
browsers in their direction.

In some ways, this is beneficial. If the fingerprint reader on my computer
serves as a certificate of identification when I buy something on line, the
seller does not know my credit card number or whether I am paying with
credit or cash. The seller may not even know my identity. Veridicom's chip
assures the seller that I am who I claim to be without revealing who I am.

Likewise, when used as an encryption key, the chip will guarantee that no
one can unscramble and read my e-mail or other documents.

But there is a darker side.

Companies are already using cookies to create personal profiles of Internet
users by aggregating every piece of information we surrender on Web sites.
The very kinds of sites we visit reveal a great deal about us to those who
want our money, and when we buy products or enter contests or register to
use a site, we reveal not only who we are but a great deal about how we
live.

At the same time, a study released this summer by the Federal Trade
Commission revealed that most businesses on the Web did not tell visitors
how the information they surrendered would be used. In a few cases, the
study found that companies sold information that they had promised users
would be kept confidential. The Clinton Administration insists that for
now, the infant electronic-commerce industries be allowed to police
themselves in matters of privacy.

That is frightening enough when our cookies give up information dropped on
our treks through cyberspace. When everything we do on line can be tied to
our credit and bank cards, driver's licenses and passports, the extra
security we have gained might well be outweighed by the privacy we have
lost.

Not surprisingly, Tom Rowley spends most of his time these days trumpeting
the potential benefits of his chip, but he does not deny its potential for
mischief. After all, he admits, at times even voice mail "is a real pain."

The social stakes this time around are a lot higher.

PERSONAL COMPUTING is published weekly, on Tuesdays.

Rob Fixmer at rob@nytimes.com welcomes your comments and suggestions.


Copyright 1998 The New York Times Company





--------------------------------NOTICE:------------------------------
ISPI Clips are news & opinion articles on privacy issues from
all points of view; they are clipped from local, national and international
newspapers, journals and magazines, etc. Inclusion as an ISPI Clip
does not necessarily reflect an endorsement of the content or opinion
by ISPI. In compliance with Title 17 U.S.C. section 107, this material is
distributed free without profit or payment for non-profit research
and educational purposes only.
---------------------------------------------------------------------------

ISPI Clips is a FREE e-mail service from the "Institute for the Study
of Privacy Issues" (ISPI). To receive "ISPI Clips" on a regular bases
(up to 3 - 8 clips per day) send the following message  "Please
enter [Your Name] into the ISPI Clips list: [Your e-mail address]" to:
ISPIClips@ama-gi.com  .

The Institute for the Study of Privacy Issues (ISPI) is a small
contributor-funded organization based in Victoria, British Columbia
(Canada). ISPI operates on a not-for-profit basis, accepts no
government funding and takes a global perspective.

ISPI's mandate is to conduct & promote interdisciplinary research
into electronic, personal and  financial privacy with a view toward
helping ordinary people understand the degree of privacy they have
with respect to government, industry and each other and to likewise
inform them about techniques to enhance their privacy.

But, none of this can be accomplished without your kind and
generous financial support. If you value in the ISPI Clips service or if
you are concerned about the erosion of your privacy in general, won't
you please help us continue this important work by becoming an "ISPI
Clips Supporter" or by taking out an institute Membership?

We gratefully accept all contributions:

  Less than $60    ISPI Clips Supporter
          $60 - $99    Primary ISPI Membership (1 year)
      $100 - $300    Senior ISPI Membership (2 years)
More than $300    Executive Council Membership (life)

Your ISPI "membership" contribution entitles you to receive "The ISPI
Privacy Reporter" (our bi-monthly 12 page hard-copy newsletter in
multi-contributor format) for the duration of your membership.

For a contribution form with postal instructions please send the following
message "ISPI Contribution Form" to ISPI4Privacy@ama-gi.com .

We maintain a strict privacy policy. Any information you divulge to ISPI
is kept in strict confidence. It will not be sold, lent or given away to
any third party.
















**********************************************
To subscribe or unsubscribe, email:
     majordomo@majordomo.pobox.com
with the message:
     (un)subscribe ignition-point email@address
**********************************************
www.telepath.com/believer
**********************************************