December 2003 - cypherpunks-legacy

The Near-Necessity of Health Insurance
by tcmay＠got.net 17 Dec '03

17 Dec '03

At 8:49 PM 9/17/96, Simon Spero wrote: >I wouldn't be so proud of the US health care system; the actual quality >of care is really pretty awful, even with insurance. Even though the >NAtional Health Service in the uK is woefully underfunded, I've always >had much better treatment than I have from HMOs here; even seeing a >specialist privately, at home, with no insurance, is cheaper than getting >an X-Ray looked at by someone who once met a radiologist a cocktail >party. ... >There are ideological reasons that argue for rejecting such >compulsory schemes based on that element of coercion; it's hard to >make the case against purely on efficiency grounds. Personally, I have not been a patient in a hospital in my entire adult life. Nor have I seen a doctor, except for a mandatory college physical in 1970 and an insurance company physical in 1977. I just haven't broken any bones, had any serious illnesses, or felt the need to visit a doctor, an emergency room, or a walk-in clinic of any sort. I suppose I've been lucky. Also, I dislike hospitals and avoid doctors unless there seems to be a compelling need. So far, there has not been. And, no, I don't have any health insurance of any kind. However, I am thinking about getting some. Not so much because I'm getting older, but because I fear a new phenomenon: hospital emergency rooms refusing admittance of patients unless they can present the proper patient-unit ID card (showing one is enrolled in Blue Shield, Blue Cross, Kaiser, or whatever). My dentist's receptionist/bill handler already seems flustered that I am paying my dental bills with a check, rather than giving her my insurer's account number. I also learned from a "60 Minutes" report, since confirmed elsewhere, that large hospitals routinely negotiate large discounts with large insurers, e.g., Blue Shield, so that while the "list price" of a typical day in a hospital may be an exorbitant $1800 a day ($30 for an aspirin, $75 for the lights-out bed check, etc...it all adds up!), Blue Shield has negotiated a fee of less than a third of that.... In other words, the person who insures himself (through savings and investments) and who offers to pay for treatment out of his own funds, may be at a serious disadvantage. He pays the inflated rates for services, and may face delays in being admitted to a hospital. (This space reserved for Duncan and others to explain how one can offer to pay in Krugerrands and to negotiate with the hospital on the spot. Meaning no disrespect to Duncan, but I doubt it is this easy. The mind-set of hospitals seems to be that anyone without a valid patient-unit card is obviously a derelict and indigent. And while all hospitals are required to accept derelicts and indigents in suitable emergencies--not a law I agree with--it is not desirable that one be treated as a derelict and undesirable. I hope I am conscious enough to give the admitting staff my financial health information.) Anyway, I'm thinking of finally bowing to the inevitable and starting to fork out $200-300 a month for health care I am unlikely to routinely use. (Obviously the folks who use their insurance routinely, as one of my engineers once used to do (he'd take his kids to the hospital every time they sneezed), are being subsidized by those of us who avoid hospitals at all costs.) I'm not arguing for national health care, just noting that we effectively are getting it, between the "Poor People" having subsidized care and the "Rest of Us" in employer-funded or private health care plans. Cash is already dead at most hospitals. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

2 1

PGP in the workplace
by Rick Osborne 17 Dec '03

17 Dec '03

Here's one I figure you all would just love: Yesterday afternoon, I was told by some higher-level associates of mine (not Management level, mind you, just people higher on the food chain) that my use of PGP in the coporate environment was not appreciated and could result in my being looked upon *very* unfavorably by the managerial crowd. Without even delving into security reasons, I politely explained to them that due to my job (which has several crypto-related applications) I needed PGP to communicate with people and list-bots in the outside world (or they could gladly pay for my formal training). The just shook their heads and said "be careful, you've been noticed". I was then told to stop 'messing around' in my shell account. I asked what was meant by this, and apparently it had been noticed that I had done a few things, which I had done to simply check the security of my account, which could be viewed as 'inappropriate'. You know what they were? 1. I checked to see if the passwd file was available to anyone (was it shadowed, etc.). This was seen as an attempt to GET the passwd file, and thereby have access to sensitive data. 2. I change my password regularly (once a week). Now this may seem excessive (it apparently did to them), but you must understand that the entire IS department is extremely buddy-buddy here. Over half of the users have root passwords on any given system. I don't feel like sharing, horrible me. I guess my regular chaning of passwords was seen as a strain on the system (ha!), as they didn't elaborate *why* I had been flagged for this. Upon explaining to them that I was simply trying to make sure of my own security, I was told that I was to just assume that I was secure, and that *any* 'poking around' was found to be "highly aggravating" and could only only "exascerbate the situation further." Luckily, I had to get to class, so I cut the conversation before it could get any more out of control. Now, seeing as I'm fairly new to the Corporate world, but is this something common? I know when I was at college, poking around was expected and encouraged, as it helped find and plug holes in the system. But this is almost like some kind of protection racket here! ____________________________________________________________ Rick Osborne osborne(a)gateway.grumman.com "Yes, evil comes in many forms, whether it be a man-eating cow or Joseph Stalin, but you can't let the package hide the pudding! Evil is just plain bad! You don't cotton to it. You gotta smack it in the nose with the rolled-up newspaper of goodness! Bad dog! Bad dog!" - The Tick

3 2

RE: Workers Paradise. /Political rant.
by tob＠world.std.com 17 Dec '03

17 Dec '03

jbugden(a)smtplink.alis.ca writes: > I don't think that a reasonable person would argue that medical > insurance should be outlawed because everyone should take care of their > own needs. A social safety net is simply a form of health and life > insurance. Statistical arbitrage if you will. By spreading the risk you > minimize the cost. Yes, some people will take advantage of the system. > But like a virus, a robust system should be able to withstand this form > of attack. It's too bad you received such fingers-in-the-ears libertarian-scream responses to this. You deserved a better answer than that. Not that I entirely agree. Let me quote part of something I once wrote on essentially this topic: "With *real* insurance it's tough enough to root out fraud. How can an unwritten, virtual policy, knowable only through deduction, addressing our entire circumstances of birth, that the insured may deny contracting to or may disagree about what the terms were, be easy to sort out?" Tom

1 0

cypherpunk listserve usefulness
by Chip Mefford 17 Dec '03

17 Dec '03

As much as it shames me, I have recently discovered that by filtering messages from only 2 participants and setting body filters on 3 keywords have remarkably improved the usefulness of this listserve. As much as I do enjoy some of the filtered subject matter, I really feel it is very off subject and makes this listserver useless for the intended task. I guess that makes me a censor and it has me reexamining some things.

6 5

[NEWS] Crypto-relevant wire clippings
by dlv＠bwalk.dm.com 17 Dec '03

17 Dec '03

Financial Times: Wednesday, September 4, 1996 IT: A Spider's Web for the Banking Sector Interview with Joseph De Feo By Paul Taylor The influence of network computing and other technologies extends into all aspects of the industry. Barclays' director of group operations and technology believes it will have a profound effect on traditional banking. 'It's going to change the whole way business is conducted,' he forecasts Joseph De Feo has built up a formidable reputation as an effective business leader and banking visionary since he joined Barclays Bank as director of group operations and technology nearly seven years ago. American-born Mr De Feo, who joined Barclays from merchant bankers Morgan Grenfell after spells with both Goldman Sachs, the Wall Street investment bank, and Chase Manhattan, the third-biggest US bank, is also widely regarded as one of the banking industry's most outspoken, and influential, IT users. He believes the main issue facing the banking industry is the impact of electronic delivery mechanisms and the changes which will be wrought by introducing electronic delivery to replace physical branch delivery in retail banking services. But although he believes changes in retail banking may be the most visible, he says the impact of the broader capability of networks and networking will be just as dramatic on the wholesale and investment banking business. "It is engendering a situation in which there will be a wholesale reconstruction of the value chains in the business model for the industry, where you could envision networks of specialist companies, each focused on a specific area - say research, analytics, trading, investment banking, distribution. . . "This sort of change has actually occurred in other industry sectors - the commodity end of the business is being concentrated into a smaller number of global producers, and the rest of the business is being fragmented among many thousands of very focused and specialised players." He believes that, faced with such challenges, banks will adopt different strategies. Some, such as JP Morgan in the US, will quit the "manufacturing" end of banking, and sub-contract out the processing. Others will specialise in transaction processing, in much the same way that National Westminster Bank is providing the back-office capability for supermarket chain Tesco's recently-launched loyalty card in Britain. Overall, he thinks the number of jobs in retail banking will fall as capital is substituted for labour. "I think the aggregate labour content in all aspects of the business will go down, but not at the same rate as it will in retail banking." In Britain, he warns, the adjustment will be disproportional, "because we hesitated on the capitalisation of the automation of the branch networks." Delaying automation of the traditional branch networks could also make it more difficult for the banks to respond to new and often lower-cost competitors, including retailers such as Marks and Spencer and Virgin which do not have the same infrastructure costs. In addition, he notes, it takes time to respond to new competition and new delivery channels. "You still have to support the branch network. The more inefficient that branch network is, the higher the burden of cost - so you are really stuck if you have huge costs." Unlike some of his colleagues, however, Mr De Feo does not believe that bank branch networks will disappear overnight. "When I first joined the group, lots of people were saying we need to cut the branch network in half in the long run. It was a real big issue - we were obsessed with the numbers of branches. I kept saying to them that you have to start on a more rational base and judge what is effective for the group to have as a physical branch distribution network." While he believes the bank's branch network is still costing a lot more, probably five or six times more, than it ought to, he argues that the decision on an individual outlet "could change very dramatically if the branch was much cheaper to keep open." "We have not closed nearly as many branches as people had originally thought we were going to, because the cost of us having an outlet open is much lower than many other banks," he says. Barclays has cut the cost of its branches "by reducing the labour content, by having more customer volume go though each branch, so that the effectiveness and efficiency of an outlet is improved." He notes that in the US, "if you count electronic branches, there are more branches opening - they are not closing branches. . . the individual cost of those locations is a fraction of what it is in this country." Even with the advent of electronic purses and smart cards, Mr De Feo believes there will still be a need for physical bank outlets. "We really need physical bits of paper in our hand to do business. . . so it is going to take a long time to get rid of the physical locations; probably 25-30 years." Ahead of that, he believes there could actually be an increase in bank outlets. "I would predict that you will see an increase in penetration in supermarkets of electronic branches, or [branches] where there is one person, in this country. "I think you will see more express branches like we have just put up in Tunbridge Wells, which will either be semi-manned or unmanned." He thinks these low cost "convenience branches" will be supplemented by telephone banking, or banking via a digital television or via personal computer. "We had better do it because we are going to struggle strategically to keep our branch identity, the way things are going," he says. "We have got strong branch identity in the industry, but that could be usurped very quickly, especially for the traditional products because we don't satisfy primary needs." Mr De Feo makes his point using a potential car buyer as an example. "If you need to borrow money for a car, it is not because you want to borrow money, it's because you want a car." If, as is beginning to happen, car manufacturers bundle in the financing, "why would you bother to go to a bank?" If the carmaker has a good credit rating, it can raise money cheaper than the banks - so it is sensible for the carmaker to arrange the finance because it can make an additional small profit on the loan. Like other large financial institutions, Barclays is a big IT spender. But does Mr De Feo think that the bank gets value for money? "I think that in Barclays we are now getting to the point where we are - and it shows in our results, and in the recognition we are getting, and the way in which the business attitude towards IT has changed. The level of suspicion that IT was sort of a thing that was on its own, and spending money because they wanted more toys, is dissipating. "If you look at the core businesses of the group, whether you are talking about BZW or the asset management business, we are now much more thoroughly integrated in terms of how technology is being used. We have still got a way to go because we are not on an appropriate strategic platform because the knowledge gap is still there and we need to understand better how these technologies are going to transform business. Sophisticated banking IT systems, such as those used in credit behaviour scoring, knowledge-based techniques and corporate lending assessment, are now commonplace. "IT has improved the quality of our lending, our decision-making, our communication with our customers, because it is clearly more objective. It is more explainable; it is not like I turned you down for a loan because I don't like the look of you." He believes the relationship between banks and the IT vendors has also changed. "It is a matter of choosing partners now," he says, "the functional differences are less significant in vendor selection than they used to be." Mr De Feo argues that one of the biggest challenges facing the financial services sector is ensuring that the wide variety of legacy systems work together. "That glue - how you get the network of these applications brought together - is extraordinarily important. Mr De Feo says that IT users need infrastructure standards which would allow different proprietary technologies to be brought together. "The Internet offers some of it but the Internet is weak in systems management and security. The most important aspect of the Internet is that it has given a glimmer of what is possible with network-based computing. "It is like a very weak light-bulb going on in an absolutely dark room, and what I worry about is that we will not be able to fulfil the promise because there are so many holes in the management and the security side of it. "We are OK now because it is being used as an information dissemination vehicle, and an e-mail vehicle, but when we start doing serious applications using that technology it's all going to bubble to the surface and we're going to see the same sort of problems with the Internet as enterprises are having in gluing together computer systems that were built on IBM or Digital Equipment technology." Eventually, Mr de Feo believes Microsoft will produce the "glue" to bind disparate systems together, but he cautions: "It is going to be very hard for Microsoft because it is going to push them into spaces they have never occupied before." Similarly, he believes that the real potential of network computing will only be realised if it enters the commercial sphere. He says: "That will only happen if the financial services element is solved. We have got to get all that sorted out, so all of this has got to be brought together at some point soon, otherwise things will go into a slowdown until they get resolved. "There are all sorts of initiatives to work on: the security, and work on the systems management, and so on. But the cohesiveness of those efforts is not apparent." Ultimately he believes network computing and other technologies will have a profound effect on traditional banking. "It's going to change the whole way business is conducted," he says. "The influences of all these technologies extends like a spider's web out into all aspects of the industry." Financial Times: Wednesday, September 4, 1996 Global Finance Sector Maintains Its IT Edge By Paul Taylor >From Internet banking and multimedia kiosks to electronic trading rooms and risk management systems, the future of the global financial services industry is inextricably linked to information technology. The financial services sector is already one of the biggest spenders on information technology -- spending made necessary not just to reduce costs, but also to maintain an edge in an increasingly competitive market where new entrants and new channels to market are eroding traditional boundaries. For example, in the insurance sector, Datamonitor, the market research firm, predicts that 95 per cent of the UK's largest insurance intermediaries will have direct operations by 1998. Datamonitor also believes that by 1998 some 70 per cent of insurance companies will have Internet sites. The intensification of competition within the financial services sector reflects the deregulation of the industry which has attracted new entrants. Other factors are globalisation and technology which have swept aside barriers to entry and lowered the cost of doing business. As a result, in order to thrive in the 1990s, financial service organisations are as much in the business of managing and manipulating information as managing and making money. "Our industry is information based - it is absolutely essential - and the relationship of technology management, technology usage and business management is one of the critical skills," says Joseph De Feo, director of group operations and technology at Barclays bank. "If people in financial services companies say they don't understand technology, or are afraid of technology, it is just like saying 'I am not qualified to do my job'," says Mr De Feo. The fate of many financial institutions, as they gear up to face this new competition, will depend on the successful deployment of data processing resources, telecommunications systems and software. "The financial services industry is faced with unprecedented challenges - increasing competition, a technology revolution, a highly unpredictable economic and political climate, consumerism and rapidly evolving legislation," said Andersen Consulting in a recent report*. John Reed, chairman of leading US commercial bank Citicorp, has expressed concern that banks and securities firms risk being reduced to "a line or two of application code on a network." Such concerns are understandable given the competitive pressures that banks and other financial institutions now face. "Financial services companies are trying to drive down or stabilise costs," says Ian Peackock, a consultant with Logica, the UK-based computer services group. "Another big area for them is systems integration." "When the banking history of this century is written, the decade from 1990 to 2000 will be seen as the defining moment," said Price Waterhouse in a recently published report on the challenge of virtual banking. "A new generation of non-bank competitors poised to harness new forms of technology could radically alter the structure of the traditional banking system as we know it. Today, opportunities are being exploited by software companies, consumer companies and even large and influential media owners. The threat to the traditional 'bricks and mortar' banking system is very real." In America, US telecoms group AT&T became the second-largest card issuer in the world with more than 15m accounts in just five years. Ford Motor, which now generates 20 per cent of its US revenues from financial services, now positions itself in the UK as "the branchless bank". Business Week magazine noted: "Banking is essential to a modern economy. Banks are not" -a view echoed by Bill Gates, chairman of Microsoft, who warned: "Banks are dinosaurs. Give me a piece of the transaction business and they are history." Meanwhile, the IT specialists at Deloitte & Touche argue that "Technology will change the retail banking industry fundamentally in the years to come." They believe that banks will lose their monopoly as centres for money transmission - in other words, the activity of transmitting money from one person or company to another will increasingly be carried out by a variety of competing providers. In addition, distribution channels for retail banking products will proliferate. "Whereas in the past the bank branch was the only channel for distributing most financial services products, in the future a number of different channels will continue to erode the branch's predominance," say Deloitte & Touche. Finally they argue that the fully integrated bank will fragment into specialist categories. Braxxon Technology, an IT management and systems consultancy, estimated recently that leading international banking institutions face a combined IT bill of $ 4bn to replace their existing global trading settlement systems for bonds and equities. After a survey of large banks, Braxxon concluded that the top 50 world investment banks would need a global investment of at least $ 80m each to replace existing settlement systems which have failed to keep pace with business and regulatory requirements. The survey also revealed that 30 per cent of banking systems are more than 10 years old - and three out of every five banks have already started replacing their systems. Financial institution spending on IT is also likely to be increased over the next few years in order to tackle issues such as the so-called millennium problem which affects older software, much of which is running on mainframe machines. Ultimately, as the worlds of information processing and financial services collide, most financial institutions realise that they have little choice but to increase their IT expenditure while ensuring that they use technology as efficiently as possible to deliver their customers fast, flexible and competitively priced services. *Financial Services in a Virtual World. Forbes ASAP: August 26, 1996 The Money Changers: Digital cash Innovators Sholem Rosen: Citibank V.P., Emerging Technologies SHOLOM ROSEN heads Citibank's emerging technologies group, which has devised a digital cash system. Rosen invented the technology, slated to be released in late 1998, that will make possible the electronic management of cash. The 55-year-old Rosen, a former math professor at Johns Hopkins University, talked with FORBES ASAP's Lee Patterson about Citibank's digital cash plan. ASAP: What has Citibank developed that's different from other electronic money technology? ROSEN: We've developed EMS, which stands for Electronic Monetary System. It allows you to transact personal or commercial business without the need of a third party. If you pay me $10 for a good or service, the money goes directly to me -- it doesn't go through a bank. EMS supports all currencies, so you could pay someone in yen, dollars or marks. In our system, the money circulates just like cash, except our "EMS note" carries a complete audit trail. If your e-money is lost or stolen, it can be redeemed. ASAP: Software companies are aggressively pursuing the electronic commerce and banking markets. How do you think Citibank's name will stand up to the likes of Microsoft or DigiCash? ROSEN: Citibank understands consumer marketing. Every card in my wallet has the Citibank brand name on it. You may not lie loyal to your bank yet, but the idea is to make you loyal by providing services that make your life a lot easier. If Microsoft or another software company wants to be a competitor, it's still going to have to sign up with banks to do business. Internet money is not going to be of any value if you can't turn it into real money you can use in the physical world. You have to go through the banking system to do that. ASAP: How did you feel a year ago when you heard the plans for a Microsoft/Intuit merger? ROSEN: Personally, I didn't think much of it at all. I believe banks are more concerned they'll be captive to what technology companies deliver to the consumer rather than having their businesses taken over. ASAP: But why will consumers come to Citibank for their technology needs when they can go to Microsoft or Intuit? ROSEN: Because Citibank has better technology. We give away our home banking software, and it's much more functional than anything you're going to pay to get from Intuit. Technology companies are definitely competition, but we have been approaching electronic money from an application standpoint and applying technology to it -- not the other way around. ASAP: Much of the focus of e-money technology centers on security. How secure is Citibank's system? ROSEN: Security has to be in the hardware, not the software. Our security is built into a proprietary chip we've developed. We're going to use cryptography that only national labs will be capable of breaking. I would let all the hackers in the world take their cracks at our system. ASAP: Will e-money replace the coin and papernote system we use today? ROSEN: We're not here to replace paper money. Our system will be valuable on the Net. Internet transactions are flaky now. We're trying to take the flakiness out of it. We want to give the user more of the feeling of trust and security experienced in the physical marketplace. ASAP: What's the federal government's role in electronic money? ROSEN: They're watching. They're letting people experiment. The official party line is "We're going to keep our hands off and our nose in." ASAP: Will digital cash make it easy to launder money or evade taxes offshore? ROSEN: It's true that with e-money, geography is gone. All the laws that have been created here and abroad have been based on geography. Two-thirds of our currency now is abroad. So what's the big deal if [e-money] moves abroad? With our system, the feds will have a lot more control over what's going on than they do with the present paper currency system. EMS notes will leave electronic audit trails, and their circulation can be blocked if the system detects that they've been tampered with or duplicated. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

1 0

[NEWS] Crypto-relevant wire clippings
by dlv＠bwalk.dm.com 17 Dec '03

17 Dec '03

American Banker: Tuesday, September 10, 1996 Two German Companies Tap U.S. Smart Card Market By VALERIE BLOCK Two German smart card manufacturers that have set their sights on the United States are finding the market big enough for two different strategic approaches. Gieseke & Devrient America Inc., subsidiary of a German currency printer, has become a major supplier of Visa Cash cards, firmly entrenching itself in the world of banking applications. Orga Card Systems Inc., whose German parent is owned by three corporations in that country, is going after the telecommunications industry here. In August, Orga secured a million-card minimum commitment from Omnipoint Corp. for the new digital mobile phone technology known as personal communication services. The deal, covering the New York area, could mean as many as three million cards over three years. Smart cards, with embedded computer chips, contain customer account information and would be used to activate the mobile phone. Orga inked a deal last fall with American Personal Communications, another provider of personal communications services, to supply smart cards for its Sprint Spectrum service in the Washington area. "We're big in telecommunications," said Holger Mackenthun, president of the U.S. Orga operation in Paoli, Pa. "That's where most of the (smart card) applications are." Benjamin Miller, chairman of CardTech/SecurTech, the Rockville, Md.- based conference organizer, called Orga a "major worldwide player" in global standard for mobile telecommunications, or GSM, the international version of the digital mobile phone network. Gieseke & Devrient, with a 150-year history of currency printing,"is tied culturally to the financial industry," said Joseph Schuler, senior vice president of Schlumberger, a leading French smart card company with operations here. Schlumberger and its home-country competitors, Gemplus and Bull Group, supply the lion's share of smart cards in the United States and around the world. Still, Mr. Schuler said the expansion of the U.S. market will create opportunities for all the manufacturers. In Supplying 800,000 cards to NationsBank for the Olympics Visa Cash pilot in Atlanta, Gieseke & Devrient established a firm alliance with Visa. It is vying to participate in the New York smart card test scheduled to begin early next year with Visa, MasterCard, Citicorp, and Chase Manhattan Corp. The German company also supplied card-dispensing machines to Wachovia Corp. for the Atlanta pilot and 5,000 Visa Cash cards for BankAmerica Corp.'s limited-edition Olympic series. R. Kirk Brafford, program manager, Gieseke & Devrient in Reston, Va., said since his hiring in 1994, he has laid groundwork, established relationships, and generally spread the word about the company. "Things started to kick in last fall with Visa Cash," he said. While profits have not yet materialized for U.S. operations, its German parent, Gieseke & Devrient GmbH posted $240 million in card revenues for 1995. Orga's German parent, Orga Kartensysteme GmbH, garnered $85 million in card revenues for 1995. Mr. Brafford said Gieseke & Devrient has been a global standard for mobile telecommunications pioneer in Germany and elsewhere. It competes for personal communication services applications as well as prepaid phone cards and other telecommunications applications, but it has been held back by a fastidious "quality orientation," said Mr. Miller. Over-the-air initialization for digital mobile communications had not been standardized, so Gieseke & Devrient didn't offer the feature that other companies, like Orga, promoted through proprietary means. Mr. Brafford said a standard was recently put in place, and the company will offer the feature soon. He also said the organization is working with several satellite communications companies to supply smart cards for their activation systems. Orga -- owned by Preussag, a giant German steel maker; Bundesdruckerei, a federal printing company comparable to the U.S. Mint; and Detecon, a consultancy owned by Deutsche Telekom, Deutsche Bank, and Dresdner Bank -- was formed 11 years ago as a smart card producer for global standard for mobile telecommunications and prepaid phone applications. It has been less aggressive in the financial services industry. Several industry sources said Preussag is dissatisfied with the company and wants to divest. Mr. Mackenthun said the steel maker may indeed sell its shares to the other two owners, to better concentrate on its core business. Orga also suffered a setback in its attempt to secure a card manufacturing base in the United States. It announced a joint venture last year with Kirk Plastic Co., which could have given Orga a U.S. presence similar to those of Gemplus or Schlumberger. That deal fell through, and last month Kirk Plastic, the second-largest bank card producer in the United States, was sold to Francois-Charles Oberthur, a French currency printer that co-owns a smart card operation with Bull Group. Kirk Hyde, president of Los Angeles-based Kirk Plastic, said Orga was stumbling in the banking arena, but other observers said financial differences split the companies. Though Orga supplied 20,000 reloadable, stored-value cards for MasterCard's Australian smart card pilot, the company is not bidding on the New York test. Mr. Mackenthun said that was because it cannot produce cards and personalize them here. Still, Mr. Mackenthun is optimistic that Orga will either purchase another plastics maker or set up personalizing facilities of its own in the near future. Gieseke & Devrient acquired Security Card Systems of Toronto earlier this year and has a plant in Mexico City. It expects to purchase a U.S. facility as well. Through its Toronto facility, it will manufacture cards for Mondex's Canadian issuers. InformationWeek: September 9, 1996 Wall Street Sharing Data To Get An Edge By Udayan Gupta If you listen to all the media stories about Wall Street and technology, you may come away convinced that preparing systems for the year 2000 is subsuming all other technology projects in the financial community. Nothing could be further from the truth. Sure, making the year 2000's two-zero datefields work is a nagging headache. But a bigger concern for Wall Street is how to keep pace with technology without tearing apart the whole organization. How does a company adopt the latest systems and software, train users, and still not miss a beat in its regular business? The choice for many financial services companies is to expand the use of and access to technology within the organization, focusing on connectivity and improved productivity. "We aren't slowing down on the introduction of technology. We simply are stepping up our technology training," says Howard Sorgen, CIO at Merrill Lynch & Co. in New York. Speed and data availability have been the key competitive elements for financial services companies. To gain an edge in these areas, companies have experimented with a wide array of technology. But such experimentation has takenplace with little internal coordination, leaving large financial institutions with disparate and confusing systems. Not surprisingly, financial services companies are consolidating their technology, says Jim Ogorchock, business development manager for financial services at EMC Co., a Hopkinton, Mass., data storage provider. Consolidation has meant finding ways to disseminate data and information across the enterprise and making data easier to use, he explains. There is greater emphasis on data warehousing, for example,and on finding ways to make data more accessible. ESI Securities Co., a New York broker that specializes in trading technology, is also looking for ways to make data more accessible to more people. "We have moved from being a linear information process to an integrated process," says Jeanne Murtaugh, ESI's vice chair. Instead of different people handling data at various points in the chain, one person can have access to all data at once, dramatically cutting the time it takes to act on the data. At many financial institutions, the focus is on expanding choice and connectivity, says Murtaugh. ESI has found that there is big demand for its trading products and services because they give users greater flexibility and are compatible with other systems. Not The Enemy Connectivity also is being sought through the Internet, says Matt de Ganon, president of K2 Systems, a New York Internet access designer. "Financial services companies are recognizing that the Net isn't an enemy competing to provide services. It's an additional conduit," de Ganon says. He adds that a growing number of financial services companies are willing to use the Internet to provide data to investors. The Internet is also seen as a transactional tool, one that allows data gathering and information dissemination at a more rapid and cost-efficient rate. Equifax Inc., for example, plans to make credit data available to its subscribers on the Net, providing easier access to the data at vastly reduced prices, says Dan McGlaughlin, president and chief technology officer of the Atlanta company. Equifax keeps credit information on nearly 200 million U.S. consumers. Acceptance of the Internet as an integral business tool is only part of the change at financial services companies. Many of them are abandoning proprietary software and hardware for more generic solutions, especially if those solutions provide the choices and connectivity that companies need. Technology users are searching for a common platform that can provide ready solutions and is easily scalable, says Jonathan Wolf, VP of marketing and sales for Track Data, a New York provider of market data systems. Increasingly, IT executives at financial services companies are looking at a Windows NT environment, Wolf says. Many of the companies that traditionally havehad Unix environments-such as First Boston and J.P. Morgan-are looking for greater connectivity. They are implementing off-the-shelf solutions instead of insisting on proprietary systems, Wolf adds. Nowhere is this desire for choice and connectivity more intense than at Merrill Lynch, the financial services company with the highest annual IT expenditure. This month, Merrill Lynch will launch Trusted Global Advisor, a technology platform for its financial consultants. The system consists of 25,000 IBM multimedia PCs using the Microsoft Windows NT operating system and linked by 1,200 servers. Using the NT platform "allows us to buy our applications rather than build," says CIO Sorgen. Merrill Lynch still uses Unix for industrial-type applications such as data-intensive analytical computation, but NT will become the norm for retail applications, he adds. By turning to off-the-shelf applications, Merrill Lynch hopes to cut the cost of technology consultants. In order to hasten the use of new technology, the company relied heavily on outside consultants. Indeed, almost 20% of the company's IT expenditures over the past five years went to pay for outside help, says Sorgen. Now Merrill Lynch is looking to widely available solutions and in-house training to sharply reduce its technology personnel cost. Keeping Control Not that the company wants to avoid everything proprietary. Merrill Lynch is following the lead of financial institutions such as Citibank in offering its retail customers an online service with a wide range of uses-from stock quotes and other financial information to direct orders to financial consultants. But instead of making the online service available on popular online networks, Merrill Lynch plans to maintain control over its customers' data. "You really don't want to allow sensitive data to pass across the Net without the development of some real security safeguards," says Sorgen. Just down the block from Merrill Lynch, American Express is taking a slightly different tack. It, too, is focusing on technology integration, but American Express wants to create a global platform that is both easy to use and scalable. American Express already has invested heavily in its ExpressNet and is focusing on developing a World Wide Web site for its small- business customers. In late July, it announced a joint venture with Microsoft to develop a travel service on the Internet (IW, Aug. 5, p. 35). Channel Change CIO Allan Loren says American Express is focused on two main goals:reengineering the company and helping to deliver new products. "We're changing distribution channels," says Loren, emphasizing the use of the Internet in helping distribute new products and expand the transactional capabilities of the company. Nearly half of IT expenditures at American Express is going toward reengineering and new product development, Loren estimates, and about 40% is being used to maintain its technology operations. The rest is being used to determine new directions for the company in a highly charged and competitive business environment. For other financial services companies, the technology challenge has been to find expanded use for data and consequently develop a broader range of products,says Equifax president McGlaughlin. Investment in technology at Equifax is related to moving away from mass-marketed, commodity information to more customized information solutions, he says. The company also is attempting to create more real-time data. Its data gatherers use notebook computers to record and transmit data, and the company plans a major investment in parallel processors to handle the bigger volume of data it hopes to soon generate. Three years ago, all of Equifax's data was stored in mainframes, available only to Equifax technical staff. Now, says McGlaughlin, with the mainframes replaced by servers and networked PCs, nearly two-thirds of the data is at customer terminals. "We're much closer to the leading edge now," he says. "New technology has allowed us to free up our resources and devote more of them to developing applications rather than storing data." Too often in the past, technology investment has meant large computers and proprietary software, resulting in systems that didn't allow enterprisewide use of technology. The front and back offices remained separate entities. Now, with the expanded availability of application software-ranging from enterprise resource planning to object-oriented databases-it has been possible to gradually merge the front and back offices and give users more data and more tools with which to use data. The result, industry executives say, isn't simply improved productivity but also sharply reduced costs to the entire enterprise. Reuters: Wednesday, September 11, 1996 Industry Groups Lobby for More Encryption Exports By Aaron Pressman A broad coalition of corporations went to Capitol Hill on Tuesday to lobby in favor of relaxed export restrictions on computer encoding technology. On Thursday, the Senate Commerce Committee will mark-up the Promotion of Commerce Online in the Digital Era Act of 1996 known as Pro-CODE, a bill that would abolish most export restrictions. Under a Cold War-era munitions statute, only weak encryption programs created in the United States can be sold abroad, although domestic use of encryption is not regulated. Companies in the high-tech industry argued they are losing business to foreign competitors who are not bound by U.S. export restrictions. And multinational companies in other industries said the the restrictions hamper their ability to conduct business overseas. "We are at a competitive disadvantage vis-a-vis our foreign competitors and that is an unacceptable situation," Gregory Garcia, director of international trade affairs for the American Electronics Association, said at a press briefing here. The Pro-Code bill, sponsored by Republican Senator Conrad Burns of Montana, Democratic Senator Pat Leahy of Vermont and others, has bipartisan support in the Commerce Committee. "We support the Burns bill because it does enable companies to utilize encryption technology securely which is vital if we're going to compete in a very tough global marketplace," Victor Parra, president of the Electronic Messaging Association, said. The association represents companies that rely on electronic communications, including Exxon Corp , Citicorp and Boeing, Parra said. Encryption programs use mathematical formulas to scramble information and render it unreadable without a password or software "key." Earlier this week, Senator James Exon, the Nebraska Democrat, came out against the current bill in a letter to Commerce Committee chairman Sen Larry Pressler. Exon will likely offer amendments at the mark-up, an aide to the senator said. The Clinton administration opposes the Pro-CODE bill, arguing that export of encryption technology would hamper law enforcement and intelligence gathering operatiobns. The House Judiciary Committee will hold a hearing on a similiar measure on September 25. Financial Times: Thursday, September 12, 1996 Japan on the Fast Track for the Electronic Purse By William Dawkins LONDON-- Japan yesterday belatedly joined the international race for a cashless society, when Nippon Telegraph and Telephone, the telecommunications giant, unveiled what it claims will be a secure yet confidential electronic purse that could be used by any bank account holder. The electronic money system, developed with the help of a think-tank attached to the Japanese central bank, aims to provide consumers with a "smart" card which would be used to buy goods and services in shops, vending machines or over the Internet and could be topped up by being plugged into a cash dispenser or telephone. In common with some other systems, the Japanese version would also give customers personal digital signatures, to stem fraud. Smart cards contain computer microchips - rather than the magnetic strip that has become the industry standard - which enable them to be used not only to carry out financial transactions but also to store data. The NTT card is similar to other electronic purses, such as the one being tested by Mondex, a UK-led global consortium of 17 banks, which has run a trial of its card in in Britain for more than a year. The market for electronic purses is being contested by global credit and charge card organisations Visa, MasterCard and Europay, which are all holding trials of their own cards. What NTT claims is unique about its plan is that it envisages the establishment of a digital central bank, which would issue electronic cash on the cards to customers in co-operation with the retail banks where they hold accounts. The aim, said Mr Hiroshi Yasuda, an NTT executive, is to enable participating banks to issue compatible electronic purses, thus avoiding the competition over technical standards which has dogged other systems. Mondex, for example, does not comply with technical standards for chip cards set by Europay, MasterCard and Visa. Some critics of Mondex say it will falter internationally because of this non-compliance. However, Mondex says standards are important only in that card-users and retailers do not want to have multiple point-of-sale terminals to accept the cards. Understandably, NTT wishes to retain technical mastery of the system, which is why it has applied for a Japanese patent for the computer software that would enable the digital central bank and private sector banks to operate together. Electronic purses operators across the world say that it will take at least a decade for consumers to make the switch in large numbers. The change is likely to take longer in Japan, where consumers and companies favour paper money. Most small and medium-sized companies still pay suppliers in paper, delivered in person. Banks refuse to set up standing orders. Cash is instead sent by post. Credit and charge cards are not widely accepted. The average citizen's wallet bulges with cash, not cards. The NTT proposal is the strongest of several rival and incompatible Japanese experiments, carried out by the Ministry of International Trade and Industry and the Ministry of Posts and Telecommunications. NTT will ask the ministries to adopt its system, to pave the way for a single standard cashless nation. William Dawkins --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

1 0

[NEWS] Crypto-relevant wire clippings
by dlv＠bwalk.dm.com 17 Dec '03

17 Dec '03

Los Angeles Times: Monday, August 26, 1996 Credit Sting Involves Hacker And Citibank Cardholders By JIM NEWTON, TIMES STAFF WRITER When U.S. Secret Service agents set a trap for a young computer operator who had expressed an interest in stealing credit information, they baited it well: with real credit card numbers from real customers. The young man, Ari Burton of Las Vegas, went for it, was arrested and was charged with possession of stolen credit information--charges to which he ultimately pleaded guilty. That ended the case against Burton, but the cardholders' information did not stay secret with the Secret Service. Detailed credit histories of 35 Citibank cardholders, none of whom gave their permission for their files to be accessed, ended up with the defendant, his lawyers and anyone else who got a copy of the case file. Included in it: names, addresses, home phone numbers, Social Security numbers, credit card numbers, available credit lines and outstanding balances--more than enough for anyone to run up huge tabs on unsuspecting customers. The cardholders were never warned that their information had been used in a sting, or that it had subsequently been shared with the defendant and others. In fact, a few of the cardholders only learned of the disclosure when the defendant's father wrote asking whether they had authorized the release of the information. Others found out just last week, three years after the information was first released, when contacted by The Times. Told of their unwitting involvement in a federal sting, many were furious. "I'm upset, I'm real upset," said Joe Becker of Costa Mesa. "I want to know how this happened." "I never authorized anything like that," said Sarah DiBoise, who lives in Atherton. "I am certainly bothered by it." And Sam Zadeh, who lives in New York, deplored what he called the "bank and law enforcement agency invading our privacy." The same revelations that left cardholders smoldering also raised troubling questions about the conduct of the government and of the bank that released private information to the Secret Service. Some of those questions ripple into delicate areas of criminal law--topics such as the right of defendants to evaluate evidence against them and the right of uninvolved citizens to maintain their privacy while federal agents try to corral bad guys. Why, lawyers, cardholders and others asked, would the Secret Service use real cardholder information for sting operations? And even if, for legal reasons, it feels compelled to use actual credit histories, why not seek permission from cardholders first? Finally there is this question: How many cardholders nationally are exposed to disclosure of their credit information through government operations? Authorities in some other parts of the country say they do not use real credit information, and Citibank stresses that the Burton case was an aberration. But investigators and prosecutors in Las Vegas said the techniques used to nab Ari Burton are employed in other instances. In fact, Secret Service agents in Las Vegas say the use of real credit information is forced upon them by federal law requiring authorities to demonstrate that a suspect actually possessed something illegal in order to win in court. "In something of this nature, the crime is the illegal obtaining of what is called the access device," said Jerry Wyatt, assistant special agent in charge of the Secret Service office in Las Vegas. "Unless the access device is a real number, it's just a number." Following that theory, some authorities argued that if the Secret Service had supplied Burton with fake credit card information, Burton could not have been found guilty of attempting to steal real credit card histories. But that reading of the law is hotly contested by experienced lawyers. Although it is a violation of federal law to have unauthorized possession of an access device--another name for a credit card number--it also is against the law to attempt to possess such a device, even if that attempt turns out not to be successful. Legal experts said agents could make up fictitious customers and generate false credit histories, then use that information in sting operations. Even without a handoff of real credit information, prosecutors still could charge the objects of the stings with attempting to steal credit card numbers, an approach that might slightly complicate criminal cases but that would protect cardholders. Wyatt said he was not familiar enough with the facts of the Burton case to know why that approach was not adopted. Nor could he say how many cases each year involve the knowing transfer of actual credit information from the government to criminal suspects--only that such cases are not unusual. At the U.S. attorney's office in Las Vegas, the chief of that office's criminal division agreed that other tactics might have minimized the risk to cardholders in the Burton case, but he said the Las Vegas office typically uses real credit card numbers of actual cardholders in luring suspects such as Burton. "We're sensitive to disclosing too much personal information," said John Ham of the U.S. attorney's office. "But whenever we charge credit card cases, we include names and numbers." As for its role, Citibank acknowledged releasing the files to the government but defended its actions by saying it meant no harm and by stressing that its customers' privacy is its highest priority. "We would never do anything to jeopardize our customers," said Maria Mendler, a spokeswoman for the bank, which has a reputation for vigorous protection of its cardholders' privacy. She acknowledged that real information was supplied in the Burton case, but she said the bank did not intend for that information ever to surface in a court file or otherwise become available to the defendant and others. In 1993, the bank also defended its actions in a letter to a lawyer by noting that while information had been released, it had not been done to hurt anyone. "We submit that the actions as alleged do not include the requisite element of an intention to do harm to those customers whose information was disclosed," an associate general counsel for Citibank wrote at the time. Those explanations hold little sway with Citibank customers, however, many of whom complained that if their personal credit histories were going to be used in a sting operation, they at least deserved to be notified so that they could apply for new card numbers once the operation was over. Instead, sensitive information about them and their credit has been kicking around a court file for more than three years--available to, among others, Burton, a man who has admitted that he tried to steal credit information. There is no evidence that Burton or anyone else used the card information gathered in that case to ring up bills, but that, too, is little comfort to the cardholders. "Financial information is private, and I have a right to privacy," said Becker, one of those whose credit information was used by the Secret Service. "I'm worried about how this information might be used now that it's out there." Experienced defense and civil rights lawyers, who are used to analyzing government conduct and subjecting it to harsh scrutiny, said they were taken aback by the actions of the Secret Service and Citibank in the Burton case. "I would think these people could sue for invasion of privacy," Century City defense lawyer Harland W. Braun said of the cardholders. Paul Hoffman, a Los Angeles civil rights lawyer, said he too was surprised by the use of private information in a sting. "It does seem amazing to me," he said. "These people have rights, too." Legal experts with both defense and prosecution backgrounds acknowledged that problems might have confronted the Secret Service had it tried to avoid offending customers by fabricating card numbers or inventing fake credit histories. But they said those problems probably could have been overcome, and added that in any event, they did not pose enough of an obstacle to justify accessing credit information without permission. "The answer to that is you get real people who are willing to have their credit cards used that way," said Hoffman. "If you're doing a sting in a house, it doesn't mean you go into a neighborhood and take a house. Why should this be different?" Complicating the issue still further is a decision by the prosecutor in the case. Once the Secret Service and Citibank had used real credit histories to bait the trap for the sting, the U.S. attorney in Las Vegas was presented with a case in which the evidence against the defendant involved personal information whose disclosure might harm innocent citizens. That type of situation can pose a difficult dilemma for a prosecutor: Federal rules require that prosecutors share evidence with their defense counterparts so that defendants know what they might face at trial, and failing to do so can allow suspects to go free. On the other hand, disclosing the information might put other people at risk. In general, careful prosecutors tend to err on the side of providing information to the defense even if it may create hazards for others. In the Burton case, however, some experts argue that the privacy rights of the cardholders should have outweighed the defendant's right to confront the specific identifying information; an edited list of cardholder information should have sufficed in a case such as this one, they said. The solution, according to those experts, would have been for prosecutors to ask the judge to impose a protective order that would have shielded the personal, private information from either the defense lawyer or from the defendant himself. But others maintain that Burton's lawyers were entitled to the information because it was evidence against Burton, and therefore evidence that his lawyers had a right to assess and consider in deciding their legal strategy. Ham, the chief of the Las Vegas office's criminal division, echoed that view, saying his office had no choice. "We have to provide documents that support the charges," he said. If prosecutors had not done so, he added, a judge undoubtedly would have forced them to. Ham said no protective order was sought to keep the information from being shared with people other than the defense lawyer. The prosecutor, said noted Los Angeles defense lawyer Donald Re, "probably had the obligation to provide the material in discovery." Re added, however, that a protective order might have been tailored to allow Burton's lawyers to review the material on the condition that they not share it with anyone else, including their client. Because there was no such order, Burton effectively received the same information in discovery that he had sought illegally. Within a month of being arrested, the same government that was charging him with a crime provided him with the list of cardholders and their personal information. "They handed it right back to me," Burton said in an interview. At the same time, Re and others stressed that the prosecutor's decision was a close call and difficult to second-guess. Far more troubling, they said, were the actions that led to it: the bank's disclosure of the material and the Secret Service's decision to hand it over to a suspect. And given the statements by investigators and prosecutors that the techniques used in the Burton case are widely practiced in other investigations, many experts warned that ill-advised government practices may be putting cardholders across the country at risk. "There are a lot of situations where they create a scenario like this where you want to show actual possession, not just an attempt," said Re. "But in those situations, you get consent from somebody. You have a security officer who sets up an account, and you use that account number in the sting. Then there's no harm, no foul. "But you don't give out real information," Re added. "That's just crazy." USA Today: Wednesday, August 28, 1996 Citibank Tightens Rules on Disclosure to Law Enforcement By Jeff Mangum Stung by a sting that nabbed a Las Vegas man for possession of stolen credit information, Citibank says it has changed how it works with law enforcement agencies. Citibank agreed in 1993 to give the U.S. Secret Service credit card information on 35 customers, without their knowledge, to help catch a man who eventually pleaded guilty. Customers' names, addresses, home phone numbers, Social Security numbers, credit card numbers, available credit lines and outstanding balances ``ended up with the defendant, his lawyers and anyone else who got a copy of the case file,'' the Los Angeles Times reported Monday. ``Citibank trusted that the criminal justice system would keep this information safe and confidential,'' the bank said Tuesday. ``As it turned out, that was a mistake.'' Citibank says a relative of the defendant subsequently contacted the affected customers, asking them to join a class-action lawsuit against the bank. That, spokesman Mark Rodgers says, prompted Citibank to contact the customers and change its policy in 1993. ``Were we to consent to a similar operation (now), for example, we would only do so with the express consent of that customer,'' Citibank said Tuesday. Federal law generally prohibits disclosure of financial records. But there are exceptions. ``The general rule of thumb is there has to be a subpoena or a person's consent,'' says Mitch Montagna, a spokesman for AT&T;Universal Card. The American Bankers Association says ``99.9% of the time, customer information is safe and secure.'' Denver Post: Tuesday, September 10, 1996 Editorial U.S. Invades Privacy in Nevada Credit-Card Sting Americans who say they worry about invasions of their privacy have a new reason to fret: In a recent case, the federal government and a major bank willingly gave a suspected crook the credit card numbers and personal histories of citizens -- without their permission or knowledge. The breach of privacy in this Las Vegas, Nev., case was egregious and outrageous. The Clinton administration should reprimand the agents involved, and Congress should amend the laws so that such an affront to citizens' rights never reoccurs. In the case, U.S. Secret Service agents wanted to snare a computer operator who had expressed interest in illegally obtaining credit-card information. They asked Citibank for the names, addresses, Social Security numbers and other credit information on some of the bank's card holders. Citibank complied with the request - but never got the card holders' permission to divulge such personal information, according to a story in the Los Angeles Times. In other words, law enforcement agents handed a suspected credit swindler the very information he would need to carry out a crime. The suspect ultimately pleaded guilty to some of the charges. Many of the card holders heard that their personal records were used to bait a credit-card sting only when the defendant's father contacted them. Others learned about the episode through a newspaper reporter who was covering the case. In theory, there are laws to protect consumers from people prying into their credit histories without their permission. Obviously, these statutes aren't nearly strong enough. American Banker: Monday, September 16, 1996 FUTUREBANKING Mondex, Moving Fast, Sees Long Trek To a Worldwide Cash Alternative By JEFFREY KUTLER Exactly a year passed between the start of the Mondex trial in the southwest England town of Swindon and the creation of Mondex International, the banking consortium that hopes to use the smart card system as the basis for a global alternative to cash. That was fast according to the calendar. It was also an eternity. During those 12 months, National Westminster Bank, the new payment technology's inventor and champion, rode a roller coaster between self- congratulation and a skeptical press, between the celebration of an unprecedented accomplishment and a storm of criticism from within its own industry. Even with the formation July 18 of Mondex International, enthusiastic backing from banking powers as diverse as Wells Fargo Bank and Hongkong & Shanghai Banking Corp., and the current cloning of Swindon in the Canadian city of Guelph -- it relates locationally to Toronto as Swindon does to London - the Mondex eternity continues. The emotional pendulum still swings at Natwest Group headquarters in London. And emanating from Natwest and from within the Mondex project is a mix of messages that underscores how truly groundbreaking is their attempt. Win or lose, whether or not they are understood or praised by their peers, the founders of the Mondex project have risen above the almost weekly cycles of technological change and quarterly pressures on earnings with a longer-term perspective antithetical to the traditional ways of bankers and the banking industry. "Natwest recognizes that Man does not live by short-term profits alone," group chief financial officer Richard K. Goeltz said in a recent interview with American Banker. "There are things we have to bequeath to our successors." Mr. Goeltz -- who moved to New York this month as chief financial officer of American Express Co. -- and others close to Mondex want the world to recognize how far they have come in a year. But the Mondex promoters are quick to point out that it is actually Year 6 since Natwest began to fund them. Today they look at a 10- or 15-year horizon. (Natwest will recover most if not all its development cost by issuing about $150 million of stock in Mondex International. The bank expects to collect further royalties as the system rolls out. Partner bankers do not begrudge Natwest its return for risk taking.) One gets the sense that Natwest's leaders were so well primed for the long haul that it would take more than a few technical glitches and negative newspaper stories to get their goat. Mr. Goeltz dismissed the sniping from more tradition-bound competitors as "slings and arrows" that never hit their mark. Mr. Goeltz and other insiders knew, long before the Mondex International membership roster became public, that the concept was attracting interest. "Broad-scale cooperation" was a prerequisite, written into Natwest's business plan, and 16 other "global founders" who came forward July 18 found the case compelling enough to want to join in the marathon. "This is a process of change management - it's not like flicking a switch," said Roy S. Pratt, deputy chief general manager of Mondex UK Ltd., the British franchise co-owned by Natwest and Midland Bank Ltd. "Our job is not to say, 'This is how it will be.' It is about trends and responsiveness. To say anything is cast in stone at this point would be presumptuous." Mr. Pratt, 49, spent 31 years at Midland Bank before being "seconded" to Mondex UK in 1994. His banking jobs were in treasury, asset/liability, and portfolio management. He said his nontechnological background enabled him to see the complexity of the phenomenon, to confront necessary questions about the known and unknown quantities of a reinvented payment system. "People always want to ask about take-up (acceptance) rates, how fast this will happen, but I am reluctant to make blanket statements," Mr. Pratt said. "Mondex will mean different things to different people. It will not be the same at Exeter University (where it is being introduced this fall) as it is in Swindon. "There is not one proposition or growth rate. What is a critical mass for one segment will be different in another. A carpark will not be the same as a bus. You might call each a micro-Mondex economy. "This is a change process that will be based on value exchange on a just-in-time basis," Mr. Pratt continued. "It is not a product like a loan or deposit package, or even a payment mechanism. It is not mono-dimensional. "And it's not just an issue for bankers. We respect the integrity of the payments process, but we also have a responsibility to society." Such words are hardly bankerly. To be sure, Mondex has rigorous underpinnings. The bankers' thought processes are logical. The strategic plans passed muster with "some of the most sophisticated, hard-nosed bankers in the world," Mr. Goeltz said. "Mondex does have tremendous social implications, not least in terms of what it can do for welfare payments and pensions," Mr. Goeltz said before his recent departure for American Express. By automating cash "it reduces friction in the economy. "But the implications for society were not the motivation for Mondex. It was to serve customers better and generate a return for shareholders. "What's interesting about Mondex was not the technology," Mr. Goeltz went on. "The technology was a facilitator. This is one of the few products I've seen in which all three participants in the value chain -- banks, retailers, and customers -- benefit." The enthusiasm carries over to outsiders - even some who have been lumped among the critics - to a point. "The richness, the robustness of the technology, is fantastic," said H. Eugene Lockhart, president and chief executive officer of MasterCard International. (MasterCard held negotiations with Natwest to buy into or participate in Mondex, but at the same time its European affiliate, Europay International, was developing the competitive Clip electronic purse system.) For more than two years, Mr. Lockhart has insisted on seeing smart cards' "business case," and even as MasterCard launches experiments around the world he is still not completely satisfied. "Let's assume there is a business case," he said. "The opportunity is that we have this new technology platform that can do a lot of things, stored value being only the first manifestation. "But there is a big problem: How on earth do you grow that system in millions of other cases just like Swindon?" Swindon, for now, is "the case." Mondex UK's overly optimistic projection of 40,000 cardholders in the city of 190,000 people set off the bad press. In reality, the 10,000 that signed up within 12 months weren't bad news at all. That's almost 25% of the combined Natwest-Midland customer base in the area. Mondex said its surveys showed 66% of the cardholders said they preferred Mondex to cash. Average card loads were the equivalent of $35 to $45, and the majority of transactions were under $7.50. Perhaps more to the point, it is hard to find a storefront, public phone, or any type of payment device in the commercial center of Swindon that does not accept Mondex. The banks signed 600 merchants, double the number accepting MasterCard and Visa, which stands to reason for a cash replacement. "You can actually go cashless," said Mark Gordon, Mondex International's head of marketing. "It's not a big deal when you present Mondex at the tills." While Mondex has been selective in its data disclosures -- no one denies that its transactions are a small percentage of the Swindon total -- Mr. Gordon and his team have been more than hospitable in letting the world come view Mondex. Banker delegations are commonplace, often gathering at the "Mondex Store" in the town center before setting out to observe and test merchant acceptance. Hardly a day goes by without the visit of a television crew. Many come from Asia, where Mr. Gordon believes "Mondex will really fly." (A Hong Kong pilot is set for late this year, and smart cards of various kinds are already prevalent in Singapore, Taiwan, and elsewhere in the region.) "They see this as a city of the future," he said, "like something out of 'Blade Runner.'" The Mondex staff tries to keep the visits unobtrusive, but some of the merchants were willing to pay the price of unanticipated stardom. "Our town center store is small," said Bob Upshall, manager of the Sainsbury supermarket, part of one of Britain's biggest chains. "Having Mondex raised our profile and provided a morale boost." At the corporate level, Sainsbury was eager to participate in Mondex because "it didn't want to be left behind." So the smaller, convenience-oriented Swindon outlet, which otherwise might have relied for years on older computers and point of sale equipment, got an upgrade on a par with many "superstores," and Mr. Upshall said, "My staff loved it. A positive staff is a plus for customer take-up." Sainsbury, a Midland Bank customer, invested 45 minutes per cashier in Mondex training and found the system was so easy to grasp that it didn't have to deploy, as anticipated, demonstrators in the checkout lanes. Mondex volumes were running at less than 0.5% of sales at the three Swindon stores -- slightly lower in the town center location than at the larger branches on the outskirts of town. Mr. Upshall said an incentive offer in May and June of a five-pound voucher (about $7.50) for every 50- pound ($75) shopping trip brought in transactions well above the average ticket of five pounds in-town and 30 pounds ($45) elsewhere. "Whether smart cards will be in Mondex or other forms, they are here to stay," Mr. Upshall said. He gauged customer reaction as "very positive," though mainly among early adopters. He himself likes Mondex as a consumer -- "I use it in the canteen all the time" -- and as a merchant, because it streamlines the cash-handling tasks that require two to three full-time positions in the supermarket's back office. Nearby in McElroy's, a local department store, Vince Ayris accepts and encourages Mondex payments at his shoe repair and key-making stand. Mr. Ayris has been in the business 17 years, is a well-known man about town, and so strongly believes in Mondex that he essentially sold it to the local rugby club, where "we use it quite a lot. I find I'm more careful about spending money (with Mondex) than with cash, and it's easier than small change." Mr. Ayris admitted to being "a bit skeptical at first," but he has become so strong a booster that Mr. Gordon felt he had to deny that Mr. Ayris is in Mondex's employ. "I don't give money away to a bank like I do with a MasterCard or Visa discount," the merchant said. "There is no problem with fraud or counterfeit. "I have more over-ring errors on the till than on Mondex terminals. Every transaction is documented so disputes are more easily resolved" than with cash. And because the Mondex terminal is smaller than a cash register, "I have more room for selling product." Mondex is also proving itself at a multiplex movie complex, part of the MGM chain that Virgin Enterprises recently acquired. John Keil, the manager, said he "needed no convincing" to accept Mondex at every point of sale. "We saw the benefit immediately. Any way at all to take cash out of the system, the better. "The bigger the business, the more problem cash is," Mr. Keil went on. "Any major company sees the benefits in the technology." Like the supermarket, the MGM outlet easily won staff support. "Most of them are into gadgetry," Mr. Keil said. It also encouraged sales by cutting Mondex users' ticket price to about $4.90 from $6.80. The transactions are still a small portion of the 30% of in-person box-office sales done on plastic cards. (Another 30% are advance sales by phone; Mondex has not yet been accepted that way.) Mr. Keil said he is looking forward to having "one box" that can accept all cards. Even so, he said Mondex was "very flexible, requiring no change whatsoever to our system. It was slotted right in ... They made their system fit ours." "I think the system will take off eventually," Mr. Keil said. His only regret is that because he doesn't live in Swindon, he can't use Mondex more than he does. It is as if Mondex has succeeded at recruiting its merchants as change agents. Time will tell if they are still on board when Mondex begins costing them something. "The chip brings a fundamental change," said Mr. Pratt of Mondex UK. "You feel as if you are shaping the future. "When the market begins using it to create its own needs and to solve its own problems, that's when the real thrill will come -- and a surge in usage." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

1 0

A daily warning regarding Timothy C. May
by nobody＠replay.com 17 Dec '03

17 Dec '03

Timothy C. May is a lying sack of shit.

4 3

[NEWS] Crypto-relevant wire clippings
by dlv＠bwalk.dm.com 17 Dec '03

17 Dec '03

AP Online: Sunday, September 15, 1996 Card Raises Privacy Issues By PATRICIA LAMIELL Big Brother is not watching. Or is he? Fears resembling those of the omniscient machine that spies on people in their homes in George Orwell's novel, ''1984,'' have found their way into a new technology entering the marketplace -- smart cards. These credit cards embedded with computer chips can store information from shoe size to credit history. But critics claim these cards will be used to compile dossiers on the people who use them. And now it's up to the Smart Card Forum, a family of companies driving development of smart card technology, to convince the public that Big Brother isn't watching, for smart cards are protected and confidential. ''There's a huge amount of misunderstanding, and that creates a huge amount of fear, about whether these products are going to decrease people's privacy or otherwise leave them unprotected,'' said John Burke, the forum's attorney and a partner at the law firm of Foley, Hoag & Eliot in Washington, D.C. Starting Monday in San Francisco, members of the Smart Card Forum will meet to discuss the latest technology and marketing programs necessary to put a smart card in every household. In many ways, smart cards resemble credit and debit cards that the market has grown accustomed to using. With a simple swipe, they too can substitute cash when buying everything from subway tokens to clothing and the purchase price is electronically deducted from the card using a special machine. But the smart card takes the technology further, embedding a computer chip into the card. that gives it much more memory and enables it to do simple math and process information, like keeping a bank balance or tracking frequent flier miles. The huge potential scope of the smart card has prompted some concerns about the privacy rights of users. By tracking small purchases, telephone and transportation records, they can document a person's everyday movements. That information could be useful to everyone from employers and family members to law enforcement officials and banks. Marketers might be very interested in records of purchases made with smart cards. But privacy experts question whether third parties should gain access to see such information. The American Civil Liberties Union of New Jersey is fighting a state proposal to encode fingerprints on smart card drivers licenses on the premise that it would treat as criminals people who are not suspected of a crime. ''We also oppose the requirement that other data be included'' on New Jersey drivers licenses, said David Rocah, an ACLU staff attorney in Newark, ''unless precautions are made to insure that third parties will not have access to that data.'' Others, however, counter the questions of privacy, claiming that owners can control what information goes onto them and with whom it is shared. They also point out that the information is electronically scrambled, or ''encrypted, '' making it very difficult to steal. The Smart Card Forum is working to create privacy guidelines that can keep pace with the fast-developing industry. Federal regulators, such as the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corp., are all considering whether and how to regulate smart cards. Smart cards are a huge business for companies like Texas Instruments Inc. and Motorola Inc., which make the chip. They could also be a boon for banks and other financial institutions that issue the cards for a fee, and for payments-systems networks like Visa and MasterCard, which earn a percentage of each transaction. ''This is a huge, huge market,'' said Peter Hill, executive vice president for technology at Visa International, one of the 225 corporate members of the forum. ''Cash transactions world-wide total about $8 trillion a year, of which 80 percent are for $10 or less.'' A number of big banks have run pilot programs to test consumers' acceptance of the cards. Some have teamed up with Visa and MasterCard to do market tests in Swindon, England, Canberra, Australia, and at the 1996 Summer Olympic Games in Atlanta. A test is planned by MasterCard, Visa, Chase Manhattan Corp. and Citicorp, in New York's Upper West Side later this year. So far the pilot projects, which have put about 50,000 smart cards in circulation worldwide, have had mixed results. Many worry consumers will not incorporate the cards into purchases they now make with cash, and that has left merchants wary about the cards also. To move beyond the arena of small purchases, members of the Smart Card Forum are developing technology to allow people to use home computers to pay for Internet purchases with these cards, and to download cash onto a smart card. Personal-computer makers have begun including chip readers in PCs for these purposes. Also in development are scores of non-financial applications, such as keeping drivers license and medical information, transferring government welfare or medical benefits, and making airline and hotel reservations. To Diane Wetherington, MasterCard's senior vice president for smart cards, the Forum's biggest task is not the social and legal issues surrounding the smart card, but getting consumers to use it for any and all financial transactions down to the 10-year-old's weekly allowance and merchants to accept it. ''The technology works, the product works,'' she said. ''Now it is up to the marketing associations and companies to really try to create global products from these.'' American Banker: Monday, September 16, 1996 FUTUREBANKING SET a Big Win for the Card Associations By JEFFREY KUTLER Whether for superstitious reasons or just to avoid the inevitable groans, experts in data security were long reluctant to use a certain, pertinent pun. But now it can be officially uttered: SET is set. Secure Electronic Transactions, the Internet payment protocol hashed out by MasterCard, Visa, and a sometimes unruly bunch of technology providers, went up on the card associations' Web sites in June in what was labeled as its final form. In other words, the standard was ready for prime time. Software developers could begin incorporating it in systems being designed for electronic transactions. And thus began something of a race to make SET-- secured card payments a reality, at least in a test mode, by yearend. The principals were too busy and running too fast to celebrate their hard-won accomplishment. There was far more work to be done, and in their haste to get to it they may never have adequately explained the document's true significance. The SET advocates met their objective. Getting past their internal divisions, they wrote specifications for on-line credit card transactions and were unanimous in their endorsement. Relying on data encryption and digital certification of buyers, sellers, and bank processors, they erected several barriers to electronic thievery. They did not make the Net safe for all commercial and monetary activity. Nor did they silence a number of critics who still raise warning-flags about the Internet's inherent vulnerabilities, even those addressed by SET. The development of the protocol was well-chronicled. Probably too well from the standpoint of MasterCard and Visa, which had hoped that their mid- 1995 move to cooperate -- on the assumption that payment security should not be a competitive venue -- would lead to a rapid conclusion of amicable, low-profile deliberations. The diplomatic initiative derailed in the fall of 1995 when Microsoft Corp., sitting on Visa's side of the table, failed to reconcile with the opposing camp that included two of Microsoft's market adversaries, International Business Machines Corp. and Netscape Communications Corp. After a couple of months of fence-mending, the negotiations were declared back on track Feb. 1. Within a month the working draft of SET was completed, supposedly drawing the best features from the initially separate MasterCard and Microsoft-Visa proposals. As the June deadline approached, most of the organizations directly involved in SET -- they included GTE Corp., Science Applications International Corp. (SAIC), and companies associated with the data encryption leader RSA Data Security Inc. -- announced they would provide products and services implementing the protocol. Verifone Inc. hit the ground running June 18 with a comprehensive electronic commerce package that it said would be the "first implementation" of SET, supported by numerous strategic allies from the SET circle and beyond. Said Verifone's Internet commerce division chief Roger B. Bertman, "This will help the industry benefit more quickly from increased Internet transaction volumes and allow us all to begin learning by doing." Verifone had reportedly pressed to join the SET team, only to run up against the members' desire to stay small. But Verifone was very plugged in, and Mr. Bertman's "learning by doing" could have been their motto. By implication, publication of SET was just one more beginning. At the heart of SET is data encryption technology, specifically that provided and championed by RSA of Redwood City, Calif. In the encryption field, science meets commerce. The plodding of the scientific method tempers businesses' drive to get products to the market. Further complicating any venture into encryption -- the mathematical technique for scrambling messages to prevent unauthorized reading -- is the overhang of public policy. RSA and its progeny have chafed at federally imposed limits on cryptographic systems, particularly on the length of the code-defining keys they can export. While most financial activities are not hindered by the government's concern about "strong encryption," any banking or payment-related activity is surely to be scrutinized by that industry's regulatory establishment. It is only 20 years since the advent of public key cryptography. Improvements have been continuous, at least theoretically enabling the guardians of secure data to stay a step ahead of criminal pursuers. That SET could come together in a few months of concentrated effort is testimony to the strength and durability of the concept. As in academic tradition, what is tested and proven wins out. MasterCard's and Visa's pre-SET attempts, Secure Electronic Payment Protocol and Secure Transaction Technology, "didn't incorporate enough of preexisting security standards," said Allan M. Schiffman, chief technology officer of Terisa Systems Inc., a Los Altos, Calif., company formed in 1995 by RSA and several other investors to develop secure systems for Internet commerce. "In dealing with crypto, it's nice for stuff to be out and analysts to take a shot at it," said Mr. Schiffman, whose company was intimately involved in SET and said back in April that it would build the protocol into its client and server toolkits. "Older standards that aren't broken are what crypto-developers want." SET's reliance on the proven didn't stop the sniping. Lee H. Stein, chairman of First Virtual Holdings Inc. in San Diego, designed his Internet commerce system such that payment data flow via a private communications channel rather than the World Wide Web. First Virtual is not yet ready to bank on encryption. SET may be a step in the right direction, but it didn't sway Mr. Stein. "Sensitive financial information is never to be on the Internet," Mr. Stein said at the Cyberpayments '96 conference in Dallas in June. "Has anyone here yet seen a hierarchical, encryption-based certification authority working at the consumer level?" Jerome Svigals, a California-based consultant and long-time advocate of smart cards, criticized the lack of portability of the customer certificates required for an SET transaction. Designed to be embedded in a personal computer, the certificates, or digital signatures, might better comport with the credit card transaction model by being stored on smart cards. Aharon Friedman, chairman and chief product developer of Digital Secured Networks Technology Inc. in Englewood Cliffs, N.J., has expressed concern about the software-only nature of SET. He said it requires a hardware component to be fully secure. Mr. Friedman, a one-time SAIC research physicist who founded his network security company last year, also said too much of an SET message is in clear text or subjected to "hash functions" that do not provide the high security levels of encryption. "Unlike hardware, software can be bypassed using a computer," Mr. Friedman said. He has suggested that a hardware-based approach be incorporated into SET at "a more elementary level" so that all the text can be encrypted. "He put it aggressively," Mr. Schiffman said of Mr. Friedman. "What he says is not wrong, but it was not unaccounted for" in SET revisions. Other SET defenders have pointed out that the three aforementioned critics have vested interests in, respectively, off-Internet payments, smart cards, and hardware. Mr. Friedman said he is a few months away from a hardware-software solution that would be economical for PCs and even laptop computers, but he was not ready to talk about specific pricing. More fundamentally, the SET group had to grapple with classic questions of appropriateness. The security measures had to fit the potential crimes, at a reasonable cost. As new electronic payment media develop, "people are going to realize that they can't guarantee 100% security," Geoffrey Baehr, a top network technology official at Sun Microsystems Inc., said at a banking conference earlier this year. "Instead, they will aim their development work at 100% acceptance of risk, and assume there is always some amount of fraud. "It happens, and there isn't much you can do about it other than best efforts." Focusing on the framework for card payments, the SET group put its best efforts toward standards for transaction software and the ever-critical authentication of cardholders, merchants, and banks, based on the digital certificates issued and maintained by "trusted parties." A big selling point is that merchants don't see buyers' credit card numbers; the system transparently validates them. RSA Data Security has a central, commercial interest in how SET develops and has taken on an associated, almost public-service responsibility for coordination. "SET is definitely the way to go to secure bank card transactions," said Kurt Stammberger, RSA's director of technology marketing. "We believe it will be huge. Otherwise we wouldn't have built a toolkit around it." Indeed, the "RSA Encryption Engine" brand will be on Verifone's software products -- vGate, vPOS, and vWallet -- the first of what should be many SET-related licenses. Because there will be a proliferation of on-line products, especially the virtual wallets at the consumer level, Mr. Stammberger said "RSA's role will be to make sure all the wallet implementations talk to all the merchant implementations and the banks." "Building cryptography is not trivial, but getting all the right people talking to each other can be even more of a challenge," Mr. Stammberger said. Meanwhile, Verisign Inc., spun off by RSA 17 months ago, is going after the certification piece of the business. In July it announced it was chosen by Visa International to provide Internet authentication through the member banks. Building a global infrastructure for the encryption-based certification product it calls Digital ID, Verisign views the Visa deal as a big mass-market opening for digital signatures. "The financial services industry is leading the charge in bringing Internet commerce to the consumer," said Verisign president and chief executive officer Stratton Sclavos, who has also signed breakthrough licensing pacts with Microsoft and Netscape. He expects market availability of his "high-volume, scalable-to-the-millions" product "as soon as SET is ready," by early next year. MasterCard designated the CyberTrust unit of GTE Corp., one of its partners in the SET project, as its private-label certificate provider. The announcement, within days of Visa-Verisign in late July, prompted some one- upmanship. MasterCard senior vice president Steve Mott predicted GTE would be "bigger, better, and faster" in the market. Visa U.S.A. president Carl Pascarella wanted to underscore that the Verisign-GTE face off means healthy competition, not a return to the earlier SET dissension. He said the card associations rejected the idea of a single certification authority because it could have been monopolistic. And while Visa members can now choose Verisign, and MasterCard members GTE, they could also be their own "CA" or pick from other suppliers. "Visa and MasterCard agreed to pursue different certification options," he said. "The technology will be more robust, and it will minimize the impact on issuers and acquirers. "Things are changing so fast, we don't want to be in the position of driving stakes into the ground. Our concern right now is to protect the banks, and SET does that." The Miami Herald: Monday, September 16, 1996 Firm Hopes Facial "Signature" to be Foolproof Don't look for twenty-something computer nerds at Identification Technologies International in Coral Gables. ITI, a high-tech firm founded in 1993, is run by David Bendel Hertz, an energetic septuagenarian. Hertz has held executive engineering positions at RCA and Celanese, has been a partner at the consulting firm McKinsey & Co. in New York and has taught business and law at the University of Miami. His latest venture focuses on a facial recognition system, with applications from building access to internet banking. "We are a start-up business, a research and development company," says Hertz, 77. "And now we're becoming an operative company." Hertz saw an opportunity in 1994. Conventional facial recognitions systems "were too slow and took too much computer memory," he says. And stored on a hard drive, the data were vulnerable to hackers. Hertz calls his solution One-to-One. It uses a camera to take a person's photo and compares it to a facial "pixel signature." The signature uses only 96 bytes of memory -- as opposed to 500 to 2,000 bytes in conventional systems -- and can be easily stored on a smart card. Hertz insists that even the most intelligent hacker won't be able to break into the system because the data is not available on a central computer system and a stolen smart card will not match the thief's facial characteristics. Hertz allows that ITI has spent more than $1 million so far, half from him and half from Peipers, a New York investment company. ITI offers its system in the form of a small black box, containing the camera and connected to a computer. One-to-One uses little memory because it focuses on specific characteristics, such as the position of the eyes and the form of the mouth, while older systems store a photo-like image of the face. "When we started," Hertz says from a University of Miami test lab, "the first thing we did was ask a plastic surgeon if there are sufficient differences between faces. "'Every face is different,' he answered. But what about identical twins, we wanted to know. "The surgeon said there are enough differences in their faces that some people -- like their mother -- always can recognize them." Using biometrics, the branch of biology that deals with data statistically and by mathematical analysis, One-to-One can recognize these differences as well as a mother. A niggling problem, however, is that the system may not recognize a characteristic that is not part of your signature, such as a new haircut or even a smile. So far, ITI has made 50 units, mostly for testing and evaluation. Priced at $2,000-$3,000, two of the units have been sold to Westinghouse Security Electronics, which does not manufacture facial recognition systems. Jorge Sousa, director of product development at Westinghouse's systems division, based in Santa Clara, Calif., says he is "convinced that biometrics has a future," and that his company is keenly interested in ITI's product. Citicorp is currently testing Hertz's system on its ATMs, and AktivNet, a Miami company, has agreed to try out 400 units in 1997 on its communications kiosks in airports and hotels geared to business travelers. Hertz has also presented One-to-One to the National Security Agency, which he says "exhibited high-level interest." ITI is being marketed in Europe, South Africa and the Middle East by a Dutch company, Digistration. Hertz sees customers ranging from airports to welfare agencies to sports arenas. "The market is large and growing every day," he says. David Leibowitz, managing director and analyst at Burnham Securities in New York, also sees a rising interest in sophisticated security systems. "There is every likelihood that more creative devices will be needed," said Leibowitz, who added that with the rise in crime and theft, "The security market is growing at a dramatic pace." Leibowitz points out that the security market can include everything from barbed-wire fences to combination locks to the high-tech devices manufactured by such companies as Sensormatic, Checkpoint and Knogo . "Should ITI's product prove itself in tests and go on to succeed in real-world applications," he said, "there is a good chance there would be a market for it." But he cautioned that between now and then, competitors may have developed similar or more innovative systems that affect ITI's potential to market its product. Hertz plans to hire 10 additional employees to market and distribute ITI products. They will join the 12 people currently on staff, an international group including a computer programmer, biomedical scientist and mathematical analyst. Their work has far-reaching implications: Hertz envisions a day when ITI develops systems and products that, for example, has the capability to "detect people in a crowd," to catch fugitives or help find missing persons. Retail Banker International: August 22, 1996 Chase Builds "Best Biometric" CHASE MANHATTAN is currently testing biometric voice printing for retail banking applications in two pilots in the New York area. The bank said these tests will be concluded before year-end, and could lead to the introduction of biometric voice printing in several retail channels as early as 1997. The two pilots now in progress are testing voice printing at branch offices, the most challenging environment for voice printing, due to ambient noise and distortion. Branch customers pick up a phone on the teller line and verify their identities instantly, saving the teller the time needed to check the validity of each customer's bank card. But the system's most dynamic application will be in remote delivery, and especially in phone banking, where customers' identities can be automatically verified as soon as they speak, allowing phone reps to call up all account data instantaneously. The bank expects to roll out voice printing first in high-risk wholesale operations, like funds transfer and treasury services, before introducing it to the retail side of the bank. "Voice is the best biometric," said Elizabeth Boyle, Chase VP for strategic implementation in New York. First, voice printing offers security in all channels, an advantage that techniques like fingerprinting and dynamic signature analysis do not enjoy. This means that customers can use the system for remote transactions and can open accounts without visiting a branch, for example. Second, customers are most comfortable with voice printing, which is considered far less intrusive that fingerprinting, for instance, and is completely invisible over the phone. Lastly, voice printing is the most effective security system, yielding the lowest percentage of false positives, and just as important, the lowest rate of false negatives. "We do not want to be in the position of telling customers that they are not who they are," Boyle explained. Chase's voice printing pilots use technology developed by Votan of Pleasantville, California, a firm currently under registration for an initial public offering valued at $30 million. Direct mutual funds provider Fidelity Investments is also working on the implementation of voice printing technology, and Citibank is currently running voice pilots by four separate vendors. Boyle said that twelve months ago, Chase decided against multiple- vendor pilots, believing the technology was changing too rapidly to make this approach economical. New York Times: Monday, September 16, 1996 Testing Whether Internet Readers Will Pay By MIKE ALLEN After extending its grace periods four times, The Wall Street Journal Interactive Edition says it will bar freeloaders from its World Wide Web site beginning Saturday. The results are being watched as a bellwether for prospects of charging for access to Web sites. Because of The Journal's fame and its high proportion of business users, founders of other sites figure that if The Journal does not succeed, they may have no chance of charging in the foreseeable future. Today's Web is a money pit, with sites getting some revenue from advertisers but virtually none from users. Nick Donatiello, a market researcher who surveys consumer attitudes about new technologies, said subscription fees might work in a special case like The Journal, but would remain rare. ``Consumers can surf the whole Web for less than $20 a month, so it's hard to convince them that they should pay for one little slice out of this enormous pie,'' said Donatiello, the president of Odyssey LP, a research firm in San Francisco. ``Paying for content is going to be dwarfed by having advertisers pay, not because the Web has a culture of free content, but because television has a culture of advertising-supported content.'' A message on the Journal's site (http://www.wsj.com) says, ``Avoid the rush and convert now to a paid subscription.'' The interactive Journal is charging $49 a year, or $29 to those who take the print Journal, which runs $164 a year. Neil F. Budde, the editor of the interactive edition, said many people were philosophically opposed to paying for information on the Web. But he said others would subscribe because of the site's features like Briefing Book, which offers news about a company, charts of stock performance and five years of financial data. ``These are not the people who have been on the Internet since Day One,'' he said. ``These are newer people, people who are in business, who say it's worth it not to have to look four different places on the Internet'' to find information that the Journal site pulls together. About 650,000 people registered during the interactive Journal's trial period. Thomas Baker, the business director of the interactive edition, said surveys of those users indicated 10 to 30 percent were willing to pay. ``If, at the end of the year, we had 20,000 to 25,000, that would be good,'' Baker said. ``We're realists. Our expectations are fairly modest. We look at this as a magazine start-up, and even successful magazines take a while to ramp up.'' Baker said only 20 to 25 percent of those surveyed subscribed to the print Journal. ``That helped allay people's fear of the cannibalization of the print readership,'' he said. When the site opened in April, it offered free access through July 31. That was extended to Aug. 31, then Sept. 21. The deadline to register was May 31, then June 30, then Aug. 1. There is still a loophole: Access to the on-line Journal is free through Dec. 31 to those who download the Microsoft Corp.'s Web browser, Internet Explorer. Also free: two-week trials of the Journal site. Barron's, a weekly that like the Journal is published by Dow Jones & Co., thought big when it announced its Web site in May, saying it planned to charge $99 a year for basic access, and even more for premium areas like an Investors Workstation. That would have made it the most expensive mass-market site on the Web. The plan has been rethought. Barron's Online (http://www.barrons.com) has remained free, and a spokesman said the future subscription price had not been determined. The Web site of The New York Times requires users to register but does not charge. About 600,000 have signed up since the site (http://www.nytimes.com) opened in January. ``Our view is that market share is a more important criterion for success than whether you can get a few people to pay for the service,'' said Martin A. Nisenholtz, the president of The New York Times Electronic Media Co. ``But we continue to evaluate our users' willingness to pay for information on line.'' The other best-known news sites, including those from CNN, USA Today, The Washington Post and The Los Angeles Times, are open to all. ESPN's site (http://espnet.sportszone.com) charges $39.95 a year for access to premium areas, including columnists. But that service, too, is free until the end of the year through Microsoft Explorer. Microsoft, meanwhile, has found an old-fashioned way to get some income from its on-line magazine, Slate: sell paper copies. Slate on Paper went on sale this month in many Starbucks coffee boutiques, and mail subscriptions are available. The 62-page digest of the on-line version is produced in Microsoft's print shop. The paper Slate is $29.95 a year. That's $10 more than the on-line version will be when it starts charging for access on Nov. 1. The site (http://www.slate.com) was started in June with great fanfare from traditional media, but it continues to be skewered in the on-line world. The September issue of Wired magazine inaugurated the Kinsley Deathwatch, a pool to predict when Michael Kinsley, Slate's editor, will return from Redmond, Wash., to the other Washington. Slate on Paper, which includes about one-third of the Web version, includes an editors' note heralding ``the transmutation of all-digital Slate to the fusty comfort of analog paper and ink.'' ``To the best of our knowledge, Slate on Paper is the first Webzine to reverse the process,'' the note says. ``Some say it is fitting for two companies so closely associated with the image of Seattle - Microsoft and Starbucks - to be be joining forces. Others say it is beyond parody.'' A parody site, Stale (http://www.stale.com) pretends to offer a printed version, ``thereby defeating the purpose of being on the Web.'' Rogers Weed, Slate's publisher, said the print edition was ``a bridge to the people that aren't on the Internet today.'' But how many Starbucks customers want Chechnya with their frappuccino? Even some of the chain's employees are puzzled. ``This is Starbucks coffee,'' said Carol Hensler, who worked at a store in Richmond, Va. ``We only have coffee and coffee products.'' --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

1 0

A Bizarre Increase in the Ad Hominems Here
by tcmay＠got.net 17 Dec '03

17 Dec '03

Must be the Ides of September, but there are several bizarre new attacks lately on this list, none of them to the point, just odd ad hominems: * Detweiler (vznuri(a)netcom.com) writes: "timmy waxes a widdle on AP" * Millie (pstira(a)escape.com) writes: "Timmy boy, I yelled at someone for this last week. And you supported my view. Never read Ayn Rand, eh?" (Sadly, a large fraction of the women who have posted on our list have written in this same kind of incoherent, rambling, makes-no-sense kind of style. I have no idea why the percentage of such events is so high.) * And of course Vulis has been posting his "farting" messages far and wide. Those who legitimately disagree with my arguments should of course continue to speak up. But those who confuse calling me "Timmy" with making substantive arguments need to go back to school. We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

7 7