Re: Fingerprinting annoyance
At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
On Mon, 13 May 1996, Senator Exon wrote:
<snip>
i can fill out and manipulate the card myself i just need a working method. is there no privacy advocate who can help me?
I think most privacy advocates would advise, "Refuse to submit." It sounds like you're looking for more of a hack on the fingerprinting process.
And if you are working for me, and I ask for a fingerprint, and you refuse or "smear" the results (repeatedly, as the first smearing I may just take as your token protest and have you printed again), you'll be out the door by the end of the day. (Personally, I've never worked for a company which demands fingerprints, but I've worked for companies which demanded ID badges and signatures, and these are effectively as intrusive. And I suspect that my former employers are now using thumbprints, and maybe full prints.) What one "doesn't like" and considers an "invasion of privacy" varies from person to person. Some people think having their picture taken is a stealing of their soul. Others fear nefarious things will be done with the DNA from their blood samples. Trying to convince a company that photo ID badges and fingerprints are Bad Things is perhaps admirable, just realize that in a free society that employer is under no obligation to hire someone who refuses to go along with the company's security policies. (This relates to the "civil rights" thread.)
of like a key certificate. If you really can dork the card, have ten different people volunteer one print each. There's no way that they'll ever be able to use that as evidence in a court or for any other purpose, either.
A stupid idea. As the employer, I wouldn't have to prove it a court of law...suspicion alone that some of my employees were fucking up a security system might be enough for me to either a. promote them to the Tiger Team, or b. fire their asses. (I just can't understand where this pervasive meme is coming from here on this list, the notion that employers are severely limited in what they can do to employees unless they can "prove it in court. Like it or not, most employees in the United States are still employed "at will," and are not covered by employment contracts such as some executives and the like get.)
If you're forced to do this in person with a tech, you can continuously "fight" the grip they have on your hand and smudge the card. However,
Sure. It makes it easy for the employer to simply say "Next candidate." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Mon, 13 May 1996, Timothy C. May wrote:
At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
On Mon, 13 May 1996, Senator Exon wrote: <snip>
i can fill out and manipulate the card myself i just need a working method. <snip>
of like a key certificate. If you really can dork the card, have ten different people volunteer one print each. There's no way that they'll ever be able to use that as evidence in a court or for any other purpose, either.
A stupid idea. As the employer, I wouldn't have to prove it a court of law...suspicion alone that some of my employees were fucking up a security system might be enough for me to either a. promote them to the Tiger Team, or b. fire their asses.
I think the assertion that Tim is making in regard to an "employer" in the traditional work-at-will sense is correct, but it's not the one I was addressing. If an employer seeks prints and you don't want to give them, then don't work there. If, however, the point of gathering the prints is to record them in the FBI's database, and Senator Exon is worried about later committing a crime and having print records used to identify him, then using the prints of ten different people will muck up such a process. Senator Exon did not fully explain the situation as to whether or not the certification sought will result in fingerprints simply being _checked_, or if they will be _recorded_ for later use, nor did he specify to which outcome he objects, if not both.
(I just can't understand where this pervasive meme is coming from here on this list, the notion that employers are severely limited in what they can do to employees unless they can "prove it in court. Like it or not, most employees in the United States are still employed "at will," and are not covered by employment contracts such as some executives and the like get.)
I think it comes from some of the statutes being placed on employers. The citizens have repeatedly used the legal machine to force employers to have to compete is less than a pure, capitalistic environment. Monitoring employees is one area that's caused some states to pass laws regulating this notion - they have rejected the "if you don't like it, don't take the job" premise you've stated here. Likewise, the minimum wage is a similar legislative action we've taken to stop employers from using a "if you won't work under these conditions, you don't have a job" requisite. The "pure" capitalistic approach would be "if you won't work for $1.00 per hour, take a hike up the street." We've said that this is illegal (at least in most cases), and we force employers to pay every employee at least some arbitrary sum greater than than amount. Thus, the meme may be the simple extrapolation of these ideals into areas over which they do not yet have legal impact.
If you're forced to do this in person with a tech, you can continuously "fight" the grip they have on your hand and smudge the card. However,
Sure. It makes it easy for the employer to simply say "Next candidate."
Unless they want you badly enough. I've been able to avoid a number of situations because it was not cost effective for them to secure the services of someone less qualified. Policy is great until it gets in the way of people making money - almost anything can be "waived" if they want you to help them make money, and their greed outweighs their sense of duty to comply with a given so-called "security" policy. ------------------------------------------------------------------------- | Liberty is truly dead |Mark Aldrich | | when the slaves are willing |GRCI INFOSEC Engineering | | to forge their own chains. |maldrich@grci.com | | STOP THE CDA NOW! |MAldrich@dockmaster.ncsc.mil | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich@grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | -------------------------------------------------------------------------
On Mon, 13 May 1996, Timothy C. May wrote:
At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
On Mon, 13 May 1996, Senator Exon wrote:
<snip>
i can fill out and manipulate the card myself i just need a working method. is there no privacy advocate who can help me?
I think most privacy advocates would advise, "Refuse to submit." It sounds like you're looking for more of a hack on the fingerprinting process.
And if you are working for me, and I ask for a fingerprint, and you refuse or "smear" the results (repeatedly, as the first smearing I may just take as your token protest and have you printed again), you'll be out the door by the end of the day.
On the other hand, if more subtle doctoring escapes your notice....
(Personally, I've never worked for a company which demands fingerprints, but I've worked for companies which demanded ID badges and signatures, and these are effectively as intrusive. And I suspect that my former employers are now using thumbprints, and maybe full prints.)
I disagree. ID badges and signatures are identification surely, but the manner and process by which fingerprints are collected and used is certainly more intrusive. There is no, for example, national database of signatures or corporate ID cards.
Trying to convince a company that photo ID badges and fingerprints are Bad Things is perhaps admirable, just realize that in a free society that employer is under no obligation to hire someone who refuses to go along with the company's security policies. (This relates to the "civil rights" thread.)
Which is why clandestine methods are more effective. Sure, the employer can fire you if they find you out, but they have to find you out first. This is why "in your face"ers like Mr. Bell and others tend to fail in their efforts. They take the wrecking ball approach rather than run around the stone in the river.
of like a key certificate. If you really can dork the card, have ten different people volunteer one print each. There's no way that they'll ever be able to use that as evidence in a court or for any other purpose, either.
A stupid idea. As the employer, I wouldn't have to prove it a court of law...suspicion alone that some of my employees were fucking up a security system might be enough for me to either a. promote them to the Tiger Team, or b. fire their asses.
I think the concept was that it should be done in a way so as to reduce attention. 10 dead men's prints (provided none were fugitives) might be an interesting way to go about it. Certainly less obvious than smearing.
(I just can't understand where this pervasive meme is coming from here on this list, the notion that employers are severely limited in what they can do to employees unless they can "prove it in court. Like it or not, most employees in the United States are still employed "at will," and are not covered by employment contracts such as some executives and the like get.)
If you're forced to do this in person with a tech, you can continuously "fight" the grip they have on your hand and smudge the card. However,
Sure. It makes it easy for the employer to simply say "Next candidate."
Seems to me that the issue here is not getting fired, but what the collected identification information will be used for in future. I consider spoofing prints and other biometric type information legitimate if the motive is to avoid later identification for purposes not related to the employment for which identification was required. All this "suck it up and get printed" talk has me somewhat disconcerted with the list. Have many here not consistantly indicated that privacy is something that must be self assured? Isn't this the list that is so paranoid about what might be done with escrowed keys? Who might bribe the keepers into releasing such information? What might it be used for? What about corporations selling information about employees? How are fingerprints any easier? One can thing of countless examples in history (carefully avoiding Godwin's Law in the process) where once legitimate record keeping and registration was perverted for illicit, even evil use. I think that unless proper means are taken to safeguard information, social security number, license plates, and fingerprint records included, that the individual is perfectly within rights to take his or her own safeguarding initiatives. Where those methods are not intended to simply evade prosecution, but rather to foil extreme recordkeeping, I believe them legitimate.
--Tim May
--- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
participants (3)
-
Black Unicorn -
Mark O. Aldrich -
tcmay@got.net