Path: utzoo!telecom-request Date: Wed, 24 Apr 91 19:45:31 -0700 From: David Gast Newsgroups: comp.dcom.telecom Subject: Re: Voice Recognition Telephones and Security Message-ID: Organization: TELECOM Digest Sender: Telecom@eecs.nwu.edu Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 304, Message 11 of 12 Lines: 62 Re my comments about how a voice recognition facility by the phone company would further reduce our privacy by tracking every phone call we make and to whom we make it. rmoonen@hvlpa.att.com said: > This can already be done: Make a cash withdrawal from an ATM; the bank > now knows where you are. Place a calling card call from a payphone; > the phone company now knows who you called, and where you are. Walk > into a moderately sized department store, and video cameras will track > you're every move. Getting paranoid already? :-) These examples are true, but having a record of every single phone call we make would be worse than knowing that once per week a cash withdrawal was made by someone with my ATM card or that someone unnamed walked into the store. Additionally, I can pay cash for my phone calls and the phone does not know who made the call (under most circumstances), if voice recognition is on, then they would know (unless I disguise my voice with some type of electronic device that might also change words et al). And the Moderator noted: > [Moderator's Note: And what, pray tell, is the difference between this > and sending someone a written letter who then forges my handwriting > and signs off on some fraudulent documents for me? Maybe we should > stop allowing handwritten communication between people (or individuals > and companies) before this 'existing security hole' gets worse. How > inconvenient do you want things to be just to accomodate your fears > about 'what might happen'? PAT] I think there are several differences. I hear Bush'es voice almost every night on the news. I could record his voice and then easily impersonate him. It would be more difficult, but not impossible, for me to send out letters on his official stationary with his signature on them. It would be easy for someone to call up my bank and say this account 12345 and the last four digits of my SSN are 1234, please send a cashier's check to the ABC Company for $1000. It is harder for that individual to do the above through the mail. It is even more difficult for the individual if the bank confirms the proposed transaction with me before doing it. Additionally, I have heard many complaints about phreaks from you. Why give them another toy that won't do me any good? I don't consider the proposed system convenience. We must pay more attention to security, not less. If I want an eight digit PIN for my phone card or my ATM card, I should be able to get it. If I want to limit myself to $100 per day withdrawals, I should be able to. Is it convenience that I am only allowed to get a four digit PIN that is typically chosen for me and is publically available information like the last four digits of my zip code? You can bet that if a bank, for example, got on the internet, I would not under any circumstances want them to accept any instructions that came through the internet, it is just too easy to impersonate others. On the other hand, I am not so paranoid that I refuse to have an account on the internet. David