[40] in Privacy_Forum
PRIVACY Forum Digest V03 #14
daemon@ATHENA.MIT.EDU (PRIVACY Forum)
Sat Jul 16 19:34:43 1994
Date: Sat, 16 Jul 94 15:45 PDT
From: privacy@vortex.com (PRIVACY Forum)
To: PRIVACY-Forum-List@vortex.com
PRIVACY Forum Digest Saturday, 16 July 1994 Volume 03 : Issue 14
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
New National ID Card Proposal (David Banisar)
PrivacyGuard/CUC Int'l, Inc. (William E. Carroll)
Privacy & "Discovery" (N. R. Sterling)
Re: Newsgroup censorship (Marc Horowitz)
USACM Calls for Clipper Withdrawal (US ACM, DC Office)
ACM Releases Crypto Study (US ACM, DC Office)
Re: Thank you, France Telecom (Peter Kaiser)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------
VOLUME 03, ISSUE 14
Quote for the day:
"Pardon me boy, is this the Transylvania station?"
-- Dr. Frederick Frankenstein (Gene Wilder)
"Young Frankenstein" (1974)
----------------------------------------------------------------------
Date: Tue, 12 Jul 1994 20:11:46 -0500
From: David Banisar <Banisar@epic.org>
Subject: New National ID Card Proposal
CBS Evening News just reported that Clinton has "tenatively signed off"
on a National ID card recommended to him by a commission on immigration
reform. The obstensive reason for the card is for employment and immigration.
Each card will contain a name, photo, mag stripe with info and a "verified
SSN." It was supported by Senator Alan Simpson of Wyoming, a long-time
supporter of id cards. Gov. Pete Wilson of California has apparently offered
to make California a test-bed for the proposal. The proposal was opposed by
Xavier Beccera, a Congressman from California. A previous effort to impose a
national id card was rejected by Congress in 1986.
EPIC is working with Privacy International to investigate this report. PI has
led successful campaigns aginst national id cards in Australia, New Zealand,
and the Phillipines.
In Australia, the PI-led campaign led to the dissolution of both houses of
the federal Parliament in 1987 after hundrends of thousands marched in
protest. The Australian campaign brought together groups from all parts of
the political spectrum from the Communist Party to the Libertarian Alliance,
farmers and conservation groups, rock stars, academics, large businesses such
as banks and mining corporations, but the overwhelming support came from the
public who created the biggest civil protest in Australian history.
David Banisar (banisar@epic.org)
Electronic Privacy Information Center
666 Penn. Ave, SE #301, Washington, DC 20003
202-544-9240 (v) 202-547-5482 (f)
[ I would urge avoiding emotional reactions to this report until such
a time as it has been verified as fact and the details of any proposal
and/or related proposed legislation are known. -- MODERATOR ]
------------------------------
Date: Fri, 08 Jul 1994 14:27:24 EDT
From: NGMF93A@prodigy.com (MR WILLIAM E CARROLL)
Subject: PrivacyGuard/CUC Int'l, Inc.
I've received a solicitation from CUC International, Inc., of Trumbull, CT,
which is apparently related to my GTE Mastercard. Essentially, they're
selling a $49 annual membership in PrivacyGuard. They will provide 4
things: 1) Your credit report, 2) Your driving report, 3) Your social
security record, & 4) Your medical history (disclosing who has asked to see
this file). I know that I can get my credit report free from TRW, my
driving report from the state, my social security record from the Fed.
gov't., without spending $49. What intrigues me, however, is the
availibility of the medical file. How does one go about obtaining a copy of
his medical file?
[ There appears to be a very large Mastercard related solicitation for
"PrivacyGuard" in progress nationwide. The "medical file" they're
referring to is apparently at least one of the medical insurance
intercompany databases which relate to medical
claim history. -- MODERATOR ]
------------------------------
Date: Sat, 02 Jul 1994 06:40:00 -0500 (EST)
From: NRSST5@vms.cis.pitt.edu
Subject: PRIVACY & "DISCOVERY"
PRIVACY & "DISCOVERY"
Most people equate the term "discovery" with expressions such
as, "Eureka!" Indeed, in the everyday, non-legal world both words
more often than not have a salutary connotation.
In the nether world of litigation, however, the word discovery
takes on a more ominous meaning. There in the twilight zone of motions,
pleadings, body attachments, executions, appeals, petitions, and the like,
stands the spector of "Discovery," looming larger in some cases than in
others, but always loitering in the background, available as a powerful
tool capable of prying loose closely guarded secrets that most prudent
people would deem private and inviolate.
While this paper is not intended to be all encompassing, nor is
it intended to provide or replace professional advice which should be
sought for details concerning any specific jurisdiction, it will
nonetheless set forth a few examples of privacy invasion through the
legal process known as "discovery" in order to provide a springboard
for further research by those who may be inclined to do so.
To begin, telephone records are often the subject of discovery.
A subpoena is obtained (either free, in Federal Court, or for a nominal
fee of a dollar or so in State Court) and served upon the telephone
company, setting forth a deposition date, i.e., a date in which the
telephone company must appear and turn over any telephone records
designated in the subpoena. Usually these records consist of any notes
made in the billing and service departments by telephone company
personnel during their conversations with the subscriber. The records
also include a copy of any initial application made by the subscriber
together with copies of the subscriber's bills. These bills generally
include the precise times and telephone numbers of every single toll
call placed through the use of the subscriber's telephone or phone
credit card during the past five (5) years, and sometimes longer.
Next, discovery of bank records follows pretty much the same
process, and produces the customer's account application, including
social security number, together with the records of each and every
transaction with the bank since the account was opened. If it is a
checking account, the bank is required to produce copies of every
check processed, front and back, together with copies of every money
order, check or draft deposited to the account.
With such information in hand, the telephone records may be
examined in the light of the subscriber's toll calls, and each number
listed as a number called on such toll records may then be subjected
to further discovery or other routine forms of investigation,
determining the identity of the subscriber of each toll listed number
and what their relationship is to the subject of the initial discovery.
The details gleaned from such labors are then combined with the
results of any investigation concerning each payee and each endorser of
every check, which reveals among other things, who the bank customer
pays money to, e.g., credit card companies (with credit card numbers
usually appearing on the memo line, written by the unsuspecting maker of
the check), personal loan payements, grocery store bills, car payments,
magazine subscriptions, allowance money for kids in college, and whatever
else the checks may have been written for. The checks also often include
driver's license or other personal identification information written on
the backs by the merchants who cash them.
Now even the slovenly investigator can set up phone banks for the
purpose of contacting all of the persons and places enumerated above, and
can do so with ease, building piece by piece a profile of the telephone
subscriber and bank customer and using such information to harass the
subject's friends and family and business associates under the guise of
discovery. Deep pocket litigators especially can run roughshod over the
rights of most people, who are usually unable financially to mount and
maintain a monumental defense or even secure a protective order from the
court. Indeed, in many instances sub rosa machinations are employed
without the victims even being aware that such discovery procedures
have been used against them.
While this paper touches only a few surface aspects of legal
discovery vis-a-vis privacy invasion, the information is provided
as a tocsin to alert those with an interest in such matters to do
further study on the subject in order to better protect their own
privacy interests.
(c) 1994 N. R. Sterling
IN%"nrsst5@vms.cis.pitt.edu"
Electronic distribution rights only are hereby granted to
Privacy Forum. Readers seeking further information may contact the
author directly at the above email address.
------------------------------
Date: Sun, 03 Jul 94 20:06:07 EDT
From: Marc Horowitz <marc@MIT.EDU>
Subject: re: Newsgroup censorship
>> What is the basis for viewing the entire constellation of Usenet newgroups
>> as a single entity, which one must take whole (alt.sex.bestiality along with
>> sci.physics.research) or not all? The only thing the two have in common
>> is the technology used to deliver them - about what Physical Review Letters
>> and Spread Legs have in common.
A different view is that censoring particular newsgroups requires some
effort (not much, certainly, but some). I would not say that a school
should be required to seek out every single newsgroup it can find, nor
should it be required to carry traffic which strains its resources
(alt.binaries.pictures.erotica vs alt.sex.stories), but a university
should not actively remove certain newsgroups from circulation.
A similar analogy might be the telephone system here at MIT. A
student cannot call a 900 number from a dorm phone, but can call 800
numbers. The phone system here could be programmed to disallow
students from calling certain 800 numbers advertised on late-night TV,
but this is not done. I think this behavior could be compared to a
policy of not carrying certain newsgroups, and both would be wrong.
Marc
[ Response from the MODERATOR:
I think that the original analogy holds up pretty well. I'll bet
the magazine rack down at the MIT bookstore doesn't carry the same wide
variety of sex-oriented magazines probably available at public
stands within feet of campus.
The choice of "publications" which are appropriate to a particular
venue can most certainly be legitimately contrained by concerns
other than volume. The fear of public outcry over "University
providing pornography to students over campus computer
system--government funds being used to promote pornography!" is a
real one, regardless of how one feels about the topic personally.
Censorship does not enter the picture automatically when you can't get
everything, everywhere. Individuals can always get their own accounts
on public systems, and choose service providers willing to carry such
material--just as they can go to public bookstores and magazine racks
rather than the ones on campus.
When materials which are legal to distribute become unavailable in a
manner which makes them difficult or impossible to get at all, *then*
censorship indeed can become a significant factor.
-- MODERATOR ]
------------------------------
Date: Thu, 30 Jun 1994 16:35:37 +0000
From: "US ACM, DC Office" <usacm_dc@acm.org>
Subject: USACM Calls for Clipper Withdrawal
U S A C M
Association for Computing Machinery, U.S. Public Policy Committee
* PRESS RELEASE *
Thursday, June 30, 1994
Contact:
Barbara Simons (408) 463-5661, simons@acm.org (e-mail)
Jim Horning (415) 853-2216, horning@src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling@ics.uci.edu (e-mail)
COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER
COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR
SECRET DECISION-MAKING
WASHINGTON, DC - The public policy arm of the oldest and
largest international computing society today urged the White
House to withdraw the controversial "Clipper Chip" encryption
proposal. Noting that the "security and privacy of electronic
communications are vital to the development of national and
international information infrastructures," the Association for
Computing Machinery's U.S. Public Policy Committee (USACM) added
its voice to the growing debate over encryption and privacy
policy.
In a position statement released at a press conference on
Capitol Hill, the USACM said that "communications security is too
important to be left to secret processes and classified
algorithms." The Clipper technology was developed by the National
Security Agency, which classified the cryptographic algorithm that
underlies the encryption device. The USACM believes that Clipper
"will put U.S. manufacturers at a disadvantage in the global
market and will adversely affect technological development within
the United States." The technology has been championed by the
Federal Bureau of Investigation and the NSA, which claim that
"non-escrowed" encryption technology threatens law enforcement and
national security.
"As a body concerned with the development of government
technology policy, USACM is troubled by the process that gave rise
to the Clipper initiative," said Dr. Barbara Simons, a computer
scientist with IBM who chairs the USACM. "It is vitally important
that privacy protections for our communications networks be
developed openly and with full public participation."
The USACM position statement was issued after completion of a
comprehensive study of cryptography policy sponsored by the ACM
(see companion release). The study, "Codes, Keys and Conflicts:
Issues in U.S Crypto Policy," was prepared by a panel of experts
representing various constituencies involved in the debate over
encryption.
The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges. USACM was
created by ACM to provide a means for presenting and discussing
technological issues to and with U.S. policymakers and the general
public. For further information on USACM, please call (202) 298-
0842.
=============================================================
USACM Position on the Escrowed Encryption Standard
The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto
Policy" sets forth the complex technical and social issues
underlying the current debate over widespread use of encryption.
The importance of encryption, and the need for appropriate
policies, will increase as networked communication grows.
Security and privacy of electronic communications are vital to
the development of national and international information
infrastructures.
The Clipper Chip, or "Escrowed Encryption Standard" (EES)
Initiative, raises fundamental policy issues that must be fully
addressed and publicly debated. After reviewing the ACM study,
which provides a balanced discussion of the issues, the U.S.
Public Policy Committee of ACM (USACM) makes the following
recommendations.
1. The USACM supports the development of public policies and
technical standards for communications security in open forums in
which all stakeholders -- government, industry, and the public --
participate. Because we are moving rapidly to open networks, a
prerequisite for the success of those networks must be standards
for which there is widespread consensus, including international
acceptance. The USACM believes that communications security is
too important to be left to secret processes and classified
algorithms. We support the principles underlying the Computer
Security Act of 1987, in which Congress expressed its preference
for the development of open and unclassified security standards.
2. The USACM recommends that any encryption standard adopted by
the U.S. government not place U.S. manufacturers at a disadvantage
in the global market or adversely affect technological development
within the United States. Few other nations are likely to adopt a
standard that includes a classified algorithm and keys escrowed
with the U.S. government.
3. The USACM supports changes in the process of developing
Federal Information Processing Standards (FIPS) employed by the
National Institute of Standards and Technology. This process is
currently predicated on the use of such standards solely to
support Federal procurement. Increasingly, the standards set
through the FIPS process directly affect non-federal organizations
and the public at large. In the case of the EES, the vast
majority of comments solicited by NIST opposed the standard, but
were openly ignored. The USACM recommends that the standards
process be placed under the Administrative Procedures Act so that
citizens may have the same opportunity to challenge government
actions in the area of information processing standards as they do
in other important aspects of Federal agency policy making.
4. The USACM urges the Administration at this point to withdraw
the Clipper Chip proposal and to begin an open and public review
of encryption policy. The escrowed encryption initiative raises
vital issues of privacy, law enforcement, competitiveness and
scientific innovation that must be openly discussed.
5. The USACM reaffirms its support for privacy protection and
urges the administration to encourage the development of
technologies and institutional practices that will provide real
privacy for future users of the National Information
Infrastructure.
------------------------------
Date: Thu, 30 Jun 1994 16:34:47 +0000
From: "US ACM, DC Office" <usacm_dc@acm.org>
Subject: ACM Releases Crypto Study
Association for Computing Machinery
PRESS RELEASE
__________________________________________________
Thursday, June 30, 1994
Contact:
Joseph DeBlasi, ACM Executive Director (212) 869-7440
Dr. Stephen Kent, Panel Chair (617) 873-3988
Dr. Susan Landau, Panel Staff (413) 545-0263
COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY
WASHINGTON, DC - A panel of experts convened by the nation's
foremost computing society today released a comprehensive report
on U.S. cryptography policy. The report, "Codes, Keys and
Conflicts: Issues in U.S Crypto Policy," is the culmination of a
ten-month review conducted by the panel of representatives of the
computer industry and academia, government officials, and
attorneys. The 50-page document explores the complex technical
and social issues underlying the current debate over the Clipper
Chip and the export control of information security technology.
"With the development of the information superhighway,
cryptography has become a hotly debated policy issue," according
to Joseph DeBlasi, Executive Director of the Association for
Computing Machinery (ACM), which convened the expert panel. "The
ACM believes that this report is a significant contribution to the
ongoing debate on the Clipper Chip and encryption policy. It cuts
through the rhetoric and lays out the facts."
Dr. Stephen Kent, Chief Scientist for Security Technology
with the firm of Bolt Beranek and Newman, said that he was
pleased with the final report. "It provides a very balanced
discussion of many of the issues that surround the debate on
crypto policy, and we hope that it will serve as a foundation for
further public debate on this topic."
The ACM report addresses the competing interests of the
various stakeholders in the encryption debate -- law
enforcement agencies, the intelligence community, industry and
users of communications services. It reviews the recent history
of U.S. cryptography policy and identifies key questions that
policymakers must resolve as they grapple with this controversial
issue.
The ACM cryptography panel was chaired by Dr. Stephen Kent.
Dr. Susan Landau, Research Associate Professor in Computer Science
at the University of Massachusetts, co-ordinated the work of the
panel and did most of the writing. Other panel members were Dr.
Clinton Brooks, Advisor to the Director, National Security Agency;
Scott Charney, Chief of the Computer Crime Unit, Criminal
Division, U.S. Department of Justice; Dr. Dorothy Denning,
Computer Science Chair, Georgetown University; Dr. Whitfield
Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony
Lauck, Corporate Consulting Engineer, Digital Equipment
Corporation; Douglas Miller, Government Affairs Manager, Software
Publishers Association; Dr. Peter Neumann, Principal Scientist,
SRI International; and David Sobel, Legal Counsel, Electronic
Privacy Information Center. Funding for the cryptography study
was provided in part by the National Science Foundation.
The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges. For
general information, contact ACM, 1515 Broadway, New York, NY
10036. (212) 869-7440 (tel), (212) 869-0481 (fax).
Information on accessing the report electronically will be
posted soon in this newsgroup.
------------------------------
Date: Thu, 30 Jun 94 10:44:15 MET DST
From: Peter Kaiser <kaiser@heron.enet.dec.com>
Subject: RE: Thank you, France Telecom
> When you push the redial button,
> what number is redialed: the last number that was dialed using your card
> or the last number that was dialed on that phone?
Same airport, same phones: the redial button seems to have no effect when I
insert my card in a phone where I wasn't the last user. So perhaps it works
only when it recognizes "this card is the last card used in this phone".
But there are other possibilities -- a timeout period, for instance. And
what happens when you insert a depleted card? People discard them; can
they still be used to get the last numbers they were used for?
I'm made uneasy by hidden, undocumented, and unexplained features. Even if
it were to turn out that the algorithm for REDIAL were, for instance,
"permit REDIAL only if the card in this phone is the last one previously
used, and within the last five minutes", I still don't like it that the
phone system has hidden features. They certainly aren't explained in the
phone enclosures.
___Pete
kaiser@acm.org
+33 92.95.62.97 FAX +33 92.95.50.50
------------------------------
End of PRIVACY Forum Digest 03.14
************************
