TUCoPS :: Privacy :: priv_109.txt

Privacy Digest 1.09 7/22/92

PRIVACY Forum Digest      Wednesday, 22 July 1992      Volume 01 : Issue 09

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS

	PRIVACY Brief (Moderator--Lauren Weinstein)
	Knowing Better (Phil Karn)
	911 privacy concern (Mel Beckman)
	U.S. encryption export control policy softens somewhat 
	   (Peter G. Neumann)
	Emerging Privacy Issues: Libraries (Peter Marshall)
	Telephone wiretapping (Erling Kristiansen)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 09

    Quote for the day:

    "It's such a comfort having a machine to do our thinking for us."
	
		       -- Morticia Addams
			  (referring to "Whizzo" the computer)
	                  "The Addams Family" (1964-1966)

----------------------------------------------------------------------

PRIVACY Brief (from the Moderator)

---

The California State Supreme Court recently reversed the conviction of a
wife and her lover for the murder of the wife's husband.  The prosecution's
primary evidence in the case was tapes of telephone conversations between
the wife and her lover that the husband had been secretly making, which the
prosecution had obtained.  The court ruled unanimously that federal law bars
family members from tapping the family phone, and that the tape was not
admissible.

The prosecution had argued that "domestic" taping of that sort was not
illegal, and that even if the taping was illegal it was still admissible
since the government had played no role in the making of the tapes (i.e.
they acquired evidence made by a citizen).  The court rejected both of these
arguments, but reversed the conviction reluctantly.  The court also
suggested that perhaps it was unfortunate that Congress had adopted laws
allowing such a broad-based suppression of evidence in such cases.

------------------------------

Date:    Sat, 18 Jul 92 00:20:14 -0700
From:    karn@chicago.Qualcomm.COM (Phil Karn)
Subject: Knowing Better

Okay, here's a personal anecdote for you.

The other day I made an offer on a house. Sitting with my realtor in a
Carl's Jr, I'm signing a large stack of forms when her transportable
cell phone rings. It's a mortgage broker who wants to prequalify me
for a loan. She hands the phone to me and before I know it, I'm
telling him where I work, how much I make, how much I have in the
bank, what other loans I have outstanding, etc.

Unlike most people who can at least plead ignorance, I know all too
well how easily these things are monitored. But in the excitement of
the moment I did it anyway. That's why meaningful encryption ought to
be a standard feature of any cellular telephone system.

Phil

------------------------------

Date:    Sat, 18 Jul 92 11:41:26 PST
From:    mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Subject: 911 privacy concern

In this morning's Ventura County Star/Free Press newspaper (Sat 92jul17)
appears an article headlined "Woman calls for help, lands in jail." Here is
my own summary of their story:

Oxnard, CA resident Helene Golemon called 911 to report (twice) a loud
teenage street party in the wee hours. Later, at 6:00am, an officer arrived
and arrested her on a (subsequently learned-to-be) erroneous misdemeanor
traffic warrant. 

Golemon expressed outrage at the 911 records check, and that the warrant
even existed at all. "Those kids were out there drinking and driving drunk.
Nothing happened to them and I got arrested." After booking, including
fingerprints and mug shots, she was detained in a holding cell until her
husband posted $188 bond later that morning. 

Assistant police chief William Cady claimed that dispatchers often check
available records, even on a reporting person, to know as much as possible
about the people involved when responding to 911 calls. "Procedurally, our
people did nothing wrong" he said.

The arrest warrant, dated from an illegal left turn from May, 1988. Golemon
fought the ticket and lost, then attended state-sponsored driver's education
(a CA alternative to fines available for first-time offenders) in August
1988. The court has a copy of Golemon's driver education certificate on
file, and Linda Finn, deputy executive officer for Ventura County Superior
and Municipal Courts, couldn't explain why a warrant was later issued in
1989.  Goleman was never notified of the warrant.

Goleman felt the incident was vindictive, because the dispatcher was annoyed
with her. "When I tried to explain the continuing problems we're having, she
was very short with me," she said. Golemon then asked for the dispatchers
name, and the dispatcher in turn demanded Golemon's full name. After Golemon
complied, the dispatcher only told Golemon her badge number. The dispatcher
remains unidentified in the news report, and an Oxnard police sergeant who
reviewed the tape said the dispatcher was "absolutely professional."

The privacy and computer risk concerns here seems to me three fold. 

First, the police often act with inappropriate gravity on erroneous, and
apparently unverifiable, data. Under what circumstances does a misdemeanor
warrant demand a 6:00am public arrest?  Certainly more time could have been
expended verifying the data, as an at-large illegal left-turner hardly
threatens public safety.

Second, apparently innocuous -- even beneficial -- contacts with government
can result in record searches for unrelated information. Not only can this
result in egregious seizures, as in this case, such an atmosphere can only
stultify public/government relations. Crime and corruption thrive in such an
environment.

Third, although individuals have the right to know most information the
government retains on them (FOIA), that right becomes meaningless if the
government can, at any time, decided to integrate facts from disjoint data
bases and then act without notice on resulting conclusions. One cannot submit
an FOI request on the union of multiple far-flung data sets! 

  -mel
_____________________________________________________________________
| Mel beckman                  |    Internet: mbeckman@mbeckman.com |
| Beckman Software Engineering |  Compuserve: 75226,2257            |
| 1201 Nilgai Place            |       Voice: 805/647-1641          |
| Ventura, CA 93003            |         Fax: 805/647-3125          |
|______________________________|____________________________________|

------------------------------

Date: Sun, 19 Jul 92 11:39:44 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: U.S. encryption export control policy softens somewhat

In the ongoing struggle between NSA's desires to be able to intercept
international communications and software vendors' desires to be able to
compete in international markets, the Bush administration has agreed to ease
export controls on encryption-based software somewhat.  The decision transfers
control of encryption software (albeit only on a case-by-base basis) to the
Commerce Department (from the State Department, which enforces standards
equivalent to those of weapons export).  An article by Don Clark in the San
Francisco Chronicle, 18 July 1992, p.B1, suggests that systems with up to
40-digit RSA keys will now be considered for export.  Clark's article notes
that it is possible to get much better stuff on the streets of Europe -- and
mentions "Cryptos", which uses both DES and RSA, which is available today in
Moscow!  In addition, the administration will now meet with industry
representatives up to twice a year.

The privacy implications remain murky.  If the government can compromise 40-bit
RSA keys, then this "softening" is only cosmetic.  If they cannot, then one
wonders why the "softening" has taken place.  But the real irony is that RSA is
almost trivial to implement anywhere, and is in some sense a better mousetrap.
Perhaps we have here a case of the mousetrap that roared!

Peter

------------------------------

Date:    Mon, 20 Jul 92 08:47:02 -0700
From:    ole!rwing!peterm@nwnexus.wa.com (Peter Marshall)
Subject: Emerging Privacy Issues: Libraries

Public libraries, those traditional, universal information providers and heirs
to a long tradition of defense of users' privacy interests, would appear to be
in for an otherwise unexpected change in the nature and extent of the sort of
privacy concerns they're accustomed to facing.

With increasing--and often, trendy--employment of a number of information 
technologies and services, coupled with an increase in the extent of library
automation, and aided and abetted by a fashionable trend to implement fees for
services often grounded on use of information technologies--sometimes referred
to as the "entrepreneurial movement; the horizon in the public library world
would seem to carry a marked increase in the collection, processing, etc. of
transaction-generated information.

This tendency, familiar enough in other areas of emerging privacy issues, seems
to be occurring, as in some other areas, in an environment that shows signs of
a broader tendency to information-as-commodity, and thus to concerns about
commercialization and privatization.

Although these latter concerns get attention in the professional library
community, this group appears generally less tuned-in to privacy issues other'
than those that are traditional in the library setting; while at the same time,
these same broader concerns appear to get less attention themselves from the
broader community these perhaps all-too-familiar civic institutions serve.

Emerging privacy issues for public libraries would seem to call up the usual
panoply of information-privacy and information-policy concerns; e.g.,
disclosure as the flip side of access, and those otherwise well-known
reference-points, Principles of Fair Information Practices. The public
library as the good 'ol bastion of privacy? Let's see.

Peter Marshall

------------------------------

Date:    Wed, 22 Jul 92 09:16:03 CET
From:    "E. Kristiansen - WMS" <EKRISTIA@estec.estec.esa.nl>
Subject: Telephone wiretapping

NRC Handelsblad, a Dutch newspaper, of 20 July has two articles concerning
telephone wiretapping.

The first article describes several cases of alleged unauthorized wiretaps
performed by PTT Telecon, the Dutch telephone company.  The PTT is accused
of establishing wiretaps on telephone lines without the required court
order, on request of the police and legal authorities (district attorney).
In one case, a PTT employee has allegedly passed on information obtained
from illegally bugging a phone line, to a criminal (drug dealer). The
employee has been fired.  A PTT spokesperson says that "according to current
procedure", the police cannot request a wiretap directly. The request is to
be submitted through the proper legal channels.  Fron a technical point of
view, the article suggests, without giving much detail, that it is very easy
to establish a wiretap, and that the only control is through procedures,
relying on "highly trusted personnel".  Further, it is said that the PTT
never performs wiretapping itself, it only establishes the tap to a line
going to the police office. It is not said that the PTT CANNOT do
wiretapping, and I would assume that they can, e.g.  for technical
monitoring of line quality.

The other article describes how an on-hook telephone set can be used for
bugging the room in which it is installed. The trick can be performed by
anybody who can gain access, legally or illegally, to any point of the wire
pair connecting the telephone set to the exchange.  A high frequency signal
is injected into the line. This signal bypasses the hook switch of the set
(capacitive coupling, I suppose). The microphone modulates the signal
(technical details not given), and the intruder can demodulate, and listen
to the conversation in the room.  When this trick was published in the
press, PTT says it will shortly be offering a telephone plug with a built-in
capacitor to short the HF signal.  The plug will sell for about Dfl.5 (USD
3). Consumer organizations urge that the plug should be available free of
charge to anybody asking for it.  It is not said whether the trick will work
on all current types of phones, or only on particular brands.

Erling Kristiansen

	[ This sort of bugging is definitely not new and has 
	  been described in various "popular" books concerning
	  law enforcement and intelligence topics. -- MODERATOR ]

------------------------------

End of PRIVACY Forum Digest 01.09
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH