|
PRIVACY Forum Digest Friday, 15 January 1993 Volume 02 : Issue 03 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Briefs (Lauren Weinstein; PRIVACY Forum Moderator) Expectation of Dependability (A. Padgett Peterson) Public water bills (Walter Smith) Utility bills going to law enforcement (Jim Harkins) Traceable Cash, Breakable Codes (chaz_heritage.wgc1@rx.xerox.com) Re: Perot campaign raiding credit data? (Larry Seiler) Op-ed piece on telephone Calling Number ID (Michael L. Scott) Released GSA Docs Slam FBI Wiretap Proposal (Dave Banisar) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 03 Quote for the day: "There even are places, where English, completely disappears! Why, in America they haven't used it in years." -- Prof. Henry Higgins (Rex Harrison) "My Fair Lady" (1964) ---------------------------------------------------------------------- PRIVACY Briefs (from the Moderator) --- A report commissioned by the British government has recommended sweeping new controls on the British press. A strict code of conduct was suggested, with large fines for violators. The report claims that self-regulation has been a failure. Some complaints appear to revolve around what are being called "physical intrusions"--entering property without permission to take pictures or make recordings, for example. New laws regarding interception of telecommunications and related privacy concerns are also recommended. Much of the current controversy appears to revolve around London tabloids which have published transcripts of "sexy" recordings (from portable phone transmissions) involving members of the British royal family. --- An East London store specializing in "spy" equipment has reported booming sales. They say that 95% of their sales go to businesses who wish to eavesdrop on their employees or on other businesses. ------------------------------- Date: Sat, 9 Jan 93 09:52:36 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Expectation of Dependability Mark Rotenberg presents as part of the guidelines (emphasis mine): > From: Marc Rotenberg <Marc_Rotenberg@washofc.cpsr.org> > Subject: OECD Security Guidelines ... > "While growing use of information systems has generated >many benefits, it has also shown up a widening gap between >the need to protect systems and the degree of protection >currently in place. Society has become very dependent on ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >technologies that are not yet sufficiently dependable. All ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >individuals and organizations have a need for proper >information system operations (e.g. in hospitals, air traffic >control and nuclear power plants). This is nothing new, society has *always* been vulnerable to insuficiently dependable technology. What has changed is the ability of a single failure to affect ever larger numbers of people *who did not know of their dependancy*. With the rise of the industrial revolution came the capability for unnatural disaster (though the fall of the Tower of Babel might be a much earlier precident). During the ninteenth century, reports were rife with train and steamship disasters, but it wasn't until the twenteth century that the capability for cataclysm reached its current bounds beginning fittingly enough with the "unsinkable" Titanic. Interestingly enough the tanker spill in the Shetlands recently brought out the fact that that ship, like the Titanic, did not have a full double hull, a point brought out in the Titanic inquiry and subsequently retrofitted to both sister ships, the Olympic and the Britannic nearly eighty years ago. (However there does not appear to be a worldwide standard and double hulls are expensive...) Similarly, few of the passengers on the Hindenberg realized that a refusal by the United States to sell helium to Germany (considered a war material) left them vulnerable. Point is that an excess trust in "magic" is not a new charactoristic of the human race, it is inherant. Further, until an exception occurs, often there is no way to predict it, there are just too many possibilities. The Atomic age brought conciousness of this forth for the first time, I recall a movie "The Magnetic Monster" as just one of a collection of "one mistake and the world will end" thoughts of the fifties. Is there an answer - probably not - but one cause is the secretiveness of many designs that prevent them from being analyzed by those who might be able to spot a vulnerability, but this brings up a privacy concern: Should designs that will be used or could affect the public be public information ? Sticky wot ? Warmly, Padgett ------------------------------ Date: Sat, 9 Jan 1993 19:12:16 -0800 From: wrs@newton.apple.com (Walter Smith) Subject: Public water bills Another data point for the privacy of utility bills: There was much consternation a year ago here in Palo Alto, California when the local weekly newspaper coerced the water company to reveal the names, addresses, and usage of the top 100 residential water users in the previous year. The paper published this information in a large feature article. (NOTE: I don't have the issue in front of me, so the following is just my recollection.) The legal situation was a conflict between California laws regarding personal privacy and public records. The "top 100 users" idea was a compromise between the privacy of the customers and the public "right to know", due to the drought, who was using the most water. The city council has since stopped this practice, which is not surprising since many of the "outed" water users were wealthy Silicon Valley entrepeneurs who own huge water-guzzling estates... - W Walter Smith "Mid-1993, 408-974-5892 Newton Group well under $1000" Internet: wrs@apple.com Apple Computer, Inc. AppleLink: walter.smith ------------------------------ Date: Mon, 11 Jan 93 09:48:58 PST From: pacdata!jimh@UCSD.EDU (Jim Harkins) Subject: Utility bills going to law enforcement Concerning the practice of some utility companies to report sudden changes in utility bills to law enforcement I submit the following. I recently bought a new 486 PC that I leave on all the time. With the base unit, monitor, printer, etc it must suck up a lot of power, probably about 3-5 grow lights worth. Right after buying the computer my toilet developed a slight leak that I haven' t fixed yet (been playing with the computer). It's not much of a leak, but as it's 24 hours a day it could probably supply 3-5 trays of plants. A few months ago local DEA agents raided a man's house based on incorrect information. Evidently they never announced themselves, and the homeowner reacted to several men beating down his door at midnight by getting a gun. He was shot several times (he survived). No drugs were found, no charges were filed. So is the combination of my leaving my computer on all day, not fixing a leaky toilet, and sleeping with a gun about to get me killed? jim ------------------------------ Date: Mon, 11 Jan 1993 05:34:25 PST From: chaz_heritage.wgc1@rx.xerox.com Subject: Traceable Cash, Breakable Codes [PFD V02.02: Tue, 29 Dec 92: Jerry Leichter: On expectations of privacy] >This is viewed with universal shock and horror as a new intrusion on our obvious traditional right to complete anonymity in cash transactions. But is there really any such traditional right?< Of course not. Banks (as we British have discovered to our cost recently, e.g. BCCI, NatWest) are there to serve not the interests of their customers but those of their major shareholders; they are pillars of the Establishment, and of course they will inform upon any of their less well-to-do customers, whatever contracts of confidentiality there might be between them, if they think that they might thereby do a favour for those upon whom they might turn for support later (RIch criminals, on the other hand, are called 'financiers' here, and are vigorously defended by the courts against slurs on their character; vide Maxwell v. 'Private Eye', several cases). This is why only amateur terrorists, gun-runners and drug-smugglers, the small fry, the weekend warriors, ever use cash. A cursory study of the history of professional organised crime and unconventional warfare strongly suggests that the international currencies of choice between their exponents are gold bullion, heroin and armaments. In more modern times plutonium, and possibly even oralloy, are said to have played the same role. Since possession of any of these is illegal anyway (at least it is here), one need not expect those who use these currencies to worry too much about the so-called fiduciary integrity of their 'bankers' - since any disputes would probably be settled not by lengthy litigation but by shortened shotguns - nor about their views on privacy, since the penalties for informers among these groups are harsh and of long traditional standing. The authorities have also apparently gone astray in trying to gain absolute control of cryptography, to prevent 'terrorists' and 'drug-smugglers' from using secret codes to fool law enforcers. Of course only a crass amateur would trust a telephone line or a commercial electronic encipherment system with their secrets, no matter what their 'rights' were alleged to be; professional covert communications at this level - such as they are - have, it seems, for about a century been dominated by an archaic, slow, manual system known in the US as 'Vernam' or in UK as 'Foreign Office One Time Pad', which apparently, if correctly used, never provides sufficient key-consistent ciphertext for there to be any realistic probability of a successful brute-force attack using current supercomputers, and has therefore, it is said, never been broken. Commercial users might need fast, high-capacity automatic crypto equipment which is, of course, susceptible to both brute-force and other attacks, but messages like 'Three hundred Armalites at $99.95 each' or 'Revolution starts 1200 Thursday; if wet, in church hall' perhaps do not. If the authorities truly think that by tracing (or simply banning, as seems more likely in the long term) cash, opening mail, tapping phones and suspending the suspect's 'right to silence' they will stop the likes of the Medellin cocaine traffickers or the Abu Nidal terrorist group then IMHO they are probably mistaken and, if so, also wasting a lot of public money (mind you, aren't those 'Miami Vice' speedboats *fun*? So much more stylish than an ordinary pair of police-issue shoes...). If, on the other hand, all this 'war on drugs', 'war on Bolshies', 'war on jaywalkers', etc. stuff is just a cover for setting up, with the support of an apparently unquestioningly docile majority of the public, general surveillance and control measures that would have gladdened the hearts of Himmler or Beria, then IMHO they're doing rather well... Regards, Chaz ------------------------------ Date: Mon, 11 Jan 93 12:56:27 EST From: "Larry Seiler, x223-0588, MLO5-2 11-Jan-1993 1252" <seiler@rgb.enet.dec.com> Subject: Re: Perot campaign raiding credit data? On the one hand, I'm glad to hear that the FBI and the news services are taking this seriously. It's a terrible thing if people steal private data such as credit records. On the other hand, a cynical part of me says "why bother"? Wouldn't Orix have sold that same data to any customer who claimed a "business need" to know it, with no checking and without asking permission? It's as if a policeman comes across 10 soldiers and one civilian looting a store, and arrests the civilian but leaves the soldiers to their work. Well, of course, looters should be arrested and the police cannot do anything about the soldiers. But I cannot help thinking that the reporters covering this story have missed the point: Equifax' databases are *not* secure, and even if they were, there are so many legal ways to get the data that the only advantage I can see to stealing it is that there is less of a paper trail to show who got the data. Larry ------------------------------ Date: Wed, 13 Jan 93 08:46:28 -0500 From: scott@cs.rochester.edu Subject: Op-ed piece on telephone Calling Number ID I recently wrote the following article for the editorial page of the Rochester, NY _Times_Union_. It appeared (edited down a couple of paragraphs) on Tuesday, January 12th, 1993, under the (newspaper chosen) headline "Call Id Will Be Boon For Telemarketers". I thought I'd share it with the net. --------------------- Unless you act immediately, your name, address, and telephone number are about to be added to the marketing lists of a whole new set of telephone soli- citors and direct-mail advertisers. How? Through the "Call ID" facility recently introduced by Rochester Telephone. Call ID or, more accurately, Calling Number Identification (CNID), is a mechanism that gives your telephone number to anyone you call. CNID is being promoted as a way to enhance personal privacy: if you pay for CNID service and buy a special phone, you can see the number from which you are being called before you decide to answer. Unfortunately, CNID is much more useful to the marketing industry than it is to individuals. On the whole, it is likely to _reduce_ your personal privacy, rather than enhance it. To its credit, Rochester Telephone has sought to educate customers, through phone bill inserts and newspaper ads, about the technical details of CNID. Moreover, it is permitting customers to opt out of the system. By default, your telephone number will be given to anyone you call, unless you punch a special code before you dial. If you call the phone company and request "all-call restrict," this behavior will be reversed: your number will _not_ be given to anyone you call, _unless_ you punch a special code first. Many people would "like to know `who is it?'" before they pick up the phone. Advertising slogans notwithstanding, however, CNID doesn't tell you. Suppose you buy into the service. When your phone rings and displays the call- ing number, how will you decide whether to answer? Do you know the phone numbers of all the people you might be willing to talk to? If not, how will you resist the urge to pick up the phone "just in case"? Even if you memorize the phone numbers of all your friends, how will you know if they call you from a different phone, or if your spouse calls from a gas station when the car breaks down, or if a stranger calls to tell you that your child has been injured while out playing? Experience with CNID in other states suggests that the real beneficiaries are commercial customers who want to compile -- and then sell -- a list of the people who call them. For $200, your favorite business can buy a "reverse directory" that lists all the phone numbers in the Rochester area, in numeri- cal order, with the names and addresses that go with them. For $350, they can buy this directory on a computer-readable laser disk. A business that keeps track of the numbers from which it is called can easily generate a list of the people who made those calls, or at least of the people who own the numbers. Call a movie theater for show times, and within a few days you may begin to receive junk mail and phone calls inviting you to join a video-of-the-month club. Call a bank or broker to check on interest rates and you may begin to receive cold calls from financial advisors. Call any sort of specialty shop (toy store, gun shop, pro shop -- even a fancy restaurant) and you're likely to find yourself on yet another marketing list. These lists are very big business. A multi-billion-dollar industry now collects and organizes personal information on ordinary people. The same com- pany that sells reverse directories will, for a price, augment the listing with estimates of family income (guaranteed 98% accurate to within $5,000), number of children, number of cars, favorite hobbies, etc. One of their sources of information is a CNID-like service that was offered to businesses with 1-800 and 1-900 numbers several years ago. (Your number is given away whenever you make an 800 or 900 call, and there's nothing you can do to prevent it.) The company representative to whom I spoke expects local CNID to increase his business substantially, but he understands the cost: he has switched to all-call restrict for his own phone. For those who want to eliminate nuisance phone calls, there are better alternatives than CNID. Many people have taken to leaving their answering machines on all the time. I have friends whose recording says "Please state your name and the person for whom you are calling. If no one picks up the phone right away, you may leave a message." Of course, they have to listen whenever the phone rings, but they'd have to go look at the number display if they had CNID. An option that saves you the trouble of even going to the phone when an unwanted call arrives can be purchased for $70 from local telephone stores (though not from the Rochester Telephone product center). It's a "call screening" box that plugs in between your phone and the wall, and that can be programmed with a special 4-digit "security code." Callers hear a recorded message that asks them to type in the code. If they get it wrong, your phone doesn't even ring. Friends who know the code can call you from anywhere. Hammacher Schlemmer sells a fancier version that remembers up to 300 different codes. If privacy were really the goal, telephone companies could easily provide the name of the owner of the calling number, rather than the number itself, in a CNID service. The name would be much more useful to residential customers than the number is, but would be much less useful to marketers, since names do not uniquely identify households. Equally easily, phone companies could pro- vide services that duplicate the functionality of call screening boxes. If they allowed callers to identify themselves, either by voice or by punched-in code, you would be in a far better position to decide whether you wanted to answer. Knowing that your call is from "Tom at work" is a lot more useful, from a privacy point of view, than knowing the number from which the call was placed. At the same time, this sort of personalized identification is useless for the collection of marketing lists. Privacy-enhancing alternatives to CNID have been proposed in testimony to the FCC and before public service commissions across the country. In every case, telephone companies have resisted the proposals, on the grounds that they do not adequately meet the needs of their marketing customers. Marketers are clearly hoping that most Rochester residents won't bother to opt out of CNID. I urge you to disappoint them: call the Rochester Telephone customer service number (777-1200) and request all-call restrict. Keeping your phone number private is easy and free. Michael L. Scott is an Associate Professor of Computer Science at the Univer- sity of Rochester and a member of Computer Professionals for Social Responsi- bility. The views expressed here are his own. ------------------------------ Date: Fri, 15 Jan 1993 23:22:47 -0500 From: Dave Banisar <banisar@washofc.cpsr.org> Subject: Released GSA Docs Slam FBI Wiretap Proposal "GSA Memos Reveal that FBI Wiretap Plan was Opposed by Government's Top Telecomm Purchaser" The New York Times reported today on a document obtained by CPSR through the Freedom of Information Act. ("FBI's Proposal on Wiretaps Draws Criticism from G.S.A.," New York Times, January 15, 1993, p. A12) The document, an internal memo prepared by the General Services Administration, describes many problems with the FBI's wiretap plan and also shows that the GSA strongly opposed the sweeping proposal. The GSA is the largest purchaser of telecommunications equipment in the federal government. The FBI wiretap proposal, first announced in March of 1992, would have required telephone manufacturers to design all communications equipment to facilitate wire surveillance. The proposal was defeated last year. The FBI has said that it plans to reintroduce a similar proposal this year. The documents were released to Computer Professionals for Social Responsibility, a public interest organization, after CPSR submitted Freedom of Information Act requests about the FBI's wiretap plan to several federal agencies last year. The documents obtained by CPSR reveal that the GSA, which is responsible for equipment procurement for the Federal government, strongly opposed two different versions of the wiretap plan developed by the FBI. According to the GSA, the FBI proposal would complicate interoperability, increase cost, and diminish privacy and network security. The GSA also stated that the proposal could "adversely _affect national security._" In the second memo, the GSA concluded that it would be a mistake to give the Attorney General sole authority to waive provisions of the bill. The GSA's objections to the proposal were overruled by the Office of Management and Budget, a branch of the White House which oversees administrative agencies for the President. However, none of GSA's objections were disclosed to the public or made available to policy makers in Washington. Secrecy surrounds this proposal. Critical sections of a report on the FBI wiretap plan prepared by the General Accounting Office were earlier withhold after the FBI designated these sections "National Security Information." These sections included analysis by GAO on alternatives to the FBI's wiretap plan. CPSR is also pursuing a FOIA lawsuit to obtain the FBI's internal documents concerning the wiretap proposal. The GSA memos, the GAO report and others that CPSR is now seeking indicate that there are many important documents within the government which have still not been disclosed to the public. Marc Rotenberg CPSR Washington office rotenberg@washofc.cpsr.org Note: Underscores indicate underlining in the original text. Dashes that go across pages indicate page breaks. [Computer Professionals for Social Responsibility is a non- profit, public interest membership organization. For membership information about CPSR, contact cpsr@csli.stanford.edu or call 415/322-3778. For information on CPSR's FOIA work, contact David Sobel at 202/544-9240 (sobel@washofc.cpsr.org).] ---------------------------------------------------------- (#4A) Control No. X92050405 Due Date: 5/5/92 Brenda Robinson (S) After KMR consultations, we still _"cannnot support"_ Draft Bill. No. 118 as substantially revised by Justice after its purported full consideration of other agencies' "substantive concerns." Aside from the third paragraph of our 3/13/92 attachment response for the original draft bill, which was adopted as GSA's position (copy attached), Justice has failed to fully address other major GSA concerns (i.e., technological changes and associated costs). Further, by merely eliminating the FCC and any discussion of cost issues in the revision, we can not agree as contended by Justice that it now " ... takes care of kinds of problems raised by FCC and others ...." Finally, the revision gives Justice sole unilateral exclusive authority to enforce and except or waive the provisions of any resultant Iaw in Federal District Courts. Our other concerns are also shown in the current attachment for the revised draft bill. Once again OMB has not allowed sufficient time for a more through review, a comprehensive internal staffing, or a formal response. /Signature/ Wm. R. Loy KMR 5/5/92 Info: K(Peay),KD,KA,KB,KE,KG,KV,KM,KMP,KMR,R/F,LP-Rm.4002 (O/F) - 9C1h (2) (a) - File (#4A) ----------------------------------------------------------- ATTACHMENT REVISED JUSTICE DRAFT BILL DIGITAL TELEPHONY The proposed legislation could have a widespread impact on the government's ability to acquire _new_ telecommunications equipment and provide electronic communications services. _Existing_ Federal government telecommunications resources will be affected by the proposed new technology techniques and equipment. An incompatibility and interoperability of existing Federal government telecommunications system, and resources would result due to the new technological changes proposed. The Federal Communications Commission (FCC) has been removed from the legislation, but the Justice implementation may require modifications to the "Communications Act of 1934," and other FCC policies and regulations to remove inconsistencies. This could also cause an unknown effect on the wire and electronic communications systems operations, services, equipment, and regulations within the Federal government. Further, to change a major portion of the United States telecommunications infrastructure (the public switched network within eighteen months and others within three years) seems very optimistic, no matter how trivial or minimal the proposed modifications are to implement. In the proposed legislation the Attorney General has sole _unilateral exclusive_ authority to enforce, grant exceptions or waive the provisions of any resultant law and enforce it in Federal District Courts. The Attorney General would, as appropriate, only "consult" with the FCC, Department of Commerce, or Small Business Administration. The Attorney General has exclusive authority in Section 2 of the legislation; it appears the Attorney General has taken over several FCC functions and placed the FCC in a mere consulting capacity. The proposed legislation would apply to all forms of wire and electronic communications to include computer data bases, facsimile, imagery etc., as well as voice transmissions. The proposed legislation would assist eavesdropping by law enforcement, but it would also apply to users who acquire the technology capability and make it easier for criminals, terrorists, foreign intelligence (spies) and computer hackers to electronically penetrate the public network and pry into areas previously not open to snooping. This situation of easier access due to new technology changes could therefore affect _national security_. (1) ------------------------------------------------------------- The proposed legislation does not address standards and specifications for telecommunications equipment nor security considerations. These issues must be addressed as they effect both the government and private industry. There are also civil liberty implications and the public's constitutional rights to privacy which are not mentioned. it must be noted that equipment already exists that can be used to wiretap the digital communications lines and support court- authorized wiretaps, criminal investigations and probes of voice communications. The total number of interception applications authorized within the United States (Federal and State) has been averaging under nine hundred per year. There is concern that the proposed changes are not cost effective and worth the effort to revamp all the existing and new telecommunications systems. The proposed bill would have to have the FCC or another agency approve or reject new telephone equipment mainly on the basis of whether the FBI has the capability to wiretap it. The federal- approval process is normally lengthy and the United States may not be able to keep pace with foreign industries to develop new technology and install secure communications. As a matter of interest, the proposed restrictive new technology could impede the United States' ability to compete in digital telephony and participate in the international trade arena. Finally, there will be unknown associated costs to implement the proposed new technological procedures and equipment. These costs would be borne by the Federal government, consumers, and all other communications ratepayers to finance the effort. Both the Federal government and private industry communications regular phone service, data transmissions, satellite and microwave transmissions, and encrypted communications could be effected at increased costs. (2) ============================================================= Documents disclosed to Computer Professionals for Social Responsibility (CPSR), under the Freedom of Information Act December 1992 ============================================================= ------------------------------ End of PRIVACY Forum Digest 02.03 ************************