TUCoPS :: Privacy :: priv_228.txt

Privacy Digest 2.28 8/15/93

PRIVACY Forum Digest        Sunday, 15 August 1993        Volume 02 : Issue 28

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	 Re: Loss of conciousness & the DMV (Mel Beckman)
	 CPSR and the NII (Nikki Draper)
	 NSA Seeks Delay in Clipper (Dave Banisar)
	 "SKIPJACK Review Report" from Dorothy Denning 
	    (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

	"I know nothing.  NOTH-ING!"

			-- Sergeant Hans Schultz (John Banner)
			   "Hogan's Heroes" (1965-1971)


Date:    Mon, 2 Aug 93 07:38:12 PST
From:    mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Reply-To: mbeckman@mbeckman.com
Subject: Re: loss of conciousness & the DMV

In Regards to your letter <m0oMi6n-0001v3C@vortex.com>:
> It's lucky for the poor
> victim (who suffered from a brain tumor) that he didn't live in California,
> where doctors are required to report ANY loss of consciousness -- no matter
> what the cause -- to the DMV. After such a report has been made, it is
> nearly impossible to get a driver's license again -- EVER. It's the law.

As the moderator suspects, this statement is too broad. The requirement is
that any _unexplained_ or pathology-related loss of consciousness must be
reported. Obviously, if a patient loses consciousness as a result of some
trauma (e.g. a car accident), this need not be reported as a separate
incident. Similarly, loss of consciousness from anesthesia, heat
prostration, drug overdose, or other identifiable agent are not reportable.
Only when loss of consciousness is an unexplained phenomenon, or is due to
an intrinsic pathology (e.g.  epilepsy) is it reportable.


| Mel beckman                  |   Internet: mbeckman@mbeckman.com     |
| Beckman Software Engineering | Compuserve: 75226,2257                |
| Ventura, CA 93003            |  Voice/fax: 805/647-1641 805/647-3125 |

		[ I was also pointed at an article in the "San Jose Mercury
		  News" from April 27, 1991 which reported horror stories of
		  people who, after a single fainting incident (apparently
		  prescription drug dosage induced) had their licenses and
		  auto insurance pulled, and had been unable to get them
		  back even after their health was declared perfectly OK.  At
		  the time (at least) a lack of clearly defined standards
		  and a rush of doctors filing names after a heavily
		  publicized case (and a law protecting them from any actions
		  on the part of drivers who had their licenses pulled)
		  apparently were involved.  I don't know if the situation
		  has improved in these regards during the 2+ years since
		  that article was written.  -- MODERATOR ]


Date:    Tue, 10 Aug 1993 09:43:40 PDT
From:    Nikki Draper <draper@CSLI.Stanford.EDU>
Subject: CPSR and the NII


Palo Alto, Calif., August 6, 1993  --  At a recent meeting in
Washington  D.C., board members from Computer Professionals for
Social Responsibility (CPSR) were challenged by top level
telecommunications policy experts to craft a public interest vision of
the National Information Infrastructure (NII).  The experts at the
roundtable discussion included Mike Nelson from the President's
Office of Science and Technology, Vint Cerf from the Internet Society,
Jamie Love from the Taxpayer's Assets Project, Ken Kay from
Computer Systems Policy Project, and Laura Breeden from FARnet.

"We were excited to discover that CPSR is in a position to play a key
role in shaping NII policy," said CPSR Board President, Eric Roberts.
"The commercial sector is already in the thick of the debate, but
there has been little coordinated response from the noncommercial
constituencies.  After talking about the issues and CPSR's role, the
Board committed to meeting this challenge."

So far, the debate about the NII has centered around fiber versus
ISDN, cable companies versus telephone companies, research versus
commercialization, and so on.  These are real questions with
important  implications.  However, CPSR believes that a better
starting point is a set of guiding principles as the context for all these
more detailed questions about "architecture," technical standards,
and prime contractor.  Before arguing over bits and bytes, it is crucial
to clarify the vision and values that underlie a major endeavor like
the NII.

As individuals in the computing profession, CPSR's membership
knows that new technologies bring enormous social change.
CPSR's goal is to help shape this change in an informed manner.
Key issues discussed in the paper will include:

o     ensuring that the design remains both open and flexible so
       that it can evolve with changing technology.

o     ensuring that all citizens have affordable network access and
       the training necessary to use these resources.

o      ensuring that risks of network failure and the concomitant
        social costs are carefully considered in the NII design.

o      protecting privacy and First Amendment principles in
        electronic communication.

o     guaranteeing that the public sector, and particularly schools
       and libraries, have access to public data at a reasonable cost.

o     seeking ways in which the network can strengthen democratic
       participation and community development at all levels.

o     ensuring that the network continues to be a medium for
       experimentation and non commercial sharing of resources,
       where individual citizens are producers as well as consumers.

o     extending the vision of an information infrastructure beyond
      its current focus of a national network, to include a global

The national membership of CPSR brings a unique perspective to the
overall conception of the NII.  Throughout CPSR's history, the
organization has worked to encourage public discussion of decisions
involving the use of computers in systems critical to society and to
challenge the assumption that technology alone can solve political
and social problems.  This past year, CPSR's staff, national and
chapter leadership have worked on privacy guidelines for the
National Research and Education Network (NREN), conducted a
successful conference on participatory design, created local
community networks, organized on-line discussion groups on
intellectual property, and much more.

To ensure that its position paper is broadly representative, CPSR will
work in concert with other public interest groups concerned about
the NII, such as the newly established coalition in Washington D.C.,
the Telecommunications Policy Roundtable.  CPSR chapters are will
be conducting a broad based public campaign to reach out beyond
the technical experts and producers -- to people who will be affected
by the NII even if they never directly log on.

CPSR will begin distributing its completed paper to policy makers
on October 16th at its annual meeting in Seattle, Washington.
The meeting will bring together local, regional and national decision
 makers to take a critical look at the NII.

Founded in 1981, CPSR is a national, non-profit, public interest
organization of computer scientists and other professionals concerned
with the impact of computer technology on society.  With offices in
Palo Alto, California, and Washington D.C., CPSR works to dispel
popular myths about technological systems and to encourage the
use of computer technology to improve the quality of life.

For more information on CPSR's position paper , contact
Todd Newman, CPSR board member, at 415-390-1614 .

For more information about CPSR, contact Nikki Draper,
Communications Director, at 415-322-3778 or
draper @csli.stanford.edu.


Date:    Thu, 12 Aug 1993 9:37:14 EST    
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: NSA Seeks Delay in Clipper  

     The National Security Agency (NSA) has asked a federal court
for a one-year delay in a lawsuit challenging the secrecy of the
government's "Clipper Chip" encryption proposal.  The suit was
filed by Computer Professionals for Social Responsibility (CPSR)
on May 28 and seeks the disclosure of all information concerning
the controversial plan.

     In an affidavit submitted to the United States District Court
for the District of Columbia on August 9, NSA Director of Policy
Michael A. Smith states that

     NSA's search for records responsive to [CPSR's] request
     is under way, but is not yet complete.  Because the
     Clipper Chip program is a significant one involving the
     participation of organizations in four of NSA's five
     Directorates and the Director's staff, the volume of
     responsive documents is likely to be quite large.
     Moreover, because the Clipper Chip program is highly
     complex and technical and is, in substantial part,
     classified for national security purposes, the review
     process cannot be accomplished quickly.

     CPSR called for the disclosure of all relevant information
and full public debate on the proposal on April 16, the day it was
announced.  While NSA has insisted from the outset that the
"Skipjack" encryption algorithm, which underlies the Clipper
proposal, must remain secret, the Smith affidavit contains the
first suggestion that the entire federal program is classified "in
substantial part."  In the interest of obtaining timely judicial
review of the agency's broad classification claim, CPSR intends to
oppose NSA's request for delay in the court proceedings.

     In another case involving government cryptography policy,
CPSR has challenged NSA's classification of information concerning
the development of the Digital Signature Standard (DSS).  The
court is currently considering the issue and a decision is
expected soon.

     CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society.  CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, and Washington, DC.
For additional information on CPSR, call (415) 322-3778 or
e-mail <cpsr@cpsr.org>.

David L. Sobel
CPSR Legal Counsel


Date:    Sun, 15 Aug 93 13:03 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: SKIPJACK Review Report from Dorothy Denning

Greetings.  Dorothy Denning recently forwarded me the "SKIPJACK Review
Interim Report."  This is the report from the group of outside experts who
were to study the security of the "Clipper Chip" algorithm, the details of
which remain classified.  I've included the Executive Summary of the report
below.  Note that this study was apparently concerned only with algorithmic
issues, not with the many other issues surrounding Clipper.

The complete text of the report (which is plain ASCII text) and 
an attached appendix (in Latex source form) has been placed into the
PRIVACY Forum archives.  To access:

   Via Anon FTP: From site "ftp.vortex.com": /privacy/skipjack.1.Z
			                 or: /privacy/skipjack.1

   Via e-mail: Send mail to "listserv@vortex.com" with the line:

			    get privacy skipjack.1

               as the first text in the BODY of your message.

   Via gopher: From the gopher server on site "gopher.vortex.com"
	       in the "*** PRIVACY Forum ***" area under "skipjack.1".



                            SKIPJACK Review
                             Interim Report
                        The SKIPJACK Algorithm

           Ernest F. Brickell, Sandia National Laboratories
               Dorothy E. Denning, Georgetown University
            Stephen T. Kent, BBN Communications Corporation
                          David P. Maher, AT&T
                  Walter Tuchman, Amperif Corporation
                              July 28, 1993

                            (copyright 1993)

Executive Summary

The objective of the SKIPJACK review was to provide a mechanism whereby
persons outside the government could evaluate the strength of the
classified encryption algorithm used in the escrowed encryption devices
and publicly report their findings.  Because SKIPJACK is but one
component of a large, complex system, and because the security of
communications encrypted with SKIPJACK depends on the security of the
system as a whole, the review was extended to encompass other
components of the system.  The purpose of this Interim Report is to
report on our evaluation of the SKIPJACK algorithm.  A later Final
Report will address the broader system issues.

The results of our evaluation of the SKIPJACK algorithm are as

  1. Under an assumption that the cost of processing power is halved
     every eighteen months, it will be 36 years before the cost of
     breaking SKIPJACK by exhaustive search will be equal to the cost
     of breaking DES today.  Thus, there is no significant risk that
     SKIPJACK will be broken by exhaustive search in the next 30-40

  2. There is no significant risk that SKIPJACK can be broken through a
     shortcut method of attack.

  3. While the internal structure of SKIPJACK must be classified in
     order to protect law enforcement and national security objectives,
     the strength of SKIPJACK against a cryptanalytic attack does not
     depend on the secrecy of the algorithm.


End of PRIVACY Forum Digest 02.28

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH