TUCoPS :: Privacy :: priv_235.txt

Privacy Digest 2.35 11/19/93

PRIVACY Forum Digest     Friday, 19 November 1993     Volume 02 : Issue 35

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	 Privacy of cellular phones (Cris Pedregal Martin)
	 On the Road to Nosiness? (Les Earnest)
	 Re: "On the Road to Nosiness?" (Joel A. Fine)
	 Privacy of Card Readers (Brad Dolan)
	 ID Cards & Campus Privacy (Willis H. Ware)
	 Unresolved latent matching (faatzd2@rpi.edu)
	 CPSR Alert 2.05 [Extracts re: FBI Digital Telephony Initiative,
	    Crypto Policies, and Medical Privacy -- MODERATOR ]
	    (Dave Banisar)
	 TTGI/CPNI is Not Protected (David Gast)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 02, ISSUE 35

   Quote for the day:

	"And now, for something completely different..."

	    -- Segment bumper line from "Monty Python's Flying Circus"
	       (1969-1974)

----------------------------------------------------------------------

Date:    Sat, 6 Nov 1993 15:16:19 -0500 (EST)
From:    pedregal@unreal.cs.umass.edu (Cris Pedregal Martin)
Subject: Privacy of cellular phones [Subject field chosen by MODERATOR]

(Of course, readers here know that using a cellphone broadcasts
in the clear their conversations -no need for more caveats on this.)

On the arrest made after cellular eavesdropping: the chutzpah (or
naivete?) of the cop who openly admitted to illegally scanning 
cellular frequencies is a tip-off of something. Has this scanning
become widespread in law enforcement? After all, one can always
make up another probable cause if the fishing expedition yields
something.

It is to be expected that the case will be thrown out on tainted
evidence grounds.  But if the practice if widespread, it'll just
tell the cops eavesdropping is still one off-the-book method, so
they don't write it down on their reports. Law enforcers have plenty
incentive to bend laws in their work.  But civil rights are for
everyone, including suspected criminals -- the real test of whether
we respect rights if when we have to protect those of persons 
we don't like (or whose actions we don't like).  

Not concerned with this since you are an honest citizen?  Think
again; since bad guys don't always wear black hats anymore, you
might be mistaken for one any day.  And then all those legal
"technicalities" will matter.  


And, in the same digest, a nitpick: 
> 
> The state of Wisconsin recently appointed a Privacy Advocate.  
> 
> Carol M. Doeppers, the wife of a UW Geology Professor begins in this
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
No, I am not with the PC police, but this kind of bio information
is irrelevant, probably sexist, and arguably a violation of the
Privacy Advocate's privacy! (most likely by the original newspaper
story writer)
-- 
Cris Pedregal Martin                     pedregal@cs.umass.edu 
Computer Science Department              UMass / Amherst, MA 01003

------------------------------

Date:    Sat, 6 Nov 93 14:03:29 -0800
From:    Les Earnest <les@sail.stanford.edu>
Subject: On the Road to Nosiness? (Digest V02 #34)

In his Detroit Free Press article, Dan Gillmor describes prospective
privacy intrusions in the form of vehicle tacking based on
"intelligent vehicle highway systems."  Some of these problems can be
avoided through appropriate design decisions, but the fact is that
many of us can be tracked today on a minute-by-minute basis.

The article says:
    * Proposals for electronic tolls -- which economists and
    traffic planners generally agree would be an  efficient way to
    reduce congestion and pay for upkeep. The reasoning,  which
    makes sense, is that you should pay more to use the highway at
    rush hour than at 2 a.m. How would that be done? Highway and
    vehicle sensors, which wouldn't slow traffic like old-fashioned
    toll  booths, would know when you use  the road and bill you
    accordingly.

However, instead of basing toll payments on a credit/billing system, a
debit card can be used that is purchased anonymously.  This can be
done in at least two ways: using a smart card that keeps track of how
much of its value has been "spent" on tolls or a card that simply
gives its ID number when interrogated, so that a central toll computer
can keep track of how much of its original value has been spent.  A
more elegant approach would be to use a Digicash card or equivalent
coupled with a transceiver.  Any of these schemes would do a
reasonable job of preserving privacy.

California state officials originally proposed an automatic toll
billing system in which the vehicle identification number could be
read electronically, which would have been disasterous for privacy.
However, they have apparently been talked into using the anonymous
debit card approach by privacy advocates, principally Chris Hibbert.

However, those of us who use cellular phones can be, and perhaps are
being, tracked already.  A certain amount of tracking is essential in
order to make the cellular phone system work.  This includes
measurement of signal strength from a given cellular phone at various
transceiver sites and with various antennas -- each site typically has
six or so directional antennas.  Back-of-the-envelope calculations
indicate that by comparing signal strengths from various sites and
antennas the location of the phone often can be determined to less
than a square mile and sometimes more accurately.

Note that your phone can be tracked even when you are not talking --
if it is open to incoming calls it can be tracked without your being
aware of it.  Furthermore, there appear to be no legal constraints on
the use of this information.  The cellular phone company can give it
to a law enforcement agency without the latter having to get court
order.  Alternatively, the company can sell this information to
whoever is interested.

Probably most cellular phone companies will not disclose tracking
information based on ethical considerations, but I wouldn't want to
count on it.  I believe that this is a loophole that should be closed
by appropriate legislation.

	-Les Earnest

------------------------------

Date:    Mon, 08 Nov 1993 10:24:54 -0800
From:    "Joel A. Fine" <joel@postgres.Berkeley.EDU>
Subject: Re: "On the Road to Nosiness?"

Dan Gillmor writes:
> ...suppose some future road officials decide to install new
> cameras and higher-capacity transmission  lines, allowing the
> system to scan locations, license-plate numbers and drivers'
> faces into the computer.

A similar system is already in place in Campbell, California, and
several nearby municipalities, for the purpose of enforcing speed
limits. An unmanned radar-camera combination automatically photographs
speeding motorists and records their speed at the time the picture was
taken. Several days later, the driver receives a copy of the photo,
along with a bill for the appropriate fine for the traffic violation.
The driver never talks with, or sees, a traffic cop.

- Joel Fine
joel@cs.berkeley.edu

------------------------------

Date:    08 Nov 93 10:43:32 EST
From:    Brad Dolan <71431.2564@CompuServe.COM>
Subject: Privacy of Card Readers

Dave Millar, millar@pobox.upenn.edu, asks for info about alternate names 
for and uses of security card systems.  We called them "key cards" in the
nuke plants where I used to work.  You didn't have to be an atomic 
scientist ;-) to figure out that big brother would monitor the data 
closely.  That's why I never felt too sorry for the people who were
clobbered based on key card data.  Of course, there is always the 
potential for bad data .....   

About once a year, somewhere in the industry, a guy would get "disciplined"/
canned for:

(1) Claiming he performed a task, when there was no key card record of
his entry into the space where the work would be performed.

(2) Spending "too little" time in the space where the work would be 
performed.

(3) Spending "too much" time in an out-of-the way space on a midnight
shift.

& other variations on these themes.

	[ A key question which arises revolves around the issue of whether
	  the same sorts of tracking records that it makes sense to keep in
	  a nuclear or other secure facility are reasonable for the typical
	  educational environment.  See the next message below. -- MODERATOR ]

------------------------------

Date:    Mon, 15 Nov 93 15:56:17 PST
From:    "Willis H. Ware" <willis@jake.rand.org>
Subject:  ID Cards & Campus Privacy

Dave Millar of the Univ of Pennsylvania wants to know:

> Can you help me find any information on the issues associated with
> information kept on security card scanner systems?  We have a large
> network of card readers scattered across campus tracking the comings
> and goings of several tens of thousands of people at several hundred
> points on campus - administrative buildings, dining halls, dorms,
> libraries, etc.  What, if anything, stops someone from collecting
> this data and using it in ways not known or intended by the people
> being monitored?

In a word, very little.  Stop looking; you will find nothing.

The University of Pennsylvania is a private institution and hence can
behave largely as any entity in the private sector does with personal
information, do as it pleases.  In the private sector there are very
few legal restrictions on what may done with personal information;
credit information on an individual is one of exceptions.  The only
thing going in favor of the individual is the morality and ethical
behavior of the institution and concerned well informed leadership and
administrators.

As a matter of proper behavior and sensible administration, the
University should have in place a policy stipulating how such
information will be protected and access to it controlled, how such
information will be stored, how long it will be retained, who may be
allowed access to it, with whom it will be shared, will law
enforcement have access to it, is it subject to subpoena, are audit
trails accumulated of any one individual, etc.  Additionally, the
campus population should also know what things are possible with the
system; e.g., what is the information used for, how might it be used if
some administrator has a bright idea for a new use, who makes policy on
the use, does or should the campus population have a voice in such
decisions.

In short there should be a privacy policy governing the operation of
such a system and the policy should be made known to all campus users.

If it does not, there is no law that will require it do so.  All you
can do is to demonstrate, cajole, pressure, embarrass, threaten,
publicize, persuade, etc. in an effort to get a proper response.  In
the end everyone on the Penn campus will depend on the ethics of the
University administration.

I suggest that you contact my colleague and friend, Professor David
Farber of the Computer Science Department.  He is alert to computer
security and privacy problems.  He may be well informed on this system
and can give you more detailed answers, or help you in rectifying any
shortfalls.

				Willis H. Ware
				Santa Monica, CA

			[ Depressing, isn't it?  -- MODERATOR ]

------------------------------

Date:    Mon, 8 Nov 93 11:59:43 EST
From:    <faatzd2@rpi.edu>
Subject: Unresolved latent matching ...

	I once worked for a startup company (now defunct) that wanted
to develop fingerprint matching systems to sell to Governments. Our
initila product would not have handled "unresolved latent matching" ...
that is, matching outstanding crime scene prints against incoming
prints for current crimes, job applications, etc.

	We were unable to sell such a system ... state goverments believe that
the real BANG they get from automated fingerprint processing is NOT improved
efficiency, lower cost, faster response times, or any of the normal business
advantages. What they get is BIG PUBLICITY when someone submits his prints
as part of a routine job application (say as a schoolbus driver ...) and
it kicks out a match with an unresolved crime scene print for say an
AXE mureder 10 years ago. 

	This kind of thing is the real payback law enforcement sees in such
systems.

	BTW - it has never been proven one way or another that fingerprints
are unique identifiers ... only that no two individuals have yet been found
to have the same prints ... it is possible in theory ...

------------------------------

Date:    Fri, 12 Nov 1993 13:13:48 EST
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: CPSR Alert 2.05 [Extracts re: FBI Digital Telephony Initiative,
	 Crypto Policies, and Medical Privacy -- MODERATOR ]

	[ I have extracted the following three numbered items from
	  CPSR Alert 2.05 -- MODERATOR ]

[1]  FBI's Operation "Root Canal" Documents Disclosed

In response to a CPSR Freedom of Information Act lawsuit, the FBI this
week released 185 pages of documents concerning the Bureau's Digital
Telephony Initiative,  code-named Operation "Root Canal." The newly
disclosed material raises serious doubts as to the accuracy of the
FBI's claim that advances in telecommunications technology have
hampered law enforcement efforts to execute court-authorized wiretaps.

The FBI documents reveal that the Bureau initiated a well- orchestrated
public relations campaign in support of "proposed legislation to compel
telecommunications industry cooperation in assuring our digital
telephony intercept requirements are met."  A May 26, 1992, memorandum
from the Director of the FBI to the Attorney General lays out a
"strategy ... for gaining support for the bill once it reaches
Congress," including the following:

     "Each FBI Special Agent in Charge's contacting key law
     enforcement and prosecutorial officials in his/her territory
     to stress the urgency of Congress's being sensitized to this
     critical issue;

     Field Office media representatives educating their contacts
     by explaining and documenting, in both local and national
     dimensions, the crisis facing law enforcement and the need
     for legislation; and

     Gaining the support of the professional associations
     representing law enforcement and prosecutors."

However, despite efforts to obtain documentation from the field in
support of Bureau claims of a "crisis facing law enforcement," the
response from FBI Field Offices was that they experienced *no*
difficulty in conducting electronic surveillance.  For example, a
December 3, 1992, memorandum from Newark reported the following:

     The Newark office of the Drug Enforcement Administration
     "advised that as of this date, the DEA has not had any
     technical problems with advanced telephone technology."

     The New Jersey Attorney General's Office "has not experienced
     any problems with the telephone company since the last
     contact."

     An agent from the Newark office of the Internal Revenue
     Service "advised that since the last time he was contacted,
     his unit has not had any problems with advanced telephony
     matters."

     An official of the New Jersey State Police "advised that
     as of this date he has had no problems with the present
     technology hindering his investigations."

Likewise, a memorandum from the Philadelphia Field Office reported that
the local offices of the IRS, Customs Service and the Secret Service
were contacted and "experienced no difficulties with new technologies."
Indeed, the newly-released documents contain no reports of *any*
technical problems in the field.

The documents also reveal the FBI's critical role in the development of
the Digital Signature Standard (DSS), a cryptographic means of
authenticating electronic communications that the National Institute of
Standards and Technology was expected to develop.  The DSS was proposed
in August 1991 by the National Institute of Standards and Technology.
NIST later acknowledged that the National Security Agency developed the
standard.  The newly disclosed documents appear to confirm speculation
that the  FBI and the NSA worked to undermine the legal authority of
the NIST to develop standards for the nation's communications
infrastructure.

CPSR intends to pursue further FOIA litigation to establish the extent
of the FBI involvement in the development of the DSS and also to obtain
a "cost-benefit" study discussed in one of the FBI Director's memos and
other documents the Bureau continues to withhold.

       -------------------------------------------------------------

[2] GAO Report Criticizes Gov't Crypto Policy

A Government Accounting Office report has found that government
policies are hindering the development of encryption technology at the
same time the industry is threatened by economic espionage because of
computer networks lacking adequate security.  The report was requested
by House Judiciary Chair Jack Brooks.

The report _Communications Privacy: Federal Policy and Actions_
(GAO/OSI-94-2) also found that NIST followed the NSA's lead in
developing cryptographic standards for communications privacy and that
there has been little public input in this process. NIST terminated a
project in 1982 to develop a public key encryption system at the
request of NSA and in 1991 introduced a NSA developed standard for
digital signatures. In addition, no public input was solicited for the
Clipper Chip proposal until 1993, over three years after the initiation
of its development.

The report also noted the wide range of software and hardware available
outside the US and that the continued export controls are apparently
more stringent than those in other countries. This is apparently
hurting sales of U.S. software and hardware products worldwide.

Congressman Brooks said that "[I]t is deeply disturbing to find that
some U.S. government agencies are undermining American corporations
efforts to protect themselves from state-sponsored theft of trade
secrets and other propriety information." Brooks also stated that "The
plain truth is that encryption devices and software are available
around the world. The barn door is open; the horses are out. It is high
time for the government to accept this fact of life and stop hog-tying
U.S. industry with overly restrictive export controls that damage this
country's effort to compete in the global marketplace."

The GAO report is available at the CPSR Internet Library (see below).

 A paper copy is available from the GAO by calling 202-512-6000.

       -------------------------------------------------------------

[3] Health Care Reform Plan Released Amidst Growing Concern About
Medical Privacy

The Clinton health care reform plan was released the same week that a
new Lou Harris poll found high levels of concern about privacy among
the American public. The health care reform proposal includes important
privacy safeguards, but the measures may not go far enough to address
public concerns.

The Harris poll reveals that Americans are very much concerned about
medical record privacy.  The poll conducted by Prof. Alan Westin found
that 49 percent of all Americans are very concerned and 30 percent are
somewhat concerned by the threats to their personal privacy. An
additional 56 percent believe that strong federal protection of medical
records is necessary to accomplish health care reform.

The health care reform proposal includes a strong code of fair
information practices, and an explicit prohibitions on the use of
medical record information for employment purposes.  But the plan
leaves open the question of whether the Social Security Number might be
used as a patient identifier and also allows more than three years
before full legislative safeguards are established.

At a conference organized by the US Office of Consumer Affairs, CPSR
Washington Office Director Marc Rotenberg and ACLU Privacy and
Technology Project Director Janlori Goldman said that the health care
reform plan raises far-reaching privacy concerns that must be addressed
at the outset.

The Office of Technology Assessment released a new report on medical
records and  privacy at a Congressional hearing held by Rep. Gary
Condit (D-CA). "Protecting Privacy in Computerized Medical Information"
explores the implications of the  automation of health care information
and recommends federal legislation to  address patient confidentiality
and privacy.

An electronic copy  is  available at the CPSR Internet Library. (see
below for location details).

Senator Patrick Leahy (D-VT) recently held a hearing to explore the
privacy implications of medical smart cards.  The Senator plans to hold
a second hearing on medical record privacy later this year.

------------------------------

Date:    Mon, 15 Nov 93 14:24:28 -0800
From:    gast@CS.UCLA.EDU (David Gast)
Subject: TTGI/CPNI is Not Protected

> This puzzled me greatly when it appeared in the Telecom Digest, too.
> When I was at AT&T, the code of conduct that I signed asserted that
> call detail is Customer Proprietary Network Information (CPNI), and
> that it is illegal to disclose CPNI without the customer's consent.
> To do so also results in immediate dismissal.  So how can Scanners
> claim that it's legal for them to sell CPNI?  *SOMEBODY* had to break
> the law for them to get it.

Andy and I have had extensive e-mail and other electronic contact over
the years regarding CPNI or TTGI as it is also called.  (TTGI is Telephone
Transaction Generated Information).  Given the state of the law, I am
somewhat surprised he still maintains that it is illegal to disclose
CPNI without the customer's consent.  (If that were true, then CNID and
ANI would be illegal).  Further info follows.

> I know that AT&T and the RBOCs have typically refused to disclose
> anything without papers signed by a judge.

I don't believe that the P&G scandal of a few years ago involved a judge.

[Material adapted from an article written by Marc Rotenberg that is in the
telecom archives].  In the old days, as far as I know, his statement was
true.  As William Caming, the general counsel of AT&T for many years wrote
in a 1984 article "Protection of Personal Data in the United States," (The
Information Society, pp.117-119, vol, 3., no. 2 (1984))

  "In testimony before the Privacy Commission, I said in behalf of AT&T
  that we unreservedly pledged ourselves to undertake promptly a thorough
  reexamination of our policies and practices impacting upon privacy to
  ensure that the Bell System's commitment to the spirit of "Fair
  information" principles was being fully realized. . . .

  "Over the years, the Bell System has staunchly supported the
  concept that the protection of its customers' communications
  and business records is of singular importance.  Time and time
  again, we have stressed to the Congress and the Federal
  Communications Commission and on other public forums that
  the preservation of privacy is a basic concept in our business. .
  . . .

  ". . . toll billing record are corporate records maintained in the
  ordinary course of business as necessary substantiation for
  the charges billed to customers.  These records are extremely
  sensitive since they, in essence, constitute a virtual log of
  one's daily communications.  They are generally kept for a
  limited period of time to serve the needs of the business and
  to conform to statutory and regulatory requirements.  They are
  normally destroyed as a matter of business routine at the
  conclusion of the prescribed retention period, usually six
  months.

  "Access to these records is rigorously restricted.  They are not
  released except pursuant to subpoena, administrative
  summons, or court order valid on its face. . . . Exceptions to the
  foregoing policies are extremely few in number."

But just because something used to be true, does not mean that it is
still true.  I don't know the law back in 1974.  There may have been
a law against disclosure or it may have just been Bell policy.  I do
know that the current state of the law provides no such protection.

First, the ECPA permits the disclosure of anything except *content*
to any person other than a governmental entity.  (That may mean that
posting something to the net, which is monitored by the government,
could be illegal. :-) )

Second, the FCC has ruled that in the interests of competition (footnote 1),
that unless you have more than 20 lines, your inter-lata dialing patterns
must be disclosed to other inter-lata exchange carriers (IXCs).  Note how
the FCC recognizes a privacy interest by people/organizations with many
phone lines, but denies people with only a few lines this privacy protection.
They further pre-empted any state laws giving greater protection.  This ruling
was reported by the Privacy Journal and relayed by me to the telecom digest
with the Federal Register reference back when it was promulgated.

Now if Mr. Sherman or anyone else would like to cite which law other than
the apocryphal law was broken I would be interested in learning about it.
I believe that Scanners broke no law.  I hypothesize that they got the
information pursuant to the FCC regulations.

The result, of course, is that inviduals such as myself make far fewer
long distance calls than we used to.

David

Footnote 1: The idea that by providers more information consumers will
get better prices is ludicrous on its very face.  Information is power
and money.  And unless the IXCs have suddenly become charity institutions,
they will use the information to increase profits, not lower prices.

	[ It's interesting to note the "oddities" in the way different sorts
	  of personal data are subject to differing levels of privacy
	  "protection."  At least in certain situations, laws exist to
	  provide some modest protections from the release of our video tape
	  rental title selections.  One might *hope* that similar protections
	  (at the very least!) will be extended to viewer programming
	  selections from advanced cable TV and satellite delivery systems
	  (this is actually a whole area of privacy discussion onto itself,
	  which I'll save for a future digest).  

	  But while you may be protected from your local video store
	  exposing you as a renter of "Plan 9 From Outer Space," your
	  detailed telephone records may perhaps be released as part of
	  routine business in the name of fostering "competition."

	  So much of this goes on because so *few* people seem to
	  care, much less complain, about privacy matters.  Either
	  they don't think it's an issue, or they've taken the
	  fatalistic "there's nothing to be done" approach.
	  Either way, the end result is the same.

						-- MODERATOR ]
------------------------------

End of PRIVACY Forum Digest 02.35
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH