TUCoPS :: Privacy :: priv_320.txt

Privacy Digest 3.20 10/22/94

PRIVACY Forum Digest     Saturday, 22 October 1994     Volume 03 : Issue 20

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	 O.J. Simpson Trial Jury Questionnaires now in PRIVACY Forum Archive
	    (Lauren Weinstein; PRIVACY Forum Moderator)
	 EFF Statement on Passage of Digital Telephony Act 
	    (Stanton McCandlish)
	 Caller ID debate (Phil Agre)
	 Electronic Signatures [Sears] (Jim Conforti)
	 MCI Employee Charged in $50 Million Calling Card Fraud
	    (Monty Solomon)
	 Call for Participation - CFP'95 (Carey Heckman)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 20

   Quote for the day:

	"A scientist both wise and bold,
	 set out to cure the common cold.
	 Instead he found this power pill,
	 which he said most certainly will,
	 turn a lamb into a lion,
	 like an eagle he'll be flyin'.
	 Solid steel will be like putty.
	 It will work on anybody!"
	
		-- From the opening theme of "Mr. Terrific"
		   January 1967 - August 1967 (CBS)

----------------------------------------------------------------------

Date:    Sat, 22 Oct 94 11:47 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: O.J. Simpson Trial Jury Questionnaires now in PRIVACY Forum Archive

Greetings.  The PRIVACY Forum has been sent several copies of the complete
O.J. Simpson trial questionnaires, which have already been widely circulated
in the mainstream media.  These are the short "hardship" and longer full
versions (in original printed form with space for answers, the longer
version ran 75 pages).

After some consideration, I've decided that the detailed and personal nature
of the questions on these questionnaires (particularly the longer one) makes
them a valid topic for discussion in this forum.  Among the topics for
possible consideration:

-- How would you feel about answering these sorts of detailed,
   personal questions?  Would you consider them to be an invasion
   of your privacy?  An acceptable invasion?  Unacceptable?

-- If a potential juror was unwilling to answer any or all of these 
   questions, would they or should they be subject to any sanctions?

-- Do these sorts of detailed personal questions truly yield useful
   information to the opposing sides in trials?  Can the answers be trusted
   to be honest?

-- Does the use of personal inquiry questionnaires of this sort have an
   overall positive or negative impact on the legal system?

-- And so on...

To access the questionnaires, which are both in a single file
which runs about 57K in length:

    Via Anon FTP: From site "ftp.vortex.com": /privacy/simpson-jq.Z
				          or: /privacy/simpson-jq

    Via e-mail: Send mail to "listserv@vortex.com" with
                the line:

		    get privacy simpson-jq

	        as the first text in the BODY of your message.

    Via gopher: From the gopher server on site "gopher.vortex.com"
	in the "*** PRIVACY Forum ***" area under "simpson-jq".

    Via World Wide Web (WWW): Access the "PRIVACY Forum" archive
	via the Vortex Technology home page at URL:

		http://www.vortex.com/


--Lauren--

------------------------------

Date: 8 Oct 1994 14:32:28 -0500
From: mech@eff.org (Stanton McCandlish)
Subject: EFF Statement on Passage of Digital Telephony Act

EFF Statement on and Analysis of Digital Telephony Act

October 8, 1994

Washington, DC - Congress late Friday (10/7) passed and sent to the
President the Edwards/Leahy Digital Telephony Legislation (HR 4922/S
2375).  The bill places functional design requirements on
telecommunications carriers in order to enable law enforcement to
continue to conduct electronic surveillance pursuant to a court order,
though the bill does not expand law enforcement authority to conduct
wiretaps.  Moreover, the design requirements do not apply to providers
or operators of online services such as the Internet, BBS's,
Compuserve, and others.  The bill also contains significant new
privacy protections, including increased protection for online
personal information, and requirements prohibiting the use of pen
registers to track the physical location of individuals.

Jerry Berman, EFF's Policy Director, said: "Although we remain
unconvinced that this legislation is necessary, the bill draws a hard
line around the Internet and other online networks.  We have carved
cyberspace out of this legislation".

Berman added, "The fact that the Internet, BBS's, Prodigy, and other
online networks are not required to meet the surveillance capability
requirements is a significant victory for all users of this important
communications medium."


Privacy Protections for Online Personal Information Increased

The bill adds a higher standard for law enforcement access to online
transactional information.  For maintenance and billing purposes, most
online communications and information systems create detailed records
of users' communication activities as well as lists of the
information, services, or people that they have accessed or contacted.
Under current law, the government can gain access to such
transactional records with a mere subpoena, which can be obtained
without the intervention of a court.  To address this issue, EFF
pushed for the addition of stronger protections against indiscriminate
access to online transactional records.

Under the new protections, law enforcement must convince a court to
issue an order based on a showing of "specific and articulable facts"
which prove that the information sought would be relevant and material
to an ongoing criminal investigation.

Berman said: "The new legal protections for transactional information
are critical in that they recognize that these records are extremely
sensitive and deserve a high degree of protection from casual law
enforcement access.  With these provisions, we have achieved for all
online systems a significantly greater level of protection than exists
today for any other form of electronic communication, including the
telephone."


EFF to Continue to Monitor Implementation

Berman added: "There are numerous opportunities under this bill for
public oversight and intervention to ensure that privacy is not
short-changed.  EFF will closely monitor the bill's implementation,
and we stand ready to intervene if privacy is threatened."

In the first four years, the government is required to reimburse
carriers for all costs associated with meeting the design requirements
of the bill.  After four years, the government is required to
reimburse carriers for all costs for enhancements that are not
"reasonably achievable", as determined in a proceeding before the FCC.
The FCC will determine who bears the costs in terms of the impact on
privacy, costs to consumers, national security and public safety, the
development of technology, and other factors.  If the FCC determines
that compliance is not reasonably achievable, the government will
either be required to reimburse the carrier or consider it to be in
compliance without modification.

Berman said: "EFF is committed to making a case before the FCC, at the
first possible opportunity, that government reimbursement is an
essential back-stop against unnecessary or unwanted surveillance
capabilities.  If the government pays, it will have an incentive to
prioritize, which will further enhance public accountability and
protect privacy."


EFF Decision to Work on Legislation

Since 1992 EFF, in conjunction with the Digital Privacy and Security
Working Group (a coalition of over 50 computer, communications, and
public interest organizations and associations working on
communications privacy issues, coordinated by EFF) has been successful
at stopping a series of FBI Digital Telephony proposals, which would
have forced communications companies to install wiretap capability
into every communications medium.  However, earlier this year, Senator
Leahy and Rep. Edwards, who have helped to quash previous FBI
proposals, concluded that passage of such a bill this year was
inevitable.  Leahy and Edwards stepped in to draft a narrow bill with
strong privacy protections, and asked for EFF's help in the process.

"By engaging in this process for the last several months," Berman
noted, "we have been successful in helping to craft a proposal that is
significantly improved over the FBI's original bill in terms of
privacy, technology policy, and civil liberties, and have, in the
process, added significant new privacy protections for users of
communications networks.  We commend Representative Edwards, Senator
Leahy, and Representatives Boucher and Markey for standing up for
civil liberties and pushing for strong privacy protections."

The Electronic Frontier Foundation (EFF) is a non-profit public
interest organization dedicated to achieving the democratic potential
of new communications technology and works to protect civil liberties
in new digital environments.


Other Privacy Protections Added by the Bill

The bill also adds the following new privacy protections

*       The standard for law enforcement access to online transactional 
        records is raised to require a court order instead of a mere subpoena. 

*       No expansion of law enforcement authority to conduct electronic    
        surveillance.

*       The bill recognizes a citizen's right to use encryption.

*       All authorized surveillance must be conducted with the affirmative 
        intervention of the telecommunications carrier.  Monitoring    
        triggered remotely by law enforcement is prohibited.

*       Privacy advocates will be able to track law enforcement requests
        for surveillance capability, and expenditures for all surveillance  
        capability and capacity added under this bill will be open to
        public scrutiny.

*       Privacy protections must be maintained in making new technologies  
        conform to the requirements of the bill, and privacy advocates may
        intervene in the administrative standard setting process.

*       Information gleaned from pen register devices is limited to dialed
        number information only.  Law enforcement may not receive location
        information.


Analysis of and comments on major provisions of the bill:

A.      Key new privacy protections

1.      Expanded protection for transactional records sought by law
        enforcement

Senator Leahy and Rep. Edwards have agreed that law enforcement access
to transactional records in online communication systems (everything
from the Internet to AOL to hobbyist BBSs) threatens privacy rights
because the records are personally identifiable, because they reveal
the content of people's communications, and because the compilation of
such records makes it easy for law enforcement to create a detailed
picture of people's lives online. Based on this recognition, the draft
bill contains the following provisions:

i.      Court order required for access to transactional records instead of
        mere subpoena

In order to gain access to transactional records, such as a list of to
whom a subject sent email, which online discussion group one
subscribes to, or which movies you request on a pay-per view channel,
law enforcement will have to prove to a court, by the showing of
"specific and articulable facts" that the records requested are
relevant to an ongoing criminal investigation. This means that the
government may not request volumes of transactional records merely to
see what it can find through traffic analysis. Rather, law enforcement
will have to prove to a court that it has reason to believe that it
will find some specific information that is relevant to an ongoing
criminal investigation in the records that it requests.

With these provisions, we have achieved for all online systems, a
significantly greater level of protection than currently exists for
telephone toll records. The lists of telephone calls that are kept by
local and long distance phone companies are available to law
enforcement without any judicial intervention at all.  Law enforcement
gains access to hundreds of thousands of such telephone records each
year, without a warrant and without even notice to the citizens
involved.  Court order protection will make it much more difficult for
law enforcement to go on "fishing expeditions" through online
transactional records, hoping to find evidence of a crime by accident.

ii.     Standard of proof much greater than for telephone toll records, but
        below that for content

The most important change that these new provisions offer, is that law
enforcement will (a) have to convince a judge that there is reason to
look at a particular set of records, and (b) have to expend the time
and energy necessary to have a US Attorney or DA actually present a
case before a court. However, the burden or proof to be met by the
government in such a proceeding is lower than required for access to
the content of a communication.

2.      New protection for location-specific information available in
        cellular, PCS and other advanced networks

Much of the electronic surveillance conducted by law enforcement today
involves gathering telephone dialing information through a device
known as a pen register. Authority to attach pen registers is obtained
merely by asserting that the information would be relevant to a
criminal investigation. Courts have no authority to deny pen register
requests.  This legislation offers significant new limits on the use
of pen register data.

Under this bill, when law enforcement seeks pen register information
from a carrier, the carrier is forbidden to deliver to law enforcement
any information which would disclose the location or movement of the
calling or called party. Cellular phone networks, PCS systems, and
so-called "follow-me" services all store location information in their
networks.  This new limitation is a major safeguard which will prevent
law enforcement from casually using mobile and intelligent
communications services as nation-wide tracking systems.

i.      New limitations on "pen register" authority

Law enforcement must use "technology reasonably available" to limit
pen registers to the collection of calling number information only.
Currently, law enforcement is able to capture not only the telephone
number dialed, but also any other touch-tone digits dialed which
reflect the user's interaction with an automated information service
on the other end of the line, such as an automatic banking system or a
voice-mail password.

3.      Bill does not preclude use of encryption

Unlike previous Digital Telephony proposals, this bill places no
obligation on telecommunication carriers to decipher encrypted
messages, unless the carrier actually holds the key.  The bill in no
way prohibits citizens from using encryption.

4.      Automated remote monitoring precluded

Law enforcement is specifically precluded from having automated,
remote surveillance capability.  Any electronic surveillance must be
initiated by an employee of the telecommunications carrier.

5.      Privacy considerations essential to development of new technology

One of the requirements that telecommunications carriers must meet to
be in compliance with the Act is that the wiretap access methods
adopted must protect the privacy and security of each user's
communication.  If this requirement is not met, anyone may petition
the FCC to have the wiretap access service be modified so that network
security is maintained.  So, the technology used to conduct wiretaps
cannot also jeopardize the security of the network as a whole.  If
network-wide security problems arise because of wiretapping standards,
then the standards can be overturned.

6.      Increased Public Accountability 

All law enforcement requests for surveillance capability and capacity,
as well as all expenditures paid by law enforcement to
telecommunications carriers and all modifications made by carriers to
comply with this bill, will be accountable to the public.  The
government is also required to pay for all upgrades, in both
capability and capacity, in the first four years, and all costs after
four years for incorporating the capability requirements in the costs
for meeting those requirements are not 'reasonably achievable'.  A
determination of whether compliance after four years is reasonably
achievable will be made by the FCC in an open and public proceeding.
Government reimbursement for compliance costs will permit the public
the opportunity to decide whether additional surveillance capability
is necessary.

In all, the reimbursement requirements combined with the reporting
requirements and the open processes built in to this bill, law
enforcement surveillance capability, capacity, and expenditures will
be more accountable to the public than ever before.

B.      Draconian provisions softened

In addition, the surveillance requirements imposed by the bill are not
as far-reaching as the original FBI version.  A number of procedural
safeguards are added which seek to minimize the threatens to privacy,
security, and innovation.  Though the underlying premise of the Act is
still cause for concern, these new limitations deserve attention:

1.      Narrow Scope

The bill explicitly excludes Internet providers, email systems, BBSs,
and other online services.  Unlike the bills previously proposed by
the FBI, this bill is limited to local and long distance telephone
companies, cellular and PCS providers, and other common carriers.

2.      Open process with public right of intervention

The public will have access to information about the implementation of
the Act, including open access to all standards adopted in compliance
with the Act, the details of how much wiretap capacity the government
demands, and a detailed accounting of all federal money paid to
carriers for modifications to their networks.  Privacy groups,
industry interests, and anyone else has a statutory right under this
bill to challenge implementation steps taken by law enforcement if
they threaten privacy or impede technology advancement.

3.      Technical requirements standards developed by industry instead of
the Attorney General

All surveillance requirements are to be implemented according to
standards developed by industry groups.  The government is
specifically precluded from forcing any particular technical standard,
and all requirements are qualified by notions of economic and
technical reasonableness.

4.      Right to deploy untappable services

Unlike the original FBI proposal, this bill recognizes that there may
be services which are untappable, even with Herculean effort to
accommodate surveillance needs.  In provisions that still require some
strengthening, the bill allows untappable services to be deployed if
redesign is not economically or technically feasible.

Background Information

* The Bill: 
ftp.eff.org, /pub/EFF/Policy/Digital_Telephony/digtel94.bill
gopher.eff.org, 1/EFF/Policy/Digital_Telephony, digtel94.bill
http.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.bill

All other files available from:
ftp.eff.org, /pub/EFF/Policy/Digital_Telephony/Old/
gopher.eff.org, 1/EFF/Policy/Digital_Telephony/Old
http.eff.org/pub/EFF/Policy/Digital_Telephony/Old/

* EFF Analysis of Bill as Introduced: digtel94_analysis.eff
* EFF Statement on Earlier 1994 Draft of Bill: digtel94_old_statement.eff
* EFF Analysis of Earlier 1994 Draft: digtel94_draft_analysis.eff
* EFF Statement on Announcement of 1994 Draft: digtel94.announce
* EFF Statement on Announcement of 1993 Draft: digtel93.announce
* Late 1993/Early 1994 Draft: digtel94_bill.draft
* EFF Statement on 1992 Draft: digtel92_analysis.eff
* EFF Statement on 1992 Draft: digtel92_opposition.announce
* Late 1992 Draft: digtel92_bill.draft
* Original 1992 Draft: digtel92_old_bill.draft

For more information contact:
Jerry Berman    Policy Director         <jberman@eff.org>
Jonah Seiger    Project Coordinator     <jseiger@eff.org>
+1 202 347 5400 (voice)     +1 202 393 5509 (fax)

------------------------------

Date:    Thu, 13 Oct 1994 14:13:21 -0700
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Caller ID debate

Caller ID (abbreviated CNID) is a technology that enables your telephone 
to digitally send its phone number to the telephone of anybody you call.
Controversy about privacy issues in CNID has swirled for years, and the
10/13/94 New York Times has an article on the subject:

  Matthew L. Wald, A privacy debate over Caller ID plan, New York Times,
  13 October 1994.

The United States Federal Communications Commission recently proposed rules,
due to go into effect in April, to create uniform CNID protocols across state
lines.  While the FCC plan does protect privacy in some ways, e.g., preventing
a business that captures your phone number from selling it to others without
your permission, it does not mandate per-line blocking, which is necessary if
you never want to send out your phone number, or if you only want to send it
out when you enter a special code.

The article states clearly that the real reason for CNID is commercial.
Privacy advocates have been saying this for years, and for a long time they
have gotten patronizing lectures about how CNID is for residential use in
catching harassing phone callers.  But CNID is a poor way to catch harassing
phone callers.  Moreover, that single application wouldn't nearly make CNID
profitable.  The point is that CNID is a good way to let companies collect
marketing information and automate service interactions.

Which is fine.  Hardly anybody opposes CNID outright.  But in order for CNID
to avoid inadvertently giving away the phone number of someone who is being
stalked, or who otherwise needs to keep their number a secret, it needs a few
simple features:

 * per-line blocking -- a simple, no-cost way to declare that this telephone
   should not send out its number when dialling

 * per-line unblocking -- a simple, no-cost way to declare that this telephone
   now *should* send out its number when dialling

 * per-call blocking -- a simple, no-cost way to declare that, regardless of
   whether this line is blocked, this particular call should not include the
   calling number

 * per-call unblocking -- a simple, no-cost way to declare that, regardless
   of whather this line is blocked, this particular call *should* include the
   calling number

In order for people to get the benefit of these commands, some further rules
are needed:

 * All four of these commands should be entered with *different* codes.

 * Most especially, the blocking and unblocking commands should not be
   implemented with toggle commands (for example, *67 blocks the line and
   then another *67 unblocks it -- or, wait!, did the first *67 unblock
   the line so that the next *67 blocked it?).

 * All of these commands (or at least the per-call ones) should take effect
   instantly, without requiring a pause before dialling a number, so that
   phone numbers stored in modems can include the codes.

 * All of the commands should be standardized everywhere.

 * All of the commands should be clearly and concisely explained in some
   convenient place in the phone book.  If at all possible, the commands
   should be listed on a simple cue card that can be attached to the
   telephone alongside the emergency numbers.  (Of course, if a telephone
   had a real user interface then cue cards would not be necessary.)

Don't all of these rules sound like common sense?  Of course they do.  They
allow everyone complete freedom of choice.  If you like CNID then you can turn
it on and forget about it.  If you want to refuse calls that do not include
caller numbers then you're free to do that.  If you don't care to call anyone
who requires a caller number then you're free to adopt that policy as well.
If you never want to send out your number because you're being stalked or are
running a shelter then you can do that.  Free choice.

So why do proponents of CNID go to extraordinary lengths to defeat these
simple, ordinary protections?  Because they're afraid that large numbers of
people would use per-line blocking, thus making the system less attractive to
the businesses who want to capture lots of phone numbers.  Like many schemes
for using personal information, then, CNID is founded on trickery -- that is,
on the gathering and use of information without free choice, full informed
consent, and convenient, easily understood mechanisms for opting out.

You might ask, "doesn't per-call blocking alone provide the necessary choice?"
No, it doesn't.  Per-call blocking is like saying, "every single time you
drive your car into a gas station, your car instantly becomes the property 
of the gas station unless you remember to say abracadabra before you start
pumping your gas."  In each case, the cards are stacked against your ability
to maintain control over something of yours, whether your car or your
information.

What can you do?  Write a letter to the FCC, with a copy to your state
attorney general and public utilities commission and to your local newspaper.
Send them the list of CNID commands I provided above.  Spell it out for them,
and provide answers for the obvious pro-CNID arguments.  Your state regulators
might even agree with you already, in which case they need your support.

For more information, send a message that looks like this:

  To: rre-request@weber.ucsd.edu
  Subject: archive send cnid

Or contact the organizations that are working on this issue:

  * Computer Professionals for Social Responsibility, cpsr@cpsr.org
  * Electronic Privacy Information Center, epic@epic.org
  * Electronic Frontier Foundation, eff@eff.org

Or start something of your own.  The best way to predict the future, after
all, is to create it yourself.

Phil Agre, UCSD

------------------------------

Date:    Thu, 29 Sep 1994 12:16:19 -700 (MDT)
From:    Jim Conforti <jec@us.dynix.com>
Subject: Electronic Signatures (Sears)

No sooner than I saw the last blurbs about the signature digitzing pads,
did I enter the local (Salt Lake City, UT) Sears ...

Of course, I was given the *opportunity* to sign on the pad, and after a
rather long conversation with the salesdroid, he accepted the slip 
without a digitization ...

I then visited with the store manager, who informed me that the signature
pad use was *completely* optional and that the salesdroids *KNOW* this fact
and the combo of keys needed to bypass this function ..

Forewarned is Forearmed

Jim Conforti

------------------------------

Date:    Wed, 5 Oct 1994 04:05:41 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: MCI Employee Charged in $50 Million Calling Card Fraud

Excerpt from TELECOM Digest V14 #385

   		------------------------------

  Date: Tue, 4 Oct 94 12:47:54 CDT
  From: telecom@eecs.nwu.edu (Patrick Townson)
  Subject: MCI Employee Charged in $50 Million Calling Card Fraud

Felony charges of access device fraud involving over one hundred
thousand telephone calling cards -- mostly those of MCI customers but
including cards of local telcos and in a few instances AT&T and Sprint
have been filed against Ivy James Lay of Charlotte, NC.

Lay, employed as a switch engineer by MCI in its Charlotte switching
center until his arrest and indictment at the end of last week, is
also known by his phreak name 'Knightshadow'. He was fired late last
week when MCI concluded its investigation into his activities.

According to Secret Service Special Agent Steven Sepulveda, Lay had
installed special software in MCI switching equipment which trapped
the calling card numbers and personal identification codes of callers.
He then sold these stolen calling card numbers to other phreaks all
over the USA and Europe. 

MCI claims that about one hundred thousand of its customers' calling
cards have been compromised as a result. In addition, several thousand
calling cards issued by AT&T, Sprint and/or local telephone companies
have been compromised as a result of traffic from those carriers being
routed for whatever reason through the MCI center in Charlotte. The
dollar value of the fraud is estimated to be fifty million dollars
by the Secret Service and MCI. Some of the fraud traffic occurred as
recently as the last two weeks and has not yet been billed to customers.

According to MCI and the federal indictment, Ivy James Lay is the
leader of an international fraud ring operating in Los Angeles and
several other US cities as well as Spain, Germany and the UK. The
indictment claims he supplied stolen calling card numbers to phreaks
all over the USA and other parts of the world. 

A spokesperson for the Secret Service called the case unprecedented
in its sophisticated use of computers and the manner in which the
fraud ring coordinated its activities on a global scale. MCI spokesperson
Leslie Aun characterized the case as the largest of its kind in terms
of known losses, both in dollar amount and number of customers who
were victimized. Ms. Aun added that Ivy James Lay was immediatly fired
once the joint investigation by MCI and the Secret Service was finished 
late last week.

In raids conducted simultaneously at the homes of Mr. Lay and other
co-conspirators last week, agents seized many items including six
computers with pirated commercial copyrighted software and many boxes
full of computer disks with thousands of calling card numbers on each.
Telephone toll records of Mr. Lay and other phreaks involved in the
scam have also been obtained showing examples of fraudulent traffic.

Spokespersons for Sprint, AT&T and MCI are encouraging customers who
believe their calling cards were compromised in the scam to contact
the appropriate customer service department immediatly so their cards
can be cancelled and re-issued. Customers should bear in mind that
the vast majority of the fraud was against MCI customers whose traffic
went through the Charlotte center.

If convicted, 'Knightshadow' as he known to other phreaks and his
co-conspirators face ten years in a federal penitentiary. It must be
remembered that in the United States, our constitution requires a
presumption of innocence on the part of Ivy James Lay and the other
phreaks involved until their guilt is proven by the government in
a court of law. 

                    -------------------

In certain other prominent e-journals on the Internet, we have read
in recent days that computer crime is not nearly the serious matter
the government claims it to be. It sounds to me like the sneak-thievery
of a hundred thousand plus calling card numbers and fifty million
dollars in phreak phone calls is serious enough. We have long known
about telco employees who themselves are as corrupt as the day is
long; who think nothing of taking bribes for providing confidential
information about their employer and its customers. But most of it
to-date has been petty ante stuff; a few dollars under the table for
a non-pub phone number, or maybe a hackerphreak who gets a job with
telco then uses information and technology at his (legitimate) disposal
to cover his own tracks where obscene/harassing calls are concerned.
But a hundred thousand calling cards and fifty million dollars in
traffic????  At what point are certain publishers/editors on the
Internet going to wake up? Computer crime is growing expotentially.
I think it is time to have another massive crackdown, similar to 

Operation Sun Devil a few years ago.  Let's start getting really
tough on hackers and phreaks.

Patrick Townson

------------------------------

Date: Thu, 6 Oct 1994 06:12:05 -0700 (PDT)
From: Carey Heckman <ceh@leland.Stanford.EDU>
Subject: Call for Participation - CFP'95

                  Call for Participation - CFP'95
     The Fifth Conference on Computers, Freedom and Privacy
Sponsored by the ACM SIGCOMM, SIGCAS, SIGSAC and Stanford Law School
                       28 - 31 March 1995
    San Francisco Airport Marriott Hotel, Burlingame, California

INVITATION
This is an invitation to submit session and topic proposals for 
inclusion in the program of the Fifth Conference on Computers, Freedom 
and Privacy. Proposals may be for individual talks, panel discussions, 
debates, or other presentations in appropriate formats. Proposed topics 
should be within the general scope of the conference, as outlined below.

SCOPE
The advance of computer and telecommunications technologies holds great 
promise for individuals and society. From convenience for consumers and 
efficiency in commerce to improved public health and safety and 
increased participation in democratic institutions, these technologies 
can fundamentally transform our lives. New computer and 
telecommunications technologies are bringing new meanings to our 
freedoms to speak, associate, be left alone, learn, and exercise 
political power.

At the same time these technologies pose threats to the ideals of a 
just, free, and open society. Personal privacy is increasingly at risk 
from invasion by high-tech surveillance and eavesdropping. The myriad 
databases containing personal information maintained in the public and 
private sectors expose private life to constant scrutiny. Political, 
social, and economic fairness may hinge on ensuring equal access to 
these technologies, but how, at what cost, and who will pay? 

Technological advances also enable new forms of illegal activity, posing 
new problems for legal and law enforcement officials and challenging the 
very definitions of crime and civil liberties. But technologies used to 
combat these crimes can threaten the traditional barriers between the 
individual and the state.

Even such fundamental notions as speech, assembly and property are being 
transformed by these technologies, throwing into question the basic 
Constitutional protections that have guarded them. Similarly, 
information knows no borders; as the scope of economies becomes global 
and as networked communities transcend international boundaries, ways 
must be found to reconcile competing political, social, and economic 
interests in the digital domain.

The Fifth Conference on Computers, Freedom and Privacy will assemble 
experts, advocates and interested people from a broad spectrum of 
disciplines and backgrounds in a balanced public forum to explore and 
better understand how computer and telecommunications technologies are 
affecting freedom and privacy in society. Participants will include 
people from the fields of computer science, law, business, research, 
information, library science, health, public policy, government, law 
enforcement, public advocacy, and many others. 

Topics covered in previous CFP conferences include:

Personal Information and Privacy
Access to Government Information
Computers in the Workplace
Electronic Speech, Press and Assembly
Governance of Cyberspace
Role of Libraries on the Information Superhighway
Law Enforcement and Civil Liberties
Privacy and Cryptography
Free Speech and the Public Communications Network

We are also actively seeking proposals with respect to other possible 
topics on the general subject of computers, freedom and privacy. Some 
new topics we are considering include:

Telecommuting: Liberation or Exploitation?
Courtesy, and the Freedom to be Obnoxious
Commercial Life on the Net
How Does the Net Threaten Government Power?
Universal Access to Network Services
The Meaning of Freedom in the Computer Age
Online Interaction and Communities
Government-Mandated Databases

PROPOSAL SUBMISSION
All proposals should be accompanied by a position statement of at least 
one page, describing the proposed topic. Proposals for panel 
discussions, debates and other multi-person presentations should include 
a list of proposed participants and session chair. Proposals should be 
sent to:

     CFP'95 Proposals
     Stanford Law and Technology Policy Center
     Stanford Law School
     Stanford, California 94305-8610

or by email to:

     cfp95@forsythe.stanford.edu

with the word RProposalS in the subject line. Proposals should be 
submitted as soon as possible to allow thorough consideration for 
inclusion in the formal program. The deadline for submissions is 
1 November 1994.

STUDENT PAPER COMPETITION
Full time students are invited to enter the student paper competition. 
Winners will receive a scholarship to attend the conference and present 
their papers. Papers should not exceed 2,500 words and should examine 
how computer and telecommunications technologies are affecting freedom 
and privacy in society. All papers should be submitted to Professor 
Gary T. Marx by 20 November 1994. Authors may submit their papers either 
by sending them as straight text via email to:

     Gary.Marx@colorado.edu

or by sending six printed copies to:

     Professor Gary T. Marx
     University of Colorado
     Campus Box 327
     Boulder, Colorado 80309-0327
     (303) 492-1697

Submitters should include the name of their institution, degree program, 
and a signed statement affirming that they are a full-time student at 
their institution and that the paper is an original, unpublished work of 
their own.

INFORMATION
For more information on the CFP'95 program and advance registration, as 
it becomes available, write to:

     CFP'95 Information
     Stanford Law and Technology Policy Center
     Stanford Law School
     Stanford, California 94305-8610

or send email to:

     cfp95@forsythe.stanford.edu

with the word "Information" in the subject line.

THE ORGANIZERS

General Chair
--------------
Carey Heckman
Stanford Law School
Stanford Law & Technology Policy Center
Stanford, CA  94305-8610
415-725-7788 (voice)
415-725-1861 (fax)
ceh@leland.stanford.edu

To discuss potential CFP'95 speakers, topics, and formats, and to receive 
additional CFP'95 information, subscribe to the CFP95 list. Send to 
cfp95@lists.stanford.edu a plain text message consisting of subscribe cfp95.

  Program Committee
  ---------------------
Sheri Alpert
Internal Revenue Service

Judi Clark
ManyMedia

Kaye Caldwell
Software Industry Coalition

Esther Dyson
EDventure Holdings

Mike Godwin
Electronic Frontier Foundation

Peter Harter
National Public Telecommuting Network

Lance J. Hoffman
George Washington University

Ellen Kirsh
America OnLine

Bruce R. Koball
Motion West

Gary T. Marx
University of Colorado

Mitch Ratcliffe
Digital Week

Marc Rotenberg
Electronic Privacy Information Center

Deborah Runkle
American Association for the Advancement of Science

Barbara Simons
USACM

Ross Stapleton-Gray
Georgetown University

Glenn Tenney
Fantasia Systems

Jeff Ubois
Author and Consultant

J. Kent Walker, Jr.
Department of Justice

Affiliations are listed for identification.

----
Please distribute and post this notice!

Professor Lance J. Hoffman
Department of Electrical Engineering and Computer Science
The George Washington University    (202) 994-4955    Fax: (202) 994-0227
Washington, D. C. 20052             hoffman@seas.gwu.edu

------------------------------

End of PRIVACY Forum Digest 03.20
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH