|
PRIVACY Forum Digest Saturday, 19 August 1995 Volume 04 : Issue 18 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS FBI Files on Clipper Release (Dave Banisar) A question about membership lists on the WWW (George Musser) Microsoft's Explanation of the Registration Wizard (Brant Freer) The MSN is Hacker Heaven (Andy Chesterton) The Info-Sec Super Journal (Dr. Frederick B. Cohen) Final Program - AST 9/4/95 (Dave Banisar) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 18 Quote for the day: "Self-destruct... has been cancelled." -- Main computer recorded announcement "The Andromeda Strain" (1971) ---------------------------------------------------------------------- Date: 16 Aug 1995 15:57:13 From: "Dave Banisar" <banisar@epic.org> Subject: FBI Files on Clipper Release FOR RELEASE: August 16, 1995, 2:00 p.m. EST CONTACT: David Sobel (202) 544-9240 FBI FILES: CLIPPER MUST BE MANDATORY WASHINGTON, DC - Newly-released government documents show that key federal agencies concluded more than two years ago that the "Clipper Chip" encryption initiative will only succeed if alternative security techniques are outlawed. The Electronic Privacy Information Center (EPIC) obtained the documents from the Federal Bureau of Investigation under the Freedom of Information Act. EPIC, a non-profit research group, received hundreds of pages of material from FBI files concerning Clipper and cryptography. The conclusions contained in the documents appear to conflict with frequent Administration claims that use of Clipper technology will remain "voluntary." Critics of the government's initiative, including EPIC, have long maintained that the Clipper "key-escrow encryption" technique would only serve its stated purpose if made mandatory. According to the FBI documents, that view is shared by the Bureau, the National Security Agency (NSA) and the Department of Justice (DOJ). In a "briefing document" titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that: Technical solutions, such as they are, will only work if they are incorporated into *all* encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required. Likewise, an undated FBI report titled "Impact of Emerging Telecommunications Technologies on Law Enforcement" observes that "[a]lthough the export of encryption products by the United States is controlled, domestic use is not regulated." The report concludes that "a national policy embodied in legislation is needed." Such a policy, according to the FBI, must ensure "real- time decryption by law enforcement" and "prohibit[] cryptography that cannot meet the Government standard." The FBI conclusions stand in stark contrast to public assurances that the government does not intend to prohibit the use of non-escrowed encryption. Testifying before a Senate Judiciary Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann Harris asserted that: As the Administration has made clear on a number of occasions, the key-escrow encryption initiative is a voluntary one; we have absolutely no intention of mandating private use of a particular kind of cryptography, nor of criminalizing the private use of certain kinds of cryptography. According to EPIC Legal Counsel David Sobel, the newly- disclosed information "demonstrates that the architects of the Clipper program -- NSA and the FBI -- have always recognized that key-escrow must eventually be mandated. As privacy advocates and industry have always said, Clipper does nothing for law enforcement unless the alternatives are outlawed." Scanned images of several key documents are available via the World Wide Web at the EPIC Home Page: http://www.epic.org/crypto/ban/fbi_dox/ -30- David Banisar (Banisar@epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org [ This information should of course be a surprise to nobody who has followed this topic. Such conclusions were obvious from the start, and various concerns regarding encryption have been made clear enough in past Congressional testimony and reports. However, there is a considerable jump between concluding that Clipper will fail without legislation banning other encryption, and actually submitting such legislation, passing it, and having it withstand court scrutiny. The opposition to such an attempt would no doubt be quite dramatic, to put it mildly. Since it's clear that there's really no way to stop all non-Clipper encryption, it seems likely that legislative efforts would concentrate on banning non-compliant encryption in hardware devices, in conjunction with the commission of crimes, and similar specified areas. In the case of crimes, onerous additional penalties might be enacted to discourage use of such systems--just as penalties are much higher for committing many crimes with firearms. Regardless of any "limitations" to the intended focus of such legislative efforts, the effect of any such moves to ban non-Clipper encryption could be chilling to personal privacy, industry, commerce, and other areas of daily life, to a degree that's difficult to underestimate as we pass into the true information age. Comments on all sides of this issue are invited. -- MODERATOR ] ------------------------------ Date: Fri, 18 Aug 1995 17:21:46 -0700 (PDT) From: gmusser@stars.SFSU.EDU (George Musser) Subject: A question about membership lists on the WWW Hi everybody, I've just joined the privacy list, and I'm hoping that someone can point me in the right direction with a question we're having about the privacy of our membership list. We are a nonprofit professional and educational organization with roughly 6,000 members worldwide. We would like to make our membership directory available in a seachable form on our World Wide Web page, since many members have requested this. But some of us are concerned about the legal and ethical implications of making the membership directory available in such a public forum. On the one hand, we do sell our membership lists to other organizations, minus the names of people who have asked that their names not be sold. On the other hand, we are worried that publishing on the web is fundamentally different from the one-time contractual sale of our database. We plan to place a box on the next membership dues billing to ask whether members would like to opt out. Should we wait until all members have had a chance to look at this bill before we put the directory on the web? I hope that our siutation is clear; if not please do not hestitate to contact me. Thank you for your help. George -- George Musser Editor, Mercury magazine Astronomical Society of the Pacific gmusser@stars.sfsu.edu 390 Ashton Avenue 415-337-1100 (o) San Francisco, CA 94112-1787 415-337-5205 (fax) [ Once your membership information is made available on the net, it becomes essentially public data, and can never be effectively revoked. I'd urge you to not include data for members who have not specifically chosen to opt-in to such publication. Allowing them to opt-out is not really good enough in this situation. The default should be that their information is not released via the net. -- MODERATOR ] ------------------------------ Date: Mon, 7 Aug 95 23:13:11 UT From: Brant Freer <BFreer@msn.com> Subject: Microsoft's Explanation of the Registration Wizard I pulled this statement from Microsoft's Web Site at: http://www.microsoft.com/windows/pr/regwiz.htm "Microsoft Windows 95 On-line Registration Feature Preserves User Privacy May 30, 1995 - Microsoft today responds to customer confusion with the on-line registration option of Windows 95. Microsoft reassures customers the on-line registration feature preserves user privacy. The confusion began last week when an industry publication incorrectly reported that the on-line registration option sent information on customers' computer systems to Microsoft without consent. This article, and several subsequent posts on the Internet, alleging the unauthorized query and sending of customer information, are not accurate. In fact, the on-line registration option is simply an electronic version of the paper-based registration card that will ship in the Windows 95 product box. Similar to many paper-based registration cards, on-line registration is completely optional and allows customers to provide their system information for product support and marketing purposes. The on-line registration option in Windows 95 provides a more convenient and accurate method for registering than the paper-based card that comes in the product box. This is because the information is gathered directly from the local computer rather than requiring the user to guess their system information, and then type it and send via a separate card. The on-line registration process uses three steps to register customers. Customers are asked to provide information such as Customer Name, Company Name, Address and Phone Number. Customers are then presented the option of providing information about their computer system's configuration. A screen displays a list of the computer system's configuration information - such as the processor type, amount of RAM and hard disk space, and hardware peripherals such as network card, CD-ROM drive, and sound card. This information is gathered by the registration program which queries the system registry of the local computer. Customers must review and explicitly choose to provide the information or it is not sent. Customers are then presented with a list of application programs that reside on the local computer and asked if they would like to provide this information as well. The list of products is gathered by the registration program which looks for a list of programs on the local hard disk. The user must again explicitly choose to provide this information as part of the registration process or it is not sent. Once the user chooses to send the information, the registration process completes by sending the registration information to Microsoft. On-line registration uses the transport of the Microsoft Network to send the information. The customer does not have to be a Microsoft Network subscriber to register on-line, and once registered, the customer is not a Microsoft Network subscriber. Registering Windows 95 is a separate process from signing up for the Microsoft Network. Contrary to reports, the on-line registration feature does not query serial numbers or product registration information designed to fight software piracy. It also does not query computers on the local or wide-area network. For a list of the exact information gathered by on-line registration, the user can view the REGINFO.TXT file found in the C:\WINDOWS directory of the local computer. The on-line registration feature of Windows 95 is an option for customers that makes registering Windows 95 more accurate and convenient. Providing computer-specific configuration information is strictly up to the customer. The registration information helps Microsoft build better products, as well as offer customers better information on their programs and better product support." [ While it's nice to see confirmation that Win95 doesn't run off and shoot all sorts of data up the line without permission, this explanation doesn't address the key point of how such data will be used. The blurb does mention "marketing", and that covers an awfully broad area, especially when the Wizard can send out a list of the other packages installed on your system. To say that this mechanism replaces paper registrations might be true, but without a doubt the amount and level of detail, not to mention the response rate, is obviously going to be vastly higher than with standard registrations that usually ask for very little information about your configuration, other products you run, and the like. Keeping in mind that most users of these systems are not computer experts, most persons will probably just answer "yes" to the upload queries without thinking twice about how that info might be used. According to press accounts, this concern has caused various commercial and government entities with large installed bases of PCs to either ban the use of Win95, or to construct elaborate firewalls to prevent their users from naively uploading configuration and installed product information that the entity involved considers to be none of Microsoft's business. There appear to be other significant risks associated with the tight coupling of Win95 with Microsoft's online service as well. See the next message for more. -- MODERATOR ] ------------------------------ Date: Fri, 18 Aug 1995 08:34:28 -0700 From: andyc@praxiss.demon.co.uk Subject: The MSN is Hacker Heaven [ From Risks-Forum Digest; Volume 17 : Issue 27 -- MODERATOR ] { Below is an article, forwarded with the authors permission. The risks are obvious. I wonder how the risks can be reduced. Andy Chesterton } As most of us are aware, the commercial online services, such as AOL, Compuserve and Prodigy, represent certain risk to the unsophisticated user. Unfortunately, the Microsoft Network (MSN) raises the vulnerability of such users to unprecedented heights. Key to this vulnerability is the richness and complexity of the MSN/Windows 95 environment. What is most dangerous is the ability for the author of an e-mail or (certain) BBS documents to embed "objects" in that document. These objects can be readily disquised to appear totally benign to the casual user and be nothing more than MSN navigational aids. Once double-clicked by the recipient, these objects can readily infect the recipient's PC with a virus. Worse, what this object could do is only limited by one's imagination. It is worthwhile noting that MSN appears to be migrating to an open architecture, with the MSN user connecting through the Internet. If this is true, there is nothing which prevents an object, once activated, from transmitting information stored on the user's PC to any other location on the Internet. In theory, embedded objects can be interrogated to ensure their validity. Unfortunately, this interrogation process is not likely to be carried out by the average user. Even if it is, the user is not likely to understand what they are looking at. It is like warning automobile drivers to look under the hood of their car before starting it to make sure there is not a bomb inside. Most drivers would assume that the odds were with them. Those that did check would have no idea what they were looking at. (At least that's my feeling when I look under the hood of my car :-). Microsoft's position appears to be that the MSN user is no more vulnerable than one who uses a competing system. I would maintain that this position is just not true. With system complexity comes excessive vulnerability. MSN rates a 9 in complexity. The other services a 4. The bottom line: Users of MSN are placing themselves at significant risk. If one must use MSN, avoid at all cost activating (double-clicking) objects in e-mail messages and BBS posts. Sophisticated users may think they know what they are doing, but it probably won't be long before they are outwitted by someone who figures out how to totally disguise an object's true purpose. ---------------- Date: Sat, 19 Aug 1995 08:58:06 -0400 (EDT) From: fc@all.net (Dr. Frederick B. Cohen) Subject: The Info-Sec Super Journal Management Analytics is proud to announce the Info-Sec Super-Journal. The Info-Sec Super-Journal is an on-line collection of doubly refereed papers. By working out arrangements with various publishers and authors, we have gotten permission to republish the best information security articles in an on-line format. Most of our articles have previously appeared in refereed publications and are now being made available via the World Wide Web as part of Info-Sec Heaven's ongoing effort to make top-flight info-sec information readily available. The Info-Sec Super-Journal is now available through our World Wide Web server (see details below). We welcome your comments and participation. -- See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 ------------------------------ Date: 16 Aug 1995 07:51:10 U From: "Dave Banisar" <banisar@epic.org> Subject: Final Program - AST 9/4/95 ANNOUNCEMENT OF FINAL PROGRAM Advanced Surveillance Technologies A one day public conference sponsored by Privacy International and Electronic Privacy Information Center 4 September 1995 Grand Hotel Copenhagen, Denmark Overview Recent developments in information technology are leading to the creation of surveillance societies throughout the world. Advanced information systems offer an unprecedented ability to identify, monitor, track and analyse a virtually limitless number of individuals. The factors of cost, scale, size, location and distance are becoming less significant. The pursuit of perfect identity has created a rush to develop systems which create an intimacy between people and technology. Advanced biometric identification and ID card systems combine with real-time geographic tracking to create the potential to pinpoint the location of any individual. The use of distributed databases and data matching programs makes such activities economically feasible on a large scale. Extraordinary advances have recently been made in the field of visual surveillance. Closed Circuit Television (CCTV) systems can digitally scan, record, reconfigure and identify human faces, even in very poor light conditions. Remote sensing through advanced satellite systems can combine with ground databases and geodemographic systems to create mass surveillance of human activity. Law is unlikely to offer protection against these events. The globalisation of information systems will take data once and for all away from the jurisdiction of national boundaries. The development of data havens and rogue data states is allowing highly sensitive personal information to be processed without any legal protection. These and other developments are changing the nature and meaning of surveillance. Law has scarcely had time to address even the most visible of these changes. Public policy lags behind the technology by many years. The repercussions for privacy and for numerous other aspects of law and human rights need to be considered immediately. Advanced Surveillance Technologies will present an overview of these leading-edge technologies, and will assess the impact that they are likely to have in the immediate future. Technology specialists will discuss the nature and application of the new technologies, and the public policy that should be developed to cope with their use. The conference will also bring together a number of Data Protection Commissioners and legal experts to assess the impact of the new European data protection directive. We assess whether the new rules will have the unintended result of creating mass surveillance of the Internet. The conference will be held in Copenhagen, and is timed to co-incide with the annual international meeting of privacy and data protection commissioners. PROGRAM 10.00 - Introduction and Welcome 10.10 Keynotes Simon Davies, Director General, Privacy International and Visiting Law Fellow, University of Essex, UK, "Fusing Flesh and Machine" This lively introduction will provide an overview of recent trends in technology, culture and politics that are bringing about an era of universal surveillance. The paper concentrates on the theme of fusion, in which data and data subjects are being brought into more intimate contact. The creation of an informational imperative throughout society is leading to the degradation of privacy as a fundamental right. As a result, there are few remaining boundaries to protect the individual from surveillance. Steve Wright, Director, Omega Foundation, UK 'New Surveillance Technologies & Sub-state Conflict Control. This talk will cover the role and function of new surveillance technologies; an overview of the state of the art and some of the consequences eg the policing revolution - with a move away from firebrigade policing towards prophylactic or pre-emptive policing where each stop and search is preceded by a data check. The emergence of new definitions of subversion to justify new data gathering activities and an increasing internal role for the intelligence agencies now that the cold war has ended. It will show how different surveillance and computer technologies are being integrated and how such information and intelligence gathering is linked into more coercive forms of public order policing when tension indicators rise during a crisis. 11:15 - 11:30 Break 11.30 - 12.45 Regulation versus freedom The European Data protection Directive will establish a common privacy position throughout Europe. Its intention is to safeguard personal privacy throughout the Union, yet already there are glaring conflicts with the freedom of information flows on the net. This section discusses the threat of universal surveillance of the net caused by the new laws. Frank Koch, Rechtsanwalt, Munchen, Germany European Data Protection : Against the Internet ? Data Protection, according to the Common Position (CP) of the European Union, requires control over the medium used for transfers of personal data, the recipients of these data, and the way these data are used. The open structure of the Internet seems to be quite incompatible with these requirements. The member States and the controllers within them are required to take all steps to ensure that personal data are not transferred into communication nets that do not conform to the CP. This paper will discuss why personal data will be prevented from being freely transferred throughout the internet, and how this will affect users of the net. Malcolm Norris, Data Protection Registrar, Isle of Mann Enforcing privacy through surveillance? The need for a Europe-wide privacy directive is pressing. Greater amounts of personal data are flowing to a growing number of sites. Yet, without care, there is a risk that such laws could have the unintended consequence of causing widespread surveillance of activities of net users. The fact that unprotected personal data should not be flowing on the net might at some point provoke authorities to routinely surveil net data. This paper discusses these dilemmas, and suggests measures that might avoid the threat of universal surveillance. Lunch Break 12:30 - 1:45 1.45 - 3.15 Perfect surveillance In many countries, the era of the private person is at an end. Information surveillance, automatic visual recognition and geographic tracking are at an advanced stage, and are set to imperil privacy. This panel will discuss developments in surveillance, including advanced Closed Circuit TV, satellite remote sensing, Intelligent Vehicle Highway Systems, and forward looking infrared radar. Phil Agre, University of California, Advanced tracking technologies Ambitious plans for advanced transport informatics have brought serious privacy concerns. Computerized tracking of both industrial and private vehicles may not be consciously intended to reproduce the erstwhile internal passport systems of the Soviet Union and South Africa, but deeply ingrained technical methodologies may produce the same result nonetheless. This presentation surveys some of the purposes behind ongoing transport informatics programs, including integrated logistics systems and regulatory automation. It offers a conceptual analysis of "tracking" in technical practice. The most serious dangers to individual liberty and civic participation can be greatly alleviated, though, through the systematic use of digital cash and other technologies of anonymity. At the moment, this prospect seems much more likely in Europe than in the United States. Simon Davies, Privacy international, Closed Circuit Television and the policing of public morals The use of Closed Circuit Television (CCTV) camera systems has become a key plank in the law and order strategy of the British government. Most cities in Britain are constructing powerful, integrated CCTV systems to surveil shopping areas, housing estates and other public areas. Although there is some evidence that this extraordinary strategy is having an effect on crime figures, it is also becoming apparent that the cameras are increasingly used to enforce public morals and public order. The use of new visual information processing technologies is leading to numerous unintended purposes for the cameras, including automated crowd control and automated face recognition. Detlef Nogala, University of Hamburg, Germany, Techno-policing Technology has been used for many years for surveillance purposes, and the last decades have seen a rapid proliferation of different surveillance technologies into the civilian realm. Today there is a whole industry which is trying to direct the momentum of military surveillance technologies into the civilian security market. But there is a difference between some spectacular applications (like the gunshot-locator system derived from submarine sonar-technology) and common applications on a mass basis (like smart cards with digitally stored fingerprints). Among the "counterforces" like data-protection laws, political opposition or consumer politics a deficit in financial resources is not the least one. It is clear that most surveillance agencies are trapped in the contradiction between maximum performance and economy. This paper discusses the various forces and influences that bear upon a decision to implement particular technologies of surveillance. 3:00 - 3:15 Break 3:15 - 4:30 Solutions This session will discuss a range of responses to the new era of surveillance. These include regulation, consumer action, and the development of privacy friendly technologies. Dave Banisar, Electronic Privacy Information Center, Washington DC Encryption and the threat of universal surveillance of the net Encryption is one technological solution to the problem of privacy invasion and surveillance, yet encryption also provides an excuse for governments to undertake surveillance of citizens. Documents recently secured by EPIC indicate that US Law enformcent and intelligence agencies had planned to implement a two stage strategy for its Clipper Chip encryption policy, resulting in non-official encryption being made illegal, and thus providing an opportunity for law enforcement authorities to engage in limitless surveillance of communications. This talk discusses the dilemma facing supporters of encryption. Bruce Slane, Privacy Commissioner, New Zealand. Some positive aspects of privacy law In this talk, New Zealand Privacy Commissioner Bruce Slane presents a number of positive aspects of legal regulation of information flows. He describes areas where law is being successfully used to enforce responsible information practices. 4:30- 5:00 Conclusion and Wrap-up Number of participants : approximately sixty Costs: US $75 - Individuals/non-profit organizations $175 - Commercial organizations Venue : Grand Hotel, Vesterbrogade 9. DK -1620, Copenhagen V, Denmark For further Information and registration please contact : Dave Banisar Privacy International Washington Office 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 USA 1-202-544-9240 (phone) 1-202-547-5482 (fax) email : pi@privacy.org Web address: privacy.org/pi/conference/ David Banisar (Banisar@privacy.org) * 202-544-9240 (tel) Privacy International Washington Office * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.privacy.org Washington, DC 20003 ------------------------------ End of PRIVACY Forum Digest 04.18 ************************