TUCoPS :: Privacy :: priv_703.txt

Privacy Digest 7.03 1/25/98

The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:

    http://www.vortex.com

-----------------------------------------------------------------------

PRIVACY Forum Digest      Sunday, 25 January 1998      Volume 07 : Issue 03

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	                 http://www.vortex.com 
	
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
	Speak or Dare? -- Private Lives and Hidden Mikes 
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Re: ATM Card Problems (Joseph S. Fulda)
	CyberSitter to the rescue, from Ross Johnson (Glen McCready)
	More on the Navy/AOL case (Declan McCullagh)
	Conference on Computers, Freedom, & Privacy 1998 (Shabbir J. Safdar)
	Reminder: CEME '98 (Soon Y. Choi)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 07, ISSUE 03

   Quote for the day:

	"You made me hate myself.  Well, I like myself now."

			-- Willard Stiles (Bruce Davison)
			   "Willard" (Bing Crosby Productions; 1971)

----------------------------------------------------------------------

Date:    Sun, 25 Jan 98 10:59 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Speak or Dare? -- Private Lives and Hidden Mikes

Greetings.  "The walls have ears."  We've all heard the phrase, and it's
become a cliche from old spy movies and mysteries of yesteryear.  Most
persons in the U.S. believe that they're legally protected from arbitrary
monitoring and recording.  We all know that law enforcement can perform
legal wiretaps and other legal forms of surveillance under appropriate court
order, and most people implicitly assume (or at least hope) that such use is
only authorized when absolutely necessary, and that unauthorized
surveillance by such parties is an unusual and rare occurrence.

But let's leave direct law enforcement surveillance aside for right now.
Let's think instead about your boss, your co-worker, your ex-spouse, your
longtime friend, or the stranger who approaches you on the street.  They
can't go around taping the conversations you have with them without your
permission, or at least notification, can they?  After all, they're not law
enforcement with a court order.  

Recent events in Washington demonstrate all too clearly the fallacy of
assuming that individuals are safe from unannounced, covert recordings made
by persons with no direct connection to law enforcement.  In the current
case so dominating the collective consciousness, one person secretly taped
conversations she had with her "friend," over a significant period of time.
This taping was apparently not instigated by a judge, magistrate, or other
official.  Rather, it reportedly was the idea of a publishing agent with an
openly self-professed agenda, who already is predicting a multitude of books
relating to the recordings on those tapes.  Whether the statements on the
tapes are true or false is irrelevant to the discussion here.  What's
crucial to privacy issues is the very fact of the tapes' existence.

Wait a minute.  How does a publishing agent trigger a surveillance
operation?  Easy.  In many parts of the country, it's completely legal. 
You just head down to the local "spy-shop" (or Radio Shack), spend a few 
bucks, and you're set to try get the dirt on whomever you might care to 
target.  No notifications, no oversight, no guidelines necessary.

The ability to pull this off legally revolves around so-called "one-party"
monitoring laws.  Some states do require that all parties to a conversation
be aware of, and/or agree to, the taping of their conversations in most
situations.  But federal law is far more lax, in a manner that is
qualitatively different.

Under federal law, it is usually permitted to record a conversation so long
as only ONE party to the conversation agrees--no requirement exists that the
other party or parties even be notified.  In states which have not
established their own more restrictive laws, this much less restrictive
situation usually prevails.  Even in states which theoretically require
all-party agreement and/or notification, it is often unclear if federal or
state law will apply in any given situation.  Questions of where people are,
where they're calling to or from, who is doing the recording, and why the
recording is being made, are all factors which may have an influence on the
possible ability to legally perform one-party taping even in all-party
states, and on how those tapes might be used.

All of this comes as something of a shock to most people.  They're used to
hearing the little phone announcements warning that their call may be
recorded "to ensure quality service."  This reinforces the impression that
recordings cannot be made without such notification.  But in many cases,
those announcements are just "playing it safe"--depending on the
circumstances, they might not legally be required in many jurisdictions 
with most callers.

It can be argued that secret private-party taping has sometimes yielded
results of significant positive benefit to society (for example,
investigative reports of unsafe industrial practices and the like).  But
all too often, hidden taping is used in the furtherance of salacious or
other agendas which most persons would probably agree are violations
of "personal privacy" of a sort that they assumed were already illegal!

The complex nature of the conflicting state and federal laws regarding
one-party taping creates an aura of confusion that appears to be encouraging
abuse by the unscrupulous.  It may well be time to look seriously at a
federal ban on most secret one-party taping outside of law enforcement
contexts, like that already present in various states.  It won't be a win-win
situation for everybody or for all situations.  Privacy is always a
balancing act and almost never an absolute.  But it appears that the sort of
society in which most of us prefer to live might best be served if privately
operated hidden mikes and secret tapes were not broadly sanctioned by law.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Tue, 20 Jan 1998 05:33:22 -0800 (PST)
From:    Joseph S Fulda <pearl@csulb.edu>
Subject: Re: ATM Card Problems

David C. Kulp relates, in a message on the above subject in _Privacy Forum
Digest_ 7: 2, that he found it ironic that a customer service
representative, when asked to cancel a privacy-indifferent debit card,
proceeded to take the utmost security precautions to issue an ordinary ATM
card, when he could have used his current card "to make purchases for
thousands of dollars, immediately withdrawn from [his] account."  The
irony is surely there, but not as purely as the writer supposes.  Customer
service representatives are indeed supposed to carry out legitimate
service requests, but they also function to reassure customers that their
concerns are important to the company.  When the writer relayed his
concern to the rep, he was probably overdoing it in order to make the
writer comfortable with the company and its policies.  The rep, of course,
had no way of knowing that the writer was sophisticated in these matters
and was probably just trying to show sensitivity.

Best wishes, Joseph

Joseph S Fulda, CSE, PhD              http://www.cdfe.org/eight.html
701 West 177th Street, #21            
New York, NY 10033                    E-mail: fulda@acm.org
Tel.: (212) 927-0662                  jfulda@usa.net

------------------------------

Date: Tue, 20 Jan 1998 16:08:19 -0500
From: glen mccready <glen@qnx.com>
Subject: CyberSitter to the rescue, from Ross Johnson 

[ Excerpted from Risks-Forum Digest; Volume 19 : Issue 56 
  by PRIVACY Forum MODERATOR ]

  - - - -
 
    [Received from Jered J Floyd via Declan McCullagh, and from at least
     8 other contributors as well.  TNX.  PGN]

    [This is from the PerForce mailing list, PerForce is a source-code
     control system that doesn't use mounted drives, but instead uses TCP/IP
     socket communications to check code in and out.]

Well, I just spent several hours tracking something down that I think is SO
brain-dead that it must be called evil.  I hope this will save someone else
some hassle.

There's an NT box on my desk that someone else uses every now and then.
This machine is otherwise used as my programming box and backup server.

All of a sudden, my programming files were being corrupted in odd places.  I
thought "hmm, my copy must be corrupt".  So I refreshed the files.  No
change.  "hmm, the code depot copy must be corrupt"..  Checked from other
machines.  No problem there.  Viewed the file from a web based change
browser in Internet Explorer.  Same corruption in the file.  Telnet-ed to
the server machine and just cat-ed the file to the terminal.  Same problem.
What's going on?

The lines that were corrupted were of the form
#define one 1 /* foo menu */
#define two 2 /* bar baz */
What I always saw ON THIS MACHINE ONLY was:
#define one 1 /* foo     */
#  fine two 2 /* bar baz */

Can you guess what was happening?  Turns out, someone had inadvertently
installed this piece of garbage called CyberSitter, which purports to
protect you from nasty internet content.  Turns out that it does this by
patching the TCP drivers and watching the data flow over EVERY TCP STREAM.
Can you spot the offense word in my example?  It's "NUDE".  Seems that
cybersitter doesn't care if there are other characters in between.  So it
blanks out "nu */ #de" without blanking out the punctuation and line breaks.
Very strange and stupid.

It also didn't like the method name "RefreshItems" in another file, since
there is obviously a swear word embedded in there.  Sheesh.

It's so bad it's almost funny.  Hope this brightens your day as much as it
brightened mine :-).

Ross Johnson, Info Sci/Eng, Univ. of Canberra, PO Box 1, Belconnen ACT 2616 
AUSTRALIA  rpj@ise.canberra.edu.au WWW: http://willow.canberra.edu.au/~rpj/

 - - - -

  [ The last time I tried to send out a digest including an item discussing
    this topic, a major gateway in France rejected it as "potentially
    objectionable" due to the presence of words such as "sex."  I guess
    things aren't what they used to be in France.  Attempts to reach the
    postmaster were unsuccessful.  One wonders how many major news sites are
    finding themselves added to block lists due to the current discussions
    of ongoing news events?

	-- PRIVACY Forum MODERATOR ]

------------------------------

Date: Wed, 21 Jan 1998 12:42:33 -0800 (PST)
From: Declan McCullagh <declan@well.com>
Subject: More on the Navy/AOL case (RISKS-19.55)

[ Excerpted from Risks-Forum Digest; Volume 19 : Issue 56 
  by PRIVACY Forum MODERATOR ]

  - - - -

Answers Aweigh (The Netly News / Afternoon Line <http://netlynews.com/>)

Accused gay sailor Timothy ("the other one") McVeigh and the U.S. Navy
certainly have their differences, but both sides can agree on one thing:
America Online screwed up.  For once, AOL agrees.  This morning the online
giant finally admitted that it handed over McVeigh's personal information to
the Navy without a court order, saying in a statement "This clearly should
not have happened and we regret it."

AOL's almost-apology came just before McVeigh's lawyers clashed with
government attorneys defending the Navy's decision to kick him out.  McVeigh
claims that the Navy's prudish "is-he-or-isn't-he" sex snooping was overly
nosy and intrusive -- so much so that it violated the law.  At a hearing in
Washington, D.C., federal court, attorney Christopher Wolf argued that Navy
investigators "did the electronic equivalent" of "breaking into a file
cabinet." Not so, responded David Glass, a Justice Department lawyer
representing the Navy.  "There is nothing in that statute that precludes the
government from calling and asking," he said.  Of course, that phrasing
neatly begs the multiple procedural violations that the Navy apparently
committed in the course of that phone call.

Next step is for Judge Stanley Sporkin to decide whether to issue a
preliminary injunction that would keep McVeigh in uniform past this Friday,
when he's scheduled to get the boot.  Sporkin didn't say when he'd rule, but
he did note that McVeigh could have a tidy little case against AOL, should
he decide to sue them too: "That's why they're cutting and running here."
Will he? Said McVeigh's attorney afterward: "We're keeping our options
open." Smart lad.

   --Declan McCullagh/Washington

------------------------------

Date: Tue, 13 Jan 1998 15:32:06 -0400
From: "Shabbir J. Safdar" <shabbir@vtw.org>
Subject: Conference on Computers, Freedom, & Privacy 1998

The Eighth Annual Conference on Computers, Freedom, and Privacy - CFP98

It's been called a lot of things over the years, but it still remains the
one place where anyone, who is anyone, goes to immerse themselves in the
issues surrounding the health and viability of the Internet.  Dubbed the
"Woodstock of online activism" by veteran attendee Simona Nass, it has been
the nexus of discussions of online privacy, free speech, and human rights.

If you work for a company in today's economy, these issues have relevance
to you.  For three days, you can learn about the pressing, cutting-edge
issues that are developing today and will affect your future.

CFP is an intimate setting with the conference lasting throughout the
entire time you're not sleeping.  With only a few hundred attendees every
years, the conference becomes more of a retreat where law enforcement
agents socialize with hackers.  Last year saw advocates on both sides of
the Internet free speech debate socializing with each other during one of
the many spontaneous after-hours parties in the hotel.

Below you'll find stories from several members of our community who
continue to support and attend CFP.  We hope to see you there!  This year
promises to be just as much fun, with the panels touching on lots of great
topics, including privacy implications of biometrics, the Internet in
schools, the sale of government records, cryptography, medical records
privacy, link licenses, universal access, and library filtering.

In addition, there will be a moot court about suing spammers, and a mock
wiretap.  You can't afford to miss it!

To register, simply go to the website at http://www.cfp98.org/  Also, the
program is there, and you can check out the issues that will be under
discussion!

Sincerely,

      /s/

------------------------------

Date:    Mon, 19 Jan 1998 02:12:47 -0500
From:    "Soon Y. Choi" <soon@mail.utexas.edu>
Subject: Reminder: CEME '98

A Short Reminder of an Upcoming Event:

Conference on Electronic Marketplace and Economics (CEME '98)
February 16-17, 1998
Austin, Texas

1998 is shaping to be the year of electronic commerce. How will electronic
commerce affect you? Conference on Electronic Marketplace and Economics
(CEME '98) will help you understand the effects of EC technologies and
applications by evaluating their uses in the broader context of electronic
markets and the digital economy. More information is available at

http://cism.bus.utexas.edu/news/ceme98.html

Co-sponsored by the Center for Research in Electronic Commerce at UT-Austin
and IBM's Institute for Advanced Commerce

Soon Y. Choi, Ph.D. (soon@mail.utexas.edu) http://uts.cc.utexas.edu/~soon
       The Center for Research in Electronic Commerce, UT-Austin
                     http://cism.bus.utexas.edu

------------------------------

End of PRIVACY Forum Digest 07.03
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH