Date: Fri, 08 May 92 11:01:34 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#016
Computer Privacy Digest Fri, 08 May 92 Volume 1 : Issue: 016
Today's Topics: Moderator: Dennis G. Rears
What Private Eyes Know
Re: Modem Tax (Computer Privacy Digest V1#004)
Cordless phones
Re: Cordless Phones
Re: Is e-mail private?
Privacy and Law and Order (was: Cordless Phones)
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: Hal Feinstein <hal@gateway.mitre.org>
Subject: What Private Eyes Know
Date: Thu, 7 May 1992 14:52:37 GMT
Apparently-To: comp-society-privacy
I want to raise the issue of how much information is available through
on-line databases. I recently had a few months of free evenings so I
enrolled in a local school for private detectives. The purpose of the
course was to satisfy the State of Virginia's requirement for 70 hours of
classroom instruction in order to qualify for registration as a private
investigator.
The course covered a lot of ground: polygraph usage, sweeping a facility
for bugs, use and reliability of physical evidence, interviewing witnesses,
the state court system, the state's criminal and civil law, reconstruction
and timeline techniques of investigation (as an exercise we had to
reconstruct events leading up to an unexplained teen suicide from a
hour taped interview with the kids mother. ) and more.
One unit dealt with general investigation technique. Here we learned about
how much information was available on just about everyone from open and
qusi-open sources. I was amazed to learn how much you could dig up on
anyone within a few days. First stop is the county court house to check
tax records and land records. The cross index (available at the local
library!) gave me reverse phone numbers, State DMV gives me who you are
if I have your cars license plate number, another database gives me
who your neighbors are, how many kids they or you have. If you've had
trouble with the law, again at the court house you get the case folders
from the county clerk or clerk of the court (again public).
Usually, there are a few "character" witnesses or business
associates to look into. In civil litigation there are depositions full of
information to examine. All from open sources.
Next we were introduced to a PI who runs what must be called an information
retail operation. He never left his office but did all his work with a
telephone modem. From this PI we could get credit headers (the part of
the credit report that lists what you make and where you are employed and
your wife, and who your creditors are. But not your actual credit history
since that would require that you be notified under the fair credit reporting
act and there are other ways to get credit information.). He had access to many
other databases around the country to trace bank accounts, various locator
services such as by surname, federal employee and military. And lots of
business rating services.
Last we were introduced to qusi-open sources. These were sources of
information from databases or records that were not open to the public;
however, someone was willing to breach a trust to make a little money.
From these sources you can get detailed phone records, credit card
histories, bank transactions, unlisted phone numbers (these aren't available
in the cross index) and all kinds of other private information.
Information peddling has become a business. There are primary national
databases such as TRW and TRANSUNION that keep credit histories on everyone.
There are mailing list places that sell information on who is on what list
and classify the information by attributes of interest. For example,
you subscribe to popular fishing and you live in an upper class part of
Long Island? A mailing list distributor could sell a list of such people
to a drect mail advetiser to sell you everythings from boats to expensive
fishermen's special vacation packages. From the PI's veiwpoint, it a good way
to see what your tastes and perhaps special skills are. For example, do you
subscribe to Machinegun News? Perhaps a magazine on new alarm systems
components.
Whereas an honest PI has to burn up a lot of shoe rubber and run up
a big telephone bill, anyone who knows the ropes can now walk into an
information retailer and walk out with a fat dossier on you, your
associates or your family. And they are listed in the phone book too.
After the course was over I decided the right of privacy is an illusion.
The bulk of the detailed information on people is not collected by Big
Brother but by industries servicing the instant retail credit, market
research, financial and targeted sales business. These are private operations
and are not covered by the Privacy Act or even FOIA restrictions. I think
we've been worrying about the wrong party and better take a look at the
commercial information collectors.
And hang onto your hats! Some of these databases are now providing this
information on optical disk so that even YOU can have your own database
on everyone. I remember some sheet company tried to get into this racket
a few months ago but got a lot of bad publicity and temporarily withdrew
(for now) the product.
------------------------------
From: crs@beta.lanl.gov (Charlie Sorsby)
Subject: Re: Modem Tax (Computer Privacy Digest V1#004)
Date: Thu, 7 May 1992 21:29:10 GMT
In article <comp-privacy1.6.3@pica.army.mil> andys@ulysses.att.com (Andy Sherman) writes:
[...]
= The model letter to the FCC/Congress also contains some minor
= technical mis-information in addition to the erroneous statement that
= the FCC rule-making proposes a surcharge on modem use:
=
= >Calls placed using modems require no special telephone company
= >equipment, and users of modems pay the phone company for use of the
= >network in the form of a monthly bill.
= >
= >In short, a modem call is the same as a voice call and therefore
= >should not be subject to any additional regulation.
=
= This is true, but only if you are willing to live with 2400 bps or
= slower. If you demand high speed modem access, your call must be
= carried on a full uncompressed voice channel (a 64 Kbps time slot* on a
= digital trunk). Under certain circumstances the phone company
= compresses and multiplexes multiple voice calls into a single voice
= channel. Conversation is still quite intelligible, and carrying
= conversation is the service for which your phone line is tariffed. If
= you use a high speed modem, then you may actually need more facilities
= than a voice call requires. And people at the FCC know that, so you
= undercut your own credibility by ignoring the voice compression issue.
I think what has happened is that the quotation identified with "= >"
is not a model of clarity but I don't really believe that it is
really wrong.
If that is not what you mean by "technical mis-information" then
I'm not sure that I see what you are getting at here. Are you
saying that, if I use a high-speed modem over my voice grade
telephone line, the phone is going to route my traffic over a
higher grade line than I'm paying for?
If not the original statement sounds true to me. I.e., if I may
paraphrase: I pay a monthly phone bill for a voice grade line and
that is what I get the use of. I would be very surprised if the
phone lines are not filtered to assure that only the band of
frequencies for which the lines are intended are passed. If I
connect a 2400 bps modem to that line, I believe that is within
its capability and I'm happy and the phone company has not provided
me with anything extra. If I try to use higher speed, the line is
not up to it and I may not be happy with the results but, as far
as I am aware, the phone company has still not provided me with
anything extra.
Certainly if I want to use high data rates, I'm going to need
something other than a voice-grade line and the phone company is
going to charge me for it, just as it will charge me for any other
extras to which I subscribe. I don't think that this is what the
original poster is talking about. Rather I think it is about the
possibility of a surcharge for using a modem over a normal voice-
grade line.
Certainly, I agree that the original quotation should have made
clear that it was about use of a modem over one's existing voice-
grade line.
Am I misunderstanding what you are saying?
Well, just thought I'd check to see if I'm misunderstanding
something.
Best,
Charlie "Older than dirt" Sorsby "I'm the NRA!"
crs@lanl.gov
------------------------------
Date: Thu, 7 May 92 17:42:47 EDT
From: "Nicholas J. Simicich" <njs@watson.ibm.com>
Subject: Cordless phones
> From: Phil Stracchino <alaric@smurfsti.com>
> To give an analogy:
>
> He who glances out of his window one night and happens, by chance,
> to observe the attractive young woman who lives in the building
> opposite in the process of undressing, is merely fortunate.
>
> He who buys a telescope and scans the windows of the building
> opposite in the hope of observing some attractive young woman
> undressing, is a Peeping Tom.
>
> 'Nuff said?
No. (I just love stretching analogies.) Obviously, one has to
consider the motives of the attractive MOTAS here. If they are
undressing in front of an open window which can easily be seen from
the street, at night, with strong lights on in the room so that they
are clearly visible to all passers-by, or during the day in a public
park, perhaps they are an exhibitonist, and want people to watch, or
just don't care.
The use of a standard cordless phone bears much more resemblance to
my description than to yours. The frequencies that those phones use
have been designated as a public park. One who changes clothes during
the day in full view in a public park has no expectation of privacy.
It isn't even rude to look. Just boring.
Nick Simicich (NJS at WATSON, njs@watson.ibm.com) -SSI AOWI #3958, HSA #318,
NAUI #14065 - "We're working to turn 'to bush' into a verb."
------------------------------
Subject: Re: Cordless Phones
Date: Thu, 7 May 92 22:49:00 PDT
From: Tad Cook <tad@ssc.wa.com>
Phil Stracchino <alaric@smurfsti.com> writes:
>I've watched with amazement as this particular debate has gone back and
>forth, and frankly I can only say that this argument is totally fatuous.
>Merely the fact that someone is using a cordless phone and unintentionally
>broadcasting their conversation does not _compel_ anyone with the
>capability to listen in to do so.
I don't know if anyone has pointed out yet in this discussion probably
the best reason why cordless phone calls CAN'T be private. Forget
about the fact that radio waves go through walls, or that you can pick
these up on any Radio Shack VHF scanner radio.
These phones are low power FCC Part 15 devices, and share their ten
channels with millions of other cordless phones, as well as all the
Fisher-Price Baby Room Monitors, and Archer Space Patrol kid's walkie
talkies. You can't really expect any privacy if the kid next door
might hear you on his walkie talkie, or the couple down the block can
hear you on their baby monitor, or someone else in the neigborhood
can hear you on THEIR cordless phone. Thats probably why they are
specifically exempt from the ECPA.
--------------------------------------------------------------------------
Tad Cook | Phone: 206-527-4089 (home) | MCI Mail: 3288544
Seattle, WA | Packet: KT7H @ N7DUO.WA.USA.NA | 3288544@mcimail.com
| USENET: tad@ssc.wa.com or...sumax!ole!ssc!tad
--------------------------------------------------------------------------
------------------------------
Date: Thu, 7 May 92 23:20:59 EDT
From: Brinton Cooper <abc@brl.mil>
Subject: Re: Is e-mail private?
Continuing the discussion on whether e-mail is "private," our esteemed
Moderator wrote.
> If the computer is
> accessible to outside networks what about the privacy of the sender.
> Example: My fiance sends me mail from XXX@compuserve.com. to drears@brl.mil.
> While I don't have any expectation of privacy does she? Sure the owner
> of the equipment owns the media but do they own the information on it? To
> add another bit to it. What if she copyrights her mail to me. _Dennis]
If your sender exposes her e-mail to networks (e.g. milnet) outside the
one with which she's familiar (e.g. compuserve), she takes a risk of
exposure and loses the expectation of privacy. After all, she caused
her note to be deposited in a file on a milnet machine. The owner of
the computer owns ACCESS to the machine, can legally enter and read any
file on the machine unless contractual agreements (as compuserve, et al,
should provide) specify otherwise.
Copyright is merely the "right to copy." That's the meaning of the
word. ANYONE can read material protected by copyright. They can even
make one copy for "personal use."
_Brint
[Moderator's Note: By the same logic if I route official government
email to a researcher on the NSFNET do all the owners of the machines it
passes through have the right to access the message? After all it is
there equipment. On a different note I seem to recall federal
legislation some years back that made interception of email a federal
offense. Does anyone know anything about that? _Dennis ]
------------------------------
Date: Thu, 7 May 92 22:48 PDT
From: John Higdon <john@zygot.ati.com>
Subject: Privacy and Law and Order (was: Cordless Phones)
Anthony Rzepela <garzepel@KING.MCS.DREXEL.EDU> writes:
> >I am [..deleted..], and am actively
> >involved in the matter of technical consultations for criminal matters.
> This view, I hope, speaks for itself: Another law-and-order type
> wearing his conformity like a medal, reminding us that these neat, new
> methods only catch "bad guys", so keep your nose clean, and there
> won't be any trouble...
I just love it when people open mouth and insert foot like this! As
many in this and other forums are painfully aware, my technical
consultations are invariably for the DEFENSE. I have been very active
in efforts to shut down over-zealous prosecutions and have worked very
hard behind the scenes on some rather notable cases. Right now, there
are many people getting a good laugh at someone accusing me of being a
"law-and-order" type. As to wearing my "conformity like a medal", that is
even a greater laugh. I just do not feel that the world will collapse
if one or another piece of information is discovered about me by
someone I do not even know (or even by someone I do know). Even the
fact that the things I do and the way I do them are completely
unorthodox.
> I am very, VERY curious as to just what kinds
> of harm Mr. Higdon thinks ARE deserved, outside of those delivered
> before a judge and jury....
Harm, in this context, is whatever the supposed damages are when
information about one's life is revealed to someone that "shouldn't"
have it. This is certainly the heart of the matter. The part you
should have been concentrating on was "half-assed knowledge of the
technology". My general experience is that those who really know how
it all works lack the mindless paranoia that seems to show up here
from time to time.
As to those that I feel "deserve something", I will tell you who
they are. They are those who blithely insist that no effort should be
required on their parts to ensure success or protect anything they value,
including privacy. The attitude that asserts that it is better to do
away with (or prevent the introduction of) technology that can serve
and benefit many, because of imagined evils, is held by those who are
unwilling to advance with society.
Really, what are we talking about? I have a cordless phone. I am
perfectly aware that it can be picked up for blocks around by any Icom
receiver. Do I really think there are people listening? No. Is it
possible? Certainly. Therefore, I do not discuss anything that I
consider to be topics that in the wrong hands could do me harm on the
cordless phone. What are these topics? Details of my product
development, trade secrets, my clients' affairs, and legal defense
strategies are among those subjects that I avoid discussing on the
air, on the VERY SLIM chance that someone who matters may be listening.
People who complain about having to exert energy to dial '*67' or
watching when they use the cordless, or any other trivial precaution
are much like a person who feels that it is his right to flounce down
Mission Street at 12:30 AM carrying a wad of $100 bills in plain view.
There are little things we do everyday to ensure we will not be mugged,
or that we will not starve, or that our car will not run out of gas,
etc., ad nauseum. Why is privacy so important to those same people who
feel that it is their right to not be bothered doing simple things to
protect it?
> Heat-seeking technology can tell when someone is
> in a house and pretty much the nature of their activities. Our
> gov't has not responded to protect its citizens from the intrusion
> of new, sophisticated information-gathering techniques. End result:
> as technology gets smarter and more sensitive, even our body heat
> enters the realm of what we are broadcasting "for all to see",
Just what is it that you believe that "heat seeking technology" is
going to reveal about you? What kind of activities do even eccentrics
such as yours truly do in a house that would be so damaging if someone
figured out what they were? If you can get off this "nothing to hide"
attitude and look at it flatly, you could see my point. No, it is no
one's business what I do behind closed doors, but if someone devised a
way to "look through my walls", is that the end of the world?
I will bet there are very few people who even care what you or I
do behind closed doors.
> I wish some of these libertarian types who keep belittling consumers
> and citizens concerned with the intrusions inherent in the consumer's
> "choice" of media would adopt the same condescending attitude towards
> HBO when it tries to avoid the inherent costs of its choice of media.
> Instead, the FBI is enlisted to protect Time-Warner's income from
> would-be video pirates.
We agree here. In most other advanced countries the laws on the books
are used when there is the need to correct a problem. For instance,
most nations have laws against the usual drugs. Many of their citizens
use these drugs in a responsible way. They do not commit crimes (other
than the use itself), do not harm people, and do not even mess up their
own lives. Hence, they are frequently left alone by the authorities.
Only when drug usage becomes a problem to others are the laws (which
are in place just for this circumstance) enforced.
In contrast, the US Congress passes laws and then the FBI goes out of
its way to get people to break them with "stings" and other activities.
This applies to drugs, child pornography, even "computer crime".
> We are losing our choice of delivery method for more and more
> vital services everyday. Furthermore, in those arenas where choice
> will remain available, the cost of the 'secure' methods will grow
> to be prohibitive.
This is a double-edged sword. How much security does your privacy
really warrant? What do you say on the phone that should be public key
encrypted? Probably not much. Now turn it around. How much of your
private affairs would anyone be interested in spending big bucks on to
obtain? Again, probably not much.
Much is made of the ability of retail operations to track one's
purchases. Why is this such a big deal? Again I ask: who has suffered
any harm as a result of this alleged intelligence gathering? I would
have been more annoyed to have lived in Smalltown, USA, at the turn of
the (last) century. Anyone who wanted to know (my friends and enemies
alike) could, in pleasant chit-chat with Mr. Smith (of Smith's General
Store) find out a lot more about me than merely about every one of my
purchases. Somehow, being on some reel of tape in some tape vault, with
the data being impersonally scrutinized by some marketing types does
not upset me much.
> The view that one can reasonably expect
> privacy only when protected by an electronic and brick fortress
> will not work in a society where the costs of these things restrict
> availability to precious few citizens.
But it is those who supposedly have the means to protect privacy who
have the least! How many people other than the IRS have seen your tax
return? How many have seen George Bush's? The heads (and major
beneficiaries) of large corporations have their financial affairs
published. It is called an "Annual Report". The habits, phobias, daily
doings, and financial holdings of the well-to-do are frequently made
known to the public.
Frankly, I think that those who are extra concerned about privacy have
delusions of self-importance. This is really brutal, but the truth is
that no one really cares about you, except as maybe an element in a set
of statistics. No, your phone is not tapped. No, the FBI is not across
the street listening to your cordless phone converstations. Little
ten-year-old Billy on the next block may be thrilled with his new toy
while he gleefully listens to you bad-mouth the boss to a buddy. Is
this something to go crazy about? Give me a break!
--
John Higdon | P. O. Box 7648 | +1 408 723 1395
john@zygot.ati.com | San Jose, CA 95150 | M o o !
------------------------------
End of Computer Privacy Digest V1 #016
******************************