Date: Wed, 20 May 92 10:02:39 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#032
Computer Privacy Digest Wed, 20 May 92 Volume 1 : Issue: 032
Today's Topics: Moderator: Dennis G. Rears
Explanation of support for free Caller-ID blocking.
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: Privacy and Law and Order (Long)
Re: Privacy is a right
SSN's and blood
Re: Privacy in video rental records?
Re: "IF you have nothing to hide..."
Public Battle Over Secret Codes, John Markoff, NYTimes May 7 (fwd from comp-privacy)
Re: An answer to "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: Cordless Phones
Re: Free TRW Credit Report
Re: "IF you have nothing to hide..."
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: Bob Weiner <rsw@cs.brown.edu>
Subject: Explanation of support for free Caller-ID blocking.
Date: Wed, 20 May 1992 01:10:37 GMT
[Article describes decision by Washington state to require free
caller-id blocking is vehemently opposed by US West because they claim
their business customers who pay for id recognizer equipment will get
too many calls without IDs.]
> The companies said an offer of free line-blocking, or automatic blocking
> of the caller's name or number, would doom caller-ID service.
A key tip off to customer-driven companies that many of their
customers (remember consumers are customers, too) oppose the service,
at least as applied to their lines.
> "Washington has just adopted the most constrictive and conservative
> regulation on called ID in the nation.," said Lisa Bowersock, spokeswoman
> for US West in Seattle.
Companies often go to local governments to get tax reductions or other
favors as an inducement to build up particular businesses in a local
area. Why then should companies be surprised or even publicly voice
opposition when every so often those same governments listen to the
voice of their constituents?
> "There's no incentive for the company to introduce the service," she
> added. "The regulations adopted today won't even allow companies to recover
> the costs of line-blocking for individual customer".
And Washington state and the rest of the world will get along as well
as they did before if US West does not introduce the service. Clearly
this is a PR attempt at blame laying, but the facts are, that the
choice as to whether to offer the service is still up to US West.
Choice has not been taken away from them, although they would like
people to feel that way.
> If line-blocking is free, they said, people who buy caller-ID equipment
> will get too many calls in which identifications are blocked and will not
> sufficiently benefit from the service to make it viable.
"If literacy tests and poll taxes are removed, then all these new
people might vote. Then we'd have to count their votes and maybe even
listen to the positions that they thereby voice. Think of how unfair
that would be to these groups over here who have been able to dominate
political decisions before and have almost exclusively funded party
activities."
One would think that large businesses would have evolved beyond such
sterile arguments, recognizing the privacy rights of all of their
customers, not just the highest paying ones. Now I know better.
All the state is saying is let customers make privacy decisions once
and for all without the spectre of money looming over their heads.
Bob
--
99% of what my law office does is word processing. -- A lawyer
------------------------------
From: Chuck Bacon <crtb@helix.nih.gov>
Subject: Re: "IF you have nothing to hide..."
Date: Wed, 20 May 1992 01:17:53 GMT
In article <comp-privacy1.26.5@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
>
>There have been several posts regarding my quest for a definitive
>statement regarding WHY the concept of "if you have nothing to hide
>then you have nothing to fear" is wrong. However these posts have
>consistently ignored the point I ended my post with, that examples
>do NOT make a point, they only illustrate one. The responses seen so
>far have been examples and lots of them, some good, some not, but
>examples none the less. So far no one has been able to write a
>concise explination of WHY they feel that this idea is wrong. We are
>all in agreement that the statement IS wrong. Why is everyone
>(myself included) having so much trouble comming up with a short,
>direct, statement of why?
> The Jester
>--
>"Only the blind see in color."
>"Any union based upon pigment is foolish ignorance designed to
>give power to those few who enjoy power's taste above the common
>welfare."
Now I see I must apologize for an intemperate response to Jester's
original post. I just joined this newsgroup and OF COURSE never
thought anyone else could respond cogently. We really are up
against the distinction between privacy and secrecy.
I can't deny that I do things--in a bathroom for instance--which I
don't wish observed. These are innocent matters, yet can involve very
strong desires for privacy, or even secrecy. Granting a right of
privacy here amounts to an aesthetic act of government. Life could
be lived, if my covert smoking, diet violations, love for adult lit.
etc., were all perforce public. But I would not like it.
Secrecy is a condition which everyone maintains over some aspect of
life. My .sig advocates abhorrence of secrecy, but sometimes it's
necessary. My riposte "--what if you are a gun collector?" was
intended to raise the self-protection fear that some gun collectors
might feel, if their collections became public knowledge. There
is a danger of burglary, if valuables are not concealed to some degree.
Enhancement of the law enforcement function would be a most important
reason to relinquish privacy, if law enforcement were perfect and
uncorruptible. But the spectre of another J. Edgar Hoover, hunting
who knows what, frightens me.
Many readers of this and other newsgroups are computer types. For me,
there is a fascination with the prospect of collating huge databases,
one with the other. The automated work of collecting call records,
for instance, to go with credit and purchase histories, augmented with
Census data, all leading to detailed profiles of all citizens; now
there's a challenge of truly admirable proportions! When I think of
this as a programmer, I envision beautiful paychecks. But when I see
myself as subject of this probing, I'm outraged. Let's not do it.
OK, folks. I've just preached to the converted. How do we get to
the heathen?
--
Chuck Bacon - crtb@helix.nih.gov ( alas, not my 3b1 )-:
ABHOR SECRECY - PROTECT PRIVACY
------------------------------
From: Chuck Bacon <crtb@helix.nih.gov>
Subject: Re: "IF you have nothing to hide..."
Date: Tue, 19 May 1992 23:53:50 GMT
In article <comp-privacy1.19.2@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
>One of the reasons that many people are against 'intrusive' laws is
>because they disagree with the rational "If you have nothing to
>hide, then you don't need to worry." However what I have failed to
>see is a single cogent explination of WHY the rational of "If you
>have nothing to hide, then you have nothing to fear" is a bankrupt
>one. Would anyone care to provide a concise explination of WHY the
>previously mentioned rational is wrong? And please, though examples
>are useful for illustration of a point, they do not make one.
> The Jester
The Jester wishes to remain anonymous. Perhaps a superior news package
would always provide your true identity. Nothing to hide? Then why
be anonymous? You have nothing to hide. Are you an atheist? -a gun
collector? -a homosexual? -a woman living alone? -did any of your
family ever change their surname legally? -do you like "adult" art?
None of the above? You really are a pretty dull shit.
And yes, I'm damned angry at the "nothing to hide" attack. I had it
pulled on me by police forty years ago, and it still grates. Police
types like to use it because most people get tongue-tied, trying to
express their outrage.
I'll appreciate it when everyone understands my .sig.
>--
> The Jester
>"You can lead a herring to water, but you have to walk really fast,
>or he'll die."-Stolen from my Evil Mistress (TM)
> NWILSON@MIAVX1.ACS.MUOHIO.EDU
--
Chuck Bacon - crtb@helix.nih.gov ( alas, not my 3b1 )-:
ABHOR SECRECY - PROTECT PRIVACY
------------------------------
From: Emmett <icsu8249@cs.montana.edu>
Subject: Re: Privacy and Law and Order (Long)
Date: 14 May 92 03:29:14 GMT
In article <comp-privacy1.18.3@pica.army.mil> John Higdon <john@zygot.ati.com> writes:
>> From: Conrad Kimball <cek@sdc.boeing.com> writes:
>
>> If I was given the option of selecting my line's default to be either
>> blocked or unblocked, with a '*' code to temporarily reverse the
>> default, I'd be a happy camper.
>
>Is this what it would take to satisfy you on the whole matter of CNID?
>This comes under the heading of "feature implementation" and is so
>trivial as be not worth mentioning, yet is would be, for you, the
>salvation of CNID. Incredible.
>
Key words there are 'for you'. As for the 'feature implementation'
argument, when is the last time you tried to get something changed
after you accepted delivery? It's always made sense to me to get it
right the first time. The fact that there is a controversy over
this issue at all should show you that not everyone believes it
would be offered as a feature.
[ Argument that privacy shouldn't be given up now that we have it, deleted ]
>And that, dear sir, is exactly why you and millions like yourself can
>get credit cards, debit cards, instant store accounts, bank lines of
>credit, property sale closures in days instead of months, and all of
>the financial conveniences that are taken for granted these days. Do
>you think that all of these companies and financial institutions would
>just hand you the money if they knew nothing about you? In Smalltown,
Do you think I would get letters about 'Terrific new products we're
just absolutely positve you'll love hearing about, even when we send
you yet another copy of this letter with a TENTH variant of your name
on it.' if they new nothing about me??
>after you had lived there for about ten years, Mr. Smith might just
>open a store account for you with a small limit. After another ten of
>showing a good payment history (as observed and recorded by Mr. Smith)
>you might get your limit raised. Of course all of this credit is only
>good at one place: Mr. Smith's.
>
>Today, your credit is portable and easily obtained at new locations.
>How did YOU think that it was possible to walk into a store for the
>first time in your life and open an account? Magic?
>
>> Must we tolerate (nay, even aid and abet!) repeats of the shoddy history
>> of credit bureaus such as TRW, in which the worst problem is not so much
>> that they have a lot of data (which some would argue is a problem in
>> itself), but rather that so much of the data they have is incorrect,
>> and use of which can seriously damage people.
>
>Then it should be corrected. I have done this myself; it is not hard.
>Without this extensive database, we would be forced back into a
>cash and carry society. While some may approve of that, there are many
>more who would not.
>
Your argument is that you and others who share your opinion feel you
would be inconvenienced if you were forced into a situation not of
your choosing or of your liking. Guess what my argument is.
>> Some people have raised concerns
>> about lifestyle data being fed to insurance companies, which being *very*
>> highly motivated to reduce risk, raise rates or refuse coverage in
>> situations that do not in fact warrant it. And, when they raise your
>> rates or refuse you coverage, how are you to know the basis for their
>> unjust decision?
>
>Try asking. Someone, somewhere started the "truism" that "they" are
>unreachable, untouchable, and have unlimited power. I have received
>such things as notices of cancellation and simply called the company to
>get an explanation. In some cases, after discussing the matter, the
>cancellation was rescinded. I am surprised that you give people so little
>credit for being able to pick up a phone or write letters of inquiry.
Why is this my responsibility?? These people are paid quite handsomely
for providing information that is presumed accurate by their customers.
Extending your line of reasoning leads to the argument that if I choose
to eat food that has been shipped to a grocery store in a truck, then I'm
responsible for doing maintainance work on the truck.
>Of course, failing to mention those avenues of redress gives more
>weight to your argument. And speaking of weight:
>
>> - The greenhouse effect.
>
>> - Smoking.
>
>> - Logging
>
>What do these things have to do with privacy? Is the implication that
>the consequences are on a par with these things? Is this the only way you
>can make your argument seem non-trivial? The most serious privacy
>violations that could occur in modern society will not kill, mame, or
>even cause much more than a minor annoyance or inconvenience. We are
>not talking disasterous global climate changes here. We are not talking
>500,000 deaths a year. We are not even talking about endangered
>species.
>
No, we're talking about minor annoyances and inconveniences. Frankly,
given a choice I'd just as soon avoid them. Besides, it's at least
as important to me as the issue of death from smoking (I don't smoke)
and will impact me personally a lot more than spotted owls (I doubt
I'll encounter a significant number of spotted owls in my liftime,
but I'm pretty sure I haven't seen the last of the annoyances and
inconveniances. Besides [ my turn to be dramatic ], falling two
feet is pretty minor by itself, but if they happen to be the last
two feet of a hundred foot drop, the results are noticable.
[ Bluster about things I consider irrelevant deleted ]
>
>There is someone who asserted in print that we are all going
>to get cancer because of electrical transmission lines. I would guess
>that you must be in favor of shutting down our electrical grid until
>someone proves him wrong. Never mind that it would disrupt our whole
>way of life, destroy the economy, and literally make it impossible for
>people to live in our cities. But we cannot take any chances now, can
>we?
>
Until you hit the bit about shutting down the cities, you weren't doing
too badly there. Shut 'em down says I. :-)
>So it is with privacy. A few very noisy people are running around
>announcing the death of all we hold near and dear because some nasty
>people can find out our little secrets. Shall we return to green visors
>and ledger paper until the theorists can come to a conclusion one way
>or another? Does it really matter?
>
For someone who was just complaining about making sweeping statements
just for effect, don't you think this is a bit much??
Personally I see it as a bandage. I'd rather do away with the nasty
people that can 'find out our little secrets'. As far as I'm concerned
it does matter.
If it were an ideal world, I can't think of anything I've personally done
in the privacy of my own home that I would really care one way or another
if the world knew about (a few things that might disturb my mother, but
such is life). Unfortunately, there are a lot of people in the world (and
even in Montana) who possess value systems that I choose not to subscribe
to. Some of them have the clout to be more than minor annoyances.
You used the metaphor of Smalltown, USA. In Smalltown, there was only
one Mrs. Grundy, if you include Tinytown and Diminuitive-ville to the
list we're talking about at least three Mrs. Grundys. How many do you
suppose live in the New York or LA areas alone? Can you really blame
me for not wanting to be forced to deal with them??
>
>--
> John Higdon | P. O. Box 7648 | +1 408 723 1395
> john@zygot.ati.com | San Jose, CA 95150 | M o o !
--
Larry Emmett v 'Computers are a lot like the God of the
Internet:icsu8249@cs.montana.edu /o\ Old Testament. A whole lot of rules
Bitnet: icsu8249@MtsUnix1.bitnet --- and no mercy.' -- Joseph Campbell
------------------------------
From: Gary Greene <garyg@netcom.com>
Subject: Re: Privacy is a right
Date: Wed, 20 May 92 08:34:58 GMT
Dennis;
I find it difficult to excise any of Bob Weiner's text. If you need to
go ahead, but it all appears relevant to me. --Gary
In comp.society.privacy Brian L. Kahn writes:
>In article <comp-privacy1.25.2@pica.army.mil> rsw@cs.brown.edu (Bob Weiner)
wri
tes:
> The matter is simple and much like the reason we have a presumption of
> innocence in the legal system. The burden should be on the accuser or
> in the case of privacy, on those who want to expose something.
> Basically, the view is that privacy, like presumption of innocence, is
> a right. There is no need to justify one's exercise of that right but
> there is need to justify infringement upon it.
>Nicely stated, but I can't accept the comparison between privacy and
>presumption of innocence. Privacy may be a right in some sense, and I
>sure wish it were explicitly in the constitution. ...
In some States it *is* part of the constitution (California at least).
>However, we are
>obliged to surrender this right in many instances, in exchange for
>privileges.
I believe Bob was saying that the burden was on the agency requiring
information to justify the requirement. Providing information does
not surrender any right to privacy per se, since private can mean
private to you and me, not just private to me. Information has a
proprietary nature as any software publisher will tell you. If I
give you access to information I own I can restrict your use of it
via copyright and license or other restrictions. The proprietary
nature of information and any right to privacy are very closely
related and are just as closely related to your right to be secure
in your person and your effects from seizure by either public or
private persons or by the government without due-process. Indeed,
I find it difficult envision the right to own property without the
right to hold it private to yourself (the old Libertarian saw, I know).
Getting back to information and privacy issues, even in states where a right
to privacy is not part of their constitution there are usually stringent
statutory restrictions on the agency's use and distribution of this
information ...at least restrictions on government agencies. In addition
the information requested must usually be substantively germane to the
purpose for which it is requested. For instance, it is difficult to
see how any state agency could issue a license without the name of the
person to whom it is being issued, and enough identifying information
so that any officer involved in enforcing the proper exercise of the
license to identify the person attempting to use the license. There
is a quid-pro-quo in applying for a service which must empower the
provider to *give* the service, else there is no enforcible contract.
The same is true in applying for a privelege.
Are you suggesting that a right to privacy must be absolute to exist?
Few if any such absolute rights exist, not even due-process.
>Your car has ID tags, and you have to carry a license
>with your name (and usually your picture) to operate on public roads.
>You have to identify yourself in order to use financial services
>(checks or credit), to rent items (tapes, tools, cars), to get service
>from public utilities. Can you even own property in a town without
>revealing your name?
These agencies and people may still be restrained under existing statute
and constitutional provisions (both state and federal) from disbursing
this information to others. I believe *this* is the point of privacy
disputes, and it is here that a right of privacy as Bob outlines it appears.
...Paragraph about surrenderable and unsurrenderable rights deleted...
>Perhaps the right we really have is a right to independence, not
>privacy. If you want to be alone and do everything for yourself, you
>may.
If so then we are in real trouble because I know of no one who is capable
of such complete independence short of discovering a new uninhabited desert
island. :-) If you can't do it, how could it be a right?
Cheers,
Gary Greene garyg@netcom.com (at home)
Santa Clara, California
------------------------------
Subject: SSN's and blood
Date: 19 May 92 18:33:54 EDT (Tue)
From: "John R. Levine" <johnl@iecc.cambridge.ma.us>
>The local red cross wanted my ssn when I gave blood. They got really
>ugly when I refused.
The people at the Red Cross can be remakably dense, particularly
considering that all their blood comes from unpaid volunteers. I donate both
here in Boston and at my beach house near Philadelphia. Both wanted my SSN.
Around here, there must be lots of privacy freaks because they all know
the routine for people who don't use an SSN. They make up an ID using the
first few letters of your name and your birth date which they can easily
look up if you don't have the card and don't remember the ID.
Down at the beach they were baffled when I told them that I didn't know my
SSN and didn't have it handy anywhere. (It's true, all my tax records are
up here.) They couldn't handle the alphanumeric ID on my Boston donor
card, evidently different Red Cross regions have different, incompatible
computer systems. So they took my unnumbered blood, begging me to call
them the moment I could find my number. Sure, uh huh, etc. About a month
later, the Philadelphia Red Cross sent me a donor card with a made up
number starting with four zeros. So they can deal perfectly well with
number-free donors, but their field people don't know about it.
Regards,
John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
------------------------------
From: "Michael H. Riddle, Esq." <bc335@cleveland.freenet.edu>
Subject: Re: Privacy in video rental records?
Date: Wed, 20 May 92 12:47:52 GMT
In a previous posting, NEELY_MP@darwin.ntu.edu.au (Mark P. Neely,
Northern Territory University)) writes:
>I picked this one off a mailing list...
>
>
>
> State Attorney John Tanner (Volusia Co, FL) has subpoenaed the rental
>records of two video shopkeepers to identify the individuals who rented
>one of four named explicit films.
>
> Ostensibily, the customers are only wanted as potential witnesses.
>Tanner states that he does not intend to prosecute any citizen whose
>name might be on this list. Both store owners are resisting, citing
>customers' rights to privacy. Tanner maintains people who rent material
>have no expectation of privacy.
* * *
> In a state known nationally for its revolving door prisons, it is
>shameful that Tanner is trying to make reelection hay out of this
issue.
>Hopefully he has underestimated the number of voters who occasionally
>view explicit films.
Hmm. It's apparently also a shame that they have prosecutors who appear
not to know the law! The post from the mailing list quotes Mr. Tanner
as
"mainatin[ing] people who rent material have no expectation of privacy."
I would respectfully disagree, at least with respect to video materials.
The Electronic Communication Privacy Act has rather detailed provisions
limiting access to video rental records. The pertinent portion is
reproduced below.
> TITLE 18 UNITED STATES CODE
> CHAPTER 121. STORED WIRE AND ELECTRONIC COMMUNICATIONS AND
> TRANSACTIONAL RECORDS ACCESS
>
> s 2710. Wrongful disclosure of video tape rental or sale records
>
> (a) Definitions. For purposes of this section-
>
> (1) the term "consumer" means any renter, purchaser, or
> subscriber of goods or services from a video tape service provider;
>
> (2) the term "ordinary course of business" means only debt
> collection activities, order fulfillment, request processing, and
> the transfer of ownership;
>
> (3) the term "personally identifiable information"
> includes information which identifies a person as having
> requested or obtained specific video materials or services from
> a video tape service provider; and
>
> (4) the term "video tape service provider" means any person,
> engaged in the business, in or affecting interstate or foreign
> commerce, of rental, sale, or delivery of prerecorded video
> cassette tapes or similar audio visual materials, or any person
> or other entity to whom a disclosure is made under subparagraph
> (D) or (E) of subsection (b)(2), but only with respect to the
> information contained in the disclosure.
>
> (b) Video tape rental and sale records.
>
> (1) A video tape service
> provider who knowingly discloses, to any person, personally
> identifiable information concerning any consumer of such provider
> shall be liable to the aggrieved person for the relief provided in
> subsection (d).
>
> (2) A video tape service provider may disclose personally
> identifiable information concerning any consumer-
>
> (A) to the consumer;
>
> (B) to any person with the informed, written consent of the
> consumer given at the time the disclosure is sought;
>
> (C) to a law enforcement agency pursuant to a warrant issued
> under the Federal Rules of Criminal Procedure, an equivalent State
> warrant, a grand jury subpoena, or a court order;
>
> (D) to any person if the disclosure is solely of the names and
> addresses of consumers and if-
>
> (i) the video tape service provider has provided the
> consumer with the opportunity, in a clear and conspicuous manner,
> to prohibit such disclosure; and
>
> (ii) the disclosure does not identify the title,
> description, or subject matter of any video tapes or other audio
> visual material; however, the subject matter of such materials may
> be disclosed if the disclosure is for the exclusive use of
> marketing goods and services directly to the consumer;
>
> (E) to any person if the disclosure is incident to
> the ordinary course of business of the video tape service provider;
> or
>
> (F) pursuant to a court order, in a civil proceeding upon a
> showing of compelling need for the information that cannot be
> accommodated by any other means, if-
>
> (i) the consumer is given reasonable notice, by the person
> seeking the disclosure, of the court proceeding relevant to the
> issuance of the court order; and
>
> (ii) the consumer is afforded the opportunity to appear
> and contest the claim of the person seeking the disclosure.
>
> If an order is granted pursuant to subparagraph (C) or (F),
> the court shall impose appropriate safeguards against unauthorized
> disclosure.
>
> (3) Court orders authorizing disclosure under subparagraph (C)
> shall issue only with prior notice to the consumer and only if the
> law enforcement agency shows that there is probable cause to
> believe that the records or other information sought are relevant
> to a legitimate law enforcement inquiry. In the case of a State
> government authority, such a court order shall not issue if
> prohibited by the law of such State. A court issuing an order
> pursuant to this section, on a motion made promptly by the video
> tape service provider, may quash or modify such order if the
> information or records requested are unreasonably voluminous in
> nature or if compliance with such order otherwise would cause an
> unreasonable burden on such provider.
>
> (c) Civil action.
>
> (1) Any person aggrieved by any act of a person
> in violation of this section may bring a civil action in a United
> States district court.
>
> (2) The court may award-
>
> (A) actual damages but not less than liquidated damages in
> an amount of $ 2,500;
>
> (B) punitive damages;
>
> (C) reasonable attorneys' fees and other litigation costs
> reasonably incurred; and
>
> (D) such other preliminary and equitable relief as the
> court determines to be appropriate.
>
> (3) No action may be brought under this subsection unless such
> action is begun within 2 years from the date of the act complained
> of or the date of discovery.
>
> (4) No liability shall result from lawful disclosure permitted
> by this section.
>
> (d) Personally identifiable information. Personally identifiable
> information obtained in any manner other than as provided in this
> section shall not be received in evidence in any trial, hearing,
> arbitration, or other proceeding in or before any court, grand
> jury, department, officer, agency, regulatory body, legislative
> committee, or other authority of the United States, a State, or a
> political subdivision of a State.
>
> (e) Destruction of old records. A person subject to this section
> shall destroy personally identifiable information as soon as
> practicable, but no later than one year from the date the informa-
> tion is no longer necessary for the purpose for which it was
> collected and there are no pending requests or orders for access
> to such information under subsection (b)(2) or (c)(2) or pursuant
> to a court order.
>
> (f) Preemption. The provisions of this section preempt only the
> provisions of State or local law that require disclosure prohibited
> by this section.
--
<<<< insert standard disclaimer here >>>>
mike.riddle@inns.omahug.org | Nebraska Inns of Court
bc335@cleveland.freenet.edu | +1 402 593 1192 (Data/Fax)
Sysop of 1:285/27@Fidonet | V.32/V.42bis / G3 Fax
------------------------------
From: Nelson Bolyard <nelson@bolyard.wpd.sgi.com>
Subject: Re: "IF you have nothing to hide..."
Date: Tue, 19 May 1992 20:53:50 GMT
blk@mitre.org (Brian L. Kahn) writes:
>
>
> ygoland@edison.seas.ucla.edu (The Jester) writes:
> >Would anyone care to provide a concise explination of WHY the
> >previously mentioned rational is wrong?
>
>
>This seems like a logical argument to me, but I would sure like to
>hear an argument (attitude, explanation, credo?) that better explains
>the assumptions behind discussions appearing in this group.
OK, try this on for size:
Personal privacy is prerequisite to, and the basis of, personal freedom,
autonomy, self-esteem, and interpersonal relationships.
People are willing to part with things they don't understand and don't
perceive as necessary. Unfortunately, the foundations of our rights and
freedoms are ill understood by the masses.
------------------------------
From: Ofer Inbar <cos@chaos.cs.brandeis.edu>
Subject: Public Battle Over Secret Codes, John Markoff, NYTimes May 7 (fwd from comp-privacy)
Date: Tue, 19 May 92 16:12:23 EDT
This is a New York Times article that was posted to the comp-privacy
mailing list (which is also the newsgroup comp.society.privacy),
regarding the recent 'trap door' bill. Incidentally, John Markoff,
the author of this article, is online at markoff@nisc.nyser.net
Note to comp-privacy moderator:
This article was originally submitted OCR'ed and uncorrected. I have
gone through and corrected most, if not all, of the OCR errors, so that
is why I am resubmitting. Use it if you wish.
Forwarded message:
>Date: Sat, 9 May 1992 16:11:11 -0400
>From: Monty Solomon <monty@proponent.com>
>Newsgroups: comp.society.privacy
>Subject: Public Battle Over Secret Codes, John Markoff, NYTimes May 7
>X-Submissions-To: comp-privacy@pica.army.mil
>X-Administrivia-To: comp-privacy-request@pica.army.mil
>X-Computer-Privacy-Digest: Volume 1, Issue 024, Message 1 of 6
>From: dlv@cunyvms1.gc.cuny.edu (Dimitri Vulis, CUNY GC Math)
>Newsgroups: sci.crypt
>Subject: Public Battle Over Secret Codes, John Markoff, NYTimes May 7
A Public Battle Over Secret Codes
By JOHN MARKOFF
THE NEW YORK TIMES, THURSDAY, MAY 7, 1992
An issue long relegated to testy grumbling between software engineers and
intelligence agents has suddenly grown into a public dispute between the
Bush Administration and business executives.
In a digital age that finds more and more information protected by
elaborate coding techniques, both sides are asking: Who should hold the
keys to the codes?
Not the Government, say members of an increasingly militant computer and
software industry. Apple Computer, Microsoft and Sun Microsystems are among
the companies vowing to oppose Federal efforts to keep tight control on the
use of coding technology, known as encryption.
``There is really no way to control this technology,'' said Nathan P.
Myhrvold, vice president for advanced technology at Microsoft. ``What are
you going to do, call up John Gotti and tell him that it's illegal to use
coded technology? All regulations do is hurt people who are trying to be
law-abiding and it's a nightmare for business users who are trying to
protect information.''
Technique available to all
Once a tool only of diplomats, military officers and spies, advanced
encryption techniques have become available to anyone with access to cheap
computer chips.
Nowadays, virtually all information can be translated into digital form and
protected with electronic codes --- whether it is a cellular telephone
conversation, electronic memo, medical record, corporate payroll, television
program or cash from the automated teller machine. And advances in hardware
and software have made these codes virtually uncrackable to anyone not
knowing the precise string of letters or numbers that represents the key to
translating the encrypted information.
A House Judiciary panel will hear testimony on the issue today, for the
second time in nine days, as Congress ponders whether to resurrect
legislation that would give intelligence officials a greater ability to
monitor the use of encryption by businesses and individuals.
An alternative move, favored by a growing number of industry executives,
would be to scale back Government control of computer encryption, by
curtailing the powerful National Security Agency's broad jurisdiction over
the private use and export of encryption technology. The President has
vowed to veto such a bill.
In his concluding remarks at last week's hearing, Representative Jack
Brooks, Democrat of Texas, chairman of the subcommittee, indicated that
business executives would have a chance in the next session to present their
case. ``We need to examine closely the claims by industry that the current
attempts by U.S. intelligence and law-enforcement agencies to restrict this
technology will seriously impair privacy and technological development in
our country'', he said.
Working on Differences
The computer industry had been trying for months to work out its differences
quietly with the N.S.A., the secretive Pentagon branch whose job it is to
protect the military's computers and conduct global electronic intelligence
gathering. But dissent within the industry and the convening of
Congressional hearings have brought the dispute into the open.
Since the first computers appeared in the 1940's, old-line manufacturers
like I.B.M. have traditionally cooperated --- however grudgingly --- with
national-security and law-enforcement officials to keep computer codes out
of the wrong hands and the keys in the right ones. Such cooperation was
wise in the days when the military and the Federal Government were the
largest computer customers. And during the cold war, it was easier for the
Government to defend its policies.
New Attitude Among Companies
But lately, the younger generation of companies that grew up selling
business computers, including Apple, Microsoft and Sun, has dug in its
heels. The companies argue that Government efforts to stifle encryption
technology is not only wrong but futile, putting American business at a
disadvantage to foreign competitors who face few constraints in creating and
using encryption.
``The most important security measures in which any of us engage in our
daily business no longer have anything to do with safes, locks, guards or
badges,'' said Whitfield Diffie, a computer researcher at Sun Microsystems
and one of the nation's leading cryptographers. ``Modern security
technology has transplanted written signatures and the simple act of
recognizing a colleague from the traditional world of face-to-face meetings
and pen-and-ink communications to a world in which digital electronic
communications are the norm.''
The banking industry is also concerned about the threat of legislation that
would force software makers to provide a ``trap door'', making it easier for
Federal agents to decipher encrypted files. The industry currently
transmits $350 trillion a year via encrypted wire transfers, and each day
United States banks transmit 350,000 encoded messages transferring funds to
other nations.
Changing encryption techniques not only would compromise the security of
computerized banking transactions but would cost many millions of dollars,
said John Byrne, general counsel for the American Banking Association.
But Government officials see any costs or inconveniences to business as the
trade-off for maintaining law and order. ``This is a very real problem'',
said Kier Boyd, deputy assistant director of technical services of the
F.B.I. ``Somebody who has a rudimentary knowledge of cryptography can
generate something on a personal computer which would give us fits as far as
reading it.''
The genie, indeed, is out of the bottle. Officials at the Information
Technology Association of America, a computer industry trade group, recently
obtained a copy of a commercial program called Cryptos written by
programmers in Moscow.
Cryptos, which runs on a standard I.B.M. personal computer, encodes data by
the two most popular techniques. One is the United States Data Encryption
Standard, which the N.S.A. established in 1977 to foster a commercial
encryption format that businesses could use (and the Govemment could read,
as needed). The second is known simply as RSA, an encryption format widely
adopted for business use; it was developed outside the N.S.A.'s sphere by
academic researchers. The Cryptos package, which is available in software
stores in Moscow, sells for about $200.
The encryption war between American industry and Government has been waged
on several fronts in recent months. Just last month, for instance, the
Justice Department began pressing Congress for a bill that would require
telephone companies to install equipment making wiretaps easier to conduct
in today's network. The limited introduction of encryption into the
telephone network, along with the widespread use of fiber optics and digital
transmitters, has made electronic eavesdropping much more difficult than in
the days when snoopers needed to do little more than hot-wire a copper phone
line.
And it was also last month that some industry executives began charging that
the N.S.A. had played a quiet role in limiting the strength of a proposed
cryptographic standard for future cellular telephones.
Opposing Needs
``The N.S.A.'s needs run almost directly counter to the economic needs of
the country, which include the development of high-technology products based
on cryptography'', said Marc Rotenberg, national director for the Computer
Professionals for Social Responsibility, a public interest group.
Before the International Business Machines Corporation introduced its newest
family of mainframes in 1991, I.B.M. tried for more than a year to persuade
the N.S.A. to allow it to build a special piece of hardware that would
automatically encode information processed by the new computers. Finally,
after unsuccessful meetings that went as high as Adm. William O. Studeman,
director of the agency at the time, and high-ranking I.B.M. officials, the
company threw up its hands. It now submits individual license requests for
each export sale --- and is frequently turned down.
Corporate executives and industry consultants who have experience in dealing
with the N.S.A. say that despite the end of the cold war and the growing
importance of cryptography for business purposes, they expect the agency to
continue resisting any fundamental challenges to its control.
Still, industry pressure has apparently led the agency to attempt to
negotiate a compromise with American software publishers.
The industry had originally backed trade legislation, still pending, which
would move control over cryptography exports from the N.S.A. to the Commerce
Department. But because the Bush Administration has threatened to veto the
legislation, the software publishers have quietly attempted to arrange a
deal.
But the largest American computer makers, including I.B.M. and the Digital
Equipment Corporation, have refused to participate in the negotiations,
saying privately that the weakened RSA would not be acceotable to their
customers.
The nominee for the job of director of the N.S.A., Rear Adm. John M.
McConnell, declined to be interviewed for this article. Michael S. Conn,
chief of information policy for the agency, said that national security
concerns with cryptogrgaphy could not be dealt with in a public debate. But
the agency, he said, remains confident that it can ``continue to meet our
mission demands in light of advances in technology.''
---
Caption: Representative Jack Brooks of Texas is chairman of the subcommittees
hearing testimony on whether legislation should be resurrected to give
intelligence and law-enforcement officials greater ability to monitor the use
of coding technology by businesses and individuals.
---
Box: The Encryption Tug-of-War
As computers left the laboratory and entered mainstream business life, the
need for privacy of electronic data and communications followed.
Researchers and the Government's national security apparatus have wrestled
over standards and secrecy ever since.
1976 Public key approach is proposed
Martin E. Hellman of Stanford University and his colleagues, Whitfield
Diffie and Ralph Merkle, conceive a new, more practical way to protect
information. One mathematical key that can be made public is used to encode
the information, but a second, secret key is needed to decypher it.
1977 D.E.S. becomes national standard
The National Bureau of Standards and the National Security Agency define the
first public national encryption standard, known as the Data Encryption
Standard. Because the N.S.A. shortened the standard's proposed mathematical
key, some cryptographers say it could be broken by powerful computers.
1978 Government clapms down on researcher
Using an obscure patent law provision, the N.S.A. orders a University of
Wisconsin computer scientist, George I. Davida, to keep secret all details
of a computer security device he has developed or face two years in jail and
a $10,000 fine.
1980 Security review of reserach papers begins
A groups of United States mathematicians and computer scientists decide to
voluntarily submit cryptography reserach papers to the N.S.A. for review
before they are published in scientific journals.
1991 Scientists partly crack the code
Two Israeli scientists, Adi Shamir and Eli Bhiman, develop the first
mathematical technique capable of breaking the D.E.S. code under certain
limited circumstances.
1991 Industry attempts a compromise
Software executives propose a deal with the N.S.A. that would allow export
of a scaled-down version of a popular encryption format for business users.
I.B.M. and other industry critics refuse to participate in the
negotiations, saying the compromises would make codes too easy to crack.
The N.S.A. has not yet reached a decision on the proposal.
------------------------------
From: "Osborne, John Blair" <gt1032b@prism.gatech.edu>
Subject: Re: An answer to "IF you have nothing to hide..."
Date: 20 May 92 07:25:18 GMT
In <comp-privacy1.29.13@pica.army.mil> charest@ai-cyclops.jpl.nasa.gov (Len Charest) writes:
>In article <comp-privacy1.26.5@pica.army.mil>, ygoland@edison.seas.ucla.edu (The Jester) writes:
>|>
>|> There have been several posts regarding my quest for a definitive
>|> statement regarding WHY the concept of "if you have nothing to hide
>|> then you have nothing to fear" is wrong. However these posts have
>|> consistently ignored the point I ended my post with, that examples
>|> do NOT make a point, they only illustrate one. The responses seen so
>|> far have been examples and lots of them, some good, some not, but
>|> examples none the less. So far no one has been able to write a
>|> concise explination of WHY they feel that this idea is wrong. We are
>|> all in agreement that the statement IS wrong. Why is everyone
>|> (myself included) having so much trouble comming up with a short,
>|> direct, statement of why?
>Perhaps you missed this...
>In article <comp-privacy1.23.2@pica.army.mil>, michael.scott.baldwin@att.com writes:
>|> Let me try, without using examples: the definition of what it is that you
>|> have to "hide" rests with the government, not you. If the legal system
>|> creates bankrupt laws that make your private life punishable, then you end
>|> up hiding and fearing for simply living your life and pursuing your own
>|> happiness.
>BTW, I assume that since "we are all in agreement that the statement is wrong", you were just playing devil's advocate in your original post vis a vis your 'nom de net', Mr. Jester.
> ..................................................
> Len Charest, Jr.
> JPL Artificial Intelligence Group
> charest@aig.jpl.nasa.gov
First, sorry to quote all of this--possibly wasted bandwidth. Oh, well.
I think the real problem (of Jester's original post) relates to how
we define "nothing to fear". If we assume only criminal fear, then
his statement (If nothing to hide, nothing to fear...) is most likely
logically correct. The actual problem is we have much more to fear
than simply criminal convictions. I cannot imagine anyone who lives
a life that could please every single little (interest) group. This
means everyone has good reason to "hide" certain aspects of their
private lives from public view. The reasons "honest" people "hide"
things are numerous, and many examples have been given. "Honest"
people "hide" things to avoid embarrassment, harassment, and persecution
for any of the legal (but possibly disliked) things they do.
I think many of the posters have discounted the motivation provided
by a desire to avoid embarrassment, harassment, and persecution
outside of the legal system.
As to "hiding" behavior that is illegal due to a "wrong" law, I
think rational people can disagree here. I can see where some
people might feel laws (even bad ones, unless/until changed) must
be respected, or the system fails to function. I can also see
where some people might feel the right thing to do would be to
make the law unenforceble by making it impossible to "catch"
someone breaking it. I think the best thing to do in a case
like this, would be to change the law. This is not always practical
or possible however.
Oh, well. Just my thoughts on the matter.
Flames and mail welcome.
John
John Blair Osborne
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: gt1032b@prism.gatech.edu
uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt1032b
--
John Blair Osborne
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: gt1032b@prism.gatech.edu
uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt1032b
------------------------------
From: Paul Robinson <ptr@adlman.ssg.lkg.dec.com>
Subject: Re: "IF you have nothing to hide..."
Date: 19 May 92 22:58:55 GMT
Reply-To: probinson@ultra.enet.dec.com
In article <comp-privacy1.30.12@pica.army.mil>, ygoland@edison.seas.ucla.edu (The Jester) writes:
|I am working with a friend of mine
|to learn and understand public key encryption. We are doing this
|mostly because its a really 'nifty' problem that we both want to
|learn more about. At the end of our 'educational' drive we intend to
|write a paper, in as plain english as possible, explaining to
|everyone EXACTLY how public key works
It shouldn't be taking you this long, unless you're trying to
comprehend the bowels of a specific public key algorithm (there are
several). Describing how a specific algorithm works is overkill if
what you want is to get people onto the public key bandwagon. Unless
you're trying to prove that it's hard to derive one key of a pair from
the other, and it's hard to believe that no such proof exists in a
readable form.
|and in addition we intend on
|producing a program that will provide the most secure public key
|encryption possible on today's pc (it will be in ansi C with
|variable strength based upon processor speed so anyone on any
|machine can run it).
The strength of public key algorithms is directly related to key
length, which I suppose makes it easy to adjust based on processor
speed. A more useful and friendly program would let me, the user,
decide what strength I wanted, knowing that greater strength would
require more CPU time.
I'm curious; how do you plan to associate public keys with people? I
can't send a secret message to you unless I know your public key; what
agent can I trust to give me your public key correctly?
Furthermore, if you upgrade your PC and therefore decide to increase
your encryption strength, you will necessarily change your key (it
will become longer). How will I know that? And how will you know
which of your various public keys was used to encrypt the message I
sent you?
| ...[implications of public key encrypted communication deleted]...
|
|On a final note:The program I intend to release is freeware. However
|I refuse to believe the someone, somewhere, hasn't done this before!
|All the information on public key is available in any good library
|and the actual principals are quite simple (I could release the
|program today if I didn't bother trying to understand WHY what I was
|doing actually worked). Isn't there a public key encryption program
|out there some place?
It has been done before. As I recall, the program was withdrawn
because any such program would violate one or more patents (according
to those who own the patents). At least one of these patent owners
is, how shall I say it, very vigorous in his pursuit of those who
would infringe upon his patents.
|And a final note:I have no intent of ever using a government
|sponsored public key encryption system. With laws such as the one
|going through congress that requires all encryption systems to have
|back doors the government can use, with laws requiring phone
|companies to have equipment that the FBI can easily trace, and with
|holes already found in the current proposed government (nsa?) public
|key encryption standard, I don't trust the government any farther
|than I can throw it.
Holes found in NIST DSS? I've heard a lot about its unsuitability for
the stated purposes, and lack of confidence due to the comparatively
short time that it has been under analysis, but nothing about any
actual holes.
Paul Robinson
It's not DEC saying it, it's me saying it.
------------------------------
From: Peter Gorny <Peter.Gorny@arbi.informatik.uni-oldenburg.de>
Subject: Re: Cordless Phones
Date: Tue, 19 May 1992 16:31:55 GMT
jangerma@magnus.acs.ohio-state.edu (Jake Angerman) writes:
>lupine!mellon@uunet.uu.net (Ted Lemon) writes:
>>Privacy *is* important. While it's impossible to prevent Joe Random
>>Loser from listening in on your cellular phone conversations....
oops - there is a difference between c-phones (a public telephone
system on radio basis) and the cordless phones you use at home or in
your office -- there you have a single main station and one remote
station only.
>How would someone go about doing this? If my neighbor and I both
>have cordless phones, why is it that when I pick mine up I don't
>home-in on their conversation?
That is in fact what happens - hidden for your ears. The phone listens
into 40 (or 80 or more) channels and picks the first unoccupied for
your use.
The newer systems have a complicated security system, which does not
only prevent others from listening to your conversation but also to
use your account. (Exactly this "homing-in" possibility it the reason
why in most European countries it is forbidden to use normal cheap
cordless phones as you can by them in the US)
>Can you run out of frequencies?
Yes, you can...
Peter Gorny
------------------------------
Subject: Re: Free TRW Credit Report
Date: Tue, 19 May 92 17:54:08 EDT
From: shaw@shaw.vitruvius.cs.cmu.edu
In article <comp-privacy1.14.2@pica.army.mil> you write:
|> In article <comp-privacy1.10.9@pica.army.mil> michael@xanadu.com (Michael McClary) writes:
|> >Note, by the way, that many banks and credit-card providers make the
|> >last month-or-so of your account history available over the phone to
|> >anyone who can touch-tone in the account number and your zipcode or
|> >SS number.
|>
|> Well, Fleet Bank, when they send you your statement, gives you an
|> extra code to punch in for your account information. Nice of them...
|> --------------------
A few years ago my bank (Pittsburgh National) started offering this
"service". If I recall correctly, it used account number and SSN for
id. Quite a number of us demanded to have it disabled for our accounts.
After considerable discussion in which the bank tried to persuade us
that we really wanted the service, they allowed us to disable it (in
writing) on a per-account basis.
Mary Shaw
Mary.Shaw@cs.cmu.edu
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 19 May 92 20:45:10 GMT
In article <comp-privacy1.29.12@pica.army.mil> egdorf@zaphod.lanl.gov (Skip Egdorf) writes:
[Excellent discussion of basic logic that i was fully aware of and
am now beating myself for not remembering.. i.e. the basic if-then
conclusion with a false f means a true then]
>How do we discuss this from this point?
>
In point for discussion remaining is:Which right is worth more? Your
right to privacy or society's right to be protected from criminals?
The Jester
--
"Only the blind see in color."
"Any union based upon pigment is foolish ignorance designed to
give power to those few who enjoy power's taste above the common
welfare."
------------------------------
End of Computer Privacy Digest V1 #032
******************************