Date: Fri, 22 May 92 13:55:50 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#034
Computer Privacy Digest Fri, 22 May 92 Volume 1 : Issue: 034
Today's Topics: Moderator: Dennis G. Rears
[J. Michael Blackford: Re: Privacy is a right]
Re: Privacy is a right; protection from criminals is not.
Re: Computer Privacy Digest V1#033
Re: Cordless Phones
Some technical corrections (was Re: cordless phones)
Re: Privacy is a right
Re: Privacy is a right
Re: Privacy is a right
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Fri, 22 May 92 10:00:32 EDT
From: Brinton Cooper <abc@brl.mil>
Subject: [J. Michael Blackford: Re: Privacy is a right]
> Interesting ... and the bartender only has the right to know if the
> customer is over a certain age ... but, he usually gets to find out
> the date the customer was born. This is a simple example of a plethora
> of instances wherein our "right to privacy" in infringed upon by a
> requirement for too much information. Why not issue color-coded
> driver's licenses? One color for minors, another for adults?
In fact, the State of Maryland does just that. I don't think it's
color, but when my son was at the borderline age (circa 21), it was
whether your picture was full-face or profile. Come to think of it,
background color may have been different, too. Can another Marylander
verify?
_Brint
------------------------------
Date: Fri, 22 May 92 9:57:41 EDT
From: Brinton Cooper <abc@brl.mil>
Subject: Re: Privacy is a right; protection from criminals is not.
Bob Weiner <rsw@cs.brown.edu> discusses whether there is a conflict
between alleged privacy rights and society's alleged right to be
protected from criminals:
| There are privacy rights and a number of these are codified in law.
| There is no legal or moral right that compels society to protect
| everyone from potential criminals by using all means possible to
| establish evidence that implicates them in criminal behavior.
Leaving aside the "all means possible" part of the argument, the
conflict seems to remain.
1. One purpose of the US Constitution is "...to ensure domestic
tranquility..." This seems to express a requirement of the government
to "protect" its citizens.
2. Another part of the US Constitution protects us from illegal
search and seizure, and a basic tenet of the Constitution is that rights
which are not specifically delegated to the federal or state governments
are retained by "the people." These two seem to express the right of
citizens to expect privacy in their dealings with government.
Unfortunately, "fundamental right infringement" has been with us almost
from the beginning. Nowhere does the Constitution exempt from freedom
of speech the yelling of "Fire!" in a crowded movie theater. Yet, those
who would limit fundamental civil liberties use this example to bolster
their claims of propriety in civil liberty limitations.
The battle to retain your rights, any of them, is never over.
_Brint
------------------------------
Date: Thu, 21 May 92 17:24:33 PDT
From: Conrad Kimball <cek@sdc.boeing.com>
Subject: Re: Computer Privacy Digest V1#033
John Artz <jartz@bassoon.mitre.org> writes:
>| other than myself. If I have a right to control that information, then
>| I should also have a right to prevent people from gossiping about
>| me, since that also includes disclosure of possibly incorrect private
You do, to some extent, by virtue of slander and libel laws - I am not
free to say untrue things about you that damage you.
>| information. Controlling the dissemination of information about
>| ourselves just doesn't work in the long run.
Some of the Scandinavian countries are trying. Collectors of information
must notify those who are in the databases, I think, along with some other
restrictions or rights of the individual that I don't remember now.
Simply because one can't totally prevent personal information from being
spread doesn't mean we should give up and make the situation worse. Should
we get rid of the police simply because we can never completely eliminate
crime?
>| Does the right to privacy also include the right to anonymity ? If
>| I am walking down a dark street at midnight and someone challenges
>| me to identify myself, do I have the right to withhold that information.
You sure do. You don't have to carry ID, and furthermore you are free to
assume as many identities or aliases as you wish, so long as you don't use
them to commit fraud.
>| I think that information about people should be freely accessible by
>| anyone who is interested in it. I further think that we are attacking the
I'm incredulous! Do you *really* want everyone to know *everything* about
you? I'll leave it to others to point out the many ways information about
you can be unjustly used to your detriment, without you ever knowing about
it or being able to remedy the situation. It's bad enough now, and you
want to make it worse?
Conrad Kimball | Deliv. Sys. Tech Support, Boeing Computer Services
cek@sdc.boeing.com | P.O. Box 24346, MS 7A-35
(206) 865-6410 | Seattle, WA 98124-0346
------------------------------
From: David Lemson <lemson@ux1.cso.uiuc.edu>
Subject: Re: Cordless Phones
Date: Fri, 22 May 1992 04:04:34 GMT
Peter.Gorny@arbi.informatik.uni-oldenburg.de (Peter Gorny) writes:
>jangerma@magnus.acs.ohio-state.edu (Jake Angerman) writes:
>>How would someone go about doing this? If my neighbor and I both
>>have cordless phones, why is it that when I pick mine up I don't
>>home-in on their conversation?
>That is in fact what happens - hidden for your ears. The phone listens
>into 40 (or 80 or more) channels and picks the first unoccupied for
>your use.
>The newer systems have a complicated security system, which does not
>only prevent others from listening to your conversation but also to
>use your account. (Exactly this "homing-in" possibility it the reason
>why in most European countries it is forbidden to use normal cheap
>cordless phones as you can by them in the US)
There are ten (*10*) frequencies allocated for cordless phones in
the 46 MHz spectrum in the US. That is all. As to why you can't
pick up your neighbor's phone if you're on the same frequency, the
reason is that most phones incorporate a rudimentary security system
(that DIP switch you have to match up between the base and handset).
It is by no means secure, but it is enough to keep most people from
getting a dial tone from your base without a lot of work.
There are one or two digital cordless phones now, some of which use
the 800 MHz spectrum. Those are much more secure. I read that
Motorola makes one now.
Beware "Digital security". This means that it has the codes so that
no one can pick up your line (at least not easily). Most likely,
the voice transmissions are still analog. Anyone can buy a scanner
at Radio Shack and listen in to those frequencies. I have picked up
cordless phones up to a mile away with a handheld radio shack (old)
scanner.
BTW, in most states, it is not illegal to listen to cordless phone
calls. It is, however, a felony to divulge information to anyone
else about what you heard.
(It is illegal to listen to cellular conversations, though).
One of the more secure analog cordless phones I heard is a Sony that
allows you to scan the channels and pick the cleanest on the fly.
Just hit the 'scan' button and it will probably switch frequencies.
One more note: most phones don't use the security for phone ringing
or the 'page' feature, so if your neighbor has a phone on the same
frequency, it is possible your cordless phone could ring whenever he
gets a call (whether his cordless is turned on or not...the base
unit is almost always powered and transmitting).
--
David Lemson (217) 244-1205
University of Illinois NeXT Campus Consultant / CCSO NeXT Lab System Admin
Internet : lemson@uiuc.edu UUCP :...!uiucuxc!uiucux1!lemson
NeXTMail accepted BITNET : LEMSON@UIUCVMD
------------------------------
Subject: Some technical corrections (was Re: cordless phones)
From: John Stanley <stanley@phoenix.com>
Date: Thu, 21 May 92 22:03:48 PDT
In a recent digest, none@gmuvax2.gmu.edu writes:
>Each cordless phone communicates with it's base via a particular
>frequency. If by chance your neighbor's and your cordless phones both
>operate on the same frquency (possible but statisticly improbable)
In the US, the current cordless phone allocation is 10 channels. There
is, I believe a new allocation in the 900 MHz range, but the phones
you buy today are most likely 49 MHz versions.
Being that there are only ten channels, it is a statistical certainty
that there will be duplicates once there are 11 phones in a
neighborhood.
>Cellular phones are a slightly different case. Each phone is registered
>on a network, just like your computer is, and is given a unigue address
>on that network. Your cellular phone will only work on that one network,
>not on the one in the nextdoor.
Cellular phones certainly will work on the one "in the nextdoor". It is
called roaming, and cellular companies generally charge horrendous rates
for it. Because they charge these rates, they will gladly allow you
to use your phone in their area.
>Note the difference with cordless
>phones. You can plug a cordless phone into any active phone jack and
>dial out, and anyone knowing the address of the jack can dial in.
Just as you can dial out with a cellular phone while roaming, and (with
Follow-Me Roaming) anyone knowing the address of the jack can dial in.
>Tapping of cellular phones is illegal because it implies requires that
>an effort be made to determine someones address and tap into it.
No, "tapping" of cellular phones is illegal because the cellular phone
companies chose to lobby Congress to make it illegal in an attempt
to maintain some vestige of privacy where there really is none.
>Basicly, cordless phones do not utilize any private
>addressing, which is why there are no laws prohibiting their tapping.
Basically, cordless didn't have as good a lobby as cellular.
>One final note, cellular phones aren't as secure as we would like to
>think. A friend of mine often picks up cellular phone calls on her
>shortwave radio.
Doubtful. Maybe old style cordless phones. Or maybe it isn't just a
shortwave radio. Cellular allocations are well above shortwave, while
old cordless phones used a section of the spectrum just above AM
broadcast.
------------------------------
From: "Life..." <gberigan@cse.unl.edu>
Subject: Re: Privacy is a right
Date: Fri, 22 May 1992 15:41:05 GMT
jmb@netcom.com (J. Michael Blackford) writes:
>Interesting ... and the bartender only has the right to know if the
>customer is over a certain age ... but, he usually gets to find out
>the date the customer was born. This is a simple example of a plethora
>of instances wherein our "right to privacy" in infringed upon by a
>requirement for too much information. Why not issue color-coded
>driver's licenses? One color for minors, another for adults? Because
>no government agency has any interest in protection of privacy rights.
Um, check the color of the background for your picture. At least here,
they use a different color for adults. With driver's licences being
... reissued? ... every 4 years, if one wants the red background when
they're 21, they'd have to buy a licence when they are 20, and then
again when they are 21, with next one due at age 24. Takes in a bit
more money. Possibly also gets you on a list for possible drunk
drivers.
>Mike Blackford Internet: jmb@netcom.com
>Fax: (408) 973-0514 Compu$erve: 72345,66
I don't drink, so I haven't bothered going in to get a red background.
Mine's still blue.
--
/// ____ \\\ | CAUTION:
| |/ / \ \| | | Avoid eye contact. In case of contact, flush
\\_|\____/|_// | mind for 15 minutes. See a psychiatrist if
\_)\\/ | irritation persists. Not to be taken
gberigan `-' cse.unl.edu | seriously. Keep out of sight of children.
------------------------------
From: "Phillip J. Birmingham" <birmingh@fnalf.fnal.gov>
Subject: Re: Privacy is a right
Date: Fri, 22 May 1992 16:25:59 GMT
In article <comp-privacy1.33.9@pica.army.mil>, jmb@netcom.com (J. Michael Blackford) writes:
> Interesting ... and the bartender only has the right to know if the
> customer is over a certain age ... but, he usually gets to find out
> the date the customer was born. This is a simple example of a plethora
> of instances wherein our "right to privacy" in infringed upon by a
> requirement for too much information. Why not issue color-coded
> driver's licenses? One color for minors, another for adults? Because
> no government agency has any interest in protection of privacy rights.
Not sure whether you're being sarcastic here, or not, but some
states take your picture in profile if you are a minor. In any case,
if the term of your DL doesn't end on your 21st birthday, you're gonna
have to trudge down to DMV (a real pain in the ass in some places) to
get a new one. I'm a privacy freak, but I'm a convenience freak, too.
--
Phillip J. Birmingham birmingh@fnal.fnal.gov
I don't speak for Fermilab, although my mouth is probably big enough...
------------------------------
Subject: Re: Privacy is a right
From: "Roy M. Silvernail" <cybrspc!roy@cs.umn.edu>
Date: Thu, 21 May 92 22:09:01 CDT
"J. Michael Blackford" <jmb@netcom.com> writes:
> Why not issue color-coded
> driver's licenses? One color for minors, another for adults?
Alaska does just that, or at least, they did up until I left in 1990.
The background color of the photo indicates whether the licensee is old
enough to imbibe.
Of course, the bouncer still looks at the whole license, to determine if
it has been altered.
--
Roy M. Silvernail -- [] Call your Congressman and urge support of HR3515!
roy%cybrspc@cs.umn.edu [] Your Senator should support S. 2112, too!
cybrspc!roy@cs.umn.edu [] Protect equal access to the telephone network!
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 22 May 92 09:42:06 GMT
In article <comp-privacy1.32.3@pica.army.mil> crtb@helix.nih.gov (Chuck Bacon) writes:
>And yes, I'm damned angry at the "nothing to hide" attack. I had it
>pulled on me by police forty years ago, and it still grates. Police
>types like to use it because most people get tongue-tied, trying to
>express their outrage.
>
Fine, be angry, but do try and not take it out on me. In addition
the point you make is the second reason why I started this thread.
(The first being questions regarding public key encryption) I too
become tongue-tied when I try to explain why the idea of "nothing to
hide" is nonsence. I was trying to look for a simple, clear, answer
that would make it clear to anyone with an i.q. measurable in
positive integers that the idea of 'nothing to hide' is a one way
ticket to hell. While I have heard many EXCELLENT discussions on the
topic (and one truly inspired logical examination) there still has
been a lack of a simple explination. I am begining to think that
such an explination just doesn't exist. Oh and saying "because the
government is evil" won't work on a cop. =)
The (finger me if you care what my name is) Jester
--
The Jester
"The Arabs want us dead. We want to be alive. Compromise between
these two positions is not exactly easy."-Golda Meir (Stolen from
rivk@quads.uchicago.edu)
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 22 May 92 09:56:12 GMT
In article <comp-privacy1.32.11@pica.army.mil> probinson@ultra.enet.dec.com writes:
>In article <comp-privacy1.30.12@pica.army.mil>, ygoland@edison.seas.ucla.edu (The Jester) writes:
>
[Statement regarding attempt to write a paper on public key]
>
>It shouldn't be taking you this long, unless you're trying to
>comprehend the bowels of a specific public key algorithm (there are
>several). Describing how a specific algorithm works is overkill if
>what you want is to get people onto the public key bandwagon. Unless
>you're trying to prove that it's hard to derive one key of a pair from
>the other, and it's hard to believe that no such proof exists in a
>readable form.
>
It should take this long if your stupid or if your starting from the
begining. The project is on hold for three weeks while finals are
delt with. Then we will be reading a book loaned to us on modulo
arithmetic and some medium level number theory. We are starting from
the very foundations of number theory and working our way up.
[Statement regarding desire to produce a variable strength
encryption program]
>
>The strength of public key algorithms is directly related to key
>length, which I suppose makes it easy to adjust based on processor
>speed. A more useful and friendly program would let me, the user,
>decide what strength I wanted, knowing that greater strength would
>require more CPU time.
>
Actually the program will be produced in layers. The innermost layer
will be a function call in C which is given the message and the key
and then applies the key to the message (either decoding or
encoding, we intend to use an rsa type key so that the process will
be interchangable). We will also have another, as yet unspecified
function, that will be generate the key. How this is done will be
decided by the particular form of public key we choose. But it will
probably be a function call accepting a key length and a certain
amount of 'data'. Outside of these two functions, everything else
will just be shells to make them easier. We both expect, if we come
up with a good enough standard, that others will develop nicer
shells for the functions. In addition it was pointed out that using
public key to transmit a private key and then using the private key
to initiate private key communications would be more efficient.
>I'm curious; how do you plan to associate public keys with people? I
>can't send a secret message to you unless I know your public key; what
>agent can I trust to give me your public key correctly?
>
At the moment, the only agent is either personal contact, mail, or
e-mail. Both of us expect 'public key databases' to be formed. But
with the newness (relatively) of the technology to the open forum,
things are going to take awhile to 'gel'. We are not trying to lead
the way into Public Key. We just find the question facinating and we
desire to share our results with those who too might be interested.
What happens from there is of little concern to us. College tends to
'limit' ones scope of interest.
>Furthermore, if you upgrade your PC and therefore decide to increase
>your encryption strength, you will necessarily change your key (it
>will become longer). How will I know that? And how will you know
>which of your various public keys was used to encrypt the message I
>sent you?
>
These are all procedural questions that will be answered as public
keys actually get used. If you just want 'a answer' I can make
something up.. you can include the public key used to encrypt the
message in the header of the message so the user's system can match
that key against it's own database and then use the matching
decryption key to decrypt the message.
[Note that a hole was found in NIST DSS]
>
>Holes found in NIST DSS? I've heard a lot about its unsuitability for
>the stated purposes, and lack of confidence due to the comparatively
>short time that it has been under analysis, but nothing about any
>actual holes.
>
A couple of months back on sci.crypt there was a discussion about an
analysis of the key protocol that showed that under certain
circumstances the key generation method would have a statistical
tendancy toward a certain range. Far from a massive error, quite
possibly the result of trying to push a product to market to
quickly, or perhaps the biggest error the government could push in
and still hope not to have noticed.
The Jester
--
The Jester
"The Arabs want us dead. We want to be alive. Compromise between
these two positions is not exactly easy."-Golda Meir (Stolen from
rivk@quads.uchicago.edu)
------------------------------
End of Computer Privacy Digest V1 #034
******************************