Date: Mon, 27 Jul 92 09:57:51 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#066
Computer Privacy Digest Mon, 27 Jul 92 Volume 1 : Issue: 066
Today's Topics: Moderator: Dennis G. Rears
CPSR Recommends NREN Privac
re: cellular phones/encryption/privacy
Re: 800 numbers (Re: Caller ID decision)
Re: Computer Privacy Digest V1#065
Re: Administrivia
Re: Phone Tap in Murder Case Ruled Illegal
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Organization: CPSR, Washington Office
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 24 Jul 1992 17:25:04 EDT
Subject: CPSR Recommends NREN Privac
CPSR Recommends NREN Privacy Principles
=============================================================
PRESS RELEASE
July 24, 1992
CPSR Recommends NREN Privacy Principles
WASHINGTON, DC -- Computer Professionals for Social
Responsibility (CPSR), a national public interest
organization, has recommended privacy guidelines for the
nation's computer network.
At a hearing this week before the National Commission on
Library and Information Science, CPSR recommended a privacy
policy for the National Research and Education Network or
"NREN." Marc Rotenberg, Washington Director of CPSR, said
"We hope this proposal will get the ball rolling. The
failure to develop a good policy for the computer network
could be very costly in the long term."
The National Commission is currently reviewing comments
for a report to the Office of Science and Technology Policy
on the future of the NREN.
Mr. Rotenberg said there are several reasons that the
Commission should address the privacy issue. "First, the
move toward commercialization of the network is certain to
exacerbate privacy concerns. Second, current law does not do
a very good job of protecting computer messages. Third,
technology won't solve all the problems."
The CPSR principles are (1) protect confidentiality, (2)
identify privacy implications in new services, (3) limit
collection of personal data, (4) restrict transfer of
personal information,(5) do not charge for routine privacy
protection, (6) incorporate technical safeguards, (7) develop
appropriate security policies, and (8) create an enforcement
mechanism.
Professor David Flaherty, an expert in telecommunications
privacy law, said "The CPSR principles fit squarely in the
middle of similar efforts in other countries to promote
network services. This looks like a good approach."
Evan Hendricks, the chair of the United States Privacy
Council and editor of Privacy Times, said that the United
States is "behind the curve" on privacy and needs to catch up
with other countries who are already developing privacy
guidelines. "The Europeans are racing forward, and we've
been left with dust on our face."
The CPSR privacy guidelines are similar to a set of
principles developed almost 20 years ago called The Code of
Fair Information practices. The Code was developed by a
government task force that included policy makers, privacy
experts, and computer scientists. The Code later became the
basis of the United States Privacy Act.
Dr. Ronni Rosenberg, who has studied the role of computer
scientists in public policy, said that "Computer
professionals have an important role to play in privacy
policy. The CPSR privacy guidelines are another example of
how scientists can contribute to public policy."
CPSR is a membership organization of 2500 professionals in the
technology field. For more information about the Privacy Policies
and how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302.
415/322-3778 (tel) and 415/322-3798 (fax). Email at
cpsr@csli.stanford.edu.
=============================================================
------------------------------
From: Edward Bertsch <eab@msc.edu>
Subject: re: cellular phones/encryption/privacy
Date: Fri, 24 Jul 92 17:26:09 CDT
->From: Leonard Erickson <leonard@qiclab.scn.rain.com>
->Subject: Re: cellnet privacy?
->Reply-To: 70465.203@compuserve.com
->
->keith.willis@almac.co.uk writes:
->
->> I wonder how long it is going to be before the business
->> Cellphone users realise that all their conversations made
->> over the Cellnet are easily intercepted, in 'cleartext',
->> with a cheap shortwave scanner? I managed, completely
[keith was able to listen in to a phone call...]
->
->> Presumably the legal position on this is similar to police
->> radio; one can overhear, but not act on the information
->> received?
->
->Are you sitting down? Here in the US, rather than deal with this
->by adding encrypted transmission options, the cellular phone industry
->got together and convinced Congress to make monitoring cellular
->calls *illegal*. Even if you *don't* tell anyone.
this is the crux of this whole stupid deal. The reason they did
this is they (the police, the other bozos in this buearacracy
we call the US/State/County/City government and their friends
in the narco-military-industrial-complex want to be able to listen
in to your phone calls, and have acted to slow the use of data
encryption in general, whether it be in cellular phone calls or
in copies of Microsoft word that are intended for international
sale.
->------------------------------
->
->From: Greg Earl Webb <Webbge@che17.ncsu.edu>
->Subject: Re: cellnet privacy?
->
->What is "cleartext" and at what frequencies do they broadcast conversations.
->This is very disconcerning to me as I am an owner of a Cellularphone.
->Is there anyway to scamble conversations so they are not as public.
->Thanks in advance.....
->
-> Greg Webb
scrambling devices are available. The ones that I have seen
are expensive ($1000 - $2000 US) and work like old fashioned
acoustic modems (they fit over a conventional telephone's
mouth and ear piece, I would imagine you would have some trouble
but not too much to be able to fit it onto your cellular phone
handset (would have a tougher time with a hand held unit)).
These have been advertised in magazines such as HiTimes, and
you might also find them in radio electronics magazine.
My advice is don't say anything on a cellular telephone you
wouldn't be comfortable having someone else hear (and for
that matter, use this same logic with the regular telephone).
Privacy is a myth in this country, I would say.
--
Edward A. Bertsch (eab@msc.edu) Minnesota Supercomputer Center, Inc.
Operations/User Services 1200 Washington Avenue South
(612) 626-1888 work Minneapolis, Minnesota 55415
(612) 645-0168 voice mail
"Read _MY_ lips: No vote this time, George" vote Libertarian in '92
------------------------------
Date: Fri, 24 Jul 92 15:21 PDT
From: John Higdon <john@zygot.ati.com>
Reply-To: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: 800 numbers (Re: Caller ID decision)
David Gast <gast@cs.ucla.edu> writes:
> Rather I see a tradition over at least the last couple decades that no one
> knows who is calling until the person identifies him or herself.
Of course this has been the result of technological limitations, not a
matter of conscious, determined policy. In every means of electronic
communication that has been developed since the telephone, if the
technology exists, a positive ID of the message originator has been
built into the system. Due to the relatively early emergence of the
telephone and the widespread flexibility of its connective scope, only
recently has the technology been available to provide positive ID of
the message originator. Naturally, the breaking of custom and usage
will always inspire an anti-technology backlash contingent, but as with
all dynamic fields it will just be a matter of time until Caller ID will
be taken for granted.
In the meantime, we have to go through all the requisite gyrations.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115
john@zygot.ati.com | San Jose, CA 95150 | M o o !
------------------------------
Subject: Re: Computer Privacy Digest V1#065
Date: Fri, 24 Jul 92 16:48:16 PDT
From: "Willis H. Ware" <willis@iris.rand.org>
--
RE cellular phones and interception thereof.
Leonard Erickson <leonard@qiclab.scn.rain.com> indeed had it right. There
is a special law covering only cellular phones that makes the mere act of
intercepting them illegal; these phones are treated separately than
interception of other radio signals under the Communications Act of 1934.
Thus if one had a cellular in his car connected to a cordless which he
used outside his car to link to it, the cordless link from handset to car
comes under the Communications Act of 1934 but the cellular link from car
to system comes under the special law. One could scanner-intercept the
cordless link but not the cellular link!!
Moreover, I believe I'm correct in saying that it is also illegal to
market a product [e.g., scanner] that can intercept the cellular
frequencies. That reduces the number of people who can do it, if one
choses to ignore the law, from our 250M population to the subset of 25-40M
who are electronically astute enough of doing it on their own with parts
from radio shops. I guess that's what's called risk reduction?
Hope is coming but slowly. A new generation of cellular phones is being
proposed that will use other forms of modulation. One proposes spread
spectrum modulation; the transmitted signal, instead of staying on one
frequency and being modulated to convey intelligence, hopes at a high rate
from frequency to frequency, staying on any one only for microseconds or
perhaps milliseconds at a time. The transmitter and receiver must
synchronize with each other, and then step around together. The receiver
can then reassemble the signal.
The intelligence is not in the rate or sequence of hopping but still in a
modulated signal that moves around, or in digitized voice that is moved
around on a carrier. That will make interception much more difficult
because conventional receivers will not handle such signals. Since the
signal energy is splattered all over a wide band, conventional receivers
usually won't even detect the presence of a spread-spectrum signal.
It takes very special ones that would not normally be a consumer
electronics item, but of course is well within the capability of the
electronic engineer.
My understanding is that at least two proposals exist, and differ on
the details of how the signal is jumped around. There is also a
proposal to digitize the signal and use so-called time-division
multiplexing which is the scheme used on teleco T-1 and faster lines.
Again a special receiver which can synchronize to the transmitter or to a
stable clock is necessary.
I'm told that Motorola is talking about, may already have introduced
encrypted cellular fones using some proprietary encryption algorithm.
Cellulars and regular handsets with the Federal DES algorithm in them
already exist but restrictions on use and export of Federally approved
encryption makes them less attractive.
And of course, all parties that wish to talk securely must have secure
phones; it is not a system-level service but rather a subscriber-provided
end-to-end individual service. The signal stays encrypted from your
handset to mine.
Willis Ware
Santa Monica, CA
------------------------------
From: Graham Toal <gtoal@gem.stack.urc.tue.nl>
Subject: Re: Administrivia
Date: 25 Jul 92 16:08:45 GMT
Reply-To: gtoal@stack.urc.tue.nl
Organization: MCGV Stack, Eindhoven University of Technology, the Netherlands
In article <comp-privacy1.62.1@pica.army.mil> comp-privacy@pica.army.mil (Computer Privacy List Moderator) writes:
> Submissions have really gone down in the last two weeks. This is my
>first digest this week. Without submissions this forum can't exist.
>There are lots of topics that haven`t been mentioned here that probably
>should.
Hi Dennis - I used to read telecom-priv digest, and gave up because
I had problems with so much mail in my mailbox. Now it's on usenet
news I'm back. *But* I should point out I only discovered you again
by accident, on seeing a posting of yours in another group. Perhaps
you could send a little note round some of the other groups (comp.dcom
.telecom, alt.conspiracy, ...) telling them you're here?
Graham
[Moderator's Note: I wonder if there are many USENET readers who don't
know we exist? _dennis ]
------------------------------
From: Graham Toal <gtoal@gem.stack.urc.tue.nl>
Subject: Re: Phone Tap in Murder Case Ruled Illegal
Date: 25 Jul 92 16:35:39 GMT
Reply-To: gtoal@stack.urc.tue.nl
Organization: MCGV Stack, Eindhoven University of Technology, the Netherlands
In article <comp-privacy1.63.3@pica.army.mil> MPA15AB!RANDY@trenga.tredydev.unisys.com writes:
>[I can understand it being illegal to tap one's own phone, and also
>that evidence received through government (police) misconduct should
>be suppressed. It also makes sense to me that if you illegally tap
>your phone, you shouldn't be able to profit from it, such as by using
>the tapes in a civil suit. But if the government had no hand in
>making the tape (didn't put you up to it, etc.), then the tape should
>be usable in a criminal case. -- RCG]
>
>[Moderator's Note: I wonder if it would be legal for me to put a sign on
>my door stating that entrance into my apartment implies consent for
>recording of that person and a trap on my phone that states staying on
>the line implies consent for me to record the conversation. After all
>the government does it with thier installations. _dennis]
I posted this article to alt.conspiracy today before i discovered
this group, which seems more appropriate...
The question relevant to this thread is would evidence gleaned by
a hotel employee hold up in court?
G
--------
First of all, you have to take this as hearsay - the guy who told me this
info said that he did the things I'm describing personally; but I don't
know his name or where exactly he works - it was a chance meeting on
a recent vacation trip to the US.
This guy I met told me he was a senior employee of Howard Johnsons -
not a manager, but a worker. He said that he and his staff regularly
listened in on guest's telephone calls, and that they had a way of
monitoring all calls at once. He reckoned his hotel was often used
by drug dealers, and that several well publicised drug busts had
come through info he and his staff had passed on to police.
He gave the impression that his hotel was no exception - that police
forces in many places use hotel staff to monitor hotel phones for
them and report anything suspicious. It isn't an organised operation
I should add - they don't do this *all* the time - just (it sounded
to me) when they're bored.
Still, it's chilling to think that when you use a hotel phone you're
more likely to be monitored than not. And the thought that H-J's
phone system has special features to allow all lines to be ganged
together for simultaneous listening, followed by a way of scanning
through them to find a particular call amongst the 'cocktail party
effect', is a bit worrying...
G
------------------------------
End of Computer Privacy Digest V1 #066
******************************