Date: Thu, 30 Jul 92 17:01:52 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#068
Computer Privacy Digest Thu, 30 Jul 92 Volume 1 : Issue: 068
Today's Topics: Moderator: Dennis G. Rears
Re: Cellular phone scanners
Encrypted Communications
SSN Abuse
IRS: ssn for my kids ?
CC's and South Korea
Re: SSN & TV rental
Emerging Privacy Issues in Libraries
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Subject: Re: Cellular phone scanners
Date: Tue, 28 Jul 92 16:44:59 PDT
From: "Willis H. Ware" <willis@iris.rand.org>
RE: Mark Bell <idela!bell@uunet.uu.net>
>>Cellular phone scanners: Are they illegal? I don't believe so. One
>>can buy a nice Bearcat scanner from DAK in Canoga Park , California,
>>for a little over $200. They put a message in the box that it is
>>"ILLEGAL to use the scanner over the range of 845-860 MhZ according
>>to Congressional law..."
Yes, I know about DAK, its catalog, the publisher's story about tuning
into illicit conversation [at one time advertising copy said that he had
stumbled onto a call-girl ring operating via cellulars], and the slip in
the box.
When DAK first offered the thing for sale a year or more ago, the catalog
also said that these units were no longer allowed to be made and one
should hurry to buy one before the supply was exhausted. Such cautionary
remarks have disappeared in subsequent catalogs but I don't know why. DAK
as usual seems to have an inexhaustable supply of remaindered products!
Maybe Drew compressed the space, maybe it was all an illusion, maybe there
was a court challenge. I once also saw a converter that would extend
older Bearcats into the upper range, and it carried the same kind of
warnings; in fact, it said that the manufacturer had negotiated a special
deal to allow him to sell out his inventory and then make no more.
Advertising hype? Maybe.
But do remember that Virginia makes it illegal to OWN, much less operate,
a radar detector so such laws are possible -- at least until challenged in
court.
If anyone can lay hands on the exact law, we could have a look.
Willis Ware
------------------------------
Date: Wed, 29 Jul 92 12:20:06 EDT
From: Dana Paxson <dwp@sunsrvr3.cci.com>
Subject: Encrypted Communications
** LONG **
In general, I think laws making encrypted communications illegal
are wasteful, stupid and oppressive, for the following reasons:
1) They would be a violation of free speech rights.
2) They would be a waste of time and effort, since
determining violation can be impossible.
3) They would be a further waste of time and effort,
since such laws are impossible to enforce.
4) They would allow a government to apply enforcement
selectively, singling out a few (for arbitrary
reasons) and prosecuting them under the vague
suspicion that some communication contained en-
crypted matter.
Point 1) seems self-evident to me.
Regarding Points 2) - 4):
A few examples and demonstrations come to mind. One of the
most interesting and illuminating is the old 'Bacon cipher'
controversy: the notion that Shakespeare's folios contained
subtle typeface variations that amounted to an encipherment
of text written by Francis Bacon, text which indicated that
Bacon was actually the author of the Shakespeare plays.
As I remember it, there was a heated scholarly controversy
over this idea for many years, which had all the earmarks of
crankdom making an assault on basic literary understanding.
Both sides of the debate attracted large numbers of followers.
It was all put to rest (at least from a scientific point of
view) when one researcher who understood cryptography quite
well managed to demonstrate that by reading the supposed
typeface variations in different ways and supplying some
additional overlays or adjustments of data (which the pro-
Bacon people said was necessary to read the hidden text), he
could make Shakespeare's folio produce any hidden text he
wanted it to!
Admittedly the cryptographic methods assumed by the pro-Bacon
group were faulty, and modern cryptanalysts would not make
the mistake of inserting a text-decryption overlay that in
effect would be inserting the encrypted message they wanted
to find. Any astute analyst would spot this immediately.
The trouble is that not everyone involved in trying to make
determinations of violation of anti-encryption law is quali-
fied either to avoid making such an analytical error or to
catch one being made. And this statement makes no assump-
tion of malice. What if malice IS the motive?
So perhaps someone might count the characters in each line in
this posting, convert the counts to characters with some
simple arithmetic function, apply some transformation (either
transposition or substitution, with some arbitrary key) and
decide that I am a dangerous subversive because of the resul-
ting "content" emerging from this process. There is in fact
no such content.
Another such someone might profess to have found another
message of mine which, when used as a key, produces a plain-
text from selected words in this message. Between selecting
another message, and selecting the words, they could put
any concealed text in my message that they wanted to find.
Behind all this is the greasy odor of pseudoscience. Once
a pseudoscientist sets mind on getting a result, all evidence
leads to it. Or, as one wag put it, "When the theory does not
agree with the facts, the facts must be disposed of." Mix
the pseudoscientists with the oppressive or manipulative
politicians, and the results can be explosive.
It is a dangerous farce. It could be worse law.
Turning to the other end of things, can any REAL concealed
ciphertext be detected? The answer is, simply, no. The
reason, strangely enough, is virtually the same as the reason
that the Bacon-cipher people thought they had succeeded.
All the correspondents need to do is to establish two entirely
independent communications pathways, sending the apparent
plaintext message over one channel, and a key for extracting
other messages from it over the other. Unless a cryptanalyst
has access to both channels, no encrypted message sent on one
channel can be decrypted if the encryption was done with a
key based on a one-time pad (a once-used series of characters
or values) sent over the other channel. The Bacon-cipher
people did this unwittingly when they created the data
overlays, which amounted to the key.
The channels need not occupy the same medium, nor the same
place or time. A private conversation can serve as one
channel, and the public network(s) the other. So if I wanted
to plant an encrypted message in this message, I would only
have to set up a key to produce it, and send the key via let-
ter, radio, telephone, carrier pigeon, whisper, etc. to the
intended recipients of the hidden message. If I took care
with that communication, no one would have a clue.
And I could make this message contain two entirely contra-
dictory encryptions for two different recipients, just by
sending them different keys.
As an aside, this is how some people who tell fortunes or
interpret holy scriptures make a living. I'm not referring
to honest students of scripture or human nature, only to the
folks with an axe to grind or money to be made. Such people
can be extremely dismissive of scientific argument and
evidence.
Hoping my recollections of the Bacon cipher controversy are
basically accurate,
Dana Paxson
Network Applications Systems Group
Northern Telecom
97 Humboldt Street
Rochester, New York 14609
dwp@cci.com
1 716 654-2588
Disclaimer: The opinions expressed above are mine personally,
and do not necessarily reflect the views of my
employer.
------------------------------
Date: Wed, 29 Jul 92 18:13 GMT
From: Andrew Koran <0003967939@mcimail.com>
Subject: SSN Abuse
>No dice. So I asked if anyone had ever approached them this way,wanting
>to bypass the checking procedure with a 100% cash deposit? (You know
>the answer...) No, no one ever had. No one ever had a problem withgiving
>the SSN.
I agree, I noted that their concern for the privacy of your SSN is
lost-UNLESS, they themselves have had a problem in the past with the
abuse of their SSN. I have had the past experience of someone
(ex-mother-in-law) using my SSN to obtain a credit account for a public
utility. When she skipped town my TRW, TransUnion, and EquiFaxall
picked it up on my credit report. I spent a year and half removing it
from my TRW and TransUnion credit reports, I'm still working with (read
with great difficulty here) EquiFax as of this date to correct this
type of abuse. Never looks bad until it happens to you!
Andrew A. Koran
------------------------------
From: Maurice O'Donnell <mo@world.std.com>
Subject: IRS: ssn for my kids ?
Organization: The World Public Access UNIX, Brookline, MA
Date: Wed, 29 Jul 1992 22:00:20 GMT
To get a jump on the beginning of the year tax questions.
I don't want to get ssn's for my kids just yet. does anyone know what
I have to do to convince the IRS that they in fact exist?
[Moderator's Note: I think the tax reform act of 1986 requires it for
children over 2 years of age. ._dennis ]
--
Maurice O'Donnell +---------^>
| * <
internet---> mo@world.std.com +-.-----. \ 7
uucp-------> uunet!world!mo \_\_/
------------------------------
Date: 29 Jul 92 18:32:14 EDT
From: Gordon Meyer <72307.1502@compuserve.com>
Subject: CC's and South Korea
[this submission is being xposted to RISKS]
"Governments Come Looking for Card Information"
It has been six months since the South Korean government's order
that {credit card} issuers surrender files detailing individual
account information, and card companies are still smarting. The
reason: The companies are uncertain whether they can prevent the
government of any foreign country from taking similar action.
Issuers agree they have no objection to turning over account
information to a government when the information is pertinent to
taxation cases, but they are angry that the South Korean govern-
ment imposed its will in a case involving national trade issues.
Not only does the order raise questions about individuals' privacy
rights, but the card companies are fearful of further government
intervention that could curtail their card operations in South
Korea. The country accounts for 0.8% of all MasterCard and Visa
volume, and 1.4% of their charges outside the USA.
On just what further action the South Korean government could take,
card executives are unwilling to speculate. In fact, the card
companies are so worried about inciting the wrath of the government
that they still refuse to discuss the matter in detail. (...)
Last October {1991} the South Korean government, reportedly
concerned about the widening deficit between outgoing and incoming
tourism dollars, decreed that all card issuers turn over information
on their cardholders' overseas purchases from May thru August 1991.
The government also demanded the issuer's magnetic tapes, which
record the amount and location of each transaction. Observers
speculate that the order was prompted by a suspicion that citizens
were evading a $3000.00 cap on overseas spending ...{exclusive of
airline and travel costs}... by using multiple cards.
(...)
Issuers argue the economic link between tourism and the trade
deficit is weak at best. Some suggest that what the government
really wants to do is crack down on excessive spending, which it
reportedly deems a poor habit for its citizens.
Not only are the card issuers irked that their protests have fallen
on deaf ears, but they are deeply concerned that the government may
move to put additional caps on cardholder spending. "We have no
idea how the information will be used, and that is a big concern,"
says the card association spokesperson. "It's a bit unnerving not
knowing what is going to happen."
(...) Some observers believe the government's action may even prompt
other governments to follow suit. Diners Club International, for
example, reportedly fought similar decrees in Brazil, but was
ultimately forced to comply. Diners declines further comment on
the matter.
There appears to be very little the card companies can do if a
country's laws do not prevent government seizure of consumer data.
Amercian Express Co. reportedly protested the South Korean decree
in vain. "We are visitors here and if the government chooses it can
ask us to leave," says on card company executive. "We have a business
to run and we will always cooperate fully."
Indeed, with the card companies working to establish a global payment
system, they're not in a strong position to challenge the fiats of
local governments. Maybe card issuers can be as well served by data-
protection laws as cardholders.
Excerpted from "Credit Card Management" June 1992
Gordon R. Meyer
Internet:72307.1502@compuserve.com GEnie: GRMEYER CIS: 72307,1502
------------------------------
From: "Wm. L. Ranck" <ranck@joesbar.cc.vt.edu>
Subject: Re: SSN & TV rental
Date: 30 Jul 92 14:24:15 GMT
idela!bell@uunet.uu.net (Mark Bell) writes:
:
: I then offered to put the entire value of the TV down as a cash deposit.
: Not a credit card chit -- actual hundred dollar bills. Shucks, I'd make
: the deposit be LIST price, not the street price! All in the legitimate
: effort to respect their security interest in the TV.
:
: No dice. So I asked if anyone had ever approached them this way, wanting
: to bypass the checking procedure with a 100% cash deposit? (You know the
: answer...) No, no one ever had. No one ever had a problem with giving
: the SSN.
:
This just goes to show that the 'manager' of this place was an idiot.
He was following some coporate policy to the letter when it was obviously
the wrong thing to do in this case. I have worked in retail and believe
me, any intelligent businessperson would have accepted the cash deposit.
Of course most of those rental places are set up to basically rip-off
low income families. Any one with an IQ above room temperature probably
couldn't stomach working there for long.
--
*******************************************************************************
* Bill Ranck DoD #496 ranck@joesbar.cc.vt.edu *
*******************************************************************************
------------------------------
From: keelings@wl.aecl.ca
Subject: Emerging Privacy Issues in Libraries
Organization: AECL RESEARCH
Date: Thu, 30 Jul 1992 21:26:27 GMT
Apparently-To: comp-society-privacy@uunet.uu.net
In a previous article, ole!rwing!peterm@nwnexus.wa.com (Peter Marshall) wrote:
>Would appreciate comments on the following scenario:
.
.
.
>Related questions having to do with commoditizing information, and
>commercialization and privatization, may also be of relevance in such a
>scenario as they are in other privacy areas; and such tendencies may be
>facilitated by ideological influences provided, for example, by REINVENTING
>GOVERNMENT.
My only comment would be "What the heck does all this bureaucratic
mumbo-jumbo mean in English?!?" "...commoditizing information..."?!?
......................................................................
keelings@wl.aecl.ca wp33::keelings AECL Research - Whiteshell Labs.
..programmer/analyst, DTD/ESAB/SDS Pinawa, Man., Canada R0E 1L0
....Voice: 204-753-2311; loc. 2309....Fax: 204-753-2455...............
------------------------------
End of Computer Privacy Digest V1 #068
******************************