Date: Wed, 26 Aug 92 17:53:35 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#074
Computer Privacy Digest Wed, 26 Aug 92 Volume 1 : Issue: 074
Today's Topics: Moderator: Dennis G. Rears
Re: Feds seek customer records on "Grow-lamps"
Re: Computer Privacy Digest V1#073
Re: Court Ruling on SocSec# at Rutgers, info needed
Re: use of SocSec# as student ID [Computer Privacy Digest V1#073]
NBC's Secret Service
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Mon, 24 Aug 92 15:59:28 MDT
From: David Wade <djw@corrtex.lanl.gov>
Subject: Re: Feds seek customer records on "Grow-lamps"
Clearly you don't see the good that these cash-registers are doing. They
are making records which can be examined to prove that you committed a
crime, just as soon as we get around to that particular crime...
We all know that there are crimes so heinous that the people who perpetrate
these crimes must be caught and punished.
> From: Dan Veditz <daniel@borland.com>
>
> An AP story in today's paper (21 Aug 1992) date-lined
> San Francisco states that Federal prosecutors sought court
> orders yesterday to force three local businesses to turn over
> their customer lists, sales receipts and shipping records
> for indoor "Growing lights" since the start of 1990. They
> also want copies of any correspondence mentioning marijuana.
This particular ploy has been being used in the "war on drugs" for so
long that reporting on it used to be a regular feature of "High Times",
and even that venerable olde ragg "Rolling Stone".
It seems that similar methods were used to determine which people fit into
this group of people, (i.e. those people who would actually "burn their
draft-card" before running off to Canada...).
Back when all this started, everyone knew that you could easily cultivate
these "magic mushrooms" (i.e. "cow-paddy mushrooms") and, you could
trivially get your "get-high" merchandise. Now, it has become "fashionable"
and "politically-correct" to be "clean". Times Change.
Here in New Mexico you can buy 4oz of Paragoric with Opium "over the counter",
every other day. Or 4oz of Cough Syrup with Codeine "over the counter" every
other day... (Unless, of course, you can find two drug stores with Pharmacists
who don't know each other...) Oh, yeah, it's really hard to separate the
Codeine from the cough syrup... (You put it in the refrigerator, the white
stuff that settles out is the codeine.)
So now it is easy to impress the illiterati by lots of press coverage on
how you "logically deduced" that people with "grow lamps" or people who
answered the "Grow Marijuana in the privacy of your basement" ads in "High
Times" are evil.
The only truly evil people I've ever met spent absolutely no time in determining
the difference between "yours" and "mine". It had nothing to do with drugs.
I lost several friends when I discovered they didn't even consider that
something was "mine" and not theirs. (We're talking wives&children and
lifestyles here, not guns&autos...) And we're talking My Privacy and
your "right to know"... My Privacy is my most jealously guarded right.
You may think that I am being strange here. Since I have a "Q" clearance,
and the government re-investigates me every five years, and I provide them
with a signed list of affiliations and addresses... But I don`t see it
that way. I just don't understand what makes people/police feel
that they have the "right" to step into my life whenever they wish.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
I promised myself ( when I turned 21, ) that I wouldn't ever again do
anything just once. I think that solves a lot of problems;
no high speed crashes into bridge abutments, no one-night stands, etc.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
------------------------------
Date: Mon, 24 Aug 92 20:21:32 EDT
From: uunet!Camex.COM!kent@uunet.uu.net
Subject: Re: Computer Privacy Digest V1#073
Edward A. Bertsch (eab@msc.edu) wonders about my reaction to By Way of
Deception:
>I don't understand. It made you want to start encrypting your personal
>communications, or it made you worry what people would think if you
>were encrypting your personal communications ? (or did it make you
>worry if you were encrypting your personal communications with a
>strong enough algorithm on a secure machine with coresident software
>you could trust and a bios the feds hadn't gotten their fingers
>into?) et cetera.
Well, I had made the mistake of arriving in Las Vegas for a tradeshow
without enough reading material. Being the kind of town it is, there
are very few books available within walking distance of the Riveria,
so I was very happy to find By Way of Deception--and sad once I
finished it.
The visceral effect of reading a modern, practical book on spying in a
place like Las Vegas can be significant. One result is that I suspect
my hotel room hiding place for small valuables ('slick' I think is the
technical term) was much better than it otherwise would have been.
The book generally made we see things as a spy might, it made me see
spy-like puzzles everywhere.
The best puzzle was wondering how I could send a secure message to,
say, my mother. We do email (don't all of you have grayhaired mothers
online?, mine is at "borgh@aol.com"), I had a Mac in my room--but I
assumed that anything I sent by modem or voice calls was "in the
open". I also assumed that Stuffit 1.5.1's "NewDE Encrypt" is pretty
secure. (Is it??)
OK, I could send an encrypted message, but how do I get a secure key
to my mother?
I emailed it, in plain text, simple prose--but in a form that only she
would understand. I dredged through my memory. I needed a clue,
something she would get, something that was not a matter of public or
private record, something that could not be weazeled out of her in a
"chance meeting" at the grocery store.
When she got it she thought I was acting a bit crazy, didn't know
where to begin, and sent email asking for more help. Before she got
my coy response, she had figured it out.
We still use this password. My mother has spent enough time reading
spy novels that I trust that she didn't write it down anywhere, and
didn't and wouldn't tell anyone.
The password itself is the initial letters of a short phrase. I think
my clue said how many words long it was, but beyond that it was pretty
obscure. (I don't want to risk repeating it here without looking up
my exact original wording--no point in offering more clues to the
NSA.)
Have I fooled myself about how secure this is? I don't think so.
First--at least until I posted this--I can't believe I am worth spying
on. Second, once they do start bugging me, I don't believe the
available spies are particularly competent. Third, I only offer high
odds on the security, I am not convinced 100%.
The weakest link is my mother's computer and keyboard. It could be
physically bugged; or, because it is not tempest quality, it could be
tuned in on the radio. They would still need to get her to type the
password--and because we mostly don't encrypt mail, this is not
trivial, sending a bogus mail message is pretty risky, word of it
would likely get back to me.
My primary computer these days is a notebook. It is smaller and so a
lot harder to bug; it is low power and it moves, so it is harder to
tune in by radio.
Sure, given sufficient resources, *I* could crack something like this,
but it would be hard and risky.
If it turns out Stuffit 1.5.1 is not secure?, all bets are off.
This all makes me want a secure public system of public key
cryptography. Too bad Apple doesn't dare put RSA for messages into
their coming O.C.E., instead they only use it for digital
signatures--though even signatures also would make it more of a pain
to a spy trying to break things, for it makes "social engineering" so
much harder if you cannot spoof messages.
>Edward A. Bertsch (eab@msc.edu) Minnesota Supercomputer Center, Inc.
Hi from a former Minnesotan!
--
Kent Borg kent@camex.com or kentborg@aol.com
H:(617) 776-6899 W:(617) 426-3577
As always, things look better when some costs are left out.
-Economist 3-28-92 p. 94
------------------------------
From: "Carl M. Kadie" <kadie@dante.cs.uiuc.edu>
Subject: Re: Court Ruling on SocSec# at Rutgers, info needed
Date: Tue, 25 Aug 1992 14:02:04 GMT
(This excerpt is available on-line. Access information follows.)
=================
law/ferpa
=================
Excerpts from _College and University Student Records: A Legal
Compendium_, Edited by Joan E. Van Tol, 1989. Details the Family
Education Rights and Privacy Act's (Buckley Amendment's) provisions on
directory information. Van Tol's book is very good.
=================
=================
These document(s) are available by anonymous ftp (the preferred
method) and by email. To get the file(s) via ftp, do an anonymous ftp
to ftp.eff.org (192.88.144.4), and get file(s):
pub/academic/law/ferpa
To get the file(s) by email, send email to archive-server@eff.org.
Include the line(s) (be sure to include the space before the file
name):
send acad-freedom/law ferpa
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
[Moderator's Note: Thanks for the info. If possible can you provide an
index of privacy related files available there for our readers. ._dennis ]
------------------------------
Subject: Re: use of SocSec# as student ID [Computer Privacy Digest V1#073]
Date: Tue, 25 Aug 92 13:19:09 -0400
From: Ed Frankenberry <ezf@osf.org>
Dave Grabowski <dcg5662@hertz.njit.edu> writes:
> One could say that the school could come up with some kind of new
> ID scheme, but wouldn't that basically come back to the same problem?
Many colleges/universities use 9-digit student ID numbers. Mostly for
the sake of convenience, schools routinely request incoming students
to disclose their social security number to use the SSN as their student
ID number. However not all students have an SSN (e.g. foreign nationals)
and some of us who do don't want to have it abused in this manner.
When I enrolled in grad. school the registrar was able to provide a
student ID number, just like they do for incoming foreign students.
In my case it looks like a fake SSN (it begins with a 9), and the
registrar assigns them sequentially. Because it involves no extra
effort, the school may prefer to use your SSN, but they should
assign you a student ID number if you request it.
Ed Frankenberry
------------------------------
Date: 25 Aug 92 21:12:41 EDT
From: Gordon Meyer <72307.1502@compuserve.com>
Subject: NBC's Secret Service
The August 23, 1992 episode of NBC's "Secret Service" had a couple of
scenes that should make _any_ American cringe, but may likely
escape notice by many as they become a part of routine law
enforcement tactics.
The story was about counterfeiting, and featured a glorified scene
where an undercover agent was "arrested" with the suspects, and then
strategically placed in their holding cell so he could tell them that
they (the suspects) had squealed on each other during questioning.
Resulting in them virtually confessing their crimes (a murder in
connection with the fake bills) in front of the undercover agent.
It's unclear that the two were so stupid to refuse legal counsel, or
if they had even been given the opportunity.
Earlier in the same show, after a 'high technology' examination of a
counterfeit bill, an SS scientist pronounces that the paper used to
print the bill was "similar" to one sold by a Paper Mill in Oregon.
But he also noted that the ink and all other elements of the bill
seemed to point to South American origin. Ignoring the latter, the
agent in charge immediately pronounced that they would 'obtain the
customer list from the Paper Mill.'
Obviously, in a show like this the line between fiction and reality
is easily blurred. But in this case it's a safe assumption that
these tactics, while glossed over by the drama, are not fictional.
And I wonder how many people viewing that night even blinked at what
at this invasion of privacy?
Gordon R. Meyer
Internet: 72307.1502@compuserve.com
------------------------------
End of Computer Privacy Digest V1 #074
******************************