Date: Mon, 19 Apr 93 16:07:38 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#034
Computer Privacy Digest Mon, 19 Apr 93 Volume 2 : Issue: 034
Today's Topics: Moderator: Dennis G. Rears
CPSR reaction to new Government Encryption Initiative
Where to find out about Privacy Laws in Cdn
Re: SSN
Re: SSN
Re: SSN
Re: Don't post to this group!
Reaction to the Administration's encryption proposal
Credit card application
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Organization: CPSR Civil Liberties and Computing Project
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 16 Apr 1993 16:43:02 EST
Subject: CPSR reaction to new Government Encryption Initiative
April 16, 1993
Washington, DC
COMPUTER PROFESSIONALS CALL FOR PUBLIC
DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE
Computer Professionals for Social Responsibility (CPSR)
today called for the public disclosure of technical data
underlying the government's newly-announced "Public Encryption
Management" initiative. The new cryptography scheme was
announced today by the White House and the National Institute
for Standards and Technology (NIST), which will implement the
technical specifications of the plan. A NIST spokesman
acknowledged that the National Security Agency (NSA), the super-
secret military intelligence agency, had actually developed the
encryption technology around which the new initiative is built.
According to NIST, the technical specifications and the
Presidential directive establishing the plan are classified. To
open the initiative to public review and debate, CPSR today
filed a series of Freedom of Information Act (FOIA) requests
with key agencies, including NSA, NIST, the National Security
Council and the FBI for information relating to the encryption
plan. The CPSR requests are in keeping with the spirit of the
Computer Security Act, which Congress passed in 1987 in order to
open the development of non-military computer security standards
to public scrutiny and to limit NSA's role in the creation of
such standards.
CPSR previously has questioned the role of NSA in
developing the so-called "digital signature standard" (DSS), a
communications authentication technology that NIST proposed for
government-wide use in 1991. After CPSR sued NIST in a FOIA
lawsuit last year, the civilian agency disclosed for the first
time that NSA had, in fact, developed that security standard.
NSA is due to file papers in federal court next week justifying
the classification of records concerning its creation of the
DSS.
David Sobel, CPSR Legal Counsel, called the
administration's apparent commitment to the privacy of
electronic communications, as reflected in today's official
statement, "a step in the right direction." But he questioned
the propriety of NSA's role in the process and the apparent
secrecy that has thus far shielded the development process from
public scrutiny. "At a time when we are moving towards the
development of a new information infrastructure, it is vital
that standards designed to protect personal privacy be
established openly and with full public participation. It is
not appropriate for NSA -- an agency with a long tradition of
secrecy and opposition to effective civilian cryptography -- to
play a leading role in the development process."
CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society. CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, Cambridge,
Massachusetts and Washington, DC. For additional information on
CPSR, call (415) 322-3778 or e-mail <cpsr@csli.stanford.edu>.
------------------------------
From: "Michael C. Taylor" <mctaylor@mta.ca>
Subject: Where to find out about Privacy Laws in Cdn
Organization: Mount Allison U, Sackville, N.B. Canada
Date: Fri, 16 Apr 1993 22:42:34 GMT
I was wondering where to look for laws on privacy for Computer related
material. Esp. material entering/leaving the country by either physical
or electronic means.
----------
Michael C. Taylor Internet: MCTaylor@MtA.ca
Mount Allison University, Sackville, New Brunswick, Canada
- Listen not to what I say, but to what I mean. -
------------------------------
From: "Keith F. Lynch" <kfl@access.digex.com>
Subject: Re: SSN
Date: 16 Apr 1993 23:15:02 -0400
Organization: Express Access Public Access UNIX, Greenbelt, Maryland USA
In article <comp-privacy2.33.3@pica.army.mil> fec@arch2.att.com writes:
> The court system further explained in the summons package that jurors
> are selected, in part, from drivers license files and that drivers
> license numbers are used to differentiate people with the same name
> living at the same address.
Does this mean we are no longer guaranteed the right of jury by our
peers, but now have a right of jury by drivers?
That will be really reassuring to cyclists who get in legal cases
against malicious or incompetent drivers.
--
Keith Lynch, kfl@access.digex.com
f p=2,3:2 s q=1 x "f f=3:2 q:f*f>p!'q s q=p#f" w:q p,?$x\8+1*8
------------------------------
From: news@cbnewsh.att.com
Date: Sat, 17 Apr 93 09:03:38 GMT
Subject: Re: SSN
Organization: Mary Ellen Carter Salvage Crew
In article <comp-privacy2.33.3@pica.army.mil> fec@arch2.att.com writes:
I have just been summoned for jury duty in Hunterdon County, New Jersey.....
Does anybody know of any reason why the court would have a legitimate
need for my SSN? Do they withhold from the meager juror pay? Would it
First of all, if they ask for it, they have to provide a Privacy Act Notice,
and if they don't do so, you could have them hauled into court :-)
you certainly don't have to provide the number without it.
If you're really concerned about the number, two reasonable choices
are to discuss your privacy concerns with the court bureaucrats
(maybe their record-keeping limits use of the number to the paychecks),
or to refuse to accept payment (if the pay is still $9/day?).
Is Jury Duty pay taxable? It would seem that sub-minimum-wage money
given to people who are forced to do a job doesn't sound like wages...
With Social Security, I know they need the number if they're going to
"credit" the taxes they collect to your "benefits", but could you just
let them take the money and *not* give them your SSN to get any credit?
Of course, if I *wanted* to get out of jury duty, I could explain to
them that as an anarchist, I'm not willing to accept money from the government,
and I'm not likely to decide in the government's favor when somebody's
been accused of breaking a government-made law, and give out some
Fully Informed Jury Association literature for the other jurors to read,
which would be enough to get me ejected or jailed in about 15 minutes :-)
In reality, I'd like to be on a jury, especially one dealing with a
Crime against the State, such as drug abuse, because jurors have the
right and responsibility not to convict people for violations of bad law,
and I suppose I also have enough traditional "civic responsibility" to
be willing to participate in conflict resolution (civil cases) and
cases where someone may have committed a real crime against a person as well.
--
# Pray for peace; Bill
# Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# No, I'm *from* New Jersey, I only *work* in cyberspace....
# White House Commect Line 1-202-456-1111 fax 1-202-456-2461
------------------------------
Subject: Re: SSN
Organization: I.E.C.C.
Date: 18 Apr 93 17:33:06 EDT (Sun)
From: "John R. Levine" <johnl@iecc.cambridge.ma.us>
>Does anybody know of any reason why the court would have a legitimate
>need for my SSN? ...
>[Moderator's Note: They need it for pay purposes. You can avoid giving
>it to them up unitl the time you are chosen for jury duty. ._dennis ]
I've been summoned for jury duty plenty of times over the years and have
never had to give my SSN. Around here they have a one-day/one-trial plan
which means that most jurors aren't on duty long enough to collect pay,
but even on the one trial that did go that long (and they paid me $50,
wow) they didn't even ask.
Federal law requires that any governmental agency that asks for your SSN
has to say under what authority they request it, what they will do with it,
and what will happen if you don't provide it. There are apparently fines
involved for non-compliance with the notification rules. Perhaps a polite
note to your local jury commissioners is in order.
Regards,
John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
------------------------------
Date: Fri, 16 Apr 93 17:58:15 MDT
From: David Wade <djw@aerie.lanl.gov>
Subject: Re: Don't post to this group!
% Don't post to this newsgroup if you don't want to receive junk
% mail (yes, snail mail) from Robert Ellis Smith's Privacy Journal.
% (And at over $100 for a subscription you really gotta be into
% this stuff to want it!)
Well, alright... I'll bite. I subscribed to "Privacy Journal" for several
years, and I really enjoy it. I`ve bought most of Robert Ellis Smith's
books several years ago, and I've relied on his information many times
for what is my "real" condition. (And if you are a student, [of almost
anything] you are entitled to their $25.00/ year rate). I often ran out
of money when it was around renewal time, and I often wondered about why
I couldn't send RESmith stuff I found that related to our common interests...
So, several years ago, at USENIX, in Washington, DC, Rob was holding a
BOF about privacy, and I tried to get RESmith to come and attend. I
found out that he was PC-bound, but seemed to be coming along nicely...
(You can often see the hyphens`-' left inside words which were word-processed
by PC-Software, and then moved to some other product with different sized
columns, and the hyphens are "artifacted")
And yes, I payed particular attention when RESmith finally got to our
list, and I eagerly await his offer of an electronic-copy of his privacy
journal which will cover a lot of things which I have not seen in these
groups, and authoritatively. The level of bullshit around here spread in
the "Social Security Number" articles has gotten so high that I wonder
that Willis Ware is still posting now and then. There is a lot more to
privacy than whether a clerk can refuse your check if you don't write
your SocSecNum and Medicare Number and PHONE NUMBER, and ADDRESS on it.
Have any of you taken time to think about the implication of DNA testing?
And did you know that the courts believe it is SCIENTIFIC TRUTH at or
above the 98% confidence level... And scientists are beginning to put
that confidence level closer to 10%... And Murderers Walk, daily, because
the DNA tests "PROVE they couldn't of dun it". Privacy Journal has been
reporting about this for over 10 years...
And if you really want to get into the SocSecNum thing, go read Willis
Ware's 1974 Privacy Act... Which only applies to government agencies
and their subcontractors..............................................
......................................................................
......................................................................
In order to apply it to you and your everyday life, you have to prove
that the person/entity you want to force is "a government subcontractor".
RESmith knows that. He doesn't waste my time with a lot of Sophomoric
Drivel about SSNs. Several years ago, I took the time to key in large
amounts of the Privacy Act, and try to explain it; I'm not going to
do that now. "Life's Too Short". Go buy one/several of RESmith's
books, or Willis's Privacy Act Analysis... (I was lucky, Willis sent
me his last copy!!! But it is a "CONGRESS THING" which means you can
get all this stuff from your Congresslime for free or a buck/two nintyeight.)
And RESmith has been on top of the "Caller Number ID" stuff for the last
five/seven/more? years... Have we seen enough Sophomoric Drivel about CNID?
Yet, sometimes, actually; mostly, the electronic media has been a month or
so ahead of the printed media... I just don't have to put up with the
"But: Why?" aspect of the electronic media on print. But in the long
run, I let my subscription lapse. But you can't say those things about
Robert Ellis Smith around me!!! He was the only/first privacy advocate
that many of us had. And if you don't want your subscription card, send
it along to someone else that you think needs it... Forinstance, The
Lady in Charge of Human Resources where you work.
Fortunately for me, the lady here that I had so much trouble explaining
about SocSecNums and Health Benefit Plan Providers to, (Dangerous
split infinitive, that one there...) HAS QUIT. She is moving to
California to become head of Human Resources at Livermore... Fortunately
for them they have a constitutional amendment in place; not like here
in New Mexico.
So, clearly, we should heap praise upon the head of people who have been
at the forefront of THE PRIVACY ISSUE. We should welcome them to our
"First Lurch of Immediate Gratification". That place where we go to
"howl" about society, as did your grandfathers. And remember, without
these people to push back the limits, when you make your leap into the
unknown, you'd have no place to land.
Dave
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
I promised myself ( when I turned 21, ) that I wouldn't ever again do
anything just once. I think that solves a lot of problems;
no high speed crashes into bridge abutments, no one-night stands, etc.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
------------------------------
From: Carl Ellison <cme@ellisun.sw.stratus.com>
Subject: Reaction to the Administration's encryption proposal
Date: 17 Apr 1993 19:31:05 GMT
Organization: Stratus Computer, Software Engineering
I mailed the following letter to the President today. It might be good for
others to write as well, if you're interested in this issue.
- Carl
======================================================================
To: 0005895485@MCIMAIL.COM (White House)
Subject: Second thoughts about your encryption proposal
17 April 1993
Dear Mr. President --
Since writing my initial reaction I have given considerable second thought
to your encryption proposal, announced yesterday. I must withdraw my
initial partial support for your plan, pending the release of further
details.
My initial assumption was that you were mandating the replacement of every
telephone handset in the USA with one which would digitize the person's
voice and encrypt it. I assumed that this replacement would start with
cellular handsets and proceed through wireless and wired -- in order of
severity of vulnerability. Given that the government would mandate such a
change and that that change would interfere with the FBI's current ability
to tap voice telephone calls on the public networks, it made sense to
propose an encryption method which would allow the FBI to continue in
court-ordered wiretaps -- specifically via key escrow.
While it would be beneficial from the point of view of improving the
privacy and security of citizens from illegal eavesdropping, I now believe
that this proposal is far too costly to undertake at this time. The
federal government is facing a huge debt and deficit and the private sector
is far from thriving. The proposal to pay for some of this equipment with
funds from civil forfeiture adds insult to injury, since abuses of civil
forfeiture have led me to conclude that law enforcement's right to such
funds should be severely restricted if not removed.
If this proposal is only for limited use of such encryption, then it does
little to advance the cause of citizen's privacy and it is in direct
competition with existing products which already service the small market
of citizens who are aware of their vulnerability and who are willing to pay
for assurance of their privacy. It is especially disturbing that the press
release suggests that this proposal is not merely a call for action but an
already designed implementation which some agency of the administration is
attempting to impose upon the American people. The talent exists in the
private sector to address these security concerns.
Meanwhile, there is a danger that the key escrow provision is intended to
imply that all cryptosystems used by citizens in the lawful course of their
daily personal and business lives must include key registration. This
would be an unacceptable erosion of our current rights, especially of the
fundamental right of privacy which you supported so strongly during your
campaign. Legislation to this effect would be unenforceable. It would be
easily and frequently broken -- leading to the danger that some law
enforcement officer with a private grudge would have an easy method of
filing a criminal complaint against the innocent victim of his grudge. A
requirement for key registration would also come directly into conflict
with certain uses of cryptography in advanced computer system design. In
those cases, both key registration and use of some government-designed chip
are unacceptable.
Meanwhile, there is the additional danger that this proposal would serve as
a vehicle for advancing the FBI's wiretap proposal which was rejected by
Congress last year and which I oppose on several grounds.
I look forward to full technical details of your proposal and to a public
debate on its merits.
Sincerely,
Carl M. Ellison
Senior Technical Consultant - Advanced Development Group
Stratus Computer Inc.
55 Fairbanks Boulevard
Marlborough MA 01752-1298
TEL: (508) 460-2783
FAX: (508) 624-7488
E-mail: cme@sw.stratus.com
cme@vos.stratus.com
--
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison cme@sw.stratus.com
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
------------------------------
From: Matthew B Cravit <cravitma@student.msu.edu>
Subject: Credit card application
Date: Sun, 18 Apr 93 13:02:31 EDT
I received a credit card application (some kind of student Visa/Mastercard),
and in looking at the application, I see that they want to know:
My Resident Alien number (I am not a US citizen yet)
All sources of income and how much I make per week from each
My checking account NUMBER, bank and BALANCE
The account numbers of any credit cards I have and my monthly payments
The account numbers of any other bank accounts I have and their balances
Social security number
Should I be wary of providing any of this? Do they have a reasonable right to
my Mastercard and AmEx account numbers and checking balance?
/Matthew Cravit
Michigan State University
East Lansing, MI 48825
cravitma@studentc.msu.edu OR cravitm@clvax1.cl.msu.edu
Compuserve : 71442,225
------------------------------
End of Computer Privacy Digest V2 #034
******************************