Date: Mon, 20 Sep 93 18:03:39 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#040
Computer Privacy Digest Mon, 20 Sep 93 Volume 3 : Issue: 040
Today's Topics: Moderator: Dennis G. Rears
crypto witchhunt?
Knowing who has what
Re: Knowing who has what
Re: John misses the point
Re: John misses the point
Caller Id & ANI
Caller ID/ANI Thread
Re: Caller ID/ANI Thread
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Shari Steele <ssteele@eff.org>
Subject: crypto witchhunt?
Date: 17 Sep 1993 18:54:51 GMT
Organization: Electronic Frontier Foundation
[Moderator's Note: Shari Steele has given me permission to repost this
here. This appeared in misc.legal ._dennis ]
To the 'net community:
EFF is very concerned about the Customs Department-initiated grand jury
investigation into encryption export violations. Two U.S. companies
have been subpoenaed to produce documents related to the "international
distribution" of commercial products utilizing PGP and RSA source
code. Neither of these companies are engaged in the international
distribution of any illegal materials. EFF is working with the
concerned parties and is trying to find out the scope of the grand jury
investigation. Unfortunately for us in this case, grand jury
investigations are secret, so learning the scope is proving to be quite
difficult.
What we do know is this:
Austin Code Works, a software publisher in Austin, Texas (heavy sigh),
has been planning to publish a code document written by Grady Ward
called Moby Crypto. Grady describes Moby Crypto as simply containing
descriptive source code, not executable object code, describing many
cryptographic routines that are freely available around the world.
Most of this material has been released in print form already. The
important distinction seems to be that Moby Crypto will be released in
machine-readable format. Austin Code Works has told Customs Agents
that it does not intend to release Moby Crypto outside of the U.S., yet
the company has been subpoenaed to release all documents related to
this product. (Incidently, if Moby Crypto contains no executable code,
it should be exportable under ITAR, just as textbooks containing such
materials are exportable.)
ViaCrypt, a Phoenix, Arizona,-based (heavy sigh again -- man, does this
ring familiar) software producer that has a license to sell software
products that use the RSA algorithm, was issued a similar subpoena.
ViaCrypt has recently contracted with Phil Zimmermann, creator of the
PGP encryption code, to sell a commercial version of PGP. ViaCrypt
only distributes its products containing the RSA algorithm within the
United States, since RSA is not exportable under ITAR.
EFF has been in touch with Phil Zimmermann and his attorney, Grady
Ward, and the owner of Austin Code Works. We have advised everyone
that there is nothing to hide and that they should abide by the
subpoenas and produce the documents requested. We will not know what
the appropriate response should be until the grand jury makes its
determinations. In the meantime, we want everyone to know that EFF is
committed to ensuring that the right to use and publish whatever
encryption method an individual chooses to use is protected. Jerry
Berman, EFF's Executive Director, issued the following internal message
this morning:
>I've assured Phil that he is not alone, and I have talked with his
attorney.
>If Phil is charged with export control violations based on making PGP
>available in the US on a non-commercial basis and it happens to get
>published or copied overseas, First Amendment issues indeed may be
joined.
>As of now, ViaCrypt has done no "exporting" and does not intend to. I
have
>the subpoena.
Indeed, EFF has copies of both subpoenas. We will continue to keep you
informed of what's going on as we learn the facts. EFF is deeply
concerned, and we want Phil and everyone else involved to know that they
are not alone. As soon as it becomes clear what specifically is being
investigated, EFF will respond.
Shari
***********************************************************************
******
Shari Steele
Director of Legal Services
Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC 20001
202/347-5400 (voice), 202/393-5509 (fax)
ssteele@eff.org
------------------------------
Date: Mon, 20 Sep 1993 02:45:13 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Knowing who has what
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
> > With reverse directories and such, it's trivial to map a
> > phone number to a name and address. Thus, they are
> > essentially equivalent.
>
> All the verbage aside, this is what seems to bother you a
> great deal. Tell me, why is it that you seem to feel it so
> threatened that an entity that you call who pays for that call
> know who you are? You know who they are. I assume you are
> calling to transact some sort of business. Do you typically
> enter into business relationships maintaining your anonymity?
> If the call is for product inquiry, are you embarassed that
> someone might know that you inquired?
If the company who owns the number keeps it to themselves, it's
not that bad. If the information falls into the wrong hands, it
could be a problem.
1. There are certain activities that are legal now which at one
time were not and may be made illegal in the future. If those
who sell the products or services related to what is now
legal are then outlawed, they could be forced to turn over
their lists of customers who can be watched to see if they turn
in their contraband to the government.
2. There are certain activities which are legal but doing them can
cause the government to come after you on the assumption that
you are doing something illegal.
(A). If you purchase a short-term round-trip ticket and pay cash,
while you are at the airport the chances are good to
excellent that a couple of local police or federal marshals
will come to see you while you are waiting for the plane, and
will ask you for permission to search your baggage; if they find
you have a lot of money, it will be confiscated and you won't
get it back, on the assumption that you were a drug dealer. You
will have to sue them to get it back, and your chances of winning
are not good.
(B). Garden sales places are routinely being asked to provide
information about people who purchase growing lights, or other
equipment which has use in growing any illegal drug. Since this
is also usable for growing lots of other *legal* drugs, it is
being used as harassment for a number of people.
(C). On 60 minutes they showed one store where the owner told the
government to get a warrant - they put a video camera in a
pole across the street and used it to tape everyone who came
in and out.
Not every business is all that concerned about the privacy
of its customers and some will *give* the information to the
federales even without a formal request.
3. Combine the list of people who purchase (1) condoms with (2) K-Y Jelly
or vaseline. Now, extract those that are listed on married houses,
and then either match against magazine subscriptions or notorious
gay communities (Dupont Circle in DC and some parts of San Francisco)
and it could be used to put those people on mailing lists for
homosexuals. Or look for ones with a man and a woman with not the
same last name at the same address and use it for mailings for
people with live-in lovers, or where the name shows, married couples.
Or, the other possibility. If there is someone who is high profile,
that a particular city or state administration doesn't like, then
use this information to target them and then prosecute them for
sodomy or oral copulation where it is illegal. (What is interesting
is that until Saturday, these practices *were* illegal in DC even though
it had a large Queer population. The law was generally not enforced,
I am told; if it had been, a lot of men would have been prosecuted
for activities with their wives and girlfriends.)
---
Paul Robinson - TDARCOS@MCIMAIL.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
-----
------------------------------
Date: Mon, 20 Sep 93 02:14 PDT
From: John Higdon <john@zygot.ati.com>
Reply-To: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: Knowing who has what
On Sep 20 at 2:45, "Tansin A. Darcos & Company" writes:
> 1. There are certain activities that are legal now which at one
> time were not and may be made illegal in the future. If those
> who sell the products or services related to what is now
> legal are then outlawed, they could be forced to turn over
> their lists of customers who can be watched to see if they turn
> in their contraband to the government.
I think that the actual number of times this has actually happened (and
that can be documented) is somewhere between "never" and "hardly ever"
(with apologies to W. S. Gilbert). I realize that this is a current
fear, and not without good reason, suffered by gun enthusiasts
regarding gun registration, but that is far removed from something as
nebulous as a "customer list" -- or more to the point -- an ANI
generated list.
> (A). If you purchase a short-term round-trip ticket and pay cash,
> while you are at the airport the chances are good to
> excellent that a couple of local police or federal marshals
> will come to see you while you are waiting for the plane, and
> will ask you for permission to search your baggage; if they find
> you have a lot of money, it will be confiscated and you won't
> get it back, on the assumption that you were a drug dealer. You
> will have to sue them to get it back, and your chances of winning
> are not good.
So what you are really saying is that you are better off to use the
paper-trailed credit system. What irony to suppose that an anonymity
freak would, in an effort to avoid leaving a trail and maintain his
"privacy", use cash and maybe even an assumed name and find himself
entered on the police blotter and be relieved of his worldly
encumbrances in the bargain. You cannot win for losing.
> (B). Garden sales places are routinely being asked to provide
> information about people who purchase growing lights, or other
> equipment which has use in growing any illegal drug. Since this
> is also usable for growing lots of other *legal* drugs, it is
> being used as harassment for a number of people.
Methinks there may be less here than meets the eye. If anyone fits some
profile or another, it is myself. My electricity bill is enormous--many
times what any of my neighbors pay. Reason? I have many computers, all
on twenty-four hours a day, with suitable air conditioning to cool them
all off. But the "authorities" don't know this. For all they know, the
power is consumed by "grow lights". And how many people do you know
have sixteen phone lines and a "major accounts" rep for residence
service? Again, this has got to fit a profile for something nefarious
(like maybe to conduct "sales" of the drugs that I might be growing).
Not once has there been a knock on the door. Oh, except for the time
that the police showed up with my recovered motorcycle trailer.
> 3. Combine the list of people who purchase (1) condoms with (2) K-Y Jelly
> or vaseline. Now, extract those that are listed on married houses,
> and then either match against magazine subscriptions or notorious
> gay communities (Dupont Circle in DC and some parts of San Francisco)
> and it could be used to put those people on mailing lists for
> homosexuals. Or look for ones with a man and a woman with not the
> same last name at the same address and use it for mailings for
> people with live-in lovers, or where the name shows, married couples.
I am sure it happens (although the last time I bought Vaseline or
condoms--rarely both in the same store visit--no one wrote down my name
or address or, heaven forbid, my phone number.) Anyway, how would
anyone notice whether some NEW junk mail was arriving? Seventy percent
of the mail that shows up at my house is junk and I just pitch it in
the recycle bin. It is not one of my major concerns. And where people
live means nothing. My sister lives deep in the heart of San
Francisco's Castro district and is as straight as they come. On the
other hand, I live in Family Suburbia and--well, you get the point.
> Or, the other possibility. If there is someone who is high profile,
> that a particular city or state administration doesn't like, then
> use this information to target them and then prosecute them for
> sodomy or oral copulation where it is illegal.
It is rather difficult to prove either act without an eye-witness or
catching the parties in the act. Being high profile anything does not
prove much. I really don't think that is much to worry about. Anyone
who lives in an area that has that type of selectively-enforced law
does so at his own risk.
As I have stated many times, anyone determined to locate you or "get
the goods" on you will do so despite your best efforts. Hence, I
consider it a gross waste of time and resources to even try to limit
this information gathering. I find shoddy info-collecting to be much
more offensive, and potentially much more harmful.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Mon, 20 Sep 1993 08:21:57 -0700 (PDT)
From: Dave Ptasnik <davep@cac.washington.edu>
Subject: Re: John misses the point
On Mon, 20 Sep 1993, Tansin A. Darcos & Company wrote:
> > John, you are the one who wants to limit technology. The
> > technology exists to send Caller ID and/or ANI. The technology
> > exists to prevent the sending of both or either. The technology
> > exists to reject blocked calls.
>
> There is a way to block ANI? And a way to allow someone to selectively
> receive or not receive it? That's a new one on me.
>
While I am aware of no system currently in place that does not pass along
the ANI on numbers that are caller ID blocked, clearly that is something
that could be done if the LEC's and/or IXC's wanted to. I think that the
ANI info includes whether or not a line has blocking. At that point it is
just a question of screening for that information, and not passing the
number to end users when blocking is set to yes. I understand that the
IXC's probably need to have the info passed to them, but they do not have
to pass it to the end user. All of this is much more related to marketing
than technology, which is the core of my point.
All of the above is nothing more than the personal opinion of -
Dave Ptasnik davep@u.washington.edu
------------------------------
From: "david.g.lewis" <deej@cbnewsf.cb.att.com>
Subject: Re: John misses the point
Organization: AT&T
Date: Mon, 20 Sep 1993 14:18:20 GMT
In article <comp-privacy3.36.2@pica.army.mil> Dave Ptasnik <davep@cac.washington.edu> writes:
>The technology
>exists to send Caller ID and/or ANI.
Correct
>The technology exists to prevent
>the sending of both or either.
Not correct.
Two (primary) signaling methods are used for sending ANI information from
the originating LEC to the IXC: Equal Access Multifrequency (EAMF) and
Signaling System 7 ISDN User Part (SS7 ISUP).
EAMF signaling is capable of sending a 10-digit ANI and two II (information)
digits conveying line class of service information (e.g. Coin line). There
is no capability in the EAMF signaling protocol to send a "presentation
restriction" indicator.
SS7 ISUP signaling has the capability of sending significantly more
information; however, ANI information is carried in the Charge Number
parameter, and the Charge Number parameter as defined in ANS T1.113 (ISUP)
does not include a Presentation restriction indicator field.
It is therefore not technically feasible for Billing number (ANI)
presentation information to be signaled from the originating LEC to the IXC.
David G Lewis AT&T Bell Laboratories
david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation
------------------------------
Date: Mon, 20 Sep 93 9:59:04 EDT
From: Computer Privacy List Moderator <comp-privacy@Pica.Army.Mil>
Subject: Caller Id & ANI
I think the Caller Id and ANI debate should wind down. I think all
the points have been made. Nothing new is really being said. I would
like to cut the discussion off. If soemthing new pops up I would be glad
to publish it. Dave Lewis's post on the technical aspects was welcome
and posts expounding on it would be welcome. For fairness sake, I will
let everyone have one final post in this discussion. Subject topics
have included:
ANI
*Caller ID*
Something to Consider
dennis
------------------------------
Date: Mon, 20 Sep 93 11:53 EDT
From: Lynn R Grant <Grant@dockmaster.ncsc.mil>
Subject: Caller ID/ANI Thread
I sure hope the caller ID/ANI thread dries up soon. It seems to be
devolving into an "is not"/"is too" discussion.
Perhaps we should take a break from this subject, and deal with easier
problems, like which of the worlds religions is the One True Religion.
Lynn Grant
Grant@DOCKMASTER.NCSC.MIL
------------------------------
Date: Mon, 20 Sep 93 17:48:52 EDT
From: Computer Privacy List Moderator <comp-privacy@Pica.Army.Mil>
cc: comp-privacy@Pica.Army.Mil
Subject: Re: Caller ID/ANI Thread
>I sure hope the caller ID/ANI thread dries up soon. It seems to be
>devolving into an "is not"/"is too" discussion.
I agree. It's been rehashed to much. See the messsage in this digest.
>
>Perhaps we should take a break from this subject, and deal with easier
>problems, like which of the worlds religions is the One True Religion.
No Way. The Berlin Wall is down, the Soviet Union is no more, DOD
is closing bases, and there is peace in the Middle East. That is child's
play compared to getting people to agree about Caller ID. Next thing I
know you will want the Cubs to win the World Series:-).
dennis
------------------------------
End of Computer Privacy Digest V3 #040
******************************