Date: Thu, 16 Dec 93 13:41:20 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#008
Computer Privacy Digest Thu, 16 Dec 93 Volume 4 : Issue: 008
Today's Topics: Moderator: Leonard P. Levine
Wisconsin Privacy
Re: e-Mail privacy
Re: Encryption At School
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: Wisconsin Privacy
Date: Wed, 15 Dec 1993 15:11:13 -0600 (CST)
I am interested in any official acts by states in the union that
are pro privacy. I would like to offer the following as an
example and ask for comment:
The State of Wisconsin has developed a policy for handling the
problem of drivers' licenses and car registration materials.
These data are public records and cannot be held from the public,
including businesses. According to an official at the Department
of Transportation, the State sells a tape containing the list of
some 3,500,000 drivers' licenses for a fee of a little more than
$2,600 for each tape. (Compare this price with a commercial list
broker's rate of $50 a thousand names.)
This tape contains addresses but does not contain Social Security
numbers that are required when you get a license. Since each
driver is required by law to update the data within two weeks of
moving, this makes the tape a very useful mailing list. The
State also sells a tape of 4,800,000 license plate numbers
with addresses for $2,200.
This legal situation has bothered many of us in Wisconsin because
of the privacy implications. Recently, state law has been
amended as follows:
A Wisconsin driver or owner of a licensed vehicle can get a form
MV3592 requesting the state to withhold names and addresses from
massive orders (a data tape). This only applies to orders
for tapes; requests for fewer than 10 names and addresses are
honored whether or not a privacy form has been filed.
When an order comes in for a drivers' license tape, the purchaser
gets the driver's license number followed by the licensee's name
and address except for those who have submitted a privacy form,
in which case the tape shows only a driver's license number and a
5-digit zip code.
When an order comes in for a car registration and plate number
tape, the purchaser gets the plate number followed by the owner's
name and address and registration information on the vehicle
except for those who have submitted a privacy form, in which case
that line gives only the plate number and a 5-digit zip code.
A purchaser can also order, for a fee of about $30, a list of ten
or fewer names, licenses, or plate numbers with full addresses
regardless of whether or not a privacy form has been submitted.
Good or bad, this is a sincere effort on the part of the State of
Wisconsin to provide its legal data to those who need it, while
maintaining some privacy for those who want it. There have been
articles in the mass media indicating what the number of the form
is and how to get it. Copies of the form can be made without
limit and as many forms as you wish can be mailed in one envel-
ope. I suspect we will see, in the near future, a box to check
on the driver's license application form if you wish to be taken
from the mass tape.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: kkruse@matt.ksu.ksu.edu (Korey J. Kruse)
Subject: Re: e-Mail privacy
Date: Thu, 16 Dec 1993 02:34:33 -0600
Organization: Kansas State University
Sharon Shea <sshea@world.std.com> writes:
>What do you think of this invation of e-mail privacy? -
>What's more, my supervisor then copied out my e-mail and passed it
>around, in places where it was obviously hoped that it would do me
>professional harm.
>Does anyone have any suggestions about how to deal with this, or what
>legal possibilities I may have in replying to this action? Thanks.
Yes....encrypt your mail with PGP. (Pretty Good Privacy) I believe
it is available via ftp from soda.berkeley.edu in pub/cypherpunks
directory.
Talk to your universities lawyers about possible legal action. Many
universities provide lawyers for student consultation for either no
charge or a minimal one.
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Subject: Re: Encryption At School
Date: Thu, 16 Dec 1993 10:40:24 -0500 (EST)
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Chris Burris <cburris@cap.gwu.edu>, writes:
> I have a question:
>
> Suppose that I wrote a simple encryption program and
> ran it at school, and the administration searched my disk.
> Could the administration force me to give them the encryption key
> even if i refused?
Unless they plan to use torture or drugs, they can't "force" you to do
anything. They can make your life very uncomfortable, such as threats of
expulsion, imprisonment, or going after your parents and making them
threaten you, and in theory _they_ could use various forms of painful
measures depending on their point of view.
You could always try becoming a test case and use the same arguments as
Senator Packwood, and invoke the 4th and 5th amendments, claiming the
right to privacy and right not to incriminate oneself, or even invoke the
2nd Amendment, which will really confuse them (since the U.S. Government
claims encryption to be a type of "ordinance" requiring approval for
export as other munitions....) Or take the advise of some people on the
list and claim you don't remember what the key is. (If you use a text
file to apply the key, and don't know it physically, then you are not
lying.)
The latter is probably a better choice unless you _want_ to push them on
this and start a test case if they push the issue. The courts have
generally ruled that minors don't have civil rights.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: mcinnis@austin.ibm.com ()
Subject: Re: Cellular Phone Security
Date: Wed, 15 Dec 1993 18:11:27 GMT
Organization: IBM Austin
The trick and the real danger of the prohibition on cell phone monitoring is
that it gives certain people in the government a way to coerce and harass
someone.
Even if you don't go out looking for someone monitoring cell phones, it's yet
another weapon that the unethical government official can use against a citizen.
It's a great totalitarian trick. Make more and more things illegal but
don't enforce them on "good" subjects. When you want to get to some
uncoorperative subject, you dig up one of these illegal but unenforced "crimes"
and put the screws to them.
------------------------------
From: eck@panix.com (Mark Eckenwiler)
Subject: Re: Cellular Phone Security
Date: 15 Dec 1993 14:09:26 -0500
Organization: Superseding Information, Inc.
In <comp-privacy4.7.6@cs.uwm.edu>, reed@interval.com sez:
>I have to pay his salary with my taxes so he can apply his personal
>interpretation of the law by refusing to prosecute a clear violation?
...
>I hope this is yet another hoax.
>
Apparently not. Mr Grosso is listed in Martindale-Hubbell as an AUSA,
so unless the post is forged, this is a gen-you-wine remark from a
federal prosecutor.
------------------------------
From: johnl@iecc.com (John R Levine)
Subject: Re: Cellular Phone Security
Date: Thu, 16 Dec 1993 03:48:00 GMT
Organization: I.E.C.C., Cambridge, Mass.
>Good point, but here is a problem:When I call over a standard fone, the
>signal is transmitted(broadcast) to a satellite, then rebroadcast to
>earth. Have I sacrificed my privacy by employing the satellite?
It's a matter of degree. If your call is carried by satellite (which
in fact is quite uncommon, fiber cables have a lot more bandwidth) it
is sent in a format which is fairly difficult to decode, requiring
dish antennas, demultiplexing receivers and so forth. On the other
hand, to intercept a cellular call all you need is an old UHF TV set.
In the former case, it is reasonable to expect that there aren't a
whole lot of people listening in, while in the latter case it isn't.
(The fact that the ECPA outlaws listening to the latter but not the
former is just stupid. No argument there.)
The Ethernet example is an interesting one, particularly when you
consider the way that Internet messages are relayed from net to net.
I think that for legal purposes, you have to declare that each net is
either a common carrier, in which case the usual common carrier rules
apply and random people aren't supposed to peek, or a private network
in which case whatever agreement you have with the network owner
applies. But in the total absence of legal precedent, lord only
knows what a court would say.
Regards,
John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Subject: Re: Cellular Phone Security
Date: Thu, 16 Dec 1993 10:58:51 -0500 (EST)
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Andrew Grosso <agrosso@world.std.com>, writes
> As a federal prosecutor, I have my own opinions about cellular
> phones and the legality (or illegality) of listening in on
> cellular phone conversations. Please note that this is a
> personal opinion, not one of the Dept. of Justice.
Considering the background of that organization, I hope not!
> Unlike a phone conversation transmitted via a cable-type
> network, a cellular phone from the start transmits its
> information over the airwaves. There is no pretension that
> the information transmitted is physically protected or
> secure.
Non-broadcast and non-amateur messaging over radio is subject to
international secrecy requirements which prohibit a third-party
recipient from using or divulging to anyone else the content or
information in a message heard over any radio receiver. (Emergency
messages are deemed 'broadcast' for the purposes of this paragraph.)
> The means to "tap" or otherwise listen to the information is
> very simple, and widespread: radio receiver type devices. By
> using a cellular phone, one is consenting to having one's
> conversations broadcast to an outside world, a world which has
> the means to listen to those converations. It is similar to
> using a megaphone to transmit your conversations.
No it is not. A megaphone transmission requires no special equipment to
receive that message by anyone in the area, whereas a radio transmission
requires that someone have the appropriate equipment to do so. If one
does not have the equipment to receive it, one can't hear it even if one
is in the immediate vicinity of the transmission (but out of earshot).
> People who want the law to protect their cellular conversations by
> making the listening-in on such conversations illegal or unlawful
> are, in my opinion, like people who want it made illegal or unlawful
> for others to listen to conversations broadcast by megaphone.
Someone who uses a megaphone is using a device to tranmit in the clear
some information to anyone in the vicinity of the output end of these
devices. On the other hand, monitoring cellular requires specialized
equipment, e.g. either a scanner or a modified cellular phone, just as
monitoring police or fire departments requires a scanner.
> Since there is, and should be, no expectation of privacy in the means
> used to transmit the information, there should be nothing unlawful about
> listening in.
True. But it also means that anyone should have the right to use
unbreakable encryption on their traffic, too. But for some reason the
U.S. Government has been very hostile to use of encryption in order to
create an expectation of privacy.
> What these people are trying to do is to utilize the law in
> order to achieve an unnatural result: one wants privacy, but
> also wants the convenience of using an easy means to
> communicate which has no privacy. As a prosecutor, I can tell
> you that I have much too much work to do (and so do all other
> prosecutors) to prosecute a case against person A for
> listening to person B's conversation when person B decided to
> use an obviously insecure means of communication simply
> because he or she thought it convenient at the time.
Unless there's a high profile case to be made, such as the incident
involving the (now former) Governor Wilder of Virginia and his
conversations over a cellular phone, that tape recordings of such ended up
in the hands of another politician.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: adiron!tro@uunet.UU.NET (Tom Olin)
Subject: Re: Cellular Phone Security
Date: Thu, 16 Dec 93 11:44:30 EST
When I call over a standard fone, the signal is transmitted
(broadcast) to a satellite, then rebroadcast to earth. Have I
sacrificed my privacy by employing the satellite?
To some extent, yes. It is possible that some people could intercept
your conversation, but the likelihood is probably extremely small.
What about a network link? My email goes out in the form of packets
that are readable by every machine physically connected to the
network. .... Have I surrendured my privacy by plugging a network
card into my computer?
To some extent, yes. If you send messages over the network, they
might be seen by people you did not intend to see them.
I don't dispute what you say, necessarily, but every definition of
privacy has it's problems.
Although the definition of privacy may be debatable, the questions you
raised have more to do with the problems of protecting privacy, not
defining it.
Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638
tro@partech.com New Hartford, NY Fax:(315)738-8304
------------------------------
From: adiron!tro@uunet.UU.NET (Tom Olin)
Subject: Re: Cellular Phone Security
Date: Thu, 16 Dec 93 12:03:01 EST
From: greg@ideath.goldenbear.com (Greg Broiles)
There are precious few technological ways to preserve privacy, and
they are vulnerable to encroachment as technology advances.
While technology can certainly undermine privacy, it can also enhance
it - encryption, for example.
The other side of the "consent" issue concerns a party using a
wire-based phone, who unknowingly talks with a person using a
cellular phone. Their comments are also being broadcast, quite
possibly without their knowledge or consent.
The same argument applies to speaker-phones, extension phones, people
who don't know how to keep their mouths shut, etc. If only one of the
parties to a conversation wants to keep it private, it is unlikely to
remain private.
Andrew Grosso (agrosso@world.std.com) writes:
> As a prosecutor, I can tell you that I have much too much work to
> do (and so do all other prosecutors) to prosecute a case against
> person A for listening to person B's conversation when person B >
decided to use an obviously insecure means of communication >
simply because he or she thought it convenient at the time.
Philosophically, how is this different for declining to prosecute
person A for breaking into person B's house, when it was
ridiculously easy to do so .. or person A for breaking into person
B's computer, when the system was obviously insecure?
A law is based on more than just the ease or difficulty with which an
act is committed. Breaking into a house or a computer is the
violation of property rights. It's rather difficult to apply the same
rationale to radio waves, especially when detecting their reception is
essentially impossible without gutting the Bill of Rights.
Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638
tro@partech.com New Hartford, NY Fax:(315)738-8304
------------------------------
From: adiron!tro@uunet.UU.NET (Tom Olin)
Subject: Re: Cellular Phone Security
Date: Thu, 16 Dec 93 12:10:06 EST
From: rerodd@eos.ncsu.edu (Richard Roda)
One question: what if I recieve a call on my cable phone from a cellular
phone, and the caller does not let me know they are on a cellular
phone. Do *I* forfit my privacy??
My dictionary provides a definition of "forfeit" as "to lose something
as a result of neglecting a duty". In your case, it might be
neglecting to ascertain whether the caller was using a cellular phone.
Perhaps the pedantic answer is that you give up your privacy every
time you speak. After all, somebody unexpected might be nearby (about
to knock on the door, outside an open window, etc.), or the person to
whom you are speaking might repeat what you said.
Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638
tro@partech.com New Hartford, NY Fax:(315)738-8304
------------------------------
End of Computer Privacy Digest V4 #008
******************************
.