Date: Tue, 01 Mar 94 10:32:47 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#036
Computer Privacy Digest Tue, 01 Mar 94 Volume 4 : Issue: 036
Today's Topics: Moderator: Leonard P. Levine
Re: EFF on FBI Telephony Bill
Re: Van Eck Radiation and Privacy
Media "Hackers" Whack Harding's E-mail
Re: Bacard & Barlow: Clip Clipper
Re: Telephone Card Audit Trails
Re: Van Eck Radiation and Privacy
Electronic Banking - CheckFree
Privacy Forum Digest V3.05
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: eyeball@netcom.com (David M. Berman)
Date: Sun, 27 Feb 1994 19:37:07 GMT
Subject: Re: EFF on FBI Telephony Bill
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
If laws such as the FBI Telephony Bill and the legislation surrounding
the clipper chip, skipjack, etc. come to pass, I'm going to have to
ignore my excitement about all of these new technologies and retreat
into the safety of paper for all of my information, communication, and
financial needs. If all American-built equipment comes with Edgar
Hoover built in, no one from abroad is going to want to buy it (unless
they set up reciprocal information-sharing agreements such that we spy
on your citizens, you spy on ours, and we all share all the info --
SCARY!).
What can we do? How do we get Geraldo, Dan Rather, Pat Robertson, or
whichever idiot to whom Americans like to attend, to come out in the
press against these nightmares? Haven't we learned any lessons from
McCarthy, Orwell, or the East Germans? I've signed the clipper
petition, I've e-mailed Patrick Leahy, but I still don't see any
POPULAR debate over these attempts to overrun the Constitution. We
need to get creative and get busy.
------------------------------
From: skoper@netcom.com (Stan Koper)
Date: Mon, 28 Feb 1994 04:05:42 GMT
Subject: Re: Van Eck Radiation and Privacy
Organization: None at the moment
Prof. L. P. Levine wrote: Taken from the Risks-Forum Digest
Saturday 26 February 1994 (15:59) Peter G. Neumann, moderator
From: "Winn Schwartau" <p00506@psilink.com>
Over the last several years, I have discussed in great detail how
the electromagnetic emissions from personal computers (and
electronic gear in general) can be remotely detected without a hard
connection and the information on the computers reconstructed.
Electromagnetic eavesdropping is about insidious as you can get:
the victim doesn't and can't know that anyone is 'listening' to his
computer. To the eavesdropper, this provides an ideal means of
surveillance: he can place his eavesdropping equipment a fair
distance away to avoid detection and get a clear representation of
what is being processed on the computer in question. (Please see
previous issues of Security Insider Report for complete technical
descriptions of the techniques.)
The problem, though, is that too many so called security experts,
(some prominent ones who really should know better) pooh-pooh the
whole concept, maintaining they've never seen it work. Well, I'm
sorry that none of them came to my demonstrations over the years,
but Van Eck radiation IS real and does work. In fact, the recent
headline grabbing spy case illuminates the point.
I don't know about the "government" using Van Eck radiation, and this
may be apocryphal, but when I lived in Milwaukee (1975-1987), there was
a company that provided HBO to subscribers via microwave, providing
small parabolic antennas and a receiver/decoder box. However, it was
known that the same equipment could be purchased from companies that
advertised in magazines like Radio Electronics.
What I heard was that the microwave company had trucks that roamed the
streets of Milwaukee, and that these trucks had equipment that could
detect the "telltale" emissions of HBO. Addresses were then checked
against subscriber lists, and if there wasn't a match, a letter was
sent to the homeowner/resident, advising them that they had better sign
up or cease and desist.
------------------------------
From: CuD Moderators <cudigest@mindvox.phantom.com>
Date: Sat, 26 Feb 1994 15:54:54 CST
Subject: Media "Hackers" Whack Harding's E-mail
((MODERATORS' COMMENT: CuD has periodically reported on the manner in
which the media cover hackers. Perhaps we should have been paying more
attention to the manner in which the media covers by hacking. Perhaps
the lesson of the following story is that "hacking" should be
reclassified as a sport?))
NOT EVEN HARDING'S MAIL SAFE
REPORTERS BREAK INTO HER ELECTRONIC MAIL SYSTEM
Reporter: John Husar, Tribune Staff Writer
(From: Chicago Tribune, 26 Feb, 1994 (Sect 3, p. 7))
LILLEHAMMER, Norway--In what was described as a "stupid, foolish
mistake," perhaps as many as 100 American journalists peeked into
figure skater Tonya Harding's private electronic mailbox at the
Olympics.
According to the story, no one claimed to have read the story or used
the information. One reporter, Michelle Kaufman of the Detroit Free
Press, explained that the offense was a "spur-of-the moment" incident
that occurred after pizza at 2 a.m. According to Kaufman, the reporters
merely attempted to see if a code, reputed to be Tonya's, would work.
The story explains that an electronic information system is available
to all members of the "Olympic family" of coaches, athletes,
journalists, and others. The electronic system provides information
(weather, sports, news) and allows for sending or receiving messages.
The story explains that a double code is required to access messages:
One is the user's Olympic accreditation number, and the other the
secret password. The initial password is the user's birthdate.
Harding's accreditation number was retrieved from an enlarged photo of
her wearing an official Olympic ID tag. Her birthdate is readily
available from publicity and other sources.
Kaufman said she and a few others found that the code did gain
access to Harding's mailbox. A sign reported 68 unread messages
for Harding.
"But we never opened any messages," Kaufman said. "There were none
sent under her name. We made a joke--something about her not being
smart enough to figure out how to get her mail--and closed the
file and walked away. It couldn't have lasted for more than a
minute."
The story identifies Ann Killion of the San Jose Mercury News and Jerry
Longman of the New York Times as being among the group. Both denied
reading Harding's messages.
Mike Moran, head of the U.S. Olympic Committee's information
section, said he considered the situation an ethical matter for
journalists to settle rather than anything that would require any
kind of official reaction.
------------------------------
From: Mark Shanks <shanks@saifr00.ateng.az.honeywell.com>
Date: Mon, 28 Feb 1994 11:02:53 -0700
Subject: Re: Bacard & Barlow: Clip Clipper
Organization: Honeywell Air Transport Systems Division
walter@netcom.com (Walter Alter) writes: from the attempt to
institute "Aquarian Age" irrationalist quasi religions ("what's
your sign?") to animistic Gaia Earth worship as the ostinado behind
contemporary Environmentalism, from the anti-Nuclear Power movement
to the anthropoligists' "cultural relativism" argument in favor of
leaving the 3rd World undeveloped and non industrialized, Science
based civilization has been under a broad front rolling barrage
from Marxists, Anarchists, Socialists, neo-Primitivists, Liberals,
Pastoral Utopians, mystics, UFO watchers waiting for Godot, and the
occasional Jesuit. Science based technological progress has been
cast under the spectre of fascist Militarism, wasteful space
projects, Frankensteinian recombinant gene research, Dr.
Strangelove beam weapons, glowing plutonium flowing in our sewers
and a litany of spills, chills and cheap thrills from the Free
Market Capitalist neanderthals who'se "enlightened self-interest"
means Freudian death wish slow suicide for yo
Yow! It's like reading the label on a bottle of Dr. Bronner's soap!
DILUTE! DILUTE! OK!
------------------------------
From: palbert@netcom.com (Phil Albert)
Date: Tue, 1 Mar 1994 02:49:53 GMT
Subject: Re: Telephone Card Audit Trails
Organization: Disorganized
flb@flb.optiplan.fi (F.Baube[tm]) writes: Here in Turku Finland one
can make calls from pay phones using prepaid cards issued by the
city phone company, Turun Telelaitos. These cards are on sale
throughout the city, and are bought anonymously for cash.
[Discussion of the fact that, for diagnostic purposes, the telco tracks
the numbers used on each phone card and where it malfunctioned. To get
a refund on a failed card, you identify your name and address to the
telco, and they send you a refund, but the can now link you to the
previously anonymous activity.]
It is all well and good that they can extensively track an
individual card, and where it has malfunctioned, and that this card
can be bought anonymously, but naturally my privacy breaks down
when they take my name and address, which they can (in principle)
match it to the card's audit trail to get a partial track of my
calling activities.
Nonetheless, can anyone suggest some ideas that I might take to the
phone company to permit them to make the same checks but with a
higher level of privacy? Or should I just give them a bogus name
and see if it ever causes a problem (in the form of, for example,
more intrusive checks before issuing refunds)?
Ahh, a good question from the land of anon.penet.fi. Might I suggest
that you should be happy with what you have? Here in the states, we
cannot expect such privacy. If you value your anonymity more than the
remainder of the card, toss it, or have the check made out to a
charity. Fairly soon, anything anonymous in U.S. will be obsolete (me
thinks). Wanna buy some Clipper chips, cheap?
--
Phil Albert, full-time patent attorney and philosopher, part-time car thief
Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend
Internet: palbert@netcom.com or palbert@cco.caltech.edu
ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760'
------------------------------
From: palbert@netcom.com (Phil Albert)
Date: Tue, 1 Mar 1994 03:09:13 GMT
Subject: Re: Van Eck Radiation and Privacy
Organization: Disorganized
Prof. L. P. Levine wrote: Taken from the Risks-Forum Digest
Saturday 26 February 1994 (15:59) Peter G. Neumann, moderator
From: "Winn Schwartau" <p00506@psilink.com>
To the best of my knowledge, this is the first time that the
Government had admitted the use of Van Eck (Tempest Busting etc.)
in public. If anyone knows of any others, I would love to know
about it.
The Government did not admit to using a Van Eck device, and anyone with
an electronics background would know that they didn't use one in the
Ames case. Sure, it is trivial to design a Van Eck device and
reconstruct what is going on in a computer without touching it, but
those are only practical where you don't have physical access. Read
the Affidavit again. The FBI had physical access to Ames' house. That
means they bugged it for sound, bugged the phones, took a dump of his
hard drive, and installed a physical snooper in his PC.
Just by having the signals off the PC, you can't get as much info
compared with having a bug tapping the keyboard/mouse interrupt(s) or
wire(s). If you have a dump of the hard disk AND a copy of the stream
of keyboard/ mouse movements, you can recreate everything he did. Of
course, a before-and-after hard disk dump (including deleted sectors)
is probably all you need. Of course, with a keyboard snooper, the
device might need to be bigger than a Van Eck snooper, and thus
increase the chance of detection, but when was the last time you
noticed that extra chip I put in YOUR machine? What? You haven't
heard of the 487 snooper? It has easy access to the ENTIRE CPU bus and
it doesn't need its own power source! Get 'em at Fry's! (I wish)
BTW, did you know that Zenith sells a non-Van Eck-able PC, or did at
one time. GSA Schedule, no doubt.
--
Phil Albert, full-time patent attorney and philosopher, part-time car thief
Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend
Internet: palbert@netcom.com or palbert@cco.caltech.edu
ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760'
------------------------------
From: Hyatt_Edward_R@byu.edu
Date: Tue, 01 Mar 1994 08:13:42 -0700 (MST)
Subject: Electronic Banking - CheckFree
Organization: Brigham Young University
I have thought about using the CheckFree service, but I am worried
about the prospect of giving them my SS#, bank account #, etc. Can I
trust their claim of confidentiality; and what would protect my
information from being disclosed to other organizations? I would like
to hear what others think. Also, what about EFT's (electronic funds
transfers from one account to another, or direct deposit? There is
increasing pressure from the government and employers to use this
method of payment. Any thoughts would be appreciated.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Tue, 1 Mar 1994 10:08:08 -0600 (CST)
Subject: Privacy Forum Digest V3.05
Organization: University of Wisconsin-Milwaukee
Volume 03 number 05 dated Sunday, 27 February 1994 of the PRIVACY Forum
Digest, moderated by Lauren Weinstein is completely dedicated to the
Clipper Chip discussion and contains an excellent compendium of
rational arguments on both sides of the issue. I highly recommend this
60,000 byte document. It is available via anonymous FTP from site
"ftp.vortex.com", in the "/privacy" directory.
I have archived it on "ftp.cs.uwm.edu" [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy/library" and this document is stored as
Privacy-vol03-iss05. I will email it to people who cannot reach it
through ftp.
Its table of contents follows:
CONTENTS
The Clipper Saga continues...
(Lauren Weinstein; PRIVACY Forum Moderator)
Re: Emotion v. Reason (Marc Rotenberg)
Re: Emotion vs. Reason in the Clipper "Debate" (Jerry Leichter)
Privacy Forum comments, v3i4 (Prabhakar Ragde)
Clipper, Denning and PRIVACY Forum Digest V03 #04 (Lee S. Parks)
CPSR Clipper Petition /rsp to Denning (Marc Rotenberg)
Newsday article: The Clipper Chip Will Block Crime (Dorothy Denning)
FWD>FYI: Rivest's response to Dorothy Denning (Dave Banisar)
The Return of the "Digital Telephony Proposal"
(Lauren Weinstein; PRIVACY Forum Moderator)
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of Computer Privacy Digest and
Professor of Computer Science | comp.society.privacy.
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V4 #036
******************************
.