Date: Thu, 31 Mar 94 08:54:43 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#047
Computer Privacy Digest Thu, 31 Mar 94 Volume 4 : Issue: 047
Today's Topics: Moderator: Leonard P. Levine
NY Times: Computers, Freedom & Privacy Conference
Re: Time Magazine on Clipper
Anonymous Phoning
Clipper Chip
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: skoper@netcom.com (Stan Koper)
Date: 28 Mar 1994 01:52:13 GMT
Subject: NY Times: Computers, Freedom & Privacy Conference
Organization: None at the moment
Today's (March 27, 1994) NY Times has an interesting article under
Peter H. Lewis's byline concerning the recent Computers, Freedom and
Privacy Conference.
Lewis quotes one David Lytel, "of the President's Office of Science and
Technology Policy", as saying "Cryptography is an enormously powerful
tool that needs to be controlled, just as we control bombs and
rockets."
Now I know that Mr. Lytel *could* just be referring to "export"
controls, but on the other hand, it doesn't sound too promising for
non-Clipper encryption.
The article also quotes Stewart A. Baker, identified as "general
counsel for the National Security Agency" as saying "What I'd like to
see is people engage in the really hard question: Do you want to live
in a world where law enforcement cannot do its job because of the need
for privacy?"
An interesting question, especially considering how little evidence is
obtained (from what I've read here and elsewhere) from wiretaps of
currently *non-encrypted* telephone conversations.
Stan Koper skoper@netcom.com
------------------------------
From: sam@swlvx2.msd.ray.com (Sean Minuti {82622})
Date: 28 Mar 1994 20:01:44 GMT
Subject: Re: Time Magazine on Clipper
Organization: Raytheon Company, Tewksbury, MA
There's also two articles in Wired magazine this month discussing the
Clipper chip and its potential uses and abuses. I only had a chance to
skim over it, but it looked like good info. The part I read was a
plead for people to lobby there Congress-person against a certain bill
which helps to proliferate the Clipper chip as the de-facto standard in
cryptography. This would, they contend, allow the feds secret access
to all encrypted messages and data. I've been reading Wired magazine
for a few months and it seems to be level-headed and ultra-cool at the
same time. I would tend to listen to what they are saying more so than
what Time is saying.
The Wired articles seemed to warn that Big Brother has finally figured
out how to fulfill Orwell's prophesy. But, at the same time, I wonder
if He is merely trying to hold on to what He already has, ie. Is
anything like bank and credit card records as well as e-mail actually
encrypted now?
I think true encryption is necessary and I'm concerned that the
government is so 'prepared' to provide it.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Mar 1994 13:35:31 -0600 (CST)
Subject: Anonymous Phoning
Organization: University of Wisconsin-Milwaukee
One of the issues that is often addressed in privacy groups is that of
anonymous phone calls. Making calls from residences is now far from
private what with the presence of callerid capabilities. Making
private calls from payphones will probably become more difficult if
credit cards or conventional phone cards are used since the records of
the card agencies can (and will) be subpeonad if there is deemed to be
a need to know.
There is always the option of using a public phone and paying cash, but
I suspect that market forces will increasingly discourage the use of
cash in public phones in the future. These forces result from the
insecurity of the cash box in public phones (they can always be broken
into) and the installation of non-cash-box phones that anticipate the
use of credit cards.
Recently I spoke to a vendor of anonymous debit phone cards, cards that
can be purchased for cash and can be used for phone calls until the
prepaid amount is exhausted. This particular vendor was interested in
selling vending boxes that you can install in public spaces. They will
accept $10 bills and will vend plastic cards imprinted with a
multi-digit identity number and the 800 number of a phone call
provider. He told me that I can earn big money by going into this
business. Right. :-)
In use the purchaser calls the 800 number, gives the operator (or keys
in) the card identifier, and then dials the long distance number. The
cost (they tell me) is $0.25/minute for anywhere in the US.
Since the cards are sold through a vending machine for cash, there is
no trace of who owns which card. This is clearly anonymous calling for
people using payphones.
There is another point to be made. A technique called "shoulder
surfing" is known whereby a criminal watches over your shoulder as you
key in your phone codes. S/he then sells these codes to people who use
them to make phone calls, often to the tune of thousands of dollars per
day. These debit cards are limited to only $10 of calls and
automatically stop after that. This limitation of exposure can be used
to decrease the cost of legal calls.
There is even more. If the caller enters a *67 before dialing, then
the card vendor could keep no link between the incoming callerid and
the outgoing number. You then can call this 800 number from a
residence, and since the call is made out of the card owners pool
number, there is no sure trace possible of which incoming call was
connected to which outgoing call. If no data is kept, no subpeonaed
data can be demanded. I view this second option as far more risky than
the first, however.
Why anyone is interested in making anonymous calls is not the subject
of this note. Maintaing my freedom to make such calls is. This is not
a commercial for any such company, just an indication of what I believe
will be the natural result of the existence of such a service. I am
interested in the judgements and feelings of particpants in this
forum.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: armand@wam.umd.edu (Sixto Armando Roman)
Date: 29 Mar 1994 23:16:02 GMT
Subject: Clipper Chip
Organization: University of Maryland, College Park
-Technology enables people to do things that they could not do before.
For example, the airplane allowed people to travel all throughout the
world. Well, encryption also enables people to do something new.
Thanks to encryption, people are better able to protect their
confidential information on computer hard disks and wire
transmissions.
-However, President Clinton supports a "clipper chip" device allowing
the government to decode such encrypted files if it obtains a warrant
and access to "keys" that will turn on the device when law enforcement
agencies and other government entities think they need to look at the
encrypted communications and records of suspected criminals.
-Now imagine a world in which the government places a camera inside of
each room in every home, in every auto, in every restaurant, in every
airplane, in every bathroom, in short-EVERYWHERE! The government
installs these to watch criminal activity.
-However, the government kindly establishes rules that prevent any
law-and-order government agent from turning on any camera
indiscriminately. In order to observe people's activities, police
officers and federal investigators must obtain warrants and access to
the central control rooms for these cameras.
-Although the government may seem to have taken the necessary
precautions for protecting the population from excessive intrusion,
these cameras still sound very intrusive. I suspect that most people
at the moment would oppose cameras placed everywhere in their lives.
People would be afraid that someone might turn on a camera in a bedroom
just to get some free pornography. They might feel uncomfortable doing
their taxes in the kitchen because the IRS might turn on the cameras to
see if everyone was filing correctly. They might feel uncomfortable
using the bathroom. We could go on and on.
-People will also feel uncomfortable communicating with others and
saving their records on disk if the government indeed establishes a
"clipper chip" in every encryption device used to prevent others from
seeing private information. People will be afraid to save their tax
information on disk for fear that someone will just be able to break
into it without any serious trouble.
-All of the above sounds intrusive. It is scary, but some would argue
that the only individuals who need to worry about the government
turning on the camera or the "clipper chip" are those with something
criminal to hide. If you voice any objection to anything intrusive
that the government does to protect the public, such individuals would
say, "What have you got to hide?"
-A good example of such an attitude has been seen with regard to drug
testing in the workplace and academia. The government, business and
academia rightly want to stamp out drugs and the dangers people under
the influence of them pose to the public. When the drug-testing debate
was raging in the late 1980s, supporters of these tests simply said,
"What have you got to hide? If you haven't done anything wrong, then
you shouldn't worry about a simple drug test. All that these tests are
designed to do is protect the public from hallucinating truck drivers,
train operators, etc."
-At face value, this argument is strong; however, drug tests are
unquestionably intrusive. For example, if you are taking a drug for an
illness that you wish to keep private, such tests will tell
investigators what medications you are on, thus giving them a pretty
good idea of what your condition is. Sure the investigator might
protect medical records, but you don't want anyone else but your
doctor, close relatives and friends to know about the illness. Many
people take this view today, but the "What have you got to hide?
argument won the debate ond drug testing pervades workplaces as well as
several academic institutions through- out the nation.
-How can the "What have you got to hide?" argument be more effectively
fought against with regard to the "clipper chip"? After all, the
"clipper chip" sounds like a simple wiretap. And the government seems
to be taking precautionary steps similar to those required for
conducting wiretaps that often only require placing alligator clips on
a phone line in order to intercept phone conversations. Certain
segments of the government abused wiretapping through this gigantic
hole in privacy protection on telephone lines. However, the courts and
lawmakers eventually straightened things out enough that the average
phone user does not need to worry about being indiscriminately
monitored.
-If there is no effective counter to the "What have you got to hide?"
argument, and people fail to argue that Clinton's proposed handling of
the "clipper chip" is inadequate, then it will inevitably become a part
of all encryption-related hardware and software. This may happen
before the end of Clinton's first term and long before health care will
wver be reformed. What can be done to stop what seems inevitable?
------------------------------
End of Computer Privacy Digest V4 #047
******************************
.