Date: Wed, 20 Apr 94 09:02:01 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#054
Computer Privacy Digest Wed, 20 Apr 94 Volume 4 : Issue: 054
Today's Topics: Moderator: Leonard P. Levine
Scanned photo & signature
NII and the US Card
Simon's Privacy Protection Bill
FBI documents re Dig Tel, DSS
Re: FCC Issues Decision on Caller ID
Re: Clipper Teaches Public to Encode?
Re: Let your fingers do the walking on the Internet
Re: Credit check only with Permission Granted
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Adriane Moser <AMOSER@CCVM.SUNYSB.EDU>
Date: 16 Apr 94 14:30:09 EDT
Subject: Scanned photo & signature
Organization: State University of New York at Stony Brook
Hello. I am new to this group and so do not know if this has been
discussed rec ently. If so, someone please give me a date and I will
look in the archives.
How do you feel about companies that want to scan in my photograph and
signatur e and keep them on a computer so that they can re-issue IDs,
credit cards, etc. in the future without taking my picture or getting
my signature again. I'm par ticularly uncomfortable about the
electronic copies of my signature floating ar ound.
If I were to ask them not to scan my signature or to delete the file,
how would I justify it? (I'm thinking of the motherly types in the
school ID office.)
.........................................................................
Adriane Moser :
amoser@ccvm.sunysb.edu : I think the most lovely time of the year is
State University of New : Spring, don't you? Of course you do!
York at Stony Brook : -Tom Lehrer
........................:................................................
------------------------------
From: WHMurray@dockmaster.ncsc.mil
Date: 16 Apr 94 16:06 EDT
Subject: NII and the US Card
Last week in the security track of the CardTech/SecureTech Conference,
I heard a presentation by a representative of the U. S. Postal Service
on the "US Card." This is a piece of the national information
infrastructure intended to mediate all government services to and
controls over the citizen.
It will contain health care data, financial data, tax data, and
identity data. It will contain a private key (digital signatures
only), a pin, and other identifying data. (While emphasizing that
"open to new applications" was a requirement of the system, he was
silent on arrest record, voter registration, gender preference, and
previous condition of servitude.)
Use of the card will be "voluntary." The government is doing this for
us because it will enable them to give us better service, because the
citizens require "one card," and to protect us from the "twenty million
'little brothers'" that we now recognize as the "real threat to our
privacy." (He did not claim that this would protect us from
terrorists, child molestors, drug dealers, or religious cults.) (All
of this was delivered with a perfectly straight face and without
challenge from the audience.) Of course if we do not like it, we can
do away with it, right?
The official stated that the Postal Service is prepared to issue a
hundred million of these cards within months of getting the go ahead.
Along with the net, "voluntary" fingerprinting of the poor, CLIPPER,
and the FBI's digital telephony initiative, what more could any
citizen, not to say government, ask for? Law and order is just around
the corner.
Aren't you glad to hear that Orwell had it all wrong?
William Hugh Murray, Executive Consultant, Information System Security
49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840
1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL
------------------------------
From: lpincus@wppost.depaul.edu
Date: 16 Apr 1994 17:32:09 -0600
Subject: Simon's Privacy Protection Bill
I was wondering if anyone could direct me to some references (or could
offer personal opinions) regarding Sen. Paul Simon's Privacy Protection
Act of 1993. I am looking in particular for any reasons why it might
not go far enough or where it might have some shortcomings. I am tying
up an article which discusses the distinctions between public sector
and private sector privacy rights in the U.S.
Thanks so much.
Laura Pincus
lpincus@wppost.depaul.edu
Assistant Prof. of Legal Studies and Ethics DePaul University
One E. Jackson
Chicago, IL 60604
312/362-6569
fax: 312/362-6973
------------------------------
From: "Richard F. Strasser" <rfs@Maestro.COM>
Date: 17 Apr 1994 11:26:04 -0400 (EDT)
Subject: FBI documents re Dig Tel, DSS
I thought that list members might be interested in this note, which was
posted to another group.
---------- Forwarded message ----------
Date: Sun, 17 Apr 1994 03:40:42 -0400 (EDT)
From: Stanton McCandlish <mech@eff.org>
To: eff-activists mailing list <eff-activists@eff.org>
Subject: [David Sobel: Re: FBI documents re Dig Tel, DSS] (fwd)
In case anyone missed this:
From: David Sobel <dsobel@washofc.cpsr.org>
Date: Wed, 30 Mar 1994 11:31:52 EST
In response to a CPSR Freedom of Information Act lawsuit, the FBI has
released 185 pages of documents concerning the Bureau's Digital
Telephony Initiative, code-named (according to the documents) Operation
"Root Canal." The newly disclosed material raises serious doubts as to
the accuracy of the FBI's claims that advances in telecommunications
technology have hampered law enforcement efforts to execute court
authorized wiretaps.
The FBI documents reveal that the Bureau initiated a well orchestrated
public relations campaign in support of "proposed legislation to compel
telecommunications industry cooperation in assuring our digital
telephony intercept requirements are met." A May 26, 1992, memorandum
from the Director of the FBI to the Attorney General lays out a
"strategy ... for gaining support for the bill once it reaches
Congress," including the following:
"Each FBI Special Agent in Charge's contacting key law enforcement
and prosecutorial officials in his/her territory to stress the
urgency of Congress's being sensitized to this critical issue;
Field Office media representatives educating their contacts by
explaining and documenting, in both local and national dimensions,
the crisis facing law enforcement and the need for legislation;
and
Gaining the support of the professional associations representing
law enforcement and prosecutors."
However, despite efforts to obtain documentation from the field in
support of Bureau claims of a "crisis facing law enforcement," the
response from FBI Field Offices was that they experienced *no*
difficulty in conducting electronic surveillance. For example, a
December 3, 1992, memorandum from Newark reported the following:
The Newark office of the Drug Enforcement Administration
"advised that as of this date, the DEA has not had any
technical problems with advanced telephone technology."
The New Jersey Attorney General's Office "has not experienced
any problems with the telephone company since the last
contact."
An agent from the Newark office of the Internal Revenue
Service "advised that since the last time he was contacted,
his unit has not had any problems with advanced telephony
matters."
An official of the New Jersey State Police "advised that
as of this date he has had no problems with the present
technology hindering his investigations."
Likewise, a memorandum from the Philadelphia Field Office reported that
the local offices of the IRS, Customs Service and the Secret Service
were contacted and "experienced no difficulties with new
technologies." Indeed, the newly-released documents contain no reports
of *any* technical problems in the field.
The documents also reveal the FBI's critical role in the development of
the Digital Signature Standard (DSS), a cryptographic means of
authenticating electronic communications that the National Institute of
Standards and Technology (NIST) was expected to develop. In a
memorandum to the Attorney General, the FBI Director describes the DSS
as "the first phase of our strategy to address the encryption issue."
The DSS was proposed in August 1991 by NIST, which later acknowledged
that the National Security Agency (NSA) developed the standard. The
newly disclosed documents appear to confirm speculation that the FBI
and the NSA worked to undermine the independence of NIST in developing
standards for the nation's communications infrastructure.
CPSR intends to pursue further FOIA litigation to establish the extent
of the FBI involvement in the development of the DSS and also to obtain
a "cost-benefit" study discussed in one of the FBI Director's memos and
other "Root Canal" documents the Bureau continues to withhold.
For additional information concerning CPSR's work on digital telephony,
encryption and network privacy issues, contact Dave Banisar
<banisar@washofc.cpsr.org>. For general information concerning
Computer Professionals for Social Responsibility, contact our National
Office in Palo Alto <cpsr@cpsr.org>.
--
Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist
"In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps.
When informed about the Clipper Chip, 80% said they opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994
------------------------------
From: ajh@panix.com (A. H.)
Date: 16 Apr 1994 17:05:57 GMT
Subject: Re: FCC Issues Decision on Caller ID
Organization: Panix Public Access UNIX and Internet
"Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> writes: Taken from
the CPSR Alert 3.06: After three years of deliberation, the FCC in
April finally issued its rules on Caller Number Identification. The
FCC mandated that telephone companies that use Signaling System 7
offer Caller ID for interstate calls and that interstate carriers
carry the signals at no charge.
The FCC ruled that telephone companies provide free per call
blocking for interstate calls, preempting the decisions of over 30
states public utility commissions, many of which have opted for
greater privacy protections. It adopted a controversial brief by
the Department of Justice brief, which decided that Caller ID does
not violate the Electronic Communications Privacy Act prohibition
of "Trap and Trace Devices," which capture the numbers of incoming
telephone calls. Previously, the Congressional Research Service and
several states found that Caller ID was a trap and trace device.
Does this mean that requiring the name and address of the addressee and
recepient of a communciation to be specified in cleartext in that
commnunque is nolonger a violation of privacy?
--
ajh@panix.com
------------------------------
From: Orion Bain <orionbain@delphi.com>
Date: 17 Apr 94 13:53:11 -0500
Subject: Re: Clipper Teaches Public to Encode?
Organization: Delphi (info@delphi.com email, 800-695-4005 voice)
Buford Terrell <terrell@sam.neosoft.com> writes: Demand should
create a market that will elicit new and better encription to meet
that demand. Have the Fibbies shot themselves in the foot again?
Have the Fibbies shot themselves in the foot? Oh, yeah, without a
doubt.
Maybe not for *that* particular reason, but nevertheless...<G>
--
"I have seen the truth and it is a lie." - Orion Bain, Pariah
Paragon
------------------------------
From: jepstein@cordant.com (Jeremy Epstein -C2 PROJECT)
Date: 18 Apr 1994 08:33:32 -0400 (EDT)
Subject: Re: Let your fingers do the walking on the Internet
Mark Anderson (mea@intgp1.att.com) wrote: It would also be kind of
interesting to see someone scan all of this information and post it
electronically in the public domain. I wonder what kind of
copywrite protection he has on the information he took? Also, there
probably wouldn't be a way for him to sue since by making some
additions to the list, the two lists would not be the same and
whose to say someone else couldn't do the same thing. I think this
list would be very hard to copyright leaving the door open for
anyone to publish a competing book.
This is really off the topic for this mailing list, but... It's
entirely possible to copyright collections of information which is
otherwise public (I don't recall the exact term). And making
modifications to the list does not invalidate the copyright. While
it's true that someone else could have made up the same list, I
wouldn't want to be trying to defend someone who has a list that looks
too similar. BTW, I'm told that in some cases like this there is a
deliberate set of false data seeded in, so that if someone makes a copy
it will contain the false data, and can be shown not to be an
independent work.
--Jeremy Epstein
Cordant, Inc.
------------------------------
From: kbass@clark.net (Ken Bass)
Date: 19 Apr 1994 20:28:45 GMT
Subject: Re: Credit check only with Permission Granted
Organization: Clark Internet Services, Inc., Ellicott City, MD USA
John R Levine (johnl@iecc.com) wrote: I called TRW in Orange
County, California today. I asked how safe my credit information
and social security number is. They told me that noone can look at
your credit report unless you grant them permission.
If you feel like it, call TRW back and ask what they do to verify
that the people to whom they provide a report do in fact have
permission to request it.
Then how do the "PROMO" items get distributed. On my credit report,
there are entries from places who sent me something "pre-approved".
They ran a report and it was listed as "PROMO" or some such thing.
Obviously they didn't have my permission.
------------------------------
End of Computer Privacy Digest V4 #054
******************************
.