Date: Tue, 03 May 94 13:56:12 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#062
Computer Privacy Digest Tue, 03 May 94 Volume 4 : Issue: 062
Today's Topics: Moderator: Leonard P. Levine
Ethics and the Law
The Great Clipper Debate 5/9/94
Protect Your Diskettes
Seeking information
Police telecommunications
Re: Credit check only with Permission Granted
Re: Credit check only with Permission Granted
Re: Credit Reports
Re: NSA remarks at "Lawyers and the Internet"
Re: Phillip Zimmermann's Encryption program anybody??
Re: Military and Law Enforcement
Re: SSN: Do Not Give Your Number to Anyone!
Re: Long Distance Companies
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: WHMurray@dockmaster.ncsc.mil
Date: 1 May 94 14:23 EDT
Subject: Ethics and the Law
Tony Austin writes (on Privacy): It's ethical because it violates
no laws.
[Judging from discussions that I have had on the net, on many college
campuses anything that is not illegal is permitted. On a few, what is
not illegal is mandatory. For example, rude speech is justified in the
name of "free speech." Freedom is interpreted as conferring license
rather than responsibility.]
While this idea has a great deal of currency, it is both false and
destructive. Ethics is defined as "the study and philosophy of human
conduct, with emphasis on the determination of right and wrong."
To equate ethical with legal is to give to the state the right to
decide all issues of right and wrong. While most states are more than
anxious to arrogate this authority to themselves, few of was would like
to live in the world in which they were permitted to do so.
Many things are perfectly ethical, moral, and right but are illegal
under the laws of many states. Even small children are aware that laws
against cohabitation are unethical. Nonetheless, I grew up under such
laws, right here in the United States of America. Incidentally, they
are still on the books in many of the fifty states. (In Texas and
Florida, they are still enforced. (citations available on request))
Likewise, many things that are generally accepted to be unethical,
e.g., lying in political discourse, are not only perfectly legal, but
in this country are constitutionally and specifically exempted from any
legislation on the part of the state. Many states endorse and use
torture and imprisonment without trial. Until a little more than a
hundred and thirty years ago the law of the United States allowed one
man to own another as private property. If we had had to wait for a
legislature to fix that, it might be the law yet.
I do not know where this idea came from, but it is particularly
dangerous and ought to be resisted at every opportunity. Neither the
state nor even the law are the appropriate arbiters of right and
wrong. While we may have to live with the law, we do not have to
accept it as ethical and moral when it is not.
William Hugh Murray, Executive Consultant, Information System Security
49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840
1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL
------------------------------
From: Dave Banisar <epic@cpsr.org>
Date: 2 May 1994 18:17:02 +0000
Subject: The Great Clipper Debate 5/9/94
The Great Clipper Debate:
National Security or National Surveillance?
Sponsored by: The Georgetown University Law Center Space Law Group
and Communications Law Forum
In Coordination with: The George Washington University Institute for
Computer and Telecommunications Systems Policy, the Association for
Computing Machinery Special Interest Group for Computers and Society, and
the American Bar Association Criminal Justice Section.
Date and Time: May 9, 1994, at 7:30 p.m.
Place: The Georgetown University Law Center(Moot Court Room)
600 New Jersey Avenue, N.W., Washington, D.C.
The Administration, through the Department of Justice and the
National Security Agency, has proposed a standard encryption algorithm
for both the public and commercial marketplace, with the goal of making
this algorithm the method of choice for persons wishing to encode their
telephone and other voice and data communications. The FBI and the NSA
are concerned that the increasing availability, and affordability, of
encryption mechanisms will make it difficult and in some cases impossible
for law enforcement and intelligence agencies to tap into and to
understand the communications of criminals and other pertinent groups.
This proposal has become known as the "Clipper Chip," in that it would
be implemented by the voluntary insertion of a computer chip into
telephone, fax machine, and other communications systems.
The Clipper Chip has generated considerable controversy. Opposing
it are various civil libertarian groups, as well as telecommunications
companies, software and hardware manufacturers, and trade associations.
The debate has raged behind closed doors, and openly in the press.
On Monday, May 9, at the Georgetown University Law School, a round
table debate will take place on this controversy. The participants
represent both sides of the issue, and are illustrative of the various
groups which have taken a stand. The participants are:
Dorothy Denning, Chairperson of the Computer Science Department
of Georgetown University
Michael Godwin, Legal Counsel of the Electronic Frontier
Foundation;
Geoffrey Greiveldinger, Special Counsel to the Narcotic and
Dangerous Drug Section of the U.S. Department of Justice;
Michael Nelson, of the Office of Science and Technology Policy
of the White House;
Marc Rotenberg, Director of the Electronic Privacy Information
Center; and
Stephen Walker, President of Trusted Information Systems, Inc.,
and a former cryptographer with the National Security Agency
In addition, there will be two moderators: Dr. Lance
Hoffman, Professor of Electrical Engineering and Computer Science at The
George Washington University, and Andrew Grosso, a former federal
prosecutor who is now an attorney in private practice in the District of
Columbia.
The program will last approximately two and one half hours, and will
be divided into two parts. The first half will offer the panel the
opportunity to respond to questions which have been submitted to the
participants beforehand; the second will present the panel with questions
from the audience.
There is no charge for this program, and members of the public are
encouraged to attend. Reservations are requested in advance, and should
be directed to one of the following individuals:
- C. Dianne Martin, Associate Professor, Department of Electrical
Engineering and Computer Science, The George Washington University,
Phillips Hall, Room 624-C, Washington, D.C. 20052; telephone: (202)
994-8238; E mail: diannem@seas.gwu.edu
- Sherrill Klein, Staff Director, ABA Criminal Justice Section,1800
M Street, N.W., Washington, D.C. 20036; telephone: (202) 331-2624;
fax: (202) 331-2220
- Francis L. Young, Young & Jatlow, 2300 N Street, N.W., Suite 600,
Washington, D.C. 20037; telephone: (202) 663-9080; fax: (202)
331-8001
Questions for the panelists should be submitted, in writing, to one
of the moderators:
- Lance Hoffman, Professor, Department of Electrical Engineering and
Computer Science, The George Washington University, Washington,
D.C. 20052; fax: (202) 994-0227; E mail: ictsp@seas.gwu.edu
- Andrew Grosso, 2300 N Street, N.W., Suite 600, Washington, D.C.,
20037; fax: (202) 663-9042; E mail: agrosso@acm.org
------------------------------
From: glr@rci.ripco.com (Glen Roberts)
Date: 3 May 1994 01:39:14 GMT
Subject: Protect Your Diskettes
Organization: RCI, Chicago, IL
There may be a danger lurking in your diskettes, more sinister than a
virus; a deceptive diskette. Take a "blank" diskette and copy a file to
it for an associate or customer. Little do you know that there might be
hidden data on that "blank" diskette. Data with your personal or trade
secrets. Who ever gets the disk gets those secrets.
Now you can protect yourself. The "SAFE" utility examines a diskette
and informs you whether there is any data hiding on the disk. Either
you get a clean bill of health, or are warned not to send out the
diskette. It also lets you view the hidden data (which may or may not
make sense, ie: text files will be readable, but databases may look
like trash).
Not only can you protect yourself, but you can keep an eye on what
secrets others are unknowningly passing on to you. Examine every disk
you send out, or receive, you could be amazed at the results. SAFE is
designed to run on DOS type computers (SAFE.COM is 5120 bytes). Quick
and small.
SAFE is available at: ftp.ripco.com:/pub/msdos/disk/safe.zip
--
Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
Box 734, Antioch, Illinois 60002 Fax: (708) 838-0316
Surveillance Hotline: (708) 356-9646 Bust the Bureaucrats: (708) 356-6726
------------------------------
From: David Johnson <worldwid@uunet.uu.net>
Date: May 02 18:15:27 1994
Subject: Seeking information
I am trying to locate any mailing lists or newsgroups that deal with
espionage. Can anyone assist me in finding anything relevant?
Please contact me directly via e-mail at worldwid@uunet.uu.net
Thank you in advance for your assistance.
--
David Johnson 2421 W. Pratt Boulevard, Suite 971
President, Worldwide Consultants Chicago, Illinois 60645
Editor, Information Gatherer Newsletter U.S.A.
International Investigator Tel: (800) 316-0801 (24 hrs.)
Security Consultant Fax (c/o World-Con): (908) 542-1266
Privacy Strategist E-mail: worldwid@uunet.uu.net
[moderator: Perhaps this would be a good beginning of a thread for
discussion on this group. Post here, rather than, or in addition to
contacting Mr. Johnson by email.]
------------------------------
From: herronj@MAIL.FWS.GOV
Date: 03 May 94 07:30:13 MST
Subject: Police telecommunications
I too am not worried about police getting better telecommunications
equipment. Nor am I worried about the better finger printing
equipment.
What I am worried about is the police use of telecommunications
_monitoring_ equipment and how they use finger print databases. The
police are known to regularly monitor cordless and cellular phone
converstations without a warrant and with very little justification. A
friend of mine has a scanner and tells me that 3 of his 5 neighbors
with cordless phones have mentioned smoking marijuana (upper middle
class neighborhood). The police also know that half the American
public is doing something illegal and figure they can get good tips
this way.
Finger print information is a very good police tool if used properly.
My fear is that with more and more states requiring finger printing for
a drivers license is that soon we will all be finger printed. It would
then be a small step for commercial enterprises to scan these finger
prints as identification for check cashing etc. And like in the
current "drug war" police pay snitches to turn people in.
What worries me the most is the conversion of military technologies to
police use. A company is working on a system of audio monitors that
can monitor a city for 'suspicious' "noises such as gunfire", pin point
the location, and notify police. What they don't tell you is that this
'pin pointing' can also pick out regular converstations that occur on
the street (depending on the number and location of the monitors).
Scary stuff.
------------------------------
From: rivaud@coyote.rain.org (L. E. de Rivaud)
Date: 1 May 1994 10:45:48 -0700
Subject: Re: Credit check only with Permission Granted
Organization: wherever.com
Don Whiteside (59326796Z@servax.fiu.edu) wrote: Which just goes to
show the effectiveness of this ploy - I paid cash.
But did you show them your licence?
------------------------------
From: poivre@netcom.com (Poivre)
Date: 3 May 1994 02:08:17 GMT
Subject: Re: Credit check only with Permission Granted
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Don Whiteside (59326796Z@servax.fiu.edu) wrote: Pretty much every
auto dealership does this. Think back to the last time you went car
shopping. The second you expressed an interest in a test drive,
they ask you for your driver's license. Then they dissapear for
about 5 minutes (the more suave amoung them send somebody else) and
get your credit report. Years ago, my father and I experimented
with this by handing them his license sometimes and mine other
times. He having a much longer credit history.... Without fail,
the eagerness of the salespeople rose signifigantly when we used
his license.
Is it possible NOT to give them your license?? Also, if my license #
is not my SSN, is it possible for them to still check my report?? If i
were a rich kid and i could buy a car with cash without loans, leases,
etc, would i be able to buy one without a credit check??
--
poivre@netcom.com : #include <disclaimer.h>
lychees@marble.bu.edu :
------------------------------
From: austin@netcom.com (Tony Austin)
Date: 1 May 1994 18:48:50 GMT
Subject: Re: Credit Reports
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
If you are holding a court judgment in your hand against a person who
you want to do a credit check on, would that be considered PERMISSIBLE
PURPOSE?
The definition of PERMISSIBLE does not mean you have to have
permission. It is simply defined as: 1.) adj. That can be permitted;
allowable.
Perhaps an abstract on: PERMISSIBLE PURPOSE could define this more
clearly.
--
Tony Austin
------------------------------
From: steve-b@access.digex.net (Steve Brinich)
Date: 1 May 1994 21:33:12 -0400
Subject: Re: NSA remarks at "Lawyers and the Internet"
Organization: Express Access Online Communications, Greenbelt, MD USA
Until I have a Clipper or two to play with, I am going to reserve
technical judgement.
And when you do have a Clipper or two to play with, what kind of
"technical judgment" are you going to make? The chips are designed to
resist reverse engineering.
--
Steve Brinich | If the government wants us to respect the law, |
<steve-b@access.digex.net> | it should set a better example. |
PGPrint (finger for key) BB 5E 1E 3D D4 72 52 3A F8 9C 00 00 41 0D 65 65
------------------------------
From: news@cbnewsh.att.com
Date: 2 May 94 04:19:31 GMT
Subject: Re: Phillip Zimmermann's Encryption program anybody??
Organization: AT&T Global Information Solutions, NCR's new name
Several people have written: I recently read an article in the Wall
street journal about an encryption program that is used by emailers
on the internet called PGP "Pretty Good Privacy". I figured this
would be a good place to start looking for information about
computer privacy...Can anyone tell me of an FTP site where I can
get a copy? (for personal use).
PGP is available on a number of ftp sites. Some of them are
soda.berkeley.edu (soon to be renamed ftp.csua.berkeley.edu)
ftp.funet.fi (in Finland, so you non-US residents can get it legally)
garbo.uwasa.fi
You can also find out where many things are archived for ftp by using
archie. Telnet to an archie server, log in as archie, no password, and
type help to get help. It's easy to ask it for a list of ftp sites with
the material you're looking for; you may want to turn on paging options
because popular programs are archived in many sites. There are also
fancier front-end clients that will make your searching more
convenient.
Some popular archie servers are archie.ans.net, ds.internic.net,
archie.rutgers.edu, archie.sura.net. Most archie servers are busy at
the time of day you're calling them, but they'll give you a list of
other archie servers around the world, so of which will not be busy :-)
--
# Bill Stewart AT&T Global Information Solutions (new name for NCR!)
# 6870 Koll Center Pkwy, Pleasanton CA 94566 1-510-484-6204 fax-6399
# Email: bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465
------------------------------
From: tabrown@gis1dilurb.er.usgs.gov (tim brown)
Date: 2 May 1994 16:27:04 GMT
Subject: Re: Military and Law Enforcement
Organization: other
"John A. Thomas" <B858JT@UTARLVM1.UTA.EDU> writes: L.L. Lipshitz
expresses concern about the "gradual incursion of military
technology and personnel into the civilian domain." I certainly
agree that the use of the military for civilian law enforcement is
a dangerous practice. I do not agree that such a threat now
exists. <delete> I certainly agree we should oppose efforts to
involve the military in law enforcement, but I don't see any
subtantial attempt to do so, least of all from the professional
military itself.
Unfortunately you are not looking in the right places. The Spring 1994
issue of ARMY RESERVE MAGAZINE has two interesting articles. One
article deals with M.O.U.T. (military operations in urban terrain),
then a bit later a second article talks about an omnibus piece of
legislation to appropriate funds to the Army Reserve, so that it can
perform duties similar to the National Guard, i.e., domestic
"peacekeeping." I find this _very_ frightening. And, this comes from
the "professional military itself."
This said, I think the real threat to civil liberties comes from
the ever-increasing power of the existing law-enforcement system.
The Army or the NSA have no power to make arrests, issue subpoenas,
convene grand juries, or bring prosecutions. But the FBI and DEA
do. This is why the Digital Telephony proposal is much more
threatening than the key-escrow scheme (Clipper), bad as it is.
The Army has no power to make arrests? Maybe not, YET. On the subject
of key escrow encryption (Clipper), who do you think will be performing
the wire taps? It will be the FBI, BATF, DEA, Dept. of Treasury, Dept.
of Justice, etc., not the NSA. The real threat (to liberty) is from
"federalizing" the law-enforcement system, in combination with the
increase in power. When the local police are more accountable to
Washington D.C. than to the local mayor and the local citizens, "Lord
Have Mercy On Us All."
--
Timothy A. Brown
Civil Engineer - Urbana, IL
tabrown@srv1dilurb.er.usgs.gov
------------------------------
From: merlyn@ora.com (Randal L. Schwartz)
Date: 02 May 1994 21:40:36 GMT
Subject: Re: SSN: Do Not Give Your Number to Anyone!
Organization: Stonehenge Consulting Services; Portland, Oregon, USA
Dave <c-cat!david@uwm.edu> writes: on another note, I had an idea
when asked by a business ( non government, not required) for my
SSN, I would ask them for their company's tax ID number, for they
would never divulge their tax ID number ( dumb if they did), I
would explain that the SSN is my tax number and I can't divulge it
either. I haven't had the opportunity to try this, but I eagerly
await the chance to do this.
I've *never* had a problem getting a business to divulge a Tax ID
number. It's a common request, and may (I dunno) be even part of the
public corporate filings.
Just another business owner,
--
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn@ora.com> Snail/FAX: (Call) aka: <merlyn@teleport.com>
Phrase: "Welcome to Portland, Oregon ... home of the California Raisins!"
------------------------------
From: poivre@netcom.com (Poivre)
Date: 3 May 1994 02:24:54 GMT
Subject: Re: Long Distance Companies
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Eric Kessner (dom@hermes.dna.mci.com) wrote: Rob Goldberg
<rhg@cis.ufl.edu> writes: I recently ordered a second phone line to
my home and the operator asked if I wanted my social security
number to be released to whatever long distance company I happened
to use. I told her to forget it. I was wondering: what possible
reason would these long distance companies need this information
for?
NYNEX didn't require me to give them my SSN. When i asked them why
they wanted it, they didnt say it was for credit checks, they said it
was for security so that other people cant mess with my service by
impostering me. After all, who would know my SSN??????????
Additionally, i also applied for AT&T long distance for my phone line
and AT&T didnt ask for my SSN. Also, i dont think AT&T thinks they can
get it from your local phone company so they wont bother asking the
customer. If they did that, NYNEX would have called me about it.
Kudos to NYNEX :)
--
poivre@netcom.com : #include <disclaimer.h>
lychees@marble.bu.edu :
------------------------------
End of Computer Privacy Digest V4 #062
******************************
.