Date: Mon, 09 May 94 08:58:04 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#064
Computer Privacy Digest Mon, 09 May 94 Volume 4 : Issue: 064
Today's Topics: Moderator: Leonard P. Levine
Info Needed for Privacy Advocate
FCC Ruling on CNID: Not Good
USPS & IRS Mull Nat. ID Card, Clinton to Sign Orders
Re: NSA remarks at "Lawyers and the Internet"
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: samuel@cs.wisc.edu (Samuel Bates)
Date: 7 May 1994 19:43:23 GMT
Subject: Info Needed for Privacy Advocate
Organization: University of WI, Madison -- Computer Sciences Dept.
Last year, the State of Wisconsin created the position of Privacy
Advocate, with the following charge:
The Privacy Advocate is responsible for support and advocacy in
development and implementation of state and local government
policies that protect personal privacy. In this support and
advocacy role, the Advocate conducts reviews of state and local
authorities' policies and recommends, as appropriate, statutory
changes to the governor, legislature, and local units of
government. The Advocate also serves to assist individuals in
exercise of their privacy-related rights. Specifically, the
Advocate performs such activities as arranging meetings between
individuals and the staffs of relevant authorities to obtain
information or discuss complaints regarding policies,
practices, and procedures relating to personally-identifiable
information.
The position was filled by Carole Doeppers in November; she has a
strong policy background, having directed Common Cause of Wisconsin and
been on the Wisconsin Ethics Board. Her technical background is not as
strong, and I have met with her a number of times to give her
information on computers and their capabilities with regard to privacy
issues. Her questions are starting to get out of my area of knowledge,
however, so I would like to pass on some areas of interest to this
group and ask for assistance.
Carole is looking for any information on privacy and electronic medical
records, and more generally, methods and policies relating to
maximizing privacy in electronic record-keeping systems. She is
concerned with the prevalent use of the Social Security Number as an
identifier, and would like to come up with a realistic alternative to
suggest. I mumbled something in our last meeting about digital
signatures and applications of zero-knowledge proofs to get
authentication without identification, but I don't have a firm enough
grasp of these topics to give her the detail she needs. What I would
like to get are any references to books or magazine articles that
discuss any of the above topics. Please send me anything you know of,
and I will pass it on to her. Thank you.
Samuel Bates
Chair, CPSR-Madison
samuel@cs.wisc.edu
------------------------------
From: jjohnson@FirstPerson.COM (Jeff Johnson)
Date: 6 May 1994 18:50:10 GMT
Subject: FCC Ruling on CNID: Not Good
Organization: FirstPerson Inc., Palo Alto, CA
The Federal Communications Commission (FCC) recently announced its
long-awaited ruling on the controversial Calling Number ID service.
The news is unfortunately *not* good.
Over the past several years, 40 states have considered phone company
applications to offer CNID, and a large number of states have issued
rulings that interfere with telco plans for CNID. Specifically, some
states have denied telco applications to offer CNID, citing privacy
concerns; other states have OK'ed CNID, but have imposed requirements
(e.g., mandatory availability of per-line blocking) that telcos find
onerous. Telcos want to provide CNID with only one blocking option:
users must remember to block on each call (per-call blocking).
In response to the variety of state-imposed requirements, telcos went
to the FCC to try to get a ruling that would apply to the entire
nation, and that would impose less onerous conditions than many state's
conditions. For the time being, it appears that the telcos have got
what they wanted.
The FCC has jurisdiction over interstate, not intra-state
telecommunications. They have ruled that interstate CNID must conform
to their rules, which require only per-call blocking. Interstate CNID
doesn't actually exist yet; where CNID is in place, it is only for
local calls. [Note: CNID is distinct from Automatic Number
Identification, or ANI, which identifies calling numbers to 800- and
900-service providers.] The FCC is essentially saying, "When the
overall system is intercompatible enough to allow CNID information to
be transmitted interstate, it comes under our jurisdiction and must
conform to our rules, namely, per-call blocking is the strongest form
of blocking allowed." This of course makes it more difficult for
states to impose different (i.e., stronger) protections in-state.
The California Public Utilities Commission (PUC) and other PUCs that
have imposed stronger restrictions plan to appeal the FCC ruling.
Also, some public-interest organations, e.g., California's TURN, are
contesting the ruling, arguing that it makes much more sense, when CNID
goes interstate, for the system to simply honor the privacy blocking
code attached to each call, regardless of whether it was generated via
per-call or per-line blocking. In other words, a interstate
communications system that discriminates between per-line blocking and
per-call blocking actually is *more complicated* than one that simply
marks calls as "blocked" or "not blocked", regardless of how the
blocking occurred.
CPSR's position on CNID has been that people *do* want better control
over who calls them, and there are ways to provide that, but CNID is
not a good way. It isn't very useful for residential call recipients
because it tells them only what phone is being used to call them, not
who is calling. It is very useful to businesses for collecting
marketing data because the telephone number is a perfect link back to a
calling household, not to mention a good data-base key for construction
more extensive consumer dossiers. CPSR would like to see services put
into place that are more useful to residential phone users and less
useful to businesses, e.g., services that allow callers to identify
themselves (not the phone they happen to be using), willingly and
consciously, to callees, and services that allow callees to take or
refuse calls based on whether they want to receive unidentified calls
or not. There are good ways to do that, and CNID isn't one of them.
CPSR's *fallback* position is that if CNID is allowed, people must have
the option of telling the phone company once (i.e., on a per-phone-line
basis) that they do not want their number given out *unless* they OK it
on a particular call. Forcing people to remember to punch a blocking
code each time they want to preserve their privacy is not sufficient.
As you may know, I participated in the California PUC hearings on CNID,
supplying testimony that helped guide the PUC to its decision (i.e.,
language from my testimony was included in their decision). My
testimony and other CNID-writings were circulated in other states, and
were considered in hearings there. I also sent information to the FCC
last year to try to influence their decision. I am considering
participating in the various attempts to get the FCC to reconsider.
I'd like to make this a CPSR effort, rather than a Jeff Johnson effort,
so I'd like feedback on what you think about this, and would appreciate
any advice or input you can give me.
Chair, CPSR Board of Directors
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 7 May 1994 20:43:21 -0500 (CDT)
Subject: USPS & IRS Mull Nat. ID Card, Clinton to Sign Orders
Organization: University of Wisconsin-Milwaukee
From: EFFector Online Volume 07 No. 08 May 6, 1994 editors@eff.org A
Publication of the Electronic Frontier Foundation
from: Mitch Ratcliffe <godsdog@netcom.com>
Date: Thu, 5 May 1994 07:43:22 -0700 (PDT)
Ever Feel Like You're Being Watched? You Will...
Digital Media has learned that the Clinton administration is debating
not if, but how, to create a card that every American will need in
order to interact with any federal government agency. Combined with two
potential executive orders and the Postal Service's designs on putting
its stamp on personal and business electronic transactions, the card
could open a window on every nuance of American personal and business
life.
The wrangling among the administration, the U.S. Postal Service, the
Internal Revenue Service and Department of Defense, emerged into the
public eye at this April's CardTech/SecureTech Conference. The
gathering of security experts was convened to discuss applications for
smart card and PCMCIA memory card technologies in business and
government. The Postal Service, at the conference presented a proposal
for a "general purpose U.S. services smartcard," which individuals and
companies would use to authenticate their identities when sending and
receiving electronic mail, transferring funds and interacting with
government agencies, such as the I.R.S., Veterans Administration and
the Department of Health and Human Services.
President Clinton is also considering signing two executive orders that
would greatly expand the government's access to personal records,
including an order that would allow the I.R.S. to monitor individual
bank accounts and automatically collect taxes based on the results,
said sources close to the White House. The collection service will be
presented as a convenient way to avoid filling out a tax return. The
White House did not respond to requests for comments about this
report.
The Post Office: We deliver for you. The Postal Service's U.S. Card
would be designed to use either smart cards (plastic cards with an
embedded microprocessor carrying a unique number that can be read
by a electromagnetic scanner and linked to computerized records
stored on a network) or PCMCIA cards, which can contain megabytes
of personal information. (You've probably seen this type card in AT&T's
"You Will" ad campaign, which shows a doctor inserting a woman's
card in a reader in order to access a recording of a sonogram). The
Postal Service said it is considering AT&T and other companies' smart
card technologies.
In a slide presentation at the conference, Postal representative Chuck
Chamberlain outlined how an individual's U.S. Card would be
automatically connected with the Department of Health and Human
Services, the U.S. Treasury, the I.R.S., the banking system, and a
central database of digital signatures for use in authenticating
electronic mail and transactions. The U.S. Card is only a proposal,
Chamberlain insists. Yet the Postal Service is prepared to put more
than a hundred million of the cards in citizens' pockets within months
of administration approval, he said.
"We've been trying to convince people [in the different agencies] to do
just one card, otherwise, we're going to end up with two or three
cards," said Chamberlain. He said in addition to the healthcare card
proposed by President Clinton last year, various government agencies
are forwarding plans for a personal records card and a transactions (or
"e-purse") card. Chamberlain said the I.R.S in particular is pursuing
plans for an identity card for taxpayers.
Don't leave home without it. Though he did not name the U.S. Card at
the time, Postmaster General Marvin Runyon suggested that the Postal
Service offer electronic mail certification services during testimony
before the Senate Governmental Affairs Subcommittee in March. The
proposal is clearly intended as a way to sustain the Postal Service's
national role in the information age, since it would give the agency a
role in virtually every legally-binding electronic transaction made by
U.S. citizens. For instance:
* When sending or receiving electronic mail, U.S. Card users would be
able to check the authenticity of a digital signature to screen out
impostors.
* Banking transactions (notably credit card purchases) that depend on
authentication of the participants identities and an audit trail, would
be registered in Postal Service systems.
* Veterans, or for that matter college students and welfare recipients,
could check their federal benefits using the identification data on
their U.S. Cards.
* Visitors to an emergency room would have instant access to medical
records at other hospitals, as well as their health insurance
information.
These examples may seem benign separately, but collectively they
paint a picture of a citizen's or business's existence that could be
meddlesome at best and downright totalitarian at worst. Will buying a
book at a gay bookstore with a credit card that authenticates the
transaction through the Postal Service open a Naval officer up to court
marshal? If you have lunch with a business associate on a Saturday at a
family restaurant, will the IRS rule the expense non-deductible before
you can even claim it?
"There won't be anything you do in business that won't be collected
and analyzed by the government," said William Murray, an information
system security consultant to Deloitte and Touche who saw
Chamberlain's presentation. "This [National Information Infrastructure]
is a better surveillance mechanism than Orwell or the government
could have imagined. This goddamned thing is so pervasive and the
propensity to connect to it is so great that it's unstoppable."
Deep Roots; Deep Pockets; Long History. Chamberlain said the Postal
Service has been working for "a couple years" on the information system
to back up the U.S. Card. He said the project was initiated by the
Department of Defense, which wanted a civilian agency to create a
national electronic communications certification authority that could
be connected to its Defense Messaging System. Chamberlain said the
Postal Service has also consulted with the National Security Agency,
proponents of the Clipper encryption chip which hides the contents of
messages from all but government agencies, like law enforcement. The
National Aeronautics and Space Administration's Ames Research
Laboratories in Mountain View, Calif. carried out the research and
development work for Clipper.
"We're designing a national framework for supporting business-quality
authentication," said John Yin, the engineer heading up the U.S. Card-
related research for NASA Ames' advanced networking applications group.
"This is not specifically with just the Postal Service. We'll be
offering services to other agencies and to third-party commercial
companies that want to build other services on the card." For example,
VISA or American Express could link their credit services to the U.S.
Card.
Yin, who works on Defense Messaging Systems applications, said his
group has collaborated with "elements of Department of Defense" for the
past year, but would not confirm the participation of the National
Security Agency, a Department of Defense agency. The NSA is
specifically prohibited from creating public encryption systems by the
Computer Security Act of 1987. Yin also would not comment on the budget
for the project, which other sources said was quite large and has
spanned more than two years.
A false sense of security? According to Yin, the cards would allow
individuals or businesses to choose any encryption technology. "It's
not our approach to say, 'Here's the standard, take it our leave it,'"
he said.
"We're not trying to create a monopoly, rather it's an infrastructure
for interoperability on which a whole variety of services can be
built." Yet, NASA, which is a participant in the CommerceNet electric
marketplace consortium will "suggest" to its partners that they adopt
the U.S. Card certification infrastructure, he said.
The reality is that government agencies' buying power usually drives
the market to adopt a particular technology -- not unlike the way the
Texas Board of Education, the largest single purchaser of textbooks in
the U.S., sets the standard for the content of American classroom
curricula. Since, the administration has already mandated use of
Clipper and its data-oriented sibling, the Tesserae chip, in federal
systems it's fairly certain that the law enforcement-endorsed chips
will find their way into most, if not all, U.S. Cards. Even in the
unlikely event that one government agency should weather the pressure
and pass on the Clipper chip, it's still possible to trace the source,
destination, duration and time of transactions conducted between
Clippered and non-Clippered devices.
"Most of this shift [in privacy policy] is apparently being done by
executive order at the initiative of bureaucracy, and without any
Congressional oversight or Congressional concurrence, " Murray said.
"They are not likely to fail. You know, Orwell said that bureaucrats,
simply doing what bureaucrats do, without motivation or intent, will
use technology to enslave the people."
EDITOR'S NOTE: Digital Media has filed a Freedom of Information Act
request for Clinton and Bush Administration, Postal Service, NSA,
Department of Defense, NASA, I.R.S. and other documents related to
the creation of the U.S. Card proposal.
Copyright 1994 by Mitch Ratcliffe and Seybold Publications.
Mitch Ratcliffe
Editor in Chief
Digital Media: A Seybold Report
444 De Haro St., Ste. 128
San Francisco, Calif. 94107
415.575.3775 office
godsdog@netcom.com
------------------------------
From: sgs@access.digex.net (Steve Smith)
Date: 6 May 1994 02:01:43 -0400
Subject: Re: NSA remarks at "Lawyers and the Internet"
Organization: Agincourt Computing
Steve Brinich <steve-b@access.digex.net> wrote: Until I have a
Clipper or two to play with, I am going to reserve technical
judgement.
And when you do have a Clipper or two to play with, what kind of
"technical judgment" are you going to make? The chips are designed
to resist reverse engineering.
Given a few Capstone chips to play with, I can think of a number of fun
things to do:
1. Can you *really* superencrypt data? My bet is that it will not be
easy.
2. What happens when you mess around with the LEAF?
3. How do the chips handle line noise?
4. Can you use two Capstones to build a "man in the middle" tap? It'd
be fun to demo a working Clipper tap ....
All of these are things that aren't in the specs and would be
interesting to know. I'm sure other people can come up with more
things to do with a Capstone "black box" without opening it.
--
Steve Smith Agincourt Computing
sgs@access.digex.net (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."
------------------------------
End of Computer Privacy Digest V4 #064
******************************
.