Date: Wed, 29 Jun 94 12:36:26 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#083
Computer Privacy Digest Wed, 29 Jun 94 Volume 4 : Issue: 083
Today's Topics: Moderator: Leonard P. Levine
Advice to New Users
IRS Speech, Again
A Canadian Scanner Ban is Coming
ACM Press Conference on Crypto 6/30
Caller ID
Re: Physical Location via Cell Phone
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 24 Jun 1994 11:29:02 -0500 (CDT)
Subject: Advice to New Users
Organization: University of Wisconsin-Milwaukee
I found this in the gopher site:
(gopher.well.sf.ca.us// Community/Advice about Privacy and Security for
People New to Cyberspace)
-----------------------------
Subject: advice about privacy
GENERAL ADVICE FOR THE NEW ON-LINE USER
The benefits of being on-line far outweigh the risks, but being aware
of the risks, the tools, and the support available better prepares the
newcomer for the adventure.
------- There are impediments to perceived safety -------
1) Understand that system footprints or tracks may be read to see:
when and where your logins occurred.
what commands you've executed and when you executed them.
2) Understand that information, even if it has been deleted, may be
retrieved from backups.
3) Understand that your account is only as secure as its password.
4) Understand that sysops or root-holders:
may read mail, files or directories without leaving footprints.
may undelete files you've erased.
may be forced to release your files, etc. under order of a court.
5) Understand that default file protection may not be secure for newly
created files.
6) Understand that mail:
may be compromised at each forwarding site.
bounced may be posted for reading to a postmaster at some site.
is owned by BOTH the sender and the receiver.
7) Understand that identifying biographies may be system searched or
remotely fingered.
8) Understand that other users' identities:
may not be what they appear to be.
may be the result of a false registration.
may be forged when they have had their own account compromised.
------- Be aware of the social dangers possible online -------
1) Harassment, or frequent or unsolicited messages from another user,
are occasionally sent randomly to women's id's.
2) Stalking, or being watched or followed online can be coupled with
physical confrontation.
3) Flaming or emotional verbal attacks can occur.
4) Addiction, or the need for support and feedback available online
outweighing a reasonable budget of time or money.
------- Know how to protect yourself (privacy begins at home) -------
1) Protect your password.
Chose a strong password (a combination of upper and lower case
characters, and not a name or a dictionary word).
Do not leave your terminal logged in unattended.
Do not let anyone watch you log in.
Log out cleanly.
2) Protect your files.
Know the default for newly created files.
Occasionally monitor your files.
3) Protect your information.
Never send compromising information (your phone number, password,
address, or vacation dates) by chat, sends, mail, or in your
bio.
See if encryption is available if necessary.
------- See what education/communication means are available ------
1) Join a support group like the Santa Monica PEN's PEN Femmes, or the
online groups BAWiT or SYSTERS.
2) Attend seminars, classes or study groups.
3) Make use of private, special interest forums online.
4) Use peer pressure in public online groups in order to settle
disputes.
5) Answer harassment & inappropriate behavior directly and
unambiguously, and then post what you observe for comment and
discussion.
6) Advocate for grievance procedures, tolerance guidelines and the
discouragement of false or anonymous user registrations.
7) Do not submit to unreasonable pressure.
8) Speak up for what you want.
Please distribute this advice wherever appropriate, and please contact
me with any questions, comments, or suggestions.
Hilarie Gardner calliope@well.sf.ca.us
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 27 Jun 94 14:43:52 EDT
Subject: IRS Speech, Again
Someone asked a week or two ago someone asked about the speech I
excerpted by Coleta Brueck, Project Manager, Document Processing
System, of the IRS where she said "We know everything about you that we
need to know."
I can't find my excerpts, but I found the whole thing, on paper. It's
13 pages of typescript, which is more than I'm up to typing, but it
should be easy to OCR.
I'll be happy to send out small numbers of paper copies, particularly
to anyone who volunteers to OCR or type it.
--
Regards,
John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Jun 1994 15:35:29 -0500 (CDT)
Subject: A Canadian Scanner Ban is Coming
Organization: University of Wisconsin-Milwaukee
Newsgroups: alt.dcom.telecom
Subject: SCANNER BAN COMING
From: chuck.zeps@dt-can.com (Chuck Zeps)
Date: 17 Jun 94 08:43:00 -0500
Organization: Data Tech Canada - (519) 473-7685
----------------------------------------------------------------
>From a CANADIAN PRESS article of Friday 17 June 1994
----------------------------------------------------------------
PHONE SCANNERS LIKELY TO BE BANNED
OTTAWA - Chances are "very high" the government will ban digital
scanners that pick up cellular and cordless phone conversations, says
Jon Gerrard, secretary of State for science and technology.
The Federal advisory council on the information highway is poised to
recommend outlawing manufacture and sale of the scanning devices -
advice the government is likely to accept, Gerrard said Thursday.
"I think the case was made very eloquently and quite convincingly", he
said at the conclusion of the councils second full meeting.
The 30 member council, appointed this spring, is advising the
government on the so-called information highway - the burgeoning web of
telephone, cable, satellite and computer networks.
SECURITY ISSUES: " The Government is very concerned about privacy and
security issues," said Gerrard, who attended the two-day meeting.
There are more than one million cellular phones, well over two million
cordless phones and some 900,000 analog scanners across Canada.
The wireless phone industry is shifting to digital signals that can't
be picked up by cheap analog scanners.
But some are concerned that scanners capable of decoding digitized
voice communications could soon become common in corner electronic
stores.
Legislation would nip the new breed of scanner in the bud , said
Gerrard.
"There's no point in people investing money developing commercial
digital scanners if that's the direction were going to go," he said.
"And I suspect , based on the recommendations of the council, that the
chances of that are very high."
--
chuck.zeps@dt-can.com
------------------------------
From: David Banisar <Banisar@epic.org>
Date: 29 Jun 1994 09:33:16 -0500
Subject: ACM Press Conference on Crypto 6/30
FYI -
CLIPPER REPORT RELEASE ON THURSDAY
ACM TO MAKE POLICY RECOMMENDATIONS
A press conference will be held at the U.S. Capitol on Thursday, June
30 at 10:30 am to announce the release of a new study on the
controversial Clipper cryptography proposal.
The ACM cryptography panel was chaired by Dr. Stephen Kent, Chief
Scientist for Security Technology with the firm of Bolt Beranek and
Newman. Dr. Susan Landau, Research Associate Professor in Computer
Science at the University of Massachusetts, co-ordinated the work of
the panel and did most of the writing. The panel members were:
Dr. Clinton Brooks, Advisor to the Director, National
Security Agency Scott Charney, Chief of the Computer Crime Unit,
Criminal Division, U.S. Department of Justice Dr. Dorothy Denning,
Computer Science Chair, Georgetown
University Dr. Whitfield Diffie, Distinguished Engineer, Sun
Microsystems Dr. Anthony Lauck, Corporate Consulting Engineer,
Digital Equipment Corporation Douglas Miller, Government Affairs
Manager, Software
Publishers Association Dr. Peter Neumann, Principal Scientist, SRI
International David Sobel, Legal Counsel, Electronic Privacy
Information Center.
The final report of the panel will be made public at the Thursday press
conference. Also, the policy committee of the 85,000 member ACM will
release a statement on cryptography issues facing the Clinton
administration.
For more information, call (202) 298-0842. Additional press
announcement forthcoming.
Cryptography report announcement. 10:30 am, Thursday, June 30, United
States Capitol building, room SC-5.
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 29 Jun 1994 11:27:12 -0400
Subject: Caller ID
Excerpts from EPIC Alert 1.03
=======================================================================
[3] FCC Caller ID Decision Appealed
=======================================================================
Several state utility commissions, including New York's and
California's, have petitioned the Federal Communications Commission to
reconsider its controversial Caller ID decision. The petitions ask the
FCC to reverse its decision mandating per-call blocking for interstate
calls and its preemption of state regulations. The commissions are
concerned that the federal regulation will limit consumer privacy
protection for intra-state calls.
It is uncertain if the FCC will take the unusual action of accepting
the petitions. Since the Caller ID decision was released in April, two
new commissioners have joined the FCC. A total of 48 parties, including
telephone companies who are concerned about which party is charged the
cost of transmitting the information, have filed petitions asking the
FCC to reconsider its decision.
Per-call blocking, which is favored by telephone companies, requires
that a caller to enter a series of numbers into their telephone before
each call to prevent their number from being distributed. Under
per-line blocking, privacy blocking is the default and the caller may
opt to release their number.
The New York Public Utility Commission's petition notes that "there is
no technological bar to enabling each state to designate per line or
per call blocking and have that privacy notation affixed to that
caller's phone calls both intra and interstate." The PUC calls on the
FCC, which did not hold a single hearing on Caller ID, to review the
decisions of the many states that did hold hearings.
Professor Rohan Samarajiva of Ohio State University, who also filed for
reconsideration, found that 46 states held hearings on Caller ID before
the FCC issued their final decision. He found that as information
became more available on Caller ID, the state utility commissioners
increasingly required that per-line blocking be offered in addition to
per-call. By 1994, 33 jurisdictions developed rules with stronger
privacy protection than the FCC decision. 18 states require per-line
blocking be offered to all consumers, including Pennsylvania, Ohio,
California and New York.
CPSR has also filed a petition asking the FCC to revise its decision.
CPSR calls for free per-line blocking and note the additional burden of
per call blocking will cost consumers who have unlisted telephone
numbers $1.2 billion each year through the disclosure of unlisted
numbers. They describe the FCCUs suggestion that consumers who wish to
ensure that their numbers remain private purchase equipment as
Runreliable and discriminatory.S
In addition, the California PUC has filed suit in the 9th Circuit Court
of Appeals, asking the court to overturn the ruling and prevent its
implementation.
The FCC decision on Caller ID and the CPSR Petition for Reconsideration
are available from cpsr.org. See below for details.
=======================================================================
[4] NY PUC Letter to FCC on Caller ID
=======================================================================
The following is a letter set by New York State Public Utility
Committee Chairman Peter Bradford to FCC Chairman Reed Hundt on the
FCC's Caller ID decision. For more information, contact Stacey Harwood
at 518-473-0276.
STATE OF NEW YORK
PUBLIC SERVICE COMMISSION
ALBANY 12223
PETER A. BRADFORD THREE EMPIRE STATE PLAZA
CHAIRMAN (518)474-2530
June 1, 1994
Reed Hundt, Chairman
Federal Communications Commission
1919 M Street, N.W.
Washington, DC 20554
Dear Chairman Hundt:
I am writing to express My concern about the Federal Communications
Commission's recent decision (Docket #91-281) limiting the range of
privacy protections available to telephone callers in connection with
Call ID service. The potential preemptive features of this decision
undermine sensible allocation of responsibility between state and
federal jurisdictions, namely that the federal government preempt only
where issues of overriding national concern are clearly at stake and
then only after strong proof that no alternative approach will protect
the national concerns.
All of these essential elements (clear national concern, strong proof,
and the absence of other alternatives) are lacking here. Instead, the
casual reasoning and the destructive remedy mock stated Clinton
Administration eagerness to work with the states to assure that
telecommunications decisions are sensitive to important consumer
issues.
The FCC's decision appears to ignore the states' considerable
experience with Call ID. Prior to its authorization of Call ID, the New
York Public Service Commission (like many other states) conducted
extensive customer outreach and education programs to determine how
best to balance the privacy interests of the calling and called
parties. many witnesses, including psychiatrists, social workers,
police, other public safety officials, as well as family violence
crisis centers, saw danger and/or nuisance in Call ID without the
option of per line blocking.
These hearings established that privacy protection consisting only of
per call blocking represents the worst of all worlds. The harassing
caller is unlikely to forget to use per call blocking. It is the
customer who does not realize the implications of the availability of
Call ID to commercial number gatherers (or others who may abuse it)
who is likely to make his or her telephone number inadvertently
available. As a result, we concluded that in New York callers should
have the option of both per call and per line blocking. Since Call ID
service was approved with these options two years ago, no complaints
have been received from either Call ID subscribers or callers on the
issue of blocking. Furthermore, the market for Call ID does not seem
to be hurt by the availability of per line blocking, for subscription
rates are at least as high in states with per line blocking as
elsewhere.
Nevertheless, the FCC decision contemplates preemption of state
requirements inconsistent with a federal per-call-blocking- only
regime. Since per line blocking only for intrastate calls does not
seem feasible, New York's standard (and those of some 40 other states)
will be preempted. Protracted litigation over the FCC decision is
certain and may impede the introduction of interstate Call ID service.
Several states, including New York are seeking reconsideration of the
FCC decision and California has challenged the FCC order in court.
Customer confusion and disappointment with limitations on privacy
options will spawn a host of complaints.
Furthermore, it will be hard for state regulators, to justify the
current surcharge for unpublished listings while telephone companies
market a service that compromises the value of those listings. I have
enclosed a recent New York notice raising this concern for parties in
two major cases. Telephone companies are not likely to go forward with
Call ID if they must forego tens of millions of dollars per year in
charges for unpublished numbers.
I hope that the FCC will think again about the impact of this
decision. It is likely to damage the prospects for Call ID, and it is
certain to damage federal-state relations in the communications area
at a time when much depends on our mutual trust and cooperation.
Sincerely,
/sig
Peter Bradford
=======================================================================
[6] Files Available for retrieval
=======================================================================
The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are
also archived. For more information, contact ftp-admin@cpsr.org.
Files on Caller ID: /privacy/communications/caller_id/
The FCC decision - fcc_caller_id_decision_94.txt.
CPSR Petition for Reconsideration - CPSR_RFR_on_FCC_Caller-ID_Order.txt
=======================================================================
To subscribe to the EPIC Alert, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listserv@cpsr.org. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues relating to the National
Information Infrastructure, such as the Clipper Chip, the Digital
Telephony proposal, medical record privacy, and the sale of consumer
data. EPIC is sponsored by the Fund for Constitutional Government and
Computer Professionals for Social Responsibility. EPIC publishes the
EPIC Alert and EPIC Reports, pursues Freedom of Information Act
litigation, and conducts policy research on emerging privacy issues.
For more information email info@epic.org, or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: cpsr-info@cpsr.org
------------------------- END EPIC Alert 1.03 -------------------------
------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: 28 Jun 1994 06:02:00 GMT
Subject: Re: Physical Location via Cell Phone
Organization: Fantasy Farm, Pearisburg, VA
Eric Smith writes: Just like now if you ask to be paid in cash you
might be suspected of tax evasion or of being an illegal alien,
sometime in the future if you buy a new car and request that it not
have a cellular phone in it, you might be suspected of planning to
use that car for a crime. Car phones might even be made hard to
turn off when it is found that people who want to turn off their
car phones tend to be criminals.
This strikes me as the kind of paranoid conspiracy theory that doesn't
advance the discussion much. Actually, your "just like now" is bogus
as far as I know --- the IRS doesn't care one whit how your employer
actually gives your salary to you. *employers* don't like dealing in
cash for a lot of obvious reasons... but whether they pay you in cash
or not their IRS reporting requirements are the same. Is there any
substance whatever behind the 'might be suspected' or just more
paranoia?
As for the latter stuff about mandatory cell-phones in cars, that too,
seems awfully unlikely. And making it hard to turn off?
The same attitude now might still apply then: "If you don't have
anything to hide, why are you worried about it?"
What 'attitude'? You've offered little except unsubstantiated
and rather unlikely [IMO} speculation. *EVERYTHING* you've referred
to has been placed in the indefinite future without any indication of
why we should lend credence to any of it, or that if/when it gets
even vaguely close to coming to pass there wouldn't be plenty of
time to do something about it or how we would get from here to
there [would it start with some kind of for-free nation cellular
phone service, or in your fantasy world of the future would we all
be _compelled_ to pay for cellular phone service?]
Indeed, I pointed out that one can just *not*have* a cellular phone
and the privacy problem vanishes. Somehow, you have gone from
reality in one big leap to a world where tamper-proof cellular
phones are *compulsory*. Don't you think you would need to provide
some kind of extraordinary evidence or backup for that rather
farfetched and extraordinary scenario?
Consider, for example, that if all they want to do is be able to
track you, why not assume that they'll just mandate that all autos
must contain a small transponder? Sort of like the thing that some
big cities are flirting with to have "on the fly toll booths"
that'll just read off your car's id as you drive by? that's at
least _plausible_ [if still unlikely]. but I find the stuff that
you're talking about here really off the deep end from my
perspective. I mean, maybe you could merge the "ID Chip" and the
"mandatory cellular phones" fears into one grand fantasy: something
like "I can envision a future in which they'll require that all
babies have *cellular*phones* implanted in them at birth!
There might even come a time when car phone tampering for the
purpose of obstructing possible criminal investigations will be
made illegal, such that if you tamper with your phone to allow you
to turn it off, you can go to jail even if you commit no other
crime.
"There might even come"??? Is it your 'attitude' to base your position
on the most farfetched and unlikely spculative scenarios that you can
imagine? The case at hand is whether a cellular phone is a privacy
problem *NOW*. If you want to speculate about whether it could
_become_ a problem, perhaps you need a less tenuous path to get from
here to there than "there might even come..."?
Even without a law against car phone tampering, it might still warn
cops that you might be a dangerous criminal trying to hide, causing
them to stop you for minor infractions they would otherwise
ignore. Even if only 95% of the population has car phones, the
cops might still be more inclined to stop the other 5% for that
same reason.
Is the presence of numbers here supposed to give the impression that
all of this ia anything other than more unsupported speculation? Also,
your vision of the future seems to include cell phones that *broadcast*
that they've been tampered with. Huh? My phone is going to
_broadcast_ that it has been turned off?
They might even use the car phone itself as the excuse. "I saw you
drive by looking a little dazed, so I tried to call you to see if
you were ok, but your phone was dead.
Wait, I missed something: how did they figure out your number to try to
poll your phone? Or is there more to the conspiracy that you are
brewing that you haven't told us about? Maybe they'll replace license
plates AND vehicle ID numbers with the cell-phone-numbers of the
[mandatory] cell phone assigned to the vehicle or something like that?
--
Bernie Cosell bernie@fantasyfarm.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
End of Computer Privacy Digest V4 #083
******************************
.