Date: Tue, 26 Jul 94 06:45:54 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#012
Computer Privacy Digest Tue, 26 Jul 94 Volume 5 : Issue: 012
Today's Topics: Moderator: Leonard P. Levine
Georgia Tech's use of SSN even on Mailing Lists
Many Phone Taps are now Legal
New Weapon in Divorce
Freedom of Information in Iowa
Leahy on Gore Clipper Letter 7/21/94
Re: Government E-Mail Directive
Re: Government E-Mail Directive
Re: Companies Recording Phone Calls
Re: Monitoring of International Calls and Clipper
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: vapspcx@cad.gatech.edu (S. Keith Graham)
Date: 24 Jul 1994 22:20:04 -0400
Subject: Georgia Tech's use of SSN even on Mailing Lists
Organization: Free Agent
This is more of the same that we're all used to, but:
Georgia Tech uses SSN for its "Student ID number", much like a number
of other institutions.
My Fiancee, a recent Georgia Tech Graduate, received something from the
school with a pre-printed mailing label. On the label, in the midst of
a few other numbers, was her Student ID aka SSN.
I'll see about calling the department in question and asking them if
they realize they are doing this.
--
Keith Graham
vapspcx@cad.gatech.edu
------------------------------
From: rja14@cl.cam.ac.uk (Ross Anderson)
Date: 25 Jul 1994 14:33:44 GMT
Subject: Many Phone Taps are now Legal
Organization: U of Cambridge Computer Lab, UK
In the Law Report in `The Times' of Friday 22nd July (p 34) there is a
report of a case, Regina v Effik and Regina v Mitchell (``Cordless
phone tap admissible'', p 34) in which Lord Templeman, Lord Roskill,
Lord Ackner, Lord Oliver and Lord Mustill found that the proceeds of an
unauthorised phone tap are admissible in the UK provided that the tap
was not applied to a link which was `comprised in' the public
telecommunications system.
Effik and Mitchell had been convicted on April 19, 1990 at Kingston
upon Thames Crown Court of conspiracy to supply controlled drugs. The
police had occupied the flat adjacent to that of a dealer in their
supply chain, and had recorded the conversations which she made over a
cordless telephone; this was of a type approved for connection to the
public network.
The trial judge had found that although this telephone was approved for
connection to the public network, it was a privately run system rather
than being part of the public network. Thus the intercepts were
admissible, despite the fact that no warrant had been obtained.
The appelants had argued that the Interception of Communications Act
1985 made it a specific offence for any peron intentionally to
intercept a communication ``in the course of its transmission ... by
means of a public telecommunication system''. Their counsel argued that
it was impossible practically to separate the two parts of the
transmission process, and that the cordless phone's signals had of
necessity to be transmitted through the public network as well.
The appeal was dismissed, and reference was made to a recent unreported
decision of the Court of Appeal (R v Ahmed and others, 29/3/94) in
which the judge held that interception takes place at the point where
the signal is intercepted in fact, and that communication refers not to
the whole of a transmission or message, but to the signal which is
affected by the interception that is made. Lord Oliver, writing the
noble lords' judgment, found he `could not improve on that'.
The effect of this appears to be that the authorities only need a
warrant to put a tap on the strictly public part of any network.
Tempest raids are fine; promiscuous ethernet nodes on every campus are
fine; and in places like Cambridge, where we run our own private phone
and data network to save money, the whole university system is wide
open to abuse.
It would also appear to imply that if I tap the police network, that's
also fine, provided I don't do it on a circuit switched BT line. And,
of course, we await with interest the development of the law on packet
switched and ATM links, virtual private networks, and all the rest of
it,
--
Ross Anderson
------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 25 Jul 94 13:43 EST
Subject: New Weapon in Divorce
From the July 1994 issue of PRIVACY JOURNAL:
A NEW ELECTRONIC WEAPON IN DIVORCE
Lawyers are exchanging tips these days about using one spouse's
personal computer as a gold mine of incriminating information for the
use of the other spouse in a divorce action.
Jerry L. McIntyre advised his fellow Rhode Island divorce lawyers at a
training session this summer to have a client get access to the
spouse's personal computer, mainly to uncover evidence of "double-book"
accounting or hidden personal assets. "People are utilizing home
office computers more and more these days for maintenance of personal
financial records," McIntyre said. "To the extent that it is possible
to do so, the computer should be accessed for the purpose of obtaining
a copy of information stored therein. The computer may not only be a
source of financial information, but it also may contain hard-drive
information relative to the calendered activities of the other spouse."
One client told him that she knew nothing about computers and so had a
knowledgeable friend access the personal computer of the estranged
husband. A Pennsylvania lawyer reported the identical situation to
PRIVACY JOURNAL; in that case the husband had a password that he
thought was secret. A prominent New York attorney said that one of his
clients discovered her husband's correspondence with "the other woman"
by looking into his personal computer.
Some states, like Arkansas, Idaho, Illinois, Indiana, Kentucky, Nevada,
and South Dakota, have written their computer-crime laws so that such
access may well be a crime, even if there is no alteration of data or
damage. On the other hand, Maryland's law specifically excludes
access to home computers as a crime.
Here are the headlines from the July 1994 PRIVACY JOURNAL:
Divorce Lawyers find a Spouse's PC a Gold Mine
A Tentative Proposal for a National ID Card
An Illustration on how Matt Blaze Discovered a Hole in Clipper
A New Data Base for Brady Gun-Control Law
Two Privacy Clearinghouses Seek Funding
How Vegas and Jersey Keep a Computerized Eye on High Rollers
A Victim of E-Mail Profanities Loses Lawsuit
California Begins New 'Opt-Out' for Credit-Card Customers
Robert Ellis Smith/Publisher 401/274-7861, or
0005101719@mcimail.com
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 25 Jul 1994 19:47:46 -0500 (CDT)
Subject: Freedom of Information in Iowa
Organization: University of Wisconsin-Milwaukee
The Des Moines Register and the Iowa FOI Council are appealing to the
Iowa Supreme Court a lower-court decision that said the state Senate
did not have to release records of telephone calls made by legislators
because the power of the senate to set its own housekeeping rules
overrode the state public records law. In the wake of the lawsuit,
however, legislators have cut back on their usage of phones at public
expense by about 50 percent. So far the Senate has spent about $44,000
in public funds in defending itself in the lawsuit because it has
retained outside counsel.
------------------------------
From: Dave Banisar <banisar@epic.org>
Date: 22 Jul 1994 16:35:07 +0000
Subject: Leahy on Gore Clipper Letter 7/21/94
U.S. SENATOR PATRICK LEAHY
Vermont
________________________________________________________________
STATEMENT OF PATRICK LEAHY ON
VICE PRESIDENT GORE'S CLIPPER CHIP LETTER
July 21, 1994
I have read the July 20th letter from the Vice President about the
Administration's current thinking on Clipper Chip and, to my mind, it
represents no change in policy. In fact, when this letter was sent, I
would be surprised if the Administration even thought it was news.
The letter makes clear to me that the Administration continues to
embrace key escrow encryption technology, and stands behind Clipper Chip
as a federal standard for telephone communications. The official
standard makes clear that this standard applies to any communications
over telephone lines. Those communications include not only voice, but
also low-speed computer data and facsimile messages. The Administration
is working on encryption technologies for higher-speed transmissions,
such as for computer networks and video networks.
The Vice President says that they want to work with industry to
design a key escrow system that could be implemented not just in
hardware, but also in software, that would be voluntary, exportable and
not rely upon a classified encoding formula. The Administration said all
this last February when the federal standard was approved. Yet, when
Administration witnesses were questioned about the progress they had made
in this effort at my Judiciary subcommittee hearing in early May, I
learned they had held only a few meetings.
Last week, the Appropriations Committee accepted strong Report
language I suggested on Clipper Chip. The Attorney General is directed
to report to Congress within four months on ten areas of concern about
Clipper Chip.
I agree with the Vice President that balancing economic and privacy
needs with law enforcement and national security is not always an easy
task. But we can do better than Clipper Chip.
------------------------------
From: skoper@netcom.com (Stan Koper)
Date: 22 Jul 1994 17:10:11 GMT
Subject: Re: Government E-Mail Directive
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
binskeep@crl.com (Bob Inskeep) wrote: Two friends had been
corresponding with me via a Military and Government net. Both
recently stopped their e-mail with me and stated that they had
received a rather lengthy instruction prohibiting personal e-mail
on gov systems. I would like to obtain a copy of the instruction,
if it exists. Any help would be appreciated. Thanks.
Why not e-mail them and ask them to send you a copy? They may not be
able to reply via e-mail, but as long as they're hooked into the
internet, they should be able to receive your messages. Of course, you
could always ask for a copy under the Freedom of Information Act (not
that you'd get it, necessarily).
I think there's a general prohibition on using government computers for
private use, which is translated by each agency into an internal policy
instruction. We used to have something like that where I work, but I
probably filed it someplace deep and dark, since we don't have an
"outside" connection. Anyone I would correspond with on my agency's
system would be a fellow employee.
It's actually pretty much a common-sense thing, like not being able to
use a government computer to keep and/or print out your Christmas card
list, that sort of thing, and "private" e-mail would just be an
extension of that.
--
Stan Koper
skoper@netcom.com
"The Bill of Rights--Ten 'Impediments to Law Enforcement'?"
------------------------------
From: newcombe@aa.csc.peachnet.edu (Dan Newcombe)
Date: 22 Jul 1994 14:58:58 UNDEFINED
Subject: Re: Government E-Mail Directive
Organization: Clayton State College
huggins@quip.eecs.umich.edu (Jim Huggins) writes: shown each time I
used it, but I disregarded them.) The theory being, of course,
that IBM wasn't paying for Internet access so that I could talk for
free with my girlfriend (now my wife).
I thought that for Internet access, places paid one flat annual fee.
So what difference does it make. It would seem you'd be getting your
moneys worth if people used it more and more.
--
Dan Newcombe newcombe@aa.csc.peachnet.edu
Clayton State College Morrow, Georgia
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"And the man in the mirror has sad eyes." -Marillion
------------------------------
From: tnyurkiw@laplace.uwaterloo.ca (Tom Yurkiw)
Date: 22 Jul 1994 19:37:16 GMT
Subject: Re: Companies Recording Phone Calls
Organization: University of Waterloo
tenney@netcom.com (Glenn S. Tenney) writes: I spoke with a
supervisor who explained that they record all incoming road service
calls now in California, that they use them for training purposes,
and they use them in case there's any dispute. The supervisor said
that I'm the first person she knew of who complained. She did say
that I could call the local AAA office and ask for her extension
and then she'd take the road service call...
Personally, I do NOT want to have any of my phone calls recorded
(unless absolutely necessary). I have no assurances that AAA
*only* uses the recordings for those purposes. Does anyone share
my concern that this ever increasing recording of calls is a
potentially significant violation of our privacy...?
I think that recording business phone calls can be a GOOD idea in many
cases. Most security companies record all incoming phone calls,
because they may be required to defend against claims of slow
response/no response etc. A recording can only be helpful in
situations where verbal authorizations or contracts are made over the
phone. Demanding they NOT be recorded, is like demanding a contract be
written in invisible ink. ("YOU SAID THAT SUCH-AND-SUCH--.. NO. I said
this-and-that!...)
The EMPLOYEES, however, might be concerned about constant monitoring of
their actions. The rise of computers in the workplace has enabled
bosses to see exactly what their employees are typing, their average
keystroke rate, the response time for telephone calls. One company
even requires its employees to wear little transponder-badges which
give the exact location within the building. Most people would rebel
if a camera was pointed directly at their desk to monitor them all the
time; we should not ignore these sneaky and equally-intrusive methods
of monitoring. The ONLY way to stop this is through regulation, and if
this is not done, I foresee job-stress levels and turnover rates
skyrocketing.
------------------------------
From: fritz@rodin.wustl.edu (Fritz Lehmann)
Date: 25 Jul 1994 09:31:29 GMT
Subject: Re: Monitoring of International Calls and Clipper
Organization: Center for Optimization and Semantic Control, Washington University
<ninjo@MIT.EDU> wrote:
A. to my understanding the NSA monitors all international
commmunications without the need to get any judges approval.
B. with the clipper chip, wouldn't the NSA need to have all the
escrowed keys at their disposal, in order for them to continue this
monitoring?
Not if, as I presume, the NSA Clipper algorithm has a "second key"
mechanism (or planned weakness) known only to the NSA. I can conceive
of no reason why the NSA would promulgate any encryption scheme which
they are unable to break with little effort. My presumption is that
the clipper algorithm as it now exists, undisclosed, already contains
such a "trap door" mechanism which does not require any authorized used
of archived keys.
------------------------------
End of Computer Privacy Digest V5 #012
******************************
.