Date: Tue, 06 Sep 94 15:49:57 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#031
Computer Privacy Digest Tue, 06 Sep 94 Volume 5 : Issue: 031
Today's Topics: Moderator: Leonard P. Levine
DSS, Now Official
Editorial: Privacy & State Kiosk Project
West Publishing - Permanent Injunction Regarding Legal Text
Snooping on the Net
Re: Post Office Boxes
Re: Post Office Boxes
Re: Cordless Phone Privacy
Re: Cordless Phone Privacy
Big Brother (not just) on the Autobahn
Re: Internet White Pages
Access surveillance
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: Shawn Leard <71370.2551@compuserve.com>
Date: 03 Sep 94 22:11:47 EDT
Subject: DSS, Now Official
Notes: INFO Security News
Sep/Oct 1994
DSS Dangers
- Via NIST announcement as of 20 May 1994 the DSS has become official.
- All federal agencies will now have to use DSS or receive a wavier.
- At this point there is no "off the self" software any federal agency
can purchase that uses the DSS.
- Per RSA Data Security INC the DSS infringes on it's patents of the
RSA algorithm. <So much for DSS>
Best Regards,
Shawn Leard
------------------------------
From: Peter Marshall <rocque@connected.com>
Date: 04 Sep 1994 11:56:15 -0700 (PDT)
Subject: Editorial: Privacy & State Kiosk Project
---------- Forwarded message ----------
[Note: THE OLYMPIAN is a daily in Olympia, WA, the state capitol.]
from OLYMPIAN, Opinion Section, Aug.16,1994 Ed. Page Editor: Mike
Oakland
OUR VIEW: We Must Not Sacrifice Privacy Rights On Information
Superhighway
GUARD OUR PRIVACY
It was a good idea gone awry.
In an effort to reach out to people around the state and give them
access to more state government information and services, the
Department of Information Services is installng computer terminals, or
kiosks, in shopping malls and other centralized locations.
The notion is a good one. Residents should be able to use the display
screen to gain easy access to government information from recycling
programs to campground locations and new state job listings.
As this state and nation race down the information superhighway, more
attention simply must be paid to individual privacy rights....
The problem arose in the job listing service offered by the Department
of Employment Security. Job seekers are asked to key in their Social
Security numbers.
Jerry Sheehan with the American Civil Liberties Union said it may be
illegal for the state to ask for a Social Security number in this
context.
Congress has stipulated that an individual's Social Security number may
only be requested under certain circumstances. In all other cases,
individuals must be told that disclosing their Social Security number
is strictly voluntary. Individuals also must be told what their number
will be used for.
The more people that have access to an individual's Social Security
number, the greater chance for abuse.
Many people believe that just because they are asked for a Social
Security number, they must respond. That's not always the case.
Alerted to the privacy problem, Employment Security officials say they
now will modify the computer program so that people who want to browse
through the job listings can do so without disclosing their Social
Security numbers.
But Deputy Commissioner Wendy Holden said Employment Security's
automated system is based on the numbers. As a result, Holden said,
those individuals who are seeking a specific job referral mujt be asked
to disclose their Social Security Numbers.
The troubling thing in the Employment Security fiasco is the fact no
one thought to question the requirement that job seekers key in their
Social Security numbers.
In fact, it's not clear whether Employment Security even checked the
laws regarding release of Social Security numbers before setting up the
computer program.
Think, people, think.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 05 Sep 1994 09:33:42 -0500 (CDT)
Subject: West Publishing - Permanent Injunction Regarding Legal Text
Organization: University of Wisconsin-Milwaukee
From: Gregory Miller JD <gam@inherent.com>
Date: 03 Sep 94 08:42:50 -0700
To: tech-law@techlaw.TechLaw.Com
Friday morning, Minnesota Public Radio reported that West Publishing
Co. of Eagan, Minn. has obtained a permanent injunction against On
Point Solutions, Inc., a CD-ROM producer. According to the sound bite
by a West attorney, OPS had produced CD-ROM's from what West claimed
were copyrighted materials.
According to the atty, OPS had obtained copies of West publications
then tore the pages from the spine then scanned in the printed matter.
OPS, apparently, deleted any material copyrighted by West then made the
CD-ROM's from what was probably public domain material.
West's argument seems to have been that if the scanned matter included
any copyrighted material, no matter how small a part, such scanning
amounted to an "unfair practice". The Court agreed and granted the
injunction.
If the news report is accurate, those of you attempting to sway Atty
Genl Reno and others in this battle over who owns public domain
material (Yes, I wrote that as I intended :-) have another point to
raise. It seems that West is now claiming that its addition of
copyrighted material to P.D. material makes _all the material West's.
As to the scanning issue, is that really distinguishing because
scanners do nothing that cannot be done by typists. Will West's next
move be to seek injunction against typing from its books even if all
but a miniscule amount of the material is P.D.?
Does this presage an attempt by West to claim that it can control even
quotation of cases in briefs, etc., if the cases are from books, etc.
that contain even a tiny fraction of West copyrighted matter? Just
where are the limits of West's claims?
If anyone has more info on this matter, please post. We do not
entirely trust news reports, even from public radio, especially where
the radio station is in the hometown of one of the litigants and the
only sound bite came from the hometown atty.
________________
Corporate Office:
INHERENT TECHNOLOGIES INC.
Legal Information Systems & Internet Consulting
2130 SW Jefferson Street Suite 300
Portland, Oregon 97201
Telephone: + 1 503-224-6751
FAX: + 1 503-224-8872
Internet: info@inherent.com
Http: //www.inherent.com
Regional Office:
Boston, MA.
Joe Abernathy Joe_Abernathy@pcworld.com
Senior Editor News (713) 666-5896
PC World (713) 666-6041 fax
------------------------------
From: glr@ripco.com (Glen Roberts)
Date: 05 Sep 1994 15:49:17 GMT
Subject: Snooping on the Net
Organization: Ripco Internet BBS, Chicago (312) 665-0065
------------------------------------------------------------------------
cc: Kathleen Carson, S.A., FBI, LA, CA. || Pursuant to Court Order
Kenneth G. McGuire, III. S.A., FBI, LA, CA. || served August 11, 1994
Stanley E. Ornellas, S.A., FBI, LA, CA. || on Netcom Communications
------------------------------------------------------------------------
5 U.S.C. 552b (a) Congress finds that --
(1) the privacy of an individual is directly affected by the
collection, maintenance, use, and dissemination of personal information
by Federal agencies;
(2) the increasing use of computers and sophisticated information
technology, while essential to the efficient operations of the
Government, has greatly magnified the harm to individual privacy that
can occur from any collection, maintenance, use or dissemination of
personal information;
...
(4) the right to privacy is a personal and fundamental right protected
by the Constutition of the United States; and
(5) in order to protect the privacy of individuals identified in
information systems maintained by Federal agencies, it is necessary and
proper for Congress to regulate the collection, maintenance, use and
dissemination of information by such agencies.
...
(e) AGENCY REQUIREMENTS -- Each agency that maintains a system of
records shall --
(1) maintain in its records only such information about an individual
as is relevant and necessary to accomplish a purpose of the agency
required to be accomplished by statute or by executive order of the
President;
...
(7) maintain no record describing how any individual exercises rights
guaranteed by the First Amendment unless expressly authorized by
statute or by the individual about whom the record is maintained or
unless pertinent to and within the scope of an authorized law
enforcement activity.
--
Glen L. Roberts, Editor, Full Disclosure Magazine
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
email glr@rci.ripco.com for information on The Best of Full Disclosure,
four volumes to blow your mind. Voice/Fax on demand: (708) 356-9646
email for uuencoded .TIF of T-Shirt Honoring the FBI
------------------------------
From: skypatrl@crl.com (Albert Zhou)
Date: 03 Sep 1994 10:54:06 -0700
Subject: Re: Post Office Boxes
Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest]
"Dennis G Rears (FSS" <drears@pica.army.mil> writes: Issue #2: Ok,
you have gone to USPS and they don't have my correct address. You
then try through the phone company (one of my numbers is listed)
the address is most likely in the phone book. That doesn't work.
You do social engineering through the electric or gas company. If
the person owns property you check various tax records in
communities around the PO box town. That doesn't work. You then
wait untiul the person picks up the mail and follow them.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This probably won't work as this guy may pick up his mail at an odd
hour and only when no one is in the lobby. If you don't stay in the
lobby closely watching, you won't be able to tell who opens which box
-- unless you know this person's appearance.
You could, of course, send this guy a big package to that mailbox. Then
you camp outside and look out for a guy carrying that big package. Then
you could follow him.
------------------------------
From: ua602@freenet.victoria.bc.ca (Kelly Bert Manning)
Date: 04 Sep 94 10:03:42 PDT
Subject: Re: Post Office Boxes
levine@blatz.cs.uwm.edu ("Prof. L. P. Levine") says: Although I
don't like it from a business stand point, I am sure you will be
happy to know that this has changed. You can still follow the same
process for a business PO Box however the physical addresses for
the PO Boxes of private citizens are no longer availible.
I read a while back that private dicks and stalkers get around this by
running a phoney ad using the PO box number(with details unlikely to
get responses), clipping it once it's published, and then taking the
add to the Postal Service as "proof" that the PO box is being used
commercially.
The RCMP had no trouble getting the registration details of a US Border
Town PO box that a Canadian Pathologist rented a while back. Someone
ordered a copy of the birth certificate for a long dead child whose
death was recorded at one of the hospitals where the pathologist was on
staff.
Despite FTA/NAFTA many business and individuals in the US still seem to
have a reluctance to deal with Canadian companies. Many Vancouver, BC
companies overcome this easily by renting a Blaine, Washington, bag
service PO box number. The service for finding out the owner details
doesn't seem to be widely used, or this deception wouldn't be very
effective.
I see that former moderator D. Rears has replied to some questions that
came to my mind, but I couldn't followup it directly because the
Freeport mail sender got a memory fault from the " and non-standard
mail ID.
I also rented a mail box before I moved the last time, and haven't had
any trouble. Canada Post doesn't send out mail to the contact address.
For a phone number I use my work number, which doesn't appear in any
published directory (apart from briefly showing up on my employer's
anonymous gopher server before I asked them to desist).
The main question that comes to mind is whether the Postal Service or
any other body would consider pursuing this and filing charges to be a
useful expenditure of limited public resources, without any other
evidence of illegal activity or intent.
If they do file, is it something that is likely to get a conviction
from a jury, what kind of conviction is it(misdemeanor or felony), what
kind of sentence would it get, and what are the likely future
consequences in terms of employment screening, etc?
In Canada the Canada Post Corp. has a long term policy of refusing to
provide door to door delivery to new houses, and even terminating door
to door delivery where it can. If you start to get mail at one of these
group box addresses, even for a brief period, it should be relatively
easy to continue to get it there, even if you move.
These come in 2 flavours. The older one started out as a Rural Group
Box service. Anyone can register at a "Rural" green box using any
address, even a vacat field or lot, with no check.
Canada Post Corp. has also restricted service at real POs to commercial
accounts, privatizing retail service to individuals to things called
Retail Postal Outlets. In the Victoria Area there are about 70 of these
for a population of 300,000. All have to offer PO boxes as part of the
service and many are located in malls and other areas which are
realatively secure and where security staff would probably deal with
someone who hangs around watching a box without spending any money.
------------------------------
From: morris@grian.cps.altadena.ca.us (Mike Morris)
Date: 04 Sep 1994 20:09:22 GMT
Subject: Re: Cordless Phone Privacy
Organization: College Park Software, Altadena, CA
Shawn Leard <71370.2551@compuserve.com> writes: I am in the process
of pondering over purchasing one of these 900 MHz cordless phones
and was wondering if anyone has any recommendation? What I am
mainly looking for besides good reception is a very solid & secure
Tx between the handset and the base. This being unlike the normal
cordless phones that Tx in the 400 MHz band and offer so called
secure Tx that can still be picked up and understood with a normal
scanner.
Correction: The normal ones transmit in the 40-50mhz area. Unless you
can find one that scrambles or encrypts, you will always have the
snooper-via-scanner problem with any radio-based phone. Even the newer
scanners that have cellular designed out will still hear the 900 mhz
cordless phones.
Good rule of thumb: If the phone has an antenna, don't say anything
that you don't want published on the front page of the L.A. Times.
--
Mike Morris WA6ILQ | This space intentionally left blank.
PO Box 1130 |
Arcadia, CA. 91077 | All opinions must be my own since nobody pays
818-447-7052 evenings | me enough to be their mouthpiece...
------------------------------
From: Shawn Leard <71370.2551@compuserve.com>
Date: 04 Sep 94 22:46:55 EDT
Subject: Re: Cordless Phone Privacy
From: tim@umcc.umcc.umich.edu (Tim Tyler)
Newsgroups: rec.radio.scanner,alt.radio.scanner,alt.privacy,
alt.toys.hi-tech,talk.politics.crypto
Subject: Motorola 'Secure-Clear' Cordless Phones (repost)
Date: 07 Jul 1994 01:43:26 -0400
Organization: UMCC, Ann Arbor, MI, USA
In the last several weeks, I've noticed some questions & discussion
concerning Motorola's 'Secure-Clear' line of cordless phones. Below is
a REPOST of something I originally wrote & posted a few years ago. I
assume Motorola is still using the voice-inversion technology for their
'Secure-Clear' line, although I'm not sure if they're continuing to
misinform the public about the level of protection offered by its
primitive & weak transmission-security method.
*******************************************************************
"Why a Motorola Cordless Phone?"
"Cordless phone eavesdroppers are everywhere" says pro golfer Lee
Trevino, spokesman for Motorola. "But with my Motorola Secure Clear
Cordless Phone, my private conversations stay private."
So says a glossy brochure (# BA-81) that Motorola's Consumer Products
Division (telephone # 800/331-6456) distributes to promote their new
'secure' cordless phone product line. When I first read the cover of
the brochure, I said to myself, "Wow, I wonder what sophisticated
technology it must use?" Motorola has been developing and selling
secure voice & data systems, from DVP & DES up to the current
'FASCINATOR' algorithm for classified military & federal government
secure voice for many years.
Page Two of the slick brochure has some rhetorical questions and
answers:
*****************************************************************
Why Motorola Cordless Phones?
Q. What is meant by Secure Clear?
Secure Clear is an exclusive technology that assures you no
eavesdroppers will be able to use another cordless phone, scanner or
baby monitor to listen in to your cordless conversations.
Q. How difficult is it to eavesdrop on someone's cordless
conversation?
It's not difficult at all. Simply by operating a cordless phone,
scanner or baby monitor on the same channel as you're on, an
eavesdropper can listen in. Security codes alone DO NOT prevent
eavesdropping.
Q. What are security codes and what do they do?
Security codes allow the handset and base to communicate with each
other. With the Secure Clear cordless phone, one of 65,000 possible
codes are randomly assigned every time you set the handset in the
base. This means that a neighbor cannot use his handset to link with
your base and have phone calls charged to your phone number.
Q. Describe the basic difference between Secure Clear and security
codes.
Secure Clear protects against eavesdropping. Security codes prevent
the unauthorized use of your phone line. Usually all cordless phones
have security codes, but not both.
Q. What is the purpose of the Secure Clear demo?
The Secure Clear demo is a unique feature of Motorola phones that
allows you to actually experience what an eavesdropper would hear when
trying to listen to your conversation. By pressing the SECURE DEMO
button on the Motorola phone, you and the person on the other end will
hear the same scrambled noise an eavesdropper would hear.
*****************************************************************
Hmmm... I went to the Motorola Secure Clear cordless phone display at
a Sears store, took a deep breath, & hit the demo button in order to
hear what the "scrambled noise" which would protect a conversation from
eavesdropping sounded like. White-noise like that of a digital data
stream? Rapid analog time-domain scrambling? No, the scrambled "noise"
sounded like inverted analog voice. That's right, they're using the 40
or 50 year old (3kHz baseband) speech inversion system --the same one
which they stopped marketing for their commercial two-way radio gear
about a decade ago-- to make Lee Trevino's & other ignorant people's
"private conversations stay private."
For those of you not familiar with speech inversion, it simply
flip-flops the voice spectrum so that high pitched sounds are low, &
vice versa. It sounds a lot like Single Side Band (SSB) transmissions,
although it is somewhat tricky to get a SSB receiver to decode
speech-inversion scrambling. Prior to 1986, several companies -- Don
Nobles, Capri Electronics, etc., sold inexpensive kits or scanner
add-ons that could be used to decode speech inversion. Several
electronics magazines also published schematics for making your own
from scratch, at a cost of about $5. After the Electronic
Communications Privacy Act of 1986, it became illegal to decode or
decipher encrypted communications which you weren't a legitimate party
to, so the standard practice of selling these quasi-legal products as
'experimental kits' or 'for educational purposes only' became common.
Today, some companies will not specifically sell a 'speech-inversion
descrambler,' but instead market a 'speech inversion scrambling system'
which means the kit will encode as well as decode speech inversion,
although most people buy them simply to hook up to their scanners &
monitor the few public safety agencies and business that (still) use
speech-inversion scrambling.
Yes, technically, it is a felony for you to use a speech-inversion
descrambler to monitor these Motorola 'Secure Clear' cordless. Or for
that matter, the new Radio Shack DUoPHONE ET-499, cordless phone that
also depends on speech-inversion for privacy protection. The public
utility of the ECPA has been argued about ever since before it was
enacted. It is rather obvious that the ECPA was pushed upon the
ignorant, money-hungry Congress by the powerful (& wealthy) Cellular
Telephone Industry Association (so the CTIA could propagate
misinformation to the public, but that's another story...). I also
realize that the 46/49MHz cordless phone channels are apparently
allocated for analog-voice only.
Despite the ECPA, it is unconscionable to me that Motorola --who surely
knows better-- would produce the slick brochure & specifically market
the 'Secure Clear' line as being invulnerable to eavesdropping. Their
wording unequivocally gives the impression that the 'Secure Clear'
conversations are secure, not only from other cordless phone & baby
monitors, which have several common frequencies, but also against
communications hobbyists with scanner radios.
It is bad enough that many public safety officers still think that by
using the 'PL' ('Private Line,' also known as CTCSS) setting on their
Motorola two-way radios, no one else can listen in. While the 'Private
Line' fiasco might be attributable to misconception on the part of the
radio users, in my opinion, Motorola's Consumer Products Division has
to know that there are thousands of scanner monitors who have the
technical ability to defeat the speech-inversion 'Secure Clear'
system. A Motorola representative at the 1992 Summer Consumer
Electronics Show in Chicago confirmed this to me, with a smirk on his
face.
There's a big difference between Motorola's aforementioned wording &
that of Radio Shack's on page 3 of their 1993 catalog:
New! Voice-Scrambling Cordless Telephone DUoFONE ET-499.
Cordless phones are great. But since they transmit over the
airwaves, your private conversations could be monitored. Now
you can enjoy cordless convenience with voice scrambling for
added [emphasis theirs] privacy protection -- frequency
inversion makes transmissions between the handset and base
unintelligible...
It's not "Motorola should know better." Motorola DOES know better.
Otherwise, they wouldn't be spending time or money on truly 'secure'
(based on current technology, of course) communications and
transmission security systems for the government.
I sure am thankful that our federal government & military users of
secure-mode communications systems don't rely on Motorola's marketing
department to provide factual information as to the level of security
provided by Motorola equipment. Too bad that for the most part, the
public does.
For anyone looking for a cordless telephone that offers a decent level
of privacy, take a look at some of the new cordless phones that use the
900MHz band. Most of the new ones not only use CVSD digital voice for
the RF link, but also direct-sequence spread spectrum. By no means are
these phones secure ('encoded,' yes, but 'encrypted,' generally not),
despite some of the wording in their owner's manuals. Some of the
Tropez 900 models actually seems to generate a very weak analog
harmonic in the 440MHz spectrum, but you'll still be a lot better off
than poor Lee Trevino!
Tim Tyler
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 05 Sep 94 21:50:19 EDT
Subject: Big Brother (not just) on the Autobahn
The "newsgroup: sci.military, Subject: AF News Svc 30 Aug 94"
article states: Rome Laboratory entered into an agreement in July
with federal and New York transportation agencies to pioneer
development of an automated traffic monitoring system. The system
will assist traffic managers in planning for --- and relieving ---
congestion on major U.S. highways.
The system will make use of advanced signal processing, neural
network and distributed systems technology, all of which are major
technology areas to Rome Laboratory.
By employing video sensors, processors, communications services,
and a closed-loop feedback system to monitor expressway traffic,
So? This has been an everyday part of life on the freeways of Los
Angeles. Minus of course, a "neural network and distributed systems
technology" which will further automate the current system. Oh, and it
still doesn't work! But the federal government will keep spending
money on it.
------------------------------
From: "David A. Honig" <honig@buckaroo.ics.uci.edu>
Date: 06 Sep 1994 11:30:11 -0700
Subject: Re: Internet White Pages
Organization: UC Disneyland, in the Kingdom of Bren
Paul Robinson <PAUL@tdr.com> writes: In alt.sex.stories is an
article entitled "The Engineer: Scorched Earth" which, if it
hopefully has expired by now, is the kind of thing that gives a bad
name to Internet. I have a copy of the article as
The Internet is a form of media. Do books that you don't like give a
"bad name" to Gutenberg's press?
well as my own replies to it, and I'll send it on to anyone that
wants to read it. Let me warn you, if you have any decency at all
the story will sicken you. The damn thing facinated me the way a
mongoose fascinates a rattlesnake, however. If I wanted to list
the worst, most
There are no rattlesnakes where mongoose are found. There are cobras,
and they are food items.
--
David A. Honig, informivore
------------------------------
From: <HENDER@fis.utoronto.ca>
Date: 06 Sep 1994 07:27:58 -0400
Subject: Access surveillance
Organization: Faculty of Information Studies
I hope some members of the list will be able to give us assistance on
this question.
We would like to find examples of institutional policies relating to
privacy/confidentiality issues with respect to electronic (transaction)
records created by the use of building access cards which contain
personal ID on their magnetic strip. This seems to be a topic which has
not received much attention in the literature. We are also interested
in examples of institutional policies dealing with privacy issues
related to other aspects of electronic surveillance especially dealing
with transaction records.
If your institution has such policies, we would appreciate receiving a
copy or information on how we could get a copy.
PLEASE REPLY TO ME NOT THE LIST (I am not a current subscriber).
Thanks,
Diane Henderson
Faculty of Information Studies
University of Toronto
140 St. George St.
Toronto, Ont. Canada M5S lAl
Phone (416) 978-7071
Fax (416) 978-5762
hender@fis.utoronto.ca
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
Back issues are available via anonymous ftp on ftp.cs.uwm.edu
[129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The
archives are in the directory "pub/comp-privacy".
People with gopher capability can access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Archives are also held at ftp.pica.army.mil [129.139.160.133].
End of Computer Privacy Digest V5 #031
******************************
.