Date: Sun, 30 Oct 94 12:18:00 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#055
Computer Privacy Digest Sun, 30 Oct 94 Volume 5 : Issue: 055
Today's Topics: Moderator: Leonard P. Levine
Digitized Signatures
Re: Planting "Mistakes" to Guard Copyright
Re: Electronic Eavesdropping
Again, Securest Cordless Phones?
Driver's License in Minnesota
Need Help on a Topic
FTC Orders Trans Union to Stop
Censorship in Cyberspace
South African Consitution and Computer Privacy
OTA Report on Information Security and Privacy Released
Info on CPD, Contributions, Subscriptions, FTP, etc.
----------------------------------------------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: 28 Oct 1994 07:07:54 -0700 (PDT)
Subject: Digitized Signatures
I don't get out much, and I may be the last person on earth to know
this, but yesterday I went to Sears and bought a shovel and charged it
on my Visa card. The clerk inspected my card, found it wanting because
of a lack of signature on back, and told me to sign my slip with a wand
on an electronic panel. He told me that as of the 15th of next month,
all customers would be signing electronically. My signature appeared
on the screen of the cash register, and he said it was being "sent in"
to be verified. Where? He did not know. He said after the 15th the
credit card companies were going to a paperless system, and only the
electronic info was being kept. Each time I buy something, the system
will verify my signature and immediately notify the store whether it is
I or not. I said I knew it was I already. He said it was for my
protection.
------------------------------
From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500)
Date: 28 Oct 94 10:05:59 EDT
Subject: Re: Planting "Mistakes" to Guard Copyright
dpaulson@cpdsc.com wrote, regarding maps with fictitious cities:
Assuming the point of this is to have the fictitious city appear on
the illegal copy...
How does one tell an illegal copy from a legitimate one, when the
legitimate copy contains the fictitious city?
Well, since it's supposed to be the same technique as seeding a mailing
list and watching for false hits, I assume they have people parked out
in the desert, waiting for the lost tourists...
------------------------------
From: "Houston, James A." <JH2@scires.com>
Date: 28 Oct 94 13:22:46
Subject: Re: Electronic Eavesdropping
david.m.kennedy@CEORD-PM.mail.usace.army.mil writes: TEMPEST.TXT
states, I believe correctly, that it is illegal to possess some
types of specialized electronic eavesdropping equipment necessary
to intercept tempest-type, e.g. Van Echt, emanations. *If* Winn
-snip-
this may sound a bit hard to believe, but the u.s. government doesn't
really care who sniffs out our signals. you can go to radio shack and
buy enough equipment to receive what superficially may seem to be "top
secret" RF or LOS (AM/FM) signals (eaves dropping on the u.s.
government in effect). in fact, it is *assumed* that the enemy is
doing that on a continuous basis. the use of classified red/black
encryption devices scramble the transmission such that it is totally
unintelligible without the *same* encryption/decryption devices on the
receiving end.
we assume that the enemy is sitting within a mile of most military
installations in a van with the equipment described by david kennedy.
the general feeling is sniff all you want, you can't use the data
anyway. you must have the correct match of encryption/decryption
devices *and* the current crypto key to be able to use what you hear
(are able to receive). it is illegal to possess the "encryption
equipment", and especially the "key". both of which are accountable
military items; theoretically impossible to buy, impossible to own. in
theory that is...the john walker/pueblo incident comes to mind to throw
a spin on "theory".
as far as "TEMPEST" goes, if a piece of equipment has been tempest
tested/verified, it does NOT emit anything, period. that's the whole
idea of tempest. some things must not emit. devices that can emit are
video displays, printers, etc.. sensitive areas, e.g. video displays
capable of displaying top secret data are shrouded with "tempest"
shields such that nothing is emitted. hope that helps some.
--
jim houston
jh2@scires.com
------------------------------
From: CHRISDENNIS@delphi.com
Date: 28 Oct 1994 23:08:26 -0400 (EDT)
Subject: Again, Securest Cordless Phones?
A few weeks ago, there was a small discussion of the most secure
cordless phones available to consumers. However, I don't believe much
else was said other than the new Motorola "secure" phones can be easily
scanned.
I, and other readers I'm sure, would like to know what is the securest
on the market in the 900MZ range. And preferably under $300 street! ;-)
Or at least please point me in the right direction on where to look for
this info.
--
chrisdennis@delphi.com
Innkeeper/ CyberBizman!
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Oct 1994 06:16:52 -0500 (CDT)
Subject: Driver's License in Minnesota
Organization: University of Wisconsin-Milwaukee
Taken from RISKS-LIST: RISKS-FORUM Digest Friday 28 October 1994
Volume 16 : Issue 51 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G.
Neumann, moderator
Date: 27 Oct 1994 15:05:53 -0500
From: sullivan@geom.umn.edu
Subject: Drivers license as universal ID?
Minnesota is just introducing a new drivers license, with new security
features, as well as a bar code and a magnetic stip (with full name,
date of birth, and license number). The photo and signature are
digitized, and presumably stored by the state as well as being printed
on the card. I learned about the new licenses from an article in City
Pages, a free weekly here in the Twin Cities.
The new licenses are produced (for $1.29 apiece) by Deluxe (the check
printers). About 4000 drivers had to go back to have their pictures
retaken because they were transmitted at night from one computer to
another over "incompatible phone lines" [whatever that means] and
billions of bits went "screaming into the ether". Deluxe blames a
subcontractor.
Since the magstripe can hold about 256bytes, there have been
discussions about what else might be stored there. Things like a list
of cars and guns registered in your name, perhaps. Or, people
receiving food stamps or welfare might use their license to obtain
their benefits, either at a food-store cashier or from an ATM.
Don Gemberling, director of MN's Public Information Policy Analysis
Divison, evidently did raise the privacy issues during the planning
process, noting that a "universal personal identifier ... has been
consistently resisted in this country". Alice Gonzalo (assistant
director of DVS, the state Driver and Vehicle Services Division) notes
that DVS already sells driver's license information, sorted by
different fields. (One could buy a list of Minnesotans over 6'3", for
instance.)
There is already a national database of drivers with commercial
licenses, called AAMVANET, and there are plans to expand this to all
drivers. In Wisconsin, a driver's license can be suspended for failure
to pay fines unrelated to driving (like library fines).
MN dept of Administration's Bob Schroeder says In my opinion, the
driver's license has nothing to do with driving. How many times
have you pulled it out because an officer asked you for it? You
pull it out much more because someone at a store of a check-cashing
place wants to know who you are. It has less to do with driving
and more to do with being a universal identifier, a way for you to
be identified over the long term. Business really relies on the
state to establish this sort of identifier for them.
--
John Sullivan sullivan@geom.umn.edu
------------------------------
From: rravi@tam2000.tamu.edu (ravi)
Date: 29 Oct 1994 17:35:44 GMT
Subject: Need Help on a Topic
Organization: Texas A&M University, College Station, Tx
I am doing a graduate paper on the "Ethical and moral issues on the
proposed Information Superhighway". I am plannning to include privacy
issues and intellectual property rights issues relating to the info.
superhighway. If anybody could help me with some materials regarding
this subject, I would be very grateful. Also, any leads to any ftp
sites or anyother sources of information are also welcome.
If you have some information regarding this..please email to
"rravi@tamaix.tamu.edu" or "rravi@tam2000.tamu.edu".
--
(rravi@tamaix.tamu.edu)
(rravi@tam2000.tamu.edu)
Faith,faith,faith in ourselves
Faith in God
This is the secret of greatness.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 30 Oct 1994 06:06:26 -0600 (CST)
Subject: FTC Orders Trans Union to Stop
Organization: University of Wisconsin-Milwaukee
Taken from EPIC Alert Volume 1.06 October 28, 1994 Published by the
Electronic Privacy Information Center (EPIC) Washington, DC
(Alert@epic.org)
FTC Orders Trans Union to Stop Selling Credit Reports to Marketers
The Federal Trade Commission on October 18 ordered Trans Union, one of
the nation's largest credit bureaus, to stop selling consumer credit
information in its files to direct marketers in violation of the Fair
Credit Reporting Act (FCRA). This decision follows a year after TRW,
another large credit bureau, signed a consent decree with the FTC to
limit selling credit information. Equifax, the other large credit
bureau, also stopped voluntarily selling credit info for marketing last
year.
Trans Union, through its Transmark target marketing division, created
lists of individuals based on credit-related criteria and then sold the
information to companies to use for target marketing. The Commission
ruled that target marketing was illegal under the FCRA because the law
requires that the consumer initiate the transaction before the
information can be released. It also found that the companies had full
access to consumers' names and were aware of the criteria under which
the names had been chosen from the Trans Union database, which is also
an illegal disclosure of credit information.
Trans Union has said they will appeal and plan to continue selling the
information in the meanwhile. Under a newly passed law, Trans Union
must ask for a stay of the order after 60 days before they can continue
selling the information. Ed. Mierwizinski, Consumer Program Director of
US Public Interest Research Group's Washington Office hailed the FTC's
actions "its a good decision. I predict if they try and appeal, they
will loose."
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Oct 1994 07:31:05 -0500 (CDT)
Subject: Censorship in Cyberspace
Organization: University of Wisconsin-Milwaukee
Taken from CPSR-GLOBAL
Transcribed and relayed to me by a Netter:
CENSORSHIP IN CYBERSPACE by Mitt Jones
Freedom of expression for one person is a violation of the First
Amendment for another. The age-old censorship debate - what material
should be banned and what will be the cost of liberty - has now spread
to the information superhighway, the once freewheeling, no-holds-barred
place also known as cyberspace.
Online services such as Prodigy, which have long enforced its own
standards, are now tightening the censorship reigns even more. For
example, supervisors recently expanded the use of its "George Carlin"
software, which weeds out dozens of objectionable words.
Things are heating up even more on the Internet. Recently, the Simon
Wiesenthal Center, a Los Angeles institute devoted to exposing
anti-Semitism, submitted a summary of a massive dossier of cyberspace
hatemongering to the FCC. The three-year investigation, sparked by
tips from users, portrays the Internet as an unchecked haven for
bigots. One file, called Homobash, describes shooting a gay person in
the face with a gun; a graphic titled Monkey pictures African-Americans
copulating with animals and suggests that such acts account for the
rise of AIDS. Says Rabbi Abraham Cooper, associate dean of the
Wiesenthal Center: "It may be time for the FCC to place a cop on the
information superhighway."
But because networks are so new, no one knows who's to play Big
Brother. The FCC, which regulates radio and TV, has no jurisdiction
over computers. So the dossier summery has been turned over to the
Justice Department, which seemingly doesn't know exactly what to do
about online hatemongering either. The problem is twofold: There's no
mechanism to regulate online services and no legal precedent has yet
been set for cyberspace, the way it has for publishing, broadcasting,
and speech.
The issue with the Internet is whether it should be treated as a
broadcast system (subject to government regulation) or as a phone or
mail system that simply passes along information. "It's complicated
even more because Internet comprises private e-mail and public
databases and bulletin boards," adds Internet founder Vinton G. Cerf.
Then there's the issue of whether online providers and the thousands of
entities connected to the Internet are defined as commercial or
private. If they are seen as private carriers, many will have a hard
time defending the enforcement of their standards and will be held
legally responsible for the content of discussion groups and forums.
The issue is muddled further by the numerous types of services
available, including e-mail.
Cerf, also the president of the Internet Society, says that his
organization has drafted guidelines of suggested behavior for its users
and providers, but critics argue that this will do little to curb
hatemongering and sexually explicit materials. For the time being,
however, no mechanism exists to restrict the free flow of information
on the Internet, and at press time, the Justice Department has yet to
announce any other form of regulation.
--
HOME-OFFICE COMPUTING, November 1994, p.18.
forward by
Ken Wang ken or ken@iba.co.ZA
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Oct 1994 06:33:33 -0500 (CDT)
Subject: South African Consitution and Computer Privacy
Organization: University of Wisconsin-Milwaukee
Taken from Computer underground Digest Wed Oct 26, 1994 Volume 6
: Issue 93 ISSN 1004-042X TK0JUT2@MVS.CSO.NIU.EDU
Date: 24 Oct 1994 22:58:17 -0500 (CDT)
From: David Smith <bladex@BGA.COM>
Subject: South African Consitution and computer privacy
Saw this posted elsewhere, just passing along this lawyers request for
information.
---------- Forwarded message ----------
Date--Mon, 24 Oct 1994 17:18:52 GMT
South Africa has a new Bill of Rights which guarantees the right to
privacy and protects all persons against unreasonable and unjustified
search and seizure of their personal property or the violation of
private communications.
I am currently involved in research into the impact of this
constitutional right on computer law. In particular, I am looking at
whether a state agency can obtain a list of files from a person's
account which they suspect contains illegal material such as pirated
software or pornography (illegal in South Africa). Does the state
agency need to obtain a search warrant or the user's permission before
searching his/her account even if their suspicion is a reasonable one?
The crisp legal issue is this: Does the seizure of computer files or a
list of those files out of an individual's account, without a warrant
or without the user's permission, violate the constitutional right to
procedural due process and the right to privacy?
I would like references to reported judgements on this issue,
especially cases that have dealt with this on a constitutional law
basis. If possible, it would be most useful if I could be e-mailed
actual copies of the judgements. Reported decisions from any
jurisdiction would be useful.
Thank you in advance.
--
Mr Ron Paschke
Department of Procedural and Clinical Law
University of Natal
Durban
South Africa
email: paschke@law.und.ac.za
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Oct 1994 06:33:33 -0500 (CDT)
Subject: OTA Report on Information Security and Privacy Released
Organization: University of Wisconsin-Milwaukee
Taken from Computer underground Digest Wed Oct 26, 1994 Volume 6
: Issue 93 ISSN 1004-042X TK0JUT2@MVS.CSO.NIU.EDU
Date: 27 Sep 1994 13:54:43 CDT
From: mdexter@ops.ota.gov (Dexter, Martha Dir.,Info/Pub)
September 23, 1994
[The Office of Technology Assessment report "Information Security and
Privacy in Network Environments" is now available. The report was
released on September 23, 1994. Ordering information and details about
electronic access are at the end of this message.]
As electronic transactions and records become central to everything
from commerce and tax records to health care, new concerns arise for
the security and privacy of networked information. These concerns, if
not properly resolved, threaten to limit networking's full potential in
terms of participation and usefulness, says the congressional Office of
Technology Assessment (OTA) in a report released today.
Some 20 to 30 million people worldwide can exchange messages over the
Internet. Every day U.S. banks transfer about $1 trillion among
themselves, and New York markets trade an average of $2 trillion in
securities. Nearly all of these transactions pass over information
networks.
The report "Information Security and Privacy in Network Environments"
focuses on safeguarding unclassified information in networks, not on
the security or survivability of networks themselves, or on the
reliability of network services to ensure information access.
Appropriate safeguards must account for--and anticipate-- technical,
institutional, and social changes that increasingly shift
responsibility for safeguarding information to the end users, says
OTA. The laws currently governing commercial transactions, data
privacy, and intellectual property were largely developed for a time
when telegraphs, typewriters, and mimeographs were the commonly used
office technologies and business was conducted with paper documents
sent by mail. Technologies and business practices have dramatically
changed, but the law has been slower to adapt, says OTA.
Information safeguards, especially those based on cryptography, are
achieving new prominence. OTA emphasizes that decisions about
cryptography policy will affect the everyday lives of most Americans
because cryptography will help ensure the confidentiality and integrity
of health records and tax returns, speed the way to electronic
commerce, and manage copyrighted material in electronic form. Congress
has a vital role in formulating national cryptography policy, says OTA,
and more generally in safeguarding electronic information and
commercial transactions and protecting personal privacy in a networked
society.
A field of applied mathematics/computer science, cryptography is the
technique of concealing the contents of a message by a code or a
cipher. The message is unintelligible without special knowledge of
some secret (closely held) information, the key that "unlocks" the
encrypted text and reveals the original text. Key management is
fundamental to security. It includes generation of the encryption key
or keys, as well as their storage, distribution, cataloging, and
eventual destruction.
The federal government still has the most expertise in cryptography,
says OTA. As a developer, user, and regulator of safeguard
technologies, the federal government faces a fundamental tension
between two important policy objectives: fostering the development and
widespread use of cost- effective safeguards; and--through use of
federal standards and export controls--controlling the proliferation of
commercial safeguard technologies that can impair U.S.
signals-intelligence and law-enforcement capabilities.
The concern is reflected in the ongoing debates over key- escrow
encryption and the government's Escrowed Encryption Standard (EES).
The Clinton Administration announced the "escrowed-encryption"
initiative, often called the "Clipper chip," in 1993. This type of
encryption is intended to allow easy decryption by law enforcement when
the equivalent of a wiretap has been authorized. The Department of
Commerce issued the EES, developed by the National Security Agency
(NSA), as a federal information processing standard for encrypting
unclassified information in February 1994.
The initiative in general and the EES in particular have seen intense
public criticism and concern, OTA reports. The controversy and
unpopularity stem in large part from privacy concerns and the fact that
government-designated "escrow agents" will hold the users'
cryptographic keys.
Congress has asked the National Research Council (NRC) to conduct a
major study, expected to be available in 1996, which would support a
broad review of cryptography. OTA presents several options for
congressional consideration in the course of such a review. Because
the timing of the NRC review is out of phase with the government's
implementation of key-escrow encryption, one option would be to place a
hold on further deployment of key-escrow encryption, pending a
congressional policy review.
An important outcome of a broad review of national cryptography policy,
says OTA, would be the development of more open processes to determine
how cryptography will be deployed throughout society, including the
development of infrastructures to support electronic commerce and
network use of copyrighted materials. More openness would build trust
and confidence in government operations and leadership and allow for
public consensus-building.
OTA examines and offers policy options for congressional consideration
in three areas: 1) cryptography policy, including federal information
processing standards and export controls; 2) guidance on safeguarding
unclassified information in federal agencies; and 3) legal issues and
information security, including electronic commerce, privacy, and
intellectual property.
Requesters for the report are the Senate Committee on Governmental
Affairs and the House Subcommittee on Telecommunications and Finance.
OTA is a nonpartisan analytical agency that serves the U.S. Congress.
Its purpose is to aid Congress with the complex and often highly
technical issues that increasingly affect our society.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 26 Sep 1994 12:45:51 -0500 (CDT)
Subject: Info on CPD, Contributions, Subscriptions, FTP, etc.
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions generally are acknowledged within 24 hours of
submission. An article is printed if it is relevant to the charter of
the digest. If selected, it is printed within two or three days. The
moderator reserves the right to delete extraneous quoted material. He
may change the subject line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #055
******************************
.