Date:       Wed, 06 Dec 95 16:15:25 EST
Errors-To:  Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V7#048

Computer Privacy Digest Wed, 06 Dec 95              Volume 7 : Issue: 048

Today's Topics:			       Moderator: Leonard P. Levine

                            Signed Postings
                           Caller ID leakage
                       Re: SSN for CA DL renewal
                         SSN for NY DL renewal
                    Is it Possible to Not GET a SSN?
                            Cashless Society
                           Re: Common Carrier
                    Re: Privacy and Police Computers
                         Professional Paranoids
              Privacy Watchdog Outs Big Brother Companies
                 Info on CPD [unchanged since 11/22/95]

----------------------------------------------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 06 Dec 1995 15:55:55 -0600 (CST)
Subject: Signed Postings
Organization: University of Wisconsin-Milwaukee

This is from the moderator of the Computer Privacy Digest.  In a
previous mailing I used a newly formed authorization technique to
"sign" the digest.  The authorization will ultimately cause postings
that are authorized by someone other than the moderator (me) to be
automatically cancelled.  Out of some several thousand readers I
received 3 notices that the authorized messages did not arrive at the
destination address.  People who are concerned about this sort of thing
will be working on fixing those problems that occur.

This is the only posting of 11 items in Volume 7 number 48 that is not
"signed".  If this is the only posting that you see in this
volume:number, please let me know, I am certain that other moderated
boards will shortly be using this technique to fix the problem of
spamming so if you have a problem, I expect it will get worse.  As a
temporary or even a permanent fix I will be pleased to directly mail
the entire digest to anyone who has a problem.  Just let me know.

The problem we are about to solve is not seen as a serious one to
everyone.  One reader responded:

    As a meta-comment, I'm astounded that you're bothering to tilt at
    this windmill --- you (and many others) are reacting *so*
    irrationally hysterically to the threat of bogus postings that
    you'll entertain screw up your news propagation.  Strikes me as
    very silly, and is the sort of thing that only contributes to the
    hysteria.  I mean, you're not even reacting to a *REAL* problem, in
    any dimension (since as you admit, your newsgroup hasn't had a
    problem).

    At the least, why not let some newsgroup that *is* really
    expeeriencing difficulty to be the guinea pig?

I presented this question to Greg Rose, the author of PGP Moose.  His
response was:

    I must disagree with your correspondent in that I wouldn't have
    gone to this amount of trouble if there wasn't already at least a
    little bit of a problem.  About 8 months ago there was a spate of
    forged spams sent to moderated newsgroups.  This lead to a lot of
    work by Chris Lewis on automatic spam detection and cancelling, and
    to the desire to create the PGP Moose. I agree with you that it can
    only get worse, and what is more, I believe that when it gets worse
    it will do so quickly.

    By the way, the particular spam that I reacted to, way back then
    (March 7th), was crossposted to every moderated newsgroup. Chris
    Lewis caught it quickly and autocancelled it, but technically I
    think you have experienced the problem at least on a small scale --
    you probably just didn't notice at the time.

I added:  Here in the US we are about to enter a VERY contentous year
of politics and I see every reason to believe that various political
groups will use the net as never before to express their opinion and to
damage their opponents.  Dirty tricks will abound.  For example look at
http://www.dole96.org (spoof) and http://dole96.com (real). It is 11
months till the election and we see this now.  Unless we are on top of
this we will not be able to respond when the time comes.

   Greg responded:  You've touched on a point that worries me. I see
   the PGP Moose as a precautionary measure, something that should be
   put into place before there is a major problem. You, and a couple of
   others, seem to agree. But the vast bulk of people out there seem to
   be waiting for the problem to occur for real before they will think
   about implementing (installing) something like it.  It's much harder
   to build a levee when it's raining cats and dogs.

   The Privacy Digest is certainly no further away from the problem
   than misc.news.bosnia or comp.std.c++ (both of which have moderators
   using it, although in both cases they have multiple moderators and
   not all are using it). And I strongly feel that masquerading as
   another is a breach of that person's rights, and to some extent of
   the right of privacy. That it is your right (as moderator) that is
   being breached is merely less general than breaching everyone's.

I responded that the cancellation of other folk's postings in general
is a vigilante tactic, and is, perhaps, as serious a breach of
net-etiquet as the original spam.  Cancelling a posting in a
_moderated_ group with the permission of the moderator has no such
effect, since I am the only one permitted to post to CPD and all other
legal posts are done, in effect, with my authority.  If I authorize
someone to cancel any message that I have not personally signed there
is no impropriety, just someone acting as my authorized agent.

   Greg went on:  I have some other, less direct, reasons for wanting
   the experiment to proceed. Proper use of cryptographic tools is one
   of the great hopes for privacy and security in the near future, but
   I believe it is under threat from legislators everywhere. One of the
   background motivations for developing the PGP Moose was to deploy a
   widely used, clearly beneficial tool using PGP particularly, and
   cryptographic techniques generally. Then when someone says "Let's
   ban ...", we can say "But look at the consequences to ...".  At the
   moment I'm unaware of any such valid argument outside of banking and
   commerce, and they are always handled by grandfather clauses or some
   form of per-case authorisation. It also focuses attention on the
   laws and the ITAR.

So, here we go with step 2.  This issue Volume 7 number 48 has 11
items, all of which are signed except this one.  If you see no other
item in this volume:number, please let me know.

    Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
    Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
    28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
    French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
    NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Mosaic:        gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

From: Beth Givens <bgivens@pwa.acusd.edu>
Date: 06 Dec 1995 13:20:09 -0800 (PST)
Subject: Caller ID leakage

Starting December 1, Calling Number ID is supposedly transmitted on ALL
calls, local as well as long distance, as per a FCC ruling.  The one
exception is for calls originating in California.  (The California
Public Utilities Commission has requested a 6-month waiver, until it
has had the opportunity to accept or reject the local phone companies'
education plans for alerting California consumers to the privacy
effects of Caller ID.)

Rumor has it that some Caller ID data for California calls has somehow
"leaked" out -- both in the past and since December 1st. But we have
not been able to verify that. If you have indeed seen California
numbers on your Caller ID display devices, I'd appreciate hearing from
you -- either via this forum or directly to my email address
(bgivens@acusd.edu). If you don't mind divulging the first 6 digits of
those numbers, that data would help track down the errant phone company
switches. Thanks.

Beth Givens				Voice: 619-260-4160
Project Director			Fax: 619-298-5681
Privacy Rights Clearinghouse		Hotline (Calif. only):
Center for Public Interest Law		   800-773-7748
University of San Diego			   619-298-3396 (elsewhere)
5998 Alcala Park			e-mail: bgivens@acusd.edu
San Diego, CA 92110


------------------------------

From: fyoung@oxford.net (F Young)
Date: 01 Dec 95 23:07:25 EST
Subject: Re: SSN for CA DL renewal

    halfbree@rapidnet.com wrote: That is an intresting statement as
    South Dakota and several other states use your SSAN as the Drivers
    License #.

In Canada, a law was passed by the previous government prohibiting the
use of the Social Insurance Number (SIN), same type of ID as the SSN,
for record-keeping other than with the federal government.  Before this
law, when I went to high school, my school ID was my SIN.  When
applying for my DL in Ontario, they asked for two pieces of
identification, and I have to show that I am a permanent resident or
citizen of Canada, but that could be done without showing my SIN.
Ontario DLs have unique numbers.

At the same time, the government began requiring everyone to provide
their SINs when opening any account that has to do with money -
presumably to keep tab on us so we have a harder time not paying tax on
interest earned.  Foreigners opening bank accounts in Canada are
subjected to a 25% withholding tax on interests.


------------------------------

From: walt@lfs.loral.com (Walt Johnson)
Date: 05 Dec 1995 15:12:45 GMT
Subject: SSN for NY DL renewal
Organization: Loral Federal Systems, Owego New York

Yesterday I renewed my New York Drivers License. NY requested my  SSN
but didn't make an issue of it when I requested the written statement
of statutory authority and impact of refusal. I just put a "N" in the
space and they accepted it.

Walt Johnson						       N3385L
KB2UOU							 Cessna A185E
Loral Federal Systems Group				     EDO 2790
Owego, New York 13827			       The comments expressed
waltj@lfs.loral.com			      above are my own and do
(607-751-2158)				     not reflect the position
FAX(607-751-6223)			     of the Loral Corporation


------------------------------

From: adkinsg@piranha.ianet.net (Garry P. Adkins)
Date: 02 Dec 1995 01:11:38 -0500
Subject: Is it Possible to Not GET a SSN?
Organization: Ichthus Access Networking Inc., (304) 453-5757

I (of course) have a SSN.  I've been wondering if it's possible to not
actually *have* a SSN....

I was talking with a guy the other day (he's a pastor), and he
home-schools his kids, etc.  They don't have SSNs. (yet...)

He really really really really objects to getting them on religious and
moral grounds.

While maybe not as extreme, but it's kinda like the "mark of the beast"
thing.

It sent me to thinking...  Any idea what his options are?  Can he be a
"conscientious<sp?> objector" to the SSN deal?

-- 
 ------------------------------------------------------------------------
Garry Adkins                             adkinsg@ianet.net  
USnail: 712 Chestnut St.                 BELLNet:  +1-304-453-5757
        Kenova, WV 25530-1511


------------------------------

From: maillist@dazed.nol.net (Al Johnson)
Date: 02 Dec 1995 09:00:42 GMT
Subject: Cashless Society
Organization: Networks On-Line, Houston

The governments main reason for pushing the cashless society idea is
that it will obliterate the underground economy which transactions the
IRS is unable to collect taxes on.  But I do not believe that
undergroud transactions put that much of a dent in the governments tax
revenue, besides they collect enough taxes as it is already.

However, there are benefits that a cashless society would have for the
consumers and the economy as a whole, but however great the benefits,
no cashless system should be implemented unless total privacy can be
gauranteed.  Simply devise a system that makes tracking purchases
impossibe.  A system whereby a cash purcase cannot be linked to a
person, or a bank account.

I see no reason why we cannot have a virtual wallet with digital cash.
The wallets can be mass produced in the form resembling a credit/ATM
card.  All cards are generic, meaning that they are anonymous, have no
personal information identifying the owner of the card, or the owners
bank account.  I call this card a virtual wallet, as opposed to a
virtual checkbook, because the purpose of this wallet is to carry your
digit cash - cash is anonymous.  I'm talking about cash that functions
the same as the bills in your wallet right now.

The digital cash can be downloaded from your bank account through the
ATM directly into you virtual wallet.  Each unit of digital cash is
made up of serial numbers and denomination codes that are registered
with the U.S.  Treasurey Dept..  The cash can be used for any purchase
or can be transferred between individuals as usual.  When a purchase is
made, a certain amount of digital cash codes equal to the amount of the
sale is transfered from the wallet into the business cashregister.  The
digital cash *IS* the currency.  It is not an *authorization* for your
bank to transfer monies from your account into the merchant's account,
(like a check or credit card) thereby requiring personal and purchase
information to be gathered and transferred.  The digital cash is paper
cash in digital format and functions the same.

So don't lose your virtual wallet because the cash in it can be spent
by anyone, just as if you lose your real wallet today!  And don't try
to go to your bank to get replacement cash for the cash that you lost
before it was spent, because they have no way of knowing what cash is
spent and what cash is not, because they do not track who gets what
currency ID numbers.  These generic wallets can also be equiped with
programmable PIN's so as to deter unauthorized use.  If all digital
wallets used PIN's, then many more lost wallets would probably get
returned to their owners in the hope of reaping a possible reward.

This is just a rough outline of my ideas and they will certainly need
modification.  But, my point is this:  We shouldn't have to give up our
privacy in order to reap the rewards of a cashless economy, or anything
else for that matter.


------------------------------

From: herrin@why.com (William Herrin)
Date: 02 Dec 1995 19:49:46 GMT
Subject: Re: Common Carrier
Organization: Why? Because we like you.

    Kevin Kadow <kadow@cig.mot.com> writes: Personally I'm more
    concerned with the chilling effect on free speech that would result
    from restricting content, regardless of who is held liable.  As
    I've stated in other forums, the question isn't HOW to make the
    Internet safe for children (one proposed goal of this bill) but
    WHETHER it should be done at all. The Internet is no longer a
    publically funded resource, if the politician's want their own safe
    and censored network, let them start one for that purpose.

I disagree. The availability of pornography and similarly problematic
material potentially has the ability to bar children from the Internet,
or at least from huge un-checked expanses of it. That shouldn't be
allowed to happen.

The question is how do you let the kids roam without, as you say,
having a chilling effect on free speech. I like safesurf's answer. Take
a look at <URL:http://www.safesurf.com/>. Their plan adds a voluntary
capability to the technology, which if supported by laws and treaties
would allow kids to roam without chilling anyone's rights.

Of course, it takes more than just the web, but thats a place to
start.

--
William D. Herrin                 herrin@why.com herrin@ultima.cms.udel.edu 
6857 Lafayette Park Dr.          wherrin@gmu.edu herrin@scienza.onr.navy.mil
Annandale, VA 22003                 Fallible_Dragon@udic.org -==(UDIC)==-
Web: <http://www.why.com/~herrin/>  PGP Public Key Available via web page


------------------------------

From: John Medeiros <71604.710@compuserve.com>
Date: 02 Dec 95 21:23:20 EST
Subject: Re: Privacy and Police Computers

In his post, Adam Starchild <taxhave@ix.netcom.com>, related a New
Jersey incident in which police used a "patrol car computer scanner" to
determine that a driver had a suspended driver's license.

I for one, would like to hear a LOT more detail on such a case.  If
anyone knows any additional details please provided them.  On its face,
the incident sounds quite ominous.  The use of the term "computer
scanner" is particularly troubling.  On the other hand, after many,
many years of monitoring police radio traffic (quite legal and
inexpensively done with widely available equipment), it appears that
officers used a data terminal in their car to inquire about a vehicle
owned by Mr Donis.  For whatever reason, they then used that same
terminal to determine if the registered owner (Mr. Donis) driver's
license was valid.  Finding that it was suspended, they then stopped
and determined that Mr. Donis was in fact the person driving the car.
Mr. Donis was then arrested.

Now, this is all supposition, I have no personal knowledge of this
incident.  However, if my senario is accurate, it portrays something
that has been done for years.  Initially via radio with the assistance
of dispatcher, but now directly by the officers themselves.  It would
therefore pose no new intrusions into privacy.  In fact, the digital
signal used to transmit the information to the data terminals in patrol
cars is infinitely more difficult to monitor than the good old radio
waves and will cut down on the amount of information "overheard" on
police radios, so actually *increases* privacy.

In fact my concern is somewhat differnent than Mr. Starchild's.  My
concern is that someone will be able to "spoof" the police computer by
transmitting on the correct frequency, in the correct protocol, with a
vailid identifier, etc., and have the police coomputer respond with
information.  Now THAT scares me.


------------------------------

From: rj.mills@pti-us.com (Dick Mills)
Date: 06 Dec 1995 05:16:47 -0500
Subject: Professional Paranoids

Bob Metcalfe, in his From the Ether column in InfoWorld 12/4/95 wrote a
column on his predictions for 1996:

Predicting the Internet's castastrophic collapase ..snip..

  *Privacy.  Internet backlash among professional paranoids will break
  into a full collapse after a series of well-publicized privacy
  violations instigated by the professional paranoids themselves for
  our own good.

Gee, I guess he means us.  Let me be the first to disavow it.  No
matter what happens in 1996 it wasn't me that did it. :)

--
Dick Mills                               +1(518)395-5154
            http://www.albany.net/~dmills 


------------------------------

From: "Dave Banisar" <banisar@epic.org>
Date: 04 Dec 1995 10:33:29 -0500
Subject: Privacy Watchdog Outs Big Brother Companies

MEDIA RELEASE

Contact: Simon Davies, Privacy International
Davies@privint.demon.co.uk

PRIVACY WATCHDOG OUTS BIG BROTHER COMPANIES 

New report uncovers a massive international surveillance trade funded
by the arms industry and led by the UK

On Monday 4 December, Privacy International will publish Big Brother
Incorporated, a 150 page report which investigates the global trade in
repressive surveillance technologies. The report, to be published on
several Web sites on the Internet,  shows how technology companies in
Europe and North America provide the surveillance infrastructure for
the secret police and military authorities in such countries as China,
Indonesia, Nigeria, Angola, Rwanda and Guatemala

The reports primary concern is the flow of sophisticated computer-based
technology from developed countries to developing countries  - and
particularly to non-democratic regimes.  The report demonstrates how
these companies have strengthened the lethal authority of the world's
most dangerous regimes.

The report lists the companies, their directors, products and exports.
In each case, source material is meticulously cited.  Privacy
International is publishing the report in digital form in several sites
on the Internet to ensure its accessability by interested parties
anywhere in the world.

Surveillance technologies are defined as technologies which can
monitor, track and assess the movements, activities and communications
of individuals.  More than 80 British companies are involved, making
the UK the world leader in this field. Other countries, in order of
significance, are the United States, France, Israel, the Netherlands
and Germany.

_Big Brother Incorporated_ is the first investigation ever conducted
into this trade.  Privacy International intends to update the report
from time to time using trade fair documents and leaked information
from whistleblowers.

The surveillance trade is almost indistinguishable from the arms trade.
More than seventy per cent of companies manufacturing and exporting
surveillance technology also export arms, chemical weapons, or military
hardware.  Surveillance is a crucial element for the maintenance of
any  non-democratic infrastructure, and is an important activity in the
pursuit of intelligence and political control.  Many countries in
transition to democracy also rely heavily on surveillance to satisfy
the demands of police and military. The technology described in the
report makes possible mass surveillance of populations.  In the past,
regimes relied on targeted surveillance.

Much of this technology is used to track the activities of dissidents,
human rights activists, journalists, student leaders, minorities, trade
union leaders, and political opponents. It is also useful for
monitoring larger sectors of the population. With this technology, the
financial transactions, communications activity and geographic
movements of millions of people can be captured, analysed and
transmitted cheaply and efficiently.

Western surveillance technology is providing invaluable support to
military and totalitarian authorities throughout the world.  One
British computer firm provided the technological infrastructure to
establish the South African automated Passbook system, upon which much
of the functioning of the Apartheid regime  British surveillance
cameras were used in Tianamen Square against the pro-democracy
demonstrators.  In the 1980s,  an Israeli company developed and
exported the technology for the computerised death list used by the
Guatemalan police. Two British companies routinely provide the Chinese
authorities with bugging equipment and telephone tapping devices.

Privacy International was formed in 1990 as a non-government,
non-profit organisation.  It brings together privacy experts, human
rights advocates and technology experts in more than 40 countries, and
works toward the goal of promoting privacy issues worldwide.  The
organisation acts as an impartial watchdog on surveillance activities
by governments and corporations.

For further information or interview, contact Simon Davies in London at
davies@privint.demon.co.uk.  The address of the web site is
http://www.privacy.org/pi/reports/big_bro/

--
David Banisar (Banisar@privacy.org)     *  202-544-9240 (tel)
Privacy International Washington Office *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.privacy.org/pi/
Washington, DC 20003                   


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Nov 1995 14:25:54 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa.  The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.  

This digest is a forum with information contributed via Internet
eMail.  Those who understand the technology also understand the ease of
forgery in this very free medium.  Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top.  Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting.  He will comply.

If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution.  As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute.  If you
do so, it is best to modify the "Subject:" line of your mailing.

Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored.  They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious.  Diversity is welcome, but not personal attacks.  Do
not include entire previous messages in responses to them.  Include
your name & legitimate Internet FROM: address, especially from
 .UUCP and .BITNET folks.  Anonymized mail is not accepted.  All
contributions considered as personal comments; usual disclaimers
apply.  All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.  

Contributions generally are acknowledged within 24 hours of
submission.  If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion.  He will not, however,
alter or edit the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite.  The archives
are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.

Web browsers will find it at gopher://gopher.cs.uwm.edu.

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Web:           gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V7 #048
******************************
.