Date: Mon, 04 May 92 12:49:38 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#011 Computer Privacy Digest Mon, 04 May 92 Volume 1 : Issue: 011 Today's Topics: Moderator: Dennis G. Rears Re: Cordless phones Re: Cordless Phones Re: Cordless phones Re: Federal law and SSNs Re: Should political speech be censored online? COMM DAILY on Privacy Panel Report on Community LInk FBI Interest in Mailing Lists The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: Skipper Smith Subject: Re: Cordless phones Date: Fri, 1 May 1992 21:51:30 GMT In article ugtalbot@KING.MCS.DREXEL.EDU (George Talbot) writes: >Craig DeForest writes: >>But, if you want privacy, you *don't* shout so that everyone within ten >>miles can hear it. If you want privacy, you don't broadcast your conversation. > >>If people don't want me to hear their conversation, they ought not to >>be shooting photons at me! > > I don't think that I agree with you. I have a cordless phone. >The major use I have it for is so that I can sit outside of my >apartment and still use the phone on a nice day. The regular phone >wire will not reach, and consequently I would have sit inside to use >the phone. You seem to be of the opinion that if my conversation is >transmitted over copper wire, then I have a right to privacy, but if >it's transmitted over the air, then I don't. >[...] > >George T. Talbot >ugtalbot@mcs.drexel.edu For those people who are paranoid about people snooping in on their cordless phone calls but don't want to be tied down to a corded phone, Motorola started producing (about three months ago or so) a cordless phone with a simple coding of the signal. I don't know what type of coding it is, but it will definately stop the casual snooper (kind of like a lock on the door). Since the coding scheme is public knowledge, it won't stop anyone who is really serious. For those people who are REALLY paranoid, you will have to wait for the next version :-). Since the phones are produced by a different segment, I am afraid that I don't know where they are sold or who they are sold by. -- Skipper Smith | skipper@wmtowdc.sps.mot.com Motorola Technical Training | 8945 Guilford Rd Ste 145 All opinions are my own, not my employers | Columbia, MD 21046 ------------------------------ Date: Fri, 1 May 92 21:15:52 PDT From: Michael McClary Subject: Re: Cordless Phones Date: Sat, 2 May 92 04:15:45 GMT In article davep@u.washington.edu (David Ptasnik) writes: [expresses concern about Craig DeForest's post about listening in on wireless telephone conversations] >If your neighbors are >talking, is it OK to turn a shotgun mike on them? After all, they are >shooting sound waves at you. If they don't want you to hear, they should >be whispering in the basement with the water running. Tough issue. The real question is, can they reasonably expect privacy when they hold the conversation? Courts and legislatures often try to define this when deciding whether information gathered by police, without a warrant, is admissable in court. Rulings I've heard about: - (Non-cellular) radio telephones: public - Conversations in the open, with person within normal earshot: public - Conversations in the open, with nearest person far enough away that a telescopic microphone would be necessary: private (Michigan state law) - Intact papers discarded in trash: public (US Supreme court) - Shredded papers discarded in trash: private (US Supreme court) I generally assume that, if the government would require a policeman to have a warrant if he wants to use the interception in court, listening in would be prying. ------------------------------ Date: Mon, 4 May 92 07:44:46 EDT From: Tom Olin Subject: Re: Cordless phones George T. Talbot (ugtalbot@mcs.drexel.edu) writes: The phone companies (if it's a long distance call) sometimes transmit phone calls using microwave towers. If this is the case, do I lose my right to privacy when I call long distance? Sure does look like it. It would be nice if nobody ever listened to anything they weren't supposed to, even if in a public place. Unfortunately, reality doesn't work that way. I am of the opinion that it is impolite and possibly even immoral to listen in upon another's private conversation without being invited. Perhaps so, but let's not start legislating manners. ("Hey, get your elbows off that table! Okay, buddy, you're going to jail!") If I have a computer, or an account on a computer, I do not expect that everything I will type there will be for public consumption. If others have access to it, do you still store personal information on it? Privacy is not something that a person should have to jealously guard in fear that another will find some way to take it away. Privacy should be an expression for the respect that people have for one another. Maybe that's the way it should be, but we're living in the real world here. Sorry. I can't expect any privacy if I undress in front of a picture window. Might be nice, but it won't happen. Privacy is something that you *have* to protect, to whatever degree is reasonable for your desire for it. Unenforceable and nonsensical laws cannot protect privacy any more than they can make the world flat. Tom Olin tro@partech.com uunet!adiron!tro (315) 738-0600 Ext 638 PAR Technology Corporation * 220 Seneca Turnpike * New Hartford NY 13413-1191 ------------------------------ From: egdorf@zaphod.lanl.gov (Skip Egdorf) Subject: Re: Federal law and SSNs Date: Fri, 1 May 1992 22:12:11 GMT In article jmjoy@eiffel.cs.psu.edu (John M. Joy) writes: >Would anyone happen to have the section of U.S. Federal law handy >(presumably some part of PPRA) which requires institutions normally >using an individual's Social Security account number as identifier to >use a GenSym identifier instead, on the request of the individual? Sorry, I know of no such law. Perhaps the following is useful: (transcription errors are mine) Public Law 93-579 The Privacy Act of 1974 Section 7 (a) (1) It shall be unlawful for any Federal, State, or local government agency to deny any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security number. (a) (2) The provisions of paragraph (1) of this subsection shall not apply with respect to - (a) (2) (A) Any disclosure which is required by Federal statute, or (a) (2) (B) The disclosure of a social security number to any Federal, State, or local agency maintaining a system of records in existence and operating before January 1, 1975, if such disclosure was required under statute or regulation adopted prior to such date to verify the identity of an individual. (b) Any Federal, State, or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what sta- tutory or other authority such number is solicited, and what use will be made of it. As I (not a lawyer) read this: (a) (1) Govt can't mess around with me over my SSN ... (2) Unless (A) A Federal LAW says to use the SSN (B) Federal, State, or local LAW said its ok when such law was passed prior to 1974. (b) In either case, they must tell you just what law they are talking about so that you can see if they are legal. It seems that the first place to start is to ask to see the disclosure required by (b). Initially you have no way to know if their request for your SSM is legal (mandated by law as described in (a)) without such a disclosure. Note that the law requires them to provide this information. After you find out what law covers the situation, you can either refuse or give your SSN as appropriate. If they are not covered by a law that explicitly allows the use of the SSN, you are not supposed to be denied any right for your failure to provide your SSN. They WILL try to squirrel out of this one because they often are not covered and are attempting to snow you. The first hint will be that they can't find the disclosure form or whatever that tells their statutory authority basis. They may have run into your (our) type before and attempt a second level snow job. For example: Any University of New Mexico students out there pull out your Student Catalog. In the early 80's, UNM added a paragraph as their disclosure. It says that the SSN was mandated by the Regents of the Univ. of NM. Sigh... That's not a law. They are not legally able to use your SSN as a student ID. They do it anyway. Now if only someone would get damaged by this... Say some hacker type steals a bunch of UNM SSNs, breaks into TRW's credit computers and ... It would be nice to get someone to recognize the law with a nice fat lawsuit. Skip Egdorf hwe@lanl.gov ------------------------------ Date: Fri, 1 May 92 20:45:10 PDT From: Michael McClary Subject: Re: Should political speech be censored online? I'm responding to the moderator's posting, as quoted by brad@looking.clarinet.com (Brad Templeton) >> [Moderator's Note: I was the moderator of telecom-privacy. A couple >> of points: His submission was an announcement and a copy of his >> platform. To me there was little difference between his submission and >> advertising which is generally prohibited from the net. As I thought I understood it, advertising which is: - restricted to a single announcement of a product or event. - posted only to groups where reader interest may be expected. is explicitly permitted by the normal ettiquete of usenet. I would expect Glen's candidacy and platform to be of interest to the readers of this group, so, at a minimum, a single announcement would be appropriate and within the guidelines. A reasonably terse Q&A exchange with Glen on his position on privacy-law issues also seems to me to be appropriate material for this newsgroup. [Moderator's Note: The platform doesn't belong in this forum. The last thing we want is every person running on privacy issues to send a 10K platform to the list. I welceom discussion on any technical privacy issue from anyone. _Dennis ] ------------------------------ Date: Sun, 3 May 92 09:21:27 -0700 From: Peter Marshall Subject: COMM DAILY on Privacy Panel Report on Community LInk The 4/21/92 issue of COMM DAILY reported that the "Advisory panel on privacy issues related to use of US West's Community Link videotext gateway in Minn. has been able to agree on many issues proposed by US West and Community Link/Minitel, provider of gateway services," but that "there's still some disagreement." COMM DAILY's item noted that "In report to PUC, which requested study of privacy issues, panel supported decision by Community Link Assoc.(CLMA)not to disclose subscriber usage data except under certain conditions.... Panel members disagreed, however, on how to notify subscribers about uses to which information on their access could be used..., and all but US West and CLMA supported on-line notice to subscribers o privacy concerns." The trade pub. cited US West spokesman Ron Dulle's view that "question is one of balance between what consumer needs to know and how much up-front information can be put on screeens without disturbing service." Importantly, COMM DAILY noted "This is first time such panel has considered privacy issues related to gateways." Meanwhile, a 4/27 NARUC newsletter noted "Texas PUC Votes to Publish Proposed Rule Change Concerning Telecommunication Privacy Issues." The proposed rule includes "polling of telephone customers statewide to determine their preference as to what information about themselves, if any, they would allow to be released for marketing purposes." Peter Marshall ------------------------------ Date: Sun, 3 May 92 13:29:09 PDT From: peter marshall Subject: FBI Interest in Mailing Lists Apparently interested in accessing mailing lists for investigatory purposes, the FBI reportedly recently approached two large mailing list firms, Donnelly Marketing and Metromail, as reported in the 4/20/92 DM [Direct Marketing] NEWS. Other firms were apparently also approached by the FBI, with a source indicating the agency "showed 'detailed awareness' of the products they were seeking...." The DM NEWS item indicated that the FBI had utilized Metromail's MetroNet address lookup service for a period of two years, reportedly to confirm addresses of those sought to be located for interviewing purposes. It has been suggested that the FBI's current effort represents an attempt to employ mailing lists for law enforcement purposes for the first time since an apparent 1984 attempt to purchase such lists on the part of the IRS. As reported here earlier, staff of the Washington PUC, interested in developing a rulemaking to restrict utilities' marketing lists of subscriber data, indicated that in a recent WA State case involving US West's Marketing Resources Group and US West Communications, current customers for MRG's list products included the CIA. These recent developments involving LEO and investigatory interests in mailing lists also echo earlier attention to the similar information products and services of so-called "information brokers' or "superbureaus," whose clients also often include LEOs and investigatory agencies. The same developments also suggest a linkage to uses by similar interests of expanded data on individuals facilitated by initial delivery of calling name and/or number via so-called CallerID and its equivalents. Peter Marshall -- Peter Marshall(rocque@lorbit.uucp) "Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington. ------------------------------ End of Computer Privacy Digest V1 #011 ******************************