Date: Fri, 22 May 92 13:55:50 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#034 Computer Privacy Digest Fri, 22 May 92 Volume 1 : Issue: 034 Today's Topics: Moderator: Dennis G. Rears [J. Michael Blackford: Re: Privacy is a right] Re: Privacy is a right; protection from criminals is not. Re: Computer Privacy Digest V1#033 Re: Cordless Phones Some technical corrections (was Re: cordless phones) Re: Privacy is a right Re: Privacy is a right Re: Privacy is a right Re: "IF you have nothing to hide..." Re: "IF you have nothing to hide..." The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Fri, 22 May 92 10:00:32 EDT From: Brinton Cooper Subject: [J. Michael Blackford: Re: Privacy is a right] > Interesting ... and the bartender only has the right to know if the > customer is over a certain age ... but, he usually gets to find out > the date the customer was born. This is a simple example of a plethora > of instances wherein our "right to privacy" in infringed upon by a > requirement for too much information. Why not issue color-coded > driver's licenses? One color for minors, another for adults? In fact, the State of Maryland does just that. I don't think it's color, but when my son was at the borderline age (circa 21), it was whether your picture was full-face or profile. Come to think of it, background color may have been different, too. Can another Marylander verify? _Brint ------------------------------ Date: Fri, 22 May 92 9:57:41 EDT From: Brinton Cooper Subject: Re: Privacy is a right; protection from criminals is not. Bob Weiner discusses whether there is a conflict between alleged privacy rights and society's alleged right to be protected from criminals: | There are privacy rights and a number of these are codified in law. | There is no legal or moral right that compels society to protect | everyone from potential criminals by using all means possible to | establish evidence that implicates them in criminal behavior. Leaving aside the "all means possible" part of the argument, the conflict seems to remain. 1. One purpose of the US Constitution is "...to ensure domestic tranquility..." This seems to express a requirement of the government to "protect" its citizens. 2. Another part of the US Constitution protects us from illegal search and seizure, and a basic tenet of the Constitution is that rights which are not specifically delegated to the federal or state governments are retained by "the people." These two seem to express the right of citizens to expect privacy in their dealings with government. Unfortunately, "fundamental right infringement" has been with us almost from the beginning. Nowhere does the Constitution exempt from freedom of speech the yelling of "Fire!" in a crowded movie theater. Yet, those who would limit fundamental civil liberties use this example to bolster their claims of propriety in civil liberty limitations. The battle to retain your rights, any of them, is never over. _Brint ------------------------------ Date: Thu, 21 May 92 17:24:33 PDT From: Conrad Kimball Subject: Re: Computer Privacy Digest V1#033 John Artz writes: >| other than myself. If I have a right to control that information, then >| I should also have a right to prevent people from gossiping about >| me, since that also includes disclosure of possibly incorrect private You do, to some extent, by virtue of slander and libel laws - I am not free to say untrue things about you that damage you. >| information. Controlling the dissemination of information about >| ourselves just doesn't work in the long run. Some of the Scandinavian countries are trying. Collectors of information must notify those who are in the databases, I think, along with some other restrictions or rights of the individual that I don't remember now. Simply because one can't totally prevent personal information from being spread doesn't mean we should give up and make the situation worse. Should we get rid of the police simply because we can never completely eliminate crime? >| Does the right to privacy also include the right to anonymity ? If >| I am walking down a dark street at midnight and someone challenges >| me to identify myself, do I have the right to withhold that information. You sure do. You don't have to carry ID, and furthermore you are free to assume as many identities or aliases as you wish, so long as you don't use them to commit fraud. >| I think that information about people should be freely accessible by >| anyone who is interested in it. I further think that we are attacking the I'm incredulous! Do you *really* want everyone to know *everything* about you? I'll leave it to others to point out the many ways information about you can be unjustly used to your detriment, without you ever knowing about it or being able to remedy the situation. It's bad enough now, and you want to make it worse? Conrad Kimball | Deliv. Sys. Tech Support, Boeing Computer Services cek@sdc.boeing.com | P.O. Box 24346, MS 7A-35 (206) 865-6410 | Seattle, WA 98124-0346 ------------------------------ From: David Lemson Subject: Re: Cordless Phones Date: Fri, 22 May 1992 04:04:34 GMT Peter.Gorny@arbi.informatik.uni-oldenburg.de (Peter Gorny) writes: >jangerma@magnus.acs.ohio-state.edu (Jake Angerman) writes: >>How would someone go about doing this? If my neighbor and I both >>have cordless phones, why is it that when I pick mine up I don't >>home-in on their conversation? >That is in fact what happens - hidden for your ears. The phone listens >into 40 (or 80 or more) channels and picks the first unoccupied for >your use. >The newer systems have a complicated security system, which does not >only prevent others from listening to your conversation but also to >use your account. (Exactly this "homing-in" possibility it the reason >why in most European countries it is forbidden to use normal cheap >cordless phones as you can by them in the US) There are ten (*10*) frequencies allocated for cordless phones in the 46 MHz spectrum in the US. That is all. As to why you can't pick up your neighbor's phone if you're on the same frequency, the reason is that most phones incorporate a rudimentary security system (that DIP switch you have to match up between the base and handset). It is by no means secure, but it is enough to keep most people from getting a dial tone from your base without a lot of work. There are one or two digital cordless phones now, some of which use the 800 MHz spectrum. Those are much more secure. I read that Motorola makes one now. Beware "Digital security". This means that it has the codes so that no one can pick up your line (at least not easily). Most likely, the voice transmissions are still analog. Anyone can buy a scanner at Radio Shack and listen in to those frequencies. I have picked up cordless phones up to a mile away with a handheld radio shack (old) scanner. BTW, in most states, it is not illegal to listen to cordless phone calls. It is, however, a felony to divulge information to anyone else about what you heard. (It is illegal to listen to cellular conversations, though). One of the more secure analog cordless phones I heard is a Sony that allows you to scan the channels and pick the cleanest on the fly. Just hit the 'scan' button and it will probably switch frequencies. One more note: most phones don't use the security for phone ringing or the 'page' feature, so if your neighbor has a phone on the same frequency, it is possible your cordless phone could ring whenever he gets a call (whether his cordless is turned on or not...the base unit is almost always powered and transmitting). -- David Lemson (217) 244-1205 University of Illinois NeXT Campus Consultant / CCSO NeXT Lab System Admin Internet : lemson@uiuc.edu UUCP :...!uiucuxc!uiucux1!lemson NeXTMail accepted BITNET : LEMSON@UIUCVMD ------------------------------ Subject: Some technical corrections (was Re: cordless phones) From: John Stanley Date: Thu, 21 May 92 22:03:48 PDT In a recent digest, none@gmuvax2.gmu.edu writes: >Each cordless phone communicates with it's base via a particular >frequency. If by chance your neighbor's and your cordless phones both >operate on the same frquency (possible but statisticly improbable) In the US, the current cordless phone allocation is 10 channels. There is, I believe a new allocation in the 900 MHz range, but the phones you buy today are most likely 49 MHz versions. Being that there are only ten channels, it is a statistical certainty that there will be duplicates once there are 11 phones in a neighborhood. >Cellular phones are a slightly different case. Each phone is registered >on a network, just like your computer is, and is given a unigue address >on that network. Your cellular phone will only work on that one network, >not on the one in the nextdoor. Cellular phones certainly will work on the one "in the nextdoor". It is called roaming, and cellular companies generally charge horrendous rates for it. Because they charge these rates, they will gladly allow you to use your phone in their area. >Note the difference with cordless >phones. You can plug a cordless phone into any active phone jack and >dial out, and anyone knowing the address of the jack can dial in. Just as you can dial out with a cellular phone while roaming, and (with Follow-Me Roaming) anyone knowing the address of the jack can dial in. >Tapping of cellular phones is illegal because it implies requires that >an effort be made to determine someones address and tap into it. No, "tapping" of cellular phones is illegal because the cellular phone companies chose to lobby Congress to make it illegal in an attempt to maintain some vestige of privacy where there really is none. >Basicly, cordless phones do not utilize any private >addressing, which is why there are no laws prohibiting their tapping. Basically, cordless didn't have as good a lobby as cellular. >One final note, cellular phones aren't as secure as we would like to >think. A friend of mine often picks up cellular phone calls on her >shortwave radio. Doubtful. Maybe old style cordless phones. Or maybe it isn't just a shortwave radio. Cellular allocations are well above shortwave, while old cordless phones used a section of the spectrum just above AM broadcast. ------------------------------ From: "Life..." Subject: Re: Privacy is a right Date: Fri, 22 May 1992 15:41:05 GMT jmb@netcom.com (J. Michael Blackford) writes: >Interesting ... and the bartender only has the right to know if the >customer is over a certain age ... but, he usually gets to find out >the date the customer was born. This is a simple example of a plethora >of instances wherein our "right to privacy" in infringed upon by a >requirement for too much information. Why not issue color-coded >driver's licenses? One color for minors, another for adults? Because >no government agency has any interest in protection of privacy rights. Um, check the color of the background for your picture. At least here, they use a different color for adults. With driver's licences being ... reissued? ... every 4 years, if one wants the red background when they're 21, they'd have to buy a licence when they are 20, and then again when they are 21, with next one due at age 24. Takes in a bit more money. Possibly also gets you on a list for possible drunk drivers. >Mike Blackford Internet: jmb@netcom.com >Fax: (408) 973-0514 Compu$erve: 72345,66 I don't drink, so I haven't bothered going in to get a red background. Mine's still blue. -- /// ____ \\\ | CAUTION: | |/ / \ \| | | Avoid eye contact. In case of contact, flush \\_|\____/|_// | mind for 15 minutes. See a psychiatrist if \_)\\/ | irritation persists. Not to be taken gberigan `-' cse.unl.edu | seriously. Keep out of sight of children. ------------------------------ From: "Phillip J. Birmingham" Subject: Re: Privacy is a right Date: Fri, 22 May 1992 16:25:59 GMT In article , jmb@netcom.com (J. Michael Blackford) writes: > Interesting ... and the bartender only has the right to know if the > customer is over a certain age ... but, he usually gets to find out > the date the customer was born. This is a simple example of a plethora > of instances wherein our "right to privacy" in infringed upon by a > requirement for too much information. Why not issue color-coded > driver's licenses? One color for minors, another for adults? Because > no government agency has any interest in protection of privacy rights. Not sure whether you're being sarcastic here, or not, but some states take your picture in profile if you are a minor. In any case, if the term of your DL doesn't end on your 21st birthday, you're gonna have to trudge down to DMV (a real pain in the ass in some places) to get a new one. I'm a privacy freak, but I'm a convenience freak, too. -- Phillip J. Birmingham birmingh@fnal.fnal.gov I don't speak for Fermilab, although my mouth is probably big enough... ------------------------------ Subject: Re: Privacy is a right From: "Roy M. Silvernail" Date: Thu, 21 May 92 22:09:01 CDT "J. Michael Blackford" writes: > Why not issue color-coded > driver's licenses? One color for minors, another for adults? Alaska does just that, or at least, they did up until I left in 1990. The background color of the photo indicates whether the licensee is old enough to imbibe. Of course, the bouncer still looks at the whole license, to determine if it has been altered. -- Roy M. Silvernail -- [] Call your Congressman and urge support of HR3515! roy%cybrspc@cs.umn.edu [] Your Senator should support S. 2112, too! cybrspc!roy@cs.umn.edu [] Protect equal access to the telephone network! ------------------------------ From: The Jester Subject: Re: "IF you have nothing to hide..." Date: 22 May 92 09:42:06 GMT In article crtb@helix.nih.gov (Chuck Bacon) writes: >And yes, I'm damned angry at the "nothing to hide" attack. I had it >pulled on me by police forty years ago, and it still grates. Police >types like to use it because most people get tongue-tied, trying to >express their outrage. > Fine, be angry, but do try and not take it out on me. In addition the point you make is the second reason why I started this thread. (The first being questions regarding public key encryption) I too become tongue-tied when I try to explain why the idea of "nothing to hide" is nonsence. I was trying to look for a simple, clear, answer that would make it clear to anyone with an i.q. measurable in positive integers that the idea of 'nothing to hide' is a one way ticket to hell. While I have heard many EXCELLENT discussions on the topic (and one truly inspired logical examination) there still has been a lack of a simple explination. I am begining to think that such an explination just doesn't exist. Oh and saying "because the government is evil" won't work on a cop. =) The (finger me if you care what my name is) Jester -- The Jester "The Arabs want us dead. We want to be alive. Compromise between these two positions is not exactly easy."-Golda Meir (Stolen from rivk@quads.uchicago.edu) ------------------------------ From: The Jester Subject: Re: "IF you have nothing to hide..." Date: 22 May 92 09:56:12 GMT In article probinson@ultra.enet.dec.com writes: >In article , ygoland@edison.seas.ucla.edu (The Jester) writes: > [Statement regarding attempt to write a paper on public key] > >It shouldn't be taking you this long, unless you're trying to >comprehend the bowels of a specific public key algorithm (there are >several). Describing how a specific algorithm works is overkill if >what you want is to get people onto the public key bandwagon. Unless >you're trying to prove that it's hard to derive one key of a pair from >the other, and it's hard to believe that no such proof exists in a >readable form. > It should take this long if your stupid or if your starting from the begining. The project is on hold for three weeks while finals are delt with. Then we will be reading a book loaned to us on modulo arithmetic and some medium level number theory. We are starting from the very foundations of number theory and working our way up. [Statement regarding desire to produce a variable strength encryption program] > >The strength of public key algorithms is directly related to key >length, which I suppose makes it easy to adjust based on processor >speed. A more useful and friendly program would let me, the user, >decide what strength I wanted, knowing that greater strength would >require more CPU time. > Actually the program will be produced in layers. The innermost layer will be a function call in C which is given the message and the key and then applies the key to the message (either decoding or encoding, we intend to use an rsa type key so that the process will be interchangable). We will also have another, as yet unspecified function, that will be generate the key. How this is done will be decided by the particular form of public key we choose. But it will probably be a function call accepting a key length and a certain amount of 'data'. Outside of these two functions, everything else will just be shells to make them easier. We both expect, if we come up with a good enough standard, that others will develop nicer shells for the functions. In addition it was pointed out that using public key to transmit a private key and then using the private key to initiate private key communications would be more efficient. >I'm curious; how do you plan to associate public keys with people? I >can't send a secret message to you unless I know your public key; what >agent can I trust to give me your public key correctly? > At the moment, the only agent is either personal contact, mail, or e-mail. Both of us expect 'public key databases' to be formed. But with the newness (relatively) of the technology to the open forum, things are going to take awhile to 'gel'. We are not trying to lead the way into Public Key. We just find the question facinating and we desire to share our results with those who too might be interested. What happens from there is of little concern to us. College tends to 'limit' ones scope of interest. >Furthermore, if you upgrade your PC and therefore decide to increase >your encryption strength, you will necessarily change your key (it >will become longer). How will I know that? And how will you know >which of your various public keys was used to encrypt the message I >sent you? > These are all procedural questions that will be answered as public keys actually get used. If you just want 'a answer' I can make something up.. you can include the public key used to encrypt the message in the header of the message so the user's system can match that key against it's own database and then use the matching decryption key to decrypt the message. [Note that a hole was found in NIST DSS] > >Holes found in NIST DSS? I've heard a lot about its unsuitability for >the stated purposes, and lack of confidence due to the comparatively >short time that it has been under analysis, but nothing about any >actual holes. > A couple of months back on sci.crypt there was a discussion about an analysis of the key protocol that showed that under certain circumstances the key generation method would have a statistical tendancy toward a certain range. Far from a massive error, quite possibly the result of trying to push a product to market to quickly, or perhaps the biggest error the government could push in and still hope not to have noticed. The Jester -- The Jester "The Arabs want us dead. We want to be alive. Compromise between these two positions is not exactly easy."-Golda Meir (Stolen from rivk@quads.uchicago.edu) ------------------------------ End of Computer Privacy Digest V1 #034 ******************************