Date: Mon, 27 Jul 92 09:57:51 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#066 Computer Privacy Digest Mon, 27 Jul 92 Volume 1 : Issue: 066 Today's Topics: Moderator: Dennis G. Rears CPSR Recommends NREN Privac re: cellular phones/encryption/privacy Re: 800 numbers (Re: Caller ID decision) Re: Computer Privacy Digest V1#065 Re: Administrivia Re: Phone Tap in Murder Case Ruled Illegal The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Organization: CPSR, Washington Office From: Dave Banisar Date: Fri, 24 Jul 1992 17:25:04 EDT Subject: CPSR Recommends NREN Privac CPSR Recommends NREN Privacy Principles ============================================================= PRESS RELEASE July 24, 1992 CPSR Recommends NREN Privacy Principles WASHINGTON, DC -- Computer Professionals for Social Responsibility (CPSR), a national public interest organization, has recommended privacy guidelines for the nation's computer network. At a hearing this week before the National Commission on Library and Information Science, CPSR recommended a privacy policy for the National Research and Education Network or "NREN." Marc Rotenberg, Washington Director of CPSR, said "We hope this proposal will get the ball rolling. The failure to develop a good policy for the computer network could be very costly in the long term." The National Commission is currently reviewing comments for a report to the Office of Science and Technology Policy on the future of the NREN. Mr. Rotenberg said there are several reasons that the Commission should address the privacy issue. "First, the move toward commercialization of the network is certain to exacerbate privacy concerns. Second, current law does not do a very good job of protecting computer messages. Third, technology won't solve all the problems." The CPSR principles are (1) protect confidentiality, (2) identify privacy implications in new services, (3) limit collection of personal data, (4) restrict transfer of personal information,(5) do not charge for routine privacy protection, (6) incorporate technical safeguards, (7) develop appropriate security policies, and (8) create an enforcement mechanism. Professor David Flaherty, an expert in telecommunications privacy law, said "The CPSR principles fit squarely in the middle of similar efforts in other countries to promote network services. This looks like a good approach." Evan Hendricks, the chair of the United States Privacy Council and editor of Privacy Times, said that the United States is "behind the curve" on privacy and needs to catch up with other countries who are already developing privacy guidelines. "The Europeans are racing forward, and we've been left with dust on our face." The CPSR privacy guidelines are similar to a set of principles developed almost 20 years ago called The Code of Fair Information practices. The Code was developed by a government task force that included policy makers, privacy experts, and computer scientists. The Code later became the basis of the United States Privacy Act. Dr. Ronni Rosenberg, who has studied the role of computer scientists in public policy, said that "Computer professionals have an important role to play in privacy policy. The CPSR privacy guidelines are another example of how scientists can contribute to public policy." CPSR is a membership organization of 2500 professionals in the technology field. For more information about the Privacy Policies and how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302. 415/322-3778 (tel) and 415/322-3798 (fax). Email at cpsr@csli.stanford.edu. ============================================================= ------------------------------ From: Edward Bertsch Subject: re: cellular phones/encryption/privacy Date: Fri, 24 Jul 92 17:26:09 CDT ->From: Leonard Erickson ->Subject: Re: cellnet privacy? ->Reply-To: 70465.203@compuserve.com -> ->keith.willis@almac.co.uk writes: -> ->> I wonder how long it is going to be before the business ->> Cellphone users realise that all their conversations made ->> over the Cellnet are easily intercepted, in 'cleartext', ->> with a cheap shortwave scanner? I managed, completely [keith was able to listen in to a phone call...] -> ->> Presumably the legal position on this is similar to police ->> radio; one can overhear, but not act on the information ->> received? -> ->Are you sitting down? Here in the US, rather than deal with this ->by adding encrypted transmission options, the cellular phone industry ->got together and convinced Congress to make monitoring cellular ->calls *illegal*. Even if you *don't* tell anyone. this is the crux of this whole stupid deal. The reason they did this is they (the police, the other bozos in this buearacracy we call the US/State/County/City government and their friends in the narco-military-industrial-complex want to be able to listen in to your phone calls, and have acted to slow the use of data encryption in general, whether it be in cellular phone calls or in copies of Microsoft word that are intended for international sale. ->------------------------------ -> ->From: Greg Earl Webb ->Subject: Re: cellnet privacy? -> ->What is "cleartext" and at what frequencies do they broadcast conversations. ->This is very disconcerning to me as I am an owner of a Cellularphone. ->Is there anyway to scamble conversations so they are not as public. ->Thanks in advance..... -> -> Greg Webb scrambling devices are available. The ones that I have seen are expensive ($1000 - $2000 US) and work like old fashioned acoustic modems (they fit over a conventional telephone's mouth and ear piece, I would imagine you would have some trouble but not too much to be able to fit it onto your cellular phone handset (would have a tougher time with a hand held unit)). These have been advertised in magazines such as HiTimes, and you might also find them in radio electronics magazine. My advice is don't say anything on a cellular telephone you wouldn't be comfortable having someone else hear (and for that matter, use this same logic with the regular telephone). Privacy is a myth in this country, I would say. -- Edward A. Bertsch (eab@msc.edu) Minnesota Supercomputer Center, Inc. Operations/User Services 1200 Washington Avenue South (612) 626-1888 work Minneapolis, Minnesota 55415 (612) 645-0168 voice mail "Read _MY_ lips: No vote this time, George" vote Libertarian in '92 ------------------------------ Date: Fri, 24 Jul 92 15:21 PDT From: John Higdon Reply-To: John Higdon Organization: Green Hills and Cows Subject: Re: 800 numbers (Re: Caller ID decision) David Gast writes: > Rather I see a tradition over at least the last couple decades that no one > knows who is calling until the person identifies him or herself. Of course this has been the result of technological limitations, not a matter of conscious, determined policy. In every means of electronic communication that has been developed since the telephone, if the technology exists, a positive ID of the message originator has been built into the system. Due to the relatively early emergence of the telephone and the widespread flexibility of its connective scope, only recently has the technology been available to provide positive ID of the message originator. Naturally, the breaking of custom and usage will always inspire an anti-technology backlash contingent, but as with all dynamic fields it will just be a matter of time until Caller ID will be taken for granted. In the meantime, we have to go through all the requisite gyrations. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 john@zygot.ati.com | San Jose, CA 95150 | M o o ! ------------------------------ Subject: Re: Computer Privacy Digest V1#065 Date: Fri, 24 Jul 92 16:48:16 PDT From: "Willis H. Ware" -- RE cellular phones and interception thereof. Leonard Erickson indeed had it right. There is a special law covering only cellular phones that makes the mere act of intercepting them illegal; these phones are treated separately than interception of other radio signals under the Communications Act of 1934. Thus if one had a cellular in his car connected to a cordless which he used outside his car to link to it, the cordless link from handset to car comes under the Communications Act of 1934 but the cellular link from car to system comes under the special law. One could scanner-intercept the cordless link but not the cellular link!! Moreover, I believe I'm correct in saying that it is also illegal to market a product [e.g., scanner] that can intercept the cellular frequencies. That reduces the number of people who can do it, if one choses to ignore the law, from our 250M population to the subset of 25-40M who are electronically astute enough of doing it on their own with parts from radio shops. I guess that's what's called risk reduction? Hope is coming but slowly. A new generation of cellular phones is being proposed that will use other forms of modulation. One proposes spread spectrum modulation; the transmitted signal, instead of staying on one frequency and being modulated to convey intelligence, hopes at a high rate from frequency to frequency, staying on any one only for microseconds or perhaps milliseconds at a time. The transmitter and receiver must synchronize with each other, and then step around together. The receiver can then reassemble the signal. The intelligence is not in the rate or sequence of hopping but still in a modulated signal that moves around, or in digitized voice that is moved around on a carrier. That will make interception much more difficult because conventional receivers will not handle such signals. Since the signal energy is splattered all over a wide band, conventional receivers usually won't even detect the presence of a spread-spectrum signal. It takes very special ones that would not normally be a consumer electronics item, but of course is well within the capability of the electronic engineer. My understanding is that at least two proposals exist, and differ on the details of how the signal is jumped around. There is also a proposal to digitize the signal and use so-called time-division multiplexing which is the scheme used on teleco T-1 and faster lines. Again a special receiver which can synchronize to the transmitter or to a stable clock is necessary. I'm told that Motorola is talking about, may already have introduced encrypted cellular fones using some proprietary encryption algorithm. Cellulars and regular handsets with the Federal DES algorithm in them already exist but restrictions on use and export of Federally approved encryption makes them less attractive. And of course, all parties that wish to talk securely must have secure phones; it is not a system-level service but rather a subscriber-provided end-to-end individual service. The signal stays encrypted from your handset to mine. Willis Ware Santa Monica, CA ------------------------------ From: Graham Toal Subject: Re: Administrivia Date: 25 Jul 92 16:08:45 GMT Reply-To: gtoal@stack.urc.tue.nl Organization: MCGV Stack, Eindhoven University of Technology, the Netherlands In article comp-privacy@pica.army.mil (Computer Privacy List Moderator) writes: > Submissions have really gone down in the last two weeks. This is my >first digest this week. Without submissions this forum can't exist. >There are lots of topics that haven`t been mentioned here that probably >should. Hi Dennis - I used to read telecom-priv digest, and gave up because I had problems with so much mail in my mailbox. Now it's on usenet news I'm back. *But* I should point out I only discovered you again by accident, on seeing a posting of yours in another group. Perhaps you could send a little note round some of the other groups (comp.dcom .telecom, alt.conspiracy, ...) telling them you're here? Graham [Moderator's Note: I wonder if there are many USENET readers who don't know we exist? _dennis ] ------------------------------ From: Graham Toal Subject: Re: Phone Tap in Murder Case Ruled Illegal Date: 25 Jul 92 16:35:39 GMT Reply-To: gtoal@stack.urc.tue.nl Organization: MCGV Stack, Eindhoven University of Technology, the Netherlands In article MPA15AB!RANDY@trenga.tredydev.unisys.com writes: >[I can understand it being illegal to tap one's own phone, and also >that evidence received through government (police) misconduct should >be suppressed. It also makes sense to me that if you illegally tap >your phone, you shouldn't be able to profit from it, such as by using >the tapes in a civil suit. But if the government had no hand in >making the tape (didn't put you up to it, etc.), then the tape should >be usable in a criminal case. -- RCG] > >[Moderator's Note: I wonder if it would be legal for me to put a sign on >my door stating that entrance into my apartment implies consent for >recording of that person and a trap on my phone that states staying on >the line implies consent for me to record the conversation. After all >the government does it with thier installations. _dennis] I posted this article to alt.conspiracy today before i discovered this group, which seems more appropriate... The question relevant to this thread is would evidence gleaned by a hotel employee hold up in court? G -------- First of all, you have to take this as hearsay - the guy who told me this info said that he did the things I'm describing personally; but I don't know his name or where exactly he works - it was a chance meeting on a recent vacation trip to the US. This guy I met told me he was a senior employee of Howard Johnsons - not a manager, but a worker. He said that he and his staff regularly listened in on guest's telephone calls, and that they had a way of monitoring all calls at once. He reckoned his hotel was often used by drug dealers, and that several well publicised drug busts had come through info he and his staff had passed on to police. He gave the impression that his hotel was no exception - that police forces in many places use hotel staff to monitor hotel phones for them and report anything suspicious. It isn't an organised operation I should add - they don't do this *all* the time - just (it sounded to me) when they're bored. Still, it's chilling to think that when you use a hotel phone you're more likely to be monitored than not. And the thought that H-J's phone system has special features to allow all lines to be ganged together for simultaneous listening, followed by a way of scanning through them to find a particular call amongst the 'cocktail party effect', is a bit worrying... G ------------------------------ End of Computer Privacy Digest V1 #066 ******************************