Date: Wed, 27 Jan 93 11:19:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#009 Computer Privacy Digest Wed, 27 Jan 93 Volume 2 : Issue: 009 Today's Topics: Moderator: Dennis G. Rears Re: SSN as a red herring Listening to cordless telephone conversations Released GSA Documents Slam FBI Wiretap Proposal SSN and new baby CFP Special Issue on Security [Change in Due Date] Re: The UPS clipboard Re: worries about privacy could tone down success of caller ID Re: Litigation, SSN and IRS Re: Radar Detector Prohib RE: RE: SSN and new baby The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Jim Haynes Subject: Re: SSN as a red herring Date: 15 Jan 1993 19:58:25 GMT Organization: University of California; Santa Cruz In article cme@ellisun.sw.stratus.com (Carl Ellison) writes: > >To me, the SSN is just one of many IDs which would allow some record about >me to be correlated with some other record. However, I assume that there >are many such identifiers or characteristics -- either alone or in >combination with others. > >Has anyone considered how to conduct one's life in order to avoid all such >correlation of records? [This strikes me as possibly a cryptographic >problem, thus the cross-post.] Well, according to some recent items in comp.risks in which people's drivers licenses are being revoked mistakenly, it seems that you must have a name which is unpronounceable and doesn't spell anything like anybody else's, and a birth date which nobody else could possibly have. So, yes, it does have something to do with cryptography - you get your name and birth date from a true one-time pad. -- haynes@cats.ucsc.edu haynes@cats.bitnet ------------------------------ From: x91nikorawal@gw.wmich.edu Subject: Listening to cordless telephone conversations Date: 15 Jan 93 23:31:44 EST Organization: Western Michigan University Hi, I understand that listening to radio signals via a scanner, etc is legal. However, is it legal to listen to a telephone conversation taking place on a cordless telephone and if so, can it be done using a scanner ??? Any comments/suggestions will be welcomed. Thank You in adv. Percy. [Moderator's Note: Last I heard it was legal to listen to but illegal to disclose the contents of the conversation or profit from it. ._dennis ] ------------------------------ Date: Sat, 16 Jan 1993 10:22:23 -0500 From: Dave Banisar Subject: Released GSA Documents Slam FBI Wiretap Proposal "GSA Memos Reveal that FBI Wiretap Plan was Opposed by Government's Top Telecomm Purchaser" The New York Times reported today on a document obtained by CPSR through the Freedom of Information Act. ("FBI's Proposal on Wiretaps Draws Criticism from G.S.A.," New York Times, January 15, 1993, p. A12) The document, an internal memo prepared by the General Services Administration, describes many problems with the FBI's wiretap plan and also shows that the GSA strongly opposed the sweeping proposal. The GSA is the largest purchaser of telecommunications equipment in the federal government. The FBI wiretap proposal, first announced in March of 1992, would have required telephone manufacturers to design all communications equipment to facilitate wire surveillance. The proposal was defeated last year. The FBI has said that it plans to reintroduce a similar proposal this year. The documents were released to Computer Professionals for Social Responsibility, a public interest organization, after CPSR submitted Freedom of Information Act requests about the FBI's wiretap plan to several federal agencies last year. The documents obtained by CPSR reveal that the GSA, which is responsible for equipment procurement for the Federal government, strongly opposed two different versions of the wiretap plan developed by the FBI. According to the GSA, the FBI proposal would complicate interoperability, increase cost, and diminish privacy and network security. The GSA also stated that the proposal could "adversely _affect national security._" In the second memo, the GSA concluded that it would be a mistake to give the Attorney General sole authority to waive provisions of the bill. The GSA's objections to the proposal were overruled by the Office of Management and Budget, a branch of the White House which oversees administrative agencies for the President. However, none of GSA's objections were disclosed to the public or made available to policy makers in Washington. Secrecy surrounds this proposal. Critical sections of a report on the FBI wiretap plan prepared by the General Accounting Office were earlier withhold after the FBI designated these sections "National Security Information." These sections included analysis by GAO on alternatives to the FBI's wiretap plan. CPSR is also pursuing a FOIA lawsuit to obtain the FBI's internal documents concerning the wiretap proposal. The GSA memos, the GAO report and others that CPSR is now seeking indicate that there are many important documents within the government which have still not been disclosed to the public. Marc Rotenberg CPSR Washington office rotenberg@washofc.cpsr.org Note: Underscores indicate underlining in the original text. Dashes that go across pages indicate page breaks. [Computer Professionals for Social Responsibility is a non- profit, public interest membership organization. For membership information about CPSR, contact cpsr@csli.stanford.edu or call 415/322-3778. For information on CPSR's FOIA work, contact David Sobel at 202/544-9240 (sobel@washofc.cpsr.org).] ------------------------------------------------------------- (#4A) Control No. X92050405 Due Date: 5/5/92 Brenda Robinson (S) After KMR consultations, we still _"cannnot support"_ Draft Bill. No. 118 as substantially revised by Justice after its purported full consideration of other agencies' "substantive concerns." Aside from the third paragraph of our 3/13/92 attachment response for the original draft bill, which was adopted as GSA's position (copy attached), Justice has failed to fully address other major GSA concerns (i.e., technological changes and associated costs). Further, by merely eliminating the FCC and any discussion of cost issues in the revision, we can not agree as contended by Justice that it now " ... takes care of kinds of problems raised by FCC and others ...." Finally, the revision gives Justice sole unilateral exclusive authority to enforce and except or waive the provisions of any resultant Iaw in Federal District Courts. Our other concerns are also shown in the current attachment for the revised draft bill. Once again OMB has not allowed sufficient time for a more through review, a comprehensive internal staffing, or a formal response. /Signature/ Wm. R. Loy KMR 5/5/92 Info: K(Peay),KD,KA,KB,KE,KG,KV,KM,KMP,KMR,R/F,LP-Rm.4002 (O/F) - 9C1h (2) (a) - File (#4A) ------------------------------------------------------------- ATTACHMENT REVISED JUSTICE DRAFT BILL DIGITAL TELEPHONY The proposed legislation could have a widespread impact on the government's ability to acquire _new_ telecommunications equipment and provide electronic communications services. _Existing_ Federal government telecommunications resources will be affected by the proposed new technology techniques and equipment. An incompatibility and interoperability of existing Federal government telecommunications system, and resources would result due to the new technological changes proposed. The Federal Communications Commission (FCC) has been removed from the legislation, but the Justice implementation may require modifications to the "Communications Act of 1934," and other FCC policies and regulations to remove inconsistencies. This could also cause an unknown effect on the wire and electronic communications systems operations, services, equipment, and regulations within the Federal government. Further, to change a major portion of the United States telecommunications infrastructure (the public switched network within eighteen months and others within three years) seems very optimistic, no matter how trivial or minimal the proposed modifications are to implement. In the proposed legislation the Attorney General has sole _unilateral exclusive_ authority to enforce, grant exceptions or waive the provisions of any resultant law and enforce it in Federal District Courts. The Attorney General would, as appropriate, only "consult" with the FCC, Department of Commerce, or Small Business Administration. The Attorney General has exclusive authority in Section 2 of the legislation; it appears the Attorney General has taken over several FCC functions and placed the FCC in a mere consulting capacity. The proposed legislation would apply to all forms of wire and electronic communications to include computer data bases, facsimile, imagery etc., as well as voice transmissions. The proposed legislation would assist eavesdropping by law enforcement, but it would also apply to users who acquire the technology capability and make it easier for criminals, terrorists, foreign intelligence (spies) and computer hackers to electronically penetrate the public network and pry into areas previously not open to snooping. This situation of easier access due to new technology changes could therefore affect _national security_. (1) ------------------------------------------------------------- The proposed legislation does not address standards and specifications for telecommunications equipment nor security considerations. These issues must be addressed as they effect both the government and private industry. There are also civil liberty implications and the public's constitutional rights to privacy which are not mentioned. it must be noted that equipment already exists that can be used to wiretap the digital communications lines and support court- authorized wiretaps, criminal investigations and probes of voice communications. The total number of interception applications authorized within the United States (Federal and State) has been averaging under nine hundred per year. There is concern that the proposed changes are not cost effective and worth the effort to revamp all the existing and new telecommunications systems. The proposed bill would have to have the FCC or another agency approve or reject new telephone equipment mainly on the basis of whether the FBI has the capability to wiretap it. The federal- approval process is normally lengthy and the United States may not be able to keep pace with foreign industries to develop new technology and install secure communications. As a matter of interest, the proposed restrictive new technology could impede the United States' ability to compete in digital telephony and participate in the international trade arena. Finally, there will be unknown associated costs to implement the proposed new technological procedures and equipment. These costs would be borne by the Federal government, consumers, and all other communications ratepayers to finance the effort. Both the Federal government and private industry communications regular phone service, data transmissions, satellite and microwave transmissions, and encrypted communications could be effected at increased costs. (2) ============================================================= Documents disclosed to Computer Professionals for Social Responsibility (CPSR), under the Freedom of Information Act December 1992 ============================================================= ------------------------------ From: robert.heuman@rose.com (robert heuman) Subject: SSN and new baby Organization: Rose Media Inc, Toronto, Ontario. Date: Mon, 18 Jan 1993 15:01:02 GMT Date Entered: 01-18-93 09:56 -=> Quoting "m. Adams/starowl" According to the IRS, if you wish to claim a child over age 1 as a "A<> dependent for tax purposes, that child *must* have a SSN. "A<> True, the kid doesn't need a SSN for hirself, but the "A<> parent(s)/guardian(s) might need the kid to have a SSN..... And if the parents are US Citizens abroad, as in Canada, and the children are born in Canada and are considered Canadian by Canada (and are NOT registered at the US Consulate, so they will not be in any draft list) but are still dependents of their US Citizen parents [and, BTW, are considered US citizens by US Immigration (I know... I have two sons in that situation.)]??? Is a SSN still needed to claim them on the tax return??? And if the hospital is in Canada, and NOT in the US... etc.... etc.... etc... I fail to see how any other jurisdiction can permit this lunacy to prevail over its own laws, or in contradiction to its laws.. (for example European privacy legislation might make transmission of this information to the US highly illegal). What is the US government's position in respect of non-US residents who are deductable on their US Citizen parents tax returns? Convoluted, or not, you should understand my concern. Bob ... Twice as Human as anyone else - My Opinions are my Own! ___ Blue Wave/QWK v2.12 --- RoseMail 2.00 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285 ------------------------------ From: Matt Bishop Subject: CFP Special Issue on Security [Change in Due Date] Reply-To: Matt Bishop Organization: Purdue University Date: Mon, 18 Jan 1993 13:04:30 GMT [NOTE CHANGE IN SUBMISSIONS DUE DATE: IT IS NOW JUNE 1, 1993] Matt Bishop will be Guest Editor of a special issue of the journal "Computing Systems" to be published in 1993. The issue will be devoted to "Security and Integrity of Open Systems." Papers on all aspects of policy, issues, theory, design, implementation, and experiences with security and integrity in open systems are solicited for the issue. The deadline for submissions is June 1, 1993; papers submitted after this deadline will not be considered. Prospective authors should send five copies of their papers to: Professor Matt Bishop Mathematics and Computer Science Dartmouth College 6188 Bradley Hall Hanover, NH 03755-3551 (603) 646-3267 Matt.Bishop@dartmouth.edu Submissions should not have appeared in other archival publications prior to their submission. Papers developed from earlier conference, symposia and workshop presentations are welcome. "Computing Systems" is a journal dedicated to the analysis and understanding of the theory, design, art, engineering and implementation of advanced computing systems, with an emphasis on systems inspired or influenced by the UNIX tradition. The journal's content includes coverage of topics in operating systems, architecture, networking, interfaces, programming languages, and sophisticated applications. "Computing Systems" (ISSN 0895-6340) is a refereed, quarterly journal published by the University of California Press for the USENIX Association. Usenix is a professional and technical association of individuals and institutions concerned with breeding innovation in the UNIX tradition. Now in its fifth year of publication, "Computing Systems" is regularly distributed to 4900 individual subscribers and over 600 institutional subscribers (libraries, research labs, etc.) around the world. Some special-topic issues are often distributed more widely. The editor-in-chief of "Computing Systems" is Mike O'Dell of Bellcore. Gene Spafford of Purdue University is Associate Editor, and Peter Salus of the Sun User Group is the Managing Editor. ------------------------------ From: hartman@ulogic.UUCP (Richard M. Hartman) Subject: Re: The UPS clipboard Date: 15 Jan 93 15:11:24 GMT Organization: negligable Source-Info: From (or Sender) name not authenticated. In article roy@cybrspc.uucp (Roy M. Silvernail) writes: >Jarrod Staffen writes: > >> BTW, UPS is not ignoring security risks. They just ignore people >> who ask about safety risks. They know what is possible. > >Doesn't that strike you as extremely arrogant? Not necessarily. It could be a security measure... >> IMO, though, I think they should do something more to ensure the >> safety of their electronic data. > >And IMO, they should be a little more forthcoming to their customers >about the precautions they do take (if, in fact, they take any at all... >I'm still not very convinced). If they made a habit of disclosing their security measures to every TD&H who asked, then it would not be secure for very long. As long as the measures are unknown, the means to defeat them remain unspecified. Once you know a security measure, you can begin working on the means to defeat it. I have to side w/ UPS policy on disclosure on this one. After all, they have a right to their privacy, don't they? >As a computer professional, I was >not exactly enthralled to be summarily dismissed by a marketing droid >who obviously had no grasp of the technical issues I raised. Don't raise technical issues with marketing droids. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= And the men who hold high places | must be the ones who start | -Richard Hartman to mold a new reality | hartman@uLogic.COM closer to the heart! | ------------------------------ From: "Richard M. Hartman" Subject: Re: worries about privacy could tone down success of caller ID Date: Tue, 19 Jan 93 5:58:44 PST I don't really see what the problem is. If you have a peephole in the door, you can see me when I knock before letting me in. If I cover the peephole with my thumb, you cannot see me. It is then your option to not open the door. What is the problem with having both Caller-ID (peephole), and Caller-ID-Blocking (thumb)? -Richard Hartman hartman@ulogic.COM =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "If we do not succeed, we risk failure." -D. Quayle [Moderator's Note: Would anyone out there be willing to put together a FAQ on caller-id? This faq should be bias free and mention arguements for and against caller-id, line blocking, per call blocking, ANI vs Caller-id, etc. ._dennis ] ------------------------------ From: p-hurley1@tamu.edu Date: 19 Jan 93 12:43:17 CDT Subject: Re: Litigation, SSN and IRS Reply-to: p-hurley1@tamu.edu It appears that perhaps this information has once again become pertinent to the comp.privacy newsgroup. I assume I am sending this to the correct address. Again, this is for your use to post if you deem necessary. Up until a year ago, I had not been claiming my children older than 1 year as dependents because I refuse to get them a SSN. A year ago, I found out that the President of the Home School Legal Defense Association (Michael Farris) tried to sue the IRS over its requirement of SSN's for children. I wrote requesting to be included in any class action that might be planned. I received three letters in response. I reproduce the salient one here for your use if you see fit. The letter is on letterhead of the Christian Justice Fund: Dear Friends, This letter is to advise you of the options regarding the filing of your income tax return in light of your desire to avoid obtaining a Social Security number for your children. First of all, everyone should realize that because of a certain judge's ruling, it is procedurally impossible for us all to join together in one suit. It is also impossible for us to do a separate lawsuit for each of the families. We do not have enough resources, not do I have enough time. We are going to pursue one or perhaps two lawsuits to set a precedent for all families. As an attorney, I cannot tell you to violate the law. However, I can tell you the probable consequences of different courses of action. All of these options assume that you do not obtain a Social Security number for your children. 1. You can file your return and not claim your children as dependents. This is totally safe. However, this costs you a substantial amount of money *and* will not put you in a good position to challenge the legality of this requirement. 2. You can file your return and claim your children. If you do this, simply leave the sections regarding Social Security numbers blank. This positions you to challenge the IRS requirement. These are the risks: 1) You could receive a penalty of either $5 or $50 per child; 2) Your dependency deduction could be disallowed; 3) You could be audited and required to prove that the child is truly your dependent; or 4) You could be criminally prosecuted. Everyone that I have talked to (including attorneys for the Justice Department) agree that criminal prosecution is extremely unlikely. The most likely outcome is #3. 3. You can file your return, claim your children, and submit a $5 penalty per child with your return. I would not recommend this option. However, see #4 which follows. 4. If you receive a notice assessing a $5 penalty, pay it. We then have you in a position to sue for a refund of the $5 and test the legality of the rule. It is my opinion that a challenge to this law cannot be mounted unless a number of families choose option #2. There is a strong likelihood that the IRS will only require us to prove dependency. If this is the case, no lawsuit will be required. Also, we may choose not to proceed if they simply assess $5 penalties. I hope this answers your questions. Please _write_ if you have further questions. Sincerely, Michael P. Farris Philip Hurley "It is absurd to say that you are T.A.E.X. especially advancing freedom when you only Computer Technology use free thought to destroy free will." (409) 845-9689 -- Chesterton p-hurley1@tamu.edu I, too, disclaim. ------------------------------ From: gordon@spot.Colorado.EDU (GORDON ALLEN R) Subject: Re: Radar Detector Prohib Organization: University of Colorado, Boulder Date: 20 Jan 93 15:39:51 GMT As one aside from this thread, the radar detector I had in my car was stolen. When I informed my insurance company, I was informed that they are illegal and therefor not covered by my comprehensive policy. I told them that there is no law in colorado regarding their illegality. I was then informed that their purpose was to break the law and was not covered... When I mentioned that they were assuming I was guilty and must prove my innocence, instead of the other way around, the person kindly told me that it is just their policy. End of conversation. -- Allen Gordon *If the folly of but one of us was changed to* Research Associate *intelligence, and divided amongst a thousand* gordon@spot.colorado.edu *toads, each would be more intelligent than * *Aristotle * ------------------------------ From: J.Clemens/D17-1@g-ate.uscghq.uscg.mil Subject: RE: RE: SSN and new baby Date: 20 Jan 93 7:35:26 EST > Mike Brokowski writes: > It seems government have been registering births of children at least > since the Roman times (given the reason for the census at Christs' > birth). Actually, Jesus' birth was incidental to the census. Joseph was the one who had to register, with his family. (Luke 2:1-5) Jonathan ------------------------------ End of Computer Privacy Digest V2 #009 ******************************