Date: Mon, 20 Sep 93 18:03:39 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#040 Computer Privacy Digest Mon, 20 Sep 93 Volume 3 : Issue: 040 Today's Topics: Moderator: Dennis G. Rears crypto witchhunt? Knowing who has what Re: Knowing who has what Re: John misses the point Re: John misses the point Caller Id & ANI Caller ID/ANI Thread Re: Caller ID/ANI Thread The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Shari Steele Subject: crypto witchhunt? Date: 17 Sep 1993 18:54:51 GMT Organization: Electronic Frontier Foundation [Moderator's Note: Shari Steele has given me permission to repost this here. This appeared in misc.legal ._dennis ] To the 'net community: EFF is very concerned about the Customs Department-initiated grand jury investigation into encryption export violations. Two U.S. companies have been subpoenaed to produce documents related to the "international distribution" of commercial products utilizing PGP and RSA source code. Neither of these companies are engaged in the international distribution of any illegal materials. EFF is working with the concerned parties and is trying to find out the scope of the grand jury investigation. Unfortunately for us in this case, grand jury investigations are secret, so learning the scope is proving to be quite difficult. What we do know is this: Austin Code Works, a software publisher in Austin, Texas (heavy sigh), has been planning to publish a code document written by Grady Ward called Moby Crypto. Grady describes Moby Crypto as simply containing descriptive source code, not executable object code, describing many cryptographic routines that are freely available around the world. Most of this material has been released in print form already. The important distinction seems to be that Moby Crypto will be released in machine-readable format. Austin Code Works has told Customs Agents that it does not intend to release Moby Crypto outside of the U.S., yet the company has been subpoenaed to release all documents related to this product. (Incidently, if Moby Crypto contains no executable code, it should be exportable under ITAR, just as textbooks containing such materials are exportable.) ViaCrypt, a Phoenix, Arizona,-based (heavy sigh again -- man, does this ring familiar) software producer that has a license to sell software products that use the RSA algorithm, was issued a similar subpoena. ViaCrypt has recently contracted with Phil Zimmermann, creator of the PGP encryption code, to sell a commercial version of PGP. ViaCrypt only distributes its products containing the RSA algorithm within the United States, since RSA is not exportable under ITAR. EFF has been in touch with Phil Zimmermann and his attorney, Grady Ward, and the owner of Austin Code Works. We have advised everyone that there is nothing to hide and that they should abide by the subpoenas and produce the documents requested. We will not know what the appropriate response should be until the grand jury makes its determinations. In the meantime, we want everyone to know that EFF is committed to ensuring that the right to use and publish whatever encryption method an individual chooses to use is protected. Jerry Berman, EFF's Executive Director, issued the following internal message this morning: >I've assured Phil that he is not alone, and I have talked with his attorney. >If Phil is charged with export control violations based on making PGP >available in the US on a non-commercial basis and it happens to get >published or copied overseas, First Amendment issues indeed may be joined. >As of now, ViaCrypt has done no "exporting" and does not intend to. I have >the subpoena. Indeed, EFF has copies of both subpoenas. We will continue to keep you informed of what's going on as we learn the facts. EFF is deeply concerned, and we want Phil and everyone else involved to know that they are not alone. As soon as it becomes clear what specifically is being investigated, EFF will respond. Shari *********************************************************************** ****** Shari Steele Director of Legal Services Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 202/347-5400 (voice), 202/393-5509 (fax) ssteele@eff.org ------------------------------ Date: Mon, 20 Sep 1993 02:45:13 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Knowing who has what From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- > > With reverse directories and such, it's trivial to map a > > phone number to a name and address. Thus, they are > > essentially equivalent. > > All the verbage aside, this is what seems to bother you a > great deal. Tell me, why is it that you seem to feel it so > threatened that an entity that you call who pays for that call > know who you are? You know who they are. I assume you are > calling to transact some sort of business. Do you typically > enter into business relationships maintaining your anonymity? > If the call is for product inquiry, are you embarassed that > someone might know that you inquired? If the company who owns the number keeps it to themselves, it's not that bad. If the information falls into the wrong hands, it could be a problem. 1. There are certain activities that are legal now which at one time were not and may be made illegal in the future. If those who sell the products or services related to what is now legal are then outlawed, they could be forced to turn over their lists of customers who can be watched to see if they turn in their contraband to the government. 2. There are certain activities which are legal but doing them can cause the government to come after you on the assumption that you are doing something illegal. (A). If you purchase a short-term round-trip ticket and pay cash, while you are at the airport the chances are good to excellent that a couple of local police or federal marshals will come to see you while you are waiting for the plane, and will ask you for permission to search your baggage; if they find you have a lot of money, it will be confiscated and you won't get it back, on the assumption that you were a drug dealer. You will have to sue them to get it back, and your chances of winning are not good. (B). Garden sales places are routinely being asked to provide information about people who purchase growing lights, or other equipment which has use in growing any illegal drug. Since this is also usable for growing lots of other *legal* drugs, it is being used as harassment for a number of people. (C). On 60 minutes they showed one store where the owner told the government to get a warrant - they put a video camera in a pole across the street and used it to tape everyone who came in and out. Not every business is all that concerned about the privacy of its customers and some will *give* the information to the federales even without a formal request. 3. Combine the list of people who purchase (1) condoms with (2) K-Y Jelly or vaseline. Now, extract those that are listed on married houses, and then either match against magazine subscriptions or notorious gay communities (Dupont Circle in DC and some parts of San Francisco) and it could be used to put those people on mailing lists for homosexuals. Or look for ones with a man and a woman with not the same last name at the same address and use it for mailings for people with live-in lovers, or where the name shows, married couples. Or, the other possibility. If there is someone who is high profile, that a particular city or state administration doesn't like, then use this information to target them and then prosecute them for sodomy or oral copulation where it is illegal. (What is interesting is that until Saturday, these practices *were* illegal in DC even though it had a large Queer population. The law was generally not enforced, I am told; if it had been, a lot of men would have been prosecuted for activities with their wives and girlfriends.) --- Paul Robinson - TDARCOS@MCIMAIL.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ----- ------------------------------ Date: Mon, 20 Sep 93 02:14 PDT From: John Higdon Reply-To: John Higdon Organization: Green Hills and Cows Subject: Re: Knowing who has what On Sep 20 at 2:45, "Tansin A. Darcos & Company" writes: > 1. There are certain activities that are legal now which at one > time were not and may be made illegal in the future. If those > who sell the products or services related to what is now > legal are then outlawed, they could be forced to turn over > their lists of customers who can be watched to see if they turn > in their contraband to the government. I think that the actual number of times this has actually happened (and that can be documented) is somewhere between "never" and "hardly ever" (with apologies to W. S. Gilbert). I realize that this is a current fear, and not without good reason, suffered by gun enthusiasts regarding gun registration, but that is far removed from something as nebulous as a "customer list" -- or more to the point -- an ANI generated list. > (A). If you purchase a short-term round-trip ticket and pay cash, > while you are at the airport the chances are good to > excellent that a couple of local police or federal marshals > will come to see you while you are waiting for the plane, and > will ask you for permission to search your baggage; if they find > you have a lot of money, it will be confiscated and you won't > get it back, on the assumption that you were a drug dealer. You > will have to sue them to get it back, and your chances of winning > are not good. So what you are really saying is that you are better off to use the paper-trailed credit system. What irony to suppose that an anonymity freak would, in an effort to avoid leaving a trail and maintain his "privacy", use cash and maybe even an assumed name and find himself entered on the police blotter and be relieved of his worldly encumbrances in the bargain. You cannot win for losing. > (B). Garden sales places are routinely being asked to provide > information about people who purchase growing lights, or other > equipment which has use in growing any illegal drug. Since this > is also usable for growing lots of other *legal* drugs, it is > being used as harassment for a number of people. Methinks there may be less here than meets the eye. If anyone fits some profile or another, it is myself. My electricity bill is enormous--many times what any of my neighbors pay. Reason? I have many computers, all on twenty-four hours a day, with suitable air conditioning to cool them all off. But the "authorities" don't know this. For all they know, the power is consumed by "grow lights". And how many people do you know have sixteen phone lines and a "major accounts" rep for residence service? Again, this has got to fit a profile for something nefarious (like maybe to conduct "sales" of the drugs that I might be growing). Not once has there been a knock on the door. Oh, except for the time that the police showed up with my recovered motorcycle trailer. > 3. Combine the list of people who purchase (1) condoms with (2) K-Y Jelly > or vaseline. Now, extract those that are listed on married houses, > and then either match against magazine subscriptions or notorious > gay communities (Dupont Circle in DC and some parts of San Francisco) > and it could be used to put those people on mailing lists for > homosexuals. Or look for ones with a man and a woman with not the > same last name at the same address and use it for mailings for > people with live-in lovers, or where the name shows, married couples. I am sure it happens (although the last time I bought Vaseline or condoms--rarely both in the same store visit--no one wrote down my name or address or, heaven forbid, my phone number.) Anyway, how would anyone notice whether some NEW junk mail was arriving? Seventy percent of the mail that shows up at my house is junk and I just pitch it in the recycle bin. It is not one of my major concerns. And where people live means nothing. My sister lives deep in the heart of San Francisco's Castro district and is as straight as they come. On the other hand, I live in Family Suburbia and--well, you get the point. > Or, the other possibility. If there is someone who is high profile, > that a particular city or state administration doesn't like, then > use this information to target them and then prosecute them for > sodomy or oral copulation where it is illegal. It is rather difficult to prove either act without an eye-witness or catching the parties in the act. Being high profile anything does not prove much. I really don't think that is much to worry about. Anyone who lives in an area that has that type of selectively-enforced law does so at his own risk. As I have stated many times, anyone determined to locate you or "get the goods" on you will do so despite your best efforts. Hence, I consider it a gross waste of time and resources to even try to limit this information gathering. I find shoddy info-collecting to be much more offensive, and potentially much more harmful. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: Mon, 20 Sep 1993 08:21:57 -0700 (PDT) From: Dave Ptasnik Subject: Re: John misses the point On Mon, 20 Sep 1993, Tansin A. Darcos & Company wrote: > > John, you are the one who wants to limit technology. The > > technology exists to send Caller ID and/or ANI. The technology > > exists to prevent the sending of both or either. The technology > > exists to reject blocked calls. > > There is a way to block ANI? And a way to allow someone to selectively > receive or not receive it? That's a new one on me. > While I am aware of no system currently in place that does not pass along the ANI on numbers that are caller ID blocked, clearly that is something that could be done if the LEC's and/or IXC's wanted to. I think that the ANI info includes whether or not a line has blocking. At that point it is just a question of screening for that information, and not passing the number to end users when blocking is set to yes. I understand that the IXC's probably need to have the info passed to them, but they do not have to pass it to the end user. All of this is much more related to marketing than technology, which is the core of my point. All of the above is nothing more than the personal opinion of - Dave Ptasnik davep@u.washington.edu ------------------------------ From: "david.g.lewis" Subject: Re: John misses the point Organization: AT&T Date: Mon, 20 Sep 1993 14:18:20 GMT In article Dave Ptasnik writes: >The technology >exists to send Caller ID and/or ANI. Correct >The technology exists to prevent >the sending of both or either. Not correct. Two (primary) signaling methods are used for sending ANI information from the originating LEC to the IXC: Equal Access Multifrequency (EAMF) and Signaling System 7 ISDN User Part (SS7 ISUP). EAMF signaling is capable of sending a 10-digit ANI and two II (information) digits conveying line class of service information (e.g. Coin line). There is no capability in the EAMF signaling protocol to send a "presentation restriction" indicator. SS7 ISUP signaling has the capability of sending significantly more information; however, ANI information is carried in the Charge Number parameter, and the Charge Number parameter as defined in ANS T1.113 (ISUP) does not include a Presentation restriction indicator field. It is therefore not technically feasible for Billing number (ANI) presentation information to be signaled from the originating LEC to the IXC. David G Lewis AT&T Bell Laboratories david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation ------------------------------ Date: Mon, 20 Sep 93 9:59:04 EDT From: Computer Privacy List Moderator Subject: Caller Id & ANI I think the Caller Id and ANI debate should wind down. I think all the points have been made. Nothing new is really being said. I would like to cut the discussion off. If soemthing new pops up I would be glad to publish it. Dave Lewis's post on the technical aspects was welcome and posts expounding on it would be welcome. For fairness sake, I will let everyone have one final post in this discussion. Subject topics have included: ANI *Caller ID* Something to Consider dennis ------------------------------ Date: Mon, 20 Sep 93 11:53 EDT From: Lynn R Grant Subject: Caller ID/ANI Thread I sure hope the caller ID/ANI thread dries up soon. It seems to be devolving into an "is not"/"is too" discussion. Perhaps we should take a break from this subject, and deal with easier problems, like which of the worlds religions is the One True Religion. Lynn Grant Grant@DOCKMASTER.NCSC.MIL ------------------------------ Date: Mon, 20 Sep 93 17:48:52 EDT From: Computer Privacy List Moderator cc: comp-privacy@Pica.Army.Mil Subject: Re: Caller ID/ANI Thread >I sure hope the caller ID/ANI thread dries up soon. It seems to be >devolving into an "is not"/"is too" discussion. I agree. It's been rehashed to much. See the messsage in this digest. > >Perhaps we should take a break from this subject, and deal with easier >problems, like which of the worlds religions is the One True Religion. No Way. The Berlin Wall is down, the Soviet Union is no more, DOD is closing bases, and there is peace in the Middle East. That is child's play compared to getting people to agree about Caller ID. Next thing I know you will want the Cubs to win the World Series:-). dennis ------------------------------ End of Computer Privacy Digest V3 #040 ******************************