Date: Wed, 29 Sep 93 13:08:58 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#050 Computer Privacy Digest Wed, 29 Sep 93 Volume 3 : Issue: 050 Today's Topics: Moderator: Dennis G. Rears Guest Moderator Re: Caller ID/ANI Thread Lexis Re: Clinton's Health Care Plan Re: Finding out the Caller's Number (was ANI) DES Key Search Paper The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Tue, 28 Sep 93 9:45:32 EDT From: "Dennis G. Rears" cc: tcora@Pica.Army.Mil Subject: Guest Moderator I will be away from the office from Friday, 1 Oct until Monday , 11 October. Tom Coradeschi will be the guest moderator for this time period. Administrative requests will not be handled until I get back. dennis ------------------------------ Date: Mon, 27 Sep 93 18:44 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: Caller ID/ANI Thread Hans Lachman writes: > OK, this is my last post on this topic (I hope!). That is too bad, since I have a question or two for you, since you seem to be the Hard Questionmeister. > Instead, turn the questioning around, and ask the anti-privacy > freak for proof of any danger resulting from the increase in > consumer power. That puts them in the defensive position. I > asked for this proof in the ANI debate (earlier article), and > got deafening silence from the other side. This is very clever (well, not that clever) sophistry. However, I have a question for you: What gives you or anyone else the right to call me at my place of business and dictate how I will use a telephone service that I not only pay for monthly, but also for the proximate call you are making at the time? And further, what gives you the right to tell me how my business will be conducted so as not to use a feature that you dislike? Whether you call my 800 number is entirely a matter that is under your control. You make that conscious decision. I do not force you to call my business and if you are so strongly offended at the loss of your anonymity, I would strongly advise you to refrain from calling mine or anyone else's 800 number. Yes, it may cause you some inconvenience to avoid using 800 numbers, but nowhere is it written that you have any right to call them on your specific terms. If you want to get legislation (just what we need, more junk laws) passed that requires statements such as "calling this number may reveal your telephone number to the callee", that is one thing. But to take it upon yourself to dictate aspects of a service in which you do not even participate as a customer or as a supplier (just as a beneficiary of its mere existence) is display of extreme arrogance. It is not a God-given or Constitutional right to be able to call 800 numbers anonymously. These numbers are paid for by businesses to further their own business needs, not to satisfy some intrinsic obligation to you. If you feel the public is inadequately informed concerning the technical aspects of 800 service delivery, no one is stopping you from taking out full-page ads in national publications to remedy that situation as it is perceived BY YOU. ANI delivery is not some dirty little secret of which only fabulously informed persons such as yourself have any knowledge. > In conclusion, I believe that consumers should have maximum > possible control over the collection, dissemination, and use of > information about themselves. I could not agree with you more. As I pointed out, you can block any 800 number from reading your ANI very easily (don't call). I also realize that you want your cake and eat it too. You want businesses to shell out for those 800 numbers which save YOU money, but you also want to dictate the terms by which they can be used. Sometimes you cannot get what you want, just the way you want it at other people's real, monitary expense. BTW, I will be happy to prove that ANI delivery causes no harm right after you show me how. Please prove to me that cucumbers do not cause cancer. Otherwise, I am going to see what I can do to have them outlawed :-) I did get that right, did I not? You merely have to make a groundless accusation and it is up to those of us paying the bills on and participating in the service in question to disprove your charges with a propondrance of the evidence while you sit back and indignantly look on. Got it. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: 28 Sep 1993 09:34:18 -0500 (CDT) From: JTUCKER@vax2.cstp.umkc.edu Subject: Lexis Organization: University of Missouri - Kansas City, CSTP I just received a disturbing item in the mail. The following postcard is from Lexis who is owned by Mead Data Central: LEXIS FINDER Library --- Coming soon to LEXIS The FINDER library -- a nationwide "white pages" directory of 111 million individuals' addresses, phone numbers and more -- is coming soon to your LEXIS terminal. With LEXIS FINDER you'll quickly and easily find: Parties Witnesses Heirs Beneficiaries Shareholders Members of potential class actions Watch your mail for more info, etc... Didn't Lotus try this one? Joseph... ------------------------------ Date: 28 Sep 1993 18:31:37 +0000 (GMT) From: Dick Rinewalt Subject: Re: Clinton's Health Care Plan Organization: Texas Christian Univ Comp Sci Dept In article , WHMurray@dockmaster.ncsc.mil writes: > The bureaucrats response of choice in this situation will be a personal > identity number and a massive data base. This data base will contain > our most intimate personal information. It will be in the > hands of government bureaucrats. If bureaucrats simply do what > bureaucrats do, these tools will result in huge loss of personal and > family privacy. While safeguards, may mitigate this to some small > degree, and whether or not there is abuse, the impact will be major. The database already exists (the Medical Information Bureau in Boston), but it is in the hands of the insurance companies who can (ab)use it as they wish. Dick Rinewalt Computer Science Dept Texas Christian Univ rinewalt@gamma.is.tcu.edu 817-921-7166 ------------------------------ Date: Tue, 28 Sep 93 14:43:54 CDT From: varney@ihlpe.att.com Subject: Re: Finding out the Caller's Number (was ANI) Organization: AT&T Network Systems In article "david.g.lewis" writes: >In article varney@ihlpe.att.com writes: >> At least for 800 calls, I wouldn't object to an ANI-block >>mechanism. (I must acknowledge I work for a part of AT&T that could >>benefit from any mandated new features.) Even better would be a >>"presentation restricted" indicator in the ANI field, as the Caller-ID >>information contains. > >Of course - then all the LECs are mandated to purchase new software for >all their 5ESS(R) switches, 1ESS(TM) switches, 1AESS(TM) switches, >4ESS(TM) switches, new MF senders for all the remaining 5XBs, etc., >etc., etc. Helps AT&T Network Systems' income no end... Although I >would claim it would be a Big Deal to build and deploy it. David, I think you may have mis-interpreted my post. I am NOT advocating a "block ANI" for 800 calls. I said I wouldn't OBJECT to it, if payed for (ENTIRELY) by the users. Whatever the deployment costs, whatever the method of blocking calls that blocked ANI, etc. Any IXC costs would be recovered, as well. If users want the capability, but are unwilling to put forward some real $$$, then they don't really want it. Please note that LEC mandated purchases are not that uncommon. In many cases, the feature users DON'T pay for the costs. The telephone users or IXCs get to pay for it in higher rates (or slower reductions). Going to 4-digit Carrier Access Codes will probably be paid for by the existing IXCs, who benefit little from the feature. Costs for the Interchangable NPAs sure aren't going to be recovered by higher charges to call those new NPAs, or by callers assigned the new NPAs. >... Over, say, 250 business days a >year, we're talking about a $40 million hit on the bottom line of the >800 business. > >That's ongoing costs, of course; there's also the cost to the industry >of building and deploying the capabilities to provide the blocking. David, those requesting blocking have not stated they are unwilling to pay for the capability. If every IXC received $1 for every blocked attempt, would you still insist on non-deployment? How about $10? For those who want ANI blocking for 800 calls, HOW BADLY do you want it? (And please assure me you don't want non-users to fund it.) Al Varney - my opinion only ------------------------------ Date: Wed, 29 Sep 93 00:46:46 -0400 From: Monty Solomon Subject: DES Key Search Paper FYI. From rec.video.satellite Newsgroups: rec.video.satellite Message-ID: Date: Tue, 28 Sep 1993 08:14:52 CDT Sender: HOMESAT - Home Satellite Technology From: "Dr. Robert R. Wier" Subject: DES encryption Here's a thing which recently came in which I thought might be of interest to you VCII(+) fans out there... ===Bob Wier ========== insert usual discalimers here ================= internet: wier@merlin.etsu.edu (watch for address change) Subject: Re: DES Key Search Paper (fwd) Michael Weiner presented a paper at Crypto93 that describes a fast DES key search engine that uses a special inside-out DES chip that he designed. This chip takes a single plaintext/ciphertext pair and quickly tries DES keys until it finds one that produces the given ciphertext from the given plaintext. Weiner can get these chips made for $10.50 each in quantity, and can build a special machine with 57000 of these chips for $1 million. This machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours on the average. He works for Bell Northern Research in Ottawa, and says they have not actually built this machine, but he has the chip fully designed and ready for fabrication. This is a stunning breakthrough in the realization of practical DES cracking. BTW-- note that PEM uses straight 56-bit DES. ------------------------------ End of Computer Privacy Digest V3 #050 ******************************