Date: Wed, 15 Dec 93 10:32:58 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#007 Computer Privacy Digest Wed, 15 Dec 93 Volume 4 : Issue: 007 Today's Topics: Moderator: Leonard P. Levine Re: Gun Control/Registration/Confiscation Re: Gun Control/Registration/Confiscation Re: Right To Search Floppy Disks? Re: Right To Search Floppy Disks? Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Encryption At School Re: Encryption At School e-Mail privacy Connecticut License and SSN LA Times Electronic Privacy The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- from: vivo@hardy.u.washington.edu (The Flying Finn) Organization: University of Washington, Seattle Date: 14 Dec 1993 19:18:01 GMT Subject: Re: Gun Control/Registration/Confiscation In article , Dave Niebuhr wrote: >And after what happened on the Long Island Railroad on December 7, 1993, >the Brady Bill has proved worthless. A man got on a train and proceeded >to kill five people and injure about 20 more. He used a 9mm pistol that >was purchased legally in California. > >So much for a 5-day waiting period. California has a 15-day one and this >guy checked out clean. > Look, nobody ever said the Brady Bill was foolproof. The point is that the Brady Bill would prevent *some* homicides, not *all* homicides. A determined stalker is going to get a gun. A less determined stalker - or a temporarily pissed-off individual - will likely be deterred. If memory serves me right, the Brady Bill would have saved Jim Brady, Ron Reagan, a D.C. policeman, and a Secret Service agent from being shot if it had been in effect when Hinckley bought his guns(Hinckley had had mental problems that would be flagged by the background check). =Eric ------------------------------ From: "Prof. L. P. Levine" Date: Tue, 14 Dec 1993 14:43:50 -0600 (CST) Subject: Re: Gun Control/Registration/Confiscation In Computer Privacy Digest, Volume 4: Issue: 6 mcinnis@vnet.ibm.com speaking on Gun Control/Registration/Confiscation states: >Of course, the lesson to be learned here is to move to NY City where the gun >laws keep the steets free of crime and to avoid lawless areas of the country >like Texas. I did a little checking on the data by calling Milwaukee Public Library's Ready Reference service and found the following: This is from the Statistical Abstracts: City Murder/ Overall Crime/ 100,000 100,000 Detroit 57 2,899 Dallas 44 2,438 New York City 31 2,384 El Paso 7 992 I guess the media presence in NYC affect the perception we all have. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 [This strays a bit off of the privacy question so I would like to terminate this string after one last round. LPL Moderator] ------------------------------ From: jmm@elegant.com (John Macdonald) Date: Tue, 14 Dec 1993 10:11:20 -0500 Subject: Re: Right To Search Floppy Disks? > The issue of administators of schools coming to your house for a routine > search is a joke. You don't have to let anyone in your house unless > they have a search warrant. Basically your argument that there is > some kind of legal distinction between police and school administation > searches is wrong. If the safety of the students in the school is > in question the police could search every backpack, locker, and purse > in the whole school without fear of any "legal" reprisals. There is a difference in the standard to which non-police and police are held. While you do not *have* to let anyone into your home without a search warrant, there is a difference in what can happen if you *do* let them in. A policeman who searches without a warrant is liable to have any evidence that they gather be ruled as inadmissible. However, if they just happen to be present in a legitimate capacity while a private individual carries out a search and the officer sees some incriminating evidence, then they are free to act on that evidence. (I am not a lawyer, so this interpretation may be subject to debate, or perhaps out of date. It was originally presented in fiction written by Erle Stanley Gardner [pseudonym A. A. Fair] a few decades ago, when the implications of the Miranda case were being figured out.) -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm@Elegant.COM ------------------------------ From: jma@ihlpm.att.com Organization: AT&T Date: Tue, 14 Dec 93 17:05:26 EST Subject: Re: Right To Search Floppy Disks? bitbug@netcom.com (James Buster) writes: >That is, precisely, the problem. In most(all?) public schools, school >administrators are government employees. I think that *all* government >employees should be held to the same standard of conduct as police officers. >Otherwise you have the current intolerable situation where "Oh, she's not a >*police officer*, she's an *administrator*.". Just wait until some idiot >bureaucrat figures this out, and sends administrators to illegally search >your home: "It's ok, they're not police officers.". It was a short wait! Where I live the city employs "meter readers" to go _inside_ each residence once a year to verify that the "water meter" is accurate. While performing this service these persons are directed to look for "suspicious" items and report to the police for the "war on ..." So, it's not an illegal search, its not a search at all, it's just the meter reader.... -- Ed Schaefer K9JMA ham radio N97178 aviation ------------------------------ From: vivo@hardy.u.washington.edu (The Flying Finn) Organization: University of Washington, Seattle Date: 14 Dec 1993 19:26:50 GMT Subject: Re: Cellular Phone Security Andrew Grosso wrote: > Unlike a phone conversation transmitted via a cable-type network, >a cellular phone from the start transmits its information over the >airwaves. There is no pretension that the information transmitted is >physically protected or secure. The means to "tap" or otherwise listen >to the information is very simple, and widespread: radio receiver type >devices. By using a cellular phone, one is consenting to having one's >conversations broadcast to an outside world, a world which has the means >to listen to those converations. It is similar to using a megaphone to >transmit your conversations. Good point, but here is a problem:When I call over a standard fone, the signal is transmitted(broadcast) to a satellite, then rebroadcast to earth. Have I sacrificed my privacy by employing the satellite? What about a network link? My email goes out in the form of packets that are readable by every machine physically connected to the network. The netcards or softare on the computers read EVERY packet, and usually elect to discard packets not addressed to that machine. If they elect to keep the packets, they get the same message that my correspondent recieves. Have I surrendured my privacy by plugging a network card into my computer? I don't dispute what you say, necessarily, but every definition of privacy has it's problems. =Eric ------------------------------ From: reed@interval.com (David P. Reed) Date: Tue, 14 Dec 1993 14:27:28 -0500 Subject: Re: Cellular Phone Security Andrew Grosso, (expressing what he emphasizes is "his own opinion,") states: >As a prosecutor, I can tell you that I have much too much work to do (and >so do all other prosecutors) to prosecute a case against person A for >listening to person B's conversation when person B decided to use an >obviously insecure means of communication simply because he or she >thought it convenient at the time. I have to pay his salary with my taxes so he can apply his personal interpretation of the law by refusing to prosecute a clear violation? Perhaps because I don't choose to avail myself of the option of owning a gun and using it, he would also refuse to prosecute criminal trespass, stalking, murder, etc. Or less extremely, if I fail to remember to lock my car or use a security device he would deem inadequate for circumstances, he would not prosecute grand theft auto? I hope this is yet another hoax. ------------------------------ From: "Dick Murtagh" Date: Tue, 14 Dec 93 12:01:36 PST Subject: Re: Cellular Phone Security > People who want the law to protect their cellular conversations by > making the listening-in on such conversations illegal or unlawful are, in > my opinion, like people who want it made illegal or unlawful for others > to listen to conversations broadcast by megaphone. Since there is, and > should be, no expectation of privacy in the means used to transmit the > information, there should be nothing unlawful about listening in. Sound logical thinking. I agree whole-heartedly. However, this is the government we're talking about. Consider: there are several satellites in geo-synch orbit which continuously bombard my house with light waves. But if I put up the equipment to look at that light, I am in violation of the law. Dick Murtagh ------------------------------ From: tenney@netcom.com (Glenn S. Tenney) Date: Tue, 14 Dec 1993 14:01:25 -0800 Subject: Re: Cellular Phone Security agrosso@world.std.com (Andrew Grosso) wrote: > Unlike a phone conversation transmitted via a cable-type network, >a cellular phone from the start transmits its information over the >airwaves. There is no pretension that the information transmitted is >physically protected or secure. The means to "tap" or otherwise listen >to the information is very simple, and widespread: radio receiver type >devices. By using a cellular phone, one is consenting to having one's >conversations broadcast to an outside world, a world which has the means >to listen to those converations. It is similar to using a megaphone to >transmit your conversations. ... I agree that cellular phone conversations are easily monitored, and that technical solutions should be used to assure privacy rather than legislative methods. However, I suggest that you re-read the Electronic Communications Privacy Act (ECPA) to understand that regardless of how easy it is to listen to a cellular phone conversation, to do so for law enforcement purposes requires a court ordered wiretap. --- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER (415) 574-3420 Fax: (415) 574-0546 ------------------------------ From: greg@ideath.goldenbear.com (Greg Broiles) Organization: iDEATH Date: Tue, 14 Dec 93 17:52:37 PST Subject: Re: Cellular Phone Security Andrew Grosso (agrosso@world.std.com) writes: > If you want privacy, then use a phone which uses cables. There, > your information is physically secure, and you have a legitimate > *expectation of privacy* in your converstations. An unauthorized taping > is therefore properly unlawful. While I know that the law says something different, I'm not sure that at a technical level there's so much difference between wire-based and radio-based transmissions. In large buildings, it's not particularly unusual for telephone lines to be duplicated, such that one line may be routed to many apartments; it's only connected to wall-jacks in one, but the signals the wire carries are available to anyone with a test set or an inductive pickup any place where there's physical access to the wires. I prefer to think of our expectation of privacy as based upon a right to privacy, not an accident of technology. Parabolic microphones make far-away conversations easy to listen to, just like radio recievers make radio conversations easy to listen to. Low-light binoculars and rifle scopes make otherwise private or secret meetings easy to see, even if the people involved expected otherwise. There are precious few technological ways to preserve privacy, and they are vulnerable to encroachment as technology advances. I'm inclined to disagree with the idea that by using a cellular phone, one automatically "consents" to having a conversation broadcast to the world. The broadcasting is (or should be) obvious to anyone who thinks about it, but I don't think it's accurate to assume that all people who use cellular phones understand how insecure they are. (Similarly, I suspect not many people who use wire-based phones understand how easy it is to tap or listen in on one.) The other side of the "consent" issue concerns a party using a wire-based phone, who unknowingly talks with a person using a cellular phone. Their comments are also being broadcast, quite possibly without their knowledge or consent. As cellphone technology improves, it will become harder to know when we're talking to someone using one. > What these people are trying to do is to utilize the law in order > to achieve an unnatural result: one wants privacy, but also wants the > convenience of using an easy means to communicate which has no privacy. > As a prosecutor, I can tell you that I have much too much work to do (and > so do all other prosecutors) to prosecute a case against person A for > listening to person B's conversation when person B decided to use an > obviously insecure means of communication simply because he or she > thought it convenient at the time. Philosophically, how is this different for declining to prosecute person A for breaking into person B's house, when it was ridiculously easy to do so .. or person A for breaking into person B's computer, when the system was obviously insecure? I do agree, though, that trying to solve a technological problem (it's easy to listen to other people's phone calls) with legislation is a doomed project. -- Greg Broiles Lemon Detweiler Pledge? greg@goldenbear.com You're soaking in it. ------------------------------ From: rerodd@eos.ncsu.edu (Richard Roda) Organization: North Carolina State University, Project Eos Date: Wed, 15 Dec 1993 03:40:21 GMT Subject: Re: Cellular Phone Security agrosso@world.std.com (Andrew Grosso) writes: > If you want privacy, then use a phone which uses cables. There, >your information is physically secure, and you have a legitimate >*expectation of privacy* in your converstations. An unauthorized taping >is therefore properly unlawful. One question: what if I recieve a call on my cable phone from a cellular phone, and the caller does not let me know they are on a cellular phone. Do *I* forfit my privacy?? -- -- PGP 2.3 Public key by mail | Richard E. Roda Disclaimer-------------------------------------------------------------- | The opinions expressed above are those of a green alien who spoke to | | me in a vision. They do not necessarily represent the views of NCSU | | or any other person, dead or alive, or of any entity on Earth. | ------------------------------------------------------------------------ Criminals prefer unarmed victims. Oppose gun control. Drug Dealers prefer a monopoly. Support legalization of drugs. ------------------------------ From: tim@umcc.umcc.umich.edu (Tim Tyler) Organization: UMCC, Ann Arbor, MI, USA Date: 15 Dec 1993 04:04:42 -0500 Subject: Re: Cellular Phone Security Andrew Grosso wrote: > Unlike a phone conversation transmitted via a cable-type network, >a cellular phone from the start transmits its information over the >airwaves. There is no pretension that the information transmitted is >physically protected or secure. The means to "tap" or otherwise listen Except for the user's ignorance & gullability, thanks to the liars in the CTIA. >to the information is very simple, and widespread: radio receiver type >devices. By using a cellular phone, one is consenting to having one's >conversations broadcast to an outside world, a world which has the means >to listen to those converations. It is similar to using a megaphone to >transmit your conversations. Except that people exhibit intent to listen in on cellular frequencies... > If you want privacy, then use a phone which uses cables. There, >your information is physically secure, and you have a legitimate >*expectation of privacy* in your converstations. An unauthorized taping >is therefore properly unlawful. But a good percentage of POTS circuits use microwave-radio signals to transmit the information between switches, and satellite circuits, too! Should their be a distinction between the AMPS analog traffic on 800MHz & the TDMA & FDMA digital traffic on microwave? I fully agree with you that the relevent parts of the ECPA of 1986 are a joke, & that Congress & the CTIA are to be blamed. As it is, I have 9 or 10 receivers right here that are capable of picking up the cellular telephone band, & I'm also put in about 20 minutes of air time per month on my cellular phone. -- Tim Tyler Internet: tim@ais.org MCI Mail: 442-5735 GEnie: T.Tyler5 P.O. Box 443 C$erve: 72571,1005 DDN: Tyler@Dockmaster.ncsc.mil Ypsilanti MI AOL: Hooligan Packet Radio: KA8VIR @WB8ZPN.#SEMI.MI.USA.NA 48197 "Celebrate diversity -- get intolerant about something!" ------------------------------ From: kkruse@matt.ksu.ksu.edu (Korey J. Kruse) Organization: Kansas State University Date: Tue, 14 Dec 1993 12:27:54 -0600 Subject: Re: Encryption At School Chris Burris writes: >I have a question: >Suppose that I wrote a simple encryption program and >ran it at school, and the administration searched my disk. >Could the administration force me to give them the encryption key >even if i refused? They could pull out your fingernails until you told them =) Your school adminstrator could threaten you with punishment if you refused to supply the key. Using physical force would be illegal. Of course you could choose to accept the punishment and refuse to give the key, or better yet you could tell the admin. that you forgot the key. The latter method could also be used with the police/courts if they tried to compel you to divulge the information. ------------------------------ From: rerodd@eos.ncsu.edu (Richard Roda) Organization: North Carolina State University, Project Eos Date: Wed, 15 Dec 1993 03:38:17 GMT Subject: Re: Encryption At School Chris Burris writes: >I have a question: >Suppose that I wrote a simple encryption program and >ran it at school, and the administration searched my disk. >Could the administration force me to give them the encryption key >even if i refused? Heh.. Heh... use a morphic cypher and give them the bogous key. They'll think you caved and gave them the real info, and you will get them off of your back. -- PGP 2.3 Public key by mail | Richard E. Roda Disclaimer-------------------------------------------------------------- | The opinions expressed above are those of a green alien who spoke to | | me in a vision. They do not necessarily represent the views of NCSU | | or any other person, dead or alive, or of any entity on Earth. | ------------------------------------------------------------------------ Criminals prefer unarmed victims. Oppose gun control. Drug Dealers prefer a monopoly. Support legalization of drugs. ------------------------------ From: Sharon Shea Date: Wed, 15 Dec 1993 08:45:32 -0500 (EST) Subject: e-Mail privacy What do you think of this invation of e-mail privacy? - The passwords to my computer were obtained through a trusted student worker (without my knowledge or consent, by intimidating my student worker - who later reported the incident to me) and my saved e-mail was read from my hard drive. This was done at work, by my supervisor. This was done at MIT, which has no stated policy about the privacy of personal e-mail on university computers. It's implied, however, that computers are used for personal use. (A memo went around that told everyone to be sure private stuff was off their computers before weekly backup. I'm told this implies that private coresspondence is allowed.) What's more, my supervisor then copied out my e-mail and passed it around, in places where it was obviously hoped that it would do me professional harm. Does anyone have any suggestions about how to deal with this, or what legal possibilities I may have in replying to this action? Thanks. -Sharon ------------------------------ From: dean@world.std.com (Dean S Banfield) Organization: The World Public Access UNIX, Brookline, MA Date: Tue, 14 Dec 1993 22:22:34 GMT Subject: Connecticut License and SSN Just recently returned from a trip to MVD in CT. TO my dismay they are now asking for SSN. I tried the 'just say no thank you' (I being one to open with a polite attitude) approach and was pleasantly surprised to find out that that was OK by them. My question: If you don't care, and so easily ignore the question, then why ask for it in the first place? Seems like gratuitous data collection from the unwary. Opinions, or experiences with CT MVD? -- Dean S. Banfield Voice: (203) 656-1500 Real Decisions Corporation FAX : (203) 656-1659 22 Thorndal Circle email: dean@world.std.com Darien, CT 06820 ------------------------------ From: "Prof. L. P. Levine" Date: Wed, 15 Dec 1993 08:25:04 -0600 (CST) Subject: LA Times Electronic Privacy According to the New York Times The Los Angeles Times has recalled a foreign correspondent from its Moscow bureau for snooping into the electronic mail of his colleagues. The correspondent, Michael Hiltzik, is being reassigned to Los Angeles as a disciplinary action. The report describes email and discusses the question of privacy including comments that there is no clear policy regarding internal email. The article states that he was caught reading the electronic mail of another Moscow correspondent in a sting operation set up by the paper. Correspondents in Moscow became suspicious when they discovered that their passwords had been entered into the computer system at times when they had not been using the computer according to the article. It is not report how Hiltzik obtained the passwords necessary for him to gain access to his colleagues' electronic mail. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Home 1-414-962-4719 Box 784, Milwaukee, WI 53201 Fax 1-414-229-6958 ------------------------------ End of Computer Privacy Digest V4 #007 ****************************** .