Date: Thu, 16 Dec 93 13:41:20 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#008 Computer Privacy Digest Thu, 16 Dec 93 Volume 4 : Issue: 008 Today's Topics: Moderator: Leonard P. Levine Wisconsin Privacy Re: e-Mail privacy Re: Encryption At School Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security Re: Cellular Phone Security The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Subject: Wisconsin Privacy Date: Wed, 15 Dec 1993 15:11:13 -0600 (CST) I am interested in any official acts by states in the union that are pro privacy. I would like to offer the following as an example and ask for comment: The State of Wisconsin has developed a policy for handling the problem of drivers' licenses and car registration materials. These data are public records and cannot be held from the public, including businesses. According to an official at the Department of Transportation, the State sells a tape containing the list of some 3,500,000 drivers' licenses for a fee of a little more than $2,600 for each tape. (Compare this price with a commercial list broker's rate of $50 a thousand names.) This tape contains addresses but does not contain Social Security numbers that are required when you get a license. Since each driver is required by law to update the data within two weeks of moving, this makes the tape a very useful mailing list. The State also sells a tape of 4,800,000 license plate numbers with addresses for $2,200. This legal situation has bothered many of us in Wisconsin because of the privacy implications. Recently, state law has been amended as follows: A Wisconsin driver or owner of a licensed vehicle can get a form MV3592 requesting the state to withhold names and addresses from massive orders (a data tape). This only applies to orders for tapes; requests for fewer than 10 names and addresses are honored whether or not a privacy form has been filed. When an order comes in for a drivers' license tape, the purchaser gets the driver's license number followed by the licensee's name and address except for those who have submitted a privacy form, in which case the tape shows only a driver's license number and a 5-digit zip code. When an order comes in for a car registration and plate number tape, the purchaser gets the plate number followed by the owner's name and address and registration information on the vehicle except for those who have submitted a privacy form, in which case that line gives only the plate number and a 5-digit zip code. A purchaser can also order, for a fee of about $30, a list of ten or fewer names, licenses, or plate numbers with full addresses regardless of whether or not a privacy form has been submitted. Good or bad, this is a sincere effort on the part of the State of Wisconsin to provide its legal data to those who need it, while maintaining some privacy for those who want it. There have been articles in the mass media indicating what the number of the form is and how to get it. Copies of the form can be made without limit and as many forms as you wish can be mailed in one envel- ope. I suspect we will see, in the near future, a box to check on the driver's license application form if you wish to be taken from the mass tape. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: kkruse@matt.ksu.ksu.edu (Korey J. Kruse) Subject: Re: e-Mail privacy Date: Thu, 16 Dec 1993 02:34:33 -0600 Organization: Kansas State University Sharon Shea writes: >What do you think of this invation of e-mail privacy? - >What's more, my supervisor then copied out my e-mail and passed it >around, in places where it was obviously hoped that it would do me >professional harm. >Does anyone have any suggestions about how to deal with this, or what >legal possibilities I may have in replying to this action? Thanks. Yes....encrypt your mail with PGP. (Pretty Good Privacy) I believe it is available via ftp from soda.berkeley.edu in pub/cypherpunks directory. Talk to your universities lawyers about possible legal action. Many universities provide lawyers for student consultation for either no charge or a minimal one. ------------------------------ From: Paul Robinson Subject: Re: Encryption At School Date: Thu, 16 Dec 1993 10:40:24 -0500 (EST) Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Chris Burris , writes: > I have a question: > > Suppose that I wrote a simple encryption program and > ran it at school, and the administration searched my disk. > Could the administration force me to give them the encryption key > even if i refused? Unless they plan to use torture or drugs, they can't "force" you to do anything. They can make your life very uncomfortable, such as threats of expulsion, imprisonment, or going after your parents and making them threaten you, and in theory _they_ could use various forms of painful measures depending on their point of view. You could always try becoming a test case and use the same arguments as Senator Packwood, and invoke the 4th and 5th amendments, claiming the right to privacy and right not to incriminate oneself, or even invoke the 2nd Amendment, which will really confuse them (since the U.S. Government claims encryption to be a type of "ordinance" requiring approval for export as other munitions....) Or take the advise of some people on the list and claim you don't remember what the key is. (If you use a text file to apply the key, and don't know it physically, then you are not lying.) The latter is probably a better choice unless you _want_ to push them on this and start a test case if they push the issue. The courts have generally ruled that minors don't have civil rights. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: mcinnis@austin.ibm.com () Subject: Re: Cellular Phone Security Date: Wed, 15 Dec 1993 18:11:27 GMT Organization: IBM Austin The trick and the real danger of the prohibition on cell phone monitoring is that it gives certain people in the government a way to coerce and harass someone. Even if you don't go out looking for someone monitoring cell phones, it's yet another weapon that the unethical government official can use against a citizen. It's a great totalitarian trick. Make more and more things illegal but don't enforce them on "good" subjects. When you want to get to some uncoorperative subject, you dig up one of these illegal but unenforced "crimes" and put the screws to them. ------------------------------ From: eck@panix.com (Mark Eckenwiler) Subject: Re: Cellular Phone Security Date: 15 Dec 1993 14:09:26 -0500 Organization: Superseding Information, Inc. In , reed@interval.com sez: >I have to pay his salary with my taxes so he can apply his personal >interpretation of the law by refusing to prosecute a clear violation? ... >I hope this is yet another hoax. > Apparently not. Mr Grosso is listed in Martindale-Hubbell as an AUSA, so unless the post is forged, this is a gen-you-wine remark from a federal prosecutor. ------------------------------ From: johnl@iecc.com (John R Levine) Subject: Re: Cellular Phone Security Date: Thu, 16 Dec 1993 03:48:00 GMT Organization: I.E.C.C., Cambridge, Mass. >Good point, but here is a problem:When I call over a standard fone, the >signal is transmitted(broadcast) to a satellite, then rebroadcast to >earth. Have I sacrificed my privacy by employing the satellite? It's a matter of degree. If your call is carried by satellite (which in fact is quite uncommon, fiber cables have a lot more bandwidth) it is sent in a format which is fairly difficult to decode, requiring dish antennas, demultiplexing receivers and so forth. On the other hand, to intercept a cellular call all you need is an old UHF TV set. In the former case, it is reasonable to expect that there aren't a whole lot of people listening in, while in the latter case it isn't. (The fact that the ECPA outlaws listening to the latter but not the former is just stupid. No argument there.) The Ethernet example is an interesting one, particularly when you consider the way that Internet messages are relayed from net to net. I think that for legal purposes, you have to declare that each net is either a common carrier, in which case the usual common carrier rules apply and random people aren't supposed to peek, or a private network in which case whatever agreement you have with the network owner applies. But in the total absence of legal precedent, lord only knows what a court would say. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: Paul Robinson Subject: Re: Cellular Phone Security Date: Thu, 16 Dec 1993 10:58:51 -0500 (EST) Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Andrew Grosso , writes > As a federal prosecutor, I have my own opinions about cellular > phones and the legality (or illegality) of listening in on > cellular phone conversations. Please note that this is a > personal opinion, not one of the Dept. of Justice. Considering the background of that organization, I hope not! > Unlike a phone conversation transmitted via a cable-type > network, a cellular phone from the start transmits its > information over the airwaves. There is no pretension that > the information transmitted is physically protected or > secure. Non-broadcast and non-amateur messaging over radio is subject to international secrecy requirements which prohibit a third-party recipient from using or divulging to anyone else the content or information in a message heard over any radio receiver. (Emergency messages are deemed 'broadcast' for the purposes of this paragraph.) > The means to "tap" or otherwise listen to the information is > very simple, and widespread: radio receiver type devices. By > using a cellular phone, one is consenting to having one's > conversations broadcast to an outside world, a world which has > the means to listen to those converations. It is similar to > using a megaphone to transmit your conversations. No it is not. A megaphone transmission requires no special equipment to receive that message by anyone in the area, whereas a radio transmission requires that someone have the appropriate equipment to do so. If one does not have the equipment to receive it, one can't hear it even if one is in the immediate vicinity of the transmission (but out of earshot). > People who want the law to protect their cellular conversations by > making the listening-in on such conversations illegal or unlawful > are, in my opinion, like people who want it made illegal or unlawful > for others to listen to conversations broadcast by megaphone. Someone who uses a megaphone is using a device to tranmit in the clear some information to anyone in the vicinity of the output end of these devices. On the other hand, monitoring cellular requires specialized equipment, e.g. either a scanner or a modified cellular phone, just as monitoring police or fire departments requires a scanner. > Since there is, and should be, no expectation of privacy in the means > used to transmit the information, there should be nothing unlawful about > listening in. True. But it also means that anyone should have the right to use unbreakable encryption on their traffic, too. But for some reason the U.S. Government has been very hostile to use of encryption in order to create an expectation of privacy. > What these people are trying to do is to utilize the law in > order to achieve an unnatural result: one wants privacy, but > also wants the convenience of using an easy means to > communicate which has no privacy. As a prosecutor, I can tell > you that I have much too much work to do (and so do all other > prosecutors) to prosecute a case against person A for > listening to person B's conversation when person B decided to > use an obviously insecure means of communication simply > because he or she thought it convenient at the time. Unless there's a high profile case to be made, such as the incident involving the (now former) Governor Wilder of Virginia and his conversations over a cellular phone, that tape recordings of such ended up in the hands of another politician. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: adiron!tro@uunet.UU.NET (Tom Olin) Subject: Re: Cellular Phone Security Date: Thu, 16 Dec 93 11:44:30 EST When I call over a standard fone, the signal is transmitted (broadcast) to a satellite, then rebroadcast to earth. Have I sacrificed my privacy by employing the satellite? To some extent, yes. It is possible that some people could intercept your conversation, but the likelihood is probably extremely small. What about a network link? My email goes out in the form of packets that are readable by every machine physically connected to the network. .... Have I surrendured my privacy by plugging a network card into my computer? To some extent, yes. If you send messages over the network, they might be seen by people you did not intend to see them. I don't dispute what you say, necessarily, but every definition of privacy has it's problems. Although the definition of privacy may be debatable, the questions you raised have more to do with the problems of protecting privacy, not defining it. Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638 tro@partech.com New Hartford, NY Fax:(315)738-8304 ------------------------------ From: adiron!tro@uunet.UU.NET (Tom Olin) Subject: Re: Cellular Phone Security Date: Thu, 16 Dec 93 12:03:01 EST From: greg@ideath.goldenbear.com (Greg Broiles) There are precious few technological ways to preserve privacy, and they are vulnerable to encroachment as technology advances. While technology can certainly undermine privacy, it can also enhance it - encryption, for example. The other side of the "consent" issue concerns a party using a wire-based phone, who unknowingly talks with a person using a cellular phone. Their comments are also being broadcast, quite possibly without their knowledge or consent. The same argument applies to speaker-phones, extension phones, people who don't know how to keep their mouths shut, etc. If only one of the parties to a conversation wants to keep it private, it is unlikely to remain private. Andrew Grosso (agrosso@world.std.com) writes: > As a prosecutor, I can tell you that I have much too much work to > do (and so do all other prosecutors) to prosecute a case against > person A for listening to person B's conversation when person B > decided to use an obviously insecure means of communication > simply because he or she thought it convenient at the time. Philosophically, how is this different for declining to prosecute person A for breaking into person B's house, when it was ridiculously easy to do so .. or person A for breaking into person B's computer, when the system was obviously insecure? A law is based on more than just the ease or difficulty with which an act is committed. Breaking into a house or a computer is the violation of property rights. It's rather difficult to apply the same rationale to radio waves, especially when detecting their reception is essentially impossible without gutting the Bill of Rights. Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638 tro@partech.com New Hartford, NY Fax:(315)738-8304 ------------------------------ From: adiron!tro@uunet.UU.NET (Tom Olin) Subject: Re: Cellular Phone Security Date: Thu, 16 Dec 93 12:10:06 EST From: rerodd@eos.ncsu.edu (Richard Roda) One question: what if I recieve a call on my cable phone from a cellular phone, and the caller does not let me know they are on a cellular phone. Do *I* forfit my privacy?? My dictionary provides a definition of "forfeit" as "to lose something as a result of neglecting a duty". In your case, it might be neglecting to ascertain whether the caller was using a cellular phone. Perhaps the pedantic answer is that you give up your privacy every time you speak. After all, somebody unexpected might be nearby (about to knock on the door, outside an open window, etc.), or the person to whom you are speaking might repeat what you said. Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638 tro@partech.com New Hartford, NY Fax:(315)738-8304 ------------------------------ End of Computer Privacy Digest V4 #008 ****************************** .