Date: Sun, 20 Feb 94 20:39:19 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#033 Computer Privacy Digest Sun, 20 Feb 94 Volume 4 : Issue: 033 Today's Topics: Moderator: Leonard P. Levine Re: Clipper Overseas Re: Clipper Overseas Smart Cards for London Buses PGP for Amiga - where to find Legal and Ethical Aspects of Network Use Electronic Banking Support Needed for Common Carriage Provisions of HR3636 Nader to Markey on Telecom Legislation Computer Privacy Digest FTP The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: chris@quay.ie (Christopher Davey) Date: Thu, 17 Feb 1994 15:40:09 GMT Subject: Re: Clipper Overseas Organization: Quay Financial Software Christopher Zguris <0004854540@mcimail.com> writes: I haven't seen this discussed so I'm going to ask. What are the implications for Clipper's use on communications between US and foreign countries and companies? If company A in the US is communicating with Company B is some other part of the world over a Clipper-encrypted data link couldn't the NSA legally monitor and decode the communition if they chose to do so? It's a given that the NSA monitors a lot of data communications, and I remember reading about the monitoring of US communications using NSA equipment in foreign countries thereby by avoiding the issue of monitoring on US soil, so couldn't the same trick be used to monitor communications in foreign countries that would also include US links? If we're talking about a world-wide link than a monitoring link in a foreign node could give access to the whole thing. How does key escrow affect potential international users? Anybody care to shed some light on this subject? I read a article in the "Independant on Sunday" last weekend, which that a senior NSA official, James Hearn was in London "with the task of selling the 16 governments of the European Union and European Free Trade Association on the virtues of a controversial electronic scrambling technology" - ie Clipper. The question in my mind is, are the governments of these independant countries going to adopt Clipper, if they do not have the ability to decrypt it ? No way ! And I bet they don't have to go through the escrow agencies in the US either. In which case, the whole thing seems wide open. -- Chris Davey Internet: chris@quay.ie Quay Financial Software Phone : +353 1 6612377 Fax: +353 1 6607592 ------------------------------ From: tcj@netcom.com (Todd Jonz) Date: Fri, 18 Feb 1994 09:49:50 GMT Subject: Re: Clipper Overseas Organization: Sanity Cruise Enterprises, Ltd. Christopher Zguris (0004854540@mcimail.com) writes: If company A in the US is communicating with Company B is some other part of the world over a Clipper-encrypted data link couldn't the NSA legally monitor and decode the communition if they chose to do so? Sure, assuming that they had the private keys for both companies. But this would mean that the escrow mechanism for these keys wasn't worth a damn. That's what's so scary about the whole Clipper proposal. Imagine if one of the conditions of securing a federally funded home loan were that you make a copy of your front door key and entrust it to your local police department for the duration of the loan. Even assuming that you trust your local police department implicitly as an organization, if there's even one individual in its employ with access to that key who can be compromised, you might as well just leave your front door open. How does key escrow affect potential international users? It seems to me that the biggest threat to international users would be the potential for Clipper to become ubiquitous in the U.S. One objective of the Clipper proposal is to discourage the private sector from bringing competitive systems to market. If this tactic is successful, it would mean that foreign companies wishing to do business with U.S. firms would have little choice but to jump on the bandwagon. ------------------------------ From: "Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM> Date: 16 Feb 94 22:41:04 EST Subject: Smart Cards for London Buses Taken from RISKS-FORUM Digest Thursday 17 February 1994 (15:56) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Electronic card system launched on London's buses --United Press newswire 02/15 1027 via Executive News Service (GO ENS) on CompuServe. LONDON (UPI) -- London Transport Minister Steven Norris Tuesday launched an 18-month trial of an electronic ticketing system on the city's buses. More than 200 buses operating in the Harrow district of northwest London have been fitted with a contactless "Smartcard" reader that validates bus tickets. Government officials said the trial will be the largest of its type in the world. The article states that the credit-sized card will be activated by proximity sensors without requiring any physical contact with the reader. The card is expected to make boarding the buses easier and faster as well as reducing fraud. Perhaps the most significant sentence in the article is the following: "... the card will help reduce fraud and give bus operators more information about who is using their services." I wonder if the system includes audit trails which record details of who rode which bus when. If so, I hope the software development team uses adequate quality assurance. RISKS readers will recall that Ross Anderson recently described a case in the U.K. in which a policeman was convicted of fraud for having the temerity to complain about what he claimed were unauthorized withdrawals from his bank account. The court ruled that the bank's electronic records, which _failed to support_ the defendant's arguments, were sufficient to convict the suspect. Any system which records information about personal movements poses risks when the information is accurate; but inaccurate information can cause even more trouble. Can a RISKS reader in the U.K. follow up on this story? Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ From: wmccarth@tracer.den.mmc.com (Wil McCarthy) Date: Thu, 17 Feb 1994 20:58:45 GMT Subject: PGP for Amiga - where to find Organization: Martin Marietta Astronautics, Denver I'm looking for a late-model Amiga PGP. Can anyone help? ------------------------------ From: O1_DSELDEN@nelinet.org Date: Fri, 18 Feb 1994 13:24:26 -0500 (EST) Subject: Legal and Ethical Aspects of Network Use Could anyone refer me to some recent literature on legal and ethical aspects of network use? I am particularily interested in security, privacy, and issues of libel. Thanks for your help! David ------------------------------ From: hw38921@vub.ac.be (VA DEN AUDENAERDE ALAIN) Date: 19 Feb 1994 13:20:32 GMT Subject: Electronic Banking Organization: Brussels Free Universities (VUB/ULB), Belgium As I am trying to get a larger view on the problems that might occur with the large scale introduction of electronic banking and its possible social consequences, I'd like to know your opinion on what might happen; would it reinforce alienation of people who are not familiar with keyboards & screens, what could be the employees reaction to their new working environment, what about privacy,etc...? -- hw38921@is1.vub.ac.be (VA DEN AUDENAERDE ALAIN) Student Communicatiewetenschappen Vrije Universiteit Brussel ------------------------------ From: Michael Ward Date: Fri, 18 Feb 94 17:11:20 EST Subject: Support Needed for Common Carriage Provisions of HR3636 Distributed to TAP-INFO, a free Internet Distribution List (subscription requests to listserver@essential.org). This material may be freely disseminated. TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE February 18, 1994 To: Supporters of common carriage (non-discriminatory access) to cable and video dialtone services From: Jamie Love, TAP Re: Action needed to support common carriage provisions of HR 3636 The attached letter asks the members of the Telecommunications and Finance subcommittee to improve the common carrier sections of HR 3636, relating to video services. The Taxpayer Assets Project (TAP), Consumer Federation of America, Media Access Project, Computer Professionals for Social Responsibility, People for the American Way and OMB Watch are among the groups signing the letter. If your organization is willing to sign the letter, please provide us with the following information: Name:_______________________ Title:__________________________ Affiliation:_______________________ Telephone Number:__________________ Fax number:_________________________ Internet address:______________________ Postal Address:_____________________________ ______________________________ Send this information to Ned Daly from TAP, at: v: 202/387-8030, f: 202/234-5176; internet: ndaly@essential.org ----------------------------- BACKGROUND ON THE LETTER TELEPHONE VIDEO DIALTONE PLATFORM In its present draft, telephone companies entering video markets in their own service area are required to make 75 percent of video platform capacity available to non-affiliated entities, with safeguards against discrimination. This provision is dropped after 5 years, however, allowing telephone companies to control the entire video platform. Moreover, Representative Fields is reportedly prepared to eliminate the 75 percent requirement, in favor of a provision which would give the F.C.C. the authority to set the non-affiliated share of the network even lower. COMMON CARRIAGE FOR CABLE HR 3636 also asks the FCC to study the issue of common carrier requirements on cable television. Attacks on this study are expected during mark-up on the bill next week. This letter asks Congress to keep a MINIMUM of 75 percent of the video platform available to non-affiliated entities, and to eliminate the 5 year sunset provision, which is very important. The letter also supports the opening up of cable networks by imposing common carrier obligations. It is important that we support these provisions. The EFF letter on its Open Platform does not apply to cable television or the telephone company video platform. Thus, these issues are not redundant with the EFF letter. The language to eliminate the sunset language is as follows: Strike, "Subsection (d) of SEC. 654. PROVISION OF AFFILIATED VIDEO PROGRAMMING". ----------------------------------------------------- The LETTER Dear (members of the subcommittee on telecommunications and finance) We are writing regarding HR 3636, introduced by Rep. Ed Markey to express our strong support for provisions that will protect competition in content markets, by providing common carrier status to telephone company video platform services and cable television services. We would like to make the following points. 1. VIDEO PLATFORM CAPACITY AVAILABLE FOR NON-AFFILIATED COMPANIES. In its present draft, HR 3636 provides that telephone company video dialtone services must offer up to 75 percent of the system's capacity to non-affiliated entities, on terms and conditions that do not discriminate in favor of the affiliated companies. While some of us believe that the 75 percent figure is too low, all of us agree that it should represent a minimum amount of access for non-affiliated companies. In its current draft, HR 3636 would sunset this provision in 5 years. We strongly oppose the sunset of this provision after 5 years. 2. COMMON CARRIER OBLIGATIONS FOR CABLE TELEVISION. HR 3636 now requires the F.C.C. to conduct a study to determine if it is in the public interest to extend common carrier obligations to cable operators. We believe that our national information infrastructure should be based upon open access to networks on non- discriminatory terms. We strongly support the study, as a step in broadening access to the nation's cable systems. However, an even better provision would require the F.C.C. to extend common carrier obligations to cable within a fixed time frame. We urge Congress to take measures to open access to cable and video platform services, and to insure that carriers are required to provide open access by anyone who seeks the opportunity to offer information services. Thank you for consideration of these suggestions. Sincerely, James Love, Taxpayer Assets Project Brad Stillman, Consumer Federation of America Andy Schwartzman, Media Access Project Marc Rotenberg, Computer Professionals for Social Responsibility Jim Halpert, People for the American Way Patrice McDermott, OMB Watch --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. tap-info is archived at ftp.cpsr.org; gopher.cpsr.org and wais.cpsr.org Subscription requests to tap-info to listserver@essential.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap@essential.org --------------------------------------------------------------------- ------------------------------ From: James Love Date: Fri, 18 Feb 94 19:44:52 EST Subject: Nader to Markey on Telecom Legislation Distributed to TAP-INFO, a free Internet Distribution List (subscription requests to listserver@essential.org). This material may be freely disseminated. TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE February 18, 1994 The following letter by Ralph Nader and James Love to Representative Ed Markey outlines our concerns about (and suggestions for) telecommunications legislation that will be considered the week after next by the House Subcommittee on Telecommunications and Finance. ----------------------------------------------- Ralph Nader, PO Box 19312, Washington, DC 20036 James Love, PO Box 19367, Washington, DC 20036 February 17, 1994 Honorable Edward J. Markey Chairman, Subcommittee on Telecommunications and Finance U.S. House of Representatives Washington, D.C. 20515 Dear Congressman Markey: This letter is a follow-up to our statement and oral testimony provided to the Subcommittee on Wednesday, February 9, 1994, on the subject of HR 3636 and HR 3626, the two bills which would substantially re-write the Communications Act of 1934, and re define the rolls and responsibilities of telephone and cable carriers. It is a mistake for important legislation such as this is to be compromised by prematurely eager bipartisanship that gives new meaning to lower common denominator foreclosure of later improvements. Given this state of affairs, we outsiders must strive against major odds. So here goes. We recognize that the Congress and the executive branch have largely focused on issues relating to carrier jurisdiction, and the creation of a "level" playing field for carriers. While adjusting industry disputes is an important issue, we believe th e Subcommittee has not adequately addressed many large public policy concerns. The following steps, at the least, should be taken to strengthen the legislation. CONSUMER REPRESENTATION 1. One of the reasons the current debate over telecommunications legislation is so tilted toward the issues of interest to industry is that the carriers are the best organized and best financed participants in the debate. This focus largely ignores wha t should be the ultimate purpose of this legislation -- consumer participation, service and meaningful choice. It is essential that citizen participation be enhanced through mechanisms that make it easier for consumers to organize. The Citizen Utility B oard (CUB) model, which provides for democratically controlled and privately funded consumer groups, should be included in HR 3636. What do you say, oh sponsor of Cable Cub? Aggressive leadership by you for this mechanism is the civic equivalent to the universal solvent. COMPETITION IN THE LOCAL LOOP 1. HR 3636 goes too far in pre-empting state regulation on the issue of entry. While it is appropriate for the federal government to set a national policy which supports competition for delivery of local switched network services, Congress should not p revent state governments from imposing reasonable standards for service and reliability. The states should be able to sanction carriers that engage in fraudulent business practices or violate consumer privacy. 2. A very important element of any competitive telecommunications strategy is to encourage the development of a competitive wireless industry, which can deliver services to consumers without making large sunk investments in "last mile" facilities. The Federal Communications Commission (FCC), however, has proposed that incumbent telephone, cable and cellular companies may acquire up to 100 Mhz of the available 120 Mhz of new Personal Communication Services (PCS) spectrum. Cross ownership of telephone, cable, and cellular licenses with the new PCS licenses will greatly decrease competition in local services, and it should be expressly prohibited by HR 3636. 3. Consumer interests should be protected by giving states the authority to regulate the rates for the service, and the entire cable system should operate under strong common carriage rules, ensuring open and non-discriminatory access. PRE-EMPTION OF STATE RATE REGULATION 1. The Clinton/Gore Administration's new Title VII proposal, which was not available to the general public at the time of the Subcommittee's hearings on HR 3626 and HR 3636, proposes vast pre-emption of state rate regulation for Title VII services. We strongly oppose any pre-emption of state authority to protect consumers through the regulation of rates for carrier services. State governments have shown restraint in regulating prices for services that are truly competitive, but they have long exercise d the right to protect consumers in markets where competition does not exist. The FCC is ill equipped to second guess state governments on the issue of defining market power, and it has no claim to experience on the issue of rate making methodology, havi ng failed to control cable rates. 2. We believe that pre-emption of state rate regulation for wireless services which passed in the 1992 Budget Reconciliation Act and the pre-emption of state rate regulation of cable services should be repealed. The FCC need not interfere with state co mmissions that want to protect consumers in local markets. OPEN ARCHITECTURE AND COMMON CARRIAGE 1. The new broadband networks should operate as common carriers. Common carriage should extend to the entire capacity of the service, not just the 75 percent required in HR 3636. 2. HR 3636 sunsets the requirement that video platform carrier provide access to non-affiliated companies in five years. This sunset provision should be removed. 3. We believe it is time to require the FCC to regulate cable as a common carrier within a fixed period or time, such as two years. This is the only step consistent with Congress's professed interest in opening up networks to greater competition. 4. We oppose provisions that allow telephone or cable companies to own the "content" which travels through the "conduit." However, if Congress does allow vertical integration, it must provide the strongest possible protection against anti- competitive abuses. The best protection against abuses are found in the language in HR 3626 regarding telephone company entry into electronic publishing. These protection should be incorporated into the bill, and extended to affiliated video services. 5, Congress should require the FCC to take steps to ensure that the so called "set top" controller for the broadband networks be based upon open architecture and competition. Consumers should be able to purchase the set top from third party vendors. M oreover, the third party vendors should be able to provide consumers with their own interface, allowing consumers greater control over how they access and locate information. Persons providing information services should have opportunities to market the ir services through a non-biased "virtual yellow pages". NON-COMMERCIAL INFORMATION SERVICES 1. We strongly support the public television proposal that 20 percent of the capacity of broadband networks be available at no charge for non-commercial programming. 2. Congress should establish a fund to support non-commercial information services. All telecommunications carriers and holders of broadcast license should contribute a fixed percent of revenues to the fund. Distribution of grants from this fund shoul d be modeled after the system that has been used in the Netherlands to allocate television broadcast time. UNIVERSAL SERVICE 1. Congress should ensure that a program to provide universal service is in place before it mandates competition at the local loop. 2. The states should determine the level of contribution to the universal service fund, the definition of universal service, and the purposes for which the universal fund can be used, subject to minimum standards set by the FCC. 3. Carriers should not be allowed to make in-kind contributions to the universal service fund. PRIVACY 1. The legislation should ensure that carriers protect the privacy of personal transactions conducted through these services. We would appreciate hearing your position on these suggestions. A "DemiRep" mousse is unbecoming to the fighting Ed Markey we once knew on the Hill. Sincerely, Ralph Nader James Love --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. tap-info is archived at ftp.cpsr.org; gopher.cpsr.org and wais.cpsr.org Subscription requests to tap-info to listserver@essential.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap@essential.org --------------------------------------------------------------------- ------------------------------ From: "Prof. L. P. Levine" Date: Fri, 18 Feb 1994 08:46:30 -0600 (CST) Subject: Computer Privacy Digest FTP Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at the address of the former moderator, Dennis Rears, ftp.pica.army.mil [129.139.160.133]. If you are unfamiliar with the use of the File Transfer Protocon (ftp) the following short summary might help. On most systems the following procedure will work, if you have a local command named ftp: You type: Comment on the command: ftp ftp.cs.uwm.edu (on your system) ftp (answer to login request) your_userid@your_site (answer to password request) cd pub/comp-privacy (at ftp prompt) dir (look at what is there) cd library (at ftp prompt) dir (look at what is there) get ConsumerShow.keynote (move document to your filespace) cd .. (back to main menu) cd volume4 (at ftp prompt) dir (look at what is there) get V4#031 (move document to your filespace) quit (back to your system) You will find the two documents in the directory you were in when you executed the first ftp command. If ftp is unavailable or difficult to use, send a request for help to: comp-privacy-request@uwm.edu ------------------------------ End of Computer Privacy Digest V4 #033 ****************************** .