Date: Thu, 24 Feb 94 08:56:10 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#034 Computer Privacy Digest Thu, 24 Feb 94 Volume 4 : Issue: 034 Today's Topics: Moderator: Leonard P. Levine Re: Clipper Overseas Re: Clipper Overseas Re: Bacard & Barlow: Clip Clipper Clinton/Gore Privacy Change - BLACKMAIL? Re: Electronic Banking Re: Privacy and Sexual Crimes Telephone Card Audit Trails The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: A.J.C.Blyth@newcastle.ac.uk (Andrew Blyth) Date: Mon, 21 Feb 1994 09:29:22 +0000 Subject: Re: Clipper Overseas How does key escrow affect potential international users? At the recent Paris air show the US government was advising US business men to keep their briefcases shut as foreign governments where looking to steal their secrets. It strikes me that all that will happen is that non-US companies will adopt a more secure encryption system. And US companies will only be as secure as their escrow keys. It is therefore a step backwards for US companies and the US in general. In short, International users will NOT use it except when forced to talk to US companies. -- Department of Computing Science, | 20 Windsor Terrace, | Tel No. +44 91 222 8972 University of Newcastle Upon Tyne, | Fax No. +44 91 222 8788 Newcastle Upon Tyne, | England. | EMail. A.J.C.Blyth@newcastle.ac.uk NE1 7RU. | ------------------------------ From: Christopher Zguris <0004854540@mcimail.com> Date: Mon, 21 Feb 94 08:53 EST Subject: Re: Clipper Overseas A few days after I posted my question about the implications of clipper overseas I ran across this article in the TOP OF THE WEEK section (page 12) of the February 14, 1994 issue of INFORMATIONWEEK written by Mark E. Thyfault with John P. McPartlin and Clint Wilder: --- Excerpt Begins--- The Data Security Furor [...BACKGROUND INFO ON CLIPPER...] Secret Listening Posts But, according to National Security Agency expert James Bamford, U.S. businesses have reason to worry, particularly if they have offices in other countries. The NSA operates under a law that protects U.S. citizens and U.S. corporations from surveillance unless there is a connection with a foeeign entity. "To target a U.S. company, the NSA needs a warrant from a secret court, the Foreign Intelligence Surveillance Court," Bamford says. "This court has been in existence for 20 years and has issued only one public document. In its entire history, this little-known court has never turned down a request. It is very easy to present a case that impresses these judges, and very hard for the government to lose." Although the agency refuses to comment publicly on such matters, Bamford and others say the NSA already operates secret listening posts accross the country, including one in Sugar Grove, VA., where international telephone signals are intercepted and shipped by cable or microwave to NSA headquarters in Fort Meade, MD. ---Excerpt Ends--- Why has the popular media done such a poor job of informing the general public about all the aspects and potential problems of clipper? We keep hearing how everyone and everything will go over the "information superhighway" and how wonderful life will then be, but we don't hear about how potentially insecure the clipper can make these communications. Imagine if everything was going over some terminal in your home - banking, personal email/faxes/video, shopping, other financial transactions - all conveniently monitorable thanks to clipper. That's the problem in this whole debate, the general public has not been informed. If the general public were informed of the potential risks this debate would be over and clipper would be scrapped. Sorry if this post turned into a flame, the article got me pretty angry. ------------------------------ From: walter@netcom.com (Walter Alter) Date: 21 Feb 1994 10:32:10 -0600 Subject: Re: Bacard & Barlow: Clip Clipper Organization: UTexas Mail-to-News Gateway your analysis of the Clipper Chip affair is truncated at some crucial panoramas and unlesss wide angled- will see you proclaiming "peace in our time" like Chamberlain in 1939. now lookit- the entire radical/liberal end of the political spectrum was a product of some strange think tank low intensity conflict (Cold War) cultural paradigm shift psychological warfare operation spanning two generations starting in the late '50's. an important "theater" of these operations was the programming of American society to hold suspect our belief in technological optimism as an inevitable product of Scientific Method. from the attempt to institute "Aquarian Age" irrationalist quasi religions ("what's your sign?") to animistic Gaia Earth worship as the ostinado behind contemporary Environmentalism, from the anti-Nuclear Power movement to the anthropoligists' "cultural relativism" argument in favor of leaving the 3rd World undeveloped and non industrialized, Science based civilization has been under a broad front rolling barrage from Marxists, Anarchists, Socialists, neo-Primitivists, Liberals, Pastoral Utopians, mystics, UFO watchers waiting for Godot, and the occasional Jesuit. Science based technological progress has been cast under the spectre of fascist Militarism, wasteful space projects, Frankensteinian recombinant gene research, Dr. Strangelove beam weapons, glowing plutonium flowing in our sewers and a litany of spills, chills and cheap thrills from the Free Market Capitalist neanderthals who'se "enlightened self-interest" means Freudian death wish slow suicide for you, me and the planet. kids, it's time we dug ourselves out from under the rubble of Bolshevik disinformation about the nature and method of rational mentation and the fruits of our labors so applied that Science builds our future. the gist of my polemic here is that if you want to harness the brick throwing activism that animated the Viet Nam War Era you are going to have to get those cadres into a positive position about the benefits of enerpreneurial Capitalism as practiced by the elelctronics/computer industry and a positively stark raving affinity for the product of rational human genius, basic Scientific research, R & D applied industrial research, our capacity to engineer a solution to ALL human problems of material want, and our wacky eccentric inventor-uncle- Leonardo DaVinci. starting tomorrow we rehabilitate the memory of Comrade Nikola Tesla and comrade Buckminster Fuller and make them both household words within 3 months, forcing entire university faculties to devote their total resouces to furthering the work of these intellectual giants, and causing the National Education Association to adopt the Platonic Academy method of pedagogy for our nation's youth by next Tuesday. it's either that or lose the whole enchilada. dig? it's the post-Perestoika Age and post modern post industrial deconstruction party lineage is less than politically incorrect, it is the fetid expiration of a puppet corpse. ------------------------------ From: ccat@netcom.com (Chris Beaumont) Date: Thu, 24 Feb 1994 06:16:48 GMT Subject: Clinton/Gore Privacy Change - BLACKMAIL? Organization: Morningdew Associates An interesting explanation for the new Clinton/Gore non-policy on privacy might be intelligence community blackmail. I've heard more implausible stories... God willing they'll see the light. I think a government mandated ban on privacy could transform the US into a technological backwater, and quickly, a Third World nation. ------------------------------ From: WHMurray@dockmaster.ncsc.mil Date: Mon, 21 Feb 94 08:15 EST Subject: Re: Electronic Banking As I am trying to get a larger view on the problems that might occur with the large scale introduction of electronic banking and its possible social consequences, I'd like to know your opinion on what might happen; would it reinforce alienation of people who are not familiar with keyboards & screens,..... History suggests that the adoption of new banking technology is generational. That is, it requires 10-20 years to be adopted. Many older people never adopt it. New exchange technology never replaces old. My mother's mother never used checks. My mother did not use credit cards, ATMs, or automatic deposit. On the other hand, my 16 year old godson has had an ATM card since he was nine. While in absolute and relative terms, the amount of commerce that we do in gold coin is vanishingly small, it is as great as at any time in history. We have been talking about paperless banking since the introduction of the credit card, but we are still losing ground. While the amount of commerce that we do in credit cards now exceeds what we did in checks before credit cards were introduced, it is still not greater than what we do in checks. what could be the employees reaction to their new working environment,..... Again, generational. While older people will find it disorienting, young people think "that's the way things are." what about privacy,etc...? Serious issue. While the state always tries to use such technology to improve their surveillance of "bad guys" (read "citizens," like you and me), the international and competitive nature of banking makes that difficult. In England they are doing a pilot of "electronic currency" with the same anonymity as characterizes paper currency. This system will rely upon secret codes rather than on audit trails and reversibility. On the other hand, the government of Singapore is introducing a system that will look very much like the English system but will be completely traceable by the government. In the US, the government would like to outlaw large cash transactions. The outcome is less sensitive to the technology than to the balance of power between a people and their government. If you would understand this issue, read history, not contemporary journals like this one. William Hugh Murray, Executive Consultant, Information System Security 49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840 1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ From: todd@meaddata.com (Todd Leonard) Date: 21 Feb 1994 15:45:14 GMT Subject: Re: Privacy and Sexual Crimes Organization: Mead Data Central, Dayton OH Chuck Weckesser <71233.677@CompuServe.COM> writes: Should Rapist's And Pedophiles Be Forced To Register With The Authorities Every Time They Move Away? I have no qualms whatsoever with the concept of probation. If I'm not mistaken, probation controls (and "registers") the moves of a convicted person within and between jurisdictions. If there *is* validity to the suggestion that convicted rapists and pedophiles should be monitored following release, the appropriate response is to assign longer periods of probation. Alternate "registries" add administrative overhead, compound concerns for privacy and due process, and add no value to provisions we already have in place. ------------------------------ From: flb@flb.optiplan.fi (F.Baube[tm]) Date: Sat, 19 Feb 94 0:50:16 EET Subject: Telephone Card Audit Trails [Taken from RISKS-FORUM Digest Tuesday 22 February 1994 (15:57) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS, ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator] Here in Turku Finland one can make calls from pay phones using prepaid cards issued by the city phone company, Turun Telelaitos. These cards are on sale throughout the city, and are bought anonymously for cash. On two different occasions I have had cards malfunction. When the card is placed in a phone it is read and seen as valid, and I can dial, but when the other party answers, and the card is locked in for debiting, an error is generated and the call is (frustratingly!) terminated. On both occasions I have taken the offending card to the phone company's office. The card is passed thru a reader which displays the card's unique identifying number. The service person then calls this number in to another bureau, where they can dump a complete calling history of the particular card, no doubt to verify malfunction and protect themselves against fraud. Having verified the card malfunction, the service person asks for a name and address before issuing a refund (in the form of another card) for the malfunctioning card's unused portion. I do not know whether the name and address are ever verified; in this country I would imagine not. It is all well and good that they can extensively track an individual card, and where it has malfunctioned, and that this card can be bought anonymously, but naturally my privacy breaks down when they take my name and address, which they can (in principle) match it to the card's audit trail to get a partial track of my calling activities. But given that such card malfunctions are an unusual occurrence, related perhaps to the recent spate of subzero (fahrenheit) weather, it does not seem to me to be an undue threat to my privacy. Nonetheless, can anyone suggest some ideas that I might take to the phone company to permit them to make the same checks but with a higher level of privacy? Or should I just give them a bogus name and see if it ever causes a problem (in the form of, for example, more intrusive checks before issuing refunds)? * Fred Baube(tm), GU/MSFS/88 baube@optiplan.fi ------------------------------ End of Computer Privacy Digest V4 #034 ****************************** .