Date: Tue, 01 Mar 94 10:32:47 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#036 Computer Privacy Digest Tue, 01 Mar 94 Volume 4 : Issue: 036 Today's Topics: Moderator: Leonard P. Levine Re: EFF on FBI Telephony Bill Re: Van Eck Radiation and Privacy Media "Hackers" Whack Harding's E-mail Re: Bacard & Barlow: Clip Clipper Re: Telephone Card Audit Trails Re: Van Eck Radiation and Privacy Electronic Banking - CheckFree Privacy Forum Digest V3.05 The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: eyeball@netcom.com (David M. Berman) Date: Sun, 27 Feb 1994 19:37:07 GMT Subject: Re: EFF on FBI Telephony Bill Organization: NETCOM On-line Communication Services (408 241-9760 guest) If laws such as the FBI Telephony Bill and the legislation surrounding the clipper chip, skipjack, etc. come to pass, I'm going to have to ignore my excitement about all of these new technologies and retreat into the safety of paper for all of my information, communication, and financial needs. If all American-built equipment comes with Edgar Hoover built in, no one from abroad is going to want to buy it (unless they set up reciprocal information-sharing agreements such that we spy on your citizens, you spy on ours, and we all share all the info -- SCARY!). What can we do? How do we get Geraldo, Dan Rather, Pat Robertson, or whichever idiot to whom Americans like to attend, to come out in the press against these nightmares? Haven't we learned any lessons from McCarthy, Orwell, or the East Germans? I've signed the clipper petition, I've e-mailed Patrick Leahy, but I still don't see any POPULAR debate over these attempts to overrun the Constitution. We need to get creative and get busy. ------------------------------ From: skoper@netcom.com (Stan Koper) Date: Mon, 28 Feb 1994 04:05:42 GMT Subject: Re: Van Eck Radiation and Privacy Organization: None at the moment Prof. L. P. Levine wrote: Taken from the Risks-Forum Digest Saturday 26 February 1994 (15:59) Peter G. Neumann, moderator From: "Winn Schwartau" Over the last several years, I have discussed in great detail how the electromagnetic emissions from personal computers (and electronic gear in general) can be remotely detected without a hard connection and the information on the computers reconstructed. Electromagnetic eavesdropping is about insidious as you can get: the victim doesn't and can't know that anyone is 'listening' to his computer. To the eavesdropper, this provides an ideal means of surveillance: he can place his eavesdropping equipment a fair distance away to avoid detection and get a clear representation of what is being processed on the computer in question. (Please see previous issues of Security Insider Report for complete technical descriptions of the techniques.) The problem, though, is that too many so called security experts, (some prominent ones who really should know better) pooh-pooh the whole concept, maintaining they've never seen it work. Well, I'm sorry that none of them came to my demonstrations over the years, but Van Eck radiation IS real and does work. In fact, the recent headline grabbing spy case illuminates the point. I don't know about the "government" using Van Eck radiation, and this may be apocryphal, but when I lived in Milwaukee (1975-1987), there was a company that provided HBO to subscribers via microwave, providing small parabolic antennas and a receiver/decoder box. However, it was known that the same equipment could be purchased from companies that advertised in magazines like Radio Electronics. What I heard was that the microwave company had trucks that roamed the streets of Milwaukee, and that these trucks had equipment that could detect the "telltale" emissions of HBO. Addresses were then checked against subscriber lists, and if there wasn't a match, a letter was sent to the homeowner/resident, advising them that they had better sign up or cease and desist. ------------------------------ From: CuD Moderators Date: Sat, 26 Feb 1994 15:54:54 CST Subject: Media "Hackers" Whack Harding's E-mail ((MODERATORS' COMMENT: CuD has periodically reported on the manner in which the media cover hackers. Perhaps we should have been paying more attention to the manner in which the media covers by hacking. Perhaps the lesson of the following story is that "hacking" should be reclassified as a sport?)) NOT EVEN HARDING'S MAIL SAFE REPORTERS BREAK INTO HER ELECTRONIC MAIL SYSTEM Reporter: John Husar, Tribune Staff Writer (From: Chicago Tribune, 26 Feb, 1994 (Sect 3, p. 7)) LILLEHAMMER, Norway--In what was described as a "stupid, foolish mistake," perhaps as many as 100 American journalists peeked into figure skater Tonya Harding's private electronic mailbox at the Olympics. According to the story, no one claimed to have read the story or used the information. One reporter, Michelle Kaufman of the Detroit Free Press, explained that the offense was a "spur-of-the moment" incident that occurred after pizza at 2 a.m. According to Kaufman, the reporters merely attempted to see if a code, reputed to be Tonya's, would work. The story explains that an electronic information system is available to all members of the "Olympic family" of coaches, athletes, journalists, and others. The electronic system provides information (weather, sports, news) and allows for sending or receiving messages. The story explains that a double code is required to access messages: One is the user's Olympic accreditation number, and the other the secret password. The initial password is the user's birthdate. Harding's accreditation number was retrieved from an enlarged photo of her wearing an official Olympic ID tag. Her birthdate is readily available from publicity and other sources. Kaufman said she and a few others found that the code did gain access to Harding's mailbox. A sign reported 68 unread messages for Harding. "But we never opened any messages," Kaufman said. "There were none sent under her name. We made a joke--something about her not being smart enough to figure out how to get her mail--and closed the file and walked away. It couldn't have lasted for more than a minute." The story identifies Ann Killion of the San Jose Mercury News and Jerry Longman of the New York Times as being among the group. Both denied reading Harding's messages. Mike Moran, head of the U.S. Olympic Committee's information section, said he considered the situation an ethical matter for journalists to settle rather than anything that would require any kind of official reaction. ------------------------------ From: Mark Shanks Date: Mon, 28 Feb 1994 11:02:53 -0700 Subject: Re: Bacard & Barlow: Clip Clipper Organization: Honeywell Air Transport Systems Division walter@netcom.com (Walter Alter) writes: from the attempt to institute "Aquarian Age" irrationalist quasi religions ("what's your sign?") to animistic Gaia Earth worship as the ostinado behind contemporary Environmentalism, from the anti-Nuclear Power movement to the anthropoligists' "cultural relativism" argument in favor of leaving the 3rd World undeveloped and non industrialized, Science based civilization has been under a broad front rolling barrage from Marxists, Anarchists, Socialists, neo-Primitivists, Liberals, Pastoral Utopians, mystics, UFO watchers waiting for Godot, and the occasional Jesuit. Science based technological progress has been cast under the spectre of fascist Militarism, wasteful space projects, Frankensteinian recombinant gene research, Dr. Strangelove beam weapons, glowing plutonium flowing in our sewers and a litany of spills, chills and cheap thrills from the Free Market Capitalist neanderthals who'se "enlightened self-interest" means Freudian death wish slow suicide for yo Yow! It's like reading the label on a bottle of Dr. Bronner's soap! DILUTE! DILUTE! OK! ------------------------------ From: palbert@netcom.com (Phil Albert) Date: Tue, 1 Mar 1994 02:49:53 GMT Subject: Re: Telephone Card Audit Trails Organization: Disorganized flb@flb.optiplan.fi (F.Baube[tm]) writes: Here in Turku Finland one can make calls from pay phones using prepaid cards issued by the city phone company, Turun Telelaitos. These cards are on sale throughout the city, and are bought anonymously for cash. [Discussion of the fact that, for diagnostic purposes, the telco tracks the numbers used on each phone card and where it malfunctioned. To get a refund on a failed card, you identify your name and address to the telco, and they send you a refund, but the can now link you to the previously anonymous activity.] It is all well and good that they can extensively track an individual card, and where it has malfunctioned, and that this card can be bought anonymously, but naturally my privacy breaks down when they take my name and address, which they can (in principle) match it to the card's audit trail to get a partial track of my calling activities. Nonetheless, can anyone suggest some ideas that I might take to the phone company to permit them to make the same checks but with a higher level of privacy? Or should I just give them a bogus name and see if it ever causes a problem (in the form of, for example, more intrusive checks before issuing refunds)? Ahh, a good question from the land of anon.penet.fi. Might I suggest that you should be happy with what you have? Here in the states, we cannot expect such privacy. If you value your anonymity more than the remainder of the card, toss it, or have the check made out to a charity. Fairly soon, anything anonymous in U.S. will be obsolete (me thinks). Wanna buy some Clipper chips, cheap? -- Phil Albert, full-time patent attorney and philosopher, part-time car thief Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend Internet: palbert@netcom.com or palbert@cco.caltech.edu ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760' ------------------------------ From: palbert@netcom.com (Phil Albert) Date: Tue, 1 Mar 1994 03:09:13 GMT Subject: Re: Van Eck Radiation and Privacy Organization: Disorganized Prof. L. P. Levine wrote: Taken from the Risks-Forum Digest Saturday 26 February 1994 (15:59) Peter G. Neumann, moderator From: "Winn Schwartau" To the best of my knowledge, this is the first time that the Government had admitted the use of Van Eck (Tempest Busting etc.) in public. If anyone knows of any others, I would love to know about it. The Government did not admit to using a Van Eck device, and anyone with an electronics background would know that they didn't use one in the Ames case. Sure, it is trivial to design a Van Eck device and reconstruct what is going on in a computer without touching it, but those are only practical where you don't have physical access. Read the Affidavit again. The FBI had physical access to Ames' house. That means they bugged it for sound, bugged the phones, took a dump of his hard drive, and installed a physical snooper in his PC. Just by having the signals off the PC, you can't get as much info compared with having a bug tapping the keyboard/mouse interrupt(s) or wire(s). If you have a dump of the hard disk AND a copy of the stream of keyboard/ mouse movements, you can recreate everything he did. Of course, a before-and-after hard disk dump (including deleted sectors) is probably all you need. Of course, with a keyboard snooper, the device might need to be bigger than a Van Eck snooper, and thus increase the chance of detection, but when was the last time you noticed that extra chip I put in YOUR machine? What? You haven't heard of the 487 snooper? It has easy access to the ENTIRE CPU bus and it doesn't need its own power source! Get 'em at Fry's! (I wish) BTW, did you know that Zenith sells a non-Van Eck-able PC, or did at one time. GSA Schedule, no doubt. -- Phil Albert, full-time patent attorney and philosopher, part-time car thief Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend Internet: palbert@netcom.com or palbert@cco.caltech.edu ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760' ------------------------------ From: Hyatt_Edward_R@byu.edu Date: Tue, 01 Mar 1994 08:13:42 -0700 (MST) Subject: Electronic Banking - CheckFree Organization: Brigham Young University I have thought about using the CheckFree service, but I am worried about the prospect of giving them my SS#, bank account #, etc. Can I trust their claim of confidentiality; and what would protect my information from being disclosed to other organizations? I would like to hear what others think. Also, what about EFT's (electronic funds transfers from one account to another, or direct deposit? There is increasing pressure from the government and employers to use this method of payment. Any thoughts would be appreciated. ------------------------------ From: "Prof. L. P. Levine" Date: Tue, 1 Mar 1994 10:08:08 -0600 (CST) Subject: Privacy Forum Digest V3.05 Organization: University of Wisconsin-Milwaukee Volume 03 number 05 dated Sunday, 27 February 1994 of the PRIVACY Forum Digest, moderated by Lauren Weinstein is completely dedicated to the Clipper Chip discussion and contains an excellent compendium of rational arguments on both sides of the issue. I highly recommend this 60,000 byte document. It is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. I have archived it on "ftp.cs.uwm.edu" [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy/library" and this document is stored as Privacy-vol03-iss05. I will email it to people who cannot reach it through ftp. Its table of contents follows: CONTENTS The Clipper Saga continues... (Lauren Weinstein; PRIVACY Forum Moderator) Re: Emotion v. Reason (Marc Rotenberg) Re: Emotion vs. Reason in the Clipper "Debate" (Jerry Leichter) Privacy Forum comments, v3i4 (Prabhakar Ragde) Clipper, Denning and PRIVACY Forum Digest V03 #04 (Lee S. Parks) CPSR Clipper Petition /rsp to Denning (Marc Rotenberg) Newsday article: The Clipper Chip Will Block Crime (Dorothy Denning) FWD>FYI: Rivest's response to Dorothy Denning (Dave Banisar) The Return of the "Digital Telephony Proposal" (Lauren Weinstein; PRIVACY Forum Moderator) ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V4 #036 ****************************** .