Date: Thu, 31 Mar 94 08:54:43 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#047 Computer Privacy Digest Thu, 31 Mar 94 Volume 4 : Issue: 047 Today's Topics: Moderator: Leonard P. Levine NY Times: Computers, Freedom & Privacy Conference Re: Time Magazine on Clipper Anonymous Phoning Clipper Chip The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: skoper@netcom.com (Stan Koper) Date: 28 Mar 1994 01:52:13 GMT Subject: NY Times: Computers, Freedom & Privacy Conference Organization: None at the moment Today's (March 27, 1994) NY Times has an interesting article under Peter H. Lewis's byline concerning the recent Computers, Freedom and Privacy Conference. Lewis quotes one David Lytel, "of the President's Office of Science and Technology Policy", as saying "Cryptography is an enormously powerful tool that needs to be controlled, just as we control bombs and rockets." Now I know that Mr. Lytel *could* just be referring to "export" controls, but on the other hand, it doesn't sound too promising for non-Clipper encryption. The article also quotes Stewart A. Baker, identified as "general counsel for the National Security Agency" as saying "What I'd like to see is people engage in the really hard question: Do you want to live in a world where law enforcement cannot do its job because of the need for privacy?" An interesting question, especially considering how little evidence is obtained (from what I've read here and elsewhere) from wiretaps of currently *non-encrypted* telephone conversations. Stan Koper skoper@netcom.com ------------------------------ From: sam@swlvx2.msd.ray.com (Sean Minuti {82622}) Date: 28 Mar 1994 20:01:44 GMT Subject: Re: Time Magazine on Clipper Organization: Raytheon Company, Tewksbury, MA There's also two articles in Wired magazine this month discussing the Clipper chip and its potential uses and abuses. I only had a chance to skim over it, but it looked like good info. The part I read was a plead for people to lobby there Congress-person against a certain bill which helps to proliferate the Clipper chip as the de-facto standard in cryptography. This would, they contend, allow the feds secret access to all encrypted messages and data. I've been reading Wired magazine for a few months and it seems to be level-headed and ultra-cool at the same time. I would tend to listen to what they are saying more so than what Time is saying. The Wired articles seemed to warn that Big Brother has finally figured out how to fulfill Orwell's prophesy. But, at the same time, I wonder if He is merely trying to hold on to what He already has, ie. Is anything like bank and credit card records as well as e-mail actually encrypted now? I think true encryption is necessary and I'm concerned that the government is so 'prepared' to provide it. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Mar 1994 13:35:31 -0600 (CST) Subject: Anonymous Phoning Organization: University of Wisconsin-Milwaukee One of the issues that is often addressed in privacy groups is that of anonymous phone calls. Making calls from residences is now far from private what with the presence of callerid capabilities. Making private calls from payphones will probably become more difficult if credit cards or conventional phone cards are used since the records of the card agencies can (and will) be subpeonad if there is deemed to be a need to know. There is always the option of using a public phone and paying cash, but I suspect that market forces will increasingly discourage the use of cash in public phones in the future. These forces result from the insecurity of the cash box in public phones (they can always be broken into) and the installation of non-cash-box phones that anticipate the use of credit cards. Recently I spoke to a vendor of anonymous debit phone cards, cards that can be purchased for cash and can be used for phone calls until the prepaid amount is exhausted. This particular vendor was interested in selling vending boxes that you can install in public spaces. They will accept $10 bills and will vend plastic cards imprinted with a multi-digit identity number and the 800 number of a phone call provider. He told me that I can earn big money by going into this business. Right. :-) In use the purchaser calls the 800 number, gives the operator (or keys in) the card identifier, and then dials the long distance number. The cost (they tell me) is $0.25/minute for anywhere in the US. Since the cards are sold through a vending machine for cash, there is no trace of who owns which card. This is clearly anonymous calling for people using payphones. There is another point to be made. A technique called "shoulder surfing" is known whereby a criminal watches over your shoulder as you key in your phone codes. S/he then sells these codes to people who use them to make phone calls, often to the tune of thousands of dollars per day. These debit cards are limited to only $10 of calls and automatically stop after that. This limitation of exposure can be used to decrease the cost of legal calls. There is even more. If the caller enters a *67 before dialing, then the card vendor could keep no link between the incoming callerid and the outgoing number. You then can call this 800 number from a residence, and since the call is made out of the card owners pool number, there is no sure trace possible of which incoming call was connected to which outgoing call. If no data is kept, no subpeonaed data can be demanded. I view this second option as far more risky than the first, however. Why anyone is interested in making anonymous calls is not the subject of this note. Maintaing my freedom to make such calls is. This is not a commercial for any such company, just an indication of what I believe will be the natural result of the existence of such a service. I am interested in the judgements and feelings of particpants in this forum. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: armand@wam.umd.edu (Sixto Armando Roman) Date: 29 Mar 1994 23:16:02 GMT Subject: Clipper Chip Organization: University of Maryland, College Park -Technology enables people to do things that they could not do before. For example, the airplane allowed people to travel all throughout the world. Well, encryption also enables people to do something new. Thanks to encryption, people are better able to protect their confidential information on computer hard disks and wire transmissions. -However, President Clinton supports a "clipper chip" device allowing the government to decode such encrypted files if it obtains a warrant and access to "keys" that will turn on the device when law enforcement agencies and other government entities think they need to look at the encrypted communications and records of suspected criminals. -Now imagine a world in which the government places a camera inside of each room in every home, in every auto, in every restaurant, in every airplane, in every bathroom, in short-EVERYWHERE! The government installs these to watch criminal activity. -However, the government kindly establishes rules that prevent any law-and-order government agent from turning on any camera indiscriminately. In order to observe people's activities, police officers and federal investigators must obtain warrants and access to the central control rooms for these cameras. -Although the government may seem to have taken the necessary precautions for protecting the population from excessive intrusion, these cameras still sound very intrusive. I suspect that most people at the moment would oppose cameras placed everywhere in their lives. People would be afraid that someone might turn on a camera in a bedroom just to get some free pornography. They might feel uncomfortable doing their taxes in the kitchen because the IRS might turn on the cameras to see if everyone was filing correctly. They might feel uncomfortable using the bathroom. We could go on and on. -People will also feel uncomfortable communicating with others and saving their records on disk if the government indeed establishes a "clipper chip" in every encryption device used to prevent others from seeing private information. People will be afraid to save their tax information on disk for fear that someone will just be able to break into it without any serious trouble. -All of the above sounds intrusive. It is scary, but some would argue that the only individuals who need to worry about the government turning on the camera or the "clipper chip" are those with something criminal to hide. If you voice any objection to anything intrusive that the government does to protect the public, such individuals would say, "What have you got to hide?" -A good example of such an attitude has been seen with regard to drug testing in the workplace and academia. The government, business and academia rightly want to stamp out drugs and the dangers people under the influence of them pose to the public. When the drug-testing debate was raging in the late 1980s, supporters of these tests simply said, "What have you got to hide? If you haven't done anything wrong, then you shouldn't worry about a simple drug test. All that these tests are designed to do is protect the public from hallucinating truck drivers, train operators, etc." -At face value, this argument is strong; however, drug tests are unquestionably intrusive. For example, if you are taking a drug for an illness that you wish to keep private, such tests will tell investigators what medications you are on, thus giving them a pretty good idea of what your condition is. Sure the investigator might protect medical records, but you don't want anyone else but your doctor, close relatives and friends to know about the illness. Many people take this view today, but the "What have you got to hide? argument won the debate ond drug testing pervades workplaces as well as several academic institutions through- out the nation. -How can the "What have you got to hide?" argument be more effectively fought against with regard to the "clipper chip"? After all, the "clipper chip" sounds like a simple wiretap. And the government seems to be taking precautionary steps similar to those required for conducting wiretaps that often only require placing alligator clips on a phone line in order to intercept phone conversations. Certain segments of the government abused wiretapping through this gigantic hole in privacy protection on telephone lines. However, the courts and lawmakers eventually straightened things out enough that the average phone user does not need to worry about being indiscriminately monitored. -If there is no effective counter to the "What have you got to hide?" argument, and people fail to argue that Clinton's proposed handling of the "clipper chip" is inadequate, then it will inevitably become a part of all encryption-related hardware and software. This may happen before the end of Clinton's first term and long before health care will wver be reformed. What can be done to stop what seems inevitable? ------------------------------ End of Computer Privacy Digest V4 #047 ****************************** .