Date: Tue, 05 Apr 94 11:30:42 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#049 Computer Privacy Digest Tue, 05 Apr 94 Volume 4 : Issue: 049 Today's Topics: Moderator: Leonard P. Levine Re: Activist list subpoenaed Re: Activist list subpoenaed America Online CNID vs. ANI Re: Anonymous Phoning Re: Anonymous phoning Re: Anonymous Phoning Re: Anonymous Phoning Re: What is legal? Clipper - who's side are they on? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: ajh@panix.com (A. H.) Date: 3 Apr 1994 16:09:47 GMT Subject: Re: Activist list subpoenaed Organization: Panix Public Access UNIX and Internet bruce@jise.isl.melco.co.jp (Bruce Hahne) writes: SMOKING OUT THE OPPOSITION Lawyers for the American Tobacco Co. were granted a subpoena for the membership list of a computer network used by anti-smoking groups. The move to acquire SCARCNet's (Smoking Control Advocacy Resource Network) records is believed to ... I don't know about you folks, but I thought subpoenas of this type were outlawed 50 years ago when the Supreme Court found that a subpoena for an NAACP membership list was an improper government intrusion upon the freedom of association. It would be educational to follow this issue from a judicial perspective given the economic scale involved. Specifically: - Is the judge elected or appointed? - When is his/her term over? ajh@panix.com ------------------------------ From: hedlund@teleport.com (M. Hedlund) Date: 3 Apr 1994 23:30:40 -0800 Subject: Re: Activist list subpoenaed Organization: Teleport - Portland's Public Access (503) 220-1016 brad@clarinet.com (Brad Templeton) wrote: This is a civil matter, and the rights of privacy one has in criminal matters tend to vanish in civil litigation. The parties to a lawsuit have tremendous powers to force the other side to reveal information relevant to the case. Yes, and the NAACP case involved a *governmental* attempt to gain access to a membership list. Take a look at what the forwarded post says: From: Steve Barber : I don't know about you folks, but I thought subpoenas of this type were outlawed 50 years ago when the Supreme Court found that a subpoena for an NAACP membership list was an improper government intrusion upon the freedom of association. The argument was that if the government could keep track of who joined what organizations, then citizens would be less likely to join groups the government didn't like or had reason not to like; and therefore a government power would be hindering the right of assembly. The cigarette companies are not the government, and they're not even pseudo-governmental organizations like the phone company. If they were pseudo-governmental (that is, if they were regulated and controlled by the government to such an extent that their action could be construed to be "state action"), then it would be possible to say that they could not subpoena a organizational roster by citing the NAACP case. This seems like it would be very difficult to establish -- the surgeon general's warning isn't enough to pass this test. When a corporation finds itself faced with organized and effective resistance to its product or methods (as can also be seen in the wood products industry), it will allege that this resistance is biasing government agencies against it. A membership list such as the one subpoenaed, it could be argued, might show a link between this anti-cigarette lobby and, say, the FDA, which is now considering regulating cigarettes as a drug. If the tobacco companies can show such a link, they can discredit the FDA proposal as a biased action. Once the American Tobacco Co.'s lawyers have this list, they're not going to be able to publish it freely. If the opposition lawyers are any good, they could arrange it so that only the tobacco company *lawyers* have access to this list (although this may not be possible). But the possibilities for blacklisting and subtle pressure make this subpoena one for which, as is often said elsewhere, "the RISKS are obvious." By the way, Carl's "Moderator's note" was correct: usually, all that is needed for a subpoena is the signature of the court clerk on a properly completed form -- unless someone objects, the judge doesn't even see it. The Advocacy Institute lawyers have objected, so we'll see what happens. ]\/[. ]-[edlund ------------------------------ From: camurphy@acsu.buffalo.edu (Cynthia) Date: 5 Apr 1994 00:42:55 GMT Subject: America Online Organization: UB I'm looking for any information concerning America Online's pursuit of prosecution of their users & others. Examples include the reporting to the FBI of 'kiddie porn' exchanges on AOL in 1991. Any articles - regular magazine/newspaper or ftp-able stuff - would be appreciated. I have already searched a periodicals index & am using archie & other online keyword searches to look for stuff but my school's electronic library cataloguing system sucks & there could always be stuff I missed. Other references concerning electronic privacy, freedom of speech, surveillance & other violations of users by AOL & others would be helpful as well. (I'm already keeping abreast of what's going on with Clipper) Thanks in advance. Cynthia Murphy ------------------------------ From: RATHINAM@INS.INFONET.NET Date: 4 Apr 1994 06:01:08 -0500 (CDT) Subject: CNID vs. ANI I am sure your other readers also pointed out that ANI (delivered to the 800 number) is the number to which the call is BILLED - not the number CALLED_FROM. If you have more than one phone number and bill them all to one number (phone numbers A, B, Teen, D, E, all billed to D), then with ANI, only D will be delivered when you call from any of them. -rathinam ------------------------------ From: Chuck Weckesser <71233.677@CompuServe.COM> Date: 04 Apr 94 09:06:32 EDT Subject: Re: Anonymous Phoning The *phone caller* has absolutely no right to privacy in my view; the *phone call recepient*, however, does. Therefore, I will always be a strong supporter of any measure whereby one can trace who is calling into one's home. If you don't want your call traced, then *DO NOT CALL ME*. It's really that simple. So to those who whine about the "rights" of those who are making the call, I say you offer us a straw man argument. The person who "makes" the call *does* have 100% privacy in the event that they choose not to invade another person's. I have been able to purchase equipment whereby I can trace *all* of my calls; all you have to do is buy an 800 number and then *forward* your phone to the 800 number and the calling party is then discovered. I have had to do this recently to document harassing phone calls I have received and the evidence cannot be challenged when I use it. It is indeed the "callee" whose privacy is trampled upon when someone calls him/her and they have no idea who is calling. I forgot to add: my state has a feature whereby you simply dial *57 after a harassing call and it is automatically traced by the phone company--however, the customer is NOT given the number but the authorities are, which is more than sufficient in my view. ------------------------------ From: johnl@iecc.com (John R Levine) Date: 4 Apr 94 13:48 EDT Subject: Re: Anonymous phoning Organization: I.E.C.C., Cambridge, Mass. I can't agree that anonymous phone calling is a privacy right. ... You're making the same mistake that many CLID proponents make, confusing receipt of the calling number with identification of the caller. I rarely make any calls in which I don't want the callee to know who I am. On the other hand, lots of times I make calls where it's none of the callee's business where I'm calling from. There are lots of examples of this: I'm out of town, pick up my answering machine messages, and return the messages from a friend's house. I really do not want people pestering my friend just because I happened to return a call from her house. Or I'm a doctor returning patients' calls from home. Or I'm a lawyer visiting client A who borrows an empty office to call client B. You don't need exotic examples like battered women's shelters to find these situations. Actual caller ID has always been available at no charge: you ask "Who's calling, please?" and if you don't like the answer, you hang up. It is sad that people are such slaves to their phones that they can't handle that. I also have to note that the telcos' marketing of CLID has been very disingenuous. They've marketed CLID primarily as a deterrent to annoying calls, trying to distract attention from its primary use in collecting telemarketing lists. Call Trace, a service related to CLID, is the one actually appropriate for annoying calls. It's not blockable, and it records numbers where they can be picked up by phone company security people, much better for legal purposes than a number scribbled down from a CLID display. The worst thing is that phone companies seem to think that now that Call Trace and CLID, available at extra cost, are a replacement for their annoying call bureaus, always provided as part of basic service. If the state regulators were on the ball they'd mandate that Call Trace be provided for free to improve the existing annoying call bureaus. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com PS: Helpful suggestion to the moderator: Several years of flaming about Caller ID on the Telecom list makes it clear that many people have very strong attitudes about this topic, one way or the other, and they're not going to have their minds changed by yet another rehashing of the arguments. ------------------------------ From: jmm@elegant.com (John Macdonald) Date: 4 Apr 1994 17:40:23 -0400 Subject: Re: Anonymous Phoning If we're taking about your _home_, we can get into all the usual privacy issues. But what about you entering mine? Do the same rights follow you in my door, so to speak? It's pretty standard expectation that if you want entrance to another's territory, you'd better be prepared to present ID. Not all people insist on seeing ID before they are willing to talk to someone that comes to their door. There has to be a middle ground which allows anonymous calling to parties that are willing to accept such calls while not allowing anonymous calls to parties that wish to insist upon ID. The phone company ought to provide a recipient option that lets the recipient choose to never receive calls with blocked ID. Their phone would not even ring (or be busy), and the caller would get an intercept message "The number you have dialled does not accept calls with blocked ID.". The caller would know why their call did not get through and could choose to unblock and call again if they felt that there was a need to complete the call. (The current situation where the recipient's display says "number blocked" and the recipient just does not answer can lead to the caller trying again and again, hoping that the recipient will eventually get home. While there may be some desire to cause such callers that sort of nuisance, it also means that the recipient's phone is busy.) This allows both sets of "rights" to be honoured. Instead of doing this by forcing non-anonymity on calls where it would be acceptable to both parties, it does so by not completing calls when the two parties desires conflict. ------------------------------ From: nevin@cs.arizona.edu (Nevin Liber) Date: 5 Apr 1994 02:54:34 -0700 Subject: Re: Anonymous Phoning Organization: University of Arizona CS Department, Tucson AZ Spencer Roedder wrote: I have always been a staunch advocate of privacy, but I find I come down on the opposite side from a lot of people, who bemoan the lack of privacy brought about by CallerID. They are concerned about the caller's privacy; I find more to be concerned about in the callee's privacy. As I see it, the ability to make an anonymous phone call is a historical anomaly which has only been with us for the last century. Before that time, if you wanted to talk to someone you came to their door or confronted them in public; the only alternative was the much-maligned anonymous letter. I see CallerID as simply restoring the historic status quo: the _right_ of a person "called to the door" of his own home to know who is on the other side of the door. That would be true IF CallerID actually identified the caller (although I can still see legitimate uses for anonymous calling). However, all it identifes is the location the caller is calling from. Businesses are creating databases based on this erroneous assumption. It's not like they haven't screwed up before; there are also databases assumming SSNs are unique. It is up to the individual who gets screwed to try and straighten things out later, and I don't see that changing with Caller(location)ID databases. The only case where I can't see a legitimate reason to block calls is a business -> residence call. However, the phone companies see a major source of revenue from the residence -> business calls, so they don't want a residential subscriber to be able to block this number. They don't give a darn about our privacy either way. The other is the concern that commercial establishments might use CallerID to collect the IDs of people who contact them. But that is where the money is. That is why the feature exists. You won't be able to outlaw the major source of revenue for the feature. (2) Create a culture where it's just not the "right" thing to do, by having people object strenuously to any actual _use_ of such a list. Won't happen. They'll be so many organisations creating databases that it will be impossible to fight them. As long as the companies are small and have nothing else to lose (unlike Lotus, which could potentially lose its other customers), they'll compile and sell the lists. Hell, they're doing it now, from every source that is willing to sell them information! (3) Minimize the value of such lists by making it illegal to sell them. Won't happen. (4) Allow per-call blocking so that when I call an organization that I _really_ don't want keeping track of me, I can explicitly block it. This would be good enough for me. The one "fix" I don't think is right is the complete "per-line" block of CallerID that has been made a condition for institution of CallerID in some areas. To me, this tilts the scale too far toward the privacy of the anonymous caller, which I previously pointed out is a historical fluke. So I'll buy a phone that dials *67 before every call. Big deal. If you can do per call blocking, it is trivial to build something to do per line blocking. Not letting the phone companies implement it won't stop it from happening; you're just fooling yourself if you believe otherwise. Any privacy is a historical fluke; there are no constitutional guarantees for or against it. Since we can't have perfect privacy, we have to decide which side of the fence we are going to err upon. The "innocent until proven guilty" stance would err in favor of protecting the right to call anonomously over the right for the callee to get the location of the caller. This lets a few bad anonymous callers go unpunished. If we assume "guilty until proven innocent", we have to stop all anonymous callers, including legitimate that have not been enumerated. Personally, I prefer the former stance, especially since once you lose that privacy right, it is all but impossible to get it back (even if you realise that you gave up too much of the right). Nevin ":-)" Liber nevin@cs.arizona.edu (602) 293-2799 +++ (520) after 3/95 office: (602) 621-1685 ------------------------------ From: palbert@netcom.com (Phil Albert) Date: 4 Apr 1994 18:09:36 GMT Subject: Re: What is legal? Organization: Disorganized "John P. Quinn" writes: I have a few things happening to me that I feel are a bit strange but I'm not quite sure if it's classified illegal or not. Perhaps some of you out here can answer some of my questions. I'm going to itemize the things that have happened in the recent past, they are: 4. Finding my all passwords to the company computer system (I'm a MIS Director) How exactly do they get your passwords, if they are not written down? Why do I not believe you are an MIS director? [material deleted by moderator] Ha, ha. You fooled me. I didn't notice that this was an April Fools joke. -- Phil Albert, full-time patent attorney and philosopher Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend Internet: palbert@netcom.com or palbert@cco.caltech.edu ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760' [Moderator: neither did I. He got me.] ------------------------------ From: "herronj@maroon.tc.umn.edu" Date: 4 Apr 94 16:53:51 CST Subject: Clipper - who's side are they on? Maybe I was asleep when he explained this, but I don't understand how failing to institute this bill would affect the status quo. Since he repeatedly agreed that additional user-provided layers of strong encryption would make federal wiretaps useless, how does a government-encrypted government-tappable network differ from what we have now? Assuming strong crypto for telephones etc. will come commercially whether the digital telephony bill is passed or not, just what ability is the bill supposed to prevent the FBI from losing? I guess my bewilderment revolves around the government's claim that non-Clipper cryptography will not be made illegal. And you know the Feds wouldn't lie to you. If the Federal Government really means what they say about non-Clipper cryptography _not_ being made illegal than we the privacy advocates should embrace Clipper. What the Feds would be doing is actually adding a layer of security, and privacy, where perhaps there was none before. Though they would have the ability to bypass this security we are to assume that no one else can. And since we can always throw on additional layers of security (encryption) just as we do now than we are not losing anything. Now what sounds wrong with this? Here the Government is saying publicly that the reason for Clipper is to catch the bad guy, but at the same time Clipper as described actually improves the bad guys privacy. (Remember if the bad guy was using no encryption before he now has it built in by Uncle Sam. If he was using encryption previously he now simply has an additional layer). This new Government approved encryption would prevent (according to the government) unauthorized eavesdropping by law enforcement, private police forces, snitches, etc. Thus reducing the bad guys chances of getting caught. (Very often the police, and especially the Feds, are tipped off from outsiders who have obtained their evidence illegally. As long as the government was not involved the evidence is admissable to obtain a warrant). Now why is it I don't believe the government when they tell me that other encryption methods won't be made illegal? One of two things is happening here: 1) Clipper is a NSA plot that actually helps them break the other layers of encryption added on top of it. 2) The government is planning to outlaw other forms of encryption and is stupider than even I believed to think that outlawing other forms of encryption will prevent their use. Personnally I believe either choice is possible and probably even likely. ------------------------------ End of Computer Privacy Digest V4 #049 ****************************** .