Date: Wed, 20 Apr 94 09:02:01 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#054 Computer Privacy Digest Wed, 20 Apr 94 Volume 4 : Issue: 054 Today's Topics: Moderator: Leonard P. Levine Scanned photo & signature NII and the US Card Simon's Privacy Protection Bill FBI documents re Dig Tel, DSS Re: FCC Issues Decision on Caller ID Re: Clipper Teaches Public to Encode? Re: Let your fingers do the walking on the Internet Re: Credit check only with Permission Granted The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Adriane Moser Date: 16 Apr 94 14:30:09 EDT Subject: Scanned photo & signature Organization: State University of New York at Stony Brook Hello. I am new to this group and so do not know if this has been discussed rec ently. If so, someone please give me a date and I will look in the archives. How do you feel about companies that want to scan in my photograph and signatur e and keep them on a computer so that they can re-issue IDs, credit cards, etc. in the future without taking my picture or getting my signature again. I'm par ticularly uncomfortable about the electronic copies of my signature floating ar ound. If I were to ask them not to scan my signature or to delete the file, how would I justify it? (I'm thinking of the motherly types in the school ID office.) ......................................................................... Adriane Moser : amoser@ccvm.sunysb.edu : I think the most lovely time of the year is State University of New : Spring, don't you? Of course you do! York at Stony Brook : -Tom Lehrer ........................:................................................ ------------------------------ From: WHMurray@dockmaster.ncsc.mil Date: 16 Apr 94 16:06 EDT Subject: NII and the US Card Last week in the security track of the CardTech/SecureTech Conference, I heard a presentation by a representative of the U. S. Postal Service on the "US Card." This is a piece of the national information infrastructure intended to mediate all government services to and controls over the citizen. It will contain health care data, financial data, tax data, and identity data. It will contain a private key (digital signatures only), a pin, and other identifying data. (While emphasizing that "open to new applications" was a requirement of the system, he was silent on arrest record, voter registration, gender preference, and previous condition of servitude.) Use of the card will be "voluntary." The government is doing this for us because it will enable them to give us better service, because the citizens require "one card," and to protect us from the "twenty million 'little brothers'" that we now recognize as the "real threat to our privacy." (He did not claim that this would protect us from terrorists, child molestors, drug dealers, or religious cults.) (All of this was delivered with a perfectly straight face and without challenge from the audience.) Of course if we do not like it, we can do away with it, right? The official stated that the Postal Service is prepared to issue a hundred million of these cards within months of getting the go ahead. Along with the net, "voluntary" fingerprinting of the poor, CLIPPER, and the FBI's digital telephony initiative, what more could any citizen, not to say government, ask for? Law and order is just around the corner. Aren't you glad to hear that Orwell had it all wrong? William Hugh Murray, Executive Consultant, Information System Security 49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840 1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ From: lpincus@wppost.depaul.edu Date: 16 Apr 1994 17:32:09 -0600 Subject: Simon's Privacy Protection Bill I was wondering if anyone could direct me to some references (or could offer personal opinions) regarding Sen. Paul Simon's Privacy Protection Act of 1993. I am looking in particular for any reasons why it might not go far enough or where it might have some shortcomings. I am tying up an article which discusses the distinctions between public sector and private sector privacy rights in the U.S. Thanks so much. Laura Pincus lpincus@wppost.depaul.edu Assistant Prof. of Legal Studies and Ethics DePaul University One E. Jackson Chicago, IL 60604 312/362-6569 fax: 312/362-6973 ------------------------------ From: "Richard F. Strasser" Date: 17 Apr 1994 11:26:04 -0400 (EDT) Subject: FBI documents re Dig Tel, DSS I thought that list members might be interested in this note, which was posted to another group. ---------- Forwarded message ---------- Date: Sun, 17 Apr 1994 03:40:42 -0400 (EDT) From: Stanton McCandlish To: eff-activists mailing list Subject: [David Sobel: Re: FBI documents re Dig Tel, DSS] (fwd) In case anyone missed this: From: David Sobel Date: Wed, 30 Mar 1994 11:31:52 EST In response to a CPSR Freedom of Information Act lawsuit, the FBI has released 185 pages of documents concerning the Bureau's Digital Telephony Initiative, code-named (according to the documents) Operation "Root Canal." The newly disclosed material raises serious doubts as to the accuracy of the FBI's claims that advances in telecommunications technology have hampered law enforcement efforts to execute court authorized wiretaps. The FBI documents reveal that the Bureau initiated a well orchestrated public relations campaign in support of "proposed legislation to compel telecommunications industry cooperation in assuring our digital telephony intercept requirements are met." A May 26, 1992, memorandum from the Director of the FBI to the Attorney General lays out a "strategy ... for gaining support for the bill once it reaches Congress," including the following: "Each FBI Special Agent in Charge's contacting key law enforcement and prosecutorial officials in his/her territory to stress the urgency of Congress's being sensitized to this critical issue; Field Office media representatives educating their contacts by explaining and documenting, in both local and national dimensions, the crisis facing law enforcement and the need for legislation; and Gaining the support of the professional associations representing law enforcement and prosecutors." However, despite efforts to obtain documentation from the field in support of Bureau claims of a "crisis facing law enforcement," the response from FBI Field Offices was that they experienced *no* difficulty in conducting electronic surveillance. For example, a December 3, 1992, memorandum from Newark reported the following: The Newark office of the Drug Enforcement Administration "advised that as of this date, the DEA has not had any technical problems with advanced telephone technology." The New Jersey Attorney General's Office "has not experienced any problems with the telephone company since the last contact." An agent from the Newark office of the Internal Revenue Service "advised that since the last time he was contacted, his unit has not had any problems with advanced telephony matters." An official of the New Jersey State Police "advised that as of this date he has had no problems with the present technology hindering his investigations." Likewise, a memorandum from the Philadelphia Field Office reported that the local offices of the IRS, Customs Service and the Secret Service were contacted and "experienced no difficulties with new technologies." Indeed, the newly-released documents contain no reports of *any* technical problems in the field. The documents also reveal the FBI's critical role in the development of the Digital Signature Standard (DSS), a cryptographic means of authenticating electronic communications that the National Institute of Standards and Technology (NIST) was expected to develop. In a memorandum to the Attorney General, the FBI Director describes the DSS as "the first phase of our strategy to address the encryption issue." The DSS was proposed in August 1991 by NIST, which later acknowledged that the National Security Agency (NSA) developed the standard. The newly disclosed documents appear to confirm speculation that the FBI and the NSA worked to undermine the independence of NIST in developing standards for the nation's communications infrastructure. CPSR intends to pursue further FOIA litigation to establish the extent of the FBI involvement in the development of the DSS and also to obtain a "cost-benefit" study discussed in one of the FBI Director's memos and other "Root Canal" documents the Bureau continues to withhold. For additional information concerning CPSR's work on digital telephony, encryption and network privacy issues, contact Dave Banisar . For general information concerning Computer Professionals for Social Responsibility, contact our National Office in Palo Alto . -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 ------------------------------ From: ajh@panix.com (A. H.) Date: 16 Apr 1994 17:05:57 GMT Subject: Re: FCC Issues Decision on Caller ID Organization: Panix Public Access UNIX and Internet "Prof. L. P. Levine" writes: Taken from the CPSR Alert 3.06: After three years of deliberation, the FCC in April finally issued its rules on Caller Number Identification. The FCC mandated that telephone companies that use Signaling System 7 offer Caller ID for interstate calls and that interstate carriers carry the signals at no charge. The FCC ruled that telephone companies provide free per call blocking for interstate calls, preempting the decisions of over 30 states public utility commissions, many of which have opted for greater privacy protections. It adopted a controversial brief by the Department of Justice brief, which decided that Caller ID does not violate the Electronic Communications Privacy Act prohibition of "Trap and Trace Devices," which capture the numbers of incoming telephone calls. Previously, the Congressional Research Service and several states found that Caller ID was a trap and trace device. Does this mean that requiring the name and address of the addressee and recepient of a communciation to be specified in cleartext in that commnunque is nolonger a violation of privacy? -- ajh@panix.com ------------------------------ From: Orion Bain Date: 17 Apr 94 13:53:11 -0500 Subject: Re: Clipper Teaches Public to Encode? Organization: Delphi (info@delphi.com email, 800-695-4005 voice) Buford Terrell writes: Demand should create a market that will elicit new and better encription to meet that demand. Have the Fibbies shot themselves in the foot again? Have the Fibbies shot themselves in the foot? Oh, yeah, without a doubt. Maybe not for *that* particular reason, but nevertheless... -- "I have seen the truth and it is a lie." - Orion Bain, Pariah Paragon ------------------------------ From: jepstein@cordant.com (Jeremy Epstein -C2 PROJECT) Date: 18 Apr 1994 08:33:32 -0400 (EDT) Subject: Re: Let your fingers do the walking on the Internet Mark Anderson (mea@intgp1.att.com) wrote: It would also be kind of interesting to see someone scan all of this information and post it electronically in the public domain. I wonder what kind of copywrite protection he has on the information he took? Also, there probably wouldn't be a way for him to sue since by making some additions to the list, the two lists would not be the same and whose to say someone else couldn't do the same thing. I think this list would be very hard to copyright leaving the door open for anyone to publish a competing book. This is really off the topic for this mailing list, but... It's entirely possible to copyright collections of information which is otherwise public (I don't recall the exact term). And making modifications to the list does not invalidate the copyright. While it's true that someone else could have made up the same list, I wouldn't want to be trying to defend someone who has a list that looks too similar. BTW, I'm told that in some cases like this there is a deliberate set of false data seeded in, so that if someone makes a copy it will contain the false data, and can be shown not to be an independent work. --Jeremy Epstein Cordant, Inc. ------------------------------ From: kbass@clark.net (Ken Bass) Date: 19 Apr 1994 20:28:45 GMT Subject: Re: Credit check only with Permission Granted Organization: Clark Internet Services, Inc., Ellicott City, MD USA John R Levine (johnl@iecc.com) wrote: I called TRW in Orange County, California today. I asked how safe my credit information and social security number is. They told me that noone can look at your credit report unless you grant them permission. If you feel like it, call TRW back and ask what they do to verify that the people to whom they provide a report do in fact have permission to request it. Then how do the "PROMO" items get distributed. On my credit report, there are entries from places who sent me something "pre-approved". They ran a report and it was listed as "PROMO" or some such thing. Obviously they didn't have my permission. ------------------------------ End of Computer Privacy Digest V4 #054 ****************************** .