Date: Tue, 26 Jul 94 06:45:54 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#012 Computer Privacy Digest Tue, 26 Jul 94 Volume 5 : Issue: 012 Today's Topics: Moderator: Leonard P. Levine Georgia Tech's use of SSN even on Mailing Lists Many Phone Taps are now Legal New Weapon in Divorce Freedom of Information in Iowa Leahy on Gore Clipper Letter 7/21/94 Re: Government E-Mail Directive Re: Government E-Mail Directive Re: Companies Recording Phone Calls Re: Monitoring of International Calls and Clipper The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: vapspcx@cad.gatech.edu (S. Keith Graham) Date: 24 Jul 1994 22:20:04 -0400 Subject: Georgia Tech's use of SSN even on Mailing Lists Organization: Free Agent This is more of the same that we're all used to, but: Georgia Tech uses SSN for its "Student ID number", much like a number of other institutions. My Fiancee, a recent Georgia Tech Graduate, received something from the school with a pre-printed mailing label. On the label, in the midst of a few other numbers, was her Student ID aka SSN. I'll see about calling the department in question and asking them if they realize they are doing this. -- Keith Graham vapspcx@cad.gatech.edu ------------------------------ From: rja14@cl.cam.ac.uk (Ross Anderson) Date: 25 Jul 1994 14:33:44 GMT Subject: Many Phone Taps are now Legal Organization: U of Cambridge Computer Lab, UK In the Law Report in `The Times' of Friday 22nd July (p 34) there is a report of a case, Regina v Effik and Regina v Mitchell (``Cordless phone tap admissible'', p 34) in which Lord Templeman, Lord Roskill, Lord Ackner, Lord Oliver and Lord Mustill found that the proceeds of an unauthorised phone tap are admissible in the UK provided that the tap was not applied to a link which was `comprised in' the public telecommunications system. Effik and Mitchell had been convicted on April 19, 1990 at Kingston upon Thames Crown Court of conspiracy to supply controlled drugs. The police had occupied the flat adjacent to that of a dealer in their supply chain, and had recorded the conversations which she made over a cordless telephone; this was of a type approved for connection to the public network. The trial judge had found that although this telephone was approved for connection to the public network, it was a privately run system rather than being part of the public network. Thus the intercepts were admissible, despite the fact that no warrant had been obtained. The appelants had argued that the Interception of Communications Act 1985 made it a specific offence for any peron intentionally to intercept a communication ``in the course of its transmission ... by means of a public telecommunication system''. Their counsel argued that it was impossible practically to separate the two parts of the transmission process, and that the cordless phone's signals had of necessity to be transmitted through the public network as well. The appeal was dismissed, and reference was made to a recent unreported decision of the Court of Appeal (R v Ahmed and others, 29/3/94) in which the judge held that interception takes place at the point where the signal is intercepted in fact, and that communication refers not to the whole of a transmission or message, but to the signal which is affected by the interception that is made. Lord Oliver, writing the noble lords' judgment, found he `could not improve on that'. The effect of this appears to be that the authorities only need a warrant to put a tap on the strictly public part of any network. Tempest raids are fine; promiscuous ethernet nodes on every campus are fine; and in places like Cambridge, where we run our own private phone and data network to save money, the whole university system is wide open to abuse. It would also appear to imply that if I tap the police network, that's also fine, provided I don't do it on a circuit switched BT line. And, of course, we await with interest the development of the law on packet switched and ATM links, virtual private networks, and all the rest of it, -- Ross Anderson ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: 25 Jul 94 13:43 EST Subject: New Weapon in Divorce From the July 1994 issue of PRIVACY JOURNAL: A NEW ELECTRONIC WEAPON IN DIVORCE Lawyers are exchanging tips these days about using one spouse's personal computer as a gold mine of incriminating information for the use of the other spouse in a divorce action. Jerry L. McIntyre advised his fellow Rhode Island divorce lawyers at a training session this summer to have a client get access to the spouse's personal computer, mainly to uncover evidence of "double-book" accounting or hidden personal assets. "People are utilizing home office computers more and more these days for maintenance of personal financial records," McIntyre said. "To the extent that it is possible to do so, the computer should be accessed for the purpose of obtaining a copy of information stored therein. The computer may not only be a source of financial information, but it also may contain hard-drive information relative to the calendered activities of the other spouse." One client told him that she knew nothing about computers and so had a knowledgeable friend access the personal computer of the estranged husband. A Pennsylvania lawyer reported the identical situation to PRIVACY JOURNAL; in that case the husband had a password that he thought was secret. A prominent New York attorney said that one of his clients discovered her husband's correspondence with "the other woman" by looking into his personal computer. Some states, like Arkansas, Idaho, Illinois, Indiana, Kentucky, Nevada, and South Dakota, have written their computer-crime laws so that such access may well be a crime, even if there is no alteration of data or damage. On the other hand, Maryland's law specifically excludes access to home computers as a crime. Here are the headlines from the July 1994 PRIVACY JOURNAL: Divorce Lawyers find a Spouse's PC a Gold Mine A Tentative Proposal for a National ID Card An Illustration on how Matt Blaze Discovered a Hole in Clipper A New Data Base for Brady Gun-Control Law Two Privacy Clearinghouses Seek Funding How Vegas and Jersey Keep a Computerized Eye on High Rollers A Victim of E-Mail Profanities Loses Lawsuit California Begins New 'Opt-Out' for Credit-Card Customers Robert Ellis Smith/Publisher 401/274-7861, or 0005101719@mcimail.com ------------------------------ From: "Prof. L. P. Levine" Date: 25 Jul 1994 19:47:46 -0500 (CDT) Subject: Freedom of Information in Iowa Organization: University of Wisconsin-Milwaukee The Des Moines Register and the Iowa FOI Council are appealing to the Iowa Supreme Court a lower-court decision that said the state Senate did not have to release records of telephone calls made by legislators because the power of the senate to set its own housekeeping rules overrode the state public records law. In the wake of the lawsuit, however, legislators have cut back on their usage of phones at public expense by about 50 percent. So far the Senate has spent about $44,000 in public funds in defending itself in the lawsuit because it has retained outside counsel. ------------------------------ From: Dave Banisar Date: 22 Jul 1994 16:35:07 +0000 Subject: Leahy on Gore Clipper Letter 7/21/94 U.S. SENATOR PATRICK LEAHY Vermont ________________________________________________________________ STATEMENT OF PATRICK LEAHY ON VICE PRESIDENT GORE'S CLIPPER CHIP LETTER July 21, 1994 I have read the July 20th letter from the Vice President about the Administration's current thinking on Clipper Chip and, to my mind, it represents no change in policy. In fact, when this letter was sent, I would be surprised if the Administration even thought it was news. The letter makes clear to me that the Administration continues to embrace key escrow encryption technology, and stands behind Clipper Chip as a federal standard for telephone communications. The official standard makes clear that this standard applies to any communications over telephone lines. Those communications include not only voice, but also low-speed computer data and facsimile messages. The Administration is working on encryption technologies for higher-speed transmissions, such as for computer networks and video networks. The Vice President says that they want to work with industry to design a key escrow system that could be implemented not just in hardware, but also in software, that would be voluntary, exportable and not rely upon a classified encoding formula. The Administration said all this last February when the federal standard was approved. Yet, when Administration witnesses were questioned about the progress they had made in this effort at my Judiciary subcommittee hearing in early May, I learned they had held only a few meetings. Last week, the Appropriations Committee accepted strong Report language I suggested on Clipper Chip. The Attorney General is directed to report to Congress within four months on ten areas of concern about Clipper Chip. I agree with the Vice President that balancing economic and privacy needs with law enforcement and national security is not always an easy task. But we can do better than Clipper Chip. ------------------------------ From: skoper@netcom.com (Stan Koper) Date: 22 Jul 1994 17:10:11 GMT Subject: Re: Government E-Mail Directive Organization: NETCOM On-line Communication Services (408 261-4700 guest) binskeep@crl.com (Bob Inskeep) wrote: Two friends had been corresponding with me via a Military and Government net. Both recently stopped their e-mail with me and stated that they had received a rather lengthy instruction prohibiting personal e-mail on gov systems. I would like to obtain a copy of the instruction, if it exists. Any help would be appreciated. Thanks. Why not e-mail them and ask them to send you a copy? They may not be able to reply via e-mail, but as long as they're hooked into the internet, they should be able to receive your messages. Of course, you could always ask for a copy under the Freedom of Information Act (not that you'd get it, necessarily). I think there's a general prohibition on using government computers for private use, which is translated by each agency into an internal policy instruction. We used to have something like that where I work, but I probably filed it someplace deep and dark, since we don't have an "outside" connection. Anyone I would correspond with on my agency's system would be a fellow employee. It's actually pretty much a common-sense thing, like not being able to use a government computer to keep and/or print out your Christmas card list, that sort of thing, and "private" e-mail would just be an extension of that. -- Stan Koper skoper@netcom.com "The Bill of Rights--Ten 'Impediments to Law Enforcement'?" ------------------------------ From: newcombe@aa.csc.peachnet.edu (Dan Newcombe) Date: 22 Jul 1994 14:58:58 UNDEFINED Subject: Re: Government E-Mail Directive Organization: Clayton State College huggins@quip.eecs.umich.edu (Jim Huggins) writes: shown each time I used it, but I disregarded them.) The theory being, of course, that IBM wasn't paying for Internet access so that I could talk for free with my girlfriend (now my wife). I thought that for Internet access, places paid one flat annual fee. So what difference does it make. It would seem you'd be getting your moneys worth if people used it more and more. -- Dan Newcombe newcombe@aa.csc.peachnet.edu Clayton State College Morrow, Georgia -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "And the man in the mirror has sad eyes." -Marillion ------------------------------ From: tnyurkiw@laplace.uwaterloo.ca (Tom Yurkiw) Date: 22 Jul 1994 19:37:16 GMT Subject: Re: Companies Recording Phone Calls Organization: University of Waterloo tenney@netcom.com (Glenn S. Tenney) writes: I spoke with a supervisor who explained that they record all incoming road service calls now in California, that they use them for training purposes, and they use them in case there's any dispute. The supervisor said that I'm the first person she knew of who complained. She did say that I could call the local AAA office and ask for her extension and then she'd take the road service call... Personally, I do NOT want to have any of my phone calls recorded (unless absolutely necessary). I have no assurances that AAA *only* uses the recordings for those purposes. Does anyone share my concern that this ever increasing recording of calls is a potentially significant violation of our privacy...? I think that recording business phone calls can be a GOOD idea in many cases. Most security companies record all incoming phone calls, because they may be required to defend against claims of slow response/no response etc. A recording can only be helpful in situations where verbal authorizations or contracts are made over the phone. Demanding they NOT be recorded, is like demanding a contract be written in invisible ink. ("YOU SAID THAT SUCH-AND-SUCH--.. NO. I said this-and-that!...) The EMPLOYEES, however, might be concerned about constant monitoring of their actions. The rise of computers in the workplace has enabled bosses to see exactly what their employees are typing, their average keystroke rate, the response time for telephone calls. One company even requires its employees to wear little transponder-badges which give the exact location within the building. Most people would rebel if a camera was pointed directly at their desk to monitor them all the time; we should not ignore these sneaky and equally-intrusive methods of monitoring. The ONLY way to stop this is through regulation, and if this is not done, I foresee job-stress levels and turnover rates skyrocketing. ------------------------------ From: fritz@rodin.wustl.edu (Fritz Lehmann) Date: 25 Jul 1994 09:31:29 GMT Subject: Re: Monitoring of International Calls and Clipper Organization: Center for Optimization and Semantic Control, Washington University wrote: A. to my understanding the NSA monitors all international commmunications without the need to get any judges approval. B. with the clipper chip, wouldn't the NSA need to have all the escrowed keys at their disposal, in order for them to continue this monitoring? Not if, as I presume, the NSA Clipper algorithm has a "second key" mechanism (or planned weakness) known only to the NSA. I can conceive of no reason why the NSA would promulgate any encryption scheme which they are unable to break with little effort. My presumption is that the clipper algorithm as it now exists, undisclosed, already contains such a "trap door" mechanism which does not require any authorized used of archived keys. ------------------------------ End of Computer Privacy Digest V5 #012 ****************************** .