Computer Privacy Digest Sun, 02 Oct 94 Volume 5 : Issue: 042 Today's Topics: Moderator: Leonard P. Levine Reason 8: Writs of Assistance EPIC Seeks FBI Docs The Crypto Dilemma Re: Find E-Mail Address? Encryption Program How to verify your phone number Conference on Telecommunications R&D - Privacy Issues Re: Post Office Boxes Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: Marc Rotenberg Date: 29 Sep 1994 16:04:52 EST Subject: Reason 8: Writs of Assistance Organization: Electronic Privacy Information Center 100 Reasons to Oppose the FBI Wiretap Bill Reason 8: The American jurist Louis Brandeis described wiretapping as worse than the practices of the British government that gave rise to the Fourth Amendment restrictions on search and seizure. In the first wiretap case to go before the U.S. Supreme Court (Olmstead v. United States, 1928), Justice Brandeis wrote, "writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire-tapping." These writs and general warrants gave British troops virtually unlimited authority to search homes and seize personal property. The Fourth Amendment sought to limit such powers. But Brandeis believed that wiretapping would expand the ability of government to search and seize, even exceeding the powers of the original general warrants and writs of assistance used by British troops. ------------------------------------------------------------------------ What To Do: Contact your Senator. Urge a no vote on S. 2375, the FBI Wiretap proposal. Fax Rep. Jack Brooks 202/225-1584. Express your concerns. Staff in both the House and Senate report that these messages are making a difference. ------------------------------------------------------------------------ 100 Reasons is a project of the Electronic Privacy Information Center (EPIC) in Washington, DC. For more information: 100.Reasons@epic.org. ------------------------------ From: Marc Rotenberg Date: 30 Sep 1994 13:58:22 EST Subject: EPIC Seeks FBI Docs Organization: Electronic Privacy Information Center PRESS RELEASE Embargoed until 10 a.m., September 30, 1994 Contact: Marc Rotenberg, EPIC Director David Sobel, EPIC Legal Counsel 202 544 9240 (tel) EPIC Opposes FBI Delay Seeks Documents About Wiretap Plan WASHINGTON, D.C.- The Electronic Privacy Information Center today opposed a government motion to delay release of two documents in a lawsuit concerning the FBI's "digital telephony" proposal. The case is pending in federal court as the Congress considers legislation that will authorize the expenditure of $500 million to make the nation's communications system easier to wiretap. EPIC, a public interest research group based in Washington, DC, filed the Freedom of Information Act requests earlier this year. The group is seeking the public release of two surveys cited by FBI Director Lou Freeh in support of the FBI's plan. EPIC filed the FOIA lawsuit on August 9th, the day the wiretap legislation was introduced in Congress. The FBI then moved to stay proceedings in the case until June 1999, more than five years after the filing of the initial request. The FBI asserted it was confronted with "a backlog of pending FOIA requests awaiting processing." The FBI revelead that there are "an estimated 20 pages to be reviewed" but said that the materials will not be reviewed until "sometime in March 1999." In the papers filed today, EPIC charged that the materials are far too important to be kept secret. "The requested surveys were part of the FBI's long-standing campaign to gain passage of unprecedented legislation requiring the nation's telecommunications carriers to redesign their telephone networks to more easily facilitate court-ordered wiretapping," said the EPIC brief. EPIC contends that the federal court should give special consideration to the fact that the records have already been reviewed for public release and also that the records concern a matter of great public interest. "It is disingenuous for the Bureau to suggest that the twenty pages of material at issue in this case are at the end of a long queue awaiting review for possible disclosure. The FBI has already considered Rep. Don Edwards' request to make the information public and has made a determination to release only a one-page summary," said EPIC. EPIC argues that under new procedures developed by the Department of Justice for FOIA cases, the processing should be expedited. "There can be no doubt that the subject matter of plaintiff's requests -- legislation to re-design the nation's telephone network to facilitate wiretapping -- is of considerable interest to the news media." The brief concludes, "The records sought by plaintiff are of substantial current interest to news media and the general public. Moreover, the FBI has already reviewed the material to determine whether it should be publicly disclosed. Under these circumstances, the Bureau's request for a five-year stay of these proceedings is wholly lacking in merit." Earlier documents obtained through the FOIA in similar litigation with the FBI revealed no technical obstacles to the exercise of court-authorized wire surveillance. The Electronic Privacy Information Center is a project of Computer Professionals for Social Responsibility, a membership organization based in Palo Alto, California, and the Fund for Constitutional Government, a Washington-based foundation dedicated to the protection of Constitutional freedoms. 202 544 9240 (tel), 202 547 5482 (fax), info@epic.org. ------------------------------ From: weyker@wam.umd.edu (Shayne Weyker) Date: 30 Sep 1994 21:03:34 GMT Subject: The Crypto Dilemma Organization: University of Maryland, College Park Hi. The following is a little bit dated now (it responds to Bruce Sterling's article on crypto some month's back in Wired magazine's "Spy vs. Nerd" issue), since it has been languishing in my account for several months while I waited to see if Wired would run part of it as a letter. They didn't. It's probably worth noting that I wrote David Chaum, the leading advocate of Digital Cash, and asked for some ideas on how "validating authorities" and other stuctures he mentions in his Scientific American article might be able to deal with some of the concerns I express below. I did this hoping I could revise the article and make it more constructive and less alarmist about crypto's possible realtionship to future white-collar crime. Unfortunately Mr. Chaum never wrote back. Much of this piece is raw speculation and I welcome corrections from people who are better informed about the intricacies of crypto, net.privacy, and computer/financial crime. This article has been submitted simultaneously to Computer Underground Digest. Shayne Weyker weyker@wam.umd.edu the text of the piece follows: ---------------------------------------------------------------------------- Clipper: How much privacy can we afford? How much security do we need? by Shayne Weyker weyker@wam.umd.edu Three cheers for Bruce Sterling. Finally someone on the privacy side of the Clipper debate has the courage to admit that Clipper might indeed provide some needed protection against crooks and terrorists. I want to try and do a bit more of what Bruce has done: to try and pin down what the real dangers are both of strong crypto and of bans on strong crypto. To date, the anti-clipper faction has tried to deny the force of the "law enforcement needs wiretaps" argument. They have claimed that wiretaps aren't truly necessary and that law enforcement officers will just have to work a bit harder. This often-repeated argument has a flaw in it that I've heard no one else mention. It doesn't acknowledge the fact that more and more crimes that used to be susceptible to discovery through means other than wiretapping (witnesses, visual or audio surveillance, physical searches) may soon be concealed to all forms of discovery *except* wiretapping and its variants. More and more of our life will take place over the wires, so it is no surprise that more and more crime will take place there as well. FROM PAPER TO DIGITAL VAPOR Criminals who wanted to share things like military secrets, monthly sales reports for drugs or stolen merchandise, and lists of stolen credit card numbers used to have to keep a lot of this stuff on paper. But more and more folks own computers and modems, and software will eventually make using and sharing the computer files even easier than paper. How long will it be before cops long for the days when they could arrest someone and search their premises for incriminating documents and actually expect to find anything that isn't encrypted with RSA or PGP? Cops will be less able to find incriminating paper evidence if crooks are smart enough to keep things on computers and encrypted. And while I think privacy advocates too often tend to make the criminal in their own image, the privacy advocates' argument is that crooks are indeed smart and careful with incriminating data. "IF YOU WANNA ROB A BANK YOU MUST BEWARE, YOU'VE GOTTA USE THE COMPUTER UPSTAIRS" Criminals who want lots of quick cash now often go stick-up a bank. And even if hacking into and diverting money from banks' Electronic Funds Transfer (EFT) systems or a company's billing system is more their style, they still have to work at it. The hackers who claimed to have diverted funds from an EFT system gave an involved story about how they went to multiple banks, used phony identities, and altered their appearance and handwriting each time when they opened an account and again when they went back to withdraw their loot over several visits. Somewhere in all those visits they may have slipped up and given a clue as to who really picked up the money. But if those hackers could bypass all this by just transforming other people's bank deposits into their own digital cash with a few keystrokes, all these opportunities to screw up and leave clues behind go away. BACK TO THE FUTURE: TWENTY-FIRST CENTURY GRIFTERS [Con artists' schemes in the 1800s] often presupposed the anonymities of a mobile society. Con men slipped from place to place; geographically speaking; they also milked the fact of social ambiguity. . . . boundaries between classes (of every sort) were more porous than before. It was possible to pass oneself off as a lord, a professor, or a rich investor, which simply could not have been done in a tight, controlled, barnacled society where the markers of class are more obvious, if not indelible. . . . Technology permitted the more obvious forms of emulation [of the upper class]: cheap copies of hats or dresses; mass-produced artifacts and furniture. Lawrence Friedman noted that in 1800s America fraud skyrocketed. Two of the reasons he gives for this have fascinating parallels with the social environment of the net. The first was the anonymity of people in communities with a high turnover in their membership. There was no opportunity to develop a moral track-record on the community's members which people could use when deciding who to trust. The second was the new high-tech mass-produced objects, furniture, and fashionable clothes could be used to let the con artist appear in all ways to be a member of the respected upper class. Does any of this sound familiar? Modern people have adapted to the above circumstances, but the net society with crypto looks like it's going to give us heightened anonymity and entirely new means to simulate respectability which will lead to another whole generation getting being ripped off. Privacy advocates have been saying, with some good reason, how nice the anonymity of the net is. And indeed it is good in some ways that we judge professors, high schoolers, and street people only by their words. It is also empowering for some to be able to use the net to create virtual personas for themselves in communication with other people that will appear to be real. But there's a dark side to this. Yes, anonymity does mean one can escape retribution for whistleblowing and avoid unfair prejudices of others based on one's appearance and surroundings. But anonymity also means one can escape retribution for actions that fully deserve punishment like spamming the net, e-mail bombing, or forging nasty posts in widely-read newsgroups. This can be done by hiding behind chains of anonymous remailers or getting a new account with a new name when too many folks have started to warn others about you. Also, one can create a virtual persona for oneself in e-mail and postings, such as that of a cancer victim, designed to elicit trust and confidence from those of a similar background who may be emotionally vulnerable. This trust is undeserved and subject to abuse, while the eventual discovery of the lie damages the tricked person's (and others') ability to trust people they meet on the net. If this kind of abuse becomes common, the cloud of suspicion hanging over people's communications on the net will hinder the very trust needed to form those kinds of associations of private individuals that Bruce Sterling and others are so fond of. Finally, returning to con artists, there may be increased gullibility on the users' part once teleconferencing becomes common and buying stuff on the net is an everyday practice. Con artists could then use set design and image processing for the video end of the scam and fancy programming to appear established and credible to folks checking out their site on the net. So, the con artist never has to meet the victim in person and anonymity based on encryption makes it nigh-impossible to connect the grifter with the victim's money. REACH OUT AND TOUCH SOMEONE For an extreme, if unlikely, case, consider the murderer who remotely reprograms some victim's household robot to electrocute him. No hope of witnesses or physical evidence there. Finding out who made the suspect call to the house to plant the code is the only hope. Sometimes the cops will be lucky and have a suspect who happens to be a programmer, but convicting this person without his being caught with the killer program code or being identified as party to the suspect communication to the victim's house will be tough. THE RUN-DOWN People interacting with others using cryptography-aided telecommunications are currently expected to be able to: - be totally anonymous in cyberspace - create multiple pseudonymous virtual identities for themselves-- each with separate and un-crosscheckable personal associations and finances - secretly conduct financial dealings - secretly exchange valuable commercial or government secrets - secretly exchange socially-disapproved-of (or illegal) information Libertarians and anarchists may think all these things sound great. They may be excited by opportunities for whistleblowing, anonymous political expression, secret political organization for oppressive environments, riskless sharing of erotica and other sometimes-legal data, and so on. But responsible adults should spend equal amounts of time thinking about opportunities for easier planning of terrorism, easier evasion of punishment for abusing innocent people on the net, and very real benefits for con artists, money launderers, embezzlers, tax cheats, and other white-collar crooks. THE OTHER SIDE OF THE COIN: Remember though, it was said earlier that more and more of human life is going to take place over the wires. Clipper advocates may well say that they're only trying to maintain the same ability to wiretap that the government has had for decades. But if more and more of our lives are there to see in our telephone and data communications, and those communications remain less protected than other forms of communication such as face to face, then our overall privacy is going to be eroded. Bulletin Board Systems aren't as private as the local coffeehouse or bar. 900-number sex lines aren't as private as a visit to a lover. Videoconferences aren't as private as face to face meetings. E-mail and ftp aren't as private as postal mail. The list goes on. This erosion of privacy is rightly thought to be a bad thing in and of itself, and unrestricted crypto looks like the only way to stop it. THE SEEMING ALL-OR-NOTHING DILEMMA OF CRYPTO We seem to have two choices. We can let crypto run free. This probably means more terrorism, some of it with really impressive body-counts. It means lots more white collar crime, and somewhat more distrust on the net. The terrorism and crime may mean that the public hastily agrees to give up other freedoms if they think the government has suddenly become ineffective in protecting them. Or the developed nations can get together and ban crypto and watch most people's privacy quickly disappear. The technology-elite corporations and individuals will still develop their own, and some criminals will pay hackers for secure internal communications. Meanwhile, in the developing world, oppressive governments gain a powerful new weapon. Heavy regulation of crypto will have much the same effect. It's an ugly choice. And I've heard too many people dismiss the folks on the other side as either voyeuristic fascists or paranoid anarchists with a "don't worry, be happy" attitude towards public safety. Both sides are doing public who depend upon the quality of the debate a disservice. The debate should have less fear-mongering about what is goin to happen if "the other side" wins, and more brainstorming about exactly what new technology, new laws, and new behaviors we can develop which will protect us against the very real dangers of a world with too much or too little crypto in the public's hands. ------- Shayne Weyker weyker@wam.umd.edu ------------------------------ From: ltd@netcom.com (Larry Drebes) Date: 01 Oct 1994 02:12:24 GMT Subject: Re: Find E-Mail Address? jaburns@zooul.jcpenney.com wrote: writes: Does anyone know how to locate someones E-Mail address. He is an old high school buddy and has a unique last name. Thanks.. Try the Internet White Pages, available in the technical section of most bookstores!! How about Four11. Email: info@four11.com Web: http://www.four11.com ------------------------------ From: stark@rtsg.mot.com (George Stark) Date: 01 Oct 1994 04:15:02 GMT Subject: Encryption Program Organization: Motorola Cellular Infrastructure Group Can someone please tell me where I can find either an 88K Unix program or C code for an good encryption program for data files that is not too large. thanks in advance for any information. -- George Stark | WAR IS PEACE; FREEDOM IS SLAVERY stark@rtsg.mot.com | IGNORANCE IS STRENGTH. Motorola-Aftermarket Support Center | - George Orwell ------------------------------ From: pp000837@interramp.com Date: 01 Oct 94 14:11:49 PDT Subject: How to verify your phone number Organization: PSI Public Usenet Link If you dial 1-800-MY-ANI-IS (1-800-692-6647), you should be able to ascertain/verify the number you are calling from. This technique is particularly useful when calling from a pay phone (that accepts incoming calls but is missing a listed number) or when calling from an unlisted phone that you want to crack. [MODERATOR: This does not work from my phone in 414 land.] copyright Privacy Newsletter 1994 --------------------------------- John Featherman Privacy Newsletter PO Box 8206 Philadelphia PA 19101-8206 ------------------------------ From: chakravaa@willow.uml.edu (Ananda Chakravarty) Date: 01 Oct 94 16:52:23 -0500 Subject: Conference on Telecommunications R&D - Privacy Issues Organization: Univ Mass-Lwl Announcement: Technical Conference on Telecommunications R&D in Massachusetts Conference Date: Tuesday, October 25, 1994 Conference Time: 8:30AM to 5:30PM Conference Location: University of Massachusetts, Lowell One University Ave. Lowell, MA 01854 The First Annual Technical Conference on Telecommunications R&D in Massachusetts will be held to provide a forum for universities, industry, and government to disseminate information on the technical advances and policies for the significant achievements in telecommunications. The Challenge: Massachusetts, already recognized as a leading center in the international telecommunications playing field, will be bringing in major players to design, build, and navigate the architecture of the future Information Superhighway. The basic format will consist of three components: addresses, technical presentations, and panel discussions, all focusing on key areas in telecommunications research and policy. Addresses will include: Opening speaker: The Honorable William F. Weld, Governor of the Commonwealth of Massachusetts. "The Future of Telecommunications and the Massachusetts Economy" Keynote speaker: Dr. Robert E. Kahn, President, Corporation for National Research Initiatives "Enabling the National Information Infrastructure" Featured Luncheon speaker: The Honorable Senator Edward M. Kennedy, United States Senator, Massachusetts. "Creating the Communications Future in Massachusetts" A series of technical sessions will present research scientists and industry experts encompassing the broad range of topics to be addressed. Leading universities, industrial laboratories, and government institutions will present work vital to the foundations of the emerging infrastructure. Proceedings, including submitted papers and abstracts, will be distributed to the registrants. Technical sessions: 1. Applications Layer Support: Topics: PAX agent system; ATM support for telemedicine; ATM/SONET access technology; business intelligence software; collaborative design; home health care; medical information databases; service model quality; multimedia and telecomputing in the factory; discrete event simulation; transactional data inference; models for high variability in data traffic. 2. Audio and Speech Processing: Topics: Speech recognition; production and coding; analysis of teleconferencing environments; acoustic devices for teleconferencing; audio and video teleconferencing; teleconferencing applications. 3. Wireless Information Networks: Topics: Discrete multitone modulation; over the horizon communication; mobile and personal communications; advanced vessel tracking systems; stochastic models for space and time dynamics; composite spread-spectrum modulation; wide area communication architectures; spread-spectrum and waveform coding; VHF, UHF, and troposcatter transmission; Mobile IP systems; Enabling technologies. 4. Visual Multimedia: Topics: Bi-directional video distribution systems; user interfaces; structured multimedia information; document architectures; interactive multimedia; intelligent video processing; multimedia-video servers; multimedia delivery. 5. Network Protocols, Signaling, Control, Management, and Performance: Topics: Traffic control in ATM networks; reliable multicast; credit-based flow control; ST2 network management; ATM PNNI routing. 6. Broadband Networks and Switching Technologies: Topics: Optical switching; broadband trials to the home; desk area networking; ATM switch architectures; Switch design; buffer design and management; Flow control. 7. Security/Privacy: Topics: Security and Privacy issues in electronic communications; internet security standards; commercial uses of security; legal standards for public-key certification; ethical issues. Speakers will include scientists and experts from the following organizations: VMX Technologies GTE Laboratories Raytheon Legacy Technologies UMASS/Amherst Merrimack College UMASS/Worcester Open Software Foundation Hewlett-Packard Harvard Medical School Worcester Polytechnic Institute UMASS/Dartmouth Rivier College AT&T Bell Laboratories Haskins Laboratories Acentech Picture Tel Multilink Dragon Systems Mitsubishi Electric UMASS Medical Center Digital Equipment Corp. Aware, Inc. Signatron Tech. Corp. Harvard University Volpe National Transportation Systems Ctr. Telco Systems Massachusetts Institute of Technology Avid Technology Boston University T.E. Consulting, Inc. InteCom Wellfleet Communications TASC MITRE Meetinghouse Data Communications BBN NYNEX Science & Technology Independent Monitoring UMASS/Lowell The General Chairs: Sidney Topol, Chairman, Massachusetts Telecommunications Council Michael K. Hooker, President, University of Massachusetts CONFERENCE STEERING COMMITTEE: Co-Chairs: W. Richards Adrion, UMASS/Amherst Howard Salwen, Telco Systems Committee: Michael R. Brown, MITRE Corp. Thomas M. Costello, UMASS/Lowell C. Eric Ellington, GTE Govt. Systems Michael G. Hluchyj, Summa Four H. T. Kung, Harvard University James F. Kurose, UMASS/Amherst Tom D. C. Little, Boston University Paul J. Tanzi, Raytheon David Tennenhouse, Massachusetts Institute of Technology Program Coordinator: Charles Thompson, UMASS/Lowell -------------------------------------------- Registration Form: Technical Conference on Telecommunications R&D in Massachusetts Corporate $195 Academic $150 Mass. Telecommunications Council Member $100 Student $25 No refunds after October 19, 1994. Please complete and Mail/Fax to Dr. Charles Thompson, Program Coordinator Center for Advanced Computation and Telecommunications University of Massachusetts, Lowell One University Ave. Lowell, MA 01854 FAX: (508) 458 - 8289 OR Massachusetts Telecommunications Council One Financial Center, 17th Floor Boston, MA 02111 FAX: (617) 439-3190 I am enclosing a check for $__________ for _____ registrants from my organization to attend the conference. I am most interested in technical session (circle one) 1 2 3 4 5 6 7 Name:_________________________________Title:__________________________ Organization Name:__________________________________ Address:____________________________________________ ____________________________________________________ Telephone:____________________Fax:__________________ Additional Registrants: Name:________________________________Title:__________________________ Interested session: 1 2 3 4 5 6 7 Name:________________________________Title:__________________________ Interested session: 1 2 3 4 5 6 7 Name:________________________________Title:__________________________ Interested session: 1 2 3 4 5 6 7 -- chakravaa@woods.uml.edu Center for Advanced Computation & Telecommunication University of Massachusetts - Lowell ------------------------------ From: poivre@netcom.com (Serrano) Date: 02 Oct 1994 02:53:44 GMT Subject: Re: Post Office Boxes Organization: NETCOM On-line Communication Services (408 261-4700 guest) John Medeiros (71604.710@compuserve.com) wrote: Mark Mullins asked: Is there a way for one to find out WHO paid the $2 fee to find out your home address?? Is the information recorded permanently?? How long does it take to find this information out?? Current Post Office regulations state that individual home and P.O. Box address information is NOT to be disclosed. Business address and P.O. Box information may be disclosed to anyone who requests it for a $3.00 fee. I wonder what i am doing wrong?? I went to the post office a few days ago to see what i would have to do to get information on a business P.O. Box and the post man said that they are not allowed to give info on business boxes. I asked if this was a new rule and the post man said that it was...sort of...that they are in the middle of writing up a new rule so in the mean time, no information of any nature on business boxes are to be disclosed. Is this true or am i going about it the wrong way?? Thanks. -- poivre@netcom.com : #include ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #042 ******************************