Date: Wed, 26 Oct 94 11:39:48 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#053 Computer Privacy Digest Wed, 26 Oct 94 Volume 5 : Issue: 053 Today's Topics: Moderator: Leonard P. Levine Re: How to Verify Your Phone Number Re: How to Verify Your Phone Number Re: The Mother of All Utility Bills Oceania Bill of Rights Re: Eastwood Door Problem Planting "Mistakes" to Guard Copyright. We can Communicate with Each Other Re: Cellular Phone Fraud Revisited Tempest Restrictions in USA A Tempest Paper Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: "J. A. Viehweg" Date: 24 Oct 1994 21:21:50 -0500 (CDT) Subject: Re: How to Verify Your Phone Number > 1 800 MY-ANI-IS yields the correct number from here in 301-land. This number works for 708 (Naperville, IL) *67 worked as well. Dialing "958" did not work. While testing it, I misdialed and got a message something like: "You have dialed a personal 800 number, not a business. Please enter the pin." This is the first time I have heard such a message. What I am wondering is if you can get a "private" 800 number for a business as well? /----------------------------------------------------------------------\ | I read recently that human beings use only 15% | Jaime A. Viehweg | | of their brains capacity. Makes you wonder | | | what they do with the other 75%. | jviehweg@ahhgo.com | |----------------------------------------------------------------------| | Disclaimer: It's my system, so what I say goes! | \----------------------------------------------------------------------/ ------------------------------ From: David Beiter <0006351762@mcimail.com> Date: 24 Oct 94 22:06 EST Subject: Re: How to Verify Your Phone Number When I tried MY-ANI-IS, it returned 606-387-0000. However I called from 606-376-3137. 606-376 is Stearns, Kentucky, serviced by Highland Telephone Cooperative, Inc., of Sunbright, Tennessee. Not a big outfit, since the two Tennessee and one Kentucky counties which constitute its entire service territory have a aggregate population of about 50,000. 606-387 is Albany, Kentucky, a couple counties away and serviced by GTE South. Any ideas of what is happening??? It works as advertised from 606-348 in Monticello, Kentucky, in the intervening county. GTE South territory. Back at 606-376, the 958 option yielded "You have called a number which has been disconnected or is no longer in service". I'll try this again when I visit GTE South country. And that's the ANI story from here, on the edge of _,,-^`--. byter@mcimail.com The Boonies .__,-' \ David P Beiter halfway between _/ ,/ 1/2 Fast Road Slavans & (__,---------*-'' Ritner, KY 42639 Freedom via canoe. ^Ritner, KY 606/376-3137 ------------------------------ From: centauri@crl.com (Charles Rutledge) Date: 24 Oct 1994 19:40:01 -0700 Subject: Re: The Mother of All Utility Bills Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest] Date: 21 Oct 1994 13:08:57 -0500 (CDT) From: "F. Barry Mulligan" Subject: "The Mother of All Utility Bills." from The Atlanta Constitution, Tues 18 Oct 1994, p.1, by Christopher C. Warren Imagine a single monthly statement listing all utility charges, including phone, cable, gas, electricity, water, garbage collection and sewerage charges. It could be the mother of all utility bills and would allow consumers to write only a single check for all their services. One Check, as the proposal is being touted, would ease consumer's household management by reducing utility bills to one monthly payment, said Maureen Bailey, vice president of public affairs with American Express, the company proposing the service. As a resident of the test market, I was a little shocked that American Express was trying to gain yet another foothold on my life. A friend of mine who helped write parts of the Georgia Power billing software said that there are incentives for the utilities to move this way (mostly to pawn off the hassles on someone else). Of course the bit about the utilities sharing the cost is just window dressing, since they will enevitability pass their costs onto us. Risks? A little late with one payment and you're instantly in arrears with every company in town. Billing disputes "still would be handled through the individual utility companies", but what if the utility says it didn't get a payment you sent to the service company? If your combined statement is mailed on the 15th and a utility transmits a new charge to the service bureau on the 16th, what happens to the payment grace period? If you've ever had to rob Peter to pay Paul, how do you deal with Peter & Paul, Amalgamated? This actually isn't my biggest concern. The real question seems more along the lines of who is AMEX going sell this new source of demographic information to? How will all this information be protected, if at all, and do I get any choice in the matter? Perhaps the real question is 'Do I want to give a complete, itemized description of all monthly utility consumption to American Express?' (and pay for the privilege). The Gwinnett County Commission has said that participation is voluntary, though I gather paying the costs won't be. How long it remains voluntary is anyone's guess. If this works out for the utilities and county government, it's unlikely they'll want to maintain two billing methods and force the holdouts into the AMEX system. And, as is always the case with a government sponsered monopoly, if we don't like -- too bad. For now, my vote is not to participate and wait and see. -- Charles Rutledge | Liberty is a tenuous gift. Hard to win, easy centauri@crl.com | to give away, and no will protect it for you. ------------------------------ From: oceania@terminus.intermind.net (Eric Klien) Date: 24 Oct 1994 21:31:21 -0700 Subject: Oceania Bill of Rights Organization: Intermind Online Services "D.The Right to Encryption: An Oceanian has the Right to encrypt eir conversations and data. Such encryption cannot be used as evidence that the Oceanian is doing something wrong or illegal. This Right extends to all forms of information an Oceanian deems should be secure regardless of format, whether paper, electronic, holographic or other, and regardless of content. An Oceanian has the Right to use any encryption algorithms or computer software available. The Government may not restrict free trade in encryption software by calling it "munitions"." Did this info interest you? Then it is time that you learned about the new country Oceania, the sea-city in the Caribbean. To subscribe to our mailing list, send the message SUBSCRIBE OCEANIA-L to listproc@butler226a.dorm.tulane.edu. To get a list of our various files on line, send the command INDEX OCEANIA-L to listproc@butler226a.dorm.tulane.edu. ------------------------------ From: rj.mills@pti-us.com (Dick Mills) Date: 25 Oct 94 08:54:41 EDT Subject: Re: Eastwood Door Problem Only a couple of commentators picked up on the cardinal rule of computer ethics discussions. Namely, rephrase the question in a non- computer setting. Nearly always, this results in discovering an apt analogy from everyday life, (like the doorman's log), and the conventional solution, (Some keep logs, some don't, some hold them private, some don't). Should the data be kept at all? Obviously, keeping no records sounds like a simple solution. I would be afraid though, that in our litigous world, somebody would want to sue us for being negligent if we could have recorded the burglar's attempts to enter but didn't. The court might throw it out, but it might not. Another solution could be to not keep the records permanently, but rather to mail notifications of unauthorized entry to all tenants, then immediately destroy the central record. This moves custody of and liability for the data over to the tenants. Of course the data would have to be recorded at least temporarily until mailed. Since we're debating theory rather than practicality, we can imagine a more secure system in which the entry transaction notification messages were encrypted with each tenant's public key. Then there would be no chance of unauthorized snooping, or of a court subpoena for the records. But even such a secure system could cause trouble. Suppose I came home one night rather tipsy and mistakenly tried to gain entry to the building next door to mine. A doorman or a passer-by seeing my condition would probably offer me assistance in finding the right door. Tenants who received notice in the mail about my attempt, but not knowing the circumstances, might report me to the police. That could cause me actual damage. I might be tempted to sue the computer owner for harassment. That brings us to the underlying point. Machines can never be as humane as humans (why should that take insight to see?). Whenever we allow the machines to encroach on domains which heretofore were exclusively human, the result is friction and problems. In the end, the best advice is probably the simplest. Record nothing, observe nothing, make it simulate the old unintelligent metal key. Ps. Might the recently enacted "stalking" laws change the legal definition of what is private and what is public? If I sit in the street outside someone's home and record their comings and goings, I may be guilty of stalking. Would I be less guilty if I let a machine do it for me? ------------------------------ From: "/DD.ID=OVMAIL1.WZR014/G=DANIEL/S=STICKA/"@EDS.DIAMONDNET.sprint.com Date: 25 Oct 1994 10:02:58 -0400 Subject: Planting "Mistakes" to Guard Copyright. The practice of planting addresses in a mailing list to guard against unauthorized re-use is similar to the map publishing trick of printing fictitious cities that would be recognized on an illegal copy. That trick always struck me as a bit risky: "Yes, honey, I know I'm almost out of gas, but the atlas shows Fort Smelly is just ahead." -- Dan Sticka Dallas ------------------------------ From: "Prof. L. P. Levine" Date: 26 Oct 1994 07:08:56 -0500 (CDT) Subject: We can Communicate with Each Other Organization: University of Wisconsin-Milwaukee Date: 25 Oct 1994 19:36:14 -0700 Reply-To: marsha-w@uiuc.edu Originator: cpsr-global@cpsr.org From: marsha-w@uiuc.edu (Marsha-W) To: Multiple recipients of list Subject: we can communicate with each other Roger Rydberg of CPSR Minnesota found the following quote: I think the electronic communication may be one of the hopes of the human race. That we can communicate with each other without having to depend on the ruling class telling us what we must think. That ordinary folks all around the world will be getting in touch with each other by computers and fax and telephone and so on. This makes me optimistic. On the other hand I'm essentially a super conservative person. If I'd been around when somebody was inventing the wheel I would have said, "Don't." -- Pete Seeger interview on KSJN FM Minneapolis, MN January 21, 1994 ------------------------------ From: Mike Crawford Date: 24 Oct 1994 22:48:59 -0700 Subject: Re: Cellular Phone Fraud Revisited It seems to me that anyone could make a good business of selling semi-secure cellular channels. An encryption device would be installed in a cellular phone. The cellular customer would dial a certain number. After the number answers, the customer dials the number they actually want to reach. The security provider decrypts the call and places it onto the phone system in the clear. This would at least get around casual scanning. I would be quite astounded if there weren't people in Silicon Valley and other industrial or governmental centers, who listen to and tape every phone conversation, and then sell secrets, stock tips, and evidence of illicit affairs on the market. Such folks would at least have to learn how to tap a real phone - thus driving the high school kids out of the market and leaving it to the professionals to whom espionage rightly belongs ;-) Such a provider would be obligated by the DT bill to provide the key to the cops... but if one manufactured a device for doing this - it would basically be a modem with a single-board IBM PC attached, that booted entirely off its ROMS - then those unwilling to trust a service could buy one to place in their home, office, or subverted payphone booth. Let us at least have casual privacy for regular people. Mike Crawford | Doing Business with PGP FAQ Maintainer crawford@scipp.ucsc.edu | E-mail me if you accept encrypted credit card orders crawford@maxwell.ucsc.edu <-- Finger Me here for Public Key, ID 4A E9 76 39 ------------------------------ From: kadokev@ripco.com (Kevin Kadow) Date: 24 Oct 1994 21:04:50 -0500 (CDT) Subject: Tempest Restrictions in USA jOelm@eskimo.com (Joel McNamara) writes: I just finished Winn Schwartau's "Information Warfare." In the van Eck chapter, a source makes the following statement, "In the United States, it is illegal for an individual to take effective countermeasures against Tempest surveillance." This is attributed to a privately circulated document by Christopher Seline, titled "Eavesdropping on the Electro- magnetic Emanations of Digital Equipment: The Laws of Canada, England, and the United States" (June 7, 1990). is there any statute or case law listed in the book. I met Winn, and while he is a nice guy, some of his facts and reality base are a little off. I believe that he may be referring to ACTIVE countermeasures by generating extra RF static- that could be covered by FCC regulations, but it would be ludicrous for them to try to restrict LOWERING of RF noise output. -- KADokev@ripco.com Kevin Kadow FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983 Dialup:(312) 665-0065|Gopher:gopher.ripco.com|Telnet:foley.ripco.com ('info') ------------------------------ From: david.m.kennedy@CEORD-PM.mail.usace.army.mil Date: 25 Oct 94 19:55:31 Z Subject: A Tempest Paper TEMPEST.TXT (45K) is available by anonymous ftp from: csrc.nist.gov in directory pub/secpubs For modem users: (301) 948-5717 speeds up to 28.8 Winn's book is on my stack of "to read" and I didn't find the passage Joel was referring to flipping through it during half-time last night. TEMPEST.TXT states, I believe correctly, that it is illegal to posess some types of specialized electronic evesdropping equipment necessary to intercept tempest-type, e.g. Van Echt, emanations. *If* Winn states it is illegal to protect your equipment, that is derived from the inability to legally check your own equipment due to above limitation, or that the US government's standards for emanations is classified. To my personal knowledge, it is not illegal to shield your equipment. I believe there are vendors, particularly in the D.C. area who specialize in selling systems that meet US gov't standards. Opinions are mine and don't reflect official positions etc.... ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #053 ****************************** .