Date: Sun, 06 Nov 94 08:51:51 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#058 Computer Privacy Digest Sun, 06 Nov 94 Volume 5 : Issue: 058 Today's Topics: Moderator: Leonard P. Levine Digital Signature Alternatives Dutch TV Wants Info on Privacy Invasion Re: Planting "Mistakes" to Guard Copyright Re: Mother's Maiden Name Discover Card Code? Digital Telephony Re: Driver's License as universal ID Corporate Electronic Communications Policy Re: Again, Securest Cordless Phones Re: Email Privacy Alert NTIA Virtual Public Conference, an Invitation Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: Bob Bales <74774.1326@CompuServe.COM> Date: 04 Nov 1994 03:05:18 GMT Subject: Digital Signature Alternatives Organization: National Computer Security Association Hospitals, banks, insurance companies and other organizations are looking to replace paper with electronic documents, but they need a way to "sign" those documents for legal and control purposes. A new paper written by noted author, attorney and electronic commerce expert Benjamin Wright considers the practical features of two alternative signing methods: smart-card based public-key cryptography and PenOp, a pen computer technology that captures handwritten autographs. Wright argues that PenOp holds certain advantages over public key cryptography. If you would like to receive a copy of this paper, please send me an EMail to which I can simply "reply"; I'll send you a copy. -- Bob Bales | CompuServe InfoSec Forum: GO NCSA Natl Computer Security Assoc| Phone: 717-258-1816 10 South Courthouse Avenue | Fax: 717-243-8642 Carlisle, PA 17013 | Email: 74774.1326@compuserve.com ------------------------------ From: groenewo@fwi.uva.nl (Ferry van het Groenewoud) Date: 04 Nov 1994 15:28:43 GMT Subject: Dutch TV Wants Info on Privacy Invasion Organization: FWI, University of Amsterdam A Dutch television program is looking for existing, well-documented examples of privacy invasion by either the goverment, employers or other parties. Cases of employers invading the privacy of employees at the workplace by whatever means (wiretap, reading personal mail) are preferred. If you respond on the latter subject, please state in what way the privacy of the employee was invaded, and what the consequences were. Veryfiable stories will be considered only. Similar demands hold for the subject of privacy invasion by other parties. All information will be treated confidentially. Anyone who responds will remain anonymous, also when this item will be broadcasted. Respond by E-mail only to groenewo@fwi.uva.nl or by replying to this message. -- Ferry van het Groenewoud ------------------------------ From: daf1@cec.wustl.edu (Danyel A Fisher) Date: 04 Nov 1994 12:32:53 -0600 Subject: Re: Planting "Mistakes" to Guard Copyright Organization: Washington University, St. Louis MO How does one tell an illegal copy from a legitimate one, when the legitimate copy contains the fictitious city? One local map printer lists important features in places where they shouldn't be. An example is the high school which is shown mixed up with an elementary school. Another is the nearest Coast Guard Station closer to a main road than the bay it sits beside. A third is an historical site is listed where a Native American Reservation is located yet neither is tied to the other in any way. Well, we should distinguish between "incompetent" mapmakers and "copy protected maps". Adding the town of nowhereville in the middle of the mojave desert is copy protection (or adding on asuburb to long island....), but messing up parts of the city is entirely another. That defeats the purpose of the map: to provide information and travel directions. Your local map fails to do so. Either your city council doesn't want anyone to visit, or the map printer is clearly incompetent. Similarly, some of the Washington, DC tourist maps, in their attempts to "unclutter" and simplify te complex connections to the city, have lost all realism: removing major arteries, striking out one-way indicators (or, worse, reversing them!), and making clear copying mistakes. [Rand McNally has "George St." cross "Smith Parkway." Brand X, copying clumsily, has the "George Smith Parkway" not crossing any streets!] I'm sure the same thing happens in other states and places. -- Danyel ------------------------------ From: Barry Margolin Date: 04 Nov 1994 16:01:36 -0500 Subject: Re: Mother's Maiden Name Organization: NEARnet, Cambridge, MA snorthc@relay.nswc.navy.mil (Stephen Northcutt) writes: So, why is my mom's maiden name getting so important? If someone steals your wallet they'll get your Social Security card and credit cards, so they'll know all the important numbers. It's unlikely that your mother's maiden name is written down anywhere that a thief would find it, so it's a common identity check. -- Barry Margolin BBN Internet Services Corp. barmar@near.net ------------------------------ From: steve@owlnet.rice.edu (Steven Minor McClure) Date: 04 Nov 1994 23:00:30 GMT Subject: Discover Card Code? Organization: Rice University, Houston, Texas Stephen Northcutt wrote: ... Yesterday, Discover (with whom I have had an account for 5 yrs) wrote and asked for my SSN, DOB, and mother's maiden name. Did you notice the patch of seemingly random dots on the front of the form?---probably your account number encoded somehow. Except it looks like there's enough detail there to store way more than the 16 or so digits of the account number. Anybody know what algorithm they might be using (or what else might be stored there?) ? -- STeve ------------------------------ From: ghodur@netcom.com (Gayle Hodur) Date: 04 Nov 1994 23:19:20 GMT Subject: Digital Telephony Organization: NETCOM On-line Communication Services (408 261-4700 guest) I have tried through several online legislation databanks to find out what happened to the DT bills after they reached the president's desk. Did he sign them into law or not? Locis and some of the other bill tracking services are not updated frequently enough to help me. If someone knows the results on these bills, please inform. S 2375 HR 4922 -- ghodur@netcom.com ------------------------------ From: docjoe@delphi.com (Joseph E. Nelson) Date: 05 Nov 1994 01:08:25 GMT Subject: Re: Driver's License as universal ID Organization: Delphi Internet Services Corporation It makes me wonder. In a year or two, I will be getting my New York license which will have a magnetic strip. Should I sabotage it even before I have the opportunity to have it read? How many people will I P.O. ____________________________________________________ | Joseph E. Nelson, DMD | Rural Dentist | | docjoe@delphi.com (preferred) | Greene, NY 13778 | | 75122,3062@compuserve.com | LT, DC, USNR-R | ---------------------------------------------------- ------------------------------ From: rj.mills@pti-us.com (Dick Mills) Date: 05 Nov 94 09:50:33 EST Subject: Corporate Electronic Communications Policy The following is a corporate policy proposed for adoption at my company. The purpose of the policy is to protect the company from lawsuits. The fear of lawsuits was prompted by press reports of workers in California who sued because their company had inspected their "private" email records. What do followers of comp-privacy have to say about this policy as written? _Electronic Communication Policy_ Electronic communications, including electronic mail, voice mail, facsimile and all other forms of electronic media are company-owned resources, and are provided as business communication tools. Employees who use the electronic media for personal use do so at their own risk and expense. [Company] will share no responsibility for incidents of harassment, sexual harassment, slander, malice, defamation of character or other civil or criminal actions which occur or are alleged to have occurred through the personal use of [company] electronic communications. The responsibility for and the defense against such actions or claims is solely that of the individual. [Company] reserves the right to review all electronic records and communications, although it not the intent to do so except for legitimate business reasons. The message originator's department manager and corporate officers are the only individuals authorized to review these messages except with specific written permission from the president. The message originator will be notified as soon as possible if messages are reviewed. Electronic messages should be drafted with the same thought and concern devoted to written or verbal communications, and there can be no guarantee of privacy for electronic communications. Please exercise good judgment when using these media. Improper use of [company] electronic communications may result in disciplinary action up to and including discharge from employment. ------------------------------ From: Shawn Leard <71370.2551@compuserve.com> Date: 06 Nov 94 02:16:40 EST Subject: Re: Again, Securest Cordless Phones CHRISDENNIS@delphi.com writes: A few weeks ago, there was a small discussion of the most secure cordless phones available to consumers. However, I don't believe much else was said other than the new Motorola "secure" phones can be easily scanned. I, and other readers I'm sure, would like to know what is the securest on the market in the 900MZ range. And preferably under $300 street! ;-) Or at least please point me in the right direction on where to look for this info. Your best bet would be the Uniden with "spread Spectrum." This being the closest you can get to that of a standard hard wired phone (security wise) and still have the freedom of a cordless. The problem with the so called "digital encryption" that so many cordless phones use is this is no more than simple phase inversion in most cases. In other words useless. Even with this so called security it is still quite easy for someone to intercept your conversations and listen in. The fancy phrases that refer to X number of secured channels and the like have nothing to do with protect your conversation. The purpose of this is in the event you would leave your handset out of the base someone could not stand outside with their cordless and access your base. This still could be done but it would require some work though. Best Regards, Shawn ------------------------------ From: Richard Threadgill Date: 04 Nov 1994 10:42:36 -0800 Subject: Re: Email Privacy Alert After the recent posting from Mr Henderson's Journalism class regarding the authentication (or lack thereof) of electronic mail systems in current network computing systems, I sent them the following message, which I also wish to share with the larger community. In it, I discuss the comparisons between the existing postal, telephone, and electronic mail systems, and their levels of security and authentication. As a subscriber to the Computer Privacy Digest, I recently recieved a copy of a message your class sent under a falsified return address. You, and your students, appear to be under the mistaken impression that this ought to be a difficult and complex task. I wish to draw your attention to a number of observations about the strength of return identification in the physical world, and perhaps suggest some parallels for thought in the electronic world. Let us start with the physical postal system. Your normal run of the mill postal letter may have up to four identifying elements: A postmark, indicating the major-city-of-origin; a return address on the outside of the envelope; a postal purchase code (in lieu of a stamp - this is identifying because the postal code a firm uses is tied to that firm); any identifying information inside the letter which claims to identify the sender. As well, there are two reciever identifying elements: The address on the ouside of the letter, and any directive information inside. Now, let's consider the security of each of these elements. We generally assume the postmark is fairly trustworthy, and courts have accepted it as a proof of date and location. It is a federal postal crime to muck with the postmark, and I believe they are rarely falsified. However, if I mail an envelope to the postmaster of a major city, with valid postage, which contains a second envelope, also properly stamped, they will postmark the internal envelope and put into the postal delivery system. This may be considered comparable to existing electronic anonymous remailing systems. The postal purchase code also helpfully dates the envelope - allowing simple falsification of the postmark which it generates (the dates are entered manually into the stamping device; such stamping devices are a routine piece of business equipment). Again, not what we would call a high trust device, just one which people rarely think to falsify. A return address on the outside of the envelope is similarly uninformative - many organizations and individuals do not even place one on their outbound mail! Finally, there is the return information inside the envelope. This, of course, is not verifiable, nor should it be, as that involves an unacceptable level of intrusion by the postal process into the process of delivery of mail, namely routine examination of the content of mail. I should not need to explain the dangers inherent in that to a Journalism class. Before comparing this to the constraints of electronic mail, let us also consider the telephone system. Many people think of electronic mail as being much more similar to telephone calls than to postal mail because of the immediacy of electronic mail composition and delivery. However, or rather, thus, let us consider the telephone system as well. A normal telephone call contains no return information identifying the originator at all. This is changing as regions begin to offer caller-id technology, but even then that is a situation where the system reports the (logical) address of the originating device (the calling telephone) while giving no information at all about the actual calling party. It is presently believed to be technologically difficult to falsify this information, but I would humbly suggest that it is simpler to persuade a telephone switch to falsely report the calling number than it is to insert a parcel into the postal system, as inserting a parcel requires a fair bit of physical stealth while modifying the behavior of a phone switch requires only electronic finesse. Thus, phone systems rely on the content of the message (the caller identifying themselves) to identify the sending party, and to provide return address information (if any). This has become a real, significant problem in the political and charity arenas. I once recieved a phone call from an (alleged) charity organization which went to great pains to encourage me to believe that they were affiliated with my local police department, but which admitted, when pressed, that they had no such affiliation at all. Most of the people they canvassed, I feel fairly confident in saying, were probably duped by the name of their organization and the automatic level of trust placed in any organization identifying itself as related to law enforcement. One final note about the telephone system: While we must of course rely on the caller's honesty when they are unknown to us, we generally believe that we can trust our own ability to recognize someone's voice. This is not always reasonable, however, whether because the calling party is someone we do not often hear from, has a health problem affecting their voice, or because someone has actually gone to some effort to disguise their voice as an act of misdirection. That may sound far-fetched, but I encourage you and your students to consider how many of their casual acquaintances can be mistaken for one another on the telephone. I suspect many of us have had the unsettling experience of making dinner plans or the like, only to discover that we had been speaking with the roommate of the person we were tryingt to reach! This brings us to the electronic realm. There are a number of identifying elements, all of which can be falsified with varying degrees of effort. There is a comprehensive trail of machines which have touched the piece of mail, including timestamps and hopefully unique message identifiers. There is a From line which is normally generated by the originating mailer, but which may be modified in rare cases by downstream mailers in an attempt to ensure that the recipient can return mail by using the address in the >From line. There is often a return address (a Reply-To line) which the user or originating mail software adds in an attempt to second-guess the mailers which will handle the mail. There is also an additional From line in the envelope of the message which describes the userid of the account which contacted the first mailer in the chain. Finally, there is any identifying information (well, claims, really) in the body of the message itself. Now, all of the information in an electronic mail message is generally entirely human-editable; for non-smtp systems, it is more annoying to modify header and origination information, but not inherently less feasible. Similarly, all of the 'trail' of the message (the lines indicating what machines recieved and forwarded the message, and at what time) can be artificially constructed, up to the point at which the message was inserted into a machine's mail delivery system. Thus, it is entirey possible for me to falsify not only the return address information, but also the trail of machines through which a message passed, to lend credence to the false sending address. This tells us that the degree to which we can trust that a piece of electronic mail came from the source which the message claims is very low. However, a cursory examination of other message delivery systems betrays that they don't fare very well either! I don't know to what degree people (in practice) trust an email message to have come from the claimed sender any more than they trust that a phone call came from the person or organization who claimed to call ('Hi, I'm from Bank of America, we're trying to straighten up a billing problem with your visa account, number xxxx-xxxx-xxxx-xxxx, could you please give us your date of birth and mother's maiden name so that we can confirm that you are the cardholder? Thank you, now on your last bill - I'm sorry, I have another call, can I call you right back? Thank you'), but the underlying problems all stem from trusting message systems to be verified when they aren't. Moreover, no useful message system *can be completely verified.* Which brings us around to the standard observatoins on postal fraud: 1. Protect yourself 2. Never send money based solely on a phone call (this may be considered comparable to 'never send money based solely on a piece of electronic mail) 3. Above all else, remember that a caller (or sender of mail) may not be who they say they are, and that the apparent origin of the message may be entirely falsified. I hope this will provide you and your students with both some stimulating thought and some awareness of the lack of security in our existing message systems. Further, I would suggest that the utility of insecure messaging systems (which ease establishing initial contacts and which allow us to conduct communications with great ease) far outweighs the utility of completely secure message systems *in almost all circumstances.* -- Richard Threadgill Network Architect Apple Computer ------------------------------ From: "Prof. L. P. Levine" Date: 05 Nov 1994 08:24:25 -0600 (CST) Subject: NTIA Virtual Public Conference, an Invitation Organization: University of Wisconsin-Milwaukee I have been asked to co-host the privacy portion of the following virtual conference. I am sure that each of you is invited to participate also. For those who do not wish to contribute to the conference but only wish to see summaries, we will be posting that sort of material here. For the rest of us, well, read the following: NTIA Virtual Public Conference on Universal Service and Open Access to the Telecommunications Network The conference will begin on November 14th, 1994, and run through midnight November 18th, 1994. If there is sufficient interest, it may be extended an additional week. At present, you may subscribe to a topic by sending email to the topic address. Your email address will be saved and you will be added to the subscription list for the topic. No actual traffic on the topics will begin until November 14th, though essays by conference hosts will be sent out a few days before the conference begins. At this time, if you subscribe to a topic, you will receive an introductory messsage about the conference. However, your email address is the only information being retained--do not send any message destined for a conference topic. You do not need to supply any information in the subject line or in the message to presubscribe. If you wait and subscribe to a conference topic when the conference begins on November 14, 1994, you need to send email to a conference topic from the account where you want to receive the mailings. The message should have the single line in it: subscribe topic your name where subscribe is a keyword and topic is the name of one of the following topics: redefus, avail, intellec, privacy, standard, opnacces. Your name in the above example is strickly for documentation. Please use these addresses for subscribing to conference topics: Redefining Universal Service and Open Access: redefus@virtconf.ntia.doc.gov Affordability and Availability: avail@virtconf.ntia.doc.gov Interoperability: standard@virtconf.ntia.doc.gov Intellectual Property: intellec@virtconf.ntia.doc.gov Privacy: privacy@virtconf.ntia.doc.gov Universal Service and Open Access for Individuals with Disabilities: opnacces@virtconf.ntia.doc.gov This automated reply will not be sent to you more than once per week, no matter how many times you send to this address. We are glad to have you with us, and look forward to a productive series of discussions on this aspect of the National Information Infrastructure. Please feel free to inspect our information server at: http://ntiaunix1.ntia.doc.gov:70/0/press/virtcon.txt For your convenience, we have included the original conference announcement below. THE NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION (NTIA) and the UNIVERSAL SERVICE WORKING GROUP OF THE INFORMATION INFRASTRUCTURE TASK FORCE (IITF) announces a VIRTUAL PUBLIC CONFERENCE ON "UNIVERSAL SERVICE AND OPEN ACCESS TO THE TELECOMMUNICATIONS NETWORK" November 14-18, 1994 Background The National Telecommunications and Information Administration (NTIA) and the Universal Service Working Group of the Information Infrastructure Task Force (IITF) will host an electronic, Virtual Conference the week of November 14-18, 1994. The Virtual Conference will culminate a year-long effort by the Clinton Administration to gather information and opinions about the issues of universal service and open access with respect to telecommunications and information networks. The Conference is part of the Administration's initiative to promote the development of a National Information Infrastructure (NII) and Global Information Infrastructure (GII). The Administration's report entitled the National Information Infrastructure: Agenda for Action, released on September 15, 1993, describes the benefits of networking technology and the potential for using the NII to create an electronic commons. The report includes the Administration's goals of extending universal service to the information infrastructure and using the NII to conduct government business. In addition, the Administration plans to issue the Global Information Infrastructure: Agenda for Cooperation, in December 1994. This report will address universal service and other issues in the global arena. The Virtual Conference will be conducted entirely through electronic networks--using the Internet, dial-up bulletin board access, public information service providers, and commercial service providers. Although participants may use their own computers, NTIA and the Universal Service Working Group seek to facilitate nationwide access by encouraging public institutions to make their computer facilities available to the public during the week of the conference. Information collected during this conference and previously through field hearings will assist the Administration's ongoing policy deliberations and may be used in future reports on universal service and open access. How the Conference Will Be Conducted During the week of November 14-18, 1994, NTIA will create a series of electronic discussion groups. Each topic will have an Internet mailing list and USENET newsgroup devoted to discussion of the specific topics and hosted by an expert in the field. Any comments submitted as part of this electronic discussion will become part of a publicly available electronic archive. Topics to be discussed at the Virtual Conference are: -- Redefining Universal Service and Open Access: What is the minimum "basket" of telecommunications or information services or capabilities that all Americans should be able to obtain today? Which services or capabilities, if any, should be available to all Americans on an optional basis? What is the relationship between universal service and open access? -- Affordability and Availability: Who lacks telecommunications services and why? Should training in the use of more advanced network services be available to all who wish it? Who should pay for such training? How can rural concerns and inner city concerns best be accommodated under a new universal service concept? How can government balance the need for universal service with the benefits of a competitive environment for the telecommunications industry? -- Intellectual Property: Does the traditional legal framework for intellectual property work with digital technology? What are the respective roles of the government and the private sector in determining how authors and others who hold intellectual property rights are reimbursed? Does the current legal framework for intellectual property rights help or hinder accessibility to telecommunications and information networks? -- Privacy: What potential is there for the telecommunications and information networks to compromise personal privacy? To what extent will perceptions of reducedprivacy hinder widespread, seamless access to the telecommunications and information networks? -- Interoperability: What is the relationship between interoperability and the concepts of universal service and open access? What are the respective roles of the marketplace and the government in determining standards and protocols for interoperability? What lessons can be learned from past efforts in standards setting, both domestically and internationally? -- Universal Service and Open Access for Individuals with Disabilities: What is the current state of access to telecommunications and information services for the disabled? How can such services help the disabled participate more fully in society? What design concepts for the disabled are transferable to all users to improve overall network functionality? Participants in the Virtual Conference are encouraged to review the following two documents recently issued by NTIA: (1) NII Field Hearings on Universal Service and Open Access: America Speaks Out; and (2) Notice of Inquiry (NOI) on Universal Service and Open Access Issues (written comments in response to this NOI are being received by NTIA and should be filed on or before December 14, 1994, to receive full consideration). Both documents already are available through NTIA's IITF Gopher Server at iitf.doc.gov, dial in to (202) 501-1920, and NTIA's Bulletin Board Service at (202) 482-1199, ntiabbs.ntia.doc.gov (telnet, gopher or world-wide web). Call for "Public Access Points" Libraries and universities, as well as state and local governments, are encouraged to make their facilities available to the public. Providing these public gateways will demonstrate the power of networking and facilitate access for those who might not otherwise be able to participate. If your institution is interested in participating as a "public access point," please see the attached registration form. Dates The Conference will start at 9:00 a.m. Eastern Standard Time (EST) on November 14, and conclude at 11:59 p.m. EST on November 18, 1994. During this time period, the Conference will be open for comments 24 hours a day. For Further Information Additional information about the Virtual Conference, including instructions on how to join a topic, may be found on the Conference Gopher: virtconf.ntia.doc.gov. This information can also be e-mailed directly to you; send a message to info@virtconf.ntia.doc.gov and you will receive an automatic reply. For technical assistance, please contact Charles Franz at (202) 482-1835 (cfranz@ntia.doc.gov). For general information or to receive a "Public Access Point" registration form, please contact Roanne Robinson at (202) 482-1551 (rrobinson@ntia.doc.gov). Fax inquiries should be directed to (202) 482-1635. ********************************* The National Telecommunications and Information Administration serves as the President's principal advisor on telecommunications policies pertaining to the nation's economic and technological advancement and to the regulation of the telecommunications industry. ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #058 ****************************** .