Date: Tue, 21 Mar 95 19:43:31 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#028 Computer Privacy Digest Tue, 21 Mar 95 Volume 6 : Issue: 028 Today's Topics: Moderator: Leonard P. Levine Re: Can My Neighbor Peruse My Medical Records? Re: Can My Neighbor Peruse My Medical Records? Re: Can My Neighbor Peruse My Medical Records? Re: Can My Neighbor Peruse My Medical Records? Is Caller ID to be mandantory nationally, April 1995? Is Caller ID to be mandantory nationally, April 1995? Is Caller ID to be mandantory nationally, April 1995? Re: Sprint Privacy Issue on 10 Cents-a-minute Re: Proving your Citizenship Abolishing the IRS First Bank of Internet Opens FTC Legislative Alert FTC Alert (continued) The Manchurian Printer Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: Maryjo Bruce Date: 17 Mar 1995 20:06:02 -0800 (PST) Subject: Re: Can My Neighbor Peruse My Medical Records? There is an article - "Is your health history anyone's business" in McCalls magazine. David Linowes, who chaired the U.S. Pravacy Protection Commission under presidents Ford and Carter and wrote PRIVACY IN AMERICA; IS YOUR PRIVATE LIFE IN THE PUBLIC EYE? "conducted a survey of Fortune 500 companies and found that half of them had used medical records to make hiring decisions, often without informing the potential employee." Reason: cost of health care. "Linowes expects that a follow up survey this year will reveal that even more companies now engage in the practice." "A study at the University of Illinois found that 40 percent of insurance companies disclose medical information to others, such as lenders, employers and marketers of medical devices and drugs, without customer permission." "It is estimated that half of all Rx written in the U.S. are recorded in db that are accessible...." and so forth. The article, written by Joe Levine, is on p 54 in the April issue of McCalls. -- Sunny Bruce, M.L.S. ------------------------------ From: Robert Gellman Date: 18 Mar 1995 21:24:07 -0500 (EST) Subject: Re: Can My Neighbor Peruse My Medical Records? This is a response to a question posed by Harry Kingmill about a nosey neighbor employed in a hospital. This problem illustrates a little appreciated characteristic of modern personal recordkeeping. The biggest threats to privacy come from insiders. Those who have a legitimate ability to use records inside a hospital are much more likely to abuse that ability and pose a threat to others than are outside "hackers". This is not to say that there is no problem from outsiders, but the threat from the outside tend to get all of the attention while the real problem is frequently unaddressed. What to do about the possibility of a nosey insider? You might bring the problem to the attention of the administrator of the hospital. The possibility of a lawsuit should be readily apparent to the administrator. But you have to be careful. If you bring specific charges against an identifiable person, you run the risk of being sued by that person for defamation. If you name a person, you had better have your facts straight and provable. If you think that you are right but are still nervous, you can always try to make an anonymous complaint. If the person has access to psychiatric records, you might also address the complaint to the head of psychiatry. They tend to be VERY concerned about confidentiality. Depending on the law of the state where you live, the spreading of gossip by hospital workers may be illegal. If the facility is covered by federal alcohol or drug abuse rules, there may be a federal violation. Similarly, if the facility is federally operated, the federal Privacy Act of 1974 may impose statutory limits. Proving a case -- either civilly or criminally -- is very difficult. I hope that this helps. -- Bob Gellman ------------------------------ From: chi@netcom.com (Curt Hagenlocher) Date: 19 Mar 1995 17:05:24 GMT Subject: Re: Can My Neighbor Peruse My Medical Records? Organization: NETCOM On-line Communication Services (408 261-4700 guest) Harry Kingsmill writes: During the past year, this person has taken a part time job in the admissions department of our community hospital. Since then, other neighbors tell us that she has all of the "dirt" on anyone she knows who checks in to the hospital for any reason. She was apparently very proud of herself to report that the nephew of one of the neighbors had to spend time in the psychiatric ward after attempting suicide. I'm sure there's much that she's reported on that I don't know about (thankfully). My questions are: 1) With my insurance info on file at that hospital, how safe are my family's medical records from this woman? 2) How can she be stopped from wreaking further damage to the community? My girlfriend works at the UCLA Medical Center Blood Bank. If your records are on file at the MC, then she can access them. Ideally, she would only access your records if say, you needed a transfusion and she needed to supply something appropriate. However, there is nothing that prevents her from simply "browsing" at will. I'm not even sure if the computer records her access to the records. You haven't really provided that much information about what this woman does in admissions. She may not have direct access to any records. If you can provide some proof that she is misusing her position, I'm sure that the hospital will fire her. Hospitals, like most companies, are usually worried about the "L-word" (lawsuits). >From what I can see, most medical professionals take their job very seriously. -- Curt Hagenlocher chi@earthlink.net chi@netcom.com ------------------------------ From: horowitz@nosc.mil (Alan M. Horowitz) Date: 21 Mar 1995 04:46:47 GMT Subject: Re: Can My Neighbor Peruse My Medical Records? Organization: NCCOSC RDT&E Division, San Diego, CA If you are willing to swear to these facts under oath (with attendant penalty for perjury), swear out an affidavit, and ask your neighbors to do likewise. Transmit one copy of each affidavit to the adinistrator of the hospital, another to the administrator of your State's hospital regulating bureaucracy, and a third to the foreman of your local Grand Jury. The sheriff's deputy on duty in the courthouse will assist with that once he understands you are not seeking to learn the identity of the Grand Jurors. ------------------------------ From: Maryjo Bruce Date: 17 Mar 1995 19:27:13 -0800 (PST) Subject: Is Caller ID to be mandantory nationally, April 1995? We have just gotten caller id (Dallas). As soon as the service was available, ads began to appear pointing out the benefits of the service for businesses. One of them said that "basic demographics" (whatever that means) about the caller could appear on a computer screen automatically, by the time the phone was answered, along with credit info, and all info the co might have in its computer about the caller - order info, type of products purchased, amount of money spent, whatever. The ad went on to say that in the future, various national databases will be accessible immediately, as the calls come in, and those databases will be selected by the company, tailored to their needs. ------------------------------ From: jwarren@well.sf.ca.us (Jim Warren) Date: 19 Mar 1995 09:45:32 +0800 Subject: Is Caller ID to be mandantory nationally, April 1995? Would you like to know who's electronically knocking on your bedroom door in the middle of the night? Would you like to remain entirely undisturbed by anyone who's unwilling to identify themselves to you when they try to contact you or electronically enter your home? Would you like for the computer system you call to be able to verify that the call is coming actually from your phone number - rather than from some vile computer cracker who's somehow obtained your user-id and password? Would you like computer systems to selectively allow access to "sensitive" or "adult(?)" material via a call coming from your phone, identified as a mature(?) adult, while blocking access requests via your young teen-ager's phone that might be identified as such? And would you like to selectively keep some people whom you decide to visit electronically, no matter the time nor location at which you decide to contact them, from knowing who you are - for personal privacy or for nefarious purposes (or both)? Okay. I just received a Spring, 1995, junkmail catalog from Hello Direct, a telephone add-ons company. For some reason that's probably fantesy, I had the impression they were somehow associated with Pacific Bell, though I found no mention of it in this edition of their catalog. (800-444-3556; now you know everything I know about 'em.) An ad for a Caller ID blocking device on page 45 stated: "Mark your calendar. In April, 1995, Caller ID will be a 'done deal,' nationwide. You may or may not have Caller ID service from the phone company today. But in April, every telephone company coast-to-coast will be required to offer it, by law. "Your number can be legally displayed, for anyone you call who has Caller ID service and a phone with Caller ID functionality. ... While you could get a call-blocking service from the phone company, you'd have to keep paying for it every month. For a tidy fifty bucks, this clever little device does the trick just as well - no monthly service needed." (Unsurprisingly, the catalog also offered ID receiving units, as well as this ID transmission blocker. :-) I don't know whether this is true, partly-true (e.g., for interstate calls) or only sometimes true depending on which state you're in, as is now the case. Can anyone cite a federal statute or regulation - probably from the FCC - mandating such national service? Would love to have the exact citation and text of any such mandate. -- Jim Warren, GovAccess moderator; columnist, MicroTimes/Govt.Tech/BoardWatch jwarren@well.com (well.com = well.sf.ca.us; also at jwarren@autodesk.com) 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request> [puffery: James Madison Freedom-of-Information Award, Soc. of Professional Journalists - Nor.Calif.(1994); Hugh Hefner First-Amendment Award, Playboy Foundation (1994); Pioneer Award, Electronic Frontier Foundation (its first year, 1992); founded Computers, Freedom & Privacy confs, InfoWorld, etc.] ------------------------------ From: PRIVACY Forum Date: 19 Mar 95 10:54:07 PST Subject: Is Caller ID to be mandantory nationally, April 1995? It's untrue. What the FCC mandated is that CNID data be passed between local telcos and IXCs on interstate calls starting that date. They also mandated that before that be done local telcos must provide free per-call blocking (i.e. *67) for their subscribers, regardless of whether or not CNID display services were being offered to subscribers in that area. They also mandated that the privacy indication triggered by the use of per-call CNID blocking must be honored by all receiving local telcos. Note that: 1) This says nothing about the actual providing of CNID to subscribers. If the local telco decides they don't want to provide the ability for their subscribers to receive CNID, that's OK. 2) It says nothing about intrastate calls, which may still be under tighter controls (potentially with per-line CNID blocking still available). There are some technical issues revolving around the question of providing per-line blocking for intrastate calls and only per-call blocking for interstate calls. 3) It says nothing about calls to 800 or 900 numbers, which use ANI for caller (line) identification and are not affected by CNID restrictions. The issue of 800 numbers in particular is a thorny one, since the party paying for the call does need some way to track abusive and other usage. 4) Many state PUCs (and other entities) have apparently filed suits against the FCC regarding their ruling, particularly where the ruling would preempt the states' own rules for providing of per-line CNID blocking (at least as far as interstate calls are concerned). 5) Many local telcos seem quite confused about what's going on, and I *suspect* the April implementation date will not be fully met, especially since many local telcos, nor most IXCs, have said anything to their subscribers about use of *67 in those areas where CNID services are not being offered. I also saw that writeup in the "Hello Direct" catalog. By the way, one of the Caller ID boxes in their catalog, showing a name display, is displaying the name "Will Robinson". Guess they really might be Lost in Space. -- Lauren ------------------------------ From: ramole@aol.com (RAMole) Date: 18 Mar 1995 02:35:13 -0500 Subject: Re: Sprint Privacy Issue on 10 Cents-a-minute Organization: America Online, Inc. (1-800-827-6364) MCI didn't ask me all those questions -- nor anything irrelevant that I recall. They have a "Friends & Family II" plan where calls to those on your list are 10cents/min from 5pm to 8am&weekends and 20 or 25% more off if the person on your list is also their customer. All these plans are confusing, but MCI seems better than Sprint to me. Also, MCI will give you 5 frequent flyer miles on American for each $ you spend, and you can get an AAL visa card that gives you 1 mile per $ spent. All of which has nothing to do with privacy, but may get you a free roundtrip ticket every year or two at no added expense. I could be slightly off on some of the rates, but I *think* this is right. Good luck. Alan Mole ramole@aol.com ------------------------------ From: dpbsmith@world.std.com (Daniel P. B. Smith) Date: 18 Mar 1995 15:37:37 GMT Subject: Re: Proving your Citizenship Organization: The World Public Access UNIX, Brookline, MA The concept that I have to "prove my citizenship" disturbs me greatly. The current situation is that I don't think I have any difficulty "proving my citizenship," but that's only because nobody is seriously interested in challenging it. My basic idea is that I'm a citizen of a free republic and I don't have to carry no steenking ID cards. Let the person who thinks I'm not Dan Smith prove it. Unfortunately this is probably not in tune with the nineties, because I'm sure we all realize we have to have our freedoms temporarily restricted just a bit to counter the terrible threat of (cue menacing music) _illegal aliens_ The basic question I have is: I have a "birth certificate," but how do I "prove" that that birth certificate is actually _my_ birth certificate if anybody decides to challenge it? The piece of paper I currently present as my birth certificate was obtained by placing an order over the telephone with the City of New York's Bureau of Vital Records. It is a dot-matrix printout on a piece of paper with some mottley money-colored background, some fancy-looking scrollwork decoration, and a raised seal. It contains: my date of birth, a certificate number, the borough (Manhattan), the date filed (a couple of days after my birth), the issued, my name, my sex, my mother's maiden name, and my father's maiden name. How on earth does this "prove" anything at all? All it proves is that _somebody_ telephoned the City of New York and ordered a copy of Dan Smith's birth certificate. What could I ever do if anyone ever questioned it? Related questions. For years, I _had_ what my mother told me was the official copy of my birth certificate, and used it for decades to get driver's license, passports, etc. Suddenly, about ten years ago, clerks started complaining about it on the grounds that it "didn't have a raised seal." What I think must have happened is that at some point in time, health departments must have started using raised seals and clerks must have started requiring them. No problem, I called up New York and ordered a new certificate. But a) How can I be sure I can "prove" my citizenship if the standards for what is considered "proof" keep changing? What happens if at some later time some clerk says "Sorry, I can't accept this (issued-in-1991) certificate because it doesn't have the microchip in it? And what if b) I call the friendly New York Bureau of Vital Statistics and say "Please send me Dan Smith's birth certificate again, because now I need one with the translucent ultraviolet watermark in it" and they say "What was that certificate number again?" And I say "012345" and they say (cold pause) I'm sorry, our computer has no record of that certificate?" -- Daniel P. B. Smith dpbsmith@world.std.com ------------------------------ From: GOODWYN@delphi.com Date: 19 Mar 1995 00:06:59 -0500 (EST) Subject: Abolishing the IRS Regarding the various problems with the IRS snooping into people's private, does anyone know anything about a proposal in Congress to abolish income tax and the IRS? I think I saw something about this recently, and would like to know more. The idea was to replace income tax with a national sales tax, and the express purpose, if I remember correctly, was to get the IRS out of people's private lives by abolishing it. Frank Goowyn 606-573-4607 107 1/2 Mound Street GOODWYN@delphi.com Harlan, KY 40831 ------------------------------ From: fboi@netcom.com (Vinn Beigh) Date: 19 Mar 1995 23:03:45 -0800 Subject: First Bank of Internet Opens ___/\___ _|_()_|_ A N N O U C E M E N T For immediate release: Contact: fboi@netcom.com Monday, March 20, 1995 Subject of 'info' for details Direct questions to Vinn K. Beigh The First Bank of Internet, FBOI, is announcing the initiation of transaction processing services for Internet electronic commerce. Purchases over the Internet can now be made without exposing personal credit card information. Vendors can now sell products on the Internet without the restrictions imposed by credit card use. Other Internet purchase procedures require personal credit card information. Those proceedings will be monitored by thousands of people all over the world. Some will attempt to either decode the credit card information or impersonate the customer in future transactions. The alternative to personal credit cards for electronic commerce is based on an FBOI procured Visa (tm) Automated Teller Machine (ATM) card. The card is prepaid, PIN protected, replaceable, disposable, and good at over 200,000 Visa/PLUS (tm) ATMs in 83 countries. The safety of FBOI is ensured because access to ATM funds without possession of both the ATM card and the Personal Identification Number (PIN) is not possible. ATM cards are also better than credit cards because their purchase does not require the personal, financial, and employment background of the consumer. The Visa ATM card is not a credit card. It is cash. The ATM card will be used as a checking account. Using an ATM card allows consumers to set aside dedicated funds for Internet data purchases. It provides a safe, secure way to transfer cash from consumers to producers. In addition, consumers can reclaim their funds at any time using an ATM. A check/invoice procedure is used that consumers will find familiar. The consumer first places an order with a vendor. The consumer then sends to the vendor or FBOI an e-mail 'check' for the purchase of the program/file/data product. The vendor sends FBOI an e-mail 'invoice'. FBOI will reconcile the transaction and send e-mail transaction receipts to both the vendor and customer. Cash will be taken from the customer ATM account and credited to the vendor for later payment. FBOI charges a 5% vendor commission per transaction. Producers of software, information collections, newsletters, graphics, and other data products can use FBOI services for the sale of their products. These vendors can sell their products for prices that would be too low for credit card transactions. Subscription services that charge an up-front fee for one time access to data depositories and services also can participate. Vendors will benefit from a very large consumer base because this global solution works just as well outside the U.S. as within the U.S.. The Visa ATM network is worldwide. Consumers will benefit from a very large vendor base because software produced in non-North American countries can be offered for sale much easier than now. The worldwide producers on the Internet can use FBOI services without the expense of owning or renting a dedicated Internet server or a World-Wide Web site. E-mail is the cheapest and simplest of all Internet services. Large Internet commercial services will soon be starting that provide only for the on-line purchase of catalog products. It will not be possible for the individual producer to sell a data product using those services. Those services will collect the consumers credit card information in advance because of Internet security problems. FBOI transmits no sensitive information over the Internet and prevents forgery and impersonation by using Pretty Good Privacy, PGP (tm), software for all transactions. This freeware provides excellent authentication and anti-alteration security. In addition to the unsecured nature of the Internet, consumers should be hesitant giving out their credit card information to vendors of unknown credibility. Tracking is much harder on the Internet than magazine direct marketing. Also, it is not the same as mail order merchandise since U.S. Postal Service and Federal Trade Commission mail order laws do not apply to the Internet. For high volume, low cost, transactions directly between producers and consumers on the Internet contact FBOI. Further information can be obtained from The First Bank of Internet by sending an e-mail message with the subject "info" to . Visa is a trademark of Visa International Service Association. PLUS is a trademark of Plus System, Inc. PGP and Pretty Good Privacy are trademarks of Philip Zimmermann. The First Bank of Internet (tm) is not a lending institution. The First Bank of Internet (tm) is not a chartered. ------------------------------ From: Druff <71553.1102@CompuServe.COM> Date: 20 Mar 1995 17:46:45 GMT Subject: FTC Legislative Alert Organization: via CompuServe Information Service Legislative Alert! New proposed Federal Trade Commission Rules on Telemarketing pose a great threat to businesses, sysops, list brokers, copywriters, printers, desktop publishers, etc., and to freedom of speech! Your Immediate Attention Is Called To 16 CFR Part 310 Telemarketing Sales Rules Note: Section 310. Definitions...includes...the use of facsimile machines...computer modems, or any telephonic medium. Your attention is called to "Assisting and Facilitating" Section 310.3[b] [1] {page 11} of the proposed rule sets forth a general prohibition against assisting or facilitating deceptive telemarketing acts or practices. Assistors who engage in these activities will violate the rule if they know, or should know, that the person they are assisting is engaged in an act or practice that violates the rule. The five types of assisting and facilitating activities listed in the proposed rule are as follows: first, providing lists of customer contacts to a seller or telemarketer [e.g., serving as a list broker]...and fifth, providing any script, advertising, brochure, promotional material, or direct marketing piece to be used in telemarketing. Section 310.4[b] [pages 14 & 15] ...it is an abusive act or practice and a violation of the rule to call a person's residence to offer, offer for sale, or sell, on behalf of the same seller, the same or similar goods or services more than once within any three month period... Page 25 - #7 - The proposed rule states that the term "telemarketing" includes the use of a facsimile machine, computer modem, or any other telephonic medium, as well as calls initiated by persons in response to postcards, brochures, advertisements, or any other printed, audio, video, cinematic or electronic communications by or on behalf of the seller... Page 25 - #8 - The proposed definition of "telemarketing" includes within the rule's coverage On-Line information services which a person accesses by computer modem. Section 310.3 [a] [4] {page 11} would prohibit consumers from paying by check over the phone without prior written authorization while allowing credit card holders to do so without prior written authorization. This would discriminate against the 75 million consumers who do not have a credit card, the millions of consumers who have no usable credit on their credit card and the businesses, most of them small or new, who cannot obtain credit card merchant status to accept credit cards. It would also further the monopoly of Visa and MasterCard and the up to 21 percent interest they charge credit card users. Please read the proposed rules in their entirety to ascertain their possible effect on your business, the telemarketing industry and the growth of the Information Super Highway. Since most businesses and individuals are totally unaware of these proposed rules, it is important that this information is distributed through every means possible so that interested parties have the opportunity to comment and protect their interests. Written comments must be submitted on or before March 31, 1995. A public workshop-conference will be held at the Chicago Hilton on April 18th through April 20th from 9am to 5pm. Five paper copies of each written comment should be submitted to the Office of the Secretary, Room 159, Federal Trade Commission, Washington DC 20580. To encourage prompt and efficient review and dissemination of the comments to the public, all comments should be submitted, if possible, in electronic form, on either a 5< or 3= inch computer disk, with a label on the disk stating the name of the commenter and the name and version of the word processing program used to create the document. Submissions should be captioned: "Proposed Telemarketing Sales Rule" FTC File NO. R411001. The full 50 pages of the proposed rules can be downloaded from the NYACC Bulletin Board, file name "FTC" - phone 718-539-3338. I would appreciate your feedback and a copy of any comments that you intend to submit and I suggest that you disseminate this information as widely as possible. Ronald A. Stewart 126 13th Street Brooklyn, NY 11215 Phone 718-768-6803 Fax 718-965-3400 ------------------------------ From: Druff <71553.1102@CompuServe.COM> Date: 20 Mar 1995 17:47:22 GMT Subject: FTC Alert (continued) Organization: via CompuServe Information Service File Name "FTcanswr.asc" Proposed comments to FTC about written authorization required for checks by phone Under Section 310.3 [a] [4] of the proposed rule, it is a prohibited deceptive telemarketing act or practice for a seller or telemarketer to obtain or submit for payment from a person's checking, savings, share, or similar account, a check, draft, or other form of negotiable paper without that person's express written authorization. For example, a telemarketer cannot submit an unsigned draft on a consumer's bank account without that consumer's prior written authorization. This Section of the proposed rule would discriminate against the 75 million Americans who do not have a credit card [1990 census] and the millions of credit card holders who want to make a purchase by phone, fax, computer, computer bulletin board, etc., but who have no usable credit on their card. Would discriminate against the thousands of new and small businesses who cannot obtain Credit Card Merchant Status to accept major credit cards and reduce their sales by not being able to accept a customer's check over the phone. The rules would allow credit card payments over the phone, increasing the monopoly of MasterCard and Visa with their up to 21 percent charges to consumers. Would effectively kill the rapidly growing "checks by phone" industry, putting over 20 companies (and their employees) out of business and costing countless less sales to the thousands of clients these businesses are now servicing. Fraud associated with checks by phone is less than with credit cards. Any consumer can take a check to his or her bank and, since consumer's signature is not on check, have the check kicked back to the bank it was originally deposited in and have their account credited. As with credit card sales over the phone, it is the merchant that is at risk, not the consumer. The FTC must demonstrate why checks over the phone must require prior written authorization from consumers [which would effectively negate its usefulness] while allowing credit card purchases by phone without prior written authorization. In order for the Information Super Highway to continue to grow, checks by phone will play a positive important role. People will be shopping from their personal computers, from their TV sets using their interactive remote control device...on computer bulletin boards and on the Internet and by fax machine. Consumers will need ways to transmit money over the phone and fax lines and businesses will need ways to receive money by phone line and fax and by computer. 75 million Americans do not have a credit card and thousands of legitimate businesses cannot qualify for credit card merchant account status to accept major credit cards. To preclude checks by phone will cause great economic loss to the American economy. If banks received numerous complaints about checks by phone they would stop paying them [checks without account holders signature]. Handicapped, the elderly, shut-ins, etc., would be further penalized by being forced to address envelopes, purchase postage stamps, and going to a mail box instead of being able to conveniently give a check over the phone. If future information and statistics demonstrate that checks by phone produces more fraud and complaints than credit card fraud, the FTC can revisit this issue in future rules. No anecdotal evidence presently exists that this is currently the case. ------------------------------ From: "Prof. L. P. Levine" Date: 18 Mar 1995 11:03:49 -0600 (CST) Subject: The Manchurian Printer Organization: University of Wisconsin-Milwaukee Taken from RISKS-LIST: RISKS-FORUM Digest Thursday 16 March 1995 Volume 16 : Issue 92 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator From: simsong@pleasant.cambridge.ma.us (Simson L. Garfinkel) Date: 15 Mar 1995 21:28:37 -0500 Subject: The Manchurian Printer The Manchurian Printer, (C) 1995, Simson L. Garfinkel [The Boston Sunday Globe, March 5, 1995, Focus Section, Page 83] Simson L. Garfinkel Early this month, Hewlett-Packard announced a recall of 10,000 HP OfficeJet printer fax copiers. The printer's power supplies may have a manufacturing defect that could pose an electrical shock hazard. HP says that it discovered the problem with its printers during routine testing; HP was lucky: printers can be very dangerous devices. A typical laser printer, for example, can draw hundreds of watts of power, generate internal temperatures high enough to burn a wayward human hand, and even, under the right circumstances, start a fire. Most manufacturers, of course, try to design their printers to minimize such risks. Increasingly, however, there is a chance that companies might intentionally design life-threatening flaws into their products so that the flaws can be exploited at a later time. These fatal flaws might be intentionally built into equipment manufactured overseas, as a kind of "insurance policy" in the event of a war between that foreign country and the United States. The flaws might form the basis for a new kind of corporate warfare. Or the flaws might be hidden by disgruntled employees contemplating extortion or revenge. Indeed, U.S. military planners are increasingly worried about this sort of possibility, they place under a heading "Information Warfare." Nevertheless, although the threat of Information Warfare is very real, an even bigger danger is that the Department of Defense will use this threat to convince the new Congress to repeal the Computer Security Act of 1987. This would effectively allow the National Security Agency to declare martial law in cyberspace, and could place the civilian computer industry into a tailspin. To understand what the military is afraid of, imagine the Manchurian Printer: a low-cost, high-quality laser printer, manufactured overseas, with built-in secret self-destruct sequence. For years these printers could lay dormant. But send them a special coded message---perhaps a long sequence of words that would never normally be printed together---and the printer would lock its motors, overheat, and quickly burst into flames. Such an attack might be the first salvo in an out-and-out war between the two countries. Alternatively, an enemy company might simply use printers to start selective fires, damage economic competitors, take out key personnel, and cause mischief. Unlike the movie the Manchurian Candidate, the technology behind the Manchurian Printer isn't science fiction. Last October, Adobe accidentally shipped a "time bomb" in Photoshop version 3.0 for the Macintosh. A time bomb is a little piece of code buried inside a computer program that makes the software stop running after a particular date. Adobe put two time bombs into its Photoshop 3.0 program while the application was under development. The purpose behind the time bombs was to force anybody who got an advance, pre-release copy of the program to upgrade to the final shipping version. But when it came time to ship the final version of Photoshop 3.0, Adobe's engineers made a mistake: they only took out one of the bombs. An engineer inside Adobe learned about the problem soon after the product was shipped, and the company quickly issued a recall and a press release. Adobe called the time bomb a "security code time constraint" and said that "although this is an inconvenience to users, the security constraint neither damages the program or hard drive, nor does it destroy any files." It only takes a touch of creativity and a bit of paranoia to think up some truly malicious variants on this theme. Imagine that a company wants to make a hit with its new wordprocessor: instead of selling the program, the company gives away free evaluation copies that are good for one month. What's unknown to the users of this program is that while they are typing in their letters, the program is simultaneously sniffing out and booby-trapping every copy of Microsoft Word and WordPerfect that it finds on your system. At the end of the month, all of your wordprocessors stop working: Instead of letting you edit your memos, they print out ransom notes. Any device that is equipped with a microprocessor can be equipped with such a booby-trap. Radios, cellular telephones, and computers that are connected to networks are particularly vulnerable, since an attacker can send them messages without the knowledge or consent of their owners. Some booby- traps aren't even intentional. What makes them particularly insidious is that it is almost impossible to look at a device and figure out if one is present or not. And there is no practical way to test for them, either. Even if you could try a million different combinations a second, it would take more than 200 years to find a sequence that was just 8 characters long. * * * Information Warfare isn't limited just to things that break or go boom. The Department of Defense is also worried about security holes that allow attackers to break into commercial computers sitting on the Internet or take over the telephone system. "This nation is under IW attack today by a spectrum of adversaries ranging from the teenage hacker to sophisticated, wide-ranging illegal entries into telecommunications networks and computer systems," says a report of the Defense Science Board Summer Study Task Force on Information Architecture for the Battlefield, and issued last October by the Office of the Secretary of Defense. "Information Warfare could pervade throughout the spectrum of conflict to create unprecedented effects. Further, with the dependence of modern commerce and the military on computer controlled telecommunication networks, data bases, enabling software and computers, the U.S. must protect these assets relating to their vulnerabilities," the report warns. Information warfare changes the rules of war fighting, the report warns. A single soldier can wreak havoc on an enemy by reprogramming the opposing side's computers. Modern networks can spread computer viruses faster than missiles carrying biological warfare agents, and conceivably do more damage. Worst of all, the tools of the information warrior are readily available to civilians, terrorists and uniformed soldiers alike, and we are all potential targets. Not surprisingly, the unclassified version of the Pentagon's report barely mentions the offensive possibilities of Information Warfare---capabilities that the Pentagon currently has under development. Nevertheless, these capabilities are alluded to in several of the diagrams, which show a keen interest by the military in OOTW---Operations Other Than War. "They have things like information influence, perception management, and PSYOPS---psychological operations," says Wayne Madsen, a lead scientist at the Computer Sciences Corporation in northern Virginia, who has studied the summer study report. "Basically, I think that what they are talking about is having the capability to censor and put out propaganda on the networks. That includes global news networks like CNN and BBC, your information services, like CompServe and Prodigy," and communications satellite networks. "When they talk about 'technology blockade,' they want to be able to block data going into or out of a certain region of the world that they may be attacking." The report also hints at the possibility of lethal information warfare. "That is screwing up navigation systems so airplanes crash and ships runs aground. Pretty dangerous stuff. We could have a lot of Iranian Airbuses crashing if they start screwing that up," Madsen says. Indeed, says Madsen, the army's Signal Warfare center in Warrenton, Virginia, has already invited companies to develop computer viruses for battlefield operations. Our best defense against Information Warfare is designing computers and communications systems that are fundamentally more secure. Currently, the federal organization with the most experience in the field of computer security is the National Security Agency, the world's foremost spy organization. But right now, NSA's actions are restricted by the 1987 Computer Security Act, which forbids the agency from playing a role in the design of civilian computer systems. As a result, one of the implicit conclusions of the Pentagon's report is to repeal the 1987 law, and untie the NSA's hands. Indeed, the Pentagon is now embarking on a high-level campaign to convince lawmakers that such a repeal would be in the nation's best interests. This argument confuses security with secrecy. It also ignores the real reasons why the Computer Security Act was passed in the first place. In the years before the 1987 law was passed, the NSA was on a campaign to expand its power throughout American society by using its expertise in the field of computer security as a lever. NSA tried to create a new category of restricted technical information called "national security related information." They asked Meade Data Corporation and other literature search systems for lists of their users with foreign-sounding names. And, says David Banisar, a policy analyst with the Washington-based Electronic Privacy Information Center, "they investigated the computers that were used for the tallying of the 1984 presidential election. Just the fact that the military is looking in on how an election is being done is a very chilling thought. After all, that is the hallmark of a banana republic." The Computer Security Act was designed to nip this in the bud. It said that standards for computer systems should be set in the open by the National Institute of Standards and Technology. Unfortunately, the Clinton Administration has found a way to get around the Computer Security Act. It's placed an "NSA Liaison Officer" four doors down from the NIST director's office. The two most important civilian computer standards to be designed in recent years---the nation's new Escrowed Encryption Standard (the "Clipper" chip) and the Digital Signature Standard were both designed in secret by the NSA. The NSA has also been an unseen hand behind the efforts on the part of the Clinton Administration to make the nation's telephone system "wiretap friendly." Many computer scientists have said that the NSA is designing weak standards that it can circumvent, so that the nation's information warfare defenses do not get in the way of the NSA's offensive capability. Unfortunately, there's no way to tell for sure. That's the real problem with designing security standards in secret: there is simply no public accountability. In this age of exploding laser printers, computer viruses, and information warfare, we will increasingly rely on strong computer security to protect our way of life. And just as importantly, these standards must be accountable to the public. We simply can't take our digital locks and keys from a Pentagon agency that's saying "trust me." But the biggest danger of all would be for Congress to simply trust the administration's information warriors and grant their wishes without any public debate. That's what happened last October, when Congress passed the FBI's "Communications Assistance for Law Enforcement Act" on an unrecorded voice vote. The law turned the nation's telephone system into a surveillance network for law enforcement agencies, at a cost to the U.S. taxpayer of $500 million. =========WHAT FOLLOWS ARE CAPTIONS FOR THE ART=========== Photo: Box of Microsoft Word 6.0 Even though it's illegal, a lot of people like to "try out" software by making a copy from a friend before they plunk down hundreds of dollars for their own legal copy. Computer companies say that this is a form of software piracy: many who try never buy. More than 2 billion dollars of software is pirated annually, according to the Business Software Alliance. One way that companies like Microsoft and Novel could fight back is by booby-trapping their software. Sure, customers wouldn't like it if that stolen copy of Microsoft Word suddenly decided to erase every letter or memo that they've written in the past month, but what legal recourse would they have? ===================== Photo: Cellular Telephone Is your cellular phone turned on? Then your phone is broadcasting your position every time it sends out its electronic "heartbeat." Some law enforcement agencies now have equipment that lets them home in on any cellular telephone they wish (similar technology was used recently to catch infamous computer criminal Kevin Mitnick). Perhaps that's the reason that the Israeli government recently ordered its soldiers along the boarder to stop using their cellular telephones to order late night pizzas: the telephone's radio signal could be a become a homing beacon for terrorist's missiles. =================== Photo: Floppy Disk Beware of disks bearing gifts. In 1989, nearly 7000 subscribers of the British magazine PC Business World and 3500 people from the World Health Organization's database received a disk in the mail labeled "AIDS Information Introductory Diskette Version 2.0". People who inserted the disks into their computers and ran the programs soon found out otherwise: the disks actually contained a so-called trojan horse that disabled the victims' computers and demanded a ransom. ================== Photo: A computer with a screen from America Online, and a modem Several years ago, users of Prodigy were shocked to find that copies of documents on their computers had been copied into special "buffers" used by Prodigy's DOS software. Prodigy insisted that the copied data was the result of a software bug, and it wasn't spying on its customers. But fundamentally, if you use a modem to access America Online, Prodigy or Compuserve, there is no way to be sure that your computer isn't spying on you while you surf the information highway. ================== HP's recall affects only OfficeJet printers with serial numbers that begin US4B1-US4B9, US4C1-US4C9, US4BA-US4BU, or US4CA-US4CK. Worried about your OfficeJet? Call HP at (800) 233-8999. =============== Simson L. Garfinkel writes about computers and technology from his home in Cambridge, Massachusetts. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #028 ****************************** .