Date: Mon, 24 Apr 95 15:51:53 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#039 Computer Privacy Digest Mon, 24 Apr 95 Volume 6 : Issue: 039 Today's Topics: Moderator: Leonard P. Levine Cellular 911 Calls ACLU Files Amicus Brief in U.S. v Thomas (AABBC Case) Databases and Privacy Cordless Surveillance Illegal in FL Israeli Wiretapping Scandal Social Security Frauds Could what you post be used to profile you? Stop Wiretap Plan/Save $500 Million Who (Secretly) Reads Your Email? Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500) Date: 19 Apr 95 08:13:38 EDT Subject: Cellular 911 Calls Taken from EDUCOM: FCC PROPOSES CHANGES IN CELLULAR 911 SERVICE A significant portion of the explosive growth in cellular phone services is due to people who buy them to feel safer -- women who worry about traveling alone in their cars, etc. But now it turns out that 911 calls made from cellular phones are treated differently and the FCC is considering requiring cellular providers to improve their service. While calls made from wired phones are routed to a centralized dispatch center, cellular calls are often routed other places, such as a state-police barracks. And the automated tracking system that identifies where the call is coming from is useless with cellular technology. The cellular industry is protesting the FCC's proposal, which would require cellular providers to give 911 calls priority over other calls and have technology in place within five years to identify the location from which the call was made. They point out that 25 million devices have already been sold, making retrofitting the phones a nightmare. "We sat on our fat fannies 11 years ago whe There is an obvious privacy risk, although one whose benefits are also great. ------------------------------ From: ACLU Information Date: 21 Apr 1995 16:29:11 -0400 Subject: ACLU Files Amicus Brief in U.S. v Thomas (AABBC Case) For Immediate Release April 17, 1995 ACLU Files In Groundbreaking Computer Obscenity Case; Friend-of-the-Court Brief Seeks to Overturn Tennessee Conviction NEW YORK, April 17 -- The American Civil Liberties Union, seeking to secure the future of free communication on the Internet, has filed a friend-of-the-court brief in what is believed to be the first case involving the cross-country prosecution and conviction of computer bulletin board operators. In its brief, filed with the U.S. Court of Appeals for the Sixth Circuit in Tennessee, the ACLU urges the court to overturn the conviction of Robert Thomas and Carleen Thomas of Milpitas, California. The Thomases own and operate a computer bulletin board that specializes in the posting of sexually explicit words and pictures. The couple was indicted and convicted in the U.S. District Court in Tennessee because a U.S. postal inspector learned of their bulletin board and filed a fake application seeking access to its contents. Once he obtained access, the postal inspector downloaded several pictures from the California-based bulletin board, which a U.S. Attorney then deemed to be žobscenež under the "local community standards" of Tennessee. In its brief, which was also filed on behalf of the ACLU affiliates in Tennessee and Northern California and the National Writers Union, Feminists for Free Expression and the Thomas Jefferson Center for the Protection of Free Expression, the ACLU charges that the government is engaged in a "clumsy attempt to censor communications in cyberspace through application of an obscenity law and standards wholly inappropriate for this new medium." "Computer networks have created vast new fora for the exchange of ideas," the ACLU's brief said. "They have created new communities with new opportunities for people with similar interests to communicate with each other. "Until now," the brief continues, "computer networks have been faithful to the values of the First Amendment. They have fostered, encouraged and even nurtured the robust exchange of ideas.In this case the government seeks to use a criminal law never intended to apply to computer communications, to put a brake on that development, to stifle the explosive creativity and breadth of expression occuring on computer networks." The full text of the ACLUžs brief in Thomas vs. United States of America is available in the ACLU's Free Reading Room, a gopher site (address below) in the Court section, under National Office litigation. -- ACLU Free Reading Room | American Civil Liberties Union gopher://aclu.org:6601 | 132 W. 43rd Street, NY, NY 10036 mailto:infoaclu@aclu.org| "Eternal vigilance is the ftp://ftp.pipeline.com | price of liberty" ------------------------------ From: Barry Gold Date: 21 Apr 1995 23:53:06 GMT Subject: Databases and Privacy Organization: AT&T GIS (San Diego, CA) I have suggested the following on our internal bulletin-board (also submitted to Lauren's Privacy Forum) I think that the ability of large databases to cross-correlate data about individuals is one of the top 3 current threats to privacy. It seems likely that Congress will enact some sort of privacy legislation in a few years, but it will probably be half-baked and bass-ackward, given the history of government attempts to define privacy. (For example, they frequently exempt themselves!) I believe that AT&T GIS should be ahead of the curve on this one, instead of waiting until privacy legislation looks likely to pass and then trying to mold it into something we can live with. I think we should already have privacy standards in place that we can point to and say: Look, we're already doing something about this. Why don't you try our solution? I believe that we should do the following: 1. Establish a policy, defining how database users should protect user's privacy. 2. Apply that policy to our own databases, with respect to both associates and customers. 3. Offer a discount to customers who contract to use the Database in accordance with that policy. (If we were still the *only* provider of terabyte-sized database products -- as TDAT was in the '80s -- I would suggest we make appropriate privacy agreements a *condition* of sale, but I think we no longer have the market strength to do that.) Just to get the ball rolling, here are some suggestions towards a privacy policy: . Information about individuals shall be used only for the purpose it was gathered for. Information about associates will not be used for marketing or sold to outside organizations; information gathered from purchases will be used only for marketing other products the customers may be interested in -- and in particular not be used to deny a customer access to a product or service. Exceptions shall require the written permission of the subject to whom the information applies. . Individuals shall be given the option to stop receiving mailed marketing offers. This "opt out" shall be handled either by a call to a toll-free number or by sending in a prepaid or business-reply notice. . Invididuals shall be given the option to have their names deleted from any lists sold outside the organization that collected it, with the same "opt out" possibilities. . Individuals shall not be contacted for telemarketing purposes unless they have either: a) given their permission to be so contacted b) been given an "opt out" (as above) and sufficient time has elapsed to be reasonably sure they have not exercised it. . When information about individuals is sold outside the organization, or used for any purpose other than the one given the individual when the information was collected, the subject shall be notified of this sale/use. To reduce the transaction cost of such notification, subjects may be sent a "batch" of notifications once a year. . Taxpayer ID # shall not be used as an identifying key; it is neither unique nor universal and such use is very far outside the purpose for which it was created. -- Barry.Gold@SanDiego.NCR.COM GCS d-- H s-:+ g+ p1 a+ w+ V C++ US/V+ P+ L 3- E+ N+ K- W M- V-- -po+ Y+ t 5+ j++ R+ G' tv n+ y+++ b+++ !D B e u+ h-0-- f r++ ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 23 Apr 95 09:26:07 EDT Subject: Cordless Surveillance Illegal in FL Taken from the Associated Press news wire via CompuServe's Executive News Service: APn 04/14 1303 BRF--Cordless Surveillance TALLAHASSEE, Fla. (AP) -- Police must have court approval to intercept cordless phone conversations and use them as evidence, the state Supreme Court ruled. The decision Thursday came in the case of Joyce and Edgardo Mozo, who were arrested on drug charges in 1991 after a conversation police overheard on a cordless phone. The Mozos were charged with possession of cocaine and marijuana after detectives heard Mrs. Mozo tell an unidentified man there was just "powder. No rock" available. Key points from the article: o Detectives using scanner randomly were looking for criminal activity. o Action "violated the Security of Communications Act." o Evidence thrown out of court. o Appeals to higher courts are anticipated. -- M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC); Director of Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 23 Apr 95 11:50:46 EDT Subject: Israeli Wiretapping Scandal Taken from the Associated Press news wire via CompuServe's Executive News Service: APn 04/22 1749 Israel-Wiretapping By DIANNA CAHN Associated Press Writer JERUSALEM (AP) -- Police arrested the publisher and editor-in-chief of Israel's second-largest newspaper Saturday on suspicion of illegal wiretapping. The arrest was part of year-old wiretapping investigation involving Maariv and the leading Israeli newspaper Yedioth Aharonoth. Legislators have demanded tighter regulations on wiretapping by state and private organizations. Apparently "The investigation began in April 1994 after an executive at a woman's magazine filed a complaint with police that her home telephone was tapped." Two, private investigators, Rafi Fridan and Yaakov Tsur were convicted last year of tapping "over 400 telephone, cellular phone and fax lines." Among the lines tapped were some "belonging to the country's president, the defense ministry, other government offices, members of parliament, attorneys and businessmen as well as a large number of newspaper and broadcast editors." -- M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC); Director of Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 23 Apr 95 11:51:11 EDT Subject: Social Security Frauds Taken from the Associated Press news wire via CompuServe's Executive News Service: APn 04/16 1219 Social Security By JENNIFER DIXON Associated Press Writer WASHINGTON (AP) -- To catch illegal aliens, fugitives from justice and child-support scofflaws, the federal government will soon scour state motor vehicle records for drivers with phony Social Security numbers. Criminals and others seeking a new identity often use false Social Security numbers to get a driver's license or a state-issued identification card. The phony documents can then be used to obtain welfare, health care and other public benefits as well as check-cashing and credit cards, Social Security officials said. Key points from the article: o Search begins May 8. o Robert Ellis Smith interviewed (he is publisher of the Privacy Journal and a regular contributor to COMPUTER PRIVACY DIGEST). Explains that 15 states plus D.C. "require driver's license applicants to provide Social Security numbers...." o "More than a dozen states display the number on the license; three states prohibit the use of Social Security numbers for drivers' licenses; and the balance make it optional or don't ask for the number, Smith said." o States sell DMV info to insurance and other companies. o If more states use SSN on licenses, will increase fraud by making real numbers available. o Evan Hendricks (publisher of the Privacy Times) criticizes plan because it is turning the SSN into a national identifier. -- M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC); Director of Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: phanssen@uniwa.uwa.edu.au (Paul Hanssen) Date: 24 Apr 1995 11:42:40 GMT Subject: Could what you post be used to profile you? Organization: The University of Western Australia Isn't it possible for somone (e.g. the government or a private database provider) to get an internet site with a news feed and write a program to sort all incoming articles by person? This information could then be used to make up a profile of likes/dislikes and opinions of that person, whether true or not. This profile could then be used by corporations for marketing purposes or by the government to add to a file they may or may not have on you. Am I sounding a bit paranoid ?? -- Paul Hanssen phanssen@uniwa.uwa.edu.au ------------------------------ From: "Marc Rotenberg" Date: 19 Apr 1995 04:08:14 -0700 Subject: Stop Wiretap Plan/Save $500 Million ============================================================= THE CAMPAIGN TO STOP THE WIRETAP PLAN (AND SAVE $500 MILLION) wiretap@epic.org "As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire-tapping." - Justice Brandeis, 1928 "Where in the US Constitution does it say that the federal government has the right to tap your phone?" - Wired, November, 1994 In a case reported last year a federal judge threw out all evidence obtained from FBI wiretaps in what was described as the most expensive white-collar investigation in Kansas City history. The 96-page report of the reviewing magistrate concluded that the FBI's affidavit "presented a disturbing pattern of material misstatements, overstatements and omissions designed to mislead the issuing district court." The outcome is a "stunning repudiation of FBI tactics." - Kansas City Star, Feb 9, 1994 CONTENTS (Updated April 18, 1995) [1] What You Can Do [2] Background on Wiretap Plan [3] Activities in Congress [4] Budget Excerpt on Wiretap Plan [5] Recent Developments: Freeh in Congress, EPIC in Merc [6] Sample letter to Congress [7] Organizations Opposed to Funding [8] Wiretap Resources ============================================================= [1] What You Can Do ============================================================= - Contact your representative and urge the elimination of funding for the "Telephone Carrier Compliance" program contained in the appropriation for the Department of Justice. (Sample letter follows.) - Contact the House Subcommittee on Appropriations, Chaired by Congressman Hal Rogers (R-KY). Urge Mr. Rogers and the Subcommittee to oppose funding for the Telephone Carrier Compliance program. (Sample letter follows.) - Call 800/651-1489 to arrange for the delivery of Western Union Mailgrams(r) to your representative and to the Chairman and Ranking Minority on the House Subcommittee on Appropriations ($10 charge). The Mailgrams will help ensure that the Appropriations Subcommittee gives careful consideration to the proposal. - Write a letter to the editor of your local paper. Explain the problem with the wiretap plan and why you believe funding is a bad idea. Also, call your local talk radio station. - Forward this message to others who might be concerned about the wiretap plan. Or simply tell friends to send email to wiretap@epic.org or call 800/651-1489. - Send information about responses you receive from Members of Congress to wiretap@epic.org Thanks for your efforts. You can make a difference. ============================================================= [2] Background on Wiretap Plan ============================================================= The wiretap plan, also known as the Communications Assistance for Law Enforcement Act of 1994, will require telecommunications carriers and manufacturers of telecommunications equipment to make it easy to wiretap the nation's communication system. The key provisions of the bill requires that new communication systems be designed to: - Isolate a particular electronic communication - Isolate call-identifying information - Deliver intercepted information to a remote government monitoring location - Deliver information to the government without disclosing the government's activity The proposal faced strong opposition from industry and civil liberties organizations last year. But the bill went forward after the government offered to pay companies $500,000,000 to make the proposed changes. FBI Director Lou Freeh argued that the legislation was necessary to preserve crime-fighting abilities of law enforcement. But critics charge that the plan will be costly, unwieldy, and leave the nation's telephone system more vulnerable to criminal misuse. Last year EPIC brought suit against the FBI to obtain records relating to the program. To date none of the documents disclosed to the public have established the need for a nationwide program to reengineer the telephone network. Earlier documents obtained from FBI field offices found that no technical obstacles to wiretapping were encountered. The wiretap plan has also been linked to the controversial Clipper Chip proposal, announced by the National Security Agency in 1993. Both the Clipper technical standard and the wiretap legislation were developed jointly by the FBI and the NSA. Clipper also faced strong opposition from industry and civil liberties groups. The White House reportedly backed off Clipper after a petition signed by 47,000 Internet users was delivered to the President last year. Although $500m was authorized last year for the wiretap program, Congress must now decide whether to appropriate the funds for the program. Already there is some indication that Congress may be reluctant to fund the program. The Office of Management and Budget (OMB) recommended a funding by an increase in civil fines rather than a new appropriation in anticipation of criticism about the expenditure. Of course, the money that is raised by civil fines could be used for other programs or to reduce the deficit. OMB also asked only for $100m for the first year, when it was expected that the government would seek $125m. Public opposition to the funding now will also make it more difficult for the government to seek new restrictions on private communications later, such as limitations on encryption or surveillance requirements for Internet communications. Let Congress know that you object to spending $500,000,000 to make it easy to wiretap private communication! ============================================================= [3] Action in Congress ============================================================= The funding of a federal program is a two-step process. First the oversight committee authorizes the expenditure of funds. Next the appropriations committee allocates the funds. Because Congress is in a budget-cutting mood, the appropriations committee are looking closely at ideas for reducing spending. Therefore, the Appropriations subcommittee will play a critical role in the decision whether to fund the wiretap plan. The Congressional subcommittee that will consider funding for the Telephone Carrier Compliance Program is the House Subcommittee on Appropriation for Commerce, State, Justice. The members of the subcommittee are: Chairman Harold Rogers (R-5th KY), House Appropriations Subcommittee, H-309 Capitol, Washington, DC 20515 202/225- 3351 (tel) 202/225-0940 (fax) Rep. Jim Kolbe (R-5th AZ), 205 CHOB, Washington, DC 20515 202/225-2542 (tel) 202/225-0378 (fax) Rep. Charles H. Taylor (R-11th NC), 231 CHOB, Washington, DC 202/225-6401 (tel) 202/225-0519 (fax) Rep. Ralph Regula (R-16th OH), 2309 RHOB, Washington, DC 20515 202/225-3876 (tel) 202/225-3059 (fax) Rep. Michael Forbes (R-1st NY), 502 CHOB, Washington, DC 20515 202/225-3826 (tel) 202/225-3143 (fax) Chairman Bob Livingston (R-1st LA), House Appropriations Committee, H-218 Capitol, Washington, DC 20515 202/225-2771 (tel) Rep. Alan B. Mollahan (D-1st WV), 2427 RHOB, Washington, DC 20515 202/225-4172 (tel) 202/225-7564 (fax) Rep. David E. Skaggs (D-2nd CO), 1124 LHOB, Washington, DC 20515 202/225-2161 (tel) 202/225-9127 (fax) Rep. Julian C. Dixon (D-32nd CA), 2252 RHOB, Washington, DC 20515 202/225/7084 (tel) 202/225-4091 (fax) Rep. David R. Obey (D-7th WI), House Appropriations Committee, 1016 LHOB, Washington, DC 20515 202/225-2481 (tel) If any of these members represent your district, it is particularly important to write and express your opposition to the Telephone Carrier Compliance program. ============================================================= [4] Budget Excerpt on Wiretap Plan ============================================================= (From the Budget of the United States FY1996, Appendix, Federal Bureau of Investigation, p. 666) Telephone Carrier Compliance "The Communications Assistance for Law Enforcement Act of 1994 authorizes the Attorney General to pay telecommunications carriers for costs directly associated with modifying equipment to perform court-authorized wiretap. Activities eligible for reimbursement include modifications performed by carriers in connection with equipment, facilities, and services installed or deployed to comply with the Act. In particular, telecommunications carriers are required to expeditiously isolate and enable intercept of all wire and electronic communications, provide access to call-identifying information that is reasonably available to the carrier, deliver the intercepts and call- identifying information to the government, and provide these services unobtrusively so as to minimize interference to subscriber services." "The program, administered by the Federal Bureau of Investigation, is funded through a surcharge of approximately 30% imposed on civil monetary penalties and criminal fines. For 1996, the Federal Bureau of Investigation will use $100 million in increased fines and penalties to finances the telephone carrier compliance." (P. 66) Effect of offsetting collection from non-federal sources is that there are no new net outlays. 'Improving Technology - Digital Telephony: On October 25, the President signed the Communications Assistance for Law Enforcement Act, ensuring the Government's ability to conduct court-authorized wiretaps as the nation converts from analog to digital communications technology. The budget proposes $100 million to reimburse telecommunications carriers for modifying equipment, facilities, and services to continue enabling the Government to conduct wiretaps. The needed funds would come from a 30-percent surcharge ion civil monetary penalties and criminal fines (presuming that the need authorizing legislation is enacted." ============================================================= [5] Recent Developments: Freeh in Congress, EPIC in Merc ============================================================= [FREEH TESTIMONY IN CONGRESS] On March 30, 1995, FBI Director Louis J. Freeh testified before the House Committee on the Judiciary Subcommittee on Crime. Freeh had this to say about funding for the wiretap plan and encryption: "Another issue looms on the horizon that ultimately could be as devastating to the fight against drugs by law enforcement as any other factor. If lost, the effect will be so profound that I believe law enforcement will be unable to recover. In 1968, Congress passed legislation giving law enforcement the court-authorized wiretap. It has become a technique crucial to the fight against drugs, terrorism, kidnapping and sophisticated white-collar crime. The ability to conduct court- authorized electronic surveillance is fundamental to our ability to protect both public safety and national security. "Last year, after careful deliberation, Congress passed legislation to ensure continuing access to criminal conversations in the face of the incredible advance of telecommunications technology. Had Congress not done so, we would have lost the ability to access, pursuant to court order, criminal conversations. All that remains on the access issue is funding consistent with the authorization to ensure carrier compliance. I have been advised that the Administration will soon be sending legislation to address this funding issue. "Even though access is all but assured, an even more difficult problem with court-authorized wiretaps looms. Powerful encryption is becoming commonplace. The drug cartels are buying sophisticated communications equipment. Unless the issue of encryption is resolved soon, criminal conversations over the telephone and other communications devices will become indecipherable by law enforcement. "This, as much as any issue, jeopardizes the public safety and national security of this country. Drug cartels, terrorists, and kidnappers will use telephones and other communications media with impunity knowing that their conversations are immune from our most valued investigative technique. "This is an extremely difficult issue. We are working hard to address adequately the important law enforcement, national security, commercial, and privacy concerns associated with this matter. I anticipate that as we proceed with solving this issue, we will be consulting with Congress." [EPIC LETTER IN SAN JOSE MERCURY NEWS, APRIL 8, 1995] "Don't Make Wiretapping Any Easier" "There are several points to clarify in the April 1 report on the Electronic Privacy Information Center's campaign to squelch funding for the FBI wiretap plan. "First, we do not object to court authorized wiretaps. We oppose the effort to require that such wiretaps be made easy. There is nothing in the Constitution or the original federal wiretap law that created such an obligation. The reason is obvious. The Fourth Amendment is intended to protect the public from abuse by government, not to coerce the public to make the work of the government easy. "Second, we do not accept the FBI's contention that digital technologies have frustrated law enforcement investigations. Wiretapping in the United States is at an all-time high. Law enforcement also routinely searches through telephone records in electronic form, a process made far easier as a result of the growth of digital networks. Cellular phones are easily overheard, and remote monitoring technologies are vastly improved. "It's therefore no surprise that in a series of documents obtained by EPIC under the Freedom of Information Act, FBI field offices repeatedly responded 'no problems encountered' when queried about the impact of new technologies by FBI Headquarters. "Third, the wiretap bill is cut of the same cloth as the Clipper proposal. Both proposals were developed by the same federal agencies with the same goal. Both seek the holy grail of absolute surveillance, an aim the US government has never previously pursued. "Fourth, it is almost inconceivable that in this era of dramatic budget cuts and down-sizing of federal services, the Congress should appropriate such a staggering sum of money to fund an untested, widely criticized, inherently flawed proposal for surveillance of the nation's communications infrastructure. One does not have to be a strong believer in privacy or civil liberties to see the folly behind this plan. "Readers interested in learning more about the wiretap bill should send email to wiretap@epic.org. Marc Rotenberg, director Electronic Privacy Information Center ============================================================= [6] Sample letter to Congress ============================================================= (This is a sample letter to Congress on the wiretap funding. Feel free to make changes and to add your own points. If you're too busy, call the Privacy Hotline at 800/651-1489. Copies of the letter will be sent to your representative and to Congressman Hal Rogers (R-KY), chair of the Subcommittee on Appropriations, and Congressman Alan Mollohan (D-WV), ranking minority member of the Subcommittee.) Dear Congressman I am writing to you to oppose funding for the Telephone Carrier Compliance program -- the wiretap plan -- contained in the budget for the Department of Justice. I believe that it is a mistake for the government to spend hundreds of millions of dollars to wiretap the information highway. I am also concerned that this program will make the telephone system more vulnerable to misuse. We need good technology for privacy and security, not wiretapping and surveillance. The experience with the Clipper chip already proved that government proposals for electronic surveillance will be very unpopular with American business and the American public. I understand that the Department of Justice is trying to hide the cost for this program by spending civil fines received by the government. I think this is wrong. Funds collected by the government are taxpayer dollars. Congress should decide how that money should be spent. Funding should be available for appropriate law enforcement activities, but the wiretap program is too expensive and just a bad idea. Also, with many government programs being cut back, it is a bad time to launch a new program that is so controversial. Privacy is an important American value. A vote to reduce government surveillance is a vote to support basic American freedoms. Thank you for considering my views. Please let me know how you plan to vote on the funding for the wiretap program. Sincerely yours, ============================================================= [7] Organizations Opposed to Funding of Telephone Carrier Compliance Program ============================================================= American Civil Liberties Union (info@aclu.org) Computer Professionals for Social Responsibility (cpsr@cpsr.org) also Computer Professionals for Social Responsibility Palo Alto Civil Liberties Working Group Electronic Frontier Foundation (info@eff.org) Electronic Privacy Information Center (info@epic.org) Libertarian Party Privacy International (pi@privacy.org) US Privacy Council Voters Telecomm Watch (vtw@vtw.com) (If your organization opposes funding for the wiretap plan, send email to wiretap@epic.org) ============================================================= [8] Wiretap Resources ============================================================= EPIC Web Page on the Wiretap Campaign http://cpsr.org/cpsr/privacy/epic/wiretap/wiretap.html The Communications Assistance for Law Enforcement Act of 1994 ftp://cpsr.org/cpsr/privacy/epic/wiretap/1994_telephony_law.txt FBI Director Freeh's Congressional Testimony on CALEA and banning encryption ftp://cpsr.org/cpsr/privacy/epic/wiretap/freeh_testimony_3_30.txt ============== END WIRETAP UPDATE 4-18-95 ================== _________________________________________________________________________ Marc Rotenberg (Rotenberg@epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic ------------------------------ From: Deborah Barett Date: 21 Apr 1995 00:18:29 -0700 Subject: Who (Secretly) Reads Your Email? Hi, I felt this FAQ might interest you. If I'm wrong, I apologize. Deborah Barett -----BEGIN PGP SIGNED MESSAGE----- *** Frequently Asked Questions About E-Mail Privacy *** by Andre Bacard, Author of (The) COMPUTER PRIVACY HANDBOOK "The Scariest Computer Book of the Year" [FAQ Version April 12, 1995] ============================================================ This article offers a nontechnical overview of possible threats to YOUR e-mail privacy, and it suggest two key steps that you can take to guard your privacy. I have written this especially for persons with a sense of humor. You may distribute this (unaltered) FAQ for non- commercial purposes. =========================================================== Can people (secretly) read your e-mail? Very likely yes. Most electronic mail is notoriously UNPRIVATE. E-mail is less secure, and in many ways more dangerous, than sending your personal or business messages on a postcard. Who secretly reads your e-mail? A MACWORLD survey found that roughly 25% of the businesses contacted admitted that they eavesdrop on employee computer files, e-mail, or voice mail. This 25% excludes unauthorized e-mail monitoring. When I asked a Silicon Valley C.E.O. if he uses e-mail, he said: "Hell no, Andre. Half the nerds in my company can hack e-mail. E-mail is a party line!" Internet e-mail, the kind that brought you this FAQ, is child's play for some people to intercept. Your typical e-mail message travels through many computers. At each computer, people can access your personal and business correspondence. It's a safe bet that administrators (not to mention hackers) on Bulletin Board Systems, college campus systems, commercial information services, and Internet hook-up providers can read your e-mail. Of course most snoops will deny they're reading your e-mail because they want to continue doing so. Doesn't my password protect me? Charles Piller, in his excellent article entitled "Bosses With X-Ray Eyes," reports on a study MACWORLD made of Macintosh software. Here is part of Piller's conclusion: "All the major electronic-mail and groupware products that combine messaging, file management, and scheduling (such as WordPerfect Office) allow the network administrator to change passwords at any time, then read, delete, or alter any messages on the server. With few exceptions, network-monitor programs such as AG Group's LocalPeek, Farallon Computing's Traffic Watch II, and Neon Software's NetMinder, allow astute managers to read files transmitted over the net. In short, these tools are only slightly less invasive than others specifically designed for surveillance and used primarily on mainframe systems." Unix, Dos and other software networks are just as easy for administrators to manipulate. Who is to stop your Internet hook-up provider or any network supervisor from using or distributing your password? Doesn't my e-mail vanish after I read and "delete" it? In many cases, NO! Many Internet providers and network administrators "archive" (store) your incoming and outgoing mail on a computer disk for six months or more AFTER you think that you've deleted your mail. If someone sues you (for example, in a divorce), he or she may be able to subpoena and READ your previous correspondence. Of course, unauthorized snoops might chose to read your archive for their own reasons. What motivates a snoop? Maybe he's a thief who sells company business plans or customer lists. Perhaps she's the office intriguer trying to play people against you. Possibly he's a computer stalker like the fellow who shot actress Rebecca Schaffer to death. Conceivably she's a blackmailer. Maybe he's an old-fashioned voyeur. Information is power. Snoops want power. Whatsamatter, I've got nothing to hide. Why do I need e-mail privacy? Show me an e-mail user who has no financial, sexual, social, political, or professional secrets to keep from his family, his neighbors, or his colleagues, and I'll show you someone who is either an extraordinary exhibitionist or an incredible dullard. Show me a corporation that has no trade secrets or confidential records, and I'll show you a business that is not very successful. Robert Ellis Smith, Publisher of the PRIVACY JOURNAL, quips, "An employee with nothing to hide may well be an employee with nothing to offer." Privacy, discretion, confidentiality, and prudence are hallmarks of civilization. OK, maybe I could use e-mail privacy. What can I do? There are two big, practical steps that you can take. First, use PGP (Pretty Good Privacy) software to encrypt your e-mail (and computer files) so that snoops cannot read them. PGP is the de facto world standard software for e-mail security. Second, use anonymous remailers to send e-mail to network news groups or to persons so that the recipient (and snoops) cannot tell your real name or e-mail address. Where can I learn more about these privacy tools? Two excellent places to start are the Usenet news groups alt.security.pgp and alt.privacy.anon-server. Also, I've written FAQs about Anonymous Remailers and PGP (Pretty Good Privacy). See below. Anything else I should know? Yes. YOUR privacy and safety are in danger! Prolific bank, credit and medical databases, computer matching programs, cordless & cellular phone scanners, the Clipper Chip Initiative, the Digital Telephony law, and (hidden) video surveillance are just a few factors that threaten every law abiding citizen. The COMPUTER PRIVACY HANDBOOK gives many chilling examples. In short, our anti-privacy society serves criminals and snoops computer data about YOU on a silver platter. If you want to protect YOUR privacy, I urge YOU to support groups such as the Electronic Frontier Foundation and the Electronic Privacy Information Center . Andre, have you written other privacy-related FAQs? I'm circulating an (1) Anonymous Remailer FAQ, (2) E-Mail Privacy FAQ, and (3) PGP (Pretty Good Privacy) Software FAQ. To get these FAQs, send me this: To: abacard@well.sf.ca.us Subject: Send FAQs Info Message: [Ignored] **************************************************************** Bacard wrote "The Computer Privacy "Privacy permits you Handbook: A Practical Guide to E-Mail to be yourself." Encryption, Data Protection, and PGP Privacy Software" [for novices/experts]. Introduction written by Mitchell Kapor, Creator of Lotus 1-2-3 and Co-founder of the Electronic Frontier Foundation. Book Available from Bookstores or: Peachpit Press, 2414 Sixth Street, Berkeley, CA 94710 Call (800) 283-9444 or (510) 548-4393 ISBN # 1-56609-171-3 ***************************************************************** -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBL4tEvN6pT6nCx/9/AQHnHAQAsuh3OWSofVvJYp8aZSLi2/T/DXCI4pL9 q6+WFQvd96MK6DhH6M8bD6yPgXe7K6qWktjht+6SnHNIwAwTc1ikd3UFbunfkP2u 0QCRg+eestjfGTeiw65Fcc6IiPq0zRYT+G+d+NnwOGlxDISO4+2Z2fXPS57MDCqk 1cfmDFLEq+Q= =lk6W -----END PGP SIGNATURE----- ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #039 ****************************** .