Date: Fri, 08 Dec 95 12:12:56 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#049 Computer Privacy Digest Fri, 08 Dec 95 Volume 7 : Issue: 049 Today's Topics: Moderator: Leonard P. Levine Re: PGP Moose Infinity Transmitter Re: Cashless Society Re: Cashless Society Re: Caller ID leakage Re: Is it Possible to Not GET a SSN? Re: Is it Possible to Not GET a SSN? Re: Is it Possible to Not GET a SSN? Re: Common Carrier Re: Survey on Privacy in Business Re: Survey on Privacy in Business Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: fyoung@oxford.net (F Young) Date: 07 Dec 95 00:56:01 EST Subject: Re: PGP Moose To Moderator, Computer Privacy Digest: I don't fully understand the PGP Moose technology, but so far, I have not encountered any problem with your implementation of this technology. I have read the opposition from one of your subscribers, I honestly cannot see the need for such anger. People are naturally intimated by "things" they do not understand. For this reason, and also for my curiousity, how about allowing us more information on how PGP Moose works? If the author of the software has a Web site, can you give us the URL? Would you eventually like your subscribers to PGP sign their submissions for authenticity? [moderator: I have taken the liberty of responding to Mr. Young's questions below:] I don't fully understand the PGP Moose technology, but so far, I have not encountered any problem with your implementation of this technology. PGP works just fine, but when material is posted rather than mailed some extra damage sometimes occurs. Lines get folded and extra characters are added from time to time, often causing conventional PGP signatures to become errors. Further, the signature takes a good deal of space, maybe ten lines. What Greg Rose (his sig file and url info are at the end of the posting along with my sig) has done reduces the intrusion to 3 lines in the header and is more robust with respect to known posting problems that the PGP signature itself. He also works with the header area, rather than the body of the message. Thus most newsreaders do not even show the X-auth line. The other half of the program watches all news running through certain backbone sites examining all postings in _moderated_ newsgroups that have subscribed to the service (4 so far). At the moment the software reports to the moderator if any posting to the group has a bad X-auth line. Already written is the feature that will allow this part of the moose to issue cancellations of such postings. It will be turned on when people feel it is time. Any computer can run this code, thus any computer can check the X-auth line of email or postings for authentication of authorship. Since news and mail software generally ignores lines in the header starting with X, software that does not know about PGPmoose will just pass it on. Very few errors seem to have occurred. I have read the opposition from one of your subscribers, I honestly cannot see the need for such anger. People are naturally intimated by "things" they do not understand. For this reason, and also for my curiousity, how about allowing us more information on how PGP Moose works? If the author of the software has a Web site, can you give us the URL? The subscriber has the right to his opinion, and he is correct that authentication is not directly a privacy issue. It is close, however. Furthermore, I forsee a day when global unmoderated groups will be so noise-filled as to be virually useless. I follow alt.privacy and there are days when I can pass over a hundred messages looking for something of interest. I knew I had the skills to work with Greg as an early adopter and we saw a few bugs that had to be fixed. I took my authority as moderator and did the experiment. I could have just turned it on and watched for trouble. I chose to let you all know what was going on. Would you eventually like your subscribers to PGP sign their submissions for authenticity? Maybe. Certainly not right now. I check for authenticity by sending a canned reply back when I get a posting. If that reply does not bounce, and the author does not answer with a "that was not mine" message, that has been good enough for now. Although it is fairly easy to "spoof" an email message, it is more difficult to intercept email. Greg Rose's signature files is: -- Greg Rose INTERNET: greg_rose@sydney.sterling.com Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921 28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr/ French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45 NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director. I am: ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ From: Hugh Giblin Date: 06 Dec 1995 20:36:51 -0500 (EST) Subject: Infinity Transmitter High tech invasion of privacy is a concern as mentioned. Has anyone heard of an item called an "infinity transmitter"? This device which is essentially a long distance tap will activate one's phone and use it as a speaker/listening device. I don't believe they are legal other then for law-enforcement although you will see very watered-down versions in various electronic magazines. -- Hugh Giblin ------------------------------ From: fyoung@oxford.net (F Young) Date: 07 Dec 95 00:49:47 EST Subject: Re: Cashless Society maillist@dazed.nol.net (Al Johnson) said: The governments main reason for pushing the cashless society idea is that it will obliterate the underground economy which transactions the IRS is unable to collect taxes on. But I do not believe that undergroud transactions put that much of a dent in the governments tax revenue, besides they collect enough taxes as it is already. When the government says "underground", they mean transactions which are hidden from them. High taxes are partially responsible for the "underground" economy, if the situation is so severe, the problem is with the government, NOT with the individuals who are trying to keep more of what they earn. I see no reason why we cannot have a virtual wallet with digital cash. The wallets can be mass produced in the form resembling a credit/ATM card. All cards are generic, meaning that they are anonymous, have no The "Cash Card" is being test-marketed as we speak - I'm not sure if it is exactly what you have in mind, but from what you said, it sounds pretty close. London, Ontario was the city (or one of the first cities) they used to test the debit card, they once again get to see what this new payment form is all about. modification. But, my point is this: We shouldn't have to give up our privacy in order to reap the rewards of a cashless economy, or anything else for that matter. I agree with you on the benefits of a cashless economy, "convenience" is the thing that come to my mind. If implemented properly, we shouldn't have to give up our privacy ... but if all monetary transactions require some form of electronic gadget to carry out, just think what would happen if the power goes out! :) ------------------------------ From: haz1@kimbark.uchicago.edu (Bill) Date: 08 Dec 1995 02:05:05 GMT Subject: Re: Cashless Society Organization: The University of Hell at Chicago Posted only, as the sender's address claims to be a mailing list... Al Johnson wrote: [...] digit cash - cash is anonymous. I'm talking about cash that functions the same as the bills in your wallet right now. The digital cash can be downloaded from your bank account through the ATM directly into you virtual wallet. Oops. You were doing fine until you suggested downloading directly from an (identifiable) bank account into this "virtual wallet". Digital cash is a complex problem which has so far been solved (as far as I know) in only two ways: 1) By having a reliable institution (e.g. a bank) digitally sign a "packet" of cash; at each transfer of the cash, the recipient must check with the institution to verify that the packet has not already been used by its current possessor (the double-spending problem). Or, 2) by creating a tamper-proof card ("wallet") with a unique "signature" which identifies it (to prevent tampering or phony cards from passing unnoticed). Now, using method #1, as long as the original obtainer of the "cash" is not identified, his/her anonymity is preserved; however, downloading the "cash" from an identifiable personal bank account voids that protection, by creating a record tying the packet of "cash" to the person receiving it. Using method #2, the same problem arises with doing an electronic transfer from a personal account into the "wallet", since the "wallet" has a unique signature which can be used to trace where the "cash" gets spent, and the personal account is clearly tied to its owner. The only way to create a truly anonymous packet of digital "cash" is to provide a means similar to current methods for purchasing a money order at a corner currency exchange, whereby anyone at all can walk in with paper currency and no identification, and convert that paper currency into anonymous digital "cash"; if there are electronic (or paper) transfers from an identifiable source, or if identity of users is recorded in any way, the anonymity of the electronic "cash" is defeated. If you have a solution to this problem, by all means do post it; quite a few people will be elated to see this problem solved... :-) -- Bill (haz1@midway.uchicago.edu) ------------------------------ From: privacy@interramp.com (Privacy Newsletter) Date: 07 Dec 1995 17:31:34 GMT Subject: Re: Caller ID leakage Organization: Privacy Newsletter bgivens@pwa.acusd.edu says... Starting December 1, Calling Number ID is supposedly transmitted on ALL calls, local as well as long distance, as per a FCC ruling. The one exception is for calls originating in California. (The California Public Utilities Commission has requested a 6-month waiver, until it has had the opportunity to accept or reject the local phone companies' education plans for alerting California consumers to the privacy effects of Caller ID.) It is NOT true whatsoever that there is only ONE exception for nationwide Caller ID! In a press release (Report No. DC 95-138) issued November 30, 1995, by the Federal Communications Commission, THREE exceptions are mentioned. Yes, the first one is the California stay until June 1, 1996. But the second stay, until March 31, 1996, lets smaller interexchange carriers, who experience technical glitches in switching systems to, have some time to catch up. The third stay, until January 1, 1997 (YES, 1997!), is being offered to certain local exchange carriers because it is not technically nor economically feasible for these carriers to provide these capabilities now. So, YES, I would assume that their might be early compliance, and I would assume that many calls that shouldn't show now WILL show now. But it should be well understood that the California stay is not the only item standing in the way of complete nationwide Caller ID. For more information on this Caller ID topic or to receive privacy tips for the holiday season, contact: -- John Featherman Privacy Newsletter PO Box 8206 Philadelphia PA 19101-8206 215-533-7373 Internet: privacy@interramp.com ------------------------------ From: adams@spss.com (Steve Adams) Date: 07 Dec 1995 15:00:37 GMT Subject: Re: Is it Possible to Not GET a SSN? Organization: SPSS, Inc. adkinsg@piranha.ianet.net (Garry P. Adkins) wrote: I (of course) have a SSN. I've been wondering if it's possible to not actually *have* a SSN.... He really really really really objects to getting them on religious and moral grounds. It sent me to thinking... Any idea what his options are? Can he be a "conscientious objector" to the SSN deal? He needs the SSN to claim the deductions for his kids on the 1040. If he doesn't need the deductions or doesn't want them, then I guess he could "get away with it" - at least until the kids try to get jobs, go to college, etc.... -- The opinions expressed above are those of the author and not SPSS Inc. ---NASCAR-#7-#28-#51--- adams@spss.com Soli Deo Gloria Phone: (312) 329-3522 Steve Adams "Space-age cybernomad" Fax: (312) 329-3558 ------------------------------ From: ranck@joesbar.cc.vt.edu () Date: 07 Dec 1995 18:59:53 GMT Subject: Re: Is it Possible to Not GET a SSN? Organization: Virginia Tech, Blacksburg, Virginia Garry P. Adkins (adkinsg@piranha.ianet.net) wrote: I (of course) have a SSN. I've been wondering if it's possible to not actually *have* a SSN.... It sent me to thinking... Any idea what his options are? Can he be a "conscientious objector" to the SSN deal? As far as I can tell, you have to have a SSN if you file an income tax return, but maybe not even then. It seems that if a person was independently wealthy, and did not keep his/her cash in a bank or investments, then you could get by without a SSN. The trouble comes as soon as you earn any money from any source (job, investment income, bank interest) then the IRS wants it reported and you are required to have a SSN for that. I think some foreign nationals get what is called a taxpayer ID number, but it amounts to the same thing, they just aren't elegible for Social Security benefits so it's not a "real" SSN. So if you have a mattress full of money, and you only pay cash, then you can get away without an SSN. I don't see any other legal way. -- Bill Ranck +1-540-231-3951 ranck@vt.edu Virginia Polytechnic Institute & State University, Computing Center ------------------------------ From: Bill McClatchie Date: 28 Nov 1995 20:42:44 -0500 Subject: Re: Is it Possible to Not GET a SSN? adkinsg@piranha.ianet.net (Garry P. Adkins) said: I (of course) have a SSN. I've been wondering if it's possible to not actually *have* a SSN.... Yes. Just don't apply for one for your kids. Or enter the country illegally :) I was talking with a guy the other day (he's a pastor), and he home-schools his kids, etc. They don't have SSNs. (yet...) He really really really really objects to getting them on religious and moral grounds. Objecting to Big Brother in any way is fine - but doing it in this fashion will hurt his kids more than it will him. Can't get diplomas, jobs, go to college, or amny other fine things in the US without being registereed with Uncle Sam. It sent me to thinking... Any idea what his options are? Can he be a "conscientious objector" to the SSN deal? Yes. He just can't declare them on his taxes. His kids will pay a higher price as I said above. -- Bill McClatchie wmcclatc@nox.cs.du.edu http://nox.cs.du.edu:8001/~wmcclatc ------------------------------ From: sarig@teleport.com (Scott Arighi) Date: 08 Dec 1995 03:29:52 GMT Subject: Re: Common Carrier Organization: Teleport - Portland's Public Access (503) 220-1016 Kevin Kadow writes: Personally I'm more concerned with the chilling effect on free speech that would result from restricting content, regardless of who is held liable. As I've stated in other forums, the question isn't HOW to make the Internet safe for children (one proposed goal of this bill) but WHETHER it should be done at all. The Internet is no longer a publically funded resource, if the politician's want their own safe and censored network, let them start one for that purpose. herrin@why.com (William Herrin) wrote: I disagree. The availability of pornography and similarly problematic material potentially has the ability to bar children from the Internet, or at least from huge un-checked expanses of it. That shouldn't be allowed to happen. The question is how do you let the kids roam without, as you say, having a chilling effect on free speech. I like safesurf's answer. Take a look at . Their plan adds a voluntary capability to the technology, which if supported by laws and treaties would allow kids to roam without chilling anyone's rights. Should the internet be a childrens library or an adult bookstore? At least from what I have seen the chance of an innocent little 9 yr. old girl finding grossly offensive material is small. On the other hand the probabilty of keeping a computer literate, hormone driven 16 yr. old away from pornography is equally small. I have less than full faith that any of the various "watch" programs are going to be *100%* successful. It seems to me that a rational response to the amendment that passed conference comm. the other day on the Telecom bill is going to force a choice between adult and childrens library. Perhaps we need to *ban* usage of the internet by anyone under 18 :-) -- Scott Arighi Those who ignore history are doomed to repeat it. ------------------------------ From: fyoung@oxford.net (F Young) Date: 28 Nov 95 20:54:10 EST Subject: Re: Survey on Privacy in Business rj.mills@pti-us.com (Dick Mills) said: <...snip...> Can fellow readers of CPD suggest ways that con artists could profit from the information disclosed in similar requests? Is there reason to continue to complain about these survey requests, or is everyone sufficiently aware already? To Dick and the moderator: I believe we should allow surveys be posted, but only if the person(s) conducting the survey provide their real names, mailing address, e-mail address, phone number, the organization they are affliated with, and the purpose of the survey. Even after that, answers to surveys can be sent via a cypherpunk remailer to ensure a higher degree of anonymity. Of course, it is always up to the readers (answerers) to decide what information they are willing to provide or if they want to answer at all. ------------------------------ From: Dick Carlson Date: 29 Nov 1995 07:17:23 -0800 (PST) Subject: Re: Survey on Privacy in Business [moderator: I am interested also in whether or not I should filter such items out of the stream. The two postings before this one are cases in point.] I would appreciate filtering of these types of posts -- I find your forum very interesting and useful, but my time to scan huge digests is limited. At my University, we expect Froshpersons to do their *own* research -- and I would hope their tuition covers libraries, Web access, and search tools. If not, they should consider transfer to another institution! -------------------------------------------------- dcarlson@cc.wwu.edu http://www.az.com:80/~dick/ Fairhaven College -- Western Washington University Bellingham WA 98225 (360) 650-3680 ------------------------------------- ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #049 ****************************** .