Computer Privacy Digest Wed, 29 Jun 94 Volume 4 : Issue: 083 Today's Topics: Moderator: Leonard P. Levine Advice to New Users IRS Speech, Again A Canadian Scanner Ban is Coming ACM Press Conference on Crypto 6/30 Caller ID Re: Physical Location via Cell Phone The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Date: 24 Jun 1994 11:29:02 -0500 (CDT) Subject: Advice to New Users Organization: University of Wisconsin-Milwaukee I found this in the gopher site: (gopher.well.sf.ca.us// Community/Advice about Privacy and Security for People New to Cyberspace) ----------------------------- Subject: advice about privacy GENERAL ADVICE FOR THE NEW ON-LINE USER The benefits of being on-line far outweigh the risks, but being aware of the risks, the tools, and the support available better prepares the newcomer for the adventure. ------- There are impediments to perceived safety ------- 1) Understand that system footprints or tracks may be read to see: when and where your logins occurred. what commands you've executed and when you executed them. 2) Understand that information, even if it has been deleted, may be retrieved from backups. 3) Understand that your account is only as secure as its password. 4) Understand that sysops or root-holders: may read mail, files or directories without leaving footprints. may undelete files you've erased. may be forced to release your files, etc. under order of a court. 5) Understand that default file protection may not be secure for newly created files. 6) Understand that mail: may be compromised at each forwarding site. bounced may be posted for reading to a postmaster at some site. is owned by BOTH the sender and the receiver. 7) Understand that identifying biographies may be system searched or remotely fingered. 8) Understand that other users' identities: may not be what they appear to be. may be the result of a false registration. may be forged when they have had their own account compromised. ------- Be aware of the social dangers possible online ------- 1) Harassment, or frequent or unsolicited messages from another user, are occasionally sent randomly to women's id's. 2) Stalking, or being watched or followed online can be coupled with physical confrontation. 3) Flaming or emotional verbal attacks can occur. 4) Addiction, or the need for support and feedback available online outweighing a reasonable budget of time or money. ------- Know how to protect yourself (privacy begins at home) ------- 1) Protect your password. Chose a strong password (a combination of upper and lower case characters, and not a name or a dictionary word). Do not leave your terminal logged in unattended. Do not let anyone watch you log in. Log out cleanly. 2) Protect your files. Know the default for newly created files. Occasionally monitor your files. 3) Protect your information. Never send compromising information (your phone number, password, address, or vacation dates) by chat, sends, mail, or in your bio. See if encryption is available if necessary. ------- See what education/communication means are available ------ 1) Join a support group like the Santa Monica PEN's PEN Femmes, or the online groups BAWiT or SYSTERS. 2) Attend seminars, classes or study groups. 3) Make use of private, special interest forums online. 4) Use peer pressure in public online groups in order to settle disputes. 5) Answer harassment & inappropriate behavior directly and unambiguously, and then post what you observe for comment and discussion. 6) Advocate for grievance procedures, tolerance guidelines and the discouragement of false or anonymous user registrations. 7) Do not submit to unreasonable pressure. 8) Speak up for what you want. Please distribute this advice wherever appropriate, and please contact me with any questions, comments, or suggestions. Hilarie Gardner calliope@well.sf.ca.us ------------------------------ From: johnl@iecc.com (John R Levine) Date: 27 Jun 94 14:43:52 EDT Subject: IRS Speech, Again Someone asked a week or two ago someone asked about the speech I excerpted by Coleta Brueck, Project Manager, Document Processing System, of the IRS where she said "We know everything about you that we need to know." I can't find my excerpts, but I found the whole thing, on paper. It's 13 pages of typescript, which is more than I'm up to typing, but it should be easy to OCR. I'll be happy to send out small numbers of paper copies, particularly to anyone who volunteers to OCR or type it. -- Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: "Prof. L. P. Levine" Date: 28 Jun 1994 15:35:29 -0500 (CDT) Subject: A Canadian Scanner Ban is Coming Organization: University of Wisconsin-Milwaukee Newsgroups: alt.dcom.telecom Subject: SCANNER BAN COMING From: chuck.zeps@dt-can.com (Chuck Zeps) Date: 17 Jun 94 08:43:00 -0500 Organization: Data Tech Canada - (519) 473-7685 ---------------------------------------------------------------- >From a CANADIAN PRESS article of Friday 17 June 1994 ---------------------------------------------------------------- PHONE SCANNERS LIKELY TO BE BANNED OTTAWA - Chances are "very high" the government will ban digital scanners that pick up cellular and cordless phone conversations, says Jon Gerrard, secretary of State for science and technology. The Federal advisory council on the information highway is poised to recommend outlawing manufacture and sale of the scanning devices - advice the government is likely to accept, Gerrard said Thursday. "I think the case was made very eloquently and quite convincingly", he said at the conclusion of the councils second full meeting. The 30 member council, appointed this spring, is advising the government on the so-called information highway - the burgeoning web of telephone, cable, satellite and computer networks. SECURITY ISSUES: " The Government is very concerned about privacy and security issues," said Gerrard, who attended the two-day meeting. There are more than one million cellular phones, well over two million cordless phones and some 900,000 analog scanners across Canada. The wireless phone industry is shifting to digital signals that can't be picked up by cheap analog scanners. But some are concerned that scanners capable of decoding digitized voice communications could soon become common in corner electronic stores. Legislation would nip the new breed of scanner in the bud , said Gerrard. "There's no point in people investing money developing commercial digital scanners if that's the direction were going to go," he said. "And I suspect , based on the recommendations of the council, that the chances of that are very high." -- chuck.zeps@dt-can.com ------------------------------ From: David Banisar Date: 29 Jun 1994 09:33:16 -0500 Subject: ACM Press Conference on Crypto 6/30 FYI - CLIPPER REPORT RELEASE ON THURSDAY ACM TO MAKE POLICY RECOMMENDATIONS A press conference will be held at the U.S. Capitol on Thursday, June 30 at 10:30 am to announce the release of a new study on the controversial Clipper cryptography proposal. The ACM cryptography panel was chaired by Dr. Stephen Kent, Chief Scientist for Security Technology with the firm of Bolt Beranek and Newman. Dr. Susan Landau, Research Associate Professor in Computer Science at the University of Massachusetts, co-ordinated the work of the panel and did most of the writing. The panel members were: Dr. Clinton Brooks, Advisor to the Director, National Security Agency Scott Charney, Chief of the Computer Crime Unit, Criminal Division, U.S. Department of Justice Dr. Dorothy Denning, Computer Science Chair, Georgetown University Dr. Whitfield Diffie, Distinguished Engineer, Sun Microsystems Dr. Anthony Lauck, Corporate Consulting Engineer, Digital Equipment Corporation Douglas Miller, Government Affairs Manager, Software Publishers Association Dr. Peter Neumann, Principal Scientist, SRI International David Sobel, Legal Counsel, Electronic Privacy Information Center. The final report of the panel will be made public at the Thursday press conference. Also, the policy committee of the 85,000 member ACM will release a statement on cryptography issues facing the Clinton administration. For more information, call (202) 298-0842. Additional press announcement forthcoming. Cryptography report announcement. 10:30 am, Thursday, June 30, United States Capitol building, room SC-5. ------------------------------ From: Monty Solomon Date: 29 Jun 1994 11:27:12 -0400 Subject: Caller ID Excerpts from EPIC Alert 1.03 ======================================================================= [3] FCC Caller ID Decision Appealed ======================================================================= Several state utility commissions, including New York's and California's, have petitioned the Federal Communications Commission to reconsider its controversial Caller ID decision. The petitions ask the FCC to reverse its decision mandating per-call blocking for interstate calls and its preemption of state regulations. The commissions are concerned that the federal regulation will limit consumer privacy protection for intra-state calls. It is uncertain if the FCC will take the unusual action of accepting the petitions. Since the Caller ID decision was released in April, two new commissioners have joined the FCC. A total of 48 parties, including telephone companies who are concerned about which party is charged the cost of transmitting the information, have filed petitions asking the FCC to reconsider its decision. Per-call blocking, which is favored by telephone companies, requires that a caller to enter a series of numbers into their telephone before each call to prevent their number from being distributed. Under per-line blocking, privacy blocking is the default and the caller may opt to release their number. The New York Public Utility Commission's petition notes that "there is no technological bar to enabling each state to designate per line or per call blocking and have that privacy notation affixed to that caller's phone calls both intra and interstate." The PUC calls on the FCC, which did not hold a single hearing on Caller ID, to review the decisions of the many states that did hold hearings. Professor Rohan Samarajiva of Ohio State University, who also filed for reconsideration, found that 46 states held hearings on Caller ID before the FCC issued their final decision. He found that as information became more available on Caller ID, the state utility commissioners increasingly required that per-line blocking be offered in addition to per-call. By 1994, 33 jurisdictions developed rules with stronger privacy protection than the FCC decision. 18 states require per-line blocking be offered to all consumers, including Pennsylvania, Ohio, California and New York. CPSR has also filed a petition asking the FCC to revise its decision. CPSR calls for free per-line blocking and note the additional burden of per call blocking will cost consumers who have unlisted telephone numbers $1.2 billion each year through the disclosure of unlisted numbers. They describe the FCCUs suggestion that consumers who wish to ensure that their numbers remain private purchase equipment as Runreliable and discriminatory.S In addition, the California PUC has filed suit in the 9th Circuit Court of Appeals, asking the court to overturn the ruling and prevent its implementation. The FCC decision on Caller ID and the CPSR Petition for Reconsideration are available from cpsr.org. See below for details. ======================================================================= [4] NY PUC Letter to FCC on Caller ID ======================================================================= The following is a letter set by New York State Public Utility Committee Chairman Peter Bradford to FCC Chairman Reed Hundt on the FCC's Caller ID decision. For more information, contact Stacey Harwood at 518-473-0276. STATE OF NEW YORK PUBLIC SERVICE COMMISSION ALBANY 12223 PETER A. BRADFORD THREE EMPIRE STATE PLAZA CHAIRMAN (518)474-2530 June 1, 1994 Reed Hundt, Chairman Federal Communications Commission 1919 M Street, N.W. Washington, DC 20554 Dear Chairman Hundt: I am writing to express My concern about the Federal Communications Commission's recent decision (Docket #91-281) limiting the range of privacy protections available to telephone callers in connection with Call ID service. The potential preemptive features of this decision undermine sensible allocation of responsibility between state and federal jurisdictions, namely that the federal government preempt only where issues of overriding national concern are clearly at stake and then only after strong proof that no alternative approach will protect the national concerns. All of these essential elements (clear national concern, strong proof, and the absence of other alternatives) are lacking here. Instead, the casual reasoning and the destructive remedy mock stated Clinton Administration eagerness to work with the states to assure that telecommunications decisions are sensitive to important consumer issues. The FCC's decision appears to ignore the states' considerable experience with Call ID. Prior to its authorization of Call ID, the New York Public Service Commission (like many other states) conducted extensive customer outreach and education programs to determine how best to balance the privacy interests of the calling and called parties. many witnesses, including psychiatrists, social workers, police, other public safety officials, as well as family violence crisis centers, saw danger and/or nuisance in Call ID without the option of per line blocking. These hearings established that privacy protection consisting only of per call blocking represents the worst of all worlds. The harassing caller is unlikely to forget to use per call blocking. It is the customer who does not realize the implications of the availability of Call ID to commercial number gatherers (or others who may abuse it) who is likely to make his or her telephone number inadvertently available. As a result, we concluded that in New York callers should have the option of both per call and per line blocking. Since Call ID service was approved with these options two years ago, no complaints have been received from either Call ID subscribers or callers on the issue of blocking. Furthermore, the market for Call ID does not seem to be hurt by the availability of per line blocking, for subscription rates are at least as high in states with per line blocking as elsewhere. Nevertheless, the FCC decision contemplates preemption of state requirements inconsistent with a federal per-call-blocking- only regime. Since per line blocking only for intrastate calls does not seem feasible, New York's standard (and those of some 40 other states) will be preempted. Protracted litigation over the FCC decision is certain and may impede the introduction of interstate Call ID service. Several states, including New York are seeking reconsideration of the FCC decision and California has challenged the FCC order in court. Customer confusion and disappointment with limitations on privacy options will spawn a host of complaints. Furthermore, it will be hard for state regulators, to justify the current surcharge for unpublished listings while telephone companies market a service that compromises the value of those listings. I have enclosed a recent New York notice raising this concern for parties in two major cases. Telephone companies are not likely to go forward with Call ID if they must forego tens of millions of dollars per year in charges for unpublished numbers. I hope that the FCC will think again about the impact of this decision. It is likely to damage the prospects for Call ID, and it is certain to damage federal-state relations in the communications area at a time when much depends on our mutual trust and cooperation. Sincerely, /sig Peter Bradford ======================================================================= [6] Files Available for retrieval ======================================================================= The CPSR Internet Library is a free service available via FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact ftp-admin@cpsr.org. Files on Caller ID: /privacy/communications/caller_id/ The FCC decision - fcc_caller_id_decision_94.txt. CPSR Petition for Reconsideration - CPSR_RFR_on_FCC_Caller-ID_Order.txt ======================================================================= To subscribe to the EPIC Alert, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv@cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information email info@epic.org, or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info@cpsr.org ------------------------- END EPIC Alert 1.03 ------------------------- ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: 28 Jun 1994 06:02:00 GMT Subject: Re: Physical Location via Cell Phone Organization: Fantasy Farm, Pearisburg, VA Eric Smith writes: Just like now if you ask to be paid in cash you might be suspected of tax evasion or of being an illegal alien, sometime in the future if you buy a new car and request that it not have a cellular phone in it, you might be suspected of planning to use that car for a crime. Car phones might even be made hard to turn off when it is found that people who want to turn off their car phones tend to be criminals. This strikes me as the kind of paranoid conspiracy theory that doesn't advance the discussion much. Actually, your "just like now" is bogus as far as I know --- the IRS doesn't care one whit how your employer actually gives your salary to you. *employers* don't like dealing in cash for a lot of obvious reasons... but whether they pay you in cash or not their IRS reporting requirements are the same. Is there any substance whatever behind the 'might be suspected' or just more paranoia? As for the latter stuff about mandatory cell-phones in cars, that too, seems awfully unlikely. And making it hard to turn off? The same attitude now might still apply then: "If you don't have anything to hide, why are you worried about it?" What 'attitude'? You've offered little except unsubstantiated and rather unlikely [IMO} speculation. *EVERYTHING* you've referred to has been placed in the indefinite future without any indication of why we should lend credence to any of it, or that if/when it gets even vaguely close to coming to pass there wouldn't be plenty of time to do something about it or how we would get from here to there [would it start with some kind of for-free nation cellular phone service, or in your fantasy world of the future would we all be _compelled_ to pay for cellular phone service?] Indeed, I pointed out that one can just *not*have* a cellular phone and the privacy problem vanishes. Somehow, you have gone from reality in one big leap to a world where tamper-proof cellular phones are *compulsory*. Don't you think you would need to provide some kind of extraordinary evidence or backup for that rather farfetched and extraordinary scenario? Consider, for example, that if all they want to do is be able to track you, why not assume that they'll just mandate that all autos must contain a small transponder? Sort of like the thing that some big cities are flirting with to have "on the fly toll booths" that'll just read off your car's id as you drive by? that's at least _plausible_ [if still unlikely]. but I find the stuff that you're talking about here really off the deep end from my perspective. I mean, maybe you could merge the "ID Chip" and the "mandatory cellular phones" fears into one grand fantasy: something like "I can envision a future in which they'll require that all babies have *cellular*phones* implanted in them at birth! There might even come a time when car phone tampering for the purpose of obstructing possible criminal investigations will be made illegal, such that if you tamper with your phone to allow you to turn it off, you can go to jail even if you commit no other crime. "There might even come"??? Is it your 'attitude' to base your position on the most farfetched and unlikely spculative scenarios that you can imagine? The case at hand is whether a cellular phone is a privacy problem *NOW*. If you want to speculate about whether it could _become_ a problem, perhaps you need a less tenuous path to get from here to there than "there might even come..."? Even without a law against car phone tampering, it might still warn cops that you might be a dangerous criminal trying to hide, causing them to stop you for minor infractions they would otherwise ignore. Even if only 95% of the population has car phones, the cops might still be more inclined to stop the other 5% for that same reason. Is the presence of numbers here supposed to give the impression that all of this ia anything other than more unsupported speculation? Also, your vision of the future seems to include cell phones that *broadcast* that they've been tampered with. Huh? My phone is going to _broadcast_ that it has been turned off? They might even use the car phone itself as the excuse. "I saw you drive by looking a little dazed, so I tried to call you to see if you were ok, but your phone was dead. Wait, I missed something: how did they figure out your number to try to poll your phone? Or is there more to the conspiracy that you are brewing that you haven't told us about? Maybe they'll replace license plates AND vehicle ID numbers with the cell-phone-numbers of the [mandatory] cell phone assigned to the vehicle or something like that? -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 ------------------------------ End of Computer Privacy Digest V4 #083 ******************************