Computer Privacy Digest Sat, 09 Jul 94 Volume 5 : Issue: 003 Today's Topics: Moderator: Leonard P. Levine SSN of Dependants Now Required SSNs at Car Dealership Re: CID is not the same as 800 or 911 ANI NSA's Response in {Wired} privacy Re: Question About CallerID Re: Question About CallerID Re: Question About CallerID Re: Question About CallerID Re: Question About CallerID Re: What's a Cop to Do? Re: Video cameras in City Centres Re: IRS Speech, Again Signatures in Electronic Commerce (long) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Christopher Hoover Date: 08 Jul 94 15:44:35 -0500 Subject: SSN of Dependants Now Required My employer has asked me to list all my dependents, their relationships to me, and their *social security numbers*. Apparently employers are now required to submit H-2 forms to the Health Care Financing Administration (HCFA). The HCFA requires ``that employers maintaining a group health plan that covers at least one employee must submit information about convered employees, dependents, and the plan to the Medicare / Medicaid data bank.'' Yet another use of SSN's ... ------------------------------ From: jepstein@cordant.com (Jeremy Epstein -C2 PROJECT) Date: 08 Jul 1994 16:51:43 -0400 (EDT) Subject: SSNs at Car Dealership I was getting my car serviced today at the local Mercury dealership, and hanging on a wall by the cashier's office was a framed plaque giving the names and SSNs of mechanics who are authorized to perform emissions and safety inspections. Wonder how the Commonwealth of Virginia justifies requiring dealerships to post the list and then includes SSNs. Sort of like the court case they just lost on requiring SSNs to vote, and making the voting records public. --Jeremy Epstein Cordant, Inc. jepstein@cordant.com ------------------------------ From: kadokev@rci.ripco.com (Kevin Kadow) Date: 08 Jul 1994 20:45:41 -0500 (CDT) Subject: Re: CID is not the same as 800 or 911 ANI dunn@nlm.nih.gov (Joe Dunn, MSD) said: A big advantage of having per id blocking on a call by call basis is that it would be prohibitively expensive for a telemarketing company to block their number. People could then stop answering calls from them when they see the number. Downside is that if you had an unlisted number you would have dial extra numbers for every call to block your number going out. Personally, I am in favor of BOTH per call and line blocking, with *67 doing nothing on a line with line blocking enabled, and another code (*68?) enabling caller-id sending if it was disabled. All at no charge. The other solution is line blocking, in which all calls have the id blocked. Downside: what if you had to call 911 and the number was blocked because you forgot to dial the extra numbers to send your number. And telemarkters would pay a one time fee to block the number so you would be in the same boat you are now. Pick up phone, listen to pitch, hang-up rudely... The 911 systems which provide calling number, name, and address, are not blocked by the caller-id blocking system- the same goes for calling 1-800 numbers- the owner of the 800 system always gets your number. -- kadokev@ripco.com Kevin Kadow FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983 Dialup:(312) 665-0065|Gopher:gopher.ripco.com|Telnet:foley.ripco.com ('info') ------------------------------ From: Paul Robinson Date: 09 Jul 1994 09:16:35 -0400 (EDT) Subject: NSA's Response in {Wired} Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Nathan Zook , writes: The biggest NSA-specific gripe I could come up with is that the system is classified. That means we can't test it easily. And I believe that even with _our_ hands tied behind our backs, we are finding sever[e] technical problems. Not to mention Mr. Baker's failure to mention that the U.S. Congress passed a bill which was signed into law _requiring_ the NSA to keep its hands behind its back, and its thumbs off the new encryption standard. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: WHMurray@dockmaster.ncsc.mil Date: 09 Jul 94 10:50 EDT Subject: privacy patchman at retcocom (J. Patrick Henry) asks: My question regarng the Clipper is this: If a w enforcement official susp illegal activity behind ectronic enemy lines, what would he/she do for surveillancf he/she didn't have the Clipper? I suspect that the question is facetious. However, just in case it is serious or the answer is not obvious to readers, the answer is that they would do the same thing that they will do in the face of strong private crypto. That is, they will get closer to an end of the traffic. They will bug, suborn, threaten, coopt and corrupt. Even for law enforcement, the issue is not one of effectiveness but one of efficiency. It is not whether or not they can listen in, but how cheaply. It is not whether they can listen to any conversation that they want to, but whether or not they can listen to every conversation that they want to. However, do not go too far down this path. CLIPPER is not about law enforcement. It is about the efficiency of signals intelligence. It is not about the few hundred wiretaps that are done each year under color of warrant. It is about the hundred of thousands that are done without warrant. It is not about the taps done by the FBI, state police, or even municipal police. It is about those done by private police, private investigators, and other "confidential" paid informants. It is about all of the jobs (tens of thousands, more than the FBI or CIA), power (sufficient to command the votes of entire committees of the congress), and money (tens of billions of dollars) at Fort Meade. In the immortal words of Deep Throat, "Follow the money." William Hugh Murray New Canaan, Connecticut ------------------------------ From: forags@nature.Berkeley.EDU (Al Stangenberger) Date: 08 Jul 1994 19:55:15 GMT Subject: Re: Question About CallerID Organization: U.C. Forestry & Resource Mgt. Joe Dunn, MSD wrote: "J. Shickel" writes: Does 'Caller ID' return the telephone number of callers with unlisted numbers? This is the primary reason for all the legal challanges to the caller id service. People who have unlisted numbers would be giving out their numbers unless there is a mechanism of blocking the number. The other solution is line blocking, in which all calls have the id blocked. Downside: what if you had to call 911 and the number was blocked because you forgot to dial the extra numbers to send your number. 911 uses a different service, ANI (Automatic Number Identification) which cannot be blocked. Another problem is, calling an 800 number. The courts have ruled since the company with the 800 number is paying for the call they own the call and have the right to getting your number. Again, 800-numbers use ANI which is not affected by CNID blocking. -- Al Stangenberger Univ. of California at Berkeley forags@nature.berkeley.edu Dept. of Env. Sci., Policy, & Mgt. BITNET: FORAGS AT UCBNATUR 145 Mulford Hall # 3114 (510) 642-4424 FAX: (510) 643-5438 Berkeley, CA 94720-3114 ------------------------------ From: Dean Ridgway Date: 08 Jul 1994 13:53:23 -0700 Subject: Re: Question About CallerID The other solution is line blocking, in which all calls have the id blocked. Downside: what if you had to call 911 and the number was blocked because you forgot to dial the extra numbers to send your number. And telemarkters would pay a one time fee to block the number so you would be in the same boat you are now. Pick up phone, listen to pitch, hang-up rudely... This is incorrect, 911 calls have realtime ANI like 800 #'s and CAN'T be blocked. As far as telemarketers go, ask them to remove you from their list, if they continue to call (or if its a robo-call) then (don't know about availability in other states) start hitting *57 (call trace) which logs the number with the phone company as a harassing call. After three such logs the phone company is usually obliged to take action (usually by threatening to cancel their phone service). So, how do you handle not giving out your unlisted number when you call an 800 number, even when you pay to have your number blocked?? Four choices; don't call 800 #'s, sacrific privacy (they will get everything they want from your credit card anyway if your ordering anything), use one of the ANI stripping call forwarding services, use a different phone (pay phone). What bothers me is the fact that even non-published numbers are. I recently called a local pizza place which I have NEVER patronized before, they asked for my name (reasonable since I was having a pizza delivered) and in less than a second they had my address and unpublished phone number. CallerID doesn't start here for another week or so and I'm line-blocked. I was too shocked to ask them how they got this information. Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@csos.orst.edu | CIS 73225,512 | ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: 09 Jul 1994 00:16:18 GMT Subject: Re: Question About CallerID Organization: Fantasy Farm, Pearisburg, VA Joe Dunn, MSD writes: "J. Shickel" writes: Does 'Caller ID' return the telephone number of callers with unlisted numbers? This is the primary reason for all the legal challanges to the caller id service. People who have unlisted numbers would be giving out their numbers unless there is a mechanism of blocking the number. But there's an interesting standoff [at least here in Bell Atlantic land]. One option you can purchase is "refused blocked calls". So you, with your unpub number, may discover that you're caught between a rock and a hard place: either you give out your unpub number, or you can't call the person _at_all_. -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 ------------------------------ From: "Dave Niebuhr, BNL CCD, 516-282-3093" Date: 09 Jul 1994 6:48:51 -0400 (EDT) Subject: Re: Question About CallerID dunn@nlm.nih.gov (Joe Dunn, MSD) writes: "J. Shickel" writes: Does 'Caller ID' return the telephone number of callers with unlisted numbers? A big advantage of having per id blocking on a call by call basis is that it would be prohibitively expensive for a telemarketing company to block their number. People could then stop answering calls from them when they see the number. Downside is that if you had an unlisted number you would have dial extra numbers for every call to block your number going out. Not necessarily true. If the call is coming through a PBX or Centrex, the number more than likely will either show a bogus number (a line on an outgoing trunk and not related to the physical) or show the message "OUT OF AREA" as what is displayed on my CID unit. The other solution is line blocking, in which all calls have the id blocked. Downside: what if you had to call 911 and the number was blocked because you forgot to dial the extra numbers to send your number. And telemarkters would pay a one time fee to block the number so you would be in the same boat you are now. Pick up phone, listen to pitch, hang-up rudely... The 911 situation depends on what type of system is installed at the receiving site. If it is "normal" 911, then the number won't be shown; if, on the other hand, the system is "Enhanced 911 or E911" then more than likely the number will be shown. I like the E911 system much better than the normal one. Example: My almost three-year-old grandson is in the process of learning how to use the phone for calling for help if an emergency exists (using a play phone of course). Suppose something happens and he has to use that system for real. He'll be panicky enough without being taken through a maze of questions and if the number is displayed, it can be cross-referenced to get its location. Another problem is, calling an 800 number. The courts have ruled since the company with the 800 number is paying for the call they own the call and have the right to getting your number. So, how do you handle not giving out your unlisted number when you call an 800 number, even when you pay to have your number blocked?? You can't. If I'm paying for a call, then I want to know just where the number is located and who owns it. If I'm paying to give you the privilege of calling me, then why can't I know where you are and what your phone number is. Don't call me collect if you don't want your number made known to me. To me that is fair. Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred) niebuhr@bnl.gov / Bitnet: niebuhr@bnl Senior Technical Specialist, Scientific Computing Facility Brookhaven National Laboratory Upton, NY 11973 1+(516) 282-3093 FAX 1+(516) 282-7688 ------------------------------ From: Paul Robinson Date: 09 Jul 1994 09:12:17 -0400 (EDT) Subject: Re: Question About CallerID Organization: Tansin A. Darcos & Company, Silver Spring, MD USA "J. Shickel" , writes: Does 'Caller ID' return the telephone number of callers with unlisted numbers? Yes. All "unlisted numbers" are is numbers the phone company doesn't publish the information about. Technically there is no difference in service between listed and unlisted numbers. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: Dean Ridgway Date: 08 Jul 1994 13:17:29 -0700 Subject: Re: What's a Cop to Do? My question regarding the Clipper is this: If a law enforcement official suspects illegal activity behind electronic enemy lines, what would he/she do for surveillance if he/she didn't have the Clipper? Probably the same things they do now; beat suspects, intimidate witnesses, and manufacture evidence. :-) Ummm, seriously, you are asking the wrong question. Ask this of law enforcement: How many of your convictions last year depended TOTALLY on information gathered by a court ordered wiretap? I'll bet the percentage isn't high enough to even mention. The bottom line is smart crooks won't be using Clipper, and the dumb ones won't bother to encrypt at all. The Clipper chip is a solution looking for a problem. Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@csos.orst.edu | CIS 73225,512 | ------------------------------ From: tnyurkiw@napier.uwaterloo.ca (Tom Yurkiw) Date: 09 Jul 1994 07:15:57 GMT Subject: Re: Video cameras in City Centres Organization: University of Waterloo The RISKS are obvious. With enough crime, poverty, social decay, people may be willing to assign away all personal freedom in the perhaps futile attempt to recover the lost days of leaving your front door open and unlocked, and your car window rolled down whilst you shop. This isn't really a *freedom* issue, more of a privacy issue. And city centres are not private places. ------Tommy the Yurk ------------------------------ From: Paul Robinson Date: 09 Jul 1994 09:10:22 -0400 (EDT) Subject: Re: IRS Speech, Again Organization: Tansin A. Darcos & Company, Silver Spring, MD USA For example, I just got a GAO report about the fact that they [the IRS] get TOO MANY CTR's (currency transaction reports). Cash transactions over $10,000 have to be reported on a CTR. Well, they get so many, it interferes with the intended purpose of the CTR's. The original regulations required that all transations over $5,000 be reported. The IRS got so many that they had to scale it back to $10,000. Perhaps they should raise it to $25,000, if the load was too great. But no, it's another means of intimidation. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: "Risks Forum Digest" Date: 08 Jul 1994 11:13:14 -0500 (CDT) Subject: Signatures in Electronic Commerce (long) from Risks-Forum Digest Thursday 7 July 1994 (16:21) Forum on Risks to the Public in Computers and Related Systems ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 05 Jul 94 23:26:34 EDT Subject: Signatures in electronic commerce [Ben Wright, an attorney teaching the online seminar on The Law of Electronic Commerce in the NCSAFORUM of CompuServe, has granted permission to post the following article on signatures. I recommend that it be posted in RISKS because it addresses assumptions about the need for non-repudiation of contracts--an area which has been fuzzy for many of us. I hope it will be as useful for others as it has been for me. --MK] <> THE VERDICT ON PLAINTEXT SIGNATURES: THEY'RE LEGAL Summary: Contrary to conventional wisdom, commercial law generally does not require that a signature be "secure" to be legally effective. That is good news for e-mail, and electronic commerce in general. By Benjamin Wright According to the digital cognoscenti, the only legally effective way to sign an e-mail message is to run it through a cryptographic algorithm (such as that for DES or RSA), compute a mathematically unique authentication code,<1> and append it to the message. But if that's true, it will be many years before real (legal) electronic commerce comes to e-mail users because very few people authenticate their e-mail with cryptography. But fortunately, that reading of the law is not true. Many business e-mail users already practice electronic commerce. What's more, the law should generally recognize and enforce it. Forming Contracts In commerce the central transaction is the contract. Classically speaking, a contract is born any time an offer (e-mail from Joe Nightclub owner: "Will you make me three custom discs for $1000 and deliver next week?") meets acceptance (e-mail from Artist: "Yes!"). Once a contract is formed, the law gives one party a remedy if the other backs out. The orthodox view is that a simple, wholly plaintext e-mail contract cannot be enforced because it is not signed in a secure way and it will be impossible to prove in court. This excerpt from a popular magazine exemplifies the orthodoxy: [C]onsider an attempt to create an enforceable contract by exchanging an E-mail offer and acceptance. In the real world, exchanging letters of offer and acceptance does create an enforceable contract (assuming something of value is also eventually exchanged). Unfortunately, without authentication techniques (e.g., digital signatures), E-mail agreements are probably unenforceable in court. Under legal rules governing evidence and contracts, it's hard to prove the existence of a contract based on E-mail; fabricating an E-mail message is just too easy.<2> With all professional respect to the author of this passage, I disagree. The orthodoxy is wrong. Many types of contracts do have to be signed, says a law called the Statute of Frauds (which dates back to Seventeenth Century England),<3> but that law is admirably liberal in its use of the term _signed_. One signs a document when he adopts a symbol (any symbol) on the document as his signature. A signature need not be in ink; it need not be an autograph; and it need not be the least bit secure against forgery. Remember the illiterate geezer in the western movies who couldn't write his name? He just marked an X on the document. The law recognizes that X as his signature. A signature can be the ASCII characters "Joe Nightclub" appearing in plaintext in the From line of an e-mail message. "Joe Nightclub" need not even be the sender's real name. What is important is not the nature of the symbol Joe uses to identify himself, but rather the intent behind the symbol. If Joe intends the characters to be a token of his responsibility, then they are his signature. When Joe sends e-mail offering to buy discs, he intends the characters in the From line to show he is responsible for the message and the consequences that flow from it. If that's not his intent, what is it? Along with Canada, Australia and many other countries, the United States inherits the common law tradition of ancient England -- a set of living, breathing principles that are more limber than you might think. The common law, being the law of the leading industrial civilization over the past several centuries, has ample experience negotiating waves of new technology -- handwriting, printing press, typewriter, telegraph, telephone, telex, fax -- and it is today suffering no particular problems digesting e-mail as a medium for transacting commerce. Given how many thousands of courts and judges there are, it is possible that the odd one will disagree with my reading of the law. If this worries you (and those conducting more valuable transactions might be worried), you can minimize the risk by insisting that the e-mail sender include a statement that his name in the e-mail is his signature. This makes it very difficult for him later to claim in court that his name, written in plaintext, is not his signature. Proving It "But wait!" cry the advocates of cryptographic authentication. You can't prove that e-mail came from Joe Nightclub. Anyone could have sent it. The Artist herself could have fabricated it. True. You can write e-mail and make it appear to come from someone else. You can easily send e-mail from an address opened under a false name. But just as you can send fake e-mail, so you can send fake letters, telegrams, telexes, and faxes. Nonetheless, regardless of the medium through which a business message is carried, the origin and genuineness of the message can usually be proven in court. Rarely are they proven from the signature that happens to be attached to the message (or document), despite what you may think from watching _Perry Mason_. Much more often, origin and genuineness are determined in court from all the facts and circumstances that surround the message -- the full relationship of the people involved. We don't do business in vacuums. We do business based on relationships. When the Artist receives e-mail from Joe Nightclub, she wants to learn more before she parts with her precious discs. If she's never dealt with this customer before, she's going to check the guy out: call him on the phone, go meet him, ask for references, or ask for advance payment. Lest she be a fool, the Artist wants to collect evidence that this is a bona fide customer who is very likely to pay as promised. All the mundane facts and circumstances she collects can be, through testimony and otherwise, used in court to lend credence to Joe's e-mail. Sure, there will be disputed evidence. And under no circumstances are the judge and jury guaranteed to believe that any given message is genuine. But that is just the way commercial law works. Proving things in law is much more sloppy than proving things in science. Forgeries A supposed virtue of paper over e-mail as a legal medium is that it is hard to make inconspicuous changes to paper, whereas plaintext ASCII can easily be changed. Upon receipt of Joe's e-mail offering $1000, the Artist could change it to say the offer is for $2000. If she took this e-mail to court, there would be no way to tell from the face of the message whether it originally said $1000 or $2000. Yet paper suffers the same infirmity. If the Artist receives a letter from Joe offering $1000, she could rip it up and write a replacement, offering $2000, on a sheet of cheap, fake letterhead. She could then scribble something that purports to be Joe's handwritten signature. Later, a court could not tell from the face of the document whether Joe did or did not send it. Although Joe would repudiate it, sternly declaring that neither the letterhead nor the signature is his, the Artist would swear that this is indeed the letter she received. If this is not Joe's normal letterhead and signature, she'd contend, then Joe must have sought to deceive her, and the court, by sending an offer using unusual letterhead and signature. Although the Artist would be lying, the court would not know it just from inspecting the letter. Indeed, we can play the same authentication games with paper that we can with plaintext e-mail. When you receive a paper letter in the mail, bearing what looks to be an original autograph, you have no technical proof of its origin. Neither do you have technical proof of origin when you get a telegram or telex (unless you require it be authenticated with a cipher code, which is rarely done). So the reality is that routine business communications are, and have always been, risky. Still, business traders seem to have compensated for this risk. Cryptography's Role Don't misunderstand. I'm not denigrating cryptography as a means for ensuring the authenticity of messages or denying its rightful role in electronic commerce. Just as the engraved and magnetized paper used for currency is necessary for financial transactions in the world of paper, so cryptographic authentication is needed for electronic funds transfers. But just as we don't securely engrave and magnetize the pulp on which we write business letters and contracts, so we don't need to cryptographically authenticate most of our business e-mail. Sure, if you use e-mail for business you should keep complete records, and the more secure the records, the better. Consult your own lawyer. If you work for a large organization, records can be secured by placing them under the control of an independent department (e.g., internal audit).<4> But if you work solo, you can just establish a routine for making a log of business messages on your PC. Yes, someone could claim you falsified your log. But if you faithfully keep the log as a regular business practice, you can, if ever called to court, confidently vouch for the integrity of your records, and your story will more likely jibe with the ambient facts and circumstances. It is ironic that some of the most ardent champions of e-mail are so quick to assume that plaintext e-mail is somehow deficient. If, as they suggest, it is necessary to use fancy cryptographic methods to make e-mail legal, then they ask much more of digital media than we do of its predecessors. ========= NOTES: <1> The proponents of cryptography often refer to unique authentication codes as "message authentication codes" or "digital signatures." These are streams of scrambled numbers that, when unscrambled using the necessary cryptographic keys, give mathematically supportable evidence as to who created a message and whether the message has changed. See Larry Oyama, "Using Encryption and Authentication for Securing Data," EDI Forum, Special Edition on EDI Legal and Audit Issues (1992) p. 111. <2> Victor J. Cosentino, Virtual Legality, BYTE (March 1994) p. 278. <3> For example, the statute of frauds, as rendered in Section 2- 201 of the Uniform Commercial Code, says that a contract for the sale of goods worth $500 or more is generally not enforceable unless it is supported by a "writing" that is "signed." <4> See, Benjamin Wright, The Law of Electronic Commerce (Boston: Little, Brown and Company) Section 6.4. ============ Benjamin Wright (bwrigh01@reach.com) is a Dallas-based attorney and author of _The Law of Electronic Commerce: EDI, Fax and E-mail_. He is the instructor for a series of "virtual" seminars on the law of electronic commerce, sponsored by the National Computer Security Association (75300.2557@compuserve.com or (800) 488-4595). These seminars will be delivered via online computer conference. This article provides general information and is not legal advice for any specific situation. The formation of contracts is inherently risky, and this article does not advise which level of risk is appropriate for you. If you plan to conduct legal transactions, you should consult your own attorney. Copyright (c) 1994 by Benjamin Wright. All Rights Reserved. This article may be reprinted or redistributed as a whole, but only with the above information. <> Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn ------------------------------ End of Computer Privacy Digest V5 #003 ******************************