PRIVACY Forum Digest Friday, 19 June 1992 Volume 01 : Issue 05 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== CONTENTS PRIVACY Brief (Moderator--Lauren Weinstein) Calling Number ID decision announced by California PUC (Moderator--Lauren Weinstein) Bank account security (King Ables) Social Security numbers (hibbert@xanadu.com) Privacy of voter registration files (Lance J. Hoffman) Thoughts on the FBI wiretapping proposal (Anonymous) CFP'93 Call for Participation (Bruce R Koball) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". Mechanisms for obtaining back issues will be announced when available. All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 05 Quote for the day: "I'm sorry Dave, I'm afraid I can't do that." -- Hal 9000 "2001: A Space Odyssey" (1968) ---------------------------------------------------------------------- PRIVACY Brief (from the Moderator) --- By the middle of 1993 (and in some cases starting as early as July 1, 1992), most transactions involving the California Department of Motor Vehicles (DMV) will be tagged to individuals' social security numbers. This will include vehicle registrations, driver's license renewals, and most related activities. The DMV will refuse to process individuals who do not make their SS# available upon request. The DMV says that this requirement is being imposed to allow for easier cross-checking against outstanding traffic penalties, and to "help collect delinquent child support payments." ------------------------------ Date: Fri, 19 Jun 92 18:48:00 PDT From: lauren@cv.vortex.com (Moderator--Lauren Weinstein) Subject: Calling Number ID decision announced by California PUC Greetings. The California Public Utilities Commission (PUC) this week finally made its decision regarding the controversial Calling Number ID (CNID) services in California. While the headlines touted: "Caller ID Approved", the two main telephone companies in the state, Pacific Bell and GTE California, expressed extreme disappointment at the decision. GTE immediately announced that it would withdraw its proposal to provide CNID; Pacific Bell said that it was reconsidering its proposal and might well withdraw it in light of the decision. This seemingly odd reaction by the telcos is the result of the range of restrictions placed on California CNID services, restrictions which were universally hailed by privacy advocates. In addition to free per-call ID blocking, which had been mandated by state law, the PUC ordered that all customers be able to optionally choose free per-line ID blocking or per-line ID blocking with a user controllable per-call ID enable feature (i.e., ID would be blocked on all calls unless the caller entered a code to enable sending the ID for that particular call). All subscribers would have one free choice of blocking options, after which changes would be charged. Subscribers with unlisted numbers who made no other choice would default to the latter type of per-line ID blocking. This default is of major significance in California, where well over half the phones are unlisted. Between unlisted numbers and other subscribers who could be expected to choose per-line blocking (surveys have consistently shown consumer preference for this option), the number of lines which did not have some form of per-line ID blocking might be comparatively quite small. Presumably this fact is a major component in the GTE decision and Pacific Bell's considering dropping the service. Other advanced services such as "call return" were also approved, but with the requirement that blocked caller ID's must be kept secure and not be divulged by those services. The California telcos have expressed hope that pending federal legislation, which has been drafted to require per-call ID blocking throughout the U.S., might also invalidate states' attempts at implementing more stringent (i.e. per-line) ID blocking and force the withdrawal of the California per-line ID blocking provisions in the future. --Lauren-- ------------------------------ Date: Mon, 15 Jun 92 10:28:42 PDT From: ables@hal.com (King Ables) Subject: Bank account security [Subject field supplied by Moderator] > On the topic of bank account security, some banks are more with it than > others. My bank has a nice touch-tone account information system. The > user ID is your ATM card number, which is unrelated to any account number. > After you enter the card number (actually, just the last 8 digits since > the leading digits are the same for all of its cards) the computer voice > randomly asks you to enter one of the digits of your PIN, e.g. "now, enter > the, third, digit of your PIN." This scheme seems to me fairly secure > without being overbearing. I seem to be the only customer who ever uses > it because they've never advertised it. > That's *awful*! That means anyone dialing up has a 1 in 10 chance of getting into your account at any time. Granted, if they change the digit, it takes more than 10 tries, but still... 1 in 10 is pretty good odds if you're talking about my money. I have to enter my entire 4-digit PIN... I don't see that it's any more hassle... I have to enter it at an ATM anyway. But then, all anybody could do with phone access to my account is pay money out to the people on my bill paying list, who would credit it anyway, so it wouldn't be a disaster... --------------------------------------------------------------- King Ables HaL Computer Systems, Inc. ables@hal.com 8920 Business Park Dr., Suite 300 +1 512 794 2855 Austin, TX 78759 --------------------------------------------------------------- ------------------------------ Date: Mon, 15 Jun 92 09:06:59 PDT From: hibbert@xanadu.com Subject: Social Security numbers [Subject field supplied by Moderator] The doctor [...] refused to [include] her own (not the patient's) social security [number]. [T]he patient would not receive the medication unless and until the DOCTOR provided the DOCTOR's SSN. I believe that this is illegal, but am not sure. Any thoughts? Mark D. Rasch I maintain the periodic FAQ on SSNs that appears in various Usenet groups. Mark's belief is incorrect. There are no regulations that limit the use or requirement of SSNs by private entities. There are some regulations, but they all cover the use by government agencies. Chris ------------------------------ Date: Wed, 17 Jun 92 15:58:35 PDT From: Lance J. Hoffman Subject: privacy of voter registration files Forwarded from Norman Kraft in alt.privacy: An article that made the front page of the San Diego Union on Sunday, June 7, 1992 bore the title: "Technology pits privacy vs. Information Age". The article starts with these paragraphs: ++++++ The morning after Bill Turner voted in last week's election, he picked up a copy of a local computer magazine and his jaw dropped. "This ad just jumped out and hit me in the face," said the 35-year old La Mesa computer programmer. "It was a severe shock." There, for sale, were Turner's name, address, unlisted telephone number, occupation, birthplace, birthdate and political affiliation. A list of San Diego County's 1.25 million registered voters containing the information is available for $99 in a relatively new format [CD-ROM] that virtually anyone with a personal computer can use. It is the first known such use of voter registration data in the nation. ++++++ The CD-ROM is marketed by a San Diego company call Sole Source Systems, a local computer store. Lists of voter information have always been available, and political campaigns have had access to the information on data tapes for years. This is, however, the first time that such information has been made available to the public at large, in an easily accessible format (dBase, from what I can gather). Sole Source says that use of the CD is limited to "election purposes, ...election, scholarly or political research, or government purposes." Sole Source says that they require ID and the completion of a form before selling the CD. Turner responds to this with "What is there to prevent me from going up there and telling him I'm with the Little Old Ladies Auxilliary 97, and I want this list to call people up and help arrange transportation to the polls on Election Day? It would be a bald-faced lie, but I would get it [the CD]." He may be right, as Conny McCormack, the San Diego County Registrar of Voters says that the registrar's office does not check to make sure the list is being used within the law, primarily because "we have no authority in that area." David Banisar, a policy analyst with Computer Professionals for Social Responsibilities in Washington, DC, said in all likelihood the CD would end up in the hands of direct marketers. "This is really an unanticipated use of the data," he said, "You register to vote because you want to feel patriotic and do your citizen's duty and try to get some good government. You don't register to vote so that you can be solicited by every bozo out there with a widget that he feels he should hock to you." The article goes on to discuss the problems of privacy in the computer age, and mentions two other CD-ROM databases that are publicly available: PhoneDisc USA, from a corporation of the same name in Marblehead, Mass., lists 90 million names, addresses and phone numbers nation wide. MetroScan CD, from Transamerica Information Management in Sacramento, is a database containing housing ownership information, from deed filings, and for a given address provides the owner's name, address, when the building was purchased, how many bedrooms and bathrooms it has, how many square feet it has, and it's property tax assessment. In the article, Ken Smith, from Transamerica Information Magagement, is quoted as saying: "I'm very much in favor of making the information, if it's in the public domain, available to a very wide audience, rather than just major corporations and government agencies. It's a very, very powerful tool for the little guy." and further: "I don't think the privace issue has been a concern yet. I can see where it might be in the future, but it's not a problem now." Finally the article goes back to Dante Tuccero, from PhoneDisc USA Corp., listing such PhoneDisc customers as "the U.S. Drug Enforcement Administration, the Navy, the Air Force, the Social Security Administration, as well as local libraries and law enforcement, public investigators, geneologists, and even high school and college reunions." Quoting Tuccero, "There's a company in Langley, Va,. that uses it, I believe, but wouldn't say so." The last paragraphs of the article point out that "the direct-mail company that provides PhoneDisc with most of it's data prefers to remain off other people's lists." "We're not at liberty to share that," Tuccero said, "A lot of data providers like to be low key." The saddest part of the whole article, in my opinion, is this statement from Turner: "I have voted in every election since I was 18, and I think (this) was the last election I'll ever vote in." [For those concerned about the PhoneDisc listings, they will remove your name from the next release of their CD if you call. They claim that only two people have called so far. I imagine we can change that! Their number in Marblehead, Mass. as given by directory assistance, is 617-639-2900.] ---------------------------------------------------------------------------- Norman R. Kraft INET : nkraft@bkhouse.cts.com Senior Partner UUCP : ucsd!crash!bkhouse!nkraft Argus Computing GENIE : N.KRAFT3 San Diego, CA PORTAL: nkraft@cup.portal.com - ---------------------------------------------------------------------------- A response came in also: In article nkraft@bkhouse.cts.com (Norman Kraft) writes: > >The article goes on to discuss the problems of privacy in the computer >age, and mentions two other CD-ROM databases that are publicly available: >PhoneDisc USA, from a corporation of the same name in Marblehead, Mass., >lists 90 million names, addresses and phone numbers nation wide. ... >[For those concerned about the PhoneDisc listings, they will remove >your name from the next release of their CD if you call. They claim >that only two people have called so far. I imagine we can change >that! Their number in Marblehead, Mass. as given by directory assistance, >is 617-639-2900.] I called this number to get removed from their list. The lady who answered the phone was polite, and told me that they got their information from the white pages of phone books around the country, which are public information. I told her I wanted to be removed from their product, and she responded that all I needed to do was to get an unlisted number from the phone company so that I would not be in the next phone book, and that would prevent me from getting into the next copy of their product. They will not remove someone from it individually. Looks like more cause for concern... - -- Jim Gillogly | Get a MUSH, dude. jim@rand.org | - Jim Gillogly -- Professor Lance J. Hoffman Department of Electrical Engineering and Computer Science The George Washington University Washington, D. C. 20052 (202) 994-4955 fax: (202) 994-0227 hoffman@seas.gwu.edu ------------------------------ Date: Fri, 19 Jun 92 02:21:33 XDT From: Anonymous Subject: Thoughts on the FBI wiretapping proposal The more I think about the FBI's proposal, the less I worry specifically about "dial-a-wiretap" and the more I worry about the other consequences of the FBI's proposal. Don't get me wrong -- the abuse potential of dial-a-wiretap *is* enormous, and it must be stopped. But as long as the vast majority of residential telephone loops remain as analog signals on copper pairs, wiretapping (legal or illegal) will remain so incredibly easy that, quite frankly, it hardly seems to matter if dial-a-wiretap is added. Consider that it is probably easier to add logging to a dial-a-wiretap system that would catch at least the more unsophisticated abusers than it is to continuously audit every cable pair and connector block in an entire telco's loop plant. So stopping dial-a-wiretap won't really solve the problem. The only truly effective solution, of course, is user-provided end-to-end encryption. I predict that effective telephone voice encryption systems will be readily available to the average person within a few years -- with or without the government's blessing. Consider that two of the three main hardware elements of a secure phone are already available as generic (i.e., uncontrollable) products on the open market: V.32 (or faster) modems for digital transmission and PC-class computers for executing encryption algorithms. The third element, the high quality 8 kb/s vocoder (voice coder), is about to become a mass consumer electronics item thanks to the development of the digital cellular telephone. Alternatively, with the development of even faster dialup modems (such as V.32bis and V.fast), older, less efficient speech coders of lower voice quality (e.g., Motorola's 16 kb/s CVSD chips) could be used instead of the newer vocoders. So given the necessary hardware, you only need the right software to tie it all together into a secure phone. When the hardware does become widely available, the software will almost certainly appear shortly thereafter. And the government will not be able to affect significantly its availability, only the manner of its distribution. That is, it would be relatively easy to close down a business that openly sells and supports fully assembled secure telephones. But trying to stop individuals from writing and giving away software that turns widely available generic computer components into secure telephones would make the "drug war" look like a rout in comparison. So that's why I'm not quite as worried as I was at first about "dial-a-wiretap". Or perhaps I'm even more worried about the FBI's proposal to ban the introduction of new products services that are harder to wiretap than the old ones. Consider the aforementioned V.32 modem. I've heard that telco security people have in the past recorded the keystrokes of suspect hackers by getting a wiretap warrant and decoding both sides of the call with a specially modified modem. This was relatively easy with older modems like V.22bis, because they split the audio band into originate and receive sections. You just separate the combined signals on the two-wire line with filters and demodulate them separately. But V.32 and newer modems (V.32bis, V.fast) use echo cancellation, not frequency separation. The entire audio band is used simultaneously for both directions. This must make it noticeably harder (though not impossible) to tap a 2-wire customer line carrying such signals. The newer modems have even more complex signal constellations than V.32 and are undoubtedly even harder to intercept. What if the FBI moved to block the marketing of the new V.fast modem because it wasn't easily tapped? Then there's data compression. V.42bis data compression requires an error correction protocol because both sender and receiver build a code tree that depends on the data being sent. If an error occurs, all of the uncompressed data past that point is garbled. But if an eavesdropper's demodulator makes an error, he can't exactly ask the sending party for a retransmission. What if the FBI banned modems with compression because they're too hard to tap? Several new radio services would also be threatened by the FBI's rules. Digital cellular telephones are a good example. Neither of the proposed standards (TDMA and CDMA) include encryption per se because of NSA pressure on a fickle industry concerned more with its export markets than customer privacy, and an apathetic public that let them both get away with it. But both systems use signals that are significantly more complex than existing analog cellular, and they will be considerably more difficult to intercept as a result. The primary purpose of both systems is to increase the capacity of the cellular spectrum by allowing more calls to coexist in the same area. This requires an increase in the allowable amount of interference, and this could make it much harder for an eavesdropper to pick out the signal he wants. So suppose the FBI bans the deployment of these systems because they're too hard to intercept, thus denying customers the benefits of greatly increased capacity? I could think of many more examples, but the hour is late. Suffice it to say that although none of these modern (unencrypted) systems would pose more than a minor annoyance for the NSA, the FBI would apparently have us believe that it has serious trouble extracting voice from T1 lines (which have been around for 30 years now). So almost ANY modern form of communications is likely to give them fits. Give them veto power over us, and we might as well shut down the entire US telecommunications R&D effort. ------------------------------ Date: Wed, 17 Jun 92 17:42:42 PDT From: Bruce R Koball Subject: CFP'93 Call for Participation Call for Participation CFP'93 The Third Conference on Computers, Freedom and Privacy Sponsored by ACM SIGCOMM, SIGCAS & SIGSAC 9 - 12 March 1993 San Francisco Airport Marriott Hotel, Burlingame, CA INVITATION This is an invitation to submit session and topic proposals for inclusion in the program of the Third Conference on Computers, Freedom and Privacy. Proposals may be for individual talks, panel discussions, debates or other presentations in appropriate formats. Proposed topics should be within the general scope of the conference, as outlined below. SCOPE The advance of computer and telecommunications technologies holds great promise for individuals and society. From convenience for consumers and efficiency in commerce to improved public health and safety and increased participation in democratic institutions, these technologies can fundamentally transform our lives. At the same time these technologies pose threats to the ideals of a free and open society. Personal privacy is increasingly at risk from invasion by high-tech surveillance and eavesdropping. The myriad databases containing personal information maintained in the public and private sectors expose private life to constant scrutiny. Technological advances also enable new forms of illegal activity, posing new problems for legal and law enforcement officials and challenging the very definitions of crime and civil liberties. But technologies used to combat these crimes can threaten the traditional barriers between the individual and the state. Even such fundamental notions as speech, assembly and property are being transformed by these technologies, throwing into question the basic Constitutional protections that have guarded them. Similarly, information knows no borders; as the scope of economies becomes global and as networked communities transcend international boundaries, ways must be found to reconcile competing political, social and economic interests in the digital domain. The Third Conference on Computers, Freedom and Privacy will assemble experts, advocates and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to address the impact of computer and telecommunications technologies on freedom and privacy in society. Participants will include people from the fields of computer science, law, business, research, information, library science, health, public policy, government, law enforcement, public advocacy and many others. Topics covered in previous CFP conferences include: Personal Information and Privacy International Perspectives and Impacts Law Enforcement and Civil Liberties Ethics, Morality and Criminality Electronic Speech, Press and Assembly Who Logs On (Computer & Telecom Networks) Free Speech and the Public Telephone Network Access to Government Information Computer-based Surveillance of Individuals Computers in the Workplace Who Holds the Keys? (Cryptography) Who's in Your Genes? (Genetic Information) Ethics and Education Public Policy for the 21st Century These topics are given as examples and are not meant to exclude other possible topics on the general subject of Computers, Freedom and Privacy. PROPOSAL SUBMISSION All proposals should be accompanied by a position statement of at least one page, describing the proposed presentation, its theme and format. Proposals for panel discussions, debates and other multi-person presentations should include a list of proposed participants and session chair. Proposals should be sent to: CFP'93 Proposals 2210 Sixth Street Berkeley, CA 94710 or by email to: cfp93@well.sf.ca.us with the word "Proposal" in the subject line. Proposals should be submitted as soon as possible to allow thorough consideration for inclusion in the formal program. The deadline for submissions is 15 August 1992. STUDENT PAPER COMPETITION Full time students are invited to enter the student paper competition. Winners will receive a scholarship to attend the conference and present their papers. Papers should not exceed 2500 words and should address the impact of computer and telecommunications technologies on freedom and privacy in society. All papers should be submitted to Professor Dorothy Denning by 15 October 1992. Authors may submit their papers either by sending them as straight text via email to: denning@cs.georgetown.edu or by sending 6 printed copies to: Professor Dorothy Denning Georgetown University Dept. of Computer Science 225 Reiss Science Bldg. Washington DC 20057 Submitters should include the name of their institution, degree program, and a signed statement affirming that they are a full- time student at their institution and that the paper is an original, unpublished work of their own. INFORMATION For more information on the CFP'93 program and advance registration, as it becomes available, write to: CFP'93 Information 2210 Sixth Street Berkeley, CA 94710 or send email to: cfp93@well.sf.ca.us with the word "Information" in the subject line. THE ORGANIZERS General Chair ------------- Bruce R. Koball CFP'93 2210 Sixth Street Berkeley, CA 94710 510-845-1350 (voice) 510-845-3946 (fax) bkoball@well.sf.ca.us Steering Committee ------------------ John Baker Mitch Ratcliffe Equifax MacWeek Magazine Mary J. Culnan David D. Redell Georgetown University DEC Systems Research Center Dorothy Denning Georgetown University Marc Rotenberg Computer Professionals Les Earnest for Social Responsibility GeoGroup, Inc. C. James Schmidt Mike Godwin San Jose State University Electronic Frontier Foundation Barbara Simons Mark Graham IBM Pandora Systems Lee Tien Lance J. Hoffman Attorney George Washington University George Trubow Donald G. Ingraham John Marshall Law School Office of the District Attorney, Alameda County, CA Willis Ware Rand Corp. Simona Nass Student - Cardozo Law School Jim Warren MicroTimes Peter G. Neumann & Autodesk, Inc. SRI International Affiliations are listed for identification only. Please distribute and post this notice! ------------------------------ End of PRIVACY Forum Digest 01.05 ************************