PRIVACY Forum Digest Sunday, 26 September 1993 Volume 02 : Issue 31 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: consciousness and the DMV (Darren Senn) DES is a dead dog... (Alan Wexelblat) CPSR Alert 2.01 (Dave Banisar) [Extracts by MODERATOR] Recent Journal Articles on Computers and Privacy? (Bruce Jones) Wiretap Article (Dorothy Denning) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 31 Quote for the day: "Uh, just one more thing..." -- Variations on this line were spoken by Columbo (Peter Falk) in virtually every episode of "Columbo" (1971-1978, 1989-1990). ---------------------------------------------------------------------- Date: Mon, 30 Aug 1993 08:32:38 -0800 (PDT) From: sinster@scintilla.santa-clara.ca.us (Darren Senn) Subject: Re: consciousness and the DMV Thus spake Mel Beckman: > [...] While there may be isolated > cases of abuse, as there are with most every law, the problem is not the law > but individuals who overstep their authority. I disagree. The problem definately _is_ with the law. To be specific, paragraphs (a) and (f) are the problem: > From: Henry Unger [...] > (a) [...] However, if a > physician and surgeon reasonably and in good faith believes that > the reporting of a patient will serve the public interest, he or > she may report a patient's condition even if it may not be > required under the state department's definition of disorders > characterized by lapses of consciousness pursuant to subdivision > (d). [...] > (f) A physician and surgeon who reports a patient diagnosed > as a case of a disorder characterized by lapses of consciousness > pursuant to this section shall not be civilly or criminally > liable to any patient for making any report required or > authorized by this section. (Amended by Stats 1987 ch 321 S1; ^^^^^^^^^^ > Stats 1990 ch 911 S2, eff. 1/1/91.) These two prevent any recourse on the part of the patient for dealing with these overenthusiastic medical staffs. -- Darren Senn Phone: (408) 988-2640 Snail: 620 Park View Drive #206 sinster@scintilla.santa-clara.ca.us Santa Clara, CA 95054 ------------------------------ Date: Wed, 8 Sep 93 13:13:12 -0400 From: "Alan (Gesture Man) Wexelblat" Subject: DES is a dead dog... > From: Philip Zimmermann > Subject: Re: DES Key Search Paper (fwd) > > Michael Weiner presented a paper at Crypto93 that describes a fast DES key > search engine that uses a special inside-out DES chip that he designed. > This chip takes a single plaintext/ciphertext pair and quickly tries DES > keys until it finds one that produces the given ciphertext from the given > plaintext. Weiner can get these chips made for $10.50 each in quantity, and > can build a special machine with 57000 of these chips for $1 million. This > machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours > on the average. He works for Bell Northern Research in Ottawa, and says > they have not actually built this machine, but he has the chip fully > designed and ready for fabrication. > > This is a stunning breakthrough in the realization of practical DES > cracking. BTW-- note that PEM uses straight 56-bit DES. > > -prz ------------------------------ Date: Mon, 13 Sep 1993 12:55:03 EST From: Dave Banisar Subject: CPSR Alert 2.01 [Extracts by MODERATOR] [ I have extracted items of interest to this forum from the complete CPSR Alert text. Readers wishing to obtain the entire publication should contact CPSR directly. -- MODERATOR ] CPSR Alert 2.01 ============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.01 September 10, 1993 ------------------------------------------------------------- Published by the Computer Professionals for Social Responsibility Washington Office Editor: Dave Banisar -------- CPSR Washington Office Staff: Director: Marc Rotenberg (rotenberg@washofc.cpsr.org) Legal Counsel: David Sobel (sobel@washofc.cpsr.org) Policy Analyst: Dave Banisar (banisar@washofc.cpsr.org) ------------------------------------------------------------- ... [3] National Performance Review Highlights. The NPR, a massive study on streamlining government headed by Vice President Albert Gore, has endorsed the creation of a Privacy Protection Board and the development of uniform privacy protection practices. It has also recommended the development of a Digital Signature Standard by January 1994. Other information technology recommendations include implementing nationwide, integrated electronics benefits transfer, developing integrated electronic access to government (including information kiosks and a government wide electronic bulletin board system), the development of a national law enforcement/public safety network, government wide electronic mail and indexes for environmental and trade data. It also calls for the establishment of a government information infrastructure. A spokesman in the Vice President's office told the Alert that the specifics of the recommendations would be released within a few weeks. Government sources have indicated that many of the information technology recommendations originated at the National Institute of Standards and Technology. An electronic copy of the NPR is available from the CPSR Internet Library. See below (#8) for details. ------------------------------------------------------------- [4] Gov't Panel Questions Clipper Chip Proposal After two days of sometimes tumultuous hearings, a government advisory board chartered to advise the administration and Congress on computer security and privacy issued two resolutions questioning many of the aspects of the Clinton Administration's controversial new encryption scheme, the Clipper Chip. The National Institute of Standards and Technology's Computer System Security and Privacy Advisory Board (CSSPAB) expressed continued concern over many aspects of the proposal including the lack of a convincing statement expressing the problems that the Clipper is supposed to solve, the need to look for possible alternatives to the proposal, the legal, economic, export controls issues, and software implementation of the proposal. In addition, the board also expressed concern that the Clipper proposal could negatively impact the availability of cost-effective security products to the US government and industry and that it may not be marketable or usable worldwide. In a second resolution, the board unanimously called for a public debate of the proposal and recommended that Congress take an active role in determining US cryptography policy. It also recommended that any new policy must address the interests of law enforcement and intelligence, US industry and citizens' privacy and security in the US and worldwide. At the hearings, Geoff Greiveldinger from the Department of Justice reported that the key escrow agents will be announced within a few weeks after a briefing for members of Congress. Sources inside the administration indicate that the administration may have decided to eliminate from consideration outside organizations holding the keys and is leaning towards the Department of the Treasury as one of the key holders. In addition, NIST Deputy Director Ray Kammer announced that the Data Encryption Standard (DES) will be recertified for government, non-classified use for another five years. The paperwork has been sent to Secretary of Commerce Ron Brown, who is expected to sign it within two weeks. The Clipper proposal was introduced April 16, 1993 and has been strongly opposed by both civil liberties groups and industry. The proposal calls for use of a secret encryption chip designed by the National Security Agency for non-classified voice and data transmission. The keys for the chip would be split and held in escrow by two government agencies. NIST has submitted the Clipper proposal for public comment. The FIPS was published in the Federal Register at Volume 58, page 40791 (July 30, 1993) and is also available in electronic form from the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/crypto/clipper/call-for-comments. Comments are due to NIST by September 28, 1993 to the Director, Computer Systems Laboratory, ATTN: Proposed FIPS for Escrowed Encryption Standard, Technology Building, room B-154, National Institute of Standards and Technology, Gaithersburg, MD 20899. Other background material on the Clipper proposal and other cryptography issues is also available from the CPSR Internet Library. CPSR has created an archive of comments on the proposal and has asked people to electronically submit a copy of their comments to clipper@washofc.cpsr.org. A 450 page source book of materials on crypto policy is available from CPSR for $50.00. Contact banisar@washofc.cpsr.org for more information. ------------------------------------------------------------- [5] Public Interest NII Coalition Meets in DC The third meeting of the Telecommunications Policy Roundtable took place on September 7 at the Carnegie Endowment for International Peace in Washington, DC. Representatives from more than 60 public interest organizations gathered to discuss the development of a public interest agenda for the NII. CPSR President Eric Roberts, Board member Todd Newman, and Seattle Chapter stalwart Doug Schuler flew in from the West Coast to attend the meeting. Larry Irving, Assistant Secretary of Commerce and head of the National Telecommunication Information Administration spoke to the group about the administration's plans for the National Information Infrastructure. Mr. Irving said that he believed that universal service will be one of the critical goals. He also said that the administration seeks to development a competitive marketplace for information services and to establish necessary consumer safeguards. The TPR proposed a set of public interest policy principles and prepared a document titled "Renewing the Commitment to Public Interest Communications Policy. " The policies covered freedom of communication, vital civic sector, universal access, competitive markets, privacy protection, equitable workplace, and democratic decision-making. (A copy of the draft document is available from the CPSR archive). A formal press conference is scheduled for Thursday, October 7 at the National Press Club. The next meeting of the TPR will be Tuesday, October 5. For more information, contact Jeff Chester, Center for Media Education (cme@access.digex.net) ------------------------------------------------------------- [6] California Passes Landmark Information Access Bill The California Assembly on September 8 voted 78 to 0 for a bill to make California legislative information available though the Internet. The bill (AB1624) was previously approved by the state Senate and now goes to Governor Pete Wilson, who has 12 days to veto it before it becomes law. The bill requires electronic distribution of the legislative agenda and requires the " Legislative Council...to make available to the public, by means of access by way of the largest non-propriety, non-profit cooperative public computer network, specified information concerning bills, [and] the proceedings of the houses." It goes into effect January 1, 1994. The grassroots battle to pass this bill was led by Micro Times columnist and CPSR member Jim Warren. Using electronic networks, he organized a massive national fax , telephone and letter writing campaign to support the bill. It was opposed by LOGI-TECH, an information provider that sells legislative data. ------------------------------------------------------------- [7] Wisconsin Looking for Privacy Advocate From: oravec@cs.wisc.edu (Jo Ann Oravec) Privacy Advocate... Madison, Wisconsin The State of Wisconsin is seeking a person responsible for support and advocacy in development and implementation of state and local government policies that protect personal privacy. This position reports to the Privacy Council. Background in business and government application of information technology. Salary $33,000 per year plus excellent benefits. Applicants should submit a detailed resume and a statement outlining their perspectives and approaches to privacy concerns to Mary Becker (608-266-0058, FAX 608-264-9500), Department of Administration, 9th Floor, 101 E. Wilson, P.O. Box 7869, Madison, WI 53707-7869. Materials must be received before 4:30 PM on September 27, 1993. ------------------------------------------------------------- [8] The CPSR Internet Library CPSR has set up an archive of materials on privacy, cryptography, information access, the National Information Infrastructure and other related issues. Recent additions to the archive include the entire National Performance Review report, and the full text of the Freedom of Information Act and the Federal Privacy Act of 1974. NPR /cpsr/clinton/npr FOIA /cpsr/foia/foia.txt Privacy Act of 1974 /cpsr/privacy_law/privacy_act_1974.txt The archive also archives materials from Privacy International, the US Privacy Council, the Taxpayers Assets Project and the Cypherpunks cryptography group. To access the archive, FTP/WAIS/Gopher cpsr.org. ------------------------------------------------------------- [9] Upcoming Events International Privacy Roundtable, sponsored by Privacy International and the University of Manchester Law School- Manchester, England. September 29, 1993. Contact: simon davies (davies@privint.demon.co.uk). National Computer Security Conference, sponsored by NIST and NSA. Baltimore Convention Center, Baltimore, MD. September 20-23, 1993 Contact NIST 301-975-2762. CPSR Annual Meeting,Seattle, WA. October 16-17, Contact: Aki Namioka (aki@atc.boeing.com) Computers Freedom and Privacy 4. Chicago, Ill. March 1993. Contact: George Trubow, 312-987-1445 (cfp94@jmls.edu) ============================================================== To subscribe to the alert, send a message to listserv@gwuvm.gwu.edu "subscribe cpsr " (without quotes or brackets) to listserv@gwuvm.gwu.edu. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr@cpsr.org ... ------------------------------ Date: Tue, 14 Sep 1993 11:18:06 -0700 From: bjones@weber.ucsd.edu (Bruce Jones) Subject: Recent Journal Articles on Computers and Privacy? I am tentatively scheduled to teach a course on computers and networks for the Department of Communication at UCSD. The course will be organized around the Internet and current cultural, social, economic, and political debates: privacy, commercialization and privatization, anonymity/identity, computer networks and the changing nature of work, electronic publishing and copyright, etc. I am looking here for references to recent journal articles covering current privacy and computer network concerns that I might use in a course reader for this upper-division course. Thank you, Bruce Jones Communication Department bjones@ucsd.edu/bitnet University of California, San Diego (619) 534-0417/4410 9500 Gilman Drive FAX (619) 534-7315 La Jolla, Ca. 92093-0503 ------------------------------ Date: Fri, 24 Sep 1993 16:49:45 -0400 (EDT) From: denning@cs.georgetown.edu (Dorothy Denning) Subject: Wiretap Article The following article on wiretap laws and procedures was written in response to the many questions and misunderstandings that have arisen about wiretaps in the context of escrowed encryption as well as Digital Telephony. This article may be distributed. Dorothy Denning denning@cs.georgetown.edu [ I have included the introductory portion of the paper below. The entire text (~33K bytes) has been placed into the PRIVACY Forum archives. To access: Via Anon FTP: From site "ftp.vortex.com": /privacy/wiretap-laws.Z or: /privacy/wiretap-laws Via e-mail: Send mail to "listserv@vortex.com" with the line: get privacy wiretap-laws as the first text in the BODY of your message. Via gopher: From the gopher server on site "gopher.vortex.com" in the "*** PRIVACY Forum ***" area under "wiretap-laws". -- MODERATOR ] ----------------------------------------- WIRETAP LAWS AND PROCEDURES WHAT HAPPENS WHEN THE U.S. GOVERNMENT TAPS A LINE Donald P. Delaney, Senior Investigator New York State Police Dorothy E. Denning, Professor and Chair Computer Science Department, Georgetown University John Kaye, County Prosecutor Monmouth County, New Jersey Alan R. McDonald, Special Assistant to the Assistant Director Technical Services Division, Federal Bureau of Investigation September 23, 1993 1. Introduction Although wiretaps are generally illegal in the United States, the federal government and the governments of thirty seven states have been authorized through federal and state legislation to intercept wire and electronic communications under certain stringent rules which include obtaining a court order. These rules have been designed to ensure the protection of individual privacy and Fourth Amendment rights, while permitting the use of wiretaps for investigations of serious criminal activity and for foreign intelligence. This article describes the legal requirements for government interceptions of wire and electronic communications and some of the additional procedures and practices followed by federal and state agencies. The legal requirements are rooted in two pieces of federal legislation: the Omnibus Crime Control and Safe Streets Act (Title III of the Act (hereafter "Title III")), passed in 1968, and the Foreign Intelligence Surveillance Act (FISA), passed in 1978. Title III established the basic law for federal and state law enforcement interceptions performed for the purpose of criminal investigations, while FISA established the law for federal-level interceptions performed for intelligence and counterintelligence operations. We will first describe Title III interceptions and then describe FISA interceptions. ------------------------------ End of PRIVACY Forum Digest 02.31 ************************