PRIVACY Forum Digest Sunday, 6 November 1994 Volume 03 : Issue 21 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Risks in VAP? (Jim Guyton) Calling Card Privacy? (Charles R. Trew) Lies, damn lies, and statistics (Geoff Kuenning) Re: MCI Employee Charged in $50 Million Calling Card Fraud (Barry Gold) Drivers license as universal ID? (John Sullivan) Discover Card "Fraud" Mailing (Lauren Weinstein; PRIVACY Forum Moderator) HTTP, New Browsers, & Privacy (Ed Kubaitis) Orwell was off by 499 channels, and what to do about it (Curt Bramblett) Intelligent Transportation Systems (Phil Agre) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW home page at the URL: "http://www.vortex.com/". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 03, ISSUE 21 Quote for the day: "Rosebud." -- Charles Foster Kane (Orson Welles) "Citizen Kane" (1941) ---------------------------------------------------------------------- Date: Fri, 04 Nov 1994 14:13:42 -0700 From: Jim Guyton Subject: Risks in VAP? From Netnews: Newsgroups: boulder.general,co.general,cu.general From: raney@teal.csn.org (Scott Raney) Subject: Don't know who to vote for? Try VAP! Message-ID: Organization: The Voting Assistance Program Date: Sat, 29 Oct 1994 01:51:29 GMT The Voting Assistance Program is now on-line and ready to help you determine which candidates most closely match your description of the ideal elected official. Getting your VAP report is easy: 1) Email to form@vap.org to get the form on which you'll describe your ideal elected official. 2) Fill out the form, and email it back to score@vap.org. A computer program will match your description with all of the candidates for the Colorado state legislature, and will email back a report showing you which candidates most closely match your ideal elected official. For this limited demonstration run, only data for the candidates for Colorado state legislature (both House and Senate) is available. Voters from all states and foreign countries are encouraged to try the system, however, and to make suggestions on how to improve it. This is a free public service, and no voter data will be released. Your description of the ideal elected official will only be seen by the computer program that does the scoring. If you have questions about VAP, please email to faq@vap.org to get the Frequently Asked Questions list. -- *********************************************************************** * Scott Raney 303-447-3936 Remember: the better you look, * * raney@metacard.com the more you'll see -- Lidia * *********************************************************************** ------------------------------ Date: 28 Oct 1994 17:29:17 GMT From: "CHARLES R TREW" Subject: Calling Card Privacy? The pre-paid phone calling card is a major growth area in the telecommunications business. Customers pre-pay for the phone cards in amounts from $5.00 to $50.00. The cards have a unique code number which is entered after the customer dials an 800 number to access the system. The cards are sold at supermarkets, convenience stores, check cashing stores, etc. In most situations, customers do not have to give their name to purchase these cards, just cash. However, one of the largest and fastest growing check cashing chains, ACE - America's Cash Express, is requiring customers to give their Social Security number to purchase their phone cards. This obviously allows direct tracing of any calls made on the card by the customers. A spokeswoman for the company said that this was so the company could expedite a refund if the card was lost. Thanks, but I'll take my chances, and my business, elsewhere. ------------------------------ Date: Mon, 24 Oct 94 22:17:42 -0700 From: desint!geoff@uunet.uu.net (Geoff Kuenning) Subject: Lies, damn lies, and statistics This is a bit out of date, since the DT bill was passed by an ignorant Senate despite our best efforts to point out the flaws. But unlike Dorothy Denning, I can't let some of the FBI claims pass unexamined. Dr. Denning writes: > FBI Director Louis Freeh reported that a recent informal survey by the > FBI identified 183 instances where law enforcement was frustrated by > technological impediments. This figure includes orders for dialing > information as well as call content, but excludes those instances where > court orders were never sought or served on carriers because the > impediments were known in advance. ... > Director Freeh predicted that loss of a viable electronic surveillance > technique would result in a substantial loss of life; a substantial > increase in corruption and economic harm to business, industry, and > labor unions caused by the growth/emergence of organized crime groups; > a substantial increase in the availability of illegal drugs; a > substantial increase in undetected and unprosecuted public corruption > and fraud against the government; a substantial increase in undetected > and unprosecuted terrorist acts and murders; and a substantial increase > in acquittals and hung juries resulting from lack of direct and > persuasive evidence. He estimated the economic harm to be in the > billions of dollars. He predicted "dire consequences to effective law > enforcement, the public safety, and the national security if no binding > solution to [the problem of maintaining a wiretap capability] is > obtained." Okay, let's take Director Freeh's claims at face value. He certainly likes the word "substantial." How about loss of life? If, on the average, every undone wiretap would have saved a life (most unlikely, since by his own admission many of the 183 instances involved only pen registers, and it's reasonable to assume that knowing the number dialed will not prevent a death), then this would have cut out 183 murders in the U.S. Of course, Director Freeh doesn't give us a time frame for the 183 instances. Let's assume a year. Anybody got annual murder statistics for the country? I know that L.A. alone is running around 700. Nationwide, 183 is a drop in the bucket. Nothing to sneer at, if you're a victim, but definitely something to worry about when we're talking about the Big Brother organization who spied on John Lennon and Leonard Bernstein, and who now wants us to pay billions to enable wiretapping. The same simple analysis can be applied to every one of Director Freeh's claims, so I'll spare you the math, except for one final note. The Director claims the economic harm will be in the billions (again, in the interests of maximizing his hyperbole, he doesn't specify a time frame). It's not hard to calculate $1,000,000,000 / 183 and get $5,464,480. Okay, maybe I'm being unfair because the Director was assuming many more than 183 wiretaps, now that he has DT. (Does that make you feel safer? Luciano Pavarotti, the well-known terrorist, probably doesn't.) But then again, the Director did pluralize "billion." All in all, I'm not impressed. These people have a history of admiring and emulating the techniques of despots. They have a history of ignoring, circumventing, and criticizing the protections of the Constitution. And Dr. Denning doesn't question any of it. No thanks. Geoff Kuenning geoff@itcorp.com uunet!desint!geoff ------------------------------ Date: Wed, 26 Oct 94 11:19:27 PDT From: Barry Gold Subject: Re: MCI Employee Charged in $50 Million Calling Card Fraud In Volume 03 : Issue 20, Monty Solomon quotes: > I think it is time to have another massive crackdown, similar to > Operation Sun Devil a few years ago. Let's start getting really > tough on hackers and phreaks. > > Patrick Townson (author of the quoted article?) Hmmm. You mean, like the *really brilliant* seizure of Steve Jackson Games' computers in OSD? I hope the Secret Service is better at protecting the president than they have shown themselves to be at dealing with computer crime issues. Make no mistake, we need some protection against massive fraud of this kind. But I doubt if ill thought out "crackdowns" like OSD are the right answer. And in fact, the article appears to show that the internal security of service providers like MCI are probably better equipped than the Secret Service to do this job. Let the service providers--who understand the technical issues(*)--find the phreaks and crackers. Then bring in the cops (and SS, if needed) to arrest the perps. (*) if they don't, they better learn fast. They have the biggest financial incentive to get it right: losses of the type described in the article if they don't catch the perps, and possible damages if they pull the kind of stupid stunt OSD did. (And private companies can have punitive damages assessed against them, which the SS managed to escape in the SJG case.) ------------------------------ Date: Thu, 27 Oct 1994 15:05:53 -0500 From: sullivan@geom.umn.edu Subject: Drivers license as universal ID? [ From RISKS-FORUM Digest; Volume 16 : Issue 51 -- PRIVACY Forum MODERATOR ] Minnesota is just introducing a new drivers license, with new security features, as well as a bar code and a magnetic stip (with full name, date of birth, and license number). The photo and signature are digitized, and presumably stored by the state as well as being printed on the card. I learned about the new licenses from an article in City Pages, a free weekly here in the Twin Cities. The new licenses are produced (for $1.29 apiece) by Deluxe (the check printers). About 4000 drivers had to go back to have their pictures retaken because they were transmitted at night from one computer to another over "incompatible phone lines" [whatever that means] and billions of bits went "screaming into the ether". Deluxe blames a subcontractor. Since the magstripe can hold about 256bytes, there have been discussions about what else might be stored there. Things like a list of cars and guns registered in your name, perhaps. Or, people receiving food stamps or welfare might use their license to obtain their benefits, either at a food-store cashier or from an ATM. Don Gemberling, director of MN's Public Information Policy Analysis Divison, evidently did raise the privacy issues during the planning process, noting that a "universal personal identifier ... has been consistently resisted in this country". Alice Gonzalo (assistant director of DVS, the state Driver and Vehicle Services Division) notes that DVS already sells driver's license information, sorted by different fields. (One could buy a list of Minnesotans over 6'3", for instance.) There is already a national database of drivers with commercial licenses, called AAMVANET, and there are plans to expand this to all drivers. In Wisconsin, a driver's license can be suspended for failure to pay fines unrelated to driving (like library fines). MN dept of Administration's Bob Schroeder says In my opinion, the driver's license has nothing to do with driving. How many times have you pulled it out because an officer asked you for it? You pull it out much more because someone at a store of a check-cashing place wants to know who you are. It has less to do with driving and more to do with being a universal identifier, a way for you to be identified over the long term. Business really relies on the state to establish this sort of identifier for them. John Sullivan sullivan@geom.umn.edu [ The push for a "universal" ID of some sort in the U.S. is gaining additional steam from the anti-immigrant hysteria sweeping this country (and the rest of the world, for that matter). It has manifested itself in a particularly illogical form as California Proposition 187, one of the least well thought out ballot measures I've seen in a very long time. I prefer to call it the "lawyer's full employment act", since it's unlikely to do much more than give lots of lawyers lots of work, since many of its provisions are clearly unconstitutional or would violate federal law and existing Supreme Court decisions. Gov. Wilson of California has apparently already expressed his willingness to see his state used as a testbed for a universal ID card. Whether you consider this to be a good idea or not depends on your point of view, of course. Discussion would be welcome in this forum. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Sun, 6 Nov 94 11:20 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Discover Card "Fraud" Mailing It appears that the Discover Card folks have sent out a mass mailing asking most (or all) of their cardholders to provide their social security number and mother's maiden name on a form that already includes their Discover Card account number--ostensibly to help eliminate fraud. Outside of the fact that using this widely available data for fraud control purposes is an increasingly discredited idea, the additional dangers of asking people to put all the identifying information for their account on one form, in an envelope prominently addressed to their "fraud" control department, seems like a misguided idea, for obvious reasons. Another oddity: One would think that when the card was originally issued that same data would have already been obtained--why would they suddenly be trying to obtain it now, and with a BULK class mailing no less, which many folks will probably simply throw in the trash assuming it's advertising! Curious, to say the least. --Lauren-- ------------------------------ Date: 30 Oct 1994 20:10:31 GMT From: Ed Kubaitis - CCSO Newsgroups: comp.infosystems.www.misc Subject: HTTP, New Browsers, & Privacy Organization: University of Illinois at Urbana A little known feature of the HTTP protocol and new browsers that support it seems to open the door to unsolicited direct mail, junk mail, perhaps even blackmail. See Niels Mayer's recent post: news:comp.infosystems.www.misc news:mayerCyCE3s.G8G@netcom.com Apparently, the HTTP protocol has a little known feature to allow browsers to identify their users to any HTTP server the user visits. Recent browsers that allow users to configure their name or email address now have what they need to support this feature. The following browsers *do* automatically provide this information: o MCom Netscape beta 0.9 (X, Macintosh) o NCSA Mosaic for Macintosh 2.0 alpha 8 Other browsers may do so as well. To check if your browser is handing out this information, open http://www.uiuc.edu/cgi-bin/printenv This CGI script displays client/server information available when the script is invoked. If you see a line with 'HTTP_FROM' and your email address, name, or account, then your browser *does* supply it to every site you visit. To me, there seems to be a very serious potential for abuse of this information. I hope that browser developers, if they choose to support this HTTP feature, take pains to do so only with the user's knowledge and consent. Something along the lines of a Yes/No popup with the question Automatically give this info to any site I visit? My guess is that any browser asking this question would not get many affirmative responses. -------------------------- Ed Kubaitis - ejk@uiuc.edu [ Further information indicates that future versions of the Netscape browser will probably be distributed with the name/address feature defaulting to off. A good idea. Some people don't realize, however, that the entire Internet inherently provides origin site information for all TCP/IP connections and UDP packets. Most sites quite sensibly log much of this information for security control purposes, since it provides one of the few ways to help track down the increasingly widespread network hacking problems. In most cases, origin sitename is available (though due to nameserver problems, sometimes only an IP number appears). However, for single-user workstations, the site ID is essentially the same as a person identifier in many cases. These aspects of the Internet are similar in some ways to the controversial telephone calling number identification (CNID) services. However, there are significant differences. While CNID in its usual implementations provides a phone number for the caller's precise location at the moment (which might be their office, home, a friend's house, a doctor's office, etc.), the provision of an Internet sitename is more of a "logical" address that remains the same regardless of from where the user might be logged-in to their system. It tends to be substantially less intrusive as a result. We'll explore this issue in more detail in the near future. The overall issue of controlling the use and distribution of user data collected in the process of providing services is an important one that has been little addressed by appropriate legislation. More on this below. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Fri, 4 Nov 1994 07:30:10 -0500 From: zzbramblettc@acad.winthrop.edu (CURT BRAMBLETT ) Subject: Orwell was off by 499 channels, and what to do about it This item is forwarded from TeleComReg because it raises interesting and serious privacy issues. Curt Bramblett ZzBramblettC@acad.winthrop.edu -- ---- ------- ------- - -- ------ - ---- --- - -------- --- ----- --- From: SMTP%"telecomreg@relay.adp.wisc.edu" 3-NOV-1994 10:59:15.88 To: zzbramblettc Subj: Orwell was off by 499 channels, and what to do about it reposted for: PAGRE@WEBER.UCSD.EDU ------------------------------------------------------------------------------- [Dave Moon asked me to send this to telecomreg -- it's a revised version of a message that I originally sent to Risks and Communet. -- PA] The NYT has an article about Bell Atlantic's video plans: Edmund L. Andrews, A launching pad for a video revolution, New York Times, 27 October 1994, pages C1, C6 [business section]. The point of the article is that BA wants to deliver video to customers, and is teaming up with people from Hollywood to obtain the content. An important issue for us, though, is the privacy aspects of the scheme. A few quotes will probably give the idea: "Company executives, convinced that they must distinguish themselves from today's established cable programmers [and so they plan to] offer more customized entertainment and shopping. "Thus, the company has tied together a computer system that could, almost like Orwell's Big Brother, monitor the movies that a person orders and then suggest others with the same actors or themes. "Going a step further, the system would enable advertisers to send commercials directly to customers known to have bought particular kinds of merchandise. Thus, people who bought camping equipment from a video catalogue might start seeing commercials for outdoor clothing." ... "The scale of the new center ... makes clear how serious Bell Atlantic is about this venture." If this sort of thing is really what people want, of course, then that's their perfect right. But advocates for other visions of technology can do plenty to ensure that people make informed choices. One is to inform people (in honest but vivid terms) that their program selections and purchases are being recorded, kept, and used for secondary purposes -- and that this practice is central to the business. Another is to keep on building things like the Internet and community networks -- and redouble efforts to publicize them by telling clear, powerful stories about them. The point is to show that privacy-enhancing and *genuinely* interactive technologies exist, and that they are useful, accessible, democratic, entertaining and convenient. As my colleague Francois Bar emphasizes, this sort of end-user experimentation is crucial for defining the architectures of the future. Bell Atlantic and its brethren are creating top-down, privacy-invasive, 500-channel visions of the future -- even though they haven't worked very well in pilot tests in real communities -- because that's the business model they know. We can try to suppress the Risks associated with this model, but that's like shoveling the tide back into the ocean -- a lot of work. Another approach to pursue in parallel is to create alternatives that offer *both* democratic values *and* a lucrative business model for the people who can supply the necessary infrastructure. BA et alia have heard of computer networking, of course -- the point is to create mass demand for it. This process starts with experimentation and continues with public relations. Here's a plan. If you're doing something terrific with networks, volunteer to demonstrate it in your local school. Get some great stories ready to tell about it. Invent some great buzzwords and sound bites. Then write a press release about the upcoming demo. Include some of the stories in it. Make the press release quote you as uttering your great sound bites. Mail or fax it to all the newspapers and TV stations in your area -- especially the small ones. (Or, if you have a bit of money, call up PR Newswire's 800 number and get them to do it for you.) And make it available on the net as a model for others to follow. Phil Agre, UCSD [ My personal belief is that there is really very little serious interest by the large communications firms in providing sophisticated computer networking to the masses (to business yes, to the masses no). The popular view of where the real money lies in the "information superhighway" (how I cringe every time I hear that term) is in pay-per-view entertainment of various sorts. When the telcos and big cable MSOs talk about 500 channel cable systems, they don't mention that most of those channels would be taken up with pay-per-view movies and home shopping services! Interestingly, the field tests of such systems to date have been generally fairly negative. People may say that they want all these fancy systems, but in practice there are quite low limits on what most are willing to pay for them. A tremendous amount of money is going to be lost by entities trying to rush into this area-- which makes it doubly important that regulated rate payers (e.g. ordinary telco subscribers) be financially isolated from these ventures. The privacy issues relating to these entertainment and information systems are "simply" another aspect of the overall topic of how information collected by services regarding the choices, opinions, buying habits, etc. of their users will be controlled. This isn't a new problem even in the cable TV industry, and has already been widely recognized in the videotape rental industry. As more and more of our day-to-day activites are "tracked" in the systems we use, these issues will come to impact virtually every facet of our lives. It seems unlikely that anything short of legislatively mandated rules will provide effective protections for consumers in these and related areas. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Wed, 2 Nov 1994 17:08:13 -0800 From: Phil Agre Subject: Intelligent Transportation Systems You've probably heard about Intelligent Transportation Systems (until recently called Intelligent Vehicle-Highway Systems). At least in the United States, it's a joint industry-government program which envisions employing massive amounts of computing and networking to distribute traffic information, collect tolls, and eventually automate driving altogether. You can probably imagine most of the potential problems. (See also previous articles and debate in Risks Digest 15.35 and 15.41, and Privacy Digest 2.34.) Industry (through a non-profit organization called ITS America) and the US government (through the Department of Transportation) have been developing what they call an "architecture" -- not a set of technical standards, just some basic decisions about how ITS will work and how the pieces will fit together. This is a pretty political activity, since different companies have interests in defining the technology to correspond to their own strengths. A wide variety of risks, including privacy risks, are definitely being taken into consideration, but it still remains to be seen how substantively. In particular, it remains to be seen whether privacy will be provided for simply through data security (which is important but isn't nearly the same thing as privacy) or by making users' anonymity a core principle of the architecture (for example, through cryptography-based schemes like digital cash). The process has gotten pretty advanced, and I'm told that a new round of reports on it will soon be issued, though I don't yet have the details. What I do know is that the ITS AMERICA FIFTH ANNUAL MEETING AND EXPOSITION will be held in Washington on 15-17 March 1995 at the Sheraton-Washington Hotel. Perhaps most importantly, ITS America technical committees will be meeting at this conference, and I gather from the conference program that these meetings will be open to all conference attendees. These committees are important because, once technical standards are set, it'll be difficult if not impossible to change ITS in any fundamental way because actual systems will begin proliferating that depend on the standards, thereby creating a large and well-organized interest group. That's why you might wish to do a bit of homework (such as checking whether your local university library has the proceedings of previous years' IVHS America conferences), attend this conference, participate (politely, of course) in the technical committee meetings, see for yourself if you think the process is being conducted responsibly, and report back to the net community. The address I have here for conference registration is: Registrar, ITS America, 400 Virginia Avenue SW Suite 800, Washington DC 20024-2730, phone (202) 484-4847 fax (202) 484-3483. The early registration deadline is 13 February 1995. Phil Agre, UCSD ------------------------------ End of PRIVACY Forum Digest 03.21 ************************