PRIVACY Forum Digest Friday, 1 September 1995 Volume 04 : Issue 19 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS Son-of-Clipper proposal (John Levine) Impossible to prevent non-escrowed encryption? (Peter Kaiser) Newsletter recommendation (Charles M. Preston) Medicare leak through FOIA analysis and 9-digit ZIP (Quentin Fennessy) Highway Surveillance (Phil Agre) Metromail chief loses job over privacy concerns (Phil Agre) Security & Privacy (Richard Owen) "New" Crypto Policy Announced: Clipper II? (David Sobel) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 19 Quote for the day: "Where did I go wrong?" -- "Nix" (Daniel Von Bargen) "Lord of Illusions" (1995) ---------------------------------------------------------------------- Date: Sun, 20 Aug 1995 18:20:27 -0400 From: John Levine Subject: Son-of-Clipper proposal A short and not terribly informative article in the Wall Street Journal a few days ago reported on a sort of son of Clipper proposal that seemed to be intended for software encryption. It also seemed to allow multiple competing escrow agents, with a passing comment that they needed some way to prevent mob controlled fly-by-night escrow companies from popping up. More detailed info would be quite interesting, particularly in view of the recently released documents that showed that law enforcement anticipates asking for mandatory escrowed encription. ------------------------------ Date: Mon, 21 Aug 95 08:53:33 MET DST From: Peter Kaiser Subject: Impossible to prevent non-escrowed encryption? (The PRIVACY Forum Moderator writes, in PRIVACY Forum Digest 04.18): > Since it's clear that there's really no way to stop all non-Clipper > encryption .... If the meaning is really "no way to stop all non-escrowed encryption", this seems to me far too sanguine a view. You're really writing only about the USA, where privacy policy is still in debate. Nothing about the quality of that debate encourages me to think that effective non-escrowed encryption is safe from being made illegal. There are places in the world where effective encryption is already illegal or illegal if not licensed with a permit and escrowed. Some of these places have representative governments -- I live in one of them. Why shouldn't it happen in the USA? ___Pete kaiser@acm.org [ France (where you appear to be located) is indeed one of the few countries, perhaps the only one in the "West", that has actually made non-approved encryption illegal. However, I did not say that non-Clipper (non-escrowed) encryption couldn't be made illegal--perhaps with quite harsh penalities for use (especially in conjunction with the commission of other crimes). I said that there's no way to actually *stop* all use of such systems. It is probably safe to assume that even where encryption is illegal, there are entities that still use it in violation of local laws. Drunk driving is illegal, but people still drink and drive. When it comes to encryption, there's no way to stuff that genie back into the bottle. In the hypothetical case of a non-escrowed encryption ban, whether or not any individual violation would be deemed sufficiently significant to be prosecuted in any given case would of course be a matter of judgement (based on whatever criteria they choose or are directed to use by statute) on the part of the appropriate authorities. Governments have significant, real concerns regarding the impact on law enforcement that strong, non-escrowed encryption might possibly have in some situations. However, other concerns, such as freedom of speech and privacy rights, are (or at least should be) among the fundamental human rights and also should come into play. No freedoms or rights are absolute--it's always a delicate balancing act. But in the opinion of many, the area of encryption is one where the most weight should be assigned to the personal privacy side of the equation. -- MODERATOR ] ------------------------------ Date: Sun, 20 Aug 1995 11:45:18 -0800 From: cpreston@alaska.net (Charles M. Preston) Subject: Newsletter recommendation I would like to recommend a new publication called The Jarvis Report. It is a quarterly newsletter about industrial espionage, and some technical tricks of the trade. Ray Jarvis, who puts out the newsletter, has an extensive government background in technical surveillance and he provides classes for government and private security in countermeasures and associated subjects. His stated aim is to collect and analyze verifiable instances of the theft of proprietary information, and to provide an overall look at trends and problems. All 6 sections of the July issue were either useful or entertaining. This edition includes an account of widespread electronic eavesdropping in Israel, and suggestions on balanced line detection of series telephone line transmitters. A newsletter sample (article on Israel) can be found in the Info-Sec Super Journal area at http://all.net The Jarvis Report is published by Jarvis International Intelligence, Inc., 11720 E. 21st Street, Tulsa, OK, 74129 Tel 918-437-1100 Fax 918-437-1191 Charles Preston Information Integrity cpreston@alaska.net ------------------------------ Date: Sun, 20 Aug 1995 09:35:01 -0500 From: Quentin Fennessy Subject: Medicare leak through FOIA analysis and 9-digit ZIP [ From Risks-Forum Digest, Volume 17 : Issue 28 -- MODERATOR ] I read an article on Medicare in the 20 Aug 1995 _Austin American-Statesman_. The article was evidently done for the Cox Newspaper chain. The article talks of the deterioration of the service, and also touches on that fact that a handful of doctors earn a disproportionate share of Medicare funds paid out. The article has a sidebar, which says, in short: Cox analyzed 100 million computerized Medicare payment records for the report. The information was obtained via FOIA. The doctors names were not released. Evidently there is an ongoing court case to release the doctors' names. Cox was able to identify some of the doctors. The doctor's id codes were obscured by Medicare, but the 9 digit zip codes of the doctor's offices were not. Cox was able to pinpoint individual doctors given this level of detail. Risks: If information needs to be split into private and public components then care needs to be taken for the job to be done correctly. 9-digit zip codes divide the US into fairly small areas and so can (and have) given away the store. This is not to say that I think this Medicare information should be kept secret. However, 9 digit zip codes in databases can be used to pinpoint all sorts of details about folks. Quentin Fennessy quentin.fennessy@sematech.org ------------------------------ Date: Tue, 22 Aug 1995 23:48:04 -0700 From: Phil Agre Subject: highway surveillance The California Department of Transportation (Caltrans) has been conducting surveys of people who drive particular roadways. They collect all license plate numbers of cars driving past a certain point in a certain direction during a certain window of time, they look those plates up in DMV files, and they mail survey forms to the people whose names are attached to the plates. This practice raises serious civil liberties concerns. It is part of a larger push by state and regional transportation authorities to expand their collection of statistical information on driving patterns. Although the information they seek is aggregate in nature, it is gathered through the capture and storage of significant amounts of individually identifiable information which can be highly sensitive in nature. This clearly sets a very poor precedent for citizens' ability to drive on public roads without fear of surveillance. It is far from clear that the advantages to the public of creating these additional statistics in this manner outweigh the danger of chilling the fundamentally important freedom of association upon which democracy is based. I have attached the text of the survey that one citizen received in the mail. This individual called the ACLU, who suggested passing the survey along to the Privacy Rights Clearinghouse at the University of San Diego, from whom I obtained it. Bold type is bounded by *asterisks*. ----------------------------------------------------------- Dear Motorist: The California Department of Transportation (Caltrans) is studying potential transportation improvements in the Sacramento - Stockton region. We would greatly appreciate your assistance with this effort. On *Sunday, March 5, 1995*, Caltrans observed traffic on *Interstate 5* between Sacramento and Stockton. On this day we believe we observed a vehicle registered to this address traveling *southbound*. Please have the vehicle driver take a few minutes to fill out and return the entire survey below. This response is anonymous; *no personal information about you will ever be revealed.* All records of names, addresses, and data sources connected with this survey will be destroyed. Postage is pre-paid. If you should have questions regarding the survey or the study please call (916) 327-4577. Thank you for your contribution to this important study. Sincerely, Cindy McKim Deputy Director If the vehicle license number appearing on the front of this survey was recorded in error, please check here [box] and return this form. --------------------------------------------------------- The "Intercity Travel Survey" asks questions about trip origin (home, work, etc, city, zip, cross streets, time to the minute), destination (likewise), number of people in the vehicle, frequency with which one makes such trips, driver's age and sex, how many people live in the household, how many motor vehicles are owned or used by members of that household, the household's total annual income (six boxes for successive income brackets), and "comments or suggestions". It should be emphasized that this kind of routine surveillance is probably not now illegal under US law. For example, the Supreme Court, in US v. Knotts, 460 U.S. 276 (1982), has asserted that, so far as the Constitution is concerned, "[a] person traveling in an automobile on public thoroughfares has no reasonable expectation of privacy in his movements from one place to another" (at 281). But that doesn't make it right. The Supreme Court made its decision before a reasonable prospect arose that individuals' travels might be routinely, automatically tracked from origin to destination on a large scale. This scenario is becoming entirely imaginable, however, and proposals to this effect are found in a variety of documents. Citizens of Washington State, for example, recently uncovered a report to the state Department of Transportation by a prominent consultant suggesting that individuals' movements be routinely tracked for statistical purposes by automatically tracking their cellular telephones (see Risks 17.23). This is a very serious matter. Individuals who feel they may have been subjected to automated surveillance on public roadways without probable cause should certainly make inquiries with their local transportation authorities and publicize what they learn on the net. Phil Agre [ Another "interesting" system now being deployed here in California is a remote infrared sensing system (combined with automated license plate photography) to try detect (and ultimately subject to various sanctions) vehicles in motion on public roads which exceed emission standards. The technology appears to be rather unproven however, and reportedly has an annoying tendency toward false positives--sometimes close to 70% false positives! -- MODERATOR ] ------------------------------ Date: Wed, 23 Aug 1995 15:52:46 -0700 From: Phil Agre Subject: Metromail chief loses job over privacy concerns The Privacy Journal 21(10), August 1995, reports that James D. McQuaid, CEO of R.R.Donnelley's Metromail company will retire. Back in December the Wall Street Journal revealed that Metromail had been making commercial use of voter registration lists in states where such use is prohibited by law, and that it had used a fake survey about ice cream to add information about individuals' ages to the data. The company then became the subject of a number of class action lawsuits. PJ notes that the Direct Marketing Association "never issued any sanctions against the company". This is bound to raise questions about the effectiveness of self-regulation in the highly controversial direct marketing industry. Privacy Journal (PO Box 28577, Providence RI 02908) is an excellent montly publication edited by Robert Ellis Smith. Phil Agre ------------------------------ Date: Fri, 01 Sep 1995 11:57:10 -0600 From: Richard Owen Subject: Security & Privacy Does anyone know how this works in other states/countries? In looking forward to the October meeting of the Capital of Texas ISSA Chapter, which will be a debate on Privacy, does anyone know the official position on the following question: When I go to renew my driver's license (or possibly any other state record or license - this case just came to mind because my wife just got a notice to renew) they ask for you SSN and it appears may also take a digital photo and digital image of your finger prints. If someone else puts in an open records request for all, or specifically your, Texas Driver's License info what do they get? Do they get everything including my SSN, picture, finger prints, record, etc.? Is there some way that the individual can protect themselves and limit what can be given the state agency or limit personal information the agency can hand out? Does anyone know the official answers? Does anyone know of similar requests, uses, and dissemination of private data by public agencies (federal, state, or local)? If someone knows of official limitation in the collection, processing or dissemination of private information, what controls are used to ensure that the limits are followed? ------------------------------ Date: Tue, 22 Aug 1995 01:47:24 -0700 From: "David Sobel" Subject: "New" Crypto Policy Announced: Clipper II? [ From Epic Alert 2.09 -- MODERATOR ] "New" Crypto Policy Announced: Clipper II? The Clinton Administration ended a year of silence on August 17 when it issued a long-awaited statement on the Clipper Chip and key-escrow encryption. Unfortunately, the "new" policy is merely a re-working of the old one -- the Administration remains committed to key-escrow techniques that ensure government agents access to encrypted communications. The only changes are a willingness to consider the export of 64-bit encryption (if "properly escrowed"), the possibility of private sector escrow agents to serve as key-holders, and consideration of software implementations of key-escrow technologies. As EPIC Advisory Board member Whit Diffie observed in an op-ed piece in the New York Times, the new approach won't work. "While other nations may share our interest in reading encrypted messages for law enforcement purposes, they are unlikely to embrace a system that leaves them vulnerable to U.S. spying. They will reject any system that gives decoding ability to agents in the United States." Diffie further notes that "64-bit keys are not expected to be adequate." In a statement re-printed below, the National Institute of Standards and Technology (NIST) announced two public workshops "to discuss key escrow issues." More information concerning these meetings can be obtained from Arlene Carlton at NIST, (301) 975-3240, fax: (301) 948-1784, e-mail: carlton@micf.nist.gov. ------------------------------ End of PRIVACY Forum Digest 04.19 ************************