PRIVACY Forum Digest Saturday, 4 November 1995 Volume 04 : Issue 23 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS TV News Interview Request (Lauren Weinstein; PRIVACY Forum Moderator) Monaco taps *every* international call?!?! (Kent Quirk) Who owns your name? (Graystreak ) Caller ID/New Worries (J.P. Kleinhaus) France: change in cryptography policy (kaiser@acm.org) FBI Unveils National Wiretap Plan (Marc Rotenberg) Controversy Over Medical Records Legislation (Monty Solomon) Businesses monitoring employee e-mail (Andy Erickson) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 23 Quote for the day: "How tall was King Kong?" -- Eli Cross (Peter O'Toole) "The Stunt Man" (1980) ---------------------------------------------------------------------- Date: Sat, 4 Nov 95 10:23 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: TV News interview request Greetings. I've received a request from a producer for one of the three major U.S. television networks' evening news programs. They'd like to do a privacy story, with a focus on an individual who feels their privacy has been invaded and what steps they've taken to try protect themselves from further problems. I receive queries like this from time to time, and I always point out to the producers the irony involved: A person who has had privacy problems is probably about the *least* likely person to want to go on-camera on national television. Still, this is an important topic, and as I've often mentioned here in the Forum, it's crucial that these matters be brought to the attention of the broader population--and to a large extent that means TV news. And TV news is very "people"-oriented--it likes to do stories where the viewers can focus on individuals rather than generalized concepts. Are there risks involved with doing such interviews? Sure. As someone who willingly talks to the media about these topics, and has done quite a number of interviews, I can tell you that when the interview ends and the tape is "in the can" you're at the mercy of the producer, tape editor, and other involved folk in terms of how the final product turns out. You may find that an hour of tape is reduced down to a 10 second soundbite in the aired version, but that's the way it is for most everyone from politicians to entertainers who do news interviews. As you can gather, I consider discussion of these topics in mainstream media to be valuable, even given some of the negatives in the interview process. The producer for this particular story is based here in L.A., and since the main network news bureaus are in L.A. and New York, persons in those areas would be easiest for them to work with, though other areas may also be considered. If you feel you have a relevant story and are willing to go bigtime public with it, drop me an email note and I'll put you in touch with the producer, and you two can take it from there. --Lauren-- ------------------------------ Date: Mon, 16 Oct 95 23:19:44 -0500 From: Kent Quirk Subject: Monaco taps *every* international call?!?! In the October/November 1995 issue of _The Riviera Reporter_, an English- language magazine distributed in the French Riviera, there was an article that disturbed me greatly. It described the a television interview of a resident of the Principality of Monaco who was enthusiastic that the local police apparently record every telephone call. He encouraged viewers to look on it as a memory aid, and described how he had forgotten what he was supposed to get his sister for her birthday. He called the local police -- they played back the call and told him what he should buy. Can anyone verify that this is indeed the case? I'm told that Monaco has an incredibly low crime rate. But, if true, the cost is higher than I'm willing to pay. - Kent -- Kent Quirk | Email: kentq@world.std.com Les Genets | WWW: http://world.std.com/~kentq/ [ It's a bit unlikely that you'll be able to get any definitive statement specifically regarding Monaco, but some general observations can be made. From a technical standpoint, the smaller the country, and the fewer the communications circuits in and out, the easier it becomes to monitor substantial percentages of traffic, assuming you wish to do so. Monaco is certainly a geographically small country, but that says nothing about whether or not such monitoring goes on there. However, it's worth noting that in many parts of the world, routine monitoring of international (and in some cases domestic) telecommunications circuits is as old as the telegraph. Circuits to and from given countries, or simply transiting through, have frequently been considered to be fair game for routine monitoring activities, either in part or in whole. This continues in a long tradition that literally reaches back several centuries (and probably much farther!) with international mail and courier messages. Many, perhaps even most governments, regardless of political leanings, have at various times felt it was their right, or even their obligation, to keep track of what goes on in international communications, much as they endeavor to track the flow of physical goods across the borders. You may agree or disagree with this reasoning, but it's not new, or even unusual. The greater the percentage of traffic that is non-voice, the more practical it is for automated procedures to be used to watch over larger numbers of circuits. Data, fax, telex, and similar communications all fall into the easily automated category (I believe that something on the order of over half of overall international communications traffic now consists of faxes). It also seems reasonable to speculate that developments in continuous-speech, speaker-independent speech recognition systems may have evolved to the point where they could at least be used for monitoring of many circuits for keywords of interest, which would then trigger further monitoring by humans. But again, all this doesn't answer the fundamental question of how much routine monitoring goes on, since it's something that most governments would not be exactly anxious to publicize if it were occurring. For a fascinating historical perspective on this subject and related topics, I recommend reading "The Puzzle Palace" (1982) by James Bamford. -- MODERATOR ] ------------------------------ Date: Tue, 17 Oct 95 11:16:46 -0400 From: Graystreak Subject: Who owns your name? [culled from CPSR's EPIC Alert newsletter...] The Marketry company of Bellvue, Washington is now selling email addresses of Internet users obtained from Newsgroup postings. From the company's press release: "These are email address of individuals who are actively using the Internet to obtain and transfer information. They have demonstrated a substantial interest in specific area of information on the Internet. They are regularly accessing information in their interest areas from newsgroups, Internet chats and websites. . . . The file is anticipated to grow at the rate of 250,000 E Mail addresses per month, all with Interest selections." What are the interest areas currently available? "Adult, Computer, Sports, Science, Education, News, Investor, Games, Entertainment Religion, Pets." The release notes that "additional interests areas will be added, please inquire." Activities of US and non-US Net users will be included in the Marketry product. The Washington Post reported that the president of Markertry, Norm Swent, would not disclose who the actual owner of the list is. "That really is confidential information," Swent said, "and we are obviously bound by confidentiality agreements with the list owner." WHAT YOU CAN DO: (a) Sit back, let your newsgroup postings get swept up by the data scavengers and watch the junk email pile high on your system, or (b) Send email to Marketry and tell them to STOP SELLING PERSONAL DATA GATHERED FROM THE NET. Send email to: listpeople@marketry.com and tell your friends to send email. And tell your friends' friends. It's your name. It's your mailbox. Think about it. [ It's important to always remember that public postings are just that, *public*. Entities are free to collect, index, store, and otherwise use such materials quite freely, as long as they don't violate applicable laws (of which very few relate to this area). Of more concern is the use of data collected by servers in the course of essentially "non-public" transactions, such as World Wide Web browsing. More on that in a future digest. -- MODERATOR ] ------------------------------ Date: Tue, 17 Oct 95 11:30:12 PDT From: aa2du@netcom.com Subject: Caller ID/New Worries Greetings: I received a rather disturbing communication enclosed in my latest NYNEX telephone bill. This came in the bill for my business account and I haven't seen it in my residential account bills. The flyer describes the the new "Call ID Deluxe Service." According to NYNEX, the new service allows the user to see the name and telephone number of the caller, *even if the caller's number is non-published.* (emphasis NYNEX's) The flyer does say that you can block the service using Per-call restrict or All-call restrict, which is available in NY State. If the non-business customer is not made aware of this, the implications for loss of privacy should be obvious to everyone. I really question the need for this, but I suppose NYNEX will make more millions as a result of these actions. As a final note, NYNEX does say that they have not yet received Public Service Commission approval for this latest invasion of our privacy. I urge everyone to contact the NY State PSC and advise them against approving such a plan. With regards, J.P. Kleinhaus aa2du@netcom.com J.P. Kleinhaus, AA2DU ARRL CAC hudson Div. Rep. E-mail: aa2du@netcom.com Compu$erve: 74660,2606 [ This is pretty much the case in many areas. Where CNID or enhanced (name/address CNID) systems are available, efforts to require all non-pub numbers to be blocked by default have been vigorously opposed by local telcos. The reason is obvious--in major metro areas an extremely high percentage of lines may be non-pub, which would result in very high numbers of lines CNID blocked from day one, reducing the perceived value of the service to potential customers. -- MODERATOR ] ------------------------------ Date: Wed, 18 Oct 95 13:44:52 +0100 From: kaiser@acm.org Subject: France: change in cryptography policy Until recently, the French government has considered cryptographic software to be war material -- specifically Class II munitions, like a live ground-to- air missile -- and one was not permitted to use it without the proper license and along with registering all keys. This has apparently just changed a bit, if one can believe an article yesterday in Nice-Matin, the local newspaper for the Cote d'Azur. In part it reads (my translation): France: Internet will be accessible at the price of a local call The government wants to render Internet accessible to everyone in France at a cost that is both attractive and uniform for the entire country, said Frangois Fillon, minister of information technologies, yesterday from an interagency committee on the information superhighway. [...] Finally, the interagency committee was able to specify the regulation of encrypting information, indispensable especially for encoding bank card numbers on online services. Cryptology is no longer war materiel, the government text specifies, and when it has to do with protecting a password, an access code, or a bank card number, a simple declaration from the vendor will be enough, in place of prior authorization. This obviously begs the question of how good such cryptographic techniques will be permitted to be (RSA 40-bit? 128-bit? 12-bit?), but perhaps someone has seen a better newspaper with more details. ___Pete kaiser@acm.org +33 92.95.62.97, FAX +33 92.95.50.50 ------------------------------ Date: 2 Nov 1995 11:21:11 -0500 From: "Marc Rotenberg" Subject: FBI Unveils National Wiretap Plan The New York Times reports today that the FBI has proposed "a national wiretapping system of unprecedented size and scope that would give law enforcement officials the capacity to monitor simultaneously as many as one out of every 100 phone lines" in some regions of the country. ("FBI Wants to Vastly Increase Wiretapping," NYT, Nov. 2, 1995, at A1) The story follows the October publication in the Federal Register of the FBI plans to implement the Communications Assistance for Law Enforcement Act, the controversial "digital telephony" bill that was opposed by many groups last year but supported by an industry association called the "Digital Privacy and Security Working Group" after the government put up $500,000,000 to pay for the new surveillance features. (See EPIC Alert 2.12) The Times article also notes that there is now some question about whether the law will ever go into effect. A provision to provide funding was deleted last week after "several freshman Republicans, including Representative Bob Barr of Georgia, a former federal prosecutor, said he objected to the way the money for wiretapping would be raised and that he had concerns about how the FBI might use such a sweeping surveillance ability." The article also says that "The scope of the FBI plan has startled industry telephone executives, who said it was difficult to estimate how much it would ultimately cost to carry out the capacity increases." EPIC is urging the on-line community to object to implementation of the wiretap plan. More information can be found at our web page: http://www.epic.org/privacy/wiretap/. Marc Rotenberg rotenberg@epic.org ------------------------------ Date: Wed, 1 Nov 1995 13:46:33 -0500 From: Monty Solomon Subject: Controversy Over Medical Records Legislation [ Editing for length by MODERATOR ] Begin forwarded message: Date: Wed, 1 Nov 1995 10:41:37 -0500 From: James Love Subject: Controversy Over Medical Records Legislation ----------------------------------------------------------------- TAP-INFO - An Internet newsletter available from listproc@tap.org ----------------------------------------------------------------- TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE November 1, 1995 - Senator Robert Bennett and several cosponsors introduce legislation on medical records privacy. S. 1360 would allow millions of law enforcement officials, social workers, graduate students and other health care researchers, government fraud investigators and probably congressional staff to obtain access to computer databases with the medical records for most Americans who pay for care under health insurance programs. The Center for Patient Rights, the Massachusetts ACLU, EPIC, and the Consumer Project on Technology (CPT) have expressed opposition to the bill, as have several privacy experts. However, the legislation is enthusiastically endorsed by the Center for Democracy and Technology (CDT), which was involved in the drafting of the bill, and some other groups have apparently endorsed the legislation. The Consumer Project on Technology is working on a statement about the legislation. Here is the statement about the legislation released yesterday by the Massachusetts ACLU. jamie ... [ ACLU statement removed for length -- you can presumably obtain full texts at the contact addresses below -- MODERATOR ] TAP-INFO is archived at gopher.essential.org in the Taxpayer Assets Project directory, and at http://www.essential.org/tap/tap.html Subscription requests to tap-info to listproc@tap.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap@tap.org --------------------------------------------------------------------- [ I received an item directly from CDT that supported this legislation, however it was not appropriate for inclusion without some editing for length, and was marked with a "must be distributed in its entirety" label, so it's not here. I invite the parties on both sides of this issue to submit concise items to the Forum describing their points of view. -- MODERATOR ] ------------------------------ Date: Thu, 19 Oct 1995 15:28:23 CST From: "Andy Erickson" Subject: Businesses monitoring employee e-mail Are there any articles, courtcases, .... anything.... relevant to the unethical ... perhaps illegal ... monitoring of employee's electronic mail? Andy [ Articles regarding the current state of the laws in this topic area are invited. -- MODERATOR ] ------------------------------ End of PRIVACY Forum Digest 04.23 ************************