PRIVACY Forum Digest Monday, 10 February 1997 Volume 06 : Issue 03 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Crypto Export [Phil Karn] Interview on PRIVACY Forum Radio (Lauren Weinstein; PRIVACY Forum Moderator) Update on "Your Signature for Sale?" (Lauren Weinstein; PRIVACY Forum Moderator) Yahoo! promotes privacy -- well, at least they make an attempt (Dave McComb) HTTP cookies still taste bad (Howard Goldstein) EU card (Phil Agre) FBI Issues Scaled Back Surveillance Capacity Notice (Bob Palacios) Virginia Bill on Collection of Information from Landlords (Dave Banisar) Proposed satellite monitoring of car movements in Sweden (Feliks Kluzniak) Maryland Motor Vehicles Department Sells Privacy Down the River (Monty Solomon) Berkeley Student Takes 3.5 Hours to Crack RSA 40-bit Key (John van Heteren) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 03 Quote for the day: "In my experience there's no such thing as luck." -- Obi-Wan ("Ben") Kenobi (Alec Guinness) "Star Wars" (20th Century Fox/Lucasfilm; 1977) ---------------------------------------------------------------------- Date: Mon, 10 Feb 97 16:03 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Crypto Export [Phil Karn] Interview on PRIVACY Forum Radio Greetings. A new installment of PRIVACY Forum Radio is available for your listening pleasure. This segment features my interview with Phil Karn (known to many in the TCP/IP world by his ham call sign "KA9Q") of Qualcomm, Inc. We discuss the status of his lawsuit against the U.S. federal government seeking permission to export the machine readable version of a crypto source code package that can currently only be exported legally in printed form--even though the same code is involved. It's a fascinating look at a case which is at the very leading edge of the crypto export controversy. As always, follow the web links from www.vortex.com to PRIVACY Forum and PRIVACY Forum Radio to access the segment and prior PRIVACY Forum Radio interviews. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Mon, 10 Feb 97 16:14 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Update on "Your Signature for Sale?" Greetings. Since the recent distribution of my "Your Signature for Sale?" piece recently, I've received a great number of responses and personal anecdotes. For right now, there are two points I'd like to pass along. First, some persons making inquiries to UPS have apparently been told that the UPS signature display software doesn't allow printing out of the recipient's signature. Outside of the fact that conventional Windows functions, drivers, and "background" programs can be used to capture and print the contents of virtually any Windows application's screens, it seems to clearly be the case that the UPS software itself does include a signature print function. By the way, I'd like to thank the person who faxed me a copy of the full UPS ad (from "The Economist", and subsequently seen in other publications) which promotes that signature printing function twice in the ad text plus again with a picture of a printer... Second, as I had suggested would probably be the case, some persons have indeed reported problems getting their UPS delivery persons to accept an "X" or similar "non-signature" to receive their packages, even though such actions were explicitly suggested to me by UPS management. If your local UPS driver refuses to turn over a package under these circumstances, you should insist on the issue being immediately escalated to a supervisor and if necessary to management at UPS headquarters in Atlanta. At a certain level up the chain of command you should be able to find someone who will verify that such non-signatures *are* acceptable on the automated signature pads. More on this developing story to come... --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Mon, 20 Jan 1997 17:50:46 -0500 From: Dave McComb Subject: Yahoo! promotes privacy -- well, at least they make an attempt [ From Risks-Forum Digest; Volume 18 : Issue 78 -- MODERATOR ] When Yahoo!'s People Search page (http://www.yahoo.com/search/people/) first premiered, it allowed you to look up information based on first name, last name, city, state, and phone number. Yahoo! has since removed the reverse phone number lookup, stating in their FAQ: What happened to the "search by telephone number" feature? We have elected to discontinue the reverse lookup feature because of privacy concerns that have been raised by users. However, this is not actually the case -- it's still there, just in a different form. You see, Yahoo! also allows users to suppress information about themselves, by entering their phone number (http://www.yahoo.com/search/people/suppress.html). When you enter your phone number, you get a listing containing your name and full address. By using this, you can still perform a reverse phone number lookup. -Dave mccomb@interworld.com Manager, Network & Security http://www.interworld.com/ ------------------------------ Date: 21 Jan 1997 02:46:09 GMT From: hgoldste@mpcs.com (Howard Goldstein) Subject: HTTP cookies still taste bad (Andersson, RISKS-18.77) [ From Risks-Forum Digest; Volume 18 : Issue 78 -- MODERATOR ] Anders Andersson (Leaking WWW surfer interest profiles, RISKS-18.77) observes the possibility that the ad.doubleclick.net site, from a firm that sells space on a couple of dozen large web sites (*The New York Times* advertising column, 20 Jan 1997), may be in a position to save keyword lists submitted for search on the Alta-Vista search engine. What Anders Andersson may not have noticed was that when the browser called up the doubleclick site it returned more than an image; it also returned a cookie that doubleclick retrieves on subsequent accesses to its affiliated systems to develop a profile of Andersson's likes, dislikes, and usage habits. [See my item in RISKS-18.19 for more on these stealthy cookies.] Seems one without too much trouble could compile an incredibly detailed profile of an individual given one's footprints through webspace, coupled with one's search engine habits for those inconvenient times when the footprints don't lead to doubleclick's sites. A most valuable marketing tool. Howard Goldstein ------------------------------ Date: Wed, 22 Jan 1997 04:55:32 -0800 (PST) From: Phil Agre Subject: EU card The Times (London) for 22 January 1997 carries an article by Leyla Linton entitled "EU card could be passport to open all doors". (My access to the article is through an online version that was forwarded to me over the Internet, so I don't have a page number for it.) The smart card, says the article, "could act as an identity document, driving licence and electronic purse", "and, eventually, could be used as a passport or even as a house key". "The card has been supported by the European Commission and several member states, and could be introduced alongside a single currency." The proposal is "to be published in detail next month". The article focuses on apoplectic opposition to the proposal from Conservative British MP's who oppose Britain's accelerating integration with Europe; a spokesman the Conservative government also expressed opposition, as did the civil rights organization Liberty. What first struck me about the proposal is its resemblance to so-called "one card" systems that are being widely implemented on American college campuses. These cards combine many or all of the functions currently assigned to a range of other identification cards, such as library cards, plus additional functionalities. A "one card" system being implemented on some California State University campuses, for example, derives its funding from a bank card and telephone card; the university expects to raise large sums by swinging a large portion of its 300,000+ students to a single bank and/or telephone service provider. The card is then envisioned as extending to other purposes such as dormitory keys. From a business point of view, a college campus is an attractive site for the implementation of such technologies because a campus is a microcosm of a whole society; it includes an enormous range of activities including housing, food service, entertainment, parking, administrative functions, vending, and so on. The CSU system, however, as one probably expects, has been designed and implemented with essentially no attention to privacy. I attended a statewise meeting of CSU student governments (California State Student Association) at which CSU authorities assured that "one card" information was "fully protected by law", but then did not challenge a later assertion from an expert on privacy law that this "full protection" only applied to that narrow range of academic records that are covered by the Buckley Amendment. The danger of a "one card", of course, is that it will provide the basis for the creation of a centralized dossier covering an ever-broader range of a student's activities, either through the literal creation of a single centralized database or (more likely) through the establishment of common identifiers and interoperable systems that allow data to be matched easily across different subsystems. College campuses, in this way, threaten to become practice grounds for the establishment of a dossier society. In the case of CSU, it was clear that the real initiative for the system, including its architecture and public relations strategy, was originating not with the CSU administators but with the proposed system's vendor, IBM. The EU proposal deserves similar attention. DId this idea originate with the European Commission and the MEP's who introduced the proposal, or did it originate with vendors? Has any attention been paid to privacy issues? Europe has a head start in this area because of the generally very good European Data Protection Directive, together with the functioning privacy commissioners' offices in several European countries. But the EU proposal may be a more serious matter than the data protection model can address. The data protection model of privacy regulation, after all, presupposes that personal information is captured and stored in databases; it simply requires that the whole process be done with appropriate notification, documentation, and security. A Europe-wide "one card" system can easily become a centralized dossier, even with the strictest data protection. In addition to the constraints of data protection, therefore, it becomes important for privacy protection to be built into the architectures of this emerging generation of integrated identification systems. Technical proposals for this purpose are numerous and well-understood, including digital cash and pseudoidentity schemes that could be implemented on a smart card. Actually implemnting these alternative technicals proposals on a large scale would be a significant challenge, both as a matter of infrastructure and the detailed development of policy and administrative procedures. But it is certainly better than creating the dossier society by default, just because that is the logical extension of the traditional practices of computer system design. Phil Agre ------------------------------ Date: Fri, 17 Jan 1997 19:30:07 -0500 From: Bob Palacios Subject: FBI Issues Scaled Back Surveillance Capacity Notice [ Excerpt extracted from CDT POLICY POST Volume 3, Number 1 by MODERATOR ] FBI ISSUES SCALED BACK SURVEILLANCE CAPACITY NOTICE -- COST & CAPABILITY ISSUES REMAIN On Tuesday, January, 14 1997, the FBI issued a revised notice of proposed surveillance capacity as required by the 1994 Communications Assistance for Law Enforcement Act (CALEA - a.k.a. Digital Telephony). The notice details projected increases in law enforcement wiretapping and other electronic surveillance activity in the coming years. While the latest notice appears far less expansive than the FBI's first capacity notice issued in October of 1995, and while this notice, by including the unprecedented release of baseline surveillance information on a county-by-county basis, goes a long way towards satisfying some of CDT's objections to the first notice, many serious issues remain. Specifically: * Does the county-by-county approach of the latest surveillance capacity request correspond to law enforcement's real needs? * What is the expected cost for meeting the FBI's proposed capacity needs? * The latest capacity request lumps together interceptions of call content and interceptions of dialing information (through pen register and trap and trace devices). Does this increase surveillance capacity available to law enforcement? * Most importantly, issues of surveillance CAPABILITY remain on the table. The FBI has taken a broad view of CALEA and has proposed technical standards which, in CDT's view, go far beyond the scope of CALEA and would dramatically increase law enforcement surveillance authority. These issues are currently being negotiated in industry standards setting bodies and will be a major issue in 1997. ------------------------------ Date: Thu, 6 Feb 1997 15:43:44 -0500 From: Dave Banisar Subject: Virginia Bill on Collection of Information from Landlords To: Interested Persons From: David Banisar, Esq. (banisar@epic.org) Electronic Privacy Information Center (http://www.epic.org/) Re: Virginia Senate Bill SB 1012 Date: February 6, 1997 Summary On January 27, the Virginia Senate approved by a vote of 37-2 a bill that would require landlords, managers of condominiums, storage facilities and others to annually provide a comprehensive list of the names, addresses, and the automobile, boat and aircraft registration information of all their tenants, lessees and others to the local tax commissioners of the Virginia government. The legislation is intended to assist the state in the assessment of personal property taxes. The bill poses a grave threat to the privacy of Virginia residents. It raises the question of whether Virginia should be ab le to coerce private citizens into acting as state informants by requiring them to provide this personal information on persons with whom they have a busine ss relationship to the state government. Overview of the Bill The bill covers "every person owning, managing, or operating, any apartment house, condominium, cooperative-housing facility, office building, shopping center, trailer camp or trailer court, self-storage facility, marina, or privately owned or operated airport in the Commonwealth." Counties having a population of more than 1,000 people per square mile may require such information from any person leasing houses for rent. The bill substantially expands an existing 1950's era law to include condominiums, cooperative- housing facilities, and self-storage facilities. The legislation would require that the person or business provide the "name and address of every tenant, lessee, owner, or other person permitted to occupy or use space at such facility"; the "year, make, model, state and license plate number of any motor vehicle garaged, housed or parked on the premises"; and the "state and registration number of any watercraft or aircraft at the facility." Previously, the law only covered the names of people who were renting space for aircraft and boats. Failure to provide such information is classified as a "Class 4 misdemeanor." Under Virginia Code 18.2-11, the punishment can be a fine up to $250 for each tenant. The bill allows owners, managers, and operators to "require, as a condition to leasing, selling, licensing, or otherwise granting any rights or interest in space at such facility, that any tenant, renter, or such other person provide the owner, manager, or operator of such facility with the information required to be provided pursuant to this section." Analysis The bill raises questions about the role of the state government in mandating that individuals and businesses act as informers for the government and provide personal information about their clients to government officials. The bill also raises grave privacy concerns about the creation of a state database of all residents and others with a business relationship in Virginia, whether or not they are subject to tax liabilities. The bill will place a substantial burden on landlords, leasing companies, universities, and others to collect information on their clients. It will likely damage their relationships with their clients, as they must act as defacto informants of the state, collecting and providing this information to the government. The General Assembly should not only reject this bill, but also consider eliminating the existing requirements currently in A758.1-3901 of the Code of Virginia, which this bill amends. Legislative Status and Contact Information 01/17/97 Senate: Presented & ordered printed 973650681 (by State Senator Richard J. Holland (D-15, Windsor). Office (804) 786-7392) 01/17/97 Senate: Referred to Committee on Finance 01/22/97 Senate: Reported from Finance (16-Y 1-N) 01/23/97 Senate: Constitutional reading dispensed (39-Y 0-N) 01/23/97 Senate: VOTE: CONST. READING DISPENSED (39-Y 0-N) 01/24/97 Senate: Read second time and engrossed 01/27/97 Senate: Read third time and passed Senate (37-Y 2-N) 01/27/97 Senate: VOTE: PASSAGE (37-Y 2-N) 01/27/97 Senate: Communicated to House 01/28/97 House: Placed on Calendar 01/29/97 House: Read first time 01/29/97 House: Referred to Committee on Finance 02/05/97 House: Assigned to Finance sub-committee: 2 The bill is expected to be considered by the House of Delegates in the near future. Individuals who are interested in this legislation should contact their state delegate immediately. The number for leaving messages at the Virginia General Assembly constituent hotline is 1-800-889-0229. David Banisar (Banisar@epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 PGP Key: http://www.epic.org/staff/banisar/key.html ------------------------------ Date: Wed, 29 Jan 1997 20:39:29 +0100 (MET) From: Feliks Kluzniak Subject: Proposed satellite monitoring of car movements in Sweden [ From Risks-Forum Digest; Volume 18 : Issue 81 -- MODERATOR ] The new issue of "Dagens IT", no. 3, dated 28 Jan - 3 Feb 1997 (a Swedish paper aimed at information technology professionals), contains an item that might be of some interest to those RISKS readers who followed discussions about automatic highway toll booths in the US and related subjects. My (probably imperfect) translation follows. Car users will be be put in "feetcuffs" (written by Margaretha Sundstroem) With the help of a new satellite system car users might pay different taxes, depending on when and where they drive. This is what the State communications commission is said to be discussing. According to (the newspaper) "Dagens Politik", the State communications commission is discussing a proposal to use satellites for determining car taxes in the future. It is proposed that all of Sweden's 3.5 million cars should be equipped with a little reader fastened to the instrument board. Car users would then buy cards that can be inserted into the reader. The card would communicate with a satellite that would register where you drive and for how long. The car tax would then be withdrawn from the card. The proposal has been put forward by the State institution for communication analysis. They estimate that just the Stockholm (tax) authorities would be able to earn six billion crowns by using this system. The costs for car users would thereby increase. - - - - The reference to "feetcuffs" (by analogy to "handcuffs" - ankle shackles?) is an allusion to radio transmitters that are irremovably fastened to the ankles of some criminals in this country so that the authorities can monitor their compliance with the rules of house arrest. The word "communication" is meant to include car traffic etc. The word "billion" is given in its US meaning: a thousand million. The risks? Apart from the risks of having very complex systems automatically determine how much you have to pay, there are the usual privacy considerations. Some cry out "big brother". Others say you are already in this situation if you carry a cellular phone. Feliks Kluzniak, Carlstedt Research & Technology, Gothenburg [ Cellular phone privacy issues aside, the last time I checked, there were no laws requiring persons to carry cellular phones, or to leave them activated as they travel from location to location. The proposed vehicle tracking system would certainly fall into a completely different category of privacy problems. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Mon, 10 Feb 1997 02:25:11 -0500 From: Monty Solomon Subject: Maryland Motor Vehicles Department Sells Privacy Down the River Excerpt from ACLU News 02-06-97 Maryland Motor Vehicles Department Sells Privacy Down the River BALTIMORE -- The practice of selling personal information by the Maryland Motor Vehicles Administration has raised lots of money as well as privacy concerns, the Washington Times reports. Over the past two years, MVA has grossed $5.7 million dollars by selling people's driver's license records to independent companies. Baltimore's MVA sells records either in bulk, giving 10,000 records for $500, or individually at $5 a piece. Bankers, retailers, private investigators and insurance companies have all been known to purchase thousands of records from MVA and use the lists for subscription programs through mail solicitation. The amount of money that MVA raises is relatively small, and not a "compelling" justification for violating people's privacy rights, said Susan Goering, the executive director of the American Civil Liberties Union in Maryland. "It's bad enought that private concerns are [selling records], but to have the government making use of our personal information is outrageous," Goering said. "I think the role of government is to protect people from the invasions of privacy that already exist." Until now, the choice about the distribution of one's information has existed, but not been publicized in Maryland. Out of the 3 million people that have drivers' licenses, only 6,018 have made that choice since 1985. "It's bad enough that privacy concerns are compromised by this practice, but the fact that people aren't informed about the option of sealing their records is even worse," Goering said. ------------------------------ Date: Thu, 30 Jan 1997 12:59:35 -0800 From: John van Heteren Subject: Berkeley Student Takes 3.5 Hours to Crack RSA 40-bit Key [ From TELECOM Digest; Volume 17 : Issue 26 -- MODERATOR ] ---- Thought you'd be interested in the following article that I found at: http://www.urel.berkeley.edu/releases/ John van Heteren vanhet@sirius.com ---- Berkeley -- It took UC Berkeley graduate student Ian Goldberg only three and a half hours to crack the most secure level of encryption that the federal government allows U.S. companies to export. Yesterday (1/28) RSA Data Security Inc. challenged the world to decipher a message encrypted with its RC5 symmetric stream cipher, using a 40-bit key, the longest keysize allowed for export. RSA offered a $1,000 reward, designed to stimulate research and practical experience with the security of today's codes. Goldberg succeeded a mere 3 1/2 hours after the contest began, which provides very strong evidence that 40-bit ciphers are totally unsuitable for practical security. "This is the final proof of what we've known for years: 40-bit encryption technology is obsolete," Goldberg said. RSA's RC5 cipher can however be used with longer keysizes, ranging from 40 to 2,048 bits, to provide increasing levels of security. U.S. export restrictions have limited the deployment of technology that could greatly strengthen security on the Internet, often affecting both foreign and domestic users, Goldberg said. "We know how to build strong encryption; the government just won't let us deploy it. We need strong encryption to uphold privacy, maintain security, and support commerce on the Internet -- these export restrictions on cryptography must be lifted, " he said. Fittingly, when Goldberg finally unscrambled the challenge message, it read: "This is why you should use a longer key." The number of bits in a cipher is an indication of the maximum level of security the cipher can provide, Goldberg said. Each additional bit doubles the potential security level of the cipher. A recent panel of experts recommended using 90-bit ciphers, and 128-bit ciphers are commonly used throughout the world, but U.S. government regulations restrict exportable U.S. products to a mere 40 bits. Goldberg used UC Berkeley's Network of Workstations (NOW) to harness the computational resources of about 250 idle machines. This allowed him to test 100 billion possible "keys" per hour -- analogous to safecracking by trying every possible combination at high speed. This amount of computing power is available with little overhead cost to students and employees at many large educational institutions and corporations. Goldberg is a founding member of the ISAAC computer security research group at UC Berkeley, which is led by assistant professor of computer science Eric Brewer. In the fall of 1995 the ISAAC group made headlines by revealing a major security flaw in Netscape's web browser. ------------------------------ End of PRIVACY Forum Digest 06.03 ************************