|
Computer Privacy Digest Vol 2 #009
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Wed, 27 Jan 93 Volume 2 : Issue: 009
Today's Topics: Moderator: Dennis G. Rears
Re: SSN as a red herring
Listening to cordless telephone conversations
Released GSA Documents Slam FBI Wiretap Proposal
SSN and new baby
CFP Special Issue on Security [Change in Due Date]
Re: The UPS clipboard
Re: worries about privacy could tone down success of caller ID
Re: Litigation, SSN and IRS
Re: Radar Detector Prohib
RE: RE: SSN and new baby
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Jim Haynes <[email protected]>
Subject: Re: SSN as a red herring
Date: 15 Jan 1993 19:58:25 GMT
Organization: University of California; Santa Cruz
In article <[email protected]> [email protected] (Carl Ellison) writes:
>
>To me, the SSN is just one of many IDs which would allow some record about
>me to be correlated with some other record. However, I assume that there
>are many such identifiers or characteristics -- either alone or in
>combination with others.
>
>Has anyone considered how to conduct one's life in order to avoid all such
>correlation of records? [This strikes me as possibly a cryptographic
>problem, thus the cross-post.]
Well, according to some recent items in comp.risks in which people's drivers
licenses are being revoked mistakenly, it seems that you must have a name
which is unpronounceable and doesn't spell anything like anybody else's,
and a birth date which nobody else could possibly have.
So, yes, it does have something to do with cryptography - you get your name
and birth date from a true one-time pad.
--
[email protected]
[email protected]
------------------------------
From: [email protected]
Subject: Listening to cordless telephone conversations
Date: 15 Jan 93 23:31:44 EST
Organization: Western Michigan University
Hi,
I understand that listening to radio signals via a scanner, etc
is legal. However, is it legal to listen to a telephone conversation
taking place on a cordless telephone and if so, can it be done using
a scanner ???
Any comments/suggestions will be welcomed.
Thank You in adv.
Percy.
[Moderator's Note: Last I heard it was legal to listen to but illegal
to disclose the contents of the conversation or profit from it. ._dennis ]
------------------------------
Date: Sat, 16 Jan 1993 10:22:23 -0500
From: Dave Banisar <[email protected]>
Subject: Released GSA Documents Slam FBI Wiretap Proposal
"GSA Memos Reveal that FBI Wiretap Plan was
Opposed by Government's Top Telecomm Purchaser"
The New York Times reported today on a document obtained
by CPSR through the Freedom of Information Act. ("FBI's
Proposal on Wiretaps Draws Criticism from G.S.A.," New York
Times, January 15, 1993, p. A12)
The document, an internal memo prepared by the General
Services Administration, describes many problems with the
FBI's wiretap plan and also shows that the GSA strongly
opposed the sweeping proposal. The GSA is the largest
purchaser of telecommunications equipment in the federal
government.
The FBI wiretap proposal, first announced in March of
1992, would have required telephone manufacturers to design
all communications equipment to facilitate wire surveillance.
The proposal was defeated last year. The FBI has said that it
plans to reintroduce a similar proposal this year.
The documents were released to Computer Professionals
for Social Responsibility, a public interest organization,
after CPSR submitted Freedom of Information Act requests
about the FBI's wiretap plan to several federal agencies last
year.
The documents obtained by CPSR reveal that the GSA,
which is responsible for equipment procurement for the
Federal government, strongly opposed two different versions
of the wiretap plan developed by the FBI. According to the
GSA, the FBI proposal would complicate interoperability,
increase cost, and diminish privacy and network security.
The GSA also stated that the proposal could "adversely
_affect national security._"
In the second memo, the GSA concluded that it would be a
mistake to give the Attorney General sole authority to waive
provisions of the bill.
The GSA's objections to the proposal were overruled by
the Office of Management and Budget, a branch of the White
House which oversees administrative agencies for the
President. However, none of GSA's objections were disclosed
to the public or made available to policy makers in
Washington.
Secrecy surrounds this proposal. Critical sections of a
report on the FBI wiretap plan prepared by the General
Accounting Office were earlier withhold after the FBI
designated these sections "National Security Information."
These sections included analysis by GAO on alternatives to
the FBI's wiretap plan. CPSR is also pursuing a FOIA lawsuit
to obtain the FBI's internal documents concerning the wiretap
proposal.
The GSA memos, the GAO report and others that CPSR is
now seeking indicate that there are many important documents
within the government which have still not been disclosed to
the public.
Marc Rotenberg
CPSR Washington office
[email protected]
Note: Underscores indicate underlining in the original text.
Dashes that go across pages indicate page breaks.
[Computer Professionals for Social Responsibility is a non-
profit, public interest membership organization. For
membership information about CPSR, contact
[email protected] or call 415/322-3778. For information
on CPSR's FOIA work, contact David Sobel at 202/544-9240
([email protected]).]
-------------------------------------------------------------
(#4A)
Control No. X92050405
Due Date: 5/5/92
Brenda Robinson (S)
After KMR consultations, we still _"cannnot support"_ Draft
Bill. No. 118 as substantially revised by Justice after its
purported full consideration of other agencies' "substantive
concerns."
Aside from the third paragraph of our 3/13/92 attachment
response for the original draft bill, which was adopted as
GSA's position (copy attached), Justice has failed to fully
address other major GSA concerns (i.e., technological changes
and associated costs).
Further, by merely eliminating the FCC and any discussion of
cost issues in the revision, we can not agree as contended by
Justice that it now " ... takes care of kinds of problems
raised by FCC and others ...."
Finally, the revision gives Justice sole unilateral exclusive
authority to enforce and except or waive the provisions of
any resultant Iaw in Federal District Courts. Our other
concerns are also shown in the current attachment for the
revised draft bill.
Once again OMB has not allowed sufficient time for a more
through review, a comprehensive internal staffing, or a
formal response.
/Signature/
Wm. R. Loy KMR 5/5/92
Info: K(Peay),KD,KA,KB,KE,KG,KV,KM,KMP,KMR,R/F,LP-Rm.4002
(O/F) - 9C1h (2) (a) - File (#4A)
-------------------------------------------------------------
ATTACHMENT
REVISED JUSTICE DRAFT BILL
DIGITAL TELEPHONY
The proposed legislation could have a widespread impact on
the government's ability to acquire _new_ telecommunications
equipment and provide electronic communications services.
_Existing_ Federal government telecommunications resources
will be affected by the proposed new technology techniques
and equipment. An incompatibility and interoperability of
existing Federal government telecommunications system, and
resources would result due to the new technological changes
proposed.
The Federal Communications Commission (FCC) has been removed
from the legislation, but the Justice implementation may
require modifications to the "Communications Act of 1934,"
and other FCC policies and regulations to remove
inconsistencies. This could also cause an unknown effect on
the wire and electronic communications systems operations,
services, equipment, and regulations within the Federal
government. Further, to change a major portion of the United
States telecommunications infrastructure (the public switched
network within eighteen months and others within three years)
seems very optimistic, no matter how trivial or minimal the
proposed modifications are to implement.
In the proposed legislation the Attorney General has sole
_unilateral exclusive_ authority to enforce, grant exceptions
or waive the provisions of any resultant law and enforce it
in Federal District Courts. The Attorney General would, as
appropriate, only "consult" with the FCC, Department of
Commerce, or Small Business Administration. The Attorney
General has exclusive authority in Section 2 of the
legislation; it appears the Attorney General has taken over
several FCC functions and placed the FCC in a mere consulting
capacity.
The proposed legislation would apply to all forms of wire and
electronic communications to include computer data bases,
facsimile, imagery etc., as well as voice transmissions.
The proposed legislation would assist eavesdropping by law
enforcement, but it would also apply to users who acquire the
technology capability and make it easier for criminals,
terrorists, foreign intelligence (spies) and computer hackers
to electronically penetrate the public network and pry into
areas previously not open to snooping. This situation of
easier access due to new technology changes could therefore
affect _national security_.
(1)
-------------------------------------------------------------
The proposed legislation does not address standards and
specifications for telecommunications equipment nor security
considerations. These issues must be addressed as they effect
both the government and private industry. There are also
civil liberty implications and the public's constitutional
rights to privacy which are not mentioned.
it must be noted that equipment already exists that can be
used to wiretap the digital communications lines and support
court- authorized wiretaps, criminal investigations and
probes of voice communications. The total number of
interception applications authorized within the United States
(Federal and State) has been averaging under nine hundred per
year. There is concern that the proposed changes are not cost
effective and worth the effort to revamp all the existing and
new telecommunications systems.
The proposed bill would have to have the FCC or another
agency approve or reject new telephone equipment mainly on
the basis of whether the FBI has the capability to wiretap
it. The federal- approval process is normally lengthy and the
United States may not be able to keep pace with foreign
industries to develop new technology and install secure
communications. As a matter of interest, the proposed
restrictive new technology could impede the United States'
ability to compete in digital telephony and participate in
the international trade arena.
Finally, there will be unknown associated costs to implement
the proposed new technological procedures and equipment.
These costs would be borne by the Federal government,
consumers, and all other communications ratepayers to finance
the effort. Both the Federal government and private industry
communications regular phone service, data transmissions,
satellite and microwave transmissions, and encrypted
communications could be effected at increased costs.
(2)
=============================================================
Documents disclosed to Computer Professionals for Social
Responsibility (CPSR), under the Freedom of Information Act
December 1992
=============================================================
------------------------------
From: robert.heuman@rose.com (robert heuman)
Subject: SSN and new baby
Organization: Rose Media Inc, Toronto, Ontario.
Date: Mon, 18 Jan 1993 15:01:02 GMT
Date Entered: 01-18-93 09:56
-=> Quoting "m. Adams/starowl" <staro to All <=-
"A<> According to the IRS, if you wish to claim a child over age 1 as a
"A<> dependent for tax purposes, that child *must* have a SSN.
"A<> True, the kid doesn't need a SSN for hirself, but the
"A<> parent(s)/guardian(s) might need the kid to have a SSN.....
And if the parents are US Citizens abroad, as in Canada, and the children are
born in Canada and are considered Canadian by Canada (and are NOT registered
at the US Consulate, so they will not be in any draft list) but are still
dependents of their US Citizen parents [and, BTW, are considered US
citizens by US Immigration (I know... I have two sons in that situation.)]???
Is a SSN still needed to claim them on the tax return???
And if the hospital is in Canada, and NOT in the US... etc.... etc.... etc...
I fail to see how any other jurisdiction can permit this lunacy to prevail
over its own laws, or in contradiction to its laws.. (for example European
privacy legislation might make transmission of this information to the US
highly illegal). What is the US government's position in respect of non-US
residents who are deductable on their US Citizen parents tax returns?
Convoluted, or not, you should understand my concern.
Bob
... Twice as Human as anyone else - My Opinions are my Own!
___ Blue Wave/QWK v2.12
---
RoseMail 2.00 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285
------------------------------
From: Matt Bishop <[email protected]>
Subject: CFP Special Issue on Security [Change in Due Date]
Reply-To: Matt Bishop <[email protected]>
Organization: Purdue University
Date: Mon, 18 Jan 1993 13:04:30 GMT
[NOTE CHANGE IN SUBMISSIONS DUE DATE: IT IS NOW JUNE 1, 1993]
Matt Bishop will be Guest Editor of a special issue of the journal
"Computing Systems" to be published in 1993. The issue will be
devoted to "Security and Integrity of Open Systems." Papers on all
aspects of policy, issues, theory, design, implementation, and
experiences with security and integrity in open systems are solicited
for the issue. The deadline for submissions is June 1, 1993; papers
submitted after this deadline will not be considered. Prospective
authors should send five copies of their papers to:
Professor Matt Bishop
Mathematics and Computer Science
Dartmouth College
6188 Bradley Hall
Hanover, NH 03755-3551
(603) 646-3267
[email protected]
Submissions should not have appeared in other archival publications
prior to their submission. Papers developed from earlier conference,
symposia and workshop presentations are welcome.
"Computing Systems" is a journal dedicated to the analysis and
understanding of the theory, design, art, engineering and
implementation of advanced computing systems, with an emphasis on
systems inspired or influenced by the UNIX tradition. The journal's
content includes coverage of topics in operating systems,
architecture, networking, interfaces, programming languages, and
sophisticated applications.
"Computing Systems" (ISSN 0895-6340) is a refereed, quarterly journal
published by the University of California Press for the USENIX
Association. Usenix is a professional and technical association of
individuals and institutions concerned with breeding innovation in the
UNIX tradition.
Now in its fifth year of publication, "Computing Systems" is regularly
distributed to 4900 individual subscribers and over 600 institutional
subscribers (libraries, research labs, etc.) around the world. Some
special-topic issues are often distributed more widely.
The editor-in-chief of "Computing Systems" is Mike O'Dell of Bellcore.
Gene Spafford of Purdue University is Associate Editor, and Peter
Salus of the Sun User Group is the Managing Editor.
------------------------------
From: [email protected] (Richard M. Hartman)
Subject: Re: The UPS clipboard
Date: 15 Jan 93 15:11:24 GMT
Organization: negligable
Source-Info: From (or Sender) name not authenticated.
In article <[email protected]> [email protected] (Roy M. Silvernail) writes:
>Jarrod Staffen <[email protected]> writes:
>
>> BTW, UPS is not ignoring security risks. They just ignore people
>> who ask about safety risks. They know what is possible.
>
>Doesn't that strike you as extremely arrogant?
Not necessarily. It could be a security measure...
>> IMO, though, I think they should do something more to ensure the
>> safety of their electronic data.
>
>And IMO, they should be a little more forthcoming to their customers
>about the precautions they do take (if, in fact, they take any at all...
>I'm still not very convinced).
If they made a habit of disclosing their security measures to
every TD&H who asked, then it would not be secure for very long.
As long as the measures are unknown, the means to defeat them
remain unspecified. Once you know a security measure, you can
begin working on the means to defeat it.
I have to side w/ UPS policy on disclosure on this one.
After all, they have a right to their privacy, don't they? <g>
>As a computer professional, I was
>not exactly enthralled to be summarily dismissed by a marketing droid
>who obviously had no grasp of the technical issues I raised.
Don't raise technical issues with marketing droids.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
And the men who hold high places |
must be the ones who start | -Richard Hartman
to mold a new reality | [email protected]
closer to the heart! |
------------------------------
From: "Richard M. Hartman" <[email protected]>
Subject: Re: worries about privacy could tone down success of caller ID
Date: Tue, 19 Jan 93 5:58:44 PST
I don't really see what the problem is. If you have a peephole
in the door, you can see me when I knock before letting me in.
If I cover the peephole with my thumb, you cannot see me.
It is then your option to not open the door.
What is the problem with having both Caller-ID (peephole),
and Caller-ID-Blocking (thumb)?
-Richard Hartman
[email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"If we do not succeed, we risk failure." -D. Quayle
[Moderator's Note: Would anyone out there be willing to put together a
FAQ on caller-id? This faq should be bias free and mention arguements
for and against caller-id, line blocking, per call blocking, ANI vs
Caller-id, etc. ._dennis ]
------------------------------
From: [email protected]
Date: 19 Jan 93 12:43:17 CDT
Subject: Re: Litigation, SSN and IRS
Reply-to: [email protected]
It appears that perhaps this information has once again become
pertinent to the comp.privacy newsgroup. I assume I am sending this
to the correct address. Again, this is for your use to post if you
deem necessary.
Up until a year ago, I had not been claiming my children older than 1
year as dependents because I refuse to get them a SSN. A year ago, I
found out that the President of the Home School Legal Defense
Association (Michael Farris) tried to sue the IRS over its
requirement of SSN's for children. I wrote requesting to be included
in any class action that might be planned. I received three letters
in response. I reproduce the salient one here for your use if you see
fit.
The letter is on letterhead of the Christian Justice Fund:
Dear Friends,
This letter is to advise you of the options regarding the filing
of your income tax return in light of your desire to avoid obtaining
a Social Security number for your children.
First of all, everyone should realize that because of a certain
judge's ruling, it is procedurally impossible for us all to join
together in one suit. It is also impossible for us to do a separate
lawsuit for each of the families. We do not have enough resources,
not do I have enough time. We are going to pursue one or perhaps two
lawsuits to set a precedent for all families.
As an attorney, I cannot tell you to violate the law. However, I
can tell you the probable consequences of different courses of
action. All of these options assume that you do not obtain a Social
Security number for your children.
1. You can file your return and not claim your children as
dependents. This is totally safe. However, this costs you a
substantial amount of money *and* will not put you in a good position
to challenge the legality of this requirement.
2. You can file your return and claim your children. If you do
this, simply leave the sections regarding Social Security numbers
blank. This positions you to challenge the IRS requirement. These are
the risks: 1) You could receive a penalty of either $5 or $50 per
child; 2) Your dependency deduction could be disallowed; 3) You could
be audited and required to prove that the child is truly your
dependent; or 4) You could be criminally prosecuted.
Everyone that I have talked to (including attorneys for the
Justice Department) agree that criminal prosecution is extremely
unlikely. The most likely outcome is #3.
3. You can file your return, claim your children, and submit a
$5 penalty per child with your return. I would not recommend this
option. However, see #4 which follows.
4. If you receive a notice assessing a $5 penalty, pay it. We
then have you in a position to sue for a refund of the $5 and test
the legality of the rule.
It is my opinion that a challenge to this law cannot be mounted
unless a number of families choose option #2. There is a strong
likelihood that the IRS will only require us to prove dependency. If
this is the case, no lawsuit will be required. Also, we may choose
not to proceed if they simply assess $5 penalties.
I hope this answers your questions. Please _write_ if you have
further questions.
Sincerely,
Michael P. Farris
Philip Hurley "It is absurd to say that you are
T.A.E.X. especially advancing freedom when you only
Computer Technology use free thought to destroy free will."
(409) 845-9689 -- Chesterton
[email protected] I, too, disclaim.
------------------------------
From: [email protected] (GORDON ALLEN R)
Subject: Re: Radar Detector Prohib
Organization: University of Colorado, Boulder
Date: 20 Jan 93 15:39:51 GMT
As one aside from this thread, the radar detector I had in my car was
stolen. When I informed my insurance company, I was informed that they
are illegal and therefor not covered by my comprehensive policy. I
told them that there is no law in colorado regarding their illegality.
I was then informed that their purpose was to break the law and was not
covered... When I mentioned that they were assuming I was guilty and
must prove my innocence, instead of the other way around, the person
kindly told me that it is just their policy. End of conversation.
--
Allen Gordon *If the folly of but one of us was changed to*
Research Associate *intelligence, and divided amongst a thousand*
[email protected] *toads, each would be more intelligent than *
*Aristotle *
------------------------------
From: J.Clemens/D17-1@g-ate.uscghq.uscg.mil
Subject: RE: RE: SSN and new baby
Date: 20 Jan 93 7:35:26 EST
> Mike Brokowski <[email protected]> writes:
> It seems government have been registering births of children at least
> since the Roman times (given the reason for the census at Christs'
> birth).
Actually, Jesus' birth was incidental to the census. Joseph was the
one who had to register, with his family. (Luke 2:1-5)
Jonathan
------------------------------
End of Computer Privacy Digest V2 #009
******************************
|
|
