|
CPSR Alert Volume 1, Number 1
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Date: Tue, 3 Sep 91 14:40:46 EDT
From: [email protected] (Ronni Rosenberg)
Message-Id: <[email protected]>
Subject: CPSR Alert 1.01
CPSR Alert 1.01
=============================================================
#### #### ### #### # # #### #### #####
# # # # # # # # # # # # #
# ### # ### ##### # ### ### #
# # # # # # # # # # # #
#### # ### # # # # #### #### # # #
=============================================================
CPSR Alert 1.01
Tuesday, September 3, 1991
The CPSR Alert is published by the CPSR Washington Office
Send comments to [email protected]
CPSR membership information contact: [email protected]
- -------------------------------------------------------------
Contents
[1] Welcome
[2] Secret Service Responds to CPSR FOIA Request
[3} NIST Announces Digital Signature Standard
[4] CPSR Challenges IRS SSN Practice
[5] What Do You Think? CPSR and the SSN
[6] Upcoming CPSR Events
[7] Roundtable Resource Books Available
- -------------------------------------------------------------
[1] Welcome
This is the first issue of the CPSR Alert, a publication
for CPSR members about activities in Washington, DC. We plan
to keep the items short and interesting. Our goal is to get
out two issues a month. Comments are welcome.
Initial circulation will be through CPSR-Chapters, CPSR-
Activitists, and CPSR-Civil-Liberties. We apologize
if this results in some duplication.
- -------------------------------------------------------------
[2] Secret Service Responds to CPSR FOIA Request
In the fall of 1990, CPSR filed two Freedom of
Information Act requests with the Secret Service, seeking
information about Operation Sun Devil and other computer
crime investigations. When the Secret Service failed to
respond to CPSR's request, we filed a lawsuit asking that the
agency be compelled to disclose information about Sun Devil.
Shortly after we filed the suit, the Secret Service
agreed to meet with us to discuss our request for information
about "non-Sun Devil" computer crime investigations. Marc
Rotenberg, David Sobel and EFF's Mike Godwin spoke with the
Secret Service and arranged for the agency's processing of:
1) records on computer crime investigation policy; and 2)
records on individuals believed to be the subjects of Secret
Service investigations (and who consented to the release of
such records).
The Secret Service has now released some information
about computer crime investigation policy. The agency also
said that the processing of records concerning the named
individuals is proceeding and that it will not claim a blanket
"law enforcement" exemption for that material, as it had
previously suggested it would. We intend to litigate any
substantial withholding of this information.
For more information, contact [email protected]
- -------------------------------------------------------------
[3] NIST Announces Proposed Digital Signature Standard
The National Institute for Standards and Technology has
announced a proposed new standard for digital signatures.
CPSR has previously raised questions about the role of the
National Security Agency in setting cryptography standards.
We plan to get more information about this.
We would appreciate comments from CPSR members about
the new proposal. Copies of the specifications section of the
proposal, which deals with the technical aspects of the standard,
can be obtained from:
Standards Processing Coordinator (ADP)
National Institute of Standards & Technology
Technology Bldg., Room B-64
Gaitherburg, MD 20899
(301) 975-2816
Comments on the proposed standard should be sent, no
later than November 27, 1991 to:
Director
Computer Systems Laboratory
National Institute of Standards & Technology
ATTN: Proposed FIPS for DSS
Technology Bldg., Room B-154
Gaitherburg, MD 20899
Please send a copy of any comments submitted to NIST to
the CPSR Washington Office. For further information, contact
[email protected].
- -------------------------------------------------------------
[4] CPSR Challenges IRS SSN Practice
In mid-August CPSR filed a "friend of the court" brief
in the federal court of appeals, calling into question the
IRS's practice of placing a Social Security Number on the
mailing label of the form 1040. We alleged that the IRS is
violating the Privacy Act of 1974 and creating an unnecessary
privacy risk.
The case arose when a computer scientist in Willingboro,
New Jersey questioned the practice of routinely displaying
the Social Security Number. Dr. Peter Zilahy Ingerman
believes that inexpensive encryption would make it possible
for the IRS to maintain accurate records while protecting the
confidentiality of the SSN. He earlier wrote to the IRS
Commissioner and asked that the IRS revise its policy. When
the Commissioner ignored the request, Mr. Ingerman filed suit
in federal district court.
Mr. Ingerman's complaint states that "By knowingly and
intentionally placing the addressee's social security number
on the mailing label, the IRS inevitably and needlessly
discloses the addressee's social security number to Postal
Service employees and to all others who may happen to have
access to the mailing label."
The complaint further states that "Any efficiency which
the IRS obtains by including taxpayer's social security
numbers on mailing labels could easily be obtained without
needless disclosure of social security numbers through
encryption of the social security numbers."
The CPSR brief supports the claims made by Mr.
Ingerman. CPSR notes the long-standing concern of the
computing community to design safe information systems, and
the particular effort of Congress to control the misuse of
the SSN. The CPSR brief further describes current efforts in
Europe to control the misuse of national identifiers, like
the Social Security Number.
- -------------------------------------------------------------
[5] What Do You Think? CPSR and the SSN
During the past few years CPSR has become increasingly
concerned about the misuse of the Social Security Number
(SSN). The Civil Liberties Group in Palo Alto has monitored
problems with SSN misuse. In Washington, CPSR has testified
against the use of the SSN as a national identifier. Readers
of RISKS may have also seen the recent article about SSN
abuse in the San Francisco Chronicle (8/30/91).
There is general agreement within the computer
profession that the unrestricted use of the SSN undermines
privacy. A universal identifier makes it easy for
organizations to join files from separate databases.
As CPSR/Palo Alto member Chris Hibbert has said,
"Even assuming you want someone to be able to find out some
things about you, there's no reason to believe that you
want to make all records concerning yourself available to
others. When multiple record system are all keyed by the
same identifier . . . it becomes difficult to allow someone
access to some of the information about a person while
restricting access to specific topics."
The ACM opposed the development of universal identifiers
and called for legislative protection back in 1974.
What should CPSR do? We played an important role in the
effort to stop Lotus Marketplace. What should we do about
the SSN?
Please send comments to [email protected]
- -------------------------------------------------------------
[6] Upcoming Events
Sept 4-5 Electronic Democracy Conference, Washington, DC
Sept 6, US Privacy Council Meeting, Washington, DC
Canadian privacy expert Tom Riley to speak
CPSR Washington Office, 12 to 2
Contact [email protected]
Sept 16, CPSR 10th Anniversary Dinner, Mountain View, CA
Tickets are still available for this premier event!
Contact [email protected]
Oct 12-13, CPSR Annual Meeting, Boston, MA
Keynote speaker: John Shattuck, former chairman
Amnesty International and former director
ACLU Washington Office
Contact [email protected]
1992
Mar 18-20, Computers, Freedom & Privacy, Washington, DC
Contact [email protected]
- -------------------------------------------------------------
[7] Roundtable Resource Books Available
Copies of the resource book used at the June
CPSR-EFF policy roundtable are available. Contact
[email protected].
------------------- END CPSR Alert 1.01 ---------------------
=============================================================
|
|
