Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Privacy :: priv_707.txt

Privacy Digest 7.07 4/19/98




The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:

    http://www.vortex.com

-----------------------------------------------------------------------

PRIVACY Forum Digest      Sunday, 19 April 1998      Volume 07 : Issue 07

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	                 http://www.vortex.com 
	
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
	GTE publishes unlisted California phone numbers and addresses
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	GSM cellular phone encryption cracked
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Warrants on the web (Phil Agre)
	Privacy of Medical Information (Lewis Lorton)
	Fax machine cartridges and privacy (Paul E. Baclace)
	Canada Sets the Stage for Encryption Action (Ama-gi)
	Judge Sets Highest Legal Hurdle For Using Blocking Software 
	   in Libraries (Monty Solomon)
	Book announcement--"Technology and Privacy: The New Landscape"
	   (Jud Wolfskill)
	Policy98 (Barbara Simons)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  

Access to PRIVACY Forum materials is also available through the Internet
World Wide Web (WWW) via the Vortex Technology WWW server at the URL:
"http://www.vortex.com"; full keyword searching of all PRIVACY Forum files
is available via WWW access.
-----------------------------------------------------------------------------

VOLUME 07, ISSUE 07

   Quote for the day:

       "Of course I have enemies--I'm in show business!"

	     -- Alexander King (Fred Clark)
	        "The Curse of the Mummy's Tomb" (Hammer Films; 1964)

----------------------------------------------------------------------

Date:    Sun, 19 Apr 98 11:27 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: GTE publishes unlisted California phone numbers and addresses

Greetings.  In an error likely to be amongst the more memorable in recent
California telecommunications history, GTE mistakenly published the unlisted
phone numbers (and apparently also addresses) of about 50,000 California
phone subscribers (presumably GTE subscribers).  

These were not published in the "regular" telephone books, but rather in the
special books such as the "street address" versions leased to telemarketers and
other commercial operations.  One report is that the problem was actually
discovered in early March, and that GTE had been quietly working to retrieve
the books--they claim that by Monday, April 20 about 90% of the nearly 9000
faulty books would be recovered.  Of course, once such information
is released, there's no way to ever get it all back.  Even in the absence
of machine-readable distribution of the information, it seems obvious
that at least some of the books will not be successfully retrieved,
and there's no telling how much copying of "interesting" portions
might have occurred.

As far as I've been able to determine at this time, GTE apparently did not
make any attempts to notify customers whose number and/or address had been
mistakenly released.  The California PUC has expressed serious concern about
this lapse, and has the power to impose massive fines (so massive, in fact,
that it is very unlikely that the full force of such action would be imposed).

Outside of the fact that customers pay a monthly fee for their unlisted
numbers, many have such status for reasons relating to their personal
safety--including estranged spouses, celebrities, and many others.  GTE is
California's second largest telco (after Pacific Bell).  Most or all of the
released numbers apparently relate to GTE service areas in Southern
California.  GTE territory in the L.A. area includes upscale communities
such as Bel Air, Santa Monica, Pacific Palisades, Malibu, and other areas
where unlisted numbers make up a very high percentage of overall residential
lines.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Sun, 19 Apr 98 11:37 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: GSM cellular phone encryption cracked

Greetings.  It has been reported that computer researchers at the University
of California Berkeley have cracked part of the codes used to protect the
GSM cellular phone standard from cloning (and by extension, over-air voice
interception as well).  

GSM is widely used in Europe, and is one of the several systems used for
cellular digital phones in the U.S. (in California, it is the system used by
Pacific Bell's PCS phone network).

While the particular attack described apparently does not immediately lend
itself to realtime manipulation or interception of actual phones, it has led
some researchers to question the apparent weakness of the underlying
cryptographic system.  Some have suggested that the weakness was mandated to
permit easier interception by authorities.  Whether or not this is true is
an open question.  However, it's worth noting that in general it is much
simpler and more common for legal wiretaps of cellular callers to be placed
at the telephone central office level, where no encryption is present and
where the caller can be easily tracked as they move from cell to cell during
the course of their calls.  So the relative weakness or strength of the
underlying phone encryption system may not be as important, from that
respect anyway, as might initially be supposed. 

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Sun, 5 Apr 1998 14:24:48 -0700 (PDT)
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: warrants on the web

The public servants of the County of San Diego have made their database
of outstanding arrest warrants available on the Web:

  http://www.co.san-diego.ca.us/cnty/cntydepts/safety/marshal/warrantdata.html

(Thanks to Bruce Jones for pointing this out.)

To their (partial) credit, they include a prominent "caution":

  The information contained in the attached files may not be current
  and should not be relied upon for arrest or any other purpose.  Any
  Warrants reflected in these files may have been previously cleared
  by arrest or appearance in court.  Civil or criminal liability may
  attach to improper use of this information.

You've probably heard enough stories about errors in such files.  At
least it's necessary to type in the person's name and sort through a
page of search results.  The real action will begin when these myriad
databases begin to employ a common identifier that anyone can use to
cross-check them all automatically.

Phil Agre

------------------------------

Date:    Mon, 30 Mar 1998 09:10:36 -0500
From:    Lewis Lorton <llorton@hostnet.org>
Subject: Privacy of Medical Information

Privacy of medical information is an incredibly complex subject which is
not easily discussed in the serial presentations of a newsgroup.  Successful
solutions to the problems have eluded the best efforts of hospital
information people, civil libertarians and technologists.  From some
background and involvement my opinions are that:
	simple slogans never adequately describe the problem,
	sloganeering may attract attention but will not attract solutions,
	technology alone is not the answer, and
	the information revolution has abolished some degrees of privacy.
		  
--
Lewis Lorton, Executive Director
HOST (Healthcare Open Systems & Trials)
tel 410-715-1181  fax 410-992-7060
www.hostnet.org 444 North Capitol, NW, Suite 200 Washington, DC 20001

		[ I certainly agree that it is a complex area, unlikely to
		  be positively affected by simple "solutions."  On the
		  other hand, I submit that the "information revolution"
		  only abolishes "degrees of privacy" to the extent that we
		  permit it to do so.  Information technology does not
		  operate autonomously--it's people who create it, operate
		  it, and form the policies that guide and control its use.
		  Blaming "the machine" is not a valid excuse.

			 -- PRIVACY Forum MODERATOR ]

------------------------------

Date:    Tue, 14 Apr 1998 12:35:29 -0700
From:    "Paul E. Baclace" <peb@baclace.net>
Subject: Fax machine cartridges and privacy

When replacing the large cartridge in my "plain paper" fax machine I
discovered that it records everything for posterity on an easy-to-read
scroll of carbon paper.  It's like a typewriter ribbon, but it also keeps
all white space and formatting too.  I can read everything sent, received
and copied using the old cartridge.  Since the machine was previously owned,
the cartridge even has a record from the previous owner.

After that (not too) surprising discovery, I have the problem of disposal.
How do I destroy the old fax cartridge?  Burning in a backyard (or even
municipal) incinerator is not proper and trying to feed the scroll into a
paper shredder is very messy.

I have searched the web and found nothing on this.  

Paul E. Baclace ------>   peb@baclace.net 
Baclace.Net, Inc.    http://www.baclace.net

		[ Some older plain paper faxes (such as yours which you
		  informed me separately dated from 1994) did use this
		  technology and did indeed leave a perfect copy on the
		  carbon roll.  (Anyone else remember the old "Columbo"
		  episode where he traps the murderer via a typewriter carbon
		  ribbon?  Columbo was fascinated by the typeball...)

		  In any case, most current generation plain paper
		  faxes use conventional laserprinter (toner-based)
		  technologies, and so do not create a carbon copy.

			-- PRIVACY Forum MODERATOR ]

------------------------------

Date:    Fri, 17 Apr 1998 00:58:29 -0700
From:    "Ama-gi" <offshore@email.msn.com>
Subject: Canada Sets the Stage for Encryption Action

April 16, 1998
From Mark D. Hughes
Institute for the Study of Privacy Issues (ISPI)
ISPI4Privacy@ama-gi.com

The following was posted in:
GLIC Alert (the Global Internet Liberty Campaign Newsletter)
Volume 2, Issue 5
April 13, 1998
http://www.glic.org

[B4.4] Canada Sets the Stage for Encryption Action

On March 31, 1998, leaders of Canada's cryptography industry and privacy
advocates met in Ottawa to discuss and suggest an encryption plan for
Canada. Wired News reported that "the consensus among the group was that
Canada should continue its current stance of not implementing any domestic
crypto controls, and liberalize its existing export policies."  The article
quotes David Jones, president of Electronic Frontier Canada (EFC is a GILC
founding member): "We are firmly opposed to any policy or legislation that
would prohibit the export of encryption of encryption products, either
stored or transmitted."

In February, the Canadian government invited public comment when it issued
"A Cryptography Policy Framework for Electronic Commerce," where it depicts
several different cryptography possibilities.  According to Mark Hughes,
executive director of the Victoria-based Institute for the Study of Privacy
Issues (ISPI): "its call for public comment is, in my view, a cruel joke
because the paper was only just issued (February 21, 1998) and all public
comment must be made by April 21, 1998.  As few Canadians comprehend what
encryption is and how it affects them, two months is simply not enough time
for Canadians to sufficiently educate themselves in order to make informed
comments on the future of their electronic privacy."

Read Wired story: http://www.wired.com/news/news/politics/story/1

Canada's "Framework" proposal:
http://strategis.ic.gc.ca/SSG/cy00005e.html

Electronic Frontier Canada: http://insight.mcmaster.ca/org/efc

Institute for the Study of Privacy Issues (ISPI): ISPI4Privacy@ama-gi.com

------------------------------

Date:    Sat, 11 Apr 1998 02:30:02 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: Judge Sets Highest Legal Hurdle For Using 
	 Blocking Software in Libraries

Excerpt from ACLU News 04-07-98

		------------------------------------

	Judge Sets Highest Legal Hurdle
	For Using Blocking Software in Libraries

FOR IMMEDIATE RELEASE
Tuesday, April 7, 1998

ALEXANDRIA, VA -- In the first major ruling on the use of Internet
blocking software in libraries, a federal district judge today
forcefully rejected a government motion to dismiss a lawsuit challenging
the use of such software in public libraries in Loudoun County,
Virginia.

The American Civil Liberties Union and the ACLU of Virginia, which
represent a diverse group of eight Internet speakers seeking to reach
library patrons, hailed the ruling as one of the strongest ever defenses
of online free speech.

"We are thrilled that the judge in this case, a former librarian,
recognized the Internet as the ultimate library resource," said Ann
Beeson, an ACLU staff attorney who appeared before the court.

"Every member of every library board considering an Internet-blocking
policy ought to read the judge's ruling," said Kent Willis, Executive
Director of the ACLU of Virginia. "It will remind them of why we have
libraries and why an unfettered Internet serves the fundamental purpose
of libraries better than any invention since the printing press."

In a 36-page decision issued earlier today, Judge Leonie M. Brinkema of
the U.S. District Court for the Eastern District of Virginia said that
the government had "misconstrued the nature of the Internet" and held
that "the Library Board may not adopt and enforce content-based
restrictions on access to protected Internet speech."

Calling public libraries places of "freewheeling and independent
inquiry," Judge Brinkema quoted extensively from Reno v. ACLU, the
landmark Supreme Court decision on Internet free speech, noting that the
Court "analogized the Internet to a 'vast library including millions of
readily available and indexed publications,' the content of which 'is as
diverse as human thought.'"

The court today also rejected the notion that the use of blocking
software can be considered analogous to a librarian selecting certain
materials, noting that Internet publications "exist only in
'cyberspace,'" and do not "take up shelf space or require physical
maintenance of any kind."

Nor do such publications cost money, the judge said, noting that in
fact, "it costs a library more to restrict the content of its collection
by means of blocking software than it does for the library to offer
unrestricted access to all Internet publications."

Beeson said that although the case will still go forward, the
unequivocal language of the ruling gave the government a very high
burden to meet in its defense of the blocking policy.

"Blocking software is nothing more than CDA in a box," Beeson said.
"With today's ruling, the court correctly applied the same level of
First Amendment scrutiny that the Supreme Court used in rejecting the
CDA."

Beeson also said that the ruling should serve as a strong deterrent to
recent efforts in Congress to mandate the use of blocking software in
public schools and libraries.

In a unanimous voice vote last month, the Senate Commerce Committee
passed the Internet School Filtering Act, a bill that requires all
public libraries and schools that receive federal funds for Internet
access to use blocking software. Urging against the policy, the ACLU
said in a letter to the Committee that "the government may not condition
federal funding on unconstitutional requirements," emphasizing that
"parents and teachers, not the government, should provide minors with
guidance about accessing the Internet."

In the Loudoun case, the national ACLU and the ACLU of Virginia
intervened in the lawsuit on behalf of a diverse group of speakers
outside of the county -- and even outside the United States -- who want
to reach their intended worldwide audience, including library patrons in
Loudoun County.

The ACLU's plaintiffs are:

-- The Safer Sex Page, created by John Troyer.
-- Banned Books Online, created by John Ockerbloom.
-- American Association of University Women Maryland (AAUW Maryland).
-- Rob Morse, an award-winning columnist for the San Francisco Examiner.
-- Books for Gay and Lesbian Teens Youth Page, created by 18-year-old
Jeremy Myers.
-- Sergio Arau, the popular Mexican artist and rock singer known as "El
Padrino."
-- Renaissance Transgender Association, a group serving the
transgendered community.
-- The Ethical Spectacle, created by Jonathan Wallace.

In its complaint, the ACLU said that the library's Internet policy
purports to block access to materials that are "pornographic" or
"harmful to juveniles." But the ACLU's complaint charges that by using
blocking software to implement the policy, the library board is in fact
"removing books from the shelves" of the Internet with value to both
adults and minors in violation of the Constitution.

In objecting to the block on their clients' speech, the ACLU's complaint
noted that websites offering opposing views are not blocked. "For
example, Defendants do not block sites opposing homosexuality and
transgender behavior, opposing employment by women outside the home,
favoring Internet censorship, and promoting abstinence rather than safer
sex practices."

Representing the ACLU's clients are national ACLU lawyers Ann Beeson,
Chris Hansen and Marjorie Heins, and Mary Bauer, Legal Director of the
ACLU of Virginia.

	Complete information on the intervention, including the ACLU's 
complaint, links to plaintiffs' web pages, and related cyber-law cases,
can be found on the ACLU Freedom Network at 
http://www.aclu.org/issues/cyber/hmcl.html.

------------------------------

Date:    Wed, 1 Apr 1998 16:57:06 -0400
From:    wolfskil@MIT.EDU (Jud Wolfskill)
Subject: Book announcement--"Technology and Privacy: The New Landscape"

The following is a book which readers of this list might find of interest.
For more information please visit
http://mitpress.mit.edu/promotions/books/AGRTHF97

Technology and Privacy: The New Landscape
edited by Philip E. Agre and Marc Rotenberg

Privacy is the capacity to negotiate social relationships by controlling
access to information about oneself. As laws, policies, and technological
developments increasingly structure our relationships with social
institutions, privacy faces new threats and new opportunities. Recent
changes in the realm of technology and privacy have created a landscape
that is both dangerous and encouraging. Among the most significant of these
changes are large increases in communications bandwidths, widespread
adoption of computer networking and public-key cryptography, mathematical
innovations that promise a vast family of protocols for protecting identity
in complex transactions, new digital media that support a wide range of
social relationships, the emergence of a new generation of technologically
sophisticated privacy activists, the accumulation of practical experience
in the development and application of data-protection laws, and the rapid
globalization of manufacturing, culture, and policy making.

The essays in this book provide a new conceptual framework for analyzing
and debating privacy policy and for designing and developing information
systems. The authors are international experts in the technical, economic,
and political aspects of privacy; the book's strength is its synthesis of
these three aspects. The book provides equally strong analyses of privacy
issues in the United States, Canada, and Europe.

Philip E. Agre is Assistant Professor in the Department of Communication at
the University of California, San Diego. Marc Rotenberg is Director of the
Electronic Privacy Information Center in Washington and Adjunct Professor
at the Georgetown University Law Center.

October 30, 1997
6 x 9, 336 pp., 13 illus.
ISBN 0-262-01162-X

Jud Wolfskill
Publicity Assistant                 Phone:  (617) 258-0603
MIT Press                           Fax:  (617) 258-6779
Five Cambridge Center               E-mail:  wolfskil@mit.edu
Cambridge, MA  02142-1493           http://mitpress.mit.edu

------------------------------

Date: Wed, 1 Apr 1998 17:26:43 -0800
From: Barbara Simons <simons@ACM.ORG>
Subject: Policy98

        ASSOCIATION FOR COMPUTING MACHINERY
            * * *  POLICY '98 CONFERENCE  * * *
               http://www.acm.org/policy98/

         "Shaping Policy in the Information Age"
            Washington, DC, Renaissance Hotel
                    May 10-12, 1998

Register now for the one computing policy conference you don't
want to miss...featuring:

  - Senator Orrin Hatch (invited): Future of Intellectual Property
  - Special Advisor to the President Ira Magaziner: White House Report
  - Representative Vern Ehlers: Reformulating US Science Policy
  - Representative Constance Morella: The Role of the Federal Government
      in Computing
  - Robert E. Kahn, President, CNRI: Technology Keynote
  - Assistant Director Juris Hartmanis: The Role of the National Science
      Foundation in Computing Policy
  - Assistant Secretary of Commerce for Communications and Information
      Larry Irving: Universal Service
  - Debate: Esther Dyson and Gary Chapman
  - ACM Presidential Award for founding NetDay: John Gage, Sun
      Microsystems
  - Making Science Policy: Roundtable with NPR Correspondent Dan Charles

The ACM Policy '98 Conference will focus on public policy issues
affecting future applications of computing.  Our goal is to
forge stronger links between computing professionals and policy
makers.  Attendees will interact with prominent leaders from
academia, industry, Congress, and Executive agencies, and
participate in debates on policy issues including:

  - Universal Access         - Electronic Commerce
  - Intellectual Property    - Education Online

All Policy '98 attendees are invited to the Annual ACM Awards
Banquet on Sunday evening May 10th, and a conference reception
on Monday evening May 11th at the new headquarters of the
American Association for the Advancement of Science.

Register online at

http://www.acm.org/policy98/

or write to policy98@acm.org.  Early registrants and
ACM members receive discounts.  A limited number of
low-priced student registrations are available.

  Conference Chairs - Ben Shneiderman, Dianne Martin
  Program Chairs - Marc Rotenberg, Keith Miller
  Panel Moderators - Jim Horning, Pamela Samuelson,
    Charles Brownstein, Oliver Smoot
  ACM President - Chuck House
  USACM Chair - Barbara Simons

------------------------------

End of PRIVACY Forum Digest 07.07
************************


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH