PRIVACY Forum Digest Sunday, 26 September 1993 Volume 02 : Issue 31

PRIVACY Forum Digest Sunday, 26 September 1993 Volume 02 : Issue 31

Moderated by Lauren Weinstein ([email protected])
Vortex Technology, Woodland Hills, CA, U.S.A.

===== PRIVACY FORUM =====

The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.

CONTENTS
Re: consciousness and the DMV (Darren Senn)
DES is a dead dog... (Alan Wexelblat)
CPSR Alert 2.01 (Dave Banisar) [Extracts by MODERATOR]
Recent Journal Articles on Computers and Privacy? (Bruce Jones)
Wiretap Article (Dorothy Denning)

*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "[email protected]" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"[email protected]". Mailing list problems should be reported to
"[email protected]". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to [email protected], call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 02, ISSUE 31

Quote for the day:

"Uh, just one more thing..."

-- Variations on this line were spoken
by Columbo (Peter Falk) in virtually
every episode of "Columbo" (1971-1978, 1989-1990).

----------------------------------------------------------------------

Date: Mon, 30 Aug 1993 08:32:38 -0800 (PDT)
From: [email protected] (Darren Senn)
Subject: Re: consciousness and the DMV

Thus spake Mel Beckman:
> [...] While there may be isolated
> cases of abuse, as there are with most every law, the problem is not the law
> but individuals who overstep their authority.

I disagree. The problem definately _is_ with the law. To be specific,
paragraphs (a) and (f) are the problem:

> From: Henry Unger <[email protected]>
[...]
> (a) [...] However, if a
> physician and surgeon reasonably and in good faith believes that
> the reporting of a patient will serve the public interest, he or
> she may report a patient's condition even if it may not be
> required under the state department's definition of disorders
> characterized by lapses of consciousness pursuant to subdivision
> (d).
[...]
> (f) A physician and surgeon who reports a patient diagnosed
> as a case of a disorder characterized by lapses of consciousness
> pursuant to this section shall not be civilly or criminally
> liable to any patient for making any report required or
> authorized by this section. (Amended by Stats 1987 ch 321 S1;
^^^^^^^^^^
> Stats 1990 ch 911 S2, eff. 1/1/91.)

These two prevent any recourse on the part of the patient for dealing with
these overenthusiastic medical staffs.

--
Darren Senn Phone: (408) 988-2640 Snail: 620 Park View Drive #206
[email protected] Santa Clara, CA 95054

------------------------------

Date: Wed, 8 Sep 93 13:13:12 -0400
From: "Alan (Gesture Man) Wexelblat" <[email protected]>
Subject: DES is a dead dog...

> From: Philip Zimmermann <[email protected]>
> Subject: Re: DES Key Search Paper (fwd)
>
> Michael Weiner presented a paper at Crypto93 that describes a fast DES key
> search engine that uses a special inside-out DES chip that he designed.
> This chip takes a single plaintext/ciphertext pair and quickly tries DES
> keys until it finds one that produces the given ciphertext from the given
> plaintext. Weiner can get these chips made for $10.50 each in quantity, and
> can build a special machine with 57000 of these chips for $1 million. This
> machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours
> on the average. He works for Bell Northern Research in Ottawa, and says
> they have not actually built this machine, but he has the chip fully
> designed and ready for fabrication.
>
> This is a stunning breakthrough in the realization of practical DES
> cracking. BTW-- note that PEM uses straight 56-bit DES.
>
> -prz

------------------------------

Date: Mon, 13 Sep 1993 12:55:03 EST
From: Dave Banisar <[email protected]>
Subject: CPSR Alert 2.01 [Extracts by MODERATOR]

[ I have extracted items of interest to this forum from
the complete CPSR Alert text. Readers wishing to
obtain the entire publication should contact
CPSR directly. -- MODERATOR ]

CPSR Alert 2.01
=============================================================

@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @ @
@ @@@ @ @@@ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @

=============================================================
Volume 2.01 September 10, 1993
-------------------------------------------------------------

Published by the
Computer Professionals for Social Responsibility
Washington Office

Editor: Dave Banisar

--------

CPSR Washington Office Staff:
Director: Marc Rotenberg ([email protected])
Legal Counsel: David Sobel ([email protected])
Policy Analyst: Dave Banisar ([email protected])
-------------------------------------------------------------

...

[3] National Performance Review Highlights.

The NPR, a massive study on streamlining government headed by Vice
President Albert Gore, has endorsed the creation of a Privacy
Protection Board and the development of uniform privacy protection
practices. It has also recommended the development of a Digital
Signature Standard by January 1994.

Other information technology recommendations include implementing
nationwide, integrated electronics benefits transfer, developing
integrated electronic access to government (including information
kiosks and a government wide electronic bulletin board system), the
development of a national law enforcement/public safety network,
government wide electronic mail and indexes for environmental and
trade data. It also calls for the establishment of a government
information infrastructure.

A spokesman in the Vice President's office told the Alert that the
specifics of the recommendations would be released within a few
weeks. Government sources have indicated that many of the
information technology recommendations originated at the National
Institute of Standards and Technology. An electronic copy of the NPR
is available from the CPSR Internet Library. See below (#8) for
details.

-------------------------------------------------------------

[4] Gov't Panel Questions Clipper Chip Proposal

After two days of sometimes tumultuous hearings, a government
advisory board chartered to advise the administration and Congress
on computer security and privacy issued two resolutions questioning
many of the aspects of the Clinton Administration's controversial
new encryption scheme, the Clipper Chip. The National Institute of
Standards and Technology's Computer System Security and Privacy
Advisory Board (CSSPAB) expressed continued concern over many
aspects of the proposal including the lack of a convincing statement
expressing the problems that the Clipper is supposed to solve, the
need to look for possible alternatives to the proposal, the legal,
economic, export controls issues, and software implementation of the
proposal. In addition, the board also expressed concern that the
Clipper proposal could negatively impact the availability of
cost-effective security products to the US government and industry
and that it may not be marketable or usable worldwide.

In a second resolution, the board unanimously called for a public
debate of the proposal and recommended that Congress take an active
role in determining US cryptography policy. It also recommended that
any new policy must address the interests of law enforcement and
intelligence, US industry and citizens' privacy and security in the
US and worldwide.

At the hearings, Geoff Greiveldinger from the Department of Justice
reported that the key escrow agents will be announced within a few
weeks after a briefing for members of Congress. Sources inside the
administration indicate that the administration may have decided to
eliminate from consideration outside organizations holding the keys
and is leaning towards the Department of the Treasury as one of the
key holders. In addition, NIST Deputy Director Ray Kammer announced
that the Data Encryption Standard (DES) will be recertified for
government, non-classified use for another five years. The paperwork
has been sent to Secretary of Commerce Ron Brown, who is expected to
sign it within two weeks.

The Clipper proposal was introduced April 16, 1993 and has been
strongly opposed by both civil liberties groups and industry. The
proposal calls for use of a secret encryption chip designed by the
National Security Agency for non-classified voice and data
transmission. The keys for the chip would be split and held in
escrow by two government agencies. NIST has submitted the Clipper
proposal for public comment. The FIPS was published in the Federal
Register at Volume 58, page 40791 (July 30, 1993) and is also
available in electronic form from the CPSR Internet Library
FTP/WAIS/Gopher cpsr.org /cpsr/crypto/clipper/call-for-comments.
Comments are due to NIST by September 28, 1993 to the Director,
Computer Systems Laboratory, ATTN: Proposed FIPS for Escrowed
Encryption Standard, Technology Building, room B-154, National
Institute of Standards and Technology, Gaithersburg, MD 20899. Other
background material on the Clipper proposal and other cryptography
issues is also available from the CPSR Internet Library.

CPSR has created an archive of comments on the proposal and has
asked people to electronically submit a copy of their comments to
[email protected].

A 450 page source book of materials on crypto policy is available
from CPSR for $50.00. Contact [email protected] for more
information.

-------------------------------------------------------------

[5] Public Interest NII Coalition Meets in DC

The third meeting of the Telecommunications Policy Roundtable took
place on September 7 at the Carnegie Endowment for International
Peace in Washington, DC. Representatives from more than 60 public
interest organizations gathered to discuss the development of a
public interest agenda for the NII. CPSR President Eric Roberts,
Board member Todd Newman, and Seattle Chapter stalwart Doug Schuler
flew in from the West Coast to attend the meeting.

Larry Irving, Assistant Secretary of Commerce and head of the
National Telecommunication Information Administration spoke to the
group about the administration's plans for the National Information
Infrastructure. Mr. Irving said that he believed that universal
service will be one of the critical goals. He also said that the
administration seeks to development a competitive marketplace for
information services and to establish necessary consumer safeguards.

The TPR proposed a set of public interest policy principles and
prepared a document titled "Renewing the Commitment to Public
Interest Communications Policy. " The policies covered freedom of
communication, vital civic sector, universal access, competitive
markets, privacy protection, equitable workplace, and democratic
decision-making. (A copy of the draft document is available from
the CPSR archive).

A formal press conference is scheduled for Thursday, October 7 at
the National Press Club. The next meeting of the TPR will be
Tuesday, October 5. For more information, contact Jeff Chester,
Center for Media Education ([email protected])

-------------------------------------------------------------

[6] California Passes Landmark Information Access Bill

The California Assembly on September 8 voted 78 to 0 for a bill to
make California legislative information available though the
Internet. The bill (AB1624) was previously approved by the state
Senate and now goes to Governor Pete Wilson, who has 12 days to
veto it before it becomes law.

The bill requires electronic distribution of the legislative agenda
and requires the " Legislative Council...to make available to the
public, by means of access by way of the largest non-propriety,
non-profit cooperative public computer network, specified
information concerning bills, [and] the proceedings of the houses."
It goes into effect January 1, 1994.

The grassroots battle to pass this bill was led by Micro Times
columnist and CPSR member Jim Warren. Using electronic networks, he
organized a massive national fax , telephone and letter writing
campaign to support the bill. It was opposed by LOGI-TECH, an
information provider that sells legislative data.

-------------------------------------------------------------

[7] Wisconsin Looking for Privacy Advocate

From: [email protected] (Jo Ann Oravec)

Privacy Advocate... Madison, Wisconsin

The State of Wisconsin is seeking a person responsible for support
and advocacy in development and implementation of state and local
government policies that protect personal privacy. This position
reports to the Privacy Council. Background in business and
government application of information technology. Salary $33,000
per year plus excellent benefits. Applicants should submit a
detailed resume and a statement outlining their perspectives and
approaches to privacy concerns to Mary Becker (608-266-0058, FAX
608-264-9500), Department of Administration, 9th Floor, 101 E.
Wilson, P.O. Box 7869, Madison, WI 53707-7869. Materials must be
received before 4:30 PM on September 27, 1993.

-------------------------------------------------------------

[8] The CPSR Internet Library

CPSR has set up an archive of materials on privacy, cryptography,
information access, the National Information Infrastructure and
other related issues. Recent additions to the archive include the
entire National Performance Review report, and the full text of the
Freedom of Information Act and the Federal Privacy Act of 1974.

NPR /cpsr/clinton/npr
FOIA /cpsr/foia/foia.txt
Privacy Act of 1974 /cpsr/privacy_law/privacy_act_1974.txt

The archive also archives materials from Privacy International,
the US Privacy Council, the Taxpayers Assets Project and the
Cypherpunks cryptography group. To access the archive,
FTP/WAIS/Gopher cpsr.org.

-------------------------------------------------------------

[9] Upcoming Events

International Privacy Roundtable, sponsored by Privacy International
and the University of Manchester Law School- Manchester, England.
September 29, 1993. Contact: simon davies
([email protected]).

National Computer Security Conference, sponsored by NIST and NSA.
Baltimore Convention Center, Baltimore, MD. September 20-23, 1993
Contact NIST 301-975-2762.

CPSR Annual Meeting,Seattle, WA. October 16-17, Contact: Aki
Namioka ([email protected])

Computers Freedom and Privacy 4. Chicago, Ill. March 1993. Contact:
George Trubow, 312-987-1445 ([email protected])

==============================================================

To subscribe to the alert, send a message to [email protected]
"subscribe cpsr <your name>" (without quotes or brackets) to
[email protected]. Back issues of the Alert are available at
the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to
understanding and directing the impact of computers on society.
Founded in 1981, CPSR has 2000 members from all over the world and
22 chapters across the country. Our National Advisory Board includes
a Nobel laureate and three winners of the Turing Award, the highest
honor in computer science. Membership is open to everyone.

For more information, please contact: [email protected]

...

------------------------------

Date: Tue, 14 Sep 1993 11:18:06 -0700
From: [email protected] (Bruce Jones)
Subject: Recent Journal Articles on Computers and Privacy?

I am tentatively scheduled to teach a course on computers and
networks for the Department of Communication at UCSD. The course
will be organized around the Internet and current cultural, social,
economic, and political debates: privacy, commercialization and
privatization, anonymity/identity, computer networks and the
changing nature of work, electronic publishing and copyright, etc.

I am looking here for references to recent journal articles covering
current privacy and computer network concerns that I might use in a
course reader for this upper-division course.

Thank you,

Bruce Jones Communication Department
[email protected]/bitnet University of California, San Diego
(619) 534-0417/4410 9500 Gilman Drive
FAX (619) 534-7315 La Jolla, Ca. 92093-0503

------------------------------

Date: Fri, 24 Sep 1993 16:49:45 -0400 (EDT)
From: [email protected] (Dorothy Denning)
Subject: Wiretap Article

The following article on wiretap laws and procedures was written in
response to the many questions and misunderstandings that have arisen
about wiretaps in the context of escrowed encryption as well as Digital
Telephony. This article may be distributed.

Dorothy Denning
[email protected]

[ I have included the introductory portion of the paper below.
The entire text (~33K bytes) has been placed into the
PRIVACY Forum archives. To access:

Via Anon FTP: From site "ftp.vortex.com": /privacy/wiretap-laws.Z
or: /privacy/wiretap-laws

Via e-mail: Send mail to "[email protected]" with
the line:

get privacy wiretap-laws

as the first text in the BODY of your message.

Via gopher: From the gopher server on site "gopher.vortex.com"
in the "*** PRIVACY Forum ***" area under "wiretap-laws".

-- MODERATOR ]

-----------------------------------------

WIRETAP LAWS AND PROCEDURES
WHAT HAPPENS WHEN THE U.S. GOVERNMENT TAPS A LINE

Donald P. Delaney, Senior Investigator
New York State Police

Dorothy E. Denning, Professor and Chair
Computer Science Department, Georgetown University

John Kaye, County Prosecutor
Monmouth County, New Jersey

Alan R. McDonald, Special Assistant to the Assistant Director
Technical Services Division, Federal Bureau of Investigation

September 23, 1993

1. Introduction

Although wiretaps are generally illegal in the United States, the
federal government and the governments of thirty seven states have been
authorized through federal and state legislation to intercept wire and
electronic communications under certain stringent rules which include
obtaining a court order. These rules have been designed to ensure the
protection of individual privacy and Fourth Amendment rights, while
permitting the use of wiretaps for investigations of serious criminal
activity and for foreign intelligence.

This article describes the legal requirements for government
interceptions of wire and electronic communications and some of the
additional procedures and practices followed by federal and state
agencies. The legal requirements are rooted in two pieces of federal
legislation: the Omnibus Crime Control and Safe Streets Act (Title III
of the Act (hereafter "Title III")), passed in 1968, and the Foreign
Intelligence Surveillance Act (FISA), passed in 1978. Title III
established the basic law for federal and state law enforcement
interceptions performed for the purpose of criminal investigations,
while FISA established the law for federal-level interceptions
performed for intelligence and counterintelligence operations. We will
first describe Title III interceptions and then describe FISA
interceptions.

------------------------------

End of PRIVACY Forum Digest 02.31
************************