The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Sunday, 19 April 1998 Volume 07 : Issue 07 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS GTE publishes unlisted California phone numbers and addresses (Lauren Weinstein; PRIVACY Forum Moderator) GSM cellular phone encryption cracked (Lauren Weinstein; PRIVACY Forum Moderator) Warrants on the web (Phil Agre) Privacy of Medical Information (Lewis Lorton) Fax machine cartridges and privacy (Paul E. Baclace) Canada Sets the Stage for Encryption Action (Ama-gi) Judge Sets Highest Legal Hurdle For Using Blocking Software in Libraries (Monty Solomon) Book announcement--"Technology and Privacy: The New Landscape" (Jud Wolfskill) Policy98 (Barbara Simons) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 07, ISSUE 07 Quote for the day: "Of course I have enemies--I'm in show business!" -- Alexander King (Fred Clark) "The Curse of the Mummy's Tomb" (Hammer Films; 1964) ---------------------------------------------------------------------- Date: Sun, 19 Apr 98 11:27 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: GTE publishes unlisted California phone numbers and addresses Greetings. In an error likely to be amongst the more memorable in recent California telecommunications history, GTE mistakenly published the unlisted phone numbers (and apparently also addresses) of about 50,000 California phone subscribers (presumably GTE subscribers). These were not published in the "regular" telephone books, but rather in the special books such as the "street address" versions leased to telemarketers and other commercial operations. One report is that the problem was actually discovered in early March, and that GTE had been quietly working to retrieve the books--they claim that by Monday, April 20 about 90% of the nearly 9000 faulty books would be recovered. Of course, once such information is released, there's no way to ever get it all back. Even in the absence of machine-readable distribution of the information, it seems obvious that at least some of the books will not be successfully retrieved, and there's no telling how much copying of "interesting" portions might have occurred. As far as I've been able to determine at this time, GTE apparently did not make any attempts to notify customers whose number and/or address had been mistakenly released. The California PUC has expressed serious concern about this lapse, and has the power to impose massive fines (so massive, in fact, that it is very unlikely that the full force of such action would be imposed). Outside of the fact that customers pay a monthly fee for their unlisted numbers, many have such status for reasons relating to their personal safety--including estranged spouses, celebrities, and many others. GTE is California's second largest telco (after Pacific Bell). Most or all of the released numbers apparently relate to GTE service areas in Southern California. GTE territory in the L.A. area includes upscale communities such as Bel Air, Santa Monica, Pacific Palisades, Malibu, and other areas where unlisted numbers make up a very high percentage of overall residential lines. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Sun, 19 Apr 98 11:37 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: GSM cellular phone encryption cracked Greetings. It has been reported that computer researchers at the University of California Berkeley have cracked part of the codes used to protect the GSM cellular phone standard from cloning (and by extension, over-air voice interception as well). GSM is widely used in Europe, and is one of the several systems used for cellular digital phones in the U.S. (in California, it is the system used by Pacific Bell's PCS phone network). While the particular attack described apparently does not immediately lend itself to realtime manipulation or interception of actual phones, it has led some researchers to question the apparent weakness of the underlying cryptographic system. Some have suggested that the weakness was mandated to permit easier interception by authorities. Whether or not this is true is an open question. However, it's worth noting that in general it is much simpler and more common for legal wiretaps of cellular callers to be placed at the telephone central office level, where no encryption is present and where the caller can be easily tracked as they move from cell to cell during the course of their calls. So the relative weakness or strength of the underlying phone encryption system may not be as important, from that respect anyway, as might initially be supposed. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Sun, 5 Apr 1998 14:24:48 -0700 (PDT) From: Phil Agre Subject: warrants on the web The public servants of the County of San Diego have made their database of outstanding arrest warrants available on the Web: http://www.co.san-diego.ca.us/cnty/cntydepts/safety/marshal/warrantdata.html (Thanks to Bruce Jones for pointing this out.) To their (partial) credit, they include a prominent "caution": The information contained in the attached files may not be current and should not be relied upon for arrest or any other purpose. Any Warrants reflected in these files may have been previously cleared by arrest or appearance in court. Civil or criminal liability may attach to improper use of this information. You've probably heard enough stories about errors in such files. At least it's necessary to type in the person's name and sort through a page of search results. The real action will begin when these myriad databases begin to employ a common identifier that anyone can use to cross-check them all automatically. Phil Agre ------------------------------ Date: Mon, 30 Mar 1998 09:10:36 -0500 From: Lewis Lorton Subject: Privacy of Medical Information Privacy of medical information is an incredibly complex subject which is not easily discussed in the serial presentations of a newsgroup. Successful solutions to the problems have eluded the best efforts of hospital information people, civil libertarians and technologists. From some background and involvement my opinions are that: simple slogans never adequately describe the problem, sloganeering may attract attention but will not attract solutions, technology alone is not the answer, and the information revolution has abolished some degrees of privacy. -- Lewis Lorton, Executive Director HOST (Healthcare Open Systems & Trials) tel 410-715-1181 fax 410-992-7060 www.hostnet.org 444 North Capitol, NW, Suite 200 Washington, DC 20001 [ I certainly agree that it is a complex area, unlikely to be positively affected by simple "solutions." On the other hand, I submit that the "information revolution" only abolishes "degrees of privacy" to the extent that we permit it to do so. Information technology does not operate autonomously--it's people who create it, operate it, and form the policies that guide and control its use. Blaming "the machine" is not a valid excuse. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Tue, 14 Apr 1998 12:35:29 -0700 From: "Paul E. Baclace" Subject: Fax machine cartridges and privacy When replacing the large cartridge in my "plain paper" fax machine I discovered that it records everything for posterity on an easy-to-read scroll of carbon paper. It's like a typewriter ribbon, but it also keeps all white space and formatting too. I can read everything sent, received and copied using the old cartridge. Since the machine was previously owned, the cartridge even has a record from the previous owner. After that (not too) surprising discovery, I have the problem of disposal. How do I destroy the old fax cartridge? Burning in a backyard (or even municipal) incinerator is not proper and trying to feed the scroll into a paper shredder is very messy. I have searched the web and found nothing on this. Paul E. Baclace ------> peb@baclace.net Baclace.Net, Inc. http://www.baclace.net [ Some older plain paper faxes (such as yours which you informed me separately dated from 1994) did use this technology and did indeed leave a perfect copy on the carbon roll. (Anyone else remember the old "Columbo" episode where he traps the murderer via a typewriter carbon ribbon? Columbo was fascinated by the typeball...) In any case, most current generation plain paper faxes use conventional laserprinter (toner-based) technologies, and so do not create a carbon copy. -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Fri, 17 Apr 1998 00:58:29 -0700 From: "Ama-gi" Subject: Canada Sets the Stage for Encryption Action April 16, 1998 From Mark D. Hughes Institute for the Study of Privacy Issues (ISPI) ISPI4Privacy@ama-gi.com The following was posted in: GLIC Alert (the Global Internet Liberty Campaign Newsletter) Volume 2, Issue 5 April 13, 1998 http://www.glic.org [B4.4] Canada Sets the Stage for Encryption Action On March 31, 1998, leaders of Canada's cryptography industry and privacy advocates met in Ottawa to discuss and suggest an encryption plan for Canada. Wired News reported that "the consensus among the group was that Canada should continue its current stance of not implementing any domestic crypto controls, and liberalize its existing export policies." The article quotes David Jones, president of Electronic Frontier Canada (EFC is a GILC founding member): "We are firmly opposed to any policy or legislation that would prohibit the export of encryption of encryption products, either stored or transmitted." In February, the Canadian government invited public comment when it issued "A Cryptography Policy Framework for Electronic Commerce," where it depicts several different cryptography possibilities. According to Mark Hughes, executive director of the Victoria-based Institute for the Study of Privacy Issues (ISPI): "its call for public comment is, in my view, a cruel joke because the paper was only just issued (February 21, 1998) and all public comment must be made by April 21, 1998. As few Canadians comprehend what encryption is and how it affects them, two months is simply not enough time for Canadians to sufficiently educate themselves in order to make informed comments on the future of their electronic privacy." Read Wired story: http://www.wired.com/news/news/politics/story/1 Canada's "Framework" proposal: http://strategis.ic.gc.ca/SSG/cy00005e.html Electronic Frontier Canada: http://insight.mcmaster.ca/org/efc Institute for the Study of Privacy Issues (ISPI): ISPI4Privacy@ama-gi.com ------------------------------ Date: Sat, 11 Apr 1998 02:30:02 -0400 From: Monty Solomon Subject: Judge Sets Highest Legal Hurdle For Using Blocking Software in Libraries Excerpt from ACLU News 04-07-98 ------------------------------------ Judge Sets Highest Legal Hurdle For Using Blocking Software in Libraries FOR IMMEDIATE RELEASE Tuesday, April 7, 1998 ALEXANDRIA, VA -- In the first major ruling on the use of Internet blocking software in libraries, a federal district judge today forcefully rejected a government motion to dismiss a lawsuit challenging the use of such software in public libraries in Loudoun County, Virginia. The American Civil Liberties Union and the ACLU of Virginia, which represent a diverse group of eight Internet speakers seeking to reach library patrons, hailed the ruling as one of the strongest ever defenses of online free speech. "We are thrilled that the judge in this case, a former librarian, recognized the Internet as the ultimate library resource," said Ann Beeson, an ACLU staff attorney who appeared before the court. "Every member of every library board considering an Internet-blocking policy ought to read the judge's ruling," said Kent Willis, Executive Director of the ACLU of Virginia. "It will remind them of why we have libraries and why an unfettered Internet serves the fundamental purpose of libraries better than any invention since the printing press." In a 36-page decision issued earlier today, Judge Leonie M. Brinkema of the U.S. District Court for the Eastern District of Virginia said that the government had "misconstrued the nature of the Internet" and held that "the Library Board may not adopt and enforce content-based restrictions on access to protected Internet speech." Calling public libraries places of "freewheeling and independent inquiry," Judge Brinkema quoted extensively from Reno v. ACLU, the landmark Supreme Court decision on Internet free speech, noting that the Court "analogized the Internet to a 'vast library including millions of readily available and indexed publications,' the content of which 'is as diverse as human thought.'" The court today also rejected the notion that the use of blocking software can be considered analogous to a librarian selecting certain materials, noting that Internet publications "exist only in 'cyberspace,'" and do not "take up shelf space or require physical maintenance of any kind." Nor do such publications cost money, the judge said, noting that in fact, "it costs a library more to restrict the content of its collection by means of blocking software than it does for the library to offer unrestricted access to all Internet publications." Beeson said that although the case will still go forward, the unequivocal language of the ruling gave the government a very high burden to meet in its defense of the blocking policy. "Blocking software is nothing more than CDA in a box," Beeson said. "With today's ruling, the court correctly applied the same level of First Amendment scrutiny that the Supreme Court used in rejecting the CDA." Beeson also said that the ruling should serve as a strong deterrent to recent efforts in Congress to mandate the use of blocking software in public schools and libraries. In a unanimous voice vote last month, the Senate Commerce Committee passed the Internet School Filtering Act, a bill that requires all public libraries and schools that receive federal funds for Internet access to use blocking software. Urging against the policy, the ACLU said in a letter to the Committee that "the government may not condition federal funding on unconstitutional requirements," emphasizing that "parents and teachers, not the government, should provide minors with guidance about accessing the Internet." In the Loudoun case, the national ACLU and the ACLU of Virginia intervened in the lawsuit on behalf of a diverse group of speakers outside of the county -- and even outside the United States -- who want to reach their intended worldwide audience, including library patrons in Loudoun County. The ACLU's plaintiffs are: -- The Safer Sex Page, created by John Troyer. -- Banned Books Online, created by John Ockerbloom. -- American Association of University Women Maryland (AAUW Maryland). -- Rob Morse, an award-winning columnist for the San Francisco Examiner. -- Books for Gay and Lesbian Teens Youth Page, created by 18-year-old Jeremy Myers. -- Sergio Arau, the popular Mexican artist and rock singer known as "El Padrino." -- Renaissance Transgender Association, a group serving the transgendered community. -- The Ethical Spectacle, created by Jonathan Wallace. In its complaint, the ACLU said that the library's Internet policy purports to block access to materials that are "pornographic" or "harmful to juveniles." But the ACLU's complaint charges that by using blocking software to implement the policy, the library board is in fact "removing books from the shelves" of the Internet with value to both adults and minors in violation of the Constitution. In objecting to the block on their clients' speech, the ACLU's complaint noted that websites offering opposing views are not blocked. "For example, Defendants do not block sites opposing homosexuality and transgender behavior, opposing employment by women outside the home, favoring Internet censorship, and promoting abstinence rather than safer sex practices." Representing the ACLU's clients are national ACLU lawyers Ann Beeson, Chris Hansen and Marjorie Heins, and Mary Bauer, Legal Director of the ACLU of Virginia. Complete information on the intervention, including the ACLU's complaint, links to plaintiffs' web pages, and related cyber-law cases, can be found on the ACLU Freedom Network at http://www.aclu.org/issues/cyber/hmcl.html. ------------------------------ Date: Wed, 1 Apr 1998 16:57:06 -0400 From: wolfskil@MIT.EDU (Jud Wolfskill) Subject: Book announcement--"Technology and Privacy: The New Landscape" The following is a book which readers of this list might find of interest. For more information please visit http://mitpress.mit.edu/promotions/books/AGRTHF97 Technology and Privacy: The New Landscape edited by Philip E. Agre and Marc Rotenberg Privacy is the capacity to negotiate social relationships by controlling access to information about oneself. As laws, policies, and technological developments increasingly structure our relationships with social institutions, privacy faces new threats and new opportunities. Recent changes in the realm of technology and privacy have created a landscape that is both dangerous and encouraging. Among the most significant of these changes are large increases in communications bandwidths, widespread adoption of computer networking and public-key cryptography, mathematical innovations that promise a vast family of protocols for protecting identity in complex transactions, new digital media that support a wide range of social relationships, the emergence of a new generation of technologically sophisticated privacy activists, the accumulation of practical experience in the development and application of data-protection laws, and the rapid globalization of manufacturing, culture, and policy making. The essays in this book provide a new conceptual framework for analyzing and debating privacy policy and for designing and developing information systems. The authors are international experts in the technical, economic, and political aspects of privacy; the book's strength is its synthesis of these three aspects. The book provides equally strong analyses of privacy issues in the United States, Canada, and Europe. Philip E. Agre is Assistant Professor in the Department of Communication at the University of California, San Diego. Marc Rotenberg is Director of the Electronic Privacy Information Center in Washington and Adjunct Professor at the Georgetown University Law Center. October 30, 1997 6 x 9, 336 pp., 13 illus. ISBN 0-262-01162-X Jud Wolfskill Publicity Assistant Phone: (617) 258-0603 MIT Press Fax: (617) 258-6779 Five Cambridge Center E-mail: wolfskil@mit.edu Cambridge, MA 02142-1493 http://mitpress.mit.edu ------------------------------ Date: Wed, 1 Apr 1998 17:26:43 -0800 From: Barbara Simons Subject: Policy98 ASSOCIATION FOR COMPUTING MACHINERY * * * POLICY '98 CONFERENCE * * * http://www.acm.org/policy98/ "Shaping Policy in the Information Age" Washington, DC, Renaissance Hotel May 10-12, 1998 Register now for the one computing policy conference you don't want to miss...featuring: - Senator Orrin Hatch (invited): Future of Intellectual Property - Special Advisor to the President Ira Magaziner: White House Report - Representative Vern Ehlers: Reformulating US Science Policy - Representative Constance Morella: The Role of the Federal Government in Computing - Robert E. Kahn, President, CNRI: Technology Keynote - Assistant Director Juris Hartmanis: The Role of the National Science Foundation in Computing Policy - Assistant Secretary of Commerce for Communications and Information Larry Irving: Universal Service - Debate: Esther Dyson and Gary Chapman - ACM Presidential Award for founding NetDay: John Gage, Sun Microsystems - Making Science Policy: Roundtable with NPR Correspondent Dan Charles The ACM Policy '98 Conference will focus on public policy issues affecting future applications of computing. Our goal is to forge stronger links between computing professionals and policy makers. Attendees will interact with prominent leaders from academia, industry, Congress, and Executive agencies, and participate in debates on policy issues including: - Universal Access - Electronic Commerce - Intellectual Property - Education Online All Policy '98 attendees are invited to the Annual ACM Awards Banquet on Sunday evening May 10th, and a conference reception on Monday evening May 11th at the new headquarters of the American Association for the Advancement of Science. Register online at http://www.acm.org/policy98/ or write to policy98@acm.org. Early registrants and ACM members receive discounts. A limited number of low-priced student registrations are available. Conference Chairs - Ben Shneiderman, Dianne Martin Program Chairs - Marc Rotenberg, Keith Miller Panel Moderators - Jim Horning, Pamela Samuelson, Charles Brownstein, Oliver Smoot ACM President - Chuck House USACM Chair - Barbara Simons ------------------------------ End of PRIVACY Forum Digest 07.07 ************************