Computer Privacy Digest Tue, 18 May 93

 Date:       Tue, 18 May 93 16:34:21 EST

Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>

From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>

To:         Comp-privacy@PICA.ARMY.MIL

Subject:    Computer Privacy Digest V2#043


Computer Privacy Digest Tue, 18 May 93              Volume 2 : Issue: 043


Today's Topics: Moderator: Dennis G. Rears


                Re: [Newsbytes Editorial] Caller Line ID

                                DMV rcds

                      Re: Credit Card without SSN

               Re: privacy vs banks (was: Re: I won one!)

        NIST Privacy Conf. - Clipper Chip and Public Key Crypto


   The Computer Privacy Digest is a forum for discussion on the

  effect of technology on privacy.  The digest is moderated and

  gatewayed into the USENET newsgroup comp.society.privacy

  (Moderated).  Submissions should be sent to

  comp-privacy@pica.army.mil and administrative requests to

  comp-privacy-request@pica.army.mil.

   Back issues are available via anonymous ftp on ftp.pica.army.mil

  [129.139.160.133].

----------------------------------------------------------------------


Date: Sat, 15 May 93 22:52 PDT

From: John Higdon <john@zygot.ati.com>

Organization: Green Hills and Cows

Subject: Re: [Newsbytes Editorial] Caller Line ID


Carl M Kadie <kadie@cs.uiuc.edu> quotes Robert Jacobson:


> What killed Caller ID, ultimately, wasn't the restrictions imposed

> by state regulators but business's lack of interest. Caller ID relied

> upon a high "take" by telemarketers, direct marketers, and other

> commercial institutions who wanted access to telephone numbers. They

> already get enough information from 800 and 900 numbers, since those

> calls are self-screened by customers who want to conduct some sort of

> business transaction. Caller ID promised a deluge of information that

> only the very biggest organizations could sift through and employ.

> And the bad press surrounding Caller ID discouraged those institutions

> from getting in too deep.


This is the most ignorant nonsense that I have ever heard from someone

parading around a Ph.D and proporting to know how to even dial a phone.

Big business has its own "Caller ID". It has had it for years. It could

not care less about the CLASS offering which is limited to SS7-equipped

offices and is frequently subject to blocking. 800 and 900 ANI is not

blockable, is virtually universal, works everywhere (including

California), and does not depend upon SS7 connectivity. It is

essentially perfect.


Also, Jacobson talks as though California is the be-all and end-all of

everything. His references to the "death" of Caller ID ring somewhat

hollow in light of the fact that the service is offered in more than

two-thirds of the United States. It is not going away. It offers to

Everyman what the big boys have enjoyed for many years; and Everyman

will eventually demand it and get it.


Yes, this is a personal issue with me. We patiently waited for Caller

ID to be approved in California so that we could offer a specialized

service that performs the automatic establishment of open accounts. The

transaction requires the recording of the caller's number. When the

decision came down, it required us to install direct trunks to a long

distance carrier, install (and pay for usage on) an 800 number, and use

the ANI instead of the much easier and cheaper Caller ID. Consequently

our service must cost more to recover the costs of the carrier trunks

and the 800 service.


What I see here is an interesting irony. People of Jacobson's ilk who

would deny the common man the ability to see who is calling him are in

reality advocating a class (no pun intended) separation. People in

California who want Caller ID badly enough (and can, like big

corporations, pay for it) have it via 800 and 900 service. Ordinary

individuals cannot have it. It is a classic case of "haves" vs

"have-nots". So you fellow Californians who order "pay-per-view" with

an 800 number should realize that you are paying for the fact that your

cable company cannot simply use ordinary POTS lines.


> But the demise of Caller ID has a larger, ironic outcome:


Jacobson, get a grip. To paraphrase Mark Twain, reports of the death of

Caller ID have been highly exaggerated.


> Editor's Note: Robert Jacobson, Ph.D., is former principal 

> consultant/staff director of the Assembly Utilities and 

> Commerce Committee, California Legislature, 1982-1989.


If Robert Jacobson, Ph.D is an example of the caliber of people in and

around our state government, it is no wonder California is rapidly

going down the drain. His fact-poor irrelevant emotionalism serves no

one, particularly the citizens of this state who are in desperate need

of new technologies and the tools to remain competitive.


Hopefully what can only be described as "ignorant elitism" will give way

to rational thinking on the part of those in power.


-- 

 John Higdon  |   P. O. Box 7648   |   +1 408 264 4115     |       FAX:

 john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407


------------------------------


Date: Sun, 16 May 93 11:50:51 PDT

From: Jim Warren <jwarren@autodesk.com>

Subject: DMV rcds


Hi,


Just noticed your post in Computer Privacy Digest V2 #040.


> I know that California makes it illegal to have such records.


Absolutely not so.  Any private investigator can get them (but has to keep

records of why they are requesting them, and those records are audited).  Also

any organization with a "legitimate business intereste" (I think that's how

the statute is phrased) can get 'em.  All for a fee, of course -- this is a

significant profit center, uh, "revenue" center for the State DMV.


--jim


------------------------------


From: Penio Penev <penev%rockefeller.edu@PICA.ARMY.MIL>

Subject: Re: Credit Card without SSN

Reply-To: penev@venezia.rockefeller.edu

Organization: Rockefeller University

Date: Sun, 16 May 1993 18:50:48 GMT


On Fri, 14 May 1993 14:08:42 GMT Cristy (cristy@eplrx7.es.dupont.com) wrote:

| I just received my first VISA card without submitting my SSN.  I applied

| to over 10 different offers I got in the mail.  They all turned me down

| because I did not submit my SSN except for one.


I am in the situation of seeking a (secured with a long-term CD)

credit card, without specifying my SSN. I've tried only two times and

my third one is under way, with a greater possibility for not getting

the card. My situation is even worse, because I do not have a credit

history yet. I'm ready to secure my credit card line with a long term

CD, though.


I was determined to try out all banks before I surrender, but this

message is encouraging. Will you direct me to the right bank and/or

procedure? 


--

Penio Penev  x7423 (212)327-7423 (w) Internet: penev@venezia.rockefeller.edu


Disclaimer: All oppinions are mine.


------------------------------


From: "Wm. L. Ranck" <ranck@joesbar.cc.vt.edu>

Subject: Re: privacy vs banks (was: Re: I won one!)

Date: 17 May 1993 14:38:27 GMT

Organization: Virginia Tech, Blacksburg, Virginia


Jonathan Thornburg (jonathan@hermes.chpc.utexas.edu) wrote:


: Indeed, they're required by law to get an SSN any time they pay interest.

: This is so they can report the interest to the IRS, who can in turn

: cross-match this with your tax return to make sure you report that

: interest as income.


I believe that banks are still required to report interest that you pay

them.  In other words the IRS still gets some form telling them how much

interest I paid on my Visa card even though that is no longer deductable.

--

*******************************************************************************

* Bill Ranck             (703) 231-9503                     Bill.Ranck@vt.edu *

* Computing Center, Virginia Polytchnic Inst. & State Univ., Blacksburg, Va.  *

*******************************************************************************


------------------------------


From: "Curtis D. Frye" <cfrye@ciis.mitre.org>

Subject: NIST Privacy Conf. - Clipper Chip and Public Key Crypto

Organization: The MITRE Corporation, McLean, VA

Date: Mon, 17 May 1993 15:59:11 GMT


Folks-


I came across this announcement through email with a colleague and post

it for your information.


NIST will be hosting a public forum on the Clipper Chip and public key

encryption / privacy issues from 2-4 June 1993 in Bethesda, MD.  I

believe all the relevant information is included in the post, but if you

have any questions mail or call NIST as I don't represent them or any

other part of the US government.


 -----Begin included file-----

 

  From: Clipper-Capstone Chip Info <clipper@csrc.ncsl.nist.gov>

  Organization: National Institute of Standards and Technology (NIST)

  Subject: NIST Advisory Board Seeks Comments on Crypto

 

This file will be made available for anonymous ftp from

csrc.ncsl.nist.gov, filename pub/nistgen/cryptmtg.txt and for download

from the NIST Computer Security BBS, 301-948-5717, filename

cryptmtg.txt.

 

Note: The following notice is scheduled to appear in the Federal

Register this week.  The notice announces a meeting of the Computer

System Security and Privacy Advisory Board (established by the

Computer Security Act of 1987) and solicits public and industry

comments on a wide range of cryptographic issues.  Please note that

submissions due by 4:00 p.m. May 27, 1993.

 

 

                            DEPARTMENT OF COMMERCE

                National Institute of Standards and Technology

 

                          Announcing a Meeting of the

              COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD

 

AGENCY:   National Institute of Standards and Technology

 

ACTION:   Notice of Open Meeting

 

SUMMARY: Pursuant to the Federal Advisory Committee Act, 5 U.S.C.

App., notice is hereby given that the Computer System Security and

Privacy Advisory Board will meet Wednesday, June 2, 1993, from 9:00

a.m. to 5:00 p.m., Thursday, June 3, 1993, from 9:00 a.m. to 5:00

p.m., and Friday, June 4, 1993 from 9:00 a.m.  to 1:00 p.m.  The

Advisory Board was established by the Computer Security Act of 1987

(P.L. 100-235) to advise the Secretary of Commerce and the Director of

NIST on security and privacy issues pertaining to Federal computer

systems and report its findings to the Secretary of Commerce, the

Director of the Office of Management and Budget, the Director of the

National Security Agency, and the appropriate committees of the

Congress.  All sessions will be open to the public.

 

DATES: The meeting will be held on June 2-4 1993.  On June 2 and 3,

1993 the meeting will take place from 9:00 a.m. to 5:00 p.m. and on

June 4, 1993 from 9:00 a.m. to 1:00 p.m.

 

Public submissions (as described below) are due by 4:00 p.m.  (EDT)

May 27, 1993 to allow for sufficient time for distribution to and

review by Board members.

 

ADDRESS: The meeting will take place at the National Institute of

Standards and Technology, Gaithersburg, MD.  On June 2, 1993, the

meeting will be held in the Administration Building, "Red Auditorium,"

on June 3 the meeting will be held in the Administration Building,

"Green Auditorium," and on June 4, 1993 in the Administration

Building, Lecture Room "B."

 

Submissions (as described below), including copyright waiver if

required, should be addressed to: Cryptographic Issue Statements,

Computer System Security and Privacy Advisory Board, Technology

Building, Room B-154, National Institute of Standards and Technology,

Gaithersburg, MD, 20899 or via FAX to 301/948-1784.  Submissions,

including copyright waiver if required, may also be sent

electronically to "crypto@csrc.ncsl.nist.gov".

 

AGENDA:

 

- - Welcome and Review of Meeting Agenda

- - Government-developed "Key Escrow" Chip Announcement Review

- - Discussion of Escrowed Cryptographic Key Technologies

- - Review of Submitted Issue Papers

- - Position Presentations & Discussion

- - Public Participation

- - Annual Report and Pending Business

- - Close

 

PUBLIC PARTICIPATION:

 

This Advisory Board meeting will be devoted to the issue of the

Administration's recently announced government-developed "key escrow"

chip cryptographic technology and, more broadly, to public use of

cryptography and government cryptographic policies and regulations.

The Board has been asked by NIST to obtain public comments on this

matter for submission to NIST for the national review that the

Administration's has announced it will conduct of cryptographic-related

issues.  Therefore, the Board is interested in:

 

1) obtaining public views and reactions to the government-developed

"key escrow" chip technology announcement, "key escrow" technology

generally, and government cryptographic policies and regulations;

 

2) hearing selected summaries of written views that have been submitted,

and

 

3) conducting a general discussion of these issues in public.

 

The Board solicits all interested parties to submit well-written,

concise issue papers, position statements, and background materials on

areas such as those listed below.  Industry input is particularly

encouraged in addressing the questions below.

 

Because of the volume of responses expected, submittors are asked to

identify the issues above to which their submission(s) are responsive.

Submittors should be aware that copyrighted documents cannot be

accepted unless a written waiver is included concurrently with the

submission to allow NIST to reproduce the material.  Also, company

proprietary information should not be included, since submissions will

be made publicly available.

 

This meeting specifically will not be a tutorial or briefing on

technical details of the government-developed "key escrow" chip or

escrowed cryptographic key technologies.  Those wishing to address the

Board and/or submit written position statements are requested to be

thoroughly familiar with the topic and to have concise,

well-formulated opinions on its societal ramifications.

 

Issues on which comments are sought include the following:

 

1.    CRYPTOGRAPHIC POLICIES AND SOCIAL/PUBLIC POLICY ISSUES

 

Public and Social policy aspects of the government-developed "key

escrow" chip and, more generally, escrowed key technology and

government cryptographic policies.

 

Issues involved in balancing various interests affected by government

cryptographic policies.

 

2.    LEGAL AND CONSTITUTIONAL ISSUES

 

Consequences of the government-developed "key escrow" chip technology

and, more generally, key escrow technology and government

cryptographic policies.

 

3.    INDIVIDUAL PRIVACY

 

Issues and impacts of cryptographic-related statutes, regulations, and

standards, both national and international, upon individual privacy.

 

Issues related to the privacy impacts of the government-developed "key

escrow" chip and "key escrow" technology generally.

 

4.    QUESTIONS DIRECTED TO AMERICAN INDUSTRY

 

4.A  Industry Questions: U.S. Export Controls

 

4.A.1 Exports - General

 

What has been the impact on industry of past export controls on

products with password and data security features for voice or data?

 

Can such an impact, if any, be quantified in terms of lost export

sales or market share?  If yes, please provide that impact.

 

How many exports involving cryptographic products did you attempt over

the last five years?  How many were denied?  What reason was given for

denial?

 

Can you provide documentation of sales of cryptographic equipment

which were lost to a foreign competitor, due solely to U.S.  Export

Regulations.

 

What are the current market trends for the export sales of information

security devices implemented in hardware solutions?  For software

solutions?

 

4.A.2  Exports - Software

 

If the U.S. software producers of mass market or general purpose

software (word processing, spreadsheets, operating environments,

accounting, graphics, etc.) are prohibited from exporting such

packages with file encryption capabilities, what foreign competitors

in what countries are able and willing to take foreign market share

from U.S. producers by supplying file encryption capabilities?

 

What is the impact on the export market share and dollar sales of the

U.S.  software industry if a relatively inexpensive hardware solution

for voice or data encryption is available such as the

government-developed "key escrow" chip?

 

What has been the impact of U.S. export controls on COMPUTER UTILITIES

software packages such as Norton Utilities and PCTools?

 

What has been the impact of U.S. export controls on exporters of OTHER

SOFTWARE PACKAGES (e.g., word processing) containing file encryption

capabilities?

 

What information does industry have that Data Encryption Standard

(DES) based software programs are widely available abroad in software

applications programs?

 

4.A.3  Exports - Hardware

 

Measured in dollar sales, units, and transactions, what have been

the historic exports for:

 

            Standard telephone sets

            Cellular telephone sets

            Personal computers and work stations

            FAX machines

            Modems

            Telephone switches

 

What are the projected export sales of these products if there is no

change in export control policy and if the government-developed "key

escrow" chip is not made available to industry?

 

What are the projected export sales of these products if the

government-developed "key escrow" chip is installed in the above

products, the above products are freely available at an additional

price of no more than $25.00, and the above products are exported

WITHOUT ADDITIONAL LICENSING REQUIREMENTS?

 

What are the projected export sales of these products if the

government-developed "key escrow" chip is installed in the above

products, the above products are freely available at an additional

price of no more than $25.00, and the above products are to be

exported WITH AN ITAR MUNITIONS LICENSING REQUIREMENT for all

destinations?

 

What are the projected export sales of these products if the

government-developed "key escrow" chip is installed in the above

products, the above products are freely available at an additional

price of no more than $25.00, and the above products are to be

exported WITH A DEPARTMENT OF COMMERCE LICENSING REQUIREMENT for all

destinations?

 

4.A.4  Exports - Advanced Telecommunications

 

What has been the impact on industry of past export controls on other

advanced telecommunications products?

 

Can such an impact on the export of other advanced telecommunications

products, if any, be quantified in terms of lost export sales or

market share?  If yes, provide that impact.

 

4.B  Industry Questions:  Foreign Import/Export Regulations

 

How do regulations of foreign countries affect the import and export

of products containing cryptographic functions?  Specific examples of

countries and regulations will prove useful.

 

4.C  Industry Questions: Customer Requirements for Cryptography

 

What are current and future customer requirements for information

security by function and industry?  For example, what are current and

future customer requirements for domestic banking, international

banking, funds transfer systems, automatic teller systems, payroll

records, financial information, business plans, competitive strategy

plans, cost analyses, research and development records, technology

trade secrets, personal privacy for voice communications, and so

forth?  What might be good sources of such data?

 

What impact do U.S. Government mandated information security standards

for defense contracts have upon demands by other commercial users for

information security systems in the U.S.?  In foreign markets?

 

What threats are your product designed to protect against?  What

threats do you consider unaddressed?

 

What demand do you foresee for a) cryptographic only products, and b)

products incorporating cryptography in: 1) the domestic market, 2) in

the foreign-only market, and 3) in the global market?

 

4.D  Industry Questions:  Standards

 

If the European Community were to announce a non-DES, non-public key

European Community Encryption Standard (ECES), how would your company

react?  Include the new standard in product line?  Withdraw from the

market?  Wait and see?

 

What are the impacts of government cryptographic standards on U.S.

industry (e.g., Federal Information Processing Standard 46-1 [the Data

Encryption Standard] and the proposed Digital Signature Standard)?

 

5.  QUESTIONS DIRECTED TO THE AMERICAN BUSINESS COMMUNITY

 

5.A  American Business:  Threats and Security Requirements

 

Describe, in detail, the threat(s), to which you are exposed and which

you believe cryptographic solutions can address.

 

Please provide actual incidents of U.S. business experiences with

economic espionage which could have been thwarted by applications of

cryptographic technologies.

 

What are the relevant standards of care that businesses must apply to

safeguard information and what are the sources of those standards

other than Federal standards for government contractors?

 

What are U.S. business experiences with the use of cryptography to

protect against economic espionage, (including current and projected

investment levels in cryptographic products)?

 

5.B  American Business:  Use of Cryptography

 

Describe the types of cryptographic products now in use by your

organization.  Describe the protection they provide (e.g., data

encryption or data integrity through digital signatures).  Please

indicate how these products are being used.

 

Describe any problems you have encountered in finding, installing,

operating, importing, or exporting cryptographic devices.

 

Describe current and future uses of cryptographic technology to

protect commercial information (including types of information being

protected and against what threats).

 

Which factors in the list below inhibit your use of cryptographic

products?

 

Please rank:

 

- --    no need

- --    no appropriate product on market

- --    fear of interoperability problems

- --    regulatory concerns

- --       a) U.S. export laws

- --       b) foreign country regulations

- --       c) other

- --    cost of equipment

- --    cost of operation

- --    other

 

Please comment on any of these factors.

 

In your opinion, what is the one most important unaddressed need

involving cryptographic technology?

 

Please provide your views on the adequacy of the government-developed

"key escrow" chip technological approach for the protection of all

your international voice and data communication requirements.

Comments on other U.S. Government cryptographic standards?

 

6.  OTHER

 

Please describe any other impacts arising from Federal government

cryptographic policies and regulations.

 

Please describe any other impacts upon the Federal government in the

protection of unclassified computer systems.

 

Are there any other comments you wish to share?

 

The Board agenda will include a period of time, not to exceed ten

hours, for oral presentations of summaries of selected written

statements submitted to the Board by May 27, 1993.  As appropriate and

to the extent possible, speakers addressing the same topic will be

grouped together.  Speakers, prescheduled by the Secretariat and

notified in advance, will be allotted fifteen to thirty minutes to

orally present their written statements.  Individuals and

organizations submitting written materials are requested to advise the

Secretariat if they would be interested in orally summarizing their

materials for the Board at the meeting.

 

Another period of time, not to exceed one hour, will be reserved for

oral comments and questions from the public.  Each speaker will be

allotted up to five minutes; it will be necessary to strictly control

the length of presentations to maximize public participation and the

number of presentations.

 

Except as provided for above, participation in the Board's discussions

during the meeting will be at the discretion of the Designated Federal

Official.

 

Approximately thirty seats will be available for the public, including

three seats reserved for the media.  Seats will be available on a

first-come, first-served basis.

 

FOR FURTHER INFORMATION CONTACT: Mr. Lynn McNulty, Executive Secretary

and Associate Director for Computer Security, Computer Systems

Laboratory, National Institute of Standards and Technology, Building

225, Room B154, Gaithersburg, Maryland 20899, telephone: (301)

975-3240.

 

SUPPLEMENTARY INFORMATION: Background information on the

government-developed "key escrow" chip proposal is available from the

Board Secretariat; see address in "for further information" section.

Also, information on the government-developed "key escrow" chip is

available electronically from the NIST computer security bulletin

board, phone 301-948-5717.

 

The Board intends to stress the public and social policy aspects, the

legal and Constitutional consequences of this technology, and the

impacts upon American business and industry during its meeting.

 

It is the Board's intention to create, as a product of this meeting, a

publicly available digest of the important points of discussion,

conclusions (if any) that might be reached, and an inventory of the

policy issues that need to be considered by the government.  Within

the procedures described above, public participation is encouraged and

solicited.

 

/signed/

Raymond G. Kammer, Acting Director

 

May 10, 1993


------------------------------



End of Computer Privacy Digest V2 #043

******************************


Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live fro...
Read more

Evidence supporting quantum information processing in animals

              Evidence supporting quantum            information processing in animals                    James A. Donald                    1068 Fulton Av                    Sunnyvale, CA 94089-1505                    USA I show that quantum systems can rapidly solve some problems for which finite state machines require a non- polynomially large time. This class of problems is closely related to the class of problems that animals can solve rapidly and effortlessly, but are intractable for computers by all known algorithms. 1. Introduction      Animals, including very simple animals, can rapidly and effortlessly perceive objects, whereas computers take nonpolynomial time to do this by all...
Read more

ARMIES OF CHAOS

                          ARMIES OF CHAOS -      Before anyone proposes more gun control, he or she should know  about a simple, deadly weapon 4 times as powerful as Dirty Harry's  legendary .44 Magnum -- and at least twice as concealable -- that  _can't_ controlled.        This simple, deadly weapon can be made by anyone -- even a  child -- with unpowered hand tools in an hour's time using $5 worth  of materials, most of which are available around the house anyway.   In traditional form it's reusable an unlimited number of times, and  modern plastics have rendered its disposable version electronically  undetectable.  You can clear a room with such a weapon (more of a  hand-held directional grenade than a gun -- sort of a recycleable  Claymore mine) and it's just one of hundreds of similar time-proven  designs. ...
Read more