Date: Fri, 08 May 92 11:01:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#016 Computer Privacy Digest Fri, 08 May 92 Volume 1 : Issue: 016 Today's Topics: Moderator: Dennis G. Rears What Private Eyes Know Re: Modem Tax (Computer Privacy Digest V1#004) Cordless phones Re: Cordless Phones Re: Is e-mail private? Privacy and Law and Order (was: Cordless Phones) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: Hal Feinstein Subject: What Private Eyes Know Date: Thu, 7 May 1992 14:52:37 GMT Apparently-To: comp-society-privacy I want to raise the issue of how much information is available through on-line databases. I recently had a few months of free evenings so I enrolled in a local school for private detectives. The purpose of the course was to satisfy the State of Virginia's requirement for 70 hours of classroom instruction in order to qualify for registration as a private investigator. The course covered a lot of ground: polygraph usage, sweeping a facility for bugs, use and reliability of physical evidence, interviewing witnesses, the state court system, the state's criminal and civil law, reconstruction and timeline techniques of investigation (as an exercise we had to reconstruct events leading up to an unexplained teen suicide from a hour taped interview with the kids mother. ) and more. One unit dealt with general investigation technique. Here we learned about how much information was available on just about everyone from open and qusi-open sources. I was amazed to learn how much you could dig up on anyone within a few days. First stop is the county court house to check tax records and land records. The cross index (available at the local library!) gave me reverse phone numbers, State DMV gives me who you are if I have your cars license plate number, another database gives me who your neighbors are, how many kids they or you have. If you've had trouble with the law, again at the court house you get the case folders from the county clerk or clerk of the court (again public). Usually, there are a few "character" witnesses or business associates to look into. In civil litigation there are depositions full of information to examine. All from open sources. Next we were introduced to a PI who runs what must be called an information retail operation. He never left his office but did all his work with a telephone modem. From this PI we could get credit headers (the part of the credit report that lists what you make and where you are employed and your wife, and who your creditors are. But not your actual credit history since that would require that you be notified under the fair credit reporting act and there are other ways to get credit information.). He had access to many other databases around the country to trace bank accounts, various locator services such as by surname, federal employee and military. And lots of business rating services. Last we were introduced to qusi-open sources. These were sources of information from databases or records that were not open to the public; however, someone was willing to breach a trust to make a little money. From these sources you can get detailed phone records, credit card histories, bank transactions, unlisted phone numbers (these aren't available in the cross index) and all kinds of other private information. Information peddling has become a business. There are primary national databases such as TRW and TRANSUNION that keep credit histories on everyone. There are mailing list places that sell information on who is on what list and classify the information by attributes of interest. For example, you subscribe to popular fishing and you live in an upper class part of Long Island? A mailing list distributor could sell a list of such people to a drect mail advetiser to sell you everythings from boats to expensive fishermen's special vacation packages. From the PI's veiwpoint, it a good way to see what your tastes and perhaps special skills are. For example, do you subscribe to Machinegun News? Perhaps a magazine on new alarm systems components. Whereas an honest PI has to burn up a lot of shoe rubber and run up a big telephone bill, anyone who knows the ropes can now walk into an information retailer and walk out with a fat dossier on you, your associates or your family. And they are listed in the phone book too. After the course was over I decided the right of privacy is an illusion. The bulk of the detailed information on people is not collected by Big Brother but by industries servicing the instant retail credit, market research, financial and targeted sales business. These are private operations and are not covered by the Privacy Act or even FOIA restrictions. I think we've been worrying about the wrong party and better take a look at the commercial information collectors. And hang onto your hats! Some of these databases are now providing this information on optical disk so that even YOU can have your own database on everyone. I remember some sheet company tried to get into this racket a few months ago but got a lot of bad publicity and temporarily withdrew (for now) the product. ------------------------------ From: crs@beta.lanl.gov (Charlie Sorsby) Subject: Re: Modem Tax (Computer Privacy Digest V1#004) Date: Thu, 7 May 1992 21:29:10 GMT In article andys@ulysses.att.com (Andy Sherman) writes: [...] = The model letter to the FCC/Congress also contains some minor = technical mis-information in addition to the erroneous statement that = the FCC rule-making proposes a surcharge on modem use: = = >Calls placed using modems require no special telephone company = >equipment, and users of modems pay the phone company for use of the = >network in the form of a monthly bill. = > = >In short, a modem call is the same as a voice call and therefore = >should not be subject to any additional regulation. = = This is true, but only if you are willing to live with 2400 bps or = slower. If you demand high speed modem access, your call must be = carried on a full uncompressed voice channel (a 64 Kbps time slot* on a = digital trunk). Under certain circumstances the phone company = compresses and multiplexes multiple voice calls into a single voice = channel. Conversation is still quite intelligible, and carrying = conversation is the service for which your phone line is tariffed. If = you use a high speed modem, then you may actually need more facilities = than a voice call requires. And people at the FCC know that, so you = undercut your own credibility by ignoring the voice compression issue. I think what has happened is that the quotation identified with "= >" is not a model of clarity but I don't really believe that it is really wrong. If that is not what you mean by "technical mis-information" then I'm not sure that I see what you are getting at here. Are you saying that, if I use a high-speed modem over my voice grade telephone line, the phone is going to route my traffic over a higher grade line than I'm paying for? If not the original statement sounds true to me. I.e., if I may paraphrase: I pay a monthly phone bill for a voice grade line and that is what I get the use of. I would be very surprised if the phone lines are not filtered to assure that only the band of frequencies for which the lines are intended are passed. If I connect a 2400 bps modem to that line, I believe that is within its capability and I'm happy and the phone company has not provided me with anything extra. If I try to use higher speed, the line is not up to it and I may not be happy with the results but, as far as I am aware, the phone company has still not provided me with anything extra. Certainly if I want to use high data rates, I'm going to need something other than a voice-grade line and the phone company is going to charge me for it, just as it will charge me for any other extras to which I subscribe. I don't think that this is what the original poster is talking about. Rather I think it is about the possibility of a surcharge for using a modem over a normal voice- grade line. Certainly, I agree that the original quotation should have made clear that it was about use of a modem over one's existing voice- grade line. Am I misunderstanding what you are saying? Well, just thought I'd check to see if I'm misunderstanding something. Best, Charlie "Older than dirt" Sorsby "I'm the NRA!" crs@lanl.gov ------------------------------ Date: Thu, 7 May 92 17:42:47 EDT From: "Nicholas J. Simicich" Subject: Cordless phones > From: Phil Stracchino > To give an analogy: > > He who glances out of his window one night and happens, by chance, > to observe the attractive young woman who lives in the building > opposite in the process of undressing, is merely fortunate. > > He who buys a telescope and scans the windows of the building > opposite in the hope of observing some attractive young woman > undressing, is a Peeping Tom. > > 'Nuff said? No. (I just love stretching analogies.) Obviously, one has to consider the motives of the attractive MOTAS here. If they are undressing in front of an open window which can easily be seen from the street, at night, with strong lights on in the room so that they are clearly visible to all passers-by, or during the day in a public park, perhaps they are an exhibitonist, and want people to watch, or just don't care. The use of a standard cordless phone bears much more resemblance to my description than to yours. The frequencies that those phones use have been designated as a public park. One who changes clothes during the day in full view in a public park has no expectation of privacy. It isn't even rude to look. Just boring. Nick Simicich (NJS at WATSON, njs@watson.ibm.com) -SSI AOWI #3958, HSA #318, NAUI #14065 - "We're working to turn 'to bush' into a verb." ------------------------------ Subject: Re: Cordless Phones Date: Thu, 7 May 92 22:49:00 PDT From: Tad Cook Phil Stracchino writes: >I've watched with amazement as this particular debate has gone back and >forth, and frankly I can only say that this argument is totally fatuous. >Merely the fact that someone is using a cordless phone and unintentionally >broadcasting their conversation does not _compel_ anyone with the >capability to listen in to do so. I don't know if anyone has pointed out yet in this discussion probably the best reason why cordless phone calls CAN'T be private. Forget about the fact that radio waves go through walls, or that you can pick these up on any Radio Shack VHF scanner radio. These phones are low power FCC Part 15 devices, and share their ten channels with millions of other cordless phones, as well as all the Fisher-Price Baby Room Monitors, and Archer Space Patrol kid's walkie talkies. You can't really expect any privacy if the kid next door might hear you on his walkie talkie, or the couple down the block can hear you on their baby monitor, or someone else in the neigborhood can hear you on THEIR cordless phone. Thats probably why they are specifically exempt from the ECPA. -------------------------------------------------------------------------- Tad Cook | Phone: 206-527-4089 (home) | MCI Mail: 3288544 Seattle, WA | Packet: KT7H @ N7DUO.WA.USA.NA | 3288544@mcimail.com | USENET: tad@ssc.wa.com or...sumax!ole!ssc!tad -------------------------------------------------------------------------- ------------------------------ Date: Thu, 7 May 92 23:20:59 EDT From: Brinton Cooper Subject: Re: Is e-mail private? Continuing the discussion on whether e-mail is "private," our esteemed Moderator wrote. > If the computer is > accessible to outside networks what about the privacy of the sender. > Example: My fiance sends me mail from XXX@compuserve.com. to drears@brl.mil. > While I don't have any expectation of privacy does she? Sure the owner > of the equipment owns the media but do they own the information on it? To > add another bit to it. What if she copyrights her mail to me. _Dennis] If your sender exposes her e-mail to networks (e.g. milnet) outside the one with which she's familiar (e.g. compuserve), she takes a risk of exposure and loses the expectation of privacy. After all, she caused her note to be deposited in a file on a milnet machine. The owner of the computer owns ACCESS to the machine, can legally enter and read any file on the machine unless contractual agreements (as compuserve, et al, should provide) specify otherwise. Copyright is merely the "right to copy." That's the meaning of the word. ANYONE can read material protected by copyright. They can even make one copy for "personal use." _Brint [Moderator's Note: By the same logic if I route official government email to a researcher on the NSFNET do all the owners of the machines it passes through have the right to access the message? After all it is there equipment. On a different note I seem to recall federal legislation some years back that made interception of email a federal offense. Does anyone know anything about that? _Dennis ] ------------------------------ Date: Thu, 7 May 92 22:48 PDT From: John Higdon Subject: Privacy and Law and Order (was: Cordless Phones) Anthony Rzepela writes: > >I am [..deleted..], and am actively > >involved in the matter of technical consultations for criminal matters. > This view, I hope, speaks for itself: Another law-and-order type > wearing his conformity like a medal, reminding us that these neat, new > methods only catch "bad guys", so keep your nose clean, and there > won't be any trouble... I just love it when people open mouth and insert foot like this! As many in this and other forums are painfully aware, my technical consultations are invariably for the DEFENSE. I have been very active in efforts to shut down over-zealous prosecutions and have worked very hard behind the scenes on some rather notable cases. Right now, there are many people getting a good laugh at someone accusing me of being a "law-and-order" type. As to wearing my "conformity like a medal", that is even a greater laugh. I just do not feel that the world will collapse if one or another piece of information is discovered about me by someone I do not even know (or even by someone I do know). Even the fact that the things I do and the way I do them are completely unorthodox. > I am very, VERY curious as to just what kinds > of harm Mr. Higdon thinks ARE deserved, outside of those delivered > before a judge and jury.... Harm, in this context, is whatever the supposed damages are when information about one's life is revealed to someone that "shouldn't" have it. This is certainly the heart of the matter. The part you should have been concentrating on was "half-assed knowledge of the technology". My general experience is that those who really know how it all works lack the mindless paranoia that seems to show up here from time to time. As to those that I feel "deserve something", I will tell you who they are. They are those who blithely insist that no effort should be required on their parts to ensure success or protect anything they value, including privacy. The attitude that asserts that it is better to do away with (or prevent the introduction of) technology that can serve and benefit many, because of imagined evils, is held by those who are unwilling to advance with society. Really, what are we talking about? I have a cordless phone. I am perfectly aware that it can be picked up for blocks around by any Icom receiver. Do I really think there are people listening? No. Is it possible? Certainly. Therefore, I do not discuss anything that I consider to be topics that in the wrong hands could do me harm on the cordless phone. What are these topics? Details of my product development, trade secrets, my clients' affairs, and legal defense strategies are among those subjects that I avoid discussing on the air, on the VERY SLIM chance that someone who matters may be listening. People who complain about having to exert energy to dial '*67' or watching when they use the cordless, or any other trivial precaution are much like a person who feels that it is his right to flounce down Mission Street at 12:30 AM carrying a wad of $100 bills in plain view. There are little things we do everyday to ensure we will not be mugged, or that we will not starve, or that our car will not run out of gas, etc., ad nauseum. Why is privacy so important to those same people who feel that it is their right to not be bothered doing simple things to protect it? > Heat-seeking technology can tell when someone is > in a house and pretty much the nature of their activities. Our > gov't has not responded to protect its citizens from the intrusion > of new, sophisticated information-gathering techniques. End result: > as technology gets smarter and more sensitive, even our body heat > enters the realm of what we are broadcasting "for all to see", Just what is it that you believe that "heat seeking technology" is going to reveal about you? What kind of activities do even eccentrics such as yours truly do in a house that would be so damaging if someone figured out what they were? If you can get off this "nothing to hide" attitude and look at it flatly, you could see my point. No, it is no one's business what I do behind closed doors, but if someone devised a way to "look through my walls", is that the end of the world? I will bet there are very few people who even care what you or I do behind closed doors. > I wish some of these libertarian types who keep belittling consumers > and citizens concerned with the intrusions inherent in the consumer's > "choice" of media would adopt the same condescending attitude towards > HBO when it tries to avoid the inherent costs of its choice of media. > Instead, the FBI is enlisted to protect Time-Warner's income from > would-be video pirates. We agree here. In most other advanced countries the laws on the books are used when there is the need to correct a problem. For instance, most nations have laws against the usual drugs. Many of their citizens use these drugs in a responsible way. They do not commit crimes (other than the use itself), do not harm people, and do not even mess up their own lives. Hence, they are frequently left alone by the authorities. Only when drug usage becomes a problem to others are the laws (which are in place just for this circumstance) enforced. In contrast, the US Congress passes laws and then the FBI goes out of its way to get people to break them with "stings" and other activities. This applies to drugs, child pornography, even "computer crime". > We are losing our choice of delivery method for more and more > vital services everyday. Furthermore, in those arenas where choice > will remain available, the cost of the 'secure' methods will grow > to be prohibitive. This is a double-edged sword. How much security does your privacy really warrant? What do you say on the phone that should be public key encrypted? Probably not much. Now turn it around. How much of your private affairs would anyone be interested in spending big bucks on to obtain? Again, probably not much. Much is made of the ability of retail operations to track one's purchases. Why is this such a big deal? Again I ask: who has suffered any harm as a result of this alleged intelligence gathering? I would have been more annoyed to have lived in Smalltown, USA, at the turn of the (last) century. Anyone who wanted to know (my friends and enemies alike) could, in pleasant chit-chat with Mr. Smith (of Smith's General Store) find out a lot more about me than merely about every one of my purchases. Somehow, being on some reel of tape in some tape vault, with the data being impersonally scrutinized by some marketing types does not upset me much. > The view that one can reasonably expect > privacy only when protected by an electronic and brick fortress > will not work in a society where the costs of these things restrict > availability to precious few citizens. But it is those who supposedly have the means to protect privacy who have the least! How many people other than the IRS have seen your tax return? How many have seen George Bush's? The heads (and major beneficiaries) of large corporations have their financial affairs published. It is called an "Annual Report". The habits, phobias, daily doings, and financial holdings of the well-to-do are frequently made known to the public. Frankly, I think that those who are extra concerned about privacy have delusions of self-importance. This is really brutal, but the truth is that no one really cares about you, except as maybe an element in a set of statistics. No, your phone is not tapped. No, the FBI is not across the street listening to your cordless phone converstations. Little ten-year-old Billy on the next block may be thrilled with his new toy while he gleefully listens to you bad-mouth the boss to a buddy. Is this something to go crazy about? Give me a break! -- John Higdon | P. O. Box 7648 | +1 408 723 1395 john@zygot.ati.com | San Jose, CA 95150 | M o o ! ------------------------------ End of Computer Privacy Digest V1 #016 ******************************