Date: Sun, 05 Nov 95 08:19:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#038 Computer Privacy Digest Sun, 05 Nov 95 Volume 7 : Issue: 038 Today's Topics: Moderator: Leonard P. Levine Who reads your email? FBI on wiretap capacity Uncolicited email Advertising Re: Copying Driver's Licenses Re: Copying Driver's Licenses Re: The Information Rights Act of 1996 Phone Number Privacy Re: Telephone Odds and Ends Deirdre Mulligan's defense of Bennett Medical Records Bill FBI Wiretap Demand is Massive Info on CPD [unchanged since 08/18/95] ---------------------------------------------------------------------- From: "anonymous" Date: 02 Nov 1995 08:46:56 -0400 (EDT) Subject: Who reads your email? [moderator: The author requested anonymous posting, this is posted from my mailbox.] I have little doubt that somewhere in the NSA, or elsewhere in the US gov't, there's a quiet little office with a nice big budget, unobtrusively vacuuming up email and news postings and applying AI-based analysis to it. All for national security, dont'cha know. My personal understanding is that NSA is charged with gathering signals intelligence throughout the world, including and signals which cross the borders of the United States. This means that anything you transmit that exits the U.S. is fair game, so usenet posts would obviously qualify. Whether or not your personal email is subject to surveillance by this mechanism would depend on who you sent it to and whether the intervening network (for whatever reason) routed it across an international boundary (I assume this would include satellites in geosync orbit even for "domestic" traffic). I personally do not know this to be true, but it is consistent with what I've read in public sources. This is not a sinister mechanism, it is often the only mechanism for keeping track of what foriegn governments are doing/saying. I was very surprised a couple of weeks ago to hear press reports of this surveillance being applied to a Japanese trade delegation being broadcast as if the information were news! My activity was recently briefed on industrial and financial espionage as part of our routine training -- you can obtain pamphlets on the subject from your local FBI office, but suffice it to say that NSA's activities are mild in comparison with those of foreign countries. I'm afraid I didn't have the opportunity to ask the agents giving the brief how they were able to reconcile industrial espionage concerns with DoJ's desire to set aside phone lines for surveillance and various agencies' opposition to commercial crypto -- sorry. ------------------------------ From: gmcgath@condes.MV.COM (Gary McGath) Date: 04 Nov 1995 19:08:48 GMT Subject: FBI on wiretap capacity Organization: Conceptual Design A Washington Post article published in my local paper regarding the FBI wiretap proposal included the following: James Kallstrom, assistant FBI director in charge of the New York field division, argues that the proposal would in fact reduce the FBI's surveillance authority. "Today, we have 100 percent capacity," he said, referring to older, pre-digital technology. "We could tap all the phones in the United States." Under the plan, the FBI's surveillance ability would shrink to a maximum of 1 percent of simultaneous telephone calls from any one telephone switch, he said. Under the FBI plan, Kallstrom said, a typical central switching office in New York that serves 50,000 telephone lines has a capacity to carry only 5,000 calls simultaneously. It is the latter number, not the former, he said, on which the FBI bases its calculations. So the highest level of simultaneous surveilance in that area, he said, would be 50 lines. It's a worthwhile exercise, one that could have gone into "How to Lie with Statistics," to dissect Kallstrom's falsehoods. First, his claim that the FBI has 100% wiretapping capacity, sounds highly dubious. That would imply that the FBI has a stockpile of wiretapping equipment which is millions of times as much as it needs to carry out the current level of wiretapping, which the Post article cited as less than 900 a year. If it's true, it's an outrage; if it's false, Kallstrom has made an outrageous lie. The capacity which the FBI has requested suggests that it wants to massively increase the amount of wiretapping it does. Second, Kallstrom equivocates on simultaneous calls and maximum simultaneous calling capacity. Switching systems are normally used at less than capacity. If, during an off-peak hour, the hypothetical New York system were carrying only 500 calls, the FBI would still be able to tap 50 calls. If we assume that the average tap is 5 minutes long, then the FBI would be able to tap 14,400 calls in one day at just that one switching system. Last year, all federal, state, and local agencies made less than 900 wiretaps (leaving mountains of equipment idle, if Kallstrom is telling the truth). We must wonder what the FBI is planning to do with all of this surveillance capacity. -- Gary McGath gmcgath@condes.mv.com http://www.mv.com/users/gmcgath ------------------------------ From: clouds@rainbow.rmii.com (Philip Duclos) Date: 02 Nov 1995 07:57:19 -0700 Subject: Uncolicited email Advertising Organization: Rocky Mountain Internet, Inc Yesterday I received the first piece of unsolicited email addressed to me. It was an advertisement for a Web site. I have no idea how the sender discovered my email address, though I'm sure it isn't hard. I have no idea why I was picked as a recepient. Question: How big a stretch is it to claim your computer is a FAX machine under the Federal laws governing unsolicited FAXs? If it fits, how does one file charges under that statute? Question: What other methods have been effective is stopping or preventing unsolicited email? Perhaps I'm overreacting, but I would like to prevent this from happenning again. I find it extremely annoying. Since I'm paying for my net connection, junk email costs me money and I don't particularly like that. -- Phil Duclos pjd@clouds.com ------------------------------ From: Maryjo Bruce Date: 02 Nov 1995 08:33:34 -0800 (PST) Subject: Re: Copying Driver's Licenses I will broaden my remarks about my experience when I withdrew over 10K in cash from savings. My cpa made an awful error, and I had to pay 13K in back taxes. I was pretty much in shock while at the bank. I took my cards out and was looking through the pile, laying them down on the bank counter while I searched for my new DL which they demanded. Without my seeing him, the teller reached out and scooped up what he wanted, including an old DL, my SAM's card-which has a picture of me on it. I did not know he had taken the items until another teller returned them. As part of the paperwork the bank filled out because of my withdrawal, I was asked my for my employer's name. I said I am unemployed...because I AM unemployed. While this transaction was taking place...it took an hour to get the money....one of the tellers proudly informed me that it was his job to judge the intention of his customers. If someone came into the bank and withdrew LESS then 10K and there was no need to fill out the paperwork for the government, he sometimes did it anyway because he had been entrusted with the task of observing their patterns of behavior and banking and interpreting their motives. Two days later there was an emergency call from the bank. I was informed that being unemployed was unacceptable. I HAD to list an employer. I asked how I could do that when I have no employer. I was passed around to several people, each of whom insisted that the paperwork would be returned from the bank's internal affairs division as incomplete if they did not get the name of an employer on that form...so I HAD to provide one. I was then encouraged to say something, anything.....give the name of a former employer. I said I would call my lawyer and my cpa. -- Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com ------------------------------ From: kayedemby@aol.com (KayeDemby) Date: 03 Nov 1995 04:34:31 -0500 Subject: Re: Copying Driver's Licenses Organization: America Online, Inc. (1-800-827-6364) I have concerns about what the wrong people can do if they have your driver's license? I'm being asked for that kind of personal information more and more and not just from banks. ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 03 Nov 1995 05:38:57 GMT Subject: Re: The Information Rights Act of 1996 Organization: The World Public Access UNIX, Brookline, MA Please try to focus on a plane higher than just credit cards, phone numbers, and TV cameras. These things are important, but too transient to put into civil rights law. Technology changes awfully fast. Oh, right. I would point out that the Civil Rts Act of 1964 wasn't eviscerated by the Supreme Court until 1979. Steel Workers v. Weber, 99 S.Ct. 2721 (reverse discrimination is not illegal "racial" discrimination). In order to properly frame legislation, it is often useful to first try to formulate a concise definition of the harm which is meant to be eliminated and why existing law fails to do so. -- BCNelson (not a lawyer) ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 03 Nov 1995 06:29:43 GMT Subject: Phone Number Privacy Organization: The World Public Access UNIX, Brookline, MA On a recent NYNEX commercial advertising *69 to call back the last person who called you (as when you can't get to the phone in time to answer), there was a statement at the bottom of the screen: "Your phone number may appear on the bill of anyone who calls you using this service." This would appear to mean that anyone having call blocking and unlisted phone numbers are still at risk of letting anyone they call know their number. It would also mean that anyone who picks up your phone can call the last person who called you just by pressing *69, which may be an amusing pastime for snoops. -- BCNelson (not a lawyer) [moderator: Ameritech announced just yesterday in a TV advertizement that *69 is now available without ordering anything special for a cost of $0.75/request. There was no mention on the TV ad (that I could see) that your number appeared anywhere.] ------------------------------ From: peter@nmti.com (Peter da Silva) Date: 03 Nov 1995 19:08:11 GMT Subject: Re: Telephone Odds and Ends Organization: Network/development platform support, NMTI Robert Ellis Smith <0005101719@mcimail.com> wrote: I'm curious why people would want a service that automatically blocks out any incoming call that has Call Blocking. Because most of the people with ID-blocking seem to be telemarketers. Aren't there going to be occasions when family members and others call - perhaps in urgent situations - from phones with Call Blocking? There's always *67. And isn't CALL TRACE a much more effective way to handle harassing calls than Caller ID? CALL TRACE has not proven to be an effective deterrent to the people who were harassing us when we were running a BBS. CALL RETURN worked on a few of these munchkins... "Hello? Oh, did you just call us? Your son maybe? Oh yes, he has a computer?... ah, you might let him know it's not nice to harass people over the telephone. Thanks so very much..." Since CALLER ID was popularized we haven't even had to deal with these minor creepazoids. The problem with CALL TRACE is, you have to be willing to involve the law. Involving parents is a much less stressful solution. -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. My opinions probably scare them ------------------------------ From: James Love Date: 01 Nov 1995 16:12:53 -0500 Subject: Deirdre Mulligan's defense of Bennett Medical Records Bill ----------------------------------------------------------------- TAP-INFO - An Internet newsletter available from listproc@tap.org ----------------------------------------------------------------- TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE November 1, 1995 ---------- Forwarded message ---------- Date: 01 Nov 1995 15:08:41 -0400 From: Deirdre Mulligan Jamie- In the interest of free and fair discussion I ask that you post this to the tap-info list. Thanks, Deirdre The Center for Democracy and Technology, AIDS Action Council, The Legal Action Center, The New York Public Interest Research Group, the American Association of Retired Persons, plus a number of other groups, have all registered their strong support for the Bennett-Leahy bill (S. 1360), "The Medical Records Confidentiality Act." The groups represent privacy concerns, consumers concerns, the concerns of those living with HIV, alcohol, and drug dependency, and the concerns of the elderly. In addition, the sponsors of the bill include a number of Senators who have a good record on privacy, such as Leahy, Kohl, Kennedy and Daschle, to name a few. No bill is ever perfect, and many of these organizations, including CDT, would like to see certain sections of this bill improved. CDT is working to strengthen the standard for law enforcement access, the limit the breadth of the oversight exception, and require consent for researchers' to personally identifiable data. Nevertheless, there is no doubt that the Bennett-Leahy bill fills a gaping hole in current privacy protection. Even acknowledging that it should be strengthened, the bill for the first time establishes a federal warrant requirement for access and a host of other privacy protections. Critics of the bill seem to believe that its greatest flaw is that it does not prohibit health information from being computerized. This criticism lacks any connection to reality. The bill attempts to address reality. Automation is here and expanding. Equifax, TRW and the many smaller companies involved in the information industry have been, and will continue to enter the health information field with or without legislation. Today, 90% of all the information needed to process insurance claims containing diagnosis and test results move electronically. Currently these companies/information systems operate without any legal limits on their actions. The only rules governing their behavior are a result of contracts with hospitals. The Bennett- Leahy bill will regulate their actions to protect privacy. It will prohibit information systems providers with whom hospitals contract -- to complete billing and claims transactions for example -- from capturing and using information for any other purpose without the consent of the patient. We don't need protection from computers. We need privacy protection. Ensuring privacy protection is fundamental regardless of whether personal health information systems are automated or paper-based. The classic example of technology being branded as evil, when the true culprit is a lack of comprehensive privacy policy is offered by the Harvard Community Health Plan fiasco. Everyone started screaming about mental health treatment notes being automated. The real story wasn't whether they were online. The real problem was that every provider in the HMO had access to the records. The Bennett-Leahy bill deals with this issue. The general rules regarding use and disclosure of information contain a "minimization" rule. Trustees can disclose only the minimum amount of information necessary. Moreover, CDT and a number of other organizations are not luddites. We are attempting to reap the privacy potential that is in new technologies if they are designed to respect privacy at the frontend. Audit trails, encryption technologies, digital signatures, masking and other technological tools offer methods to secure information, track access to records, and enforce privacy policy that are non-existent in a paper based system. The creation and use of health information systems poses substantial risks to individual privacy. So does the current lack of federal legislation. The Bennett-Leahy bill acknowledges both the existing threat and the increasing threat that automation without regulation poses to people's privacy. The bill protects information whether in paper or electronic form. It limits disclosure, requires consent, establishes a warrant requirement, and calls for security standards. Most importantly it establishes a private right of action for violation of the act, imposes hefty civil fines -- including expulsion from all federally funded programs such as Medicaid and Medicare -- and criminal sanctions ranging from $50,000 to $, 250,000, exclusion from federally funded programs, and substantial prison terms. I invite anyone who is interested or has further questions or comments on the bill to contact us. A section by section analysis and frequently asked questions document are available at our web site. Deirdre Mulligan Staff Counsel Center for Democracy and Technology 1001 G Street NW Suite 500 East Washington, DC 20001 USA (202)637-9800 (202)637-0968 fax http://www.cdt.org/ --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. TAP-INFO is archived at gopher.essential.org in the Taxpayer Assets Project directory, and at http://www.essential.org/tap/tap.html Subscription requests to tap-info to listproc@tap.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap@tap.org --------------------------------------------------------------------- ------------------------------ From: jwarren@well.com (Jim Warren) Date: 04 Nov 1995 18:31:11 -0800 Subject: FBI Wiretap Demand is Massive The FBI has finally published the details of their half-BILLION-dollar NATIONAL WIRETAP SYSTEM -- a gargantuan threat to the freedom, privacy and civil liberties of every citizen in this nation. Once deployed, what politician would dare oppose or impeach an unscrupulous administration in control of such convenient, undetectable wiretapping -- that can listen FROM anywhere, TO anywhere, at a keystroke (e.g. Nixon/Watergate)? Once operational, what federal, state or local elected representative would dare question or oppose law enforcers (e.g., for the decades that J. Edgar Hoover ran massive wiretaps on politicians up to and including sitting Presidents and his own Attorney General, he got almost everything he asked for from Congress -- and from his Presidents -- and that was when wiretapping was *hard* to do). Once federal, state and local enforcers have everso-convenient wiretaps -- what Hollywood or television producer will dare create shows critical of law enforcement, much less documentaries of enforcement abuses (e.g., for the decades that J. Edgar Hoover wiretapped everyone from Desi Arnez to Elvis Presley, there were essentially NO shows or movies criticial of the FBI!) And just think of how entertaining and useful this system will be for every phone phreak, computer cracker, industrial espionage agent and foreign spy -- as each one of them learn how to crack the system, implemented by the nation's notioriously insecure telecommunications companies (if we are to believe the FBI's cracker horror stories and claims of billions of dollars of phone fraud). And finally, once this system is operational, what government whistle-blower would dare talk to a reporter? If there was ever a need for outraged, massive howls of opposition to "our" elected federal representatives -- and their replacement at the polls in 1996, if they fail to rescend this Orwellian mandate, much less if they fund it -- the TIME IS NOW! (Note: It is the Republicans who have been holding up this appropriation -- while FBI Director Louie Freeh has been pleading for it since early this year. Wonder who would support it and who would oppose it, if a Republican was in the White House? :-) &&&&&&&&&&&&&&&&&&&& We Knew It Was Going to be Bad -- But We Didn't Realize How Bad The FBI is demanding facilities to simultaneously wiretap 1 call in 100 in many urban areas; and a maximum no less than 1 in 400 for the entire nation! Even if they are following the time-honored bureaucratic practice of requesitioning 3-5 times what they actually want, this is MASSIVE! According to the FBI's notice to the nation and to our telecommunidations services providers, published in the Federal Register: "... The capacity figures in this notice reflect the combined number of simultaneous pen register, trap and trace, and communication interceptions that law enforcement may conduct by October 25, 1998. ... "Category I (the highest category) and Category II (the intermediate category) represent those geographic areas where the majority of electronic surveillance activity occurs. ... Other densely populated areas and some suburban areas, with moderate electronic surveillance activity, are grouped into Category II. ... "Category III (the lowest category) represents law enforcement's minimum acceptable capacity requirements for electronic surveillance activity. This category covers all other geographic areas. ... "The actual and maximum capacity requirements are presented as a percentage of the engineered capacity of the equipment, facilities, and services that provide a customer or subscriber with the ability to originate, terminate, or direct communications. ..." URBAN AREA WIRETAP REQUIREMENTS: MAXIMUM OF 1 CALL in 100; 1 in 200, *ACTUAL* "Category I "Actual Capacity - Each telecommunications carrier must provide the ability to meet ... a number of simultaneous ... interceptions equal to 0.5% [1 call in 200] of the engineered capacity of the equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications. ... "Maximum Capacity - Each telecommunications carrier must ensure ... communication interceptions equal to 1% [1 call in 100] of the engineered capacity ..." URBAN & SUBURBAN AREAS: 1 in 200 CALLS WIRETAPPED, MAXIMUM; 1 in 400, *ACTUAL* "Category II ... Actual Capacity ... communication interceptions equal to 0.25% [1 call in 400] of the engineered capacity ... "Maximum Capacity ... 0.5% of the engineered capacity of the equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications. MINIMUM FOR THE NATION: CAPABILITY TO SIMULTANEOUSLY WIRETAP 1 CALL in 400 "Category III ... Actual Capacity ... interceptions equal to 0.05% ... "Maximum Capacity ... number of simultaneous ... interceptions equal to 0.25% [1 call in 400] ... &&&&&&&&&&&&&&&&&&&& Up-to-Date Electronic Addresses for Congress Members & Congressional Committees Though the prodigious efforts of librarian Grace York (graceyor@umich.edu), there is a comprehensive list of congressional email addresses available on the University of Michigan Library Gopher. Gopher to the University of Michigan Library Gopher or telnet to una.hh.lib.umich.edu Login as gopher. Path: Social Sciences/Government/U.S. Government: Legislative Branch/E-Mail Addresses. Access is also provided through the Documents Center's web site: http://www.lib.umich.edu/libhome/Documents.center/federal.html and the ULIBRARY Gopher's web interface: gopher://una.hh.lib. umich.edu:70/00/socsci/poliscilaw/uslegi/conemail &&&&&&&&&&&&&&&&&&&& Clinton Admin & FBI Imply This Will Be Used Only Under Court Order - NOT SO! All of the law-n-order hype about this to congress-critters and the press has *implied* that it would only be used under court order. BULL SHIT! Let's ignore the *fact* that it *will* be abused by those in power who make unauthorized used of their authorized access to the system -- if history is any implication. The actual language of the 1994 authorizing legislation (titled, in true Orwellian double-speak, the "Communications Assistance for Law Enforcement Act," the CALEA) requires that: "[Every] telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of -- "(1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government; ..." [there's *lots* more!] Notice the part: "pursuant to a court order OR OTHER LAWFUL AUTHORIZATION." *Which*, "other lawful authorizations?" Us peons -- who *Shall* Be Subservient to Big Brother -- don't know. Probably most members of Congress who so casually demanded that the nation's telecomm carriers inflict this on us, and authorized half a billion dollars to pay for it, don't know. Some "lawful authorizations" to wiretap are certainly classified -- and, of course, we victims can't be told about those secret authorizations. After all, then they wouldn't be secret. And I won't even get into what authorizations the President may have under all of the secret war powers that Congress has given to him over the decades, that have never rescinded. (Note that various Presidents have formally declared numerous wars -- "War on Drugs," "War on Poverty," "War on Crime," etc. -- and those declarations have never been withdrawn.) &&&&&&&&&&&&&&&&&&&& FBI Says This Is Just to Keep Level Playing Field - But It's MASSIVE Change! The FBI first attempted to weasel this into law in 1991, hidden in the post-Gulf-War Omnibus Anti-Terrorism Bill. It took them until 1994 to finally ram it through Congress, fast-tracked with no substantive hearings, no roll-call vote in the [Democrat-controlled] House, and unanimous consent vote in the [Democrat-controlled] Senate -- literally only hours before it adjourned so incumbants could rush home to campaign for re-election. It was quickly, and every-so-quietly, signed into law by ex-antiwar-activist Clinton ... who shoulda known better. (Wonder what the FBI has on Clinton in their files?) Throughout this, the FBI (as front-man for the numerous federal, state and local government snoop-n-peep agencies) whined that they needed this half-gigabuck any-place, any-time wiretap system, "just to keep the wiretap capabilities that law enforcement had 'always' had" (i.e., since the early 1900s). BULL SHIT! Government has never before had the ability to wiretap with so little effort. Government has never before had the capability to wiretap FROM anyplace. Government has never before had the capability to wiretap AT A KEYSTROKE. For the most part, Government has never before the ability to tap UNDETECTABLY. &&&&&&&&&&&&&&&&&&&& Local and State Incumbents & Enforcers Can Play Peeping Tom, Too The statute includes this definition: "The term "government" means the government of the United States and any agency or instrumentality thereof, the District of Columbia, any commonwealth, territory, or possession of the United States, and any State or political subdivision thereof authorized by law to conduct electronic surveillance." Note that this means it allows ALL federal, state, county, city and other "authorized" agents and agencies to use this pervasive peeping tool. And just think about how much fun they will have on slow nights in the office, once we have widespread use of videophones. &&&&&&&&&&&&&&&&&&&& Watergate, Joe McCarthy, HUAC, Cointelpro, FBI Library "Awareness" Program, J. Edgar Hoover, FBI Dirty Tricks, Lyndon Johnson If this system were installed in the 1950s, imagine what the red-baiting Joe McCarthy (and Senatorial side-kick Richard Nixon) could have done through a friendly law enforcer? Remember how many lives and careers were demolished by the House Un-American Activities Committee (HUAC)? Or the joy of the FBI's dirty-tricks program that successfully demolished various law-abiding anti-war organizations. Then there was the FBI's massive requests that librarians covertly monitor all materials being checked-out by various library patrons, and report it to agents. And good ol' Lyndon Johnson didn't hesitate to sic the IRS on his political opponents. And FBI Director Hoover ... hell, he used his FBI facilities -- that will now control the National Wiretap System -- to compile so much dirt on his political opponents that no would question him or his practices or budget demands, and President JFK and Attorney General Bobby K dared not remove him, even though they were just short of open warefare with him. &&&&&&&&&&&&&&&&&&&& Wiretap Action Alert from Electronic Privacy Information Center (EPIC) Date: 02 Nov 1995 11:21:11 -0500 From: "Marc Rotenberg" Subject: FBI Unveils National Wiretap To: "EPIC-News" [Please repost] The New York Times reports today that the FBI has proposed "a national wiretapping system of unprecedented size and scope that would give law enforcement officials the capacity to monitor simultaneously as many as one out of every 100 phone lines" in some regions of the country. ("FBI Wants to Vastly Increase Wiretapping," NYT, Nov. 2, 1995, at A1) The story follows the October publication in the Federal Register of the FBI plans to implement the Communications Assistance for Law Enforcement Act, the controversial "digital telephony" bill that was opposed by many groups last year but supported by an industry association called the "Digital Privacy and Security Working Group" after the government put up $500,000,000 to pay for the new surveillance features. (See EPIC Alert 2.12) The Times article also notes that there is now some question about whether the law will ever go into effect. A provision to provide funding was deleted last week after "several freshman Republicans, including Representative Bob Barr of Georgia, a former federal prosecutor, said he objected to the way the money for wiretapping would be raised and that he had concerns about how the FBI might use such a sweeping surveillance ability." The article also says that "The scope of the FBI plan has startled industry telephone executives, who said it was difficult to estimate how much it would ultimately cost to carry out the capacity increases." EPIC is urging the on-line community to object to implementation of the wiretap plan. More information can be found at our web page: http://www.epic.org/privacy/wiretap/. -- Marc Rotenberg rotenberg@epic.org &&&&&&&&&&&&&&&&&&&& Center for Democracy and Technology (CDT) Offers Comprehensive Wiretap Analysis Date: 20 Oct 1995 14:11:30 -0500 To: policy-posts@cdt.org From: editor@cdt.org (editor@cdt.org) Subject: CDT Policy Post No.26 -- FBI DigTel Surveillance Capacity Request Under this header, Washington's CENTER FOR DEMOCRACY AND TECHNOLOGY circulated an outstanding, 34-kilobyte analysis and detail of the FBI's plan. Unfortunately, it said, "This document may be re-distributed freely provided it remains in its entirety." Since I was loathe to inflict their 34KB plus the other items herein on unsuspecting GovAccess recipients, I will only provide these pointers to where to get this *excellent* CDT analysis, and the FBI's Federal Register notice that it references and includes: [Federal Register: October 16, 1995 (Volume 60, Number 199)] [Notices] [Page 53643-53646] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] HOW TO SUBSCRIBE TO THE CDT POLICY POST LIST To subscibe to the policy post distribution list, send mail to "Majordomo@cdt.org" with: subscribe policy-posts in the body of the message (leave the subject line blank) The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance constitutional civil liberties and democratic values in new computer and communications technologies. General information: info@cdt.org World Wide Web: URL:http://www.cdt.org FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1001 G Street NW * Suite 500 East * Washington, DC 20001 (v) +1.202.637.9800 * (f) +1.202.637.0968 &&&&&&&&&&&&&&&&&&&& Is Someone Already Watching All International Net Traffic? The following is the transcript of an actual communications trace that a friend ran, while I was sitting next to him, watching -- reprinted here with his permission. He did a "traceroute" of two messages that he sent from his machine in Switzerland (he'd telneted into it while we were at a computer conference in California). Traceroute automatically reports each Internet node through which a message passes, as it proceeds from origin to destination. He did two traceroutes. The first was from Switzerland to an addressee at Netcom in San Jose, California. The second was from Switzerland to an addressee in Israel. Date: 21 Apr 95 02:54:58 +0200 From: kelvin@fourmilab.ch (John Walker) To: jwarren@well.com Subject: Traceroute > /usr2/kelvin> traceroute netcom11.netcom.com traceroute to netcom11.netcom.com (192.100.81.121), 30 hops max, 40 byte packets 1 eunet-router (193.8.230.64) 2 ms 2 ms 2 ms 2 146.228.231.1 (146.228.231.1) 326 ms 345 ms 307 ms 3 Bern5.CH.EU.NET (146.228.14.5) 447 ms 408 ms 364 ms 4 146.228.107.1 (146.228.107.1) 127 ms 37 ms 36 ms 5 Zuerich1.CH.EU.NET (146.228.10.80) 37 ms 38 ms 175 ms 6 (134.222.9.1) 65 ms 109 ms 252 ms 7 lp (134.222.35.2) 196 ms 179 ms 405 ms 8 Vienna1.VA.ALTER.NET (137.39.11.1) 191 ms 179 ms 313 ms 9 fddi.mae-east.netcom.net (192.41.177.210) 336 ms 204 ms 303 ms 10 t3-2.dc-gw4-2.netcom.net (163.179.220.181) 182 ms 251 ms 187 ms 11 t3-2.chw-il-gw1.netcom.net (163.179.220.186) 305 ms 586 ms 518 ms 12 t3-2.scl-gw1.netcom.net (163.179.220.190) 537 ms 693 ms 797 ms 13 t3-1.netcomgw.netcom.net (163.179.220.193) 698 ms 549 ms 754 ms 14 netcom11.netcom.com (192.100.81.121) 890 ms 1922 ms 1696 ms > /usr2/kelvin> traceroute jerusalem1.datasrv.co.il traceroute to jerusalem1.datasrv.co.il (192.114.21.101), 30 hops max, 40 byte packets 1 eunet-router (193.8.230.64) 2 ms 3 ms 2 ms 2 146.228.231.1 (146.228.231.1) 933 ms 853 ms 874 ms 3 Bern5.CH.EU.NET (146.228.14.5) 1040 ms 450 ms 525 ms 4 146.228.107.1 (146.228.107.1) 453 ms 424 ms 188 ms 5 Zuerich1.CH.EU.NET (146.228.10.80) 64 ms 61 ms 47 ms 6 (134.222.9.1) 80 ms 312 ms 84 ms 7 lp (134.222.35.2) 270 ms 400 ms 216 ms 8 Vienna2.VA.ALTER.NET (137.39.11.2) 660 ms 1509 ms 886 ms 9 dataserv-gw.ALTER.NET (137.39.155.38) 1829 ms 1094 ms 1306 ms 10 orion.datasrv.co.il (192.114.20.22) 1756 ms 1280 ms 1309 ms 11 ... Notice that both messages went through an unnamed site -- 134.222.9.1 and then a strangely-named site, "lp (134.222.35.2)" -- then through the same Vienna, Virginia (USA) site ... and thereafter, on to their destination. I.e., the second message went through Virginia to get from Switzerland to Israel. The whois servers at the InterNIC and at nic.ddn.mil for MILNET Information report, ``No match for "134.222.9.1". '' and `` No match for "134.222.35.2".'' Now let me see ... which spy agencies are located in or near Virginia? -- jim &&&&&&&&&&&&&&&&&&&& [This is where I normally insert quotes or humor. This is not a quote.] While on a September lecture trip to Washington, I was invited to dinner with an "associate" Secretary of Defense [title purposely disguised] who's responsibilities include surveillance and security technology, including cryptography and the National Security Agency. GovAccess readers will be happy to know that the administration's "Clipper II" key-escrow proposal has little chance of being adopted, and also -- without exception, the NSA does not spy on nor evesdrop on U.S. citizens, foreign or domestically. I was assured of this. --jim warren ------------------------------ From: "Prof. L. P. Levine" Date: 18 Oct 1995 13:55:25 -0500 (CDT) Subject: Info on CPD [unchanged since 08/18/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. [new: Ordinary copyrighted material should not be submitted. If a] [copyright owner wishes to make material available for electronic] [distribution then a message such as "Copyright 1988 John Doe.] [Permission to distribute free electronic copies is hereby granted but] [printed copy or copy distributed for financial gain is forbidden" would] [be appropriate.] Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #038 ****************************** .