PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest     Friday, 20 November 1992     Volume 01 : Issue 26

         Moderated by Lauren Weinstein (
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.

        Re: Wire Taps, Key Management, and Privacy (Dorothy Denning)
        SURVEY RESULTS: Is Big Brother Watching You? (Lorrayne Schaefer)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "".  Mailing list problems should be
reported to "".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

        Psychiatrist: "Tell me Harold, what do you do for fun?
                       What activity gives you a different sense of 
                       enjoyment from the others?
                       What do you find fulfilling?
                       What gives you that special satisfaction?"

        Harold:        "I go to funerals."
                                        -- G. Wood and Bud Cort
                                           "Harold and Maude" (1971)

Date:    Thu, 19 Nov 92 17:57:01 EST
From: (Dorothy Denning )
Subject: Re: Wire Taps, Key Management, and Privacy

In PRIVACY Forum Digest V01 #25, Brinton Cooper writes:

  In RISKS DIGEST 13.87, Dorothy Denning .. spoke of the high costs of lawful
  surveillance and asserted, "Much of this is related to organized crime,"
  perhaps a scare tactic?

Actually the majority of taps goes to narcotics investigations. After
that comes racketeering and gambling.  According to the FBI, the
hierarchy of Organized Crime has been neutralized or destabilized
through the use of electronic surveillance, and thirty odd years of
successes would be reversed if the ability to conduct court-authorized
electronic surveillance was lost.  I believe this represents an honest
assessment of what they see would happen. 

   Her solution involves nongovernmental "key centers" which,
   presumably, would not give out keys to anyone without a properly
   executed court order.

By way of context, I'm looking for a way to balance our national
interests for privacy and security with those for effective law
enforcement.  This is one idea I proposed.  I am not pushing it as "the
solution".  In any case, the idea was for users to register their keys
with a trustee (key center).  Or, using a technique invented by Silvio
Micali, you could split your key into parts and register each part with
a different trustee.  Law enforcement would have to take a court order
to each trustee in order to get the pieces and reconstruct the key.

   She cites that the " companies are so fussy about court
   orders that they send them back if the semicolons aren't right...,"
   apparently believing that the rights of the citizens are thereby
   protected.  For the following reasons, this is a politically naive

   1. It provides that our right to protection from illegal governmental
   search and seizure and/or illegal eavesdropping rests on the good will
   and integrity of a phone company!

Your statement does not follow from what I said.  I said the phone
companies are fussy.  I know of no cases where the phone companies
assisted with unauthorized taps.  If you do, please cite.  They could
go out of business if they didn't respect the rights of their
customers.  Even so, your right to protection does not rest entirely on
the phone company.  Title 18 makes tapping without a court order

Crypto will make it much more difficult for anyone to tap illegally. If
the keys are registered with a trustee other than the phone company, someone
would have to subvert both the trustee and the phone company (to get the

   3. Court orders, search warrants, and the like protect citizens only
   when the information or evidence gathered is to be used in court against
   a suspect.  If information is being gathered for political purposes,
   blackmail, or other subversion of law (Watergate, Iran-Contra, the
   Italian bank scandal, etc), the purloined information will never see a
   public forum but can still do great harm to innocent persons.  Thus, the
   constraints of court orders are obviated.

I expect that most of this information is not being obtained by wiretapping.
It is popular to suggest it is and difficult to refute.  If someone
in law enforcement is found to be tapping without a court order, they
could be convicted of violating Title 18.  

But in any case, it will be very difficult for LE to intercept without a
court order with the new digital technologies and crypto.

  The FBI needs to fund its own R&D from its own budget, just as the
  rest of the government at all levels must do.  There is talent that can
  "red team" modern telecommunications and find trapdoors when necessary.

Are you suggesting that it would be better for the FBI to break the
cryptosystems than go through a trustee with a court order?

Dorothy Denning 


Date:    Fri, 13 Nov 92 09:16:56 EST
Subject: SURVEY RESULTS:  Is Big Brother Watching You?

   [ These results refer to a survey originally seen here in the 
     PRIVACY Forum on Monday, 6 July 1992 (Volume 01 : Issue 07).
     The survey size was reported as 100 people.  The original
     survey introduction is included below. -- MODERATOR ]


The purpose of this survey is to collect data for a presentation that I
will give at this year's National Computer Security Conference in October.
I would like to thank you for taking the time to fill out this survey.  If
you have any questions, you can call me at 703-883-5301 or send me email at  Please send your completed survey to:

Lorrayne Schaefer
The MITRE Corporation
M/S Z213
7525 Colshire Drive
McLean, VA 22102

1.      What is your title?

Engineer                31%             Manager                 14%
Computer Scientist      25%             Systems Administrator   10%
Administrator           4%              Student                 10%
Not Provided            2%              Professor               3%
Author                  1%

2.      What type of work does your organization do?

Education               24%             Software Development    19%
Hardware Development    15%             Research                11%
Not Provided            6%              Other                   8%
Government              6%              System Administration   2%
Telephone               5%              System Development      2%
Network Development     2%

3.      Does your organization currently monitor computer activity?  (Yes/No)

Yes                     67%
No                      32%
Unknown                 1%

If yes, what type of monitoring does your company do (e.g., electronic
mail, bulletin boards, telephone, system activity, network activity)?

All                     16%             System Activity                 17%
Bulletin Boards         4%              Network Activity & Other    12%
Other                   3%              Telephone Usage                 7%
E-mail                  2%              System & Network Activity   5%
Unknown                 1%              N/A                             1%

4.      If you are considering (or are currently) using a monitoring tool,
        what exactly would you monitor?  How would you protect this 

System Usage            17%             N/A                             43%
Accounting              5%              Nothing                         11%
Everything              4%              Network Traffic                 10%
Don't Know              3%              Other                           2%
Bulletin Board          1%              Security                        3%
E-mail                  1%

5.      Are you for or against monitoring?  Why/why not?  Think in terms of
        whether it is ethical or unethical ("ethical" meaning that it is
        right and "unethical" meaning it is wrong) for an employer to
        monitor an employee's computer usage.  In your response, consider
        that the employee is allowed by the company to use the computer and
        the company currently monitors computer activity.

Against                 52%
For                     47%
N/A                     1%

6.      If your company monitors employees, is it clearly defined in your
        company policy?

N/A                     35%
No                      34%
Yes                     31%

7.      In your opinion, does the employee have rights in terms of being

Yes                     90%
No                      8%
Don't Know              2%

8.      In your opinion, does the company have rights to protect its as
        sets by using a form of monitoring tool?

Yes                     91%
No                      6%
Don't Know              3%

9.      If you are being monitored, do you take offense?  Managers: How do
        you handle situations in which the employee takes offense at being

No                      42%
Yes                     36%
N/A                     22%

10.     What measures does your company use to prevent misuse of monitoring in
        the workplace?

None                    36%             Don't Know              17%
N/A                     22%             Policy                  6%
Control of Information  4%              Security                6%
Honor System            4%              Warnings                3%
Other                   2%

11.     If an employee is caught abusing the monitoring tool, what would
        happen to that individual?  If your company is not using any form of
        monitoring, what do you think should happen to an individual who
        abused the tool?

Reprimand               64%             Don't Know              17%
N/A                     10%             Termination             5%
Nothing                 4%

12.     Is it unethical to monitor electronic mail to determine if the
        employee is not abusing this company resource (e.g., suppose the
        employee sends personal notes via a network to others that are not
        work related)?  Why or why not?

No                      49%
Yes                     49%
N/A                     2%


End of PRIVACY Forum Digest 01.26

PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.