PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest     Friday, 10 December 1993     Volume 02 : Issue 37

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS 
        Re: "On the Road to Nosiness?" (John M. Joy)
        Clipper Letter to Clinton (David Sobel)
        SSN's in Mail Addresses (Brinton Cooper)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 02, ISSUE 37

   Quote for the day:

        "I think it would be fun to run a newspaper!"

                        -- Charles Foster Kane (Orson Welles)
                           "Citizen Kane" (1941)

----------------------------------------------------------------------

Date:    Sat, 4 Dec 93 10:44:42 EST
From:    joyjohnm@cps.msu.edu
Subject: Re: "On the Road to Nosiness?"

"Joel A. Fine" <joel@postgres.Berkeley.EDU>, writes:

> Dan Gillmor writes:
[...]
> A similar system is already in place in Campbell, California, and
> several nearby municipalities, for the purpose of enforcing speed
> limits. An unmanned radar-camera combination automatically
> photographs speeding motorists and records their speed at the time
> the picture was taken. Several days later, the driver receives a
                                             ^^^^^^^^^^
> copy of the photo, along with a bill for the appropriate fine for
> the traffic violation. The driver never talks with, or sees, a
> traffic cop.

Dollars to donuts the person to whom the vehicle is registered gets the
bill (and the point assessment), not (necessarily) the driver.  Are these 
photos really clear enough to identify the face of a driver beyond a 
reasonable doubt (particularly when members of the same family tend to drive 
the same vehicles, and members of the same family tend to resemble one 
another)?

------------------------------

Date:    Thu, 9 Dec 1993 11:21:50 EST
From:    David Sobel <dsobel@washofc.cpsr.org>
Subject: Clipper Letter to Clinton

     On December 6, the Digital Privacy and Security Working
Group, a "coalition of over 50 communications and computer
companies and associations, and consumer and privacy advocates"
coordinated by the Electronic Frontier Foundation, sent a letter
to President Clinton concerning cryptography policy.  The letter
states, "In our discussions with Administration officials, we have
expressed the Coalition's tentative acceptance of the Clipper
Chip's encryption scheme (as announced on April 16, 1993), but
only if it is available as a voluntary alternative to widely-
available, commercially-accepted, encryption programs and
products."

     The Washington Office of Computer Professionals for Social
Responsibility (CPSR) has sent the following letter to the
President.  We believe that the position stated in this letter
continues to represent the views of the vast majority of network
users, as reflected in the overwhelmingly critical comments
submitted to the National Institute of Standards and Technology in
response to its recent solicitation of public comments on the
Clipper proposal.

==================================================================

                                     December 8, 1993

The President
The White House
Washington, DC  20500

Dear Mr. President,

     We are writing to you regarding the Clipper cryptography
proposal now under consideration by the White House and a
letter you may have received about the proposal from a group
called the "Digital Privacy and Security Working Group."

     This group wrote to you recently and expressed their
"tentative acceptance" of the Clipper Chip encryption scheme.
We disagree with their views.  This group has made a grave
mistake and does not speak for the many users of computer
networks and developers of network services who have
vigorously opposed this proposal.

     We are very much concerned about the Clipper proposal.
At its core is the dubious premise that the government
should have the authority to design communications networks
that facilitate wire surveillance.  The plan was developed in
secret by the National Security Agency over the objection
of U.S. firms, professional associations and public interest
organizations.  Key details about the proposal remain
classified.

     This proposal must not be endorsed.  The development of
open, unclassified standards is critical for the future of the
nation's communications infrastructure. Progress and
innovation depend on the free exchange of scientific and
technical information.  It is essential to the integrity of
the scientific process that standards are openly created and
available for public review.

     There is also a great need to ensure that future networks
are designed with the highest levels of privacy and security
possible.  As our country becomes ever more dependent on the
high-speed network, the need for secure systems will only
increase.  The Clipper proposal purposefully cripples the
security of the network and reduces the privacy protection
that users could otherwise obtain.

     There is another still more serious problem with the
Clipper proposal.  An agency with the authority to conduct
wiretaps must not be allowed to impose technical standards to
facilitate wire surveillance.  The threat to Constitutional
democracy is clear.  A system of checks and balances is
essential to ensure that the powerful investigative tools of
government are properly controlled.

     We have followed the development of this proposal with
great concern.  We have testified before Congressional
committees.  We have appeared before agency panels, provided
reports on wire surveillance, and debated the former FBI
Director on national television.  We have also sponsored
conferences with full participation from across the federal
government.  We believe that the best policies will result from
an open and unrestricted exchange of views.

     It is our assessment that you must not permit adoption of
the Clipper technical standard, even on a voluntary basis.  At
a time when the country should be moving toward open standards
designed for commercial networks, the Clipper proposal asks
future users of the nation's information infrastructure to
accept a standard intended for the Cold War era.  It is a
backward-looking plan that serves neither the interests of the
American people nor American business.

     The adoption of the Clipper proposal would also ratify an
unlawful process that has undermined the authority of Congress
and weakened the mechanisms of government accountability.  The
proper authority for the development of this standard never
rested with the NSA.  Under the Computer Security Act of 1987,
it was a civilian agency that was to develop appropriate
standards for the nation's commercial networks.  Through a
series of secret executive orders, the NSA usurped the
authority of the National Institute of Standards and
Technology, substituted its own proposal for those of NIST,
and effectively derailed this important policy process.

     When the computer user community had the opportunity to
voice its position on this proposal, it rejected the plan
overwhelmingly.  The notice and comment process conducted by
the Department of Commerce earlier this year resulted in
nearly uniform opposition to the Clipper proposal. It would be
hard to find a technical standard more disliked by the
potential user community.

     While we support the relaxation of export controls on
cryptography, we are not willing to concede to the NSA the
right to develop secret standards.  It is only because the
National Security Agency also exerts influence on export
control policy that the Digital Privacy coalition is prepared
to endorse the Clipper standard in exchange for new
opportunities to market products.  It may be a good deal for
the coalition members, but it is a terrible outcome for the
rest of the country.

     We very much appreciate your efforts on behalf of open
government, and your work with the Vice President and the
Secretary of Commerce to develop the nation's information
infrastructure.  We believe that these efforts are sending our
country in the right direction, helping to develop advanced
technologies appropriate for a democratic nation and to
preserve open and accountable government.

     But the Clipper proposal was not a creation of your
administration.  It is a relic from a period that is now
moving rapidly into the history books, a time when secret
agencies made secret decisions and when backroom deals with
powerful, private interests sustained these arrangements.

     It is time to end this cynical form of policy making.

     We ask you to reject the deal put forward by the Digital
Privacy and Security Working Group. The Clipper proposal
should not go forward.

     We would be pleased to meet with members of your
administration to discuss this matter further.



                              Sincerely yours,


                              Marc Rotenberg, Director
                              David Sobel, Legal Counsel
                              Dave Banisar, Policy Analyst
                              CPSR Washington office


cc:   The Vice President
      Secretary Ron Brown, Department of Commerce
      Anthony Lake, National Security Council
      Computer System Security and Privacy Advisory Board

------------------------------

Date:    Fri, 10 Dec 93 18:33:15 GMT
From:    Brinton Cooper <abc@ARL.ARMY.MIL>
Subject: SSN's in Mail Addresses

The following appeared in the Weekly Bulletin  (sent to all employees)
of this installation.  I offer it without comment:

"9.  USE OF WINDOW ENVELOPES FOR PAY RELATED ACTIONS:  Quote from a 14
Mar 77 letter from Treasury's Bureau of Public Debt:  "Until a bond
sent through the mails is delivered to the addressee as legally
defined by the Postal statues, only employees of the U.S. Government,
its agents, or the Postal Service in performance of their official
duties, have access to the social security number.  Thus, the number
is not being disclosed indiscriminately to the public.  Further, as
the Postal Service is bound, under the Privacy Act, to not disclose
any information relating to the individual, we fell that the
visibility of an individual's number through the envelope does not
result in his privacy being impinged upon."  Treasury's Assistant
Secretary for Legislative Affairs reiterated this position in a 17 May
90 response to a Congressional Inquiry.  Considering all this, the
visibility of a social security number thru a window envelope does not
create a violation of the Privacy Act.  In fact, Treasury's Regional
Disbursing Officers (RDOs) use window envelopes which are designed so
that the addressee's social security number does show, thus allowing
for faster rerouting of misaddressed mail."

------------------------------

End of PRIVACY Forum Digest 02.37
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.