PRIVACY Forum Archive Document
PRIVACY Forum Digest Sunday, 25 January 1998 Volume 07 : Issue 03 Moderated by Lauren Weinstein (email@example.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Speak or Dare? -- Private Lives and Hidden Mikes (Lauren Weinstein; PRIVACY Forum Moderator) Re: ATM Card Problems (Joseph S. Fulda) CyberSitter to the rescue, from Ross Johnson (Glen McCready) More on the Navy/AOL case (Declan McCullagh) Conference on Computers, Freedom, & Privacy 1998 (Shabbir J. Safdar) Reminder: CEME '98 (Soon Y. Choi) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "firstname.lastname@example.org" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "email@example.com". Mailing list problems should be reported to "firstname.lastname@example.org". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 07, ISSUE 03 Quote for the day: "You made me hate myself. Well, I like myself now." -- Willard Stiles (Bruce Davison) "Willard" (Bing Crosby Productions; 1971) ---------------------------------------------------------------------- Date: Sun, 25 Jan 98 10:59 PST From: email@example.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Speak or Dare? -- Private Lives and Hidden Mikes Greetings. "The walls have ears." We've all heard the phrase, and it's become a cliche from old spy movies and mysteries of yesteryear. Most persons in the U.S. believe that they're legally protected from arbitrary monitoring and recording. We all know that law enforcement can perform legal wiretaps and other legal forms of surveillance under appropriate court order, and most people implicitly assume (or at least hope) that such use is only authorized when absolutely necessary, and that unauthorized surveillance by such parties is an unusual and rare occurrence. But let's leave direct law enforcement surveillance aside for right now. Let's think instead about your boss, your co-worker, your ex-spouse, your longtime friend, or the stranger who approaches you on the street. They can't go around taping the conversations you have with them without your permission, or at least notification, can they? After all, they're not law enforcement with a court order. Recent events in Washington demonstrate all too clearly the fallacy of assuming that individuals are safe from unannounced, covert recordings made by persons with no direct connection to law enforcement. In the current case so dominating the collective consciousness, one person secretly taped conversations she had with her "friend," over a significant period of time. This taping was apparently not instigated by a judge, magistrate, or other official. Rather, it reportedly was the idea of a publishing agent with an openly self-professed agenda, who already is predicting a multitude of books relating to the recordings on those tapes. Whether the statements on the tapes are true or false is irrelevant to the discussion here. What's crucial to privacy issues is the very fact of the tapes' existence. Wait a minute. How does a publishing agent trigger a surveillance operation? Easy. In many parts of the country, it's completely legal. You just head down to the local "spy-shop" (or Radio Shack), spend a few bucks, and you're set to try get the dirt on whomever you might care to target. No notifications, no oversight, no guidelines necessary. The ability to pull this off legally revolves around so-called "one-party" monitoring laws. Some states do require that all parties to a conversation be aware of, and/or agree to, the taping of their conversations in most situations. But federal law is far more lax, in a manner that is qualitatively different. Under federal law, it is usually permitted to record a conversation so long as only ONE party to the conversation agrees--no requirement exists that the other party or parties even be notified. In states which have not established their own more restrictive laws, this much less restrictive situation usually prevails. Even in states which theoretically require all-party agreement and/or notification, it is often unclear if federal or state law will apply in any given situation. Questions of where people are, where they're calling to or from, who is doing the recording, and why the recording is being made, are all factors which may have an influence on the possible ability to legally perform one-party taping even in all-party states, and on how those tapes might be used. All of this comes as something of a shock to most people. They're used to hearing the little phone announcements warning that their call may be recorded "to ensure quality service." This reinforces the impression that recordings cannot be made without such notification. But in many cases, those announcements are just "playing it safe"--depending on the circumstances, they might not legally be required in many jurisdictions with most callers. It can be argued that secret private-party taping has sometimes yielded results of significant positive benefit to society (for example, investigative reports of unsafe industrial practices and the like). But all too often, hidden taping is used in the furtherance of salacious or other agendas which most persons would probably agree are violations of "personal privacy" of a sort that they assumed were already illegal! The complex nature of the conflicting state and federal laws regarding one-party taping creates an aura of confusion that appears to be encouraging abuse by the unscrupulous. It may well be time to look seriously at a federal ban on most secret one-party taping outside of law enforcement contexts, like that already present in various states. It won't be a win-win situation for everybody or for all situations. Privacy is always a balancing act and almost never an absolute. But it appears that the sort of society in which most of us prefer to live might best be served if privately operated hidden mikes and secret tapes were not broadly sanctioned by law. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Tue, 20 Jan 1998 05:33:22 -0800 (PST) From: Joseph S Fulda <firstname.lastname@example.org> Subject: Re: ATM Card Problems David C. Kulp relates, in a message on the above subject in _Privacy Forum Digest_ 7: 2, that he found it ironic that a customer service representative, when asked to cancel a privacy-indifferent debit card, proceeded to take the utmost security precautions to issue an ordinary ATM card, when he could have used his current card "to make purchases for thousands of dollars, immediately withdrawn from [his] account." The irony is surely there, but not as purely as the writer supposes. Customer service representatives are indeed supposed to carry out legitimate service requests, but they also function to reassure customers that their concerns are important to the company. When the writer relayed his concern to the rep, he was probably overdoing it in order to make the writer comfortable with the company and its policies. The rep, of course, had no way of knowing that the writer was sophisticated in these matters and was probably just trying to show sensitivity. Best wishes, Joseph Joseph S Fulda, CSE, PhD http://www.cdfe.org/eight.html 701 West 177th Street, #21 New York, NY 10033 E-mail: email@example.com Tel.: (212) 927-0662 firstname.lastname@example.org ------------------------------ Date: Tue, 20 Jan 1998 16:08:19 -0500 From: glen mccready <email@example.com> Subject: CyberSitter to the rescue, from Ross Johnson [ Excerpted from Risks-Forum Digest; Volume 19 : Issue 56 by PRIVACY Forum MODERATOR ] - - - - [Received from Jered J Floyd via Declan McCullagh, and from at least 8 other contributors as well. TNX. PGN] [This is from the PerForce mailing list, PerForce is a source-code control system that doesn't use mounted drives, but instead uses TCP/IP socket communications to check code in and out.] Well, I just spent several hours tracking something down that I think is SO brain-dead that it must be called evil. I hope this will save someone else some hassle. There's an NT box on my desk that someone else uses every now and then. This machine is otherwise used as my programming box and backup server. All of a sudden, my programming files were being corrupted in odd places. I thought "hmm, my copy must be corrupt". So I refreshed the files. No change. "hmm, the code depot copy must be corrupt".. Checked from other machines. No problem there. Viewed the file from a web based change browser in Internet Explorer. Same corruption in the file. Telnet-ed to the server machine and just cat-ed the file to the terminal. Same problem. What's going on? The lines that were corrupted were of the form #define one 1 /* foo menu */ #define two 2 /* bar baz */ What I always saw ON THIS MACHINE ONLY was: #define one 1 /* foo */ # fine two 2 /* bar baz */ Can you guess what was happening? Turns out, someone had inadvertently installed this piece of garbage called CyberSitter, which purports to protect you from nasty internet content. Turns out that it does this by patching the TCP drivers and watching the data flow over EVERY TCP STREAM. Can you spot the offense word in my example? It's "NUDE". Seems that cybersitter doesn't care if there are other characters in between. So it blanks out "nu */ #de" without blanking out the punctuation and line breaks. Very strange and stupid. It also didn't like the method name "RefreshItems" in another file, since there is obviously a swear word embedded in there. Sheesh. It's so bad it's almost funny. Hope this brightens your day as much as it brightened mine :-). Ross Johnson, Info Sci/Eng, Univ. of Canberra, PO Box 1, Belconnen ACT 2616 AUSTRALIA firstname.lastname@example.org WWW: http://willow.canberra.edu.au/~rpj/ - - - - [ The last time I tried to send out a digest including an item discussing this topic, a major gateway in France rejected it as "potentially objectionable" due to the presence of words such as "sex." I guess things aren't what they used to be in France. Attempts to reach the postmaster were unsuccessful. One wonders how many major news sites are finding themselves added to block lists due to the current discussions of ongoing news events? -- PRIVACY Forum MODERATOR ] ------------------------------ Date: Wed, 21 Jan 1998 12:42:33 -0800 (PST) From: Declan McCullagh <email@example.com> Subject: More on the Navy/AOL case (RISKS-19.55) [ Excerpted from Risks-Forum Digest; Volume 19 : Issue 56 by PRIVACY Forum MODERATOR ] - - - - Answers Aweigh (The Netly News / Afternoon Line <http://netlynews.com/>) Accused gay sailor Timothy ("the other one") McVeigh and the U.S. Navy certainly have their differences, but both sides can agree on one thing: America Online screwed up. For once, AOL agrees. This morning the online giant finally admitted that it handed over McVeigh's personal information to the Navy without a court order, saying in a statement "This clearly should not have happened and we regret it." AOL's almost-apology came just before McVeigh's lawyers clashed with government attorneys defending the Navy's decision to kick him out. McVeigh claims that the Navy's prudish "is-he-or-isn't-he" sex snooping was overly nosy and intrusive -- so much so that it violated the law. At a hearing in Washington, D.C., federal court, attorney Christopher Wolf argued that Navy investigators "did the electronic equivalent" of "breaking into a file cabinet." Not so, responded David Glass, a Justice Department lawyer representing the Navy. "There is nothing in that statute that precludes the government from calling and asking," he said. Of course, that phrasing neatly begs the multiple procedural violations that the Navy apparently committed in the course of that phone call. Next step is for Judge Stanley Sporkin to decide whether to issue a preliminary injunction that would keep McVeigh in uniform past this Friday, when he's scheduled to get the boot. Sporkin didn't say when he'd rule, but he did note that McVeigh could have a tidy little case against AOL, should he decide to sue them too: "That's why they're cutting and running here." Will he? Said McVeigh's attorney afterward: "We're keeping our options open." Smart lad. --Declan McCullagh/Washington ------------------------------ Date: Tue, 13 Jan 1998 15:32:06 -0400 From: "Shabbir J. Safdar" <firstname.lastname@example.org> Subject: Conference on Computers, Freedom, & Privacy 1998 The Eighth Annual Conference on Computers, Freedom, and Privacy - CFP98 It's been called a lot of things over the years, but it still remains the one place where anyone, who is anyone, goes to immerse themselves in the issues surrounding the health and viability of the Internet. Dubbed the "Woodstock of online activism" by veteran attendee Simona Nass, it has been the nexus of discussions of online privacy, free speech, and human rights. If you work for a company in today's economy, these issues have relevance to you. For three days, you can learn about the pressing, cutting-edge issues that are developing today and will affect your future. CFP is an intimate setting with the conference lasting throughout the entire time you're not sleeping. With only a few hundred attendees every years, the conference becomes more of a retreat where law enforcement agents socialize with hackers. Last year saw advocates on both sides of the Internet free speech debate socializing with each other during one of the many spontaneous after-hours parties in the hotel. Below you'll find stories from several members of our community who continue to support and attend CFP. We hope to see you there! This year promises to be just as much fun, with the panels touching on lots of great topics, including privacy implications of biometrics, the Internet in schools, the sale of government records, cryptography, medical records privacy, link licenses, universal access, and library filtering. In addition, there will be a moot court about suing spammers, and a mock wiretap. You can't afford to miss it! To register, simply go to the website at http://www.cfp98.org/ Also, the program is there, and you can check out the issues that will be under discussion! Sincerely, /s/ ------------------------------ Date: Mon, 19 Jan 1998 02:12:47 -0500 From: "Soon Y. Choi" <email@example.com> Subject: Reminder: CEME '98 A Short Reminder of an Upcoming Event: Conference on Electronic Marketplace and Economics (CEME '98) February 16-17, 1998 Austin, Texas 1998 is shaping to be the year of electronic commerce. How will electronic commerce affect you? Conference on Electronic Marketplace and Economics (CEME '98) will help you understand the effects of EC technologies and applications by evaluating their uses in the broader context of electronic markets and the digital economy. More information is available at http://cism.bus.utexas.edu/news/ceme98.html Co-sponsored by the Center for Research in Electronic Commerce at UT-Austin and IBM's Institute for Advanced Commerce Soon Y. Choi, Ph.D. (firstname.lastname@example.org) http://uts.cc.utexas.edu/~soon The Center for Research in Electronic Commerce, UT-Austin http://cism.bus.utexas.edu ------------------------------ End of PRIVACY Forum Digest 07.03 ************************
Vortex Technology Home Page
Copyright © 2005 Vortex Technology. All Rights Reserved.