------------------------------ From: Various Subject: The CU in the News (Thackeray; Cellular Fraud; Privacy) Date: 27 June, 1991 ******************************************************************** *** CuD #3.23: File 4 of 4: CU in the News / Thackeray;Privacy *** ******************************************************************** From: Barbara E. McMullen & John F. McMullen (Reprinted from Newsbytes) Subject: Gail Thackeray & Neal Norman Form Security Firm Date: June 21, 1991 NORMAN & THACKERAY FORM SECURITY FIRM 06/21/91 DALLAS, TEXAS U.S.A., 1991 JUNE 21 (NB) -- Neal Norman, a veteran of 34 years with AT&T, has announced the formation of GateKeeper Telecommunications Systems, Inc. The new firm will introduce a product which it says "provides an airtight defenses against unauthorized computer access." Norman told Newsbytes "we think we have a product that will revolutionize telecommunications by stopping unauthorized access to computer systems." Norman said that the system, which is scheduled to become available in the early fall, will provide protection for terminals, mainframes, and PBXs. Norman also told Newsbytes that Gail Thackeray, ex-Arizona assistant attorney general known for her activities in the investigation of computer crime, will be a vice president of the new firm. "I am extremely happy to have someone of Gail's ability and presence involved in this endeavor right from the beginning. Additionally," Norman said, "we have enlisted some of the industry's most well known persons to serve on a board of advisors to our new company. These respected individuals will provide guidance for us as we bring our system to market. Among those who have agreed to serve in this group are Donn Parker of SRI; Bill Murray, formerly of IBM; and Bob Snyder, Chief Computer Crime Investigator for the Columbus, Ohio, police. Synder told Newsbytes "I am excited about working with such bright people on something of real importance and I hope to contribute to an improvement in computer security." (Barbara E. McMullen & John F. McMullen/19910621) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Anonymous Subject: Cellular Phone Fraud Date: Thu, 27 Jun 91 13:35:41 CDT From: The Wall Street Journal, June 6, 1991. Pp. A-1, A-7. By John J. Keller DIALING FOR FREE **** Thanks to Hackers, Cellular Phone Firms Now Face Crime Wave *** An Altered Computer Chip is Permitting Easy Access to Networks Nationwide *** Mr. Sutton's Crucial Error *** Robert Dewayne Sutton wants to help stop the tide of fraud sweeping the cellular telephone industry. The 35-year old clearly knows plenty about fraud. After all, he helped spark the crime wave in the first place. Mr. Sutton is a computer hacker, a technical whiz who used an acquaintance's home-grown computer chip to tap into the local cellular phone network and dial for free. Mr. Sutton went into business selling the chips, authorities say, and soon fraudulent cellular phone calls were soaring nationwide. In February, 1989, police finally nabbed Mr. Sutton in his pick-up truck at a small Van Nuys, Calif., gas station. He was about to sell five more of the custom chips to a middleman. But by then it was too late. The wave of fraud Mr. Sutton helped launch was rolling on without him. ((stuff deleted explaining that industry currently loosing about $200 million a year, "more than 4% of annual U.S. revenue" to cellular phone fraud, and could rise to %600 million annually. Celluar system first cracked in 1987, by Kenneth Steven Bailey an acquaintance of Sutton from Laguna Niguel, Calif. Bailey used his PC to rewrite the software in the phone's memory chi to change the electronic serial number. By replacing the company chip with his own, Bailey could gain free access to the phone system.)) ((More stuff deleted, explaining how drug dealers use the phones, and small businesses sprung up selling free calls to anyplace in the world for a few dollars. Sutton denied selling the chips, but apparently sold his program for a few hundred dollars, and anybody with a copy could duplicate it. This is, according to the story, an international problem.)) When the dust settled in U.S. District Court in Los Angeles this April, Mr. Sutton pleaded guilty to production of counterfeit access devices and, after agreeing to cooperate with investigators, was sentenced to three years' probation and a $2,500 fine. ((stuff deleted)) But in adversity there is opportunity, or so believes Mr. Sutton. He says he's got a marketable expertise--his knowledge of weaknesses in cellular phone security systems--and he wants to help phone companies crack down on phone fraud. He'll do that, of course, for a fee. ** end article** ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Subject: How Did They Get My Name? Date: Tue, 8 Jun 91 19:09 EDT How Did They Get My Name? By John Schwartz Newsweek: June 3, 1991 When Pam Douglas dropped by Michelle Materres's apartment, Michelle was on the phone--but Pam knew that already. She and her son, Brian, had been playing with his new walkie-talkie and noticed the toy was picking up Michelle's cordless-phone conversation next door. They had come over to warn her that her conversation was anything but private. Materres was stunned. It was as if her neighbors could peek through a window into her bedroom-except that Michelle hadn't known that this window was there. "It's like Nineteen Eighty-four ;" she says. Well, not quite. In Orwell's oppressive world, Big Brother-the police state-was watching. "We don't have to worry about Big Brother anymore," says Evan Hendricks, publisher of the Washington-based Privacy Times. "We have to worry about little brother." Until recently, most privacy fears focused on the direct mail industry; now people are finding plenty of other snoops. Today's little brothers are our neighbors, bosses and merchants, and technology and modern marketing techniques have given each a window into our lives. Suddenly privacy is a very public issue. A 1990 Harris poll, conducted for consumer-data giant Equifax, showed that 79 percent of respondents were concerned with threats to their personal privacy-up from 47 percent in 1977. Privacy scare stories are becoming a staple of local TV news; New York City's ABC affiliate showed journalist Jeffrey Rothfeder poking into Vice President Dan Quayle's on-line credit records-a trick he had performed a year before for a story he wrote for Business Week. Now Congress is scrambling to bring some order to the hodgepodge of privacy and technology laws, and the U.S. Office of Consumer Affairs has targeted privacy as one of its prime concerns. Advocacy groups like the Consumer Federation of America and the American Civil Liberties Union are turning to privacy as one of the hot-button issues for the '90s . "There's a tremendous groundswell of support out there," says Janlori Goldman, who heads the ACLU Privacy Project. Snooping boss: Concern is on the rise because, like Materres, consumers are finding that their lives are an open book. Workers who use networked computers can be monitored by their bosses, who in some cases can read electronic mail and could conceivably keep track of every keystroke to check productivity. Alana Shoars, a former e-mail administrator at Epson America, says she was fired after trying to make her boss stop reading co-workers' e-mail. The company says Shoars got the ax for in subordination; Shoars counters that the evidence used against her was in her own e-mail--and was misinterpreted. Other new technologies also pose threats: cordless and cellular phones are fair game for anyone with the right receiver, be it a $1,000 scanner or a baby monitor. Modern digital-telephone networks allow tapping without ever placing a physical bug; talented "phone phreaks" can monitor calls through phone companies or corporate switchboards. Such invasions may sound spooky, but privacy activists warn that the bigger threat comes from business. Information given freely by consumers to get credit or insurance is commonly sold for other uses without the individual's knowledge or consent; the result is a flood of junk mail and more. Banks study personal financial data to target potential credit-card customers. Data sellers market lists of people who have filed Worker Compensation claims or medical-malpractice suits; such databases can be used to blackball prospective employees or patients. Citicorp and other data merchants are even pilot testing systems in supermarkets that will record your every purchase; folks who buy Mennen's Speed Stick could get pitches and discount coupons to buy Secret instead. "Everything we do, every transaction we engage in goes into somebody's computer, " says Gary Culnan, a Georgetown University associate professor of business administration. How much others know about you can be unsettling. Architect David Harrison got an evening call from a local cemetery offering him a deal on a plot. The sales rep mentioned Harrison's profession, family size and how long he had lived in Chappaqua, N.Y. Harrison gets several sales calls a week, but rarely with so much detail: "This one was a little bizarre." High tech is not the only culprit. As databases grow in the '80s, the controls were melting away, says Hendricks. "Reagan came in and said, 'We're going to get government off the backs of the American people.' What he really meant was, 'We're going to get government regulators off the i backs of business.' That sent signals to the private sector that 'you can use people's personal information any way you want'"' The advent of powerful PCs means that the field is primed for another boom. Today companies can buy the results of the entire 1990 census linked to a street-by-street map of the United States on several CD-ROM disks. Defenders of the direct-marketing industry point out that in most cases companies are simply, trying to reach consumers efficiently-and that well targeted mail is not "junk" to the recipient. Says Equifax spokesman John Ford: "People like the kinds of mail they want to receive." Targeting is now crucial, says Columbia University professor Alan Westin: "If you can't recognize the people who are your better prospects, you can't stay in business." Ronald Plesser, a lawyer who represents the Direct Marketing Association, says activists could end up hurting groups they support: "It's not just marketers. It's nonprofit communication, it's political parties. It's environmental groups. " E-mail protest: Consumers are beginning to fight back. The watershed event was a fight over a marketing aid with data on 80 million households, Lotus MarketPlace: Households, proposed by the Cambridge, Mass.- based Lotus Development Corp. Such information had been readily available to large corporations for years, but MarketPlace would have let anyone with the right PC tap in. Lotus received some 30,000 requests to be taken off the households list. Saying the product was misunderstood, Lotus killed MarketPlace earlier this year. New York Telephone got nearly 800,000 "opt out" requests when it wanted to peddle its customer list; the plan was shelved. With the MarketPlace revolt, a growing right-to-privacy underground surfaced for the first time. Privacy has become one of the most passionately argued issues on computer networks like the massive Internet, which links thousands of academic, business nd military computers. Protests against MarketPlace were broadcast on the Internet and the WELL (an on-line service that has become a favorite electronic hangout for privacy advocates and techie journalists), and many anti-MarketPlace letters to Lotus were relayed by e-mail. Consumers are also taking new steps to safeguard their own privacy often by contacting the Direct Marketing Association, which can remove names from many mailing lists. But compliance is voluntary, and relief is slow. In one chilling case, an unknown enemy began flooding business manager Michael Shapiro's Sherman Oaks, Calif., home with hundreds of pieces of hate junk mail. Suddenly Shapiro, who is Jewish, was receiving mail addressed to "Auschwitz Gene Research" and "Belsen Fumigation Labs." Shapiro appealed to the DMA and the mailing companies directly but got no responses to most of his calls and letters. "They ignore you, throw your letter away and sell your name to another generation of people with computers," he complains. Finally one marketing executive publicized Shapiro's plight within the DM industry. Eight months after the onslaught began, the letters have slowed-though some companies still have not removed him from their lists. How else can privacy be protected? It doesn't have to mean living like a hermit and only paying cash, but it does mean not saying anything over cellular and cordless phones that you wouldn't want others to overhear. Culnan of Georgetown uses her American Express card exclusively, because while the company collects voluminous data on its cardholders, it shares relatively little of it with other companies. Some privacy activists look hopefully, across the Atlantic Ocean. The European Community is pushing tough new data rules to take effect after 1992. The Privacy Directive relies on consumer consent; companies would have to notify consumers each time they intend to pass along personal information. The direct-marketing industry claims the regulations would be prohibitively expensive. The rules may be softened but could still put pressure on U.S. marketers who do business abroad. U.S. firms might find another incentive to change. Companies don't want to alienate privacy-minded customers. "We're in the relationship business," says James Tobin, vice president for consumer affairs at American Express. "We don't want to do anything to jeopardize that relationship." Citicorp's supermarket plan makes privacy advocates nervous; but Citicorp rewards customers for giving up their privacy with incentives like discount coupons, and it reports that no consumers have complained. Eventually, strong privacy-protection policies could make companies more attractive to consumers, says Columbia's Westin-and may even provide a competitive edge. Then consumers might get some of their privacy back-not necessarily because it's the law, or even because it's right, but because it's good business. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Subject: Would New Laws Fix the Privacy Mess? Date: Tue, 8 Jun 91 19:09 EDT Would New Laws Fix the Privacy Mess? By Annetta Miller and John Schwartz with Michael Rogers Newsweek: June 3, 1991 Congress is scrambling to catch up with its constituents in the battle over privacy. It has a daunting task ahead: to make sense of the jumble of laws that have been passed-or are currently under consideration-to regulate privacy. Why, for example, is it legal to listen in on someone's cordless phone conversation but illegal to listen to a cellular call? Why are video-rental records protected but records of health-insurance claims largely unprotected? (That one has to do with an impertinent reporter revealing the video-renting habits of Supreme Court nominee Robert Bork.) The present foundations of privacy law have their roots in the U.S. Constitution. Although the word "privacy" does not appear in the document, the Supreme Court has interpreted the Constitution to grant individuals a right of privacy based on the First, Fourth, Fifth, Ninth and Fourteenth amendments. Since the mid-1960s, Congress has enacted no fewer than 10 privacy laws-including the landmark 1974 Privacy Act. And yet a national right to privacy is far from firmly established. On its face, for example, the Fair Credit Reporting Act limits access to credit reports. But it also grants an exception to anyone with a "legitimate business need." The Right to Financial Privacy Act of 1978 severely restricts the federal government's ability to snoop through bank-account records; but it exempts state agencies, including law-enforcement agencies, and private employers. "It's easy to preach about the glories of privacy," says Jim Warren, who organized a recent "Computers, Freedom & Privacy" conference. But it's hard to implement policies without messing things up." That hasn't stopped people from trying. James Rule, a State University of New York sociology professor, says that new legislation is warranted "on the grounds that enough is enough . . . [Privacy infringement] produces a world that almost nobody likes the look of." Data board: The newest efforts to regulate privacy range from simple fixes to a full-fledged constitutional amendment. Last week a Senate task force recommended extending privacy laws to cover cordless tele-phones. One bill, proposed by Rep. Robert Wise of West Virginia, would create a federal "data-protection board" to oversee business and gov-ernmental use of electronic information. Another, being prepared by Sen. Patrick Leahy of Vermont, would apply the Freedom of Informa-tion Act to electronic files as well as to paper. Rep. Andy Jacobs of Indiana has held hearings on the misuse of social-security numbers to link computerized information. And several bills have been introduced to stop credit reporters from selling personal data to junk mailers. Possibly the most sweeping proposal for change comes from Harvard University law professor Laurence Tribe. In March, Tribe proposed a constitutional amendment that would, among other things protect individuals from having their private data collected and shared without approval. "Constitutional principles should not vary with accidents of technology," Tribe said at the "Computers, Freedom & Privacy" conference earlier this spring. He said an amendment is needed because the letter of the Constitution can seem, at the very least, "impossible to take seriously in the world as reconstituted by the microchip." But some experts argue that well-meaning reform could do more harm than good. Requiring marketers to get permission every time they want to add a name to a mailing list would make almost any kind of mass mailing hopelessly expensive. "It's nice to talk about affirmative consent, but it really will kill the industry," warns Ronald Plesser, who represents the Direct Marketing Association. "And then people who live out in the country won't have access to the L.L. Bean catalog and the services they like." In this technological age, how much privacy Americans enjoy will depend partly on how high a price they are willing to pay to keep it. ******************************************************************** ------------------------------ **END OF CuD #3.23** ********************************************************************