PRIVACY Forum Digest Sunday, 15 August 1993 Volume 02 : Issue 28 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: Loss of conciousness & the DMV (Mel Beckman) CPSR and the NII (Nikki Draper) NSA Seeks Delay in Clipper (Dave Banisar) "SKIPJACK Review Report" from Dorothy Denning (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 28 Quote for the day: "I know nothing. NOTH-ING!" -- Sergeant Hans Schultz (John Banner) "Hogan's Heroes" (1965-1971) ---------------------------------------------------------------------- Date: Mon, 2 Aug 93 07:38:12 PST From: mbeckman@mbeckman.mbeckman.com (Mel Beckman) Reply-To: mbeckman@mbeckman.com Subject: Re: loss of conciousness & the DMV In Regards to your letter : > It's lucky for the poor > victim (who suffered from a brain tumor) that he didn't live in California, > where doctors are required to report ANY loss of consciousness -- no matter > what the cause -- to the DMV. After such a report has been made, it is > nearly impossible to get a driver's license again -- EVER. It's the law. As the moderator suspects, this statement is too broad. The requirement is that any _unexplained_ or pathology-related loss of consciousness must be reported. Obviously, if a patient loses consciousness as a result of some trauma (e.g. a car accident), this need not be reported as a separate incident. Similarly, loss of consciousness from anesthesia, heat prostration, drug overdose, or other identifiable agent are not reportable. Only when loss of consciousness is an unexplained phenomenon, or is due to an intrinsic pathology (e.g. epilepsy) is it reportable. -mel ________________________________________________________________________ | Mel beckman | Internet: mbeckman@mbeckman.com | | Beckman Software Engineering | Compuserve: 75226,2257 | | Ventura, CA 93003 | Voice/fax: 805/647-1641 805/647-3125 | |______________________________|_______________________________________| [ I was also pointed at an article in the "San Jose Mercury News" from April 27, 1991 which reported horror stories of people who, after a single fainting incident (apparently prescription drug dosage induced) had their licenses and auto insurance pulled, and had been unable to get them back even after their health was declared perfectly OK. At the time (at least) a lack of clearly defined standards and a rush of doctors filing names after a heavily publicized case (and a law protecting them from any actions on the part of drivers who had their licenses pulled) apparently were involved. I don't know if the situation has improved in these regards during the 2+ years since that article was written. -- MODERATOR ] ------------------------------ Date: Tue, 10 Aug 1993 09:43:40 PDT From: Nikki Draper Subject: CPSR and the NII COMPUTER PROFESSIONALS ADD SOCIAL CONSCIENCE TO NATIONAL NETWORK DEBATE Palo Alto, Calif., August 6, 1993 -- At a recent meeting in Washington D.C., board members from Computer Professionals for Social Responsibility (CPSR) were challenged by top level telecommunications policy experts to craft a public interest vision of the National Information Infrastructure (NII). The experts at the roundtable discussion included Mike Nelson from the President's Office of Science and Technology, Vint Cerf from the Internet Society, Jamie Love from the Taxpayer's Assets Project, Ken Kay from Computer Systems Policy Project, and Laura Breeden from FARnet. "We were excited to discover that CPSR is in a position to play a key role in shaping NII policy," said CPSR Board President, Eric Roberts. "The commercial sector is already in the thick of the debate, but there has been little coordinated response from the noncommercial constituencies. After talking about the issues and CPSR's role, the Board committed to meeting this challenge." So far, the debate about the NII has centered around fiber versus ISDN, cable companies versus telephone companies, research versus commercialization, and so on. These are real questions with important implications. However, CPSR believes that a better starting point is a set of guiding principles as the context for all these more detailed questions about "architecture," technical standards, and prime contractor. Before arguing over bits and bytes, it is crucial to clarify the vision and values that underlie a major endeavor like the NII. As individuals in the computing profession, CPSR's membership knows that new technologies bring enormous social change. CPSR's goal is to help shape this change in an informed manner. Key issues discussed in the paper will include: o ensuring that the design remains both open and flexible so that it can evolve with changing technology. o ensuring that all citizens have affordable network access and the training necessary to use these resources. o ensuring that risks of network failure and the concomitant social costs are carefully considered in the NII design. o protecting privacy and First Amendment principles in electronic communication. o guaranteeing that the public sector, and particularly schools and libraries, have access to public data at a reasonable cost. o seeking ways in which the network can strengthen democratic participation and community development at all levels. o ensuring that the network continues to be a medium for experimentation and non commercial sharing of resources, where individual citizens are producers as well as consumers. o extending the vision of an information infrastructure beyond its current focus of a national network, to include a global perspective. The national membership of CPSR brings a unique perspective to the overall conception of the NII. Throughout CPSR's history, the organization has worked to encourage public discussion of decisions involving the use of computers in systems critical to society and to challenge the assumption that technology alone can solve political and social problems. This past year, CPSR's staff, national and chapter leadership have worked on privacy guidelines for the National Research and Education Network (NREN), conducted a successful conference on participatory design, created local community networks, organized on-line discussion groups on intellectual property, and much more. To ensure that its position paper is broadly representative, CPSR will work in concert with other public interest groups concerned about the NII, such as the newly established coalition in Washington D.C., the Telecommunications Policy Roundtable. CPSR chapters are will be conducting a broad based public campaign to reach out beyond the technical experts and producers -- to people who will be affected by the NII even if they never directly log on. CPSR will begin distributing its completed paper to policy makers on October 16th at its annual meeting in Seattle, Washington. The meeting will bring together local, regional and national decision makers to take a critical look at the NII. Founded in 1981, CPSR is a national, non-profit, public interest organization of computer scientists and other professionals concerned with the impact of computer technology on society. With offices in Palo Alto, California, and Washington D.C., CPSR works to dispel popular myths about technological systems and to encourage the use of computer technology to improve the quality of life. For more information on CPSR's position paper , contact Todd Newman, CPSR board member, at 415-390-1614 . For more information about CPSR, contact Nikki Draper, Communications Director, at 415-322-3778 or draper @csli.stanford.edu. ------------------------------ Date: Thu, 12 Aug 1993 9:37:14 EST From: Dave Banisar Subject: NSA Seeks Delay in Clipper The National Security Agency (NSA) has asked a federal court for a one-year delay in a lawsuit challenging the secrecy of the government's "Clipper Chip" encryption proposal. The suit was filed by Computer Professionals for Social Responsibility (CPSR) on May 28 and seeks the disclosure of all information concerning the controversial plan. In an affidavit submitted to the United States District Court for the District of Columbia on August 9, NSA Director of Policy Michael A. Smith states that NSA's search for records responsive to [CPSR's] request is under way, but is not yet complete. Because the Clipper Chip program is a significant one involving the participation of organizations in four of NSA's five Directorates and the Director's staff, the volume of responsive documents is likely to be quite large. Moreover, because the Clipper Chip program is highly complex and technical and is, in substantial part, classified for national security purposes, the review process cannot be accomplished quickly. CPSR called for the disclosure of all relevant information and full public debate on the proposal on April 16, the day it was announced. While NSA has insisted from the outset that the "Skipjack" encryption algorithm, which underlies the Clipper proposal, must remain secret, the Smith affidavit contains the first suggestion that the entire federal program is classified "in substantial part." In the interest of obtaining timely judicial review of the agency's broad classification claim, CPSR intends to oppose NSA's request for delay in the court proceedings. In another case involving government cryptography policy, CPSR has challenged NSA's classification of information concerning the development of the Digital Signature Standard (DSS). The court is currently considering the issue and a decision is expected soon. CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . David L. Sobel CPSR Legal Counsel ------------------------------ Date: Sun, 15 Aug 93 13:03 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: SKIPJACK Review Report from Dorothy Denning Greetings. Dorothy Denning recently forwarded me the "SKIPJACK Review Interim Report." This is the report from the group of outside experts who were to study the security of the "Clipper Chip" algorithm, the details of which remain classified. I've included the Executive Summary of the report below. Note that this study was apparently concerned only with algorithmic issues, not with the many other issues surrounding Clipper. The complete text of the report (which is plain ASCII text) and an attached appendix (in Latex source form) has been placed into the PRIVACY Forum archives. To access: Via Anon FTP: From site "ftp.vortex.com": /privacy/skipjack.1.Z or: /privacy/skipjack.1 Via e-mail: Send mail to "listserv@vortex.com" with the line: get privacy skipjack.1 as the first text in the BODY of your message. Via gopher: From the gopher server on site "gopher.vortex.com" in the "*** PRIVACY Forum ***" area under "skipjack.1". --Lauren-- ---------------------------------------- SKIPJACK Review Interim Report The SKIPJACK Algorithm Ernest F. Brickell, Sandia National Laboratories Dorothy E. Denning, Georgetown University Stephen T. Kent, BBN Communications Corporation David P. Maher, AT&T Walter Tuchman, Amperif Corporation July 28, 1993 (copyright 1993) Executive Summary The objective of the SKIPJACK review was to provide a mechanism whereby persons outside the government could evaluate the strength of the classified encryption algorithm used in the escrowed encryption devices and publicly report their findings. Because SKIPJACK is but one component of a large, complex system, and because the security of communications encrypted with SKIPJACK depends on the security of the system as a whole, the review was extended to encompass other components of the system. The purpose of this Interim Report is to report on our evaluation of the SKIPJACK algorithm. A later Final Report will address the broader system issues. The results of our evaluation of the SKIPJACK algorithm are as follows: 1. Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2. There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3. While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. ------------------------------ End of PRIVACY Forum Digest 02.28 ************************