PRIVACY Forum Digest Friday, 10 December 1993 Volume 02 : Issue 37 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: "On the Road to Nosiness?" (John M. Joy) Clipper Letter to Clinton (David Sobel) SSN's in Mail Addresses (Brinton Cooper) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 37 Quote for the day: "I think it would be fun to run a newspaper!" -- Charles Foster Kane (Orson Welles) "Citizen Kane" (1941) ---------------------------------------------------------------------- Date: Sat, 4 Dec 93 10:44:42 EST From: joyjohnm@cps.msu.edu Subject: Re: "On the Road to Nosiness?" "Joel A. Fine" , writes: > Dan Gillmor writes: [...] > A similar system is already in place in Campbell, California, and > several nearby municipalities, for the purpose of enforcing speed > limits. An unmanned radar-camera combination automatically > photographs speeding motorists and records their speed at the time > the picture was taken. Several days later, the driver receives a ^^^^^^^^^^ > copy of the photo, along with a bill for the appropriate fine for > the traffic violation. The driver never talks with, or sees, a > traffic cop. Dollars to donuts the person to whom the vehicle is registered gets the bill (and the point assessment), not (necessarily) the driver. Are these photos really clear enough to identify the face of a driver beyond a reasonable doubt (particularly when members of the same family tend to drive the same vehicles, and members of the same family tend to resemble one another)? ------------------------------ Date: Thu, 9 Dec 1993 11:21:50 EST From: David Sobel Subject: Clipper Letter to Clinton On December 6, the Digital Privacy and Security Working Group, a "coalition of over 50 communications and computer companies and associations, and consumer and privacy advocates" coordinated by the Electronic Frontier Foundation, sent a letter to President Clinton concerning cryptography policy. The letter states, "In our discussions with Administration officials, we have expressed the Coalition's tentative acceptance of the Clipper Chip's encryption scheme (as announced on April 16, 1993), but only if it is available as a voluntary alternative to widely- available, commercially-accepted, encryption programs and products." The Washington Office of Computer Professionals for Social Responsibility (CPSR) has sent the following letter to the President. We believe that the position stated in this letter continues to represent the views of the vast majority of network users, as reflected in the overwhelmingly critical comments submitted to the National Institute of Standards and Technology in response to its recent solicitation of public comments on the Clipper proposal. ================================================================== December 8, 1993 The President The White House Washington, DC 20500 Dear Mr. President, We are writing to you regarding the Clipper cryptography proposal now under consideration by the White House and a letter you may have received about the proposal from a group called the "Digital Privacy and Security Working Group." This group wrote to you recently and expressed their "tentative acceptance" of the Clipper Chip encryption scheme. We disagree with their views. This group has made a grave mistake and does not speak for the many users of computer networks and developers of network services who have vigorously opposed this proposal. We are very much concerned about the Clipper proposal. At its core is the dubious premise that the government should have the authority to design communications networks that facilitate wire surveillance. The plan was developed in secret by the National Security Agency over the objection of U.S. firms, professional associations and public interest organizations. Key details about the proposal remain classified. This proposal must not be endorsed. The development of open, unclassified standards is critical for the future of the nation's communications infrastructure. Progress and innovation depend on the free exchange of scientific and technical information. It is essential to the integrity of the scientific process that standards are openly created and available for public review. There is also a great need to ensure that future networks are designed with the highest levels of privacy and security possible. As our country becomes ever more dependent on the high-speed network, the need for secure systems will only increase. The Clipper proposal purposefully cripples the security of the network and reduces the privacy protection that users could otherwise obtain. There is another still more serious problem with the Clipper proposal. An agency with the authority to conduct wiretaps must not be allowed to impose technical standards to facilitate wire surveillance. The threat to Constitutional democracy is clear. A system of checks and balances is essential to ensure that the powerful investigative tools of government are properly controlled. We have followed the development of this proposal with great concern. We have testified before Congressional committees. We have appeared before agency panels, provided reports on wire surveillance, and debated the former FBI Director on national television. We have also sponsored conferences with full participation from across the federal government. We believe that the best policies will result from an open and unrestricted exchange of views. It is our assessment that you must not permit adoption of the Clipper technical standard, even on a voluntary basis. At a time when the country should be moving toward open standards designed for commercial networks, the Clipper proposal asks future users of the nation's information infrastructure to accept a standard intended for the Cold War era. It is a backward-looking plan that serves neither the interests of the American people nor American business. The adoption of the Clipper proposal would also ratify an unlawful process that has undermined the authority of Congress and weakened the mechanisms of government accountability. The proper authority for the development of this standard never rested with the NSA. Under the Computer Security Act of 1987, it was a civilian agency that was to develop appropriate standards for the nation's commercial networks. Through a series of secret executive orders, the NSA usurped the authority of the National Institute of Standards and Technology, substituted its own proposal for those of NIST, and effectively derailed this important policy process. When the computer user community had the opportunity to voice its position on this proposal, it rejected the plan overwhelmingly. The notice and comment process conducted by the Department of Commerce earlier this year resulted in nearly uniform opposition to the Clipper proposal. It would be hard to find a technical standard more disliked by the potential user community. While we support the relaxation of export controls on cryptography, we are not willing to concede to the NSA the right to develop secret standards. It is only because the National Security Agency also exerts influence on export control policy that the Digital Privacy coalition is prepared to endorse the Clipper standard in exchange for new opportunities to market products. It may be a good deal for the coalition members, but it is a terrible outcome for the rest of the country. We very much appreciate your efforts on behalf of open government, and your work with the Vice President and the Secretary of Commerce to develop the nation's information infrastructure. We believe that these efforts are sending our country in the right direction, helping to develop advanced technologies appropriate for a democratic nation and to preserve open and accountable government. But the Clipper proposal was not a creation of your administration. It is a relic from a period that is now moving rapidly into the history books, a time when secret agencies made secret decisions and when backroom deals with powerful, private interests sustained these arrangements. It is time to end this cynical form of policy making. We ask you to reject the deal put forward by the Digital Privacy and Security Working Group. The Clipper proposal should not go forward. We would be pleased to meet with members of your administration to discuss this matter further. Sincerely yours, Marc Rotenberg, Director David Sobel, Legal Counsel Dave Banisar, Policy Analyst CPSR Washington office cc: The Vice President Secretary Ron Brown, Department of Commerce Anthony Lake, National Security Council Computer System Security and Privacy Advisory Board ------------------------------ Date: Fri, 10 Dec 93 18:33:15 GMT From: Brinton Cooper Subject: SSN's in Mail Addresses The following appeared in the Weekly Bulletin (sent to all employees) of this installation. I offer it without comment: "9. USE OF WINDOW ENVELOPES FOR PAY RELATED ACTIONS: Quote from a 14 Mar 77 letter from Treasury's Bureau of Public Debt: "Until a bond sent through the mails is delivered to the addressee as legally defined by the Postal statues, only employees of the U.S. Government, its agents, or the Postal Service in performance of their official duties, have access to the social security number. Thus, the number is not being disclosed indiscriminately to the public. Further, as the Postal Service is bound, under the Privacy Act, to not disclose any information relating to the individual, we fell that the visibility of an individual's number through the envelope does not result in his privacy being impinged upon." Treasury's Assistant Secretary for Legislative Affairs reiterated this position in a 17 May 90 response to a Congressional Inquiry. Considering all this, the visibility of a social security number thru a window envelope does not create a violation of the Privacy Act. In fact, Treasury's Regional Disbursing Officers (RDOs) use window envelopes which are designed so that the addressee's social security number does show, thus allowing for faster rerouting of misaddressed mail." ------------------------------ End of PRIVACY Forum Digest 02.37 ************************