PRIVACY Forum Digest Sunday, 24 November 1996 Volume 05 : Issue 21 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Key Escrow & Govt. Crypto Controls (Prof. Dorothy Denning) on PFR (Lauren Weinstein; PRIVACY Forum Moderator) PRIVACY Forum Radio Interviews via Tape, CD-ROM, etc. (Lauren Weinstein; PRIVACY Forum Moderator) Southwestern Bell and SSNs (Rex Black) Canadian private sector legislation by the year 2000 (Colin Bennett) University plans to publish personal info (Edward Fischer) Big Internet is Watching You (Martin Minow) La Belle Province Vous Aime [re: Hydro Quebec] (Alan P. Burke) The final version of the NRC crypto report is now available! (CRYPTO) New Bihman-Shamir Fault Analysis Paper (Bruce Schneier) Community Space and Cyberspace (Susan Evoy) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 21 Quote for the day: "Is... a... puzzlement." -- King Mongkut of Siam (Yul Brynner) "The King and I" (Fox; 1956) ---------------------------------------------------------------------- Date: Sun, 24 Nov 96 11:05 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Key Escrow & Govt. Crypto Controls (Prof. Dorothy Denning) on PFR Greetings. A new PRIVACY Forum Radio installment is now available for your information and listening enjoyment. In this approximately half-hour show, I speak with Professor Dorothy Denning (Georgetown University), a well-known advocate of key escrow, key recovery cryptographic systems. During the program our discussions cover a range of topics including third-party key systems, possible future government controls over domestic cryptography, international crypto concerns including competition and export controls, and other related issues. To access the show (along with software and instructions for playback), please follow the links to PRIVACY Forum and PRIVACY Forum Radio via: http://www.vortex.com Thanks much. --Lauren-- ------------------------------ Date: Sun, 24 Nov 96 14:38 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: PRIVACY Forum Radio Interviews via Tape, CD-ROM, etc. Greetings. I've been receiving increasing numbers of queries from persons interested in obtaining PRIVACY Forum Radio interview materials through non-online mechanisms, either for initial listening or archival purposes. This is certainly technically possible--all of the interviews are produced and preserved as CD-quality digital audio. Interviews could be made available via cassette tape, conventional audio CDs, and/or via CD-ROMs, either on a one-shot or subscription basis. Whether or not this would be a practical exercise would be largely dependent on demand. If sufficient numbers of individuals, libraries, and/or other institutions and entities are interested, I'll certainly see about making the materials available in this manner. I can't make any cost estimates at this point, since demand would again be an important factor; certainly the Forum could use the support that such distribution might potentially provide. If you have possible interest in any of these alternate forms of PRIVACY Forum Radio distribution, please drop an e-mail note to: privacy-radio@vortex.com Please be sure to specify which format (tape, CD, or CD-ROM) is of most potential interest. Thanks very much. --Lauren-- ------------------------------ Date: 29 Oct 96 11:20 CST From: Rex Black Subject: Southwestern Bell and SSNs Hi all-- Yesterday I called Southwestern Bell to order a fax/modem line for my home office. In the course of the discussion, I found out that they had my social security number in my file as an identifier. I suppose I thoughtlessly gave it to them when I ordered service. (I've occasionally been worn down by clerks who insist that they just can't proceed on their precious form without my SSN, and therefore I can't get X service or Y product, which, in the case of a telephone, could be a problem. :-) Anyway, I raised somewhat of a stink about this, asking the clerk if she could remove my SSN from the file and replace it with my driver's license number. She went off for a while, spoke with a supervisor, then came back and said, yes, she would do that for me. I probably need to call back in a couple days with some spurious inquiry and make sure that this indeed happened. The moral of this story is that Southwestern Bell customers who don't want their SSN floating around in a file that also includes home address, home phone number, spouse's name, etc., may want to call and get it removed. Regards, Rex [ It is indeed possible that they removed your SSN. It is also possible that they simply added your DMV number, and your SSN is still buried in there somewhere. Since these systems are so dependent on single unique identifiers, it is often the case that really replacing one identifier with another isn't at all simple, even if the customer service agent *thinks* that's what they are doing. On one hand, many people don't want their SSN used in commercial situations where it isn't necessary. However, most people don't want their records confused with those of other individuals. As you'll recall from the Lexis-Nexis controversy, sometimes the surest way to find a record to correct or delete, is by using the SSN, since most other fields (name, address, etc.) can easily change over time. The big problem of course is that with only the data elements protected by the Fair Credit Reporting Act really being under any sort of control, SSNs can be used for a variety of fraudulent or other criminal purposes by unscrupulous individuals. Meeting the often opposing goals of personal privacy and accurate identification is a decidedly non-trivial task. User chosen passcodes and PINs are one possibility that can help with the identification side of the equation. Unfortunately, many organizations have been unwilling to implement or continue using such systems, sometimes after getting poor response to them from customers who complain about needing to remember codes for account access. The right way to deal with this problem, of course, is to let those individuals who want to have a unique passcode use that system, and allow those who don't to opt-out. -- MODERATOR ] ------------------------------ Date: Sat, 2 Nov 1996 16:13:25 -0800 From: Colin Bennett Subject: Canadian private sector legislation by the year 2000 Subscribers should be aware that Allan Rock, the Canadian Minister of Justice, made the following commitment to the International Privacy Commissioners Conference in September: "By the year 2000, we aim to have federal legislation on the books that will provide effective, enforceable protection of privacy rights in the private sector." It is probable that any private sector policy will be based on the Canadian Standards Association's recent Model Code for the Protection of Personal Information. But there will continue to be considerable discussion over oversight and enforcement questions, and in particular about federal/provincial jurisdictional questions. An analysis of these issues can be found in "Regulating Privacy in Canada: An Analysis of Oversight and Enforcement in the Private Sector." This is now on the epic website: www.privacy.org/pi/country/canada/ Colin Bennett Department of Political Science University of Victoria Victoria, B.C. Canada, V8W 3P5 [ In general, there seems to be much more activity in the direction of privacy legislation outside the U.S., though in some countries the situation is getting worse, not better. Sometimes well-intentioned legislation can have unexpected side-effects. Broadcasters in Europe have expressed concern that new regulations regarding registration of and access to databases could extend to digital audio and video recordings created and archived during the preparation of news stories, with a number of possibly alarming ramifications. Still, as we've seen before, privacy issues often cannot be reasonably dealt with in a piecemeal fashion through the commercial sector, and legislative efforts seem to represent the only feasible approach in many cases. -- MODERATOR ] ------------------------------ Date: Tue, 12 Nov 1996 16:17:28 -0500 From: EdFischer@aol.com Subject: University plans to publish personal info, apparently without I received a solicitation for a "Carnegie Mellon University Alumni Directory," available in book or CD-ROM form, from a commercial publisher called Publishing Concepts, Inc. of Dallas, Texas. I was surprised to learn that I would be included in the directory even though I had not consented to it. Here's the letter I wrote to my alma mater: --- begin quoted text --- Mr. Steven L. Calvert Director, Alumni Relations Carnegie Mellon University Alumni House 5017 Forbes Avenue Pittsburgh, Pennsylvania 15213 Dear Steve: Thanks for taking a few moments with me on the phone yesterday to allow me to express my concerns about the alumni directory. As I promised, I've outlined my objections on paper for you. As I'm sure you're aware, privacy and confidentiality are important issues. When alumni give you personal information such as home address and phone number, I'm sure they don't expect you to make that information public. At the very least, there seems to be a normal expectation that you'll be using the information only for "internal" purposes: annual fundraising, mailing newsletters, and similar things. (I am referring to the alumni directory as "public," even though you may argue that it is only semi-public since it is only available to CMU alumni. But when potentially thousands of copies are being distributed, and when you immediately lose control of those copies, such distribution must be considered public.) There may be circumstances where alumni would not want this information published. I can think of two examples of undesirable recipients, one quite ominous: telemarketers and stalkers. I don't think you can be sure that the community of CMU alumni doesn't include either or both of these. By forcing alumni to "opt out" of the directory, rather than allowing them to "opt in," you are running the real risk of putting someone in danger -- someone who may not even be aware that you are publishing his or her home address and phone number. Remember that the CMU alumni community includes actors and actresses, business people, and possibly battered spouses. Let me repeat my own preference: you do not have my permission to distribute my name, address, or phone number to anyone for any reason. I would like to see CMU withdrawn plans for the alumni directory until an *opt in* procedure is implemented. Thanks again, Steve, for taking these issues seriously. Very truly yours, Edward Fischer Class of '75 ---end quoted text--- [ This turns out to unfortunately be a common practice. I had a similar experience when UCLA solicited me for purchase of the alumni directory along with a sheet of my data that they wanted "updated". No obvious "opt-out" choice was apparent, and I had to call around trying to find the right people, then write, to ask not to have my information included. It was a considerable effort. This is but another aspect of the current philosophy that personal information (however you wish to define it) is the property of the entity who currently holds it, and that the person about whom that information exists has few rights regarding that data. -- MODERATOR ] ------------------------------ Date: Thu, 7 Nov 1996 07:29:32 -0800 From: Martin Minow Subject: Big Internet is Watching You Over the past month or so, a mailing list I subscribe to has endured a flame war with a disgruntled (ex-)subscriber. A few days ago, an anonymous participant provided what I'll call an Internet Biography of the subscriber. The anonymous message began with "I had some free time this morning, and just for fun, thought I'd create a brief Net profile of our friend ..." Among the discoveries are the following: -- Home address and phone number from http://www.yahoo.com (Four11 people search) -- Birthday from http://www.boutell.com/birthday.cgi/[Month]/[Day] -- Company name and internet domain ownership from InterNIC. -- An uncomplimentary "who is ..." from a private academic site. -- A Usenet author profile showing over 500 messages posted to about 50 newsgroups over the last 18 months from http://www.dejanews.com profile. -- An uncomplimentary note from an academic, private "legends" homepage. -- Several professional contributions to FAQ's. Over ten years ago, when computer bulletin boards appeared at my former employer, I formulated "Minow's law:" "never write anything you don't want to see on your resume." I seem to have been more prophetic than I expected. Martin Minow, minow@apple.com [ I remember discussing some of these issues with Martin many, many years ago, back in the days when the Internet community was very small and the information available via the net comparatively very limited. Even then, it was becoming obvious that sending public messages was like standing up on a soapbox and giving a speech. Of course, back then the crowd listening was typically orders of magnitude smaller than what can occur today... -- MODERATOR ] ------------------------------ Date: Fri, 08 Nov 1996 15:48:31 -0800 From: "Alan P. Burke" Subject: La Belle Province Vous Aime [re: Hydro Quebec] Hydro Quebec reassures us on each bill that: "When you next call us, don't worry if we ask for your social insurance number. We're only doing this in order to confirm your identity and guarantee once and for all that your personal file is exclusively yours and fully confidential." Why would a government-owned corporation which has intimate knowledge of its subscribers' location want to have confirmation of identity? Why shouldn't I worry? Alan [ Most likely it's for account access control. As I discussed above in a comment to an earlier message, the use of these numbers as an expedient unique database identifier is commonplace. Also as discussed above, use of PINs or passcodes could help provide an alternative for account access identification purposes, at least. -- MODERATOR ] ------------------------------ Date: Fri, 08 Nov 96 15:28:00 EST From: "CRYPTO" Subject: The final version of the NRC crypto report is now available! The Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) is pleased to announce the availability of its cryptography policy study "Cryptography's Role in Securing the Information Society". This report was originally released in pre-publication form on May 30, 1996. The final printed version of this report can be obtained from the National Academy Press, 1-800-624-6242 or Web site http://www.nap.edu/bookstore. The pre-publication version and the final printed copy differ in that the printed copy contains an index and many source documents relevant to the crypto policy debate; of course, editorial corrections have been made as well. An unofficial ASCII version of the prepublication report can be found at http://pwp.usa.pipeline.com/~jya/nrcindex.htm; the official NRC version should become available online in ASCII form in December. In addition, CSTB has been conducting briefings on this report at various sites around the country; if you would like to arrange a briefing in your area, please let us know (cstb@nas.edu, 202-334-2605). ------------------------------ Date: Thu, 31 Oct 1996 09:57:52 -0500 From: Bruce Schneier Subject: New Bihman-Shamir Fault Analysis Paper The next Stage of Differential Fault Analysis: How to break completely unknown cryptosystems Eli Biham Adi Shamir Computer Science Dept. Applied Math Dept. The Technion The Weizmann Institute Israel Israel October 30-th, 1996 (draft) The idea of using computational faults to break cryptosystems was first applied by Boneh Demillo and Lipton to public key cryptosystems, and then extended by Biham and Shamir to most types of secret key cryptosystems. In this new research announcement, we introduce a modified fault model which makes it possible to find the secret key stored in a tamperproof cryptographic device even when nothing is known about the structure and operation of the cryptosystem. A prime example of such a scenario is the Skipjack cryptosystem, which was developed by the NSA, has unknown design, and is embedded as a tamperproof chip inside the commercially available Fortezza PC cards. We have not tested this attack on Skipjack, but we believe that it is a realistic threat against some smart card applications which were not specifically designed to counter it. The main assumption behind the new fault model is that the cryptographic key is stored in an asymmetric type of memory, in which induced faults are much more likely to change a 1 bit into a 0 than to change a 0 bit into a 1 (or the other way around). CMOS registers seem to be quite symmetric, but most types of nonvolatile memory exhibit some degree of asymmetry. For example, a 1 bit in an EEPROM cell is stored as a small charge on an electrically isolated gate. If the fault is induced by external radiation (e.g., ultraviolet light), then the charges are more likely to leak out of the gate than to be forced into the gate. To make the analysis simpler, we assume that we can apply a low level physical stress to the tamperproof device when it is disconnected from power, whose only possible effect is to occassionally flip one of the 1 bits in the key register to a 0. The plausibility of this assumption depends on numerous physical and technical considerations, which are beyond the scope of this note. We further assume that we are allowed to apply two types of cryptographic functions to the given tamperproof device: We can supply a cleartext m and use the current key k stored in the nonvolatile memory of the device to get a ciphertext c, or we can supply a new n-bit key k' which replaces k in the nonvolatile memory. The cryptanalytic attack has two stages: 1. In the first stage of the attack, we keep the original unknown secret key k stored in the tamperproof device, and use it to repeatedly encrypt a fixed cleartext m_0. After each encryption, we disconnect the device from power and apply a gentle physical stress. The resultant stream of ciphertexts is likely to consist of several copies of c_0, followed by several copies of a different c_1, followed by several copies of yet another c_2, until the sequence stabilizes on c_f. Since each change is likely to be the result of one more key bit flipping from 1 to 0 (thus changing the current key k_i into a new variant k_i+1), and since there are about n/2 1 bits in the original unknown key k, we expect f to be about n/2,and c_f to be the result of encrypting m_0 under the all-zero key k_f. 2. In the second stage of the attack, we work our way backwards from the known all-zero key k_f to the unknown original key k_0. Assuming that we already know some intermediate key k_i+1, we assume that k_i differs from k_i+1 in a single bit position. If we knew the cryptographic algorithm involved, we could easily try all the possible single bit changes in a simple software simulation on a personal computer, and find the (almost certainly unique) change which would give rise to the observed ciphertext c_i. However, we dont need either a simulator or knowledge of the cryptographic algorithm, since we are given the real thing in the form of a tamperproof device into which we can load any key we wish, to test out whether it produces the desired ciphertext c_i. We can thus proceed deterministically from the known k_f to the desired k_0 in O(n) stages, trying O(n) keys at each stage. The attack is guaranteed to succeed if the fault model is satisfied, and its total complexity is at most O(n^2) encryptions. This seems to be the first cryptanalytic attack which makes it possible to find the secret key of a completely unknown cryptosystem in polynomial time (quadratic time in our case). It relies on a particular fault model which seems to be realistic, but requires further study. In the full version of this paper we'll discuss numerous extensions of the attack, including the analysis of more complicated fault models in which the sequence of corrupted keys forms a biased random walk in the space of 2^n possible keys. Bruce Schneier Counterpane Systems ------------------------------ Date: Sat, 2 Nov 1996 00:13:55 -0800 From: Susan Evoy Subject: Community Space and Cyberspace Community Space and Cyberspace What's the Connection? Exploring the Directions and Implications of Computer Networking Technology on Society Directions and Implications of Advanced Computing (DIAC-97) http://www.scn.org/tech/diac-97 *** A Conference **** Sponsored by Computer Professionals for Social Responsibility (CPSR) Seattle, Washington, USA March 1-2, 1997 Visionaries, hucksters, social critics, politicians, and cyber-pundits of all stripes -- both amateur and professional -- have been more than generous with their theories and prognostications on what computer-mediated communication will mean for children, families, neighborhoods, civic life, and society. What's the reality? What's the hype? What do we hope for? What do we dread? What is the potential? What are the pitfalls? And what -- if anything -- can we do about it? Will new forms of cyberspace media usher in a new egalitarian age or will the distance between economic haves and have-nots grow ever larger? Perhaps -- and this may be the likeliest -- cyberspace will just carry on business as usual and nothing much will actually change shape as a result. The Community Space and Cyberspace conference will be an exciting mix of informative and provocative presentations. Howard Rheingold, author of the best-selling book on how people commune in cyberspace, "The Virtual Community: Homesteading on the Electronic Frontier", will give the keynote address on how "virtual" and geographical communities are related to one another. Also on the first day, numerous activists, practitioners, and thinkers will discuss the significance of the new communication technology on children, education, the economy and jobs, social action, civic and cultural values, and many other topics What will computer networking do *for* us and what will it do *to* us?? Help us answer this question! Please join the discussion in Seattle! DIAC-97 needs co-sponsors and supporters. If your organization endorses DIAC-97 (no charge!) your members can attend at the CPSR rate. We only ask that you help promote attendance at the conference. We are also looking for financial support for the conference and for our fundraiser the evening of March 2 at the fabulous Speakeasy Internet Cafe in Seattle. Please help us make this conference as successful as possible with your personal or company donation. If you or the organization or company you represent would like to be listed or linked as a co-sponsor or supporter, please contact Doug Schuler via e-mail (douglas@scn.org) or by telephone (206-634-0752). Thanks for your support! On Sunday, March 2, participants will be able to attend many of the 20 - 40 workshops that we are planning. If you have skills, research, or ideas to share PLEASE consider proposing a workshop. The workshops in previous DIAC conferences have been outstanding thanks to the innovation, enthusiasm, and experience of the convenors. Workshops will feature work being done in the Puget Sound region as well as that from around the country, and possibly the world. If you are interested in convening a workshop, please fill out the workshop proposal form at our web site. Although any relevent workshop proposal is welcome we especially encourage those around the following themes. * Computer Basics and Cyberspace Survival Skills * Changing Lives: Community Projects and Programs * Organizing With and Around Technology * Critical Issues: Public Policy at Local, Regional, National and Global Levels We hope to collect relevant papers and workshop proposals into a proceedings that will be available to attendees and other interested people. Confernce Registration Form NAME: ___________________________________________________________ ADDRESS: ________________________________________________________ PHONE:___________________________________________________________ CITY: ______________________ STATE: ____ ZIP: _______________ COUNTRY: ________________________ E-mail:________________________ Registration Fees (Check one) CPSR member $50 __ Co-sponsoring org $50 __ Which Organization? _________________ Regular $75 __ Student/Low Income $25 __ Please print and complete this form and send it with your check to: CPSR/Seattle - Conference Registration P.O. Box 85481 Seattle, WA 98145-1481 USA ------------------------------ End of PRIVACY Forum Digest 05.21 ************************