💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0592.txt captured on 2022-06-12 at 10:53:22.
-=-=-=-=-=-=-
Computer underground Digest Wed Dec 8 1993 Volume 5 : Issue 92
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Editor: Craig Shergold, III
CONTENTS, #5.92 (Dec 8 1993)
File 1--Senator Simon Introduces Privacy Bill
File 2--Cantwell & Markey bills, GAO report, etc. online at EFF
File 3--ANNOUNCEMENT: DPSWG Crypto-Policy Statement to White House
File 4--A Superhighway Through the Wasteland?
File 5--Health Privacy Radio Program
File 6--Apple "Accepts" Texas Bigotry
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: ftp.funet.fi in pub/doc/cud. (Finland)
UNITED STATES:
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
ftp.eff.org (192.88.144.4) in /pub/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
ftp.warwick.ac.uk in pub/cud (United Kingdom)
KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 1 Dec 1993 14:04:41 EST
From: Alert@washofc.cpsr.org
Subject: File 1--Senator Simon Introduces Privacy Bill
Extracted from CPSR ALERT, #2.06, 1 December, 1993
[1] Senator Simon Introduces Major Privacy Bill
Senator Paul Simon (D-IL) has introduced legislation to create a
privacy agency in the United States. The bill is considered the most
important privacy measure now under consideration by Congress.
The Privacy protection Act of 1993, designated S. 1735, attempts to
fill a critical gap in US privacy law and to respond to growing public
concern about the lack of privacy protection.
The Vice President also recommended the creation of a privacy agency
in the National Performance Review report on reinventing government
released in September.
The measure establishes a commission with authority to oversee the
Privacy Act of 1974, to coordinate federal privacy laws, develop model
guidelines and standards, and assist individuals with privacy matters.
However, the bill lacks authority to regulate the private sector, to
curtail government surveillance proposals, and has a only a small
budget for the commission.
Many privacy experts believe the bill is a good first step but does not
go far enough.
The Senate is expected to consider the bill in January when it returns
to session.
-------------------------------------------------------------
[2] Senator Simon's Statement on Introduction
(From the Congressional Record, November 19, 1993)
Mr. Simon. "Mr. President, I am introducing legislation today to
create a Privacy Protection Commission. The fast-paced growth in
technology coupled with American's increasing privacy concerns demand
Congress take action.
"A decade ago few could afford the millions of dollars necessary for a
mainframe computer. Today, for a few thousand dollars, you can purchase
a smaller, faster, and even more powerful personal computer. Ten years
from now computers will likely be even less expensive, more accessible,
and more powerful. Currently, there are "smart" buildings, electronic
data "highways", mobile satellite communication systems, and
interactive multimedia. Moreover, the future holds technologies that we
can't even envision today. These changes hold the promise of
advancement for our society, but they also pose serious questions about
our right to privacy. We should not fear the future or its technology,
but we must give significant consideration to the effect such
technology will have on our rights.
"Polls indicate that the American public is very concerned about this
issue. For example, according to a Harris-Equifax poll completed this
fall, 80 percent of those polled were concerned about threats to their
personal privacy. In fact, an example of the high level of concern is
reflected in the volume of calls received by California's Privacy
Rights Clearinghouse. Within the first three months of operation. The
California Clearinghouse received more than 5,400 calls. The
Harris-Equifax poll also reported that only 9 percent of Americans felt
that current law and organizational practices adequately protected
their privacy. This perception is accurate. The Privacy Act of 1974
was created to afford citizens broad protection. Yet, studies and
reviews of the act clearly indicate that there is inadequate specific
protection, too much ambiguity, and lack of strong enforcement.
"Furthermore, half of those polled felt that technology has almost
gotten out of control, and 80 percent felt that they had no control
over how personal information about them is circulated and used by
companies. A recent article written by Charles Piller for MacWorld
magazine outlined a number of privacy concerns. I ask unanimous consent
the article written by Charles Piller be included in the record
following my statement. These privacy concerns have caused the public
to fear those with access to their personal information. Not
surprisingly, distrust of business and government has significantly
climbed upwards from just three years ago.
"In 1990, the United States General Accounting Office reported that
there were conservatively 910 major federal data banks with billions of
individual records. Information that is often open to other
governmental agencies and corporations, or sold to commercial data
banks that trade information about you, your family, your home, your
spending habits, and so on. What if the data is inaccurate or no longer
relevant? Today's public debates on health care reform, immigration,
and even gun control highlight the growing public concern regarding
privacy.
"The United States has long been the leader in the development of
privacy policy. The framers of the Constitution and the Bill of Rights
included an implied basic right to privacy. More than a hundred years
later, Brandeis and Warren wrote their famous 1890 article, in which
they wrote that privacy is the most cherished and comprehensive of
all rights. International privacy scholar Professor David Flaherty has
argued successfully that the United States invented the concept of a
legal right to privacy. In 1967, Professor Alan Westin wrote privacy
and freedom, which has been described as having been of primary
influence on privacy debates world-wide. Another early and
internationally influential report on privacy was completed in 1972
by the United States Department of Health, Education, and Welfare
advisory committee. A Few years later in 1974, Senator Sam Ervin
introduced legislation to create a federal privacy board. The result
of debates on Senator Ervin's proposal was the enactment of the
Privacy Act of 1974. The United States has not addressed privacy
protection in any comprehensive way since.
"International interest in privacy and in particular data protection
dramatically moved forward in the late 1970's. In 1977 and 1978 six
countries enacted privacy protection legislation. As of September
1993, 27 countries have legislation under consideration. I ask
unanimous consent that a list of those countries be included in the
record following my statement. Among those considering legislation are
former Soviet Block countries Croatia, Estonia, Slovakia, and
Lithuania. Moreover, the European Community Commission will be adopting
a directive on the exchange of personal data between those countries
with and those without data or privacy protection laws.
"Mr. President, a Privacy Protection Commission is needed to restore
the public's trust in business and government's commitment to
protecting their privacy and willingness to thoughtfully and seriously
address current and future privacy issues. It is also needed to fill
in the gaps that remain in federal privacy law.
"The Clinton Administration also recognizes the importance for
restoring public trust. A statement the Office of Management and Budget
sent to me included the following paragraph:
[T]he need to protect individual privacy has become increasingly
important as we move forward on two major initiatives, Health
Care Reform and the National Information Infrastructure. The
success of these initiatives will depend, in large part, on the
extent to which Americans trust the underlying information
systems. Recognizing this concern, the National Performance
Review has called for a commission to perform a function similar
to that envisioned by Senator Simon. Senator Simon's bill
responds to an issue of critical importance.
"In addition, the National Research Council recommends the creation of
'an independent federal advisory body ...' In their newly released
study, Private Lives and Public Policies.
"It is very important that the Privacy Protection Commission be
effective and above politics. Toward that end, the Privacy Protection
Commission will be advisory and independent. It is to be composed of 5
members, who are appointed By the President, by and with the consent of
the Senate, with no more than 3 from the same political party. The
members are to serve for staggered seven year terms, and during their
tenure on the commission, may not engage in any other Employment.
"Mr. President, I am concerned about the creation of additional
bureaucracy; therefore the legislation would limit the number of
employees to a total of 50 officers and employees. The creation of an
independent Privacy Protection Commission is imperative. I have
received support for an independent privacy protection commission from
consumer, civil liberty, privacy, library, technology, and law
organizations, groups, and individuals. I ask unanimous consent that a
copy of a letter I have received be included in the record following my
statement.
"What the commission's functions, make-up, and responsibilities are
will certainly be debated through the Congressional process. I look
forward to hearing from and working with a broad range of individuals,
organizations, and businesses on this issue, as well as the
administration.
"I urge my colleagues to review the legislation and the issue, and join
me in support of a privacy protection commission. I ask unanimous
consent that the text of the bill be included in the record."
-------------------------------------------------------------
[3] Privacy Commission Bill Section Headings
Section 1. Short Title.
Section 2. Findings and Purpose.
Section 3. Establishment of a Privacy Protection Commission.
Section 4. Privacy Protection Commission.
Section 5. Personnel of The Commission.
Section 6. Functions of The Commission.
Section 7. Confidentiality of Information.
Section 8. Powers of the Commission.
Section 9. Reports and Information.
Section 10. Authorization of Appropriations.
A full copy of the bill, floor statement and other materials will
be made available at the CPSR Internet Library.
------------------------------
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 2--Cantwell & Markey bills, GAO report, etc. online at EFF
Date: Tue, 7 Dec 1993 17:36:43 -0500 (EST)
Maria Cantwell's bill, which would reduce ITAR export restrictions on
cryptography, is online at EFF's ftp site:
ftp.eff.org, %ftp/pub/eff/legislation/cantwell.bill
(AKA .../legislation/hr3627)
Also recently added to the archives:
The Markey bill, which deals with the coming "data superhighway" or
"national information infrastructure", and which incorporates much of
EFF's Open Platform proposal:
%ftp/pub/eff/legislation/markey.bill (AKA .../legislation/hr3636)
The Cyberpoet's Guide to Virtual Culture, much like the Big Dummy's Guide
to the Internet, but a more advanced and specific compendium of net.info.
Highly recommended:
%ftp/pub/eff/papers/cyber/cyberpoet.gvc
The govt. General Accounting Office's report on communications privacy, a
must see! Criticizes NSA involvement in crafting national crypto-policy,
and makes many other important points:
%ftp/pub/eff/crypto-policy/osi-94-2.gao
------------------------------
Date: Tue, 7 Dec 1993 17:17:50 -0500 (EST)
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 3--ANNOUNCEMENT: DPSWG Crypto-Policy Statement to White House
NOTICE: This is the letter from the Digital Privacy and Security
Working Group sent to the White House 12/06/93, urging the
Administration to lift export controls on DES, RSA and other mass
market encryption without requiring legislation.
Some erroneous press reports have said the DPSWG (see letter
signatories) were making a Clipper/Skipjack "deal". This is not true.
The letter makes it clear that Clipper as originally proposed is not
viable, and that in any form it is to be implemented only if it's use
is completely voluntary and ONLY if current restrictions on mass
market encryption software are removed, so that the right to choose
one's own methods of privacy and security is retained, and American
businesses can effectively and openly compete in the expanding
international market for encryption products.
For more details please see the third paragraph of the letter, below.
+----------------------------------------------
DIGITAL PRIVACY AND SECURITY WORKING GROUP
1001 G Street, NW
Suite 950 East
Washington, DC 20001
Jerry Berman 202/347-5400
Leah Gurowitz 202/393-1010
December 6, 1993
The President
The White House
Washington, DC 20500
Dear Mr. President:
On April 16, 1993, you initiated a broad industry/government
review of privacy and cryptography policies at the same time that the
Administration unveiled its Clipper Chip proposal. The Digital
Privacy and Security Working Group -- a coalition of over 50
communications and computer companies and associations, and consumer
and privacy advocates --has been working with members of your
Administration to develop policies which will reflect the realities of
the digital information age, the need to provide individuals at work
and home with information security and privacy, and the importance of
preserving American competitiveness.
The Digital Privacy and Security Working Group is committed to
the proposition that computer users worldwide should be able to choose
their encryption programs and products, and that American programs and
products should be allowed to compete in the world marketplace. In
our discussions with Administration officials, we have expressed the
Coalition's tentative acceptance of the Clipper Chip's encryption
scheme (as announced on April 16, 1993), but only if it is available
as a voluntary alternative to widely-available, commercially-accepted,
encryption programs and products.
Thus, we applaud repeated statements by Administration
officials that there is no intent to make the Clipper Chip mandatory.
One key indication of whether the choice of encryption regimes will be
truly voluntary, however, is the ability of American companies to
export computer programs and products employing other strong
encryption algorithms (e.g. DES and RC2/RC4 at comparable strengths)
demanded by customers worldwide. In this regard, we commend to your
attention legislation introduced by Rep. Maria Cantwell (H.R. 3627)
that would liberalize existing export controls on software with
encryption capabilities. Of course, such legislation would not be
necessary if the Administration acts to accomplish such export control
liberalization on its own. As part of your on-going encryption review
and decision-making, we strongly urge you to do so.
As your Administration concludes its review of this issue,
representatives of the Digital Privacy and Security Working Group
remain available to meet with Administration officials at any time.
Sincerely,
American Civil Liberties Union IBM
Apple Computer, Inc. Information Industry Association
Business Software Alliance Information Technology Association of
America
Committee on Communications and
Information Policy, IEEE-USA Iris Associates, Inc.
Computer and Business Equipment Lotus Development Corporation
Manufacturers Association
Microsoft Corporation
Crest Industries, Inc.
Oracle Corporation
Digital Equipment Corporation
Prodigy Services Company
EDUCOM
Software Publishers Association
Electronic Frontier Foundation
Sun Microsystems, Inc.
Electronic Messaging Association
Telecommunications Industry Association
GKI Cryptek Division
Trusted Information Systems
Hewlett-Packard Company
cc: John Podesta, Office of the President
George Tenet, National Security Council
Mike Nelson, Office of Science and Technology Policy
Ray Kammer, National Institute of Standards and Technology
Steve Aoki, National Security Council
Geoff Greiveldinger, Department of Justice
+---------------------------------------------------
This document and others on related topics are archived at ftp.eff.org,
%ftp/pub/eff/crypto-policy.
------------------------------
Date: Wed, 8 Dec 1993 14:46:58 -0800
From: Anonymous <tk0jut2@mvs.cso.niu.edu>
Subject: File 4--A Superhighway Through the Wasteland?
((MODERATORS' NOTE: The following op-ed letter to the New York Times
has been widely circulated across the nets. It is not amenable to
summary, and the importance of the issue requires intact reproduction.
Thanks to the various readers who forwarded it over to us)).
A Superhighway Through the Wasteland?
By Mitchell Kapor and Jerry Berman
Source: New York Times, 24 Nov., 1993 / Op-Ed Column
Washington--Telecommunications and cable TV executives, seeking to
allay concerns over their proposed megamergers, insist that the coming
electronic superhighway will be an educational and informational tool
as well as a cornucopia of interactive entertainment. Allow the
marriage between entertainment and communications giants, we are told,
and they will connect students with learning resources, provide a
forum for political discourse, increase economic competitiveness and
speed us into the multimedia information age.
Both broadcast and cable TV were introduced with similar fanfare. The
results have been disappointing. Because of regulatory failure and the
limits of the technology, they failed to be saviors of education or
political life. We love the tube but recognize that it is largely a
cultural wasteland.
For the Government to break this cycle of promise and disappointment,
communications mergers should be approved or barred based on detailed,
enforceable commitments that the electronic superhighway will meet
public goals. The amount of electronic material the superhighway can
carry is dizzying compared to the relatively narrow range of broadcast
TV and the limited number of cable channels. Properly constructed and
regulated, it could be open to all who wish to speak, publish and
communicate.
None of the interactive services will be possible, however, if we have
an eight-lane data superhighway rushing into every home and only a
narrow footpath coming back out. Instead of settling for a multimedia
version of the same entertainment that is increasingly dissatisfying
on today's TV, we need a superhighway that encourages the production
and distribution of a broader, more diverse range of programming.
The superhighway should be required to provide so-called open platform
services. In today's channel-based cable TV system, program producers
must negotiate for channel space with cable companies around the
country. In an open platform network, we would avoid that bottleneck.
Every person would have access to the entire superhighway, so
programmers could distribute information directly to consumers.
Consumers would become producers: individuals and small organizations
could create and distribute programs to anyone on the highway who
wants them. Open platform services will spur diversity in the
electronic media, just as low production and distribution costs make
possible a wide variety of newspapers and magazines.
To prevent abuses by media giants that because of recent Federal court
decisions will control the pipeline into the home and much of the
content delivered over it, we need new laws. Like today's phone
companies, the companies controlling the superhighway must be required
to carry other programmers' content, just as phone companies must
provide service to anyone who is willing to pay for it. We must
guarantee that anyone who, say, wants to start an alternative news
network or a forum for political discussion is given an outlet to do
so.
Americans will come to depend on the superhighway even more than they
need the telephone. The guarantee of universal telephone service must
be expanded to include universal access to the superhighway. Although
market forces will help keep the new technology affordable, we need
laws to protect consumers when competition fails.
And because several companies will operate the highway, each must be
required to interconnect with the others. Likewise, the new computers
that will give us access to the superhighway should be built according
to commonly accepted standards.
Also, even an open, competitive market will leave out organizations
with limited resources such as schools and libraries. To compensate
for market oversights, we must insure that money -- whether through
Federal support or a tax on the companies that will control the
superhighway -- is made available to these institutions. Finally,
people won't use the new technology unless they feel that their
privacy is protected. Technical means, such as recently developed
encryption techniques, must be made available to all users. And clear
legal guidelines for individual control over access to and reuse of
personal information must be established. Companies that sell
entertainment services will have a record of what their customers'
interests are; these records must remain confidential.
Bell Atlantic, T.C.I., Time-Warner, U.S. West and other companies
involved in proposed mergers have promised to allow the public full
access to the superhighway. But they are asking policy makers to trust
that, profits aside, they will use their new positions for the public
good.
Rather than opposing mergers or blindly trusting competition to shape
the data highways, Congress should make the mergers hinge on detailed
commitments to provide affordable services to all Americans. Some
legislators, led by Representative Ed Markey, Democrat of
Massachusetts, are working to enact similar requirements; these
efforts deserve support.
The best approach would be to amend these requirements to the
Communications Act of 1934. Still the central law on open access, an
updated Communications Act would codify the terms of a new social
contract between the the telecommunications industry and the American
people.
Mitchell Kapor is chairman of the Electronic Frontier Foundation, a
nonprofit group that promotes civil liberties in digital media. He was
a founder of the Lotus Development Corporation, from which he resigned
in 1986. Jerry Berman is executive director of the foundation.
------------------------------
Date: Sat, 27 Nov 1993 13:55:06 -0800
From: Matt Binder <binder@WELL.SF.CA.US>
Subject: File 5--Health Privacy Radio Program
((MODERATORS' NOTE: A few months ago, Matt Binder solicited
information from a number of people on computer privacy for a segment
on privacy in the health industry. At the time, concerns were raised
that it might be another cyber-scare drama, but those familiar with
Matt's local (Bay Area, Calif.) reputation allayed suspicions. His
story justified their opinion, and we reprint it below)).
Working on the story was a real education for me, (getting to meet
all kinds of interesting people is one of the main reasons why I'm
a reporter) and I had a few good coincidences that added some
"atmosphere" to the piece. I've included the entire script below,
I hope I'm not being presumptuous.
The show in which my 8.5 minute piece aired is called "The
Communications Revolution, produced by the Telecommunications Radio
Project, which is headquartered at KPFA-FM in Berkeley. The
project is funded by the California Public Utilities Commission,
through the Telecommunications Education Trust (TET), which is
basically money that was overpaid to Pac Bell by its customers.
Other TET grantees are Gregg McVicar's "Privacy Project", and Beth
Given's "Privacy Rights Clearinghouse" in San Diego. Our project
is a series of 13 one hour, live, satellite- linked panel
discussion and call-in shows that air on about thirty stations
around the country (but especially in California).
show: HEALTH PRIVACY Matt Binder 11/12/93 draft FINAL