The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Friday, 4 September 1998 Volume 07 : Issue 15 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Followup on Netscape Communicator Privacy Concerns (Lauren Weinstein; PRIVACY Forum Moderator) Re: Caller ID in the Netherlands (Joseph S. Fulda) Freedom of Information UK (Keith Parkins) Cookie control on the web (Carlos A. Alvarez) Radio scanners (Phil Agre) Re: Computer hard disc scanning by HM Customs & Excise (Monty Solomon) Privacy Survey References (Roger Clarke) Internet Privacy Book (Jeremy L. Hart) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 07, ISSUE 15 Quote for the day: "What we've got here, is failure to communicate." -- Captain (Strother Martin) "Cool Hand Luke" (Warner Bros.; 1967) ---------------------------------------------------------------------- Date: Wed, 2 Sep 98 12:18 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Followup on Netscape Communicator Privacy Concerns Greetings. As regular readers of this digest will remember, in the previous PRIVACY Forum Digest I reported on privacy concerns expressed to me by users of the Netscape Communicator 4.5 pre-release (PRIVACY Forum Digest V07 #14; http://www.vortex.com/privacy/priv.07.14). At that time, I expressed pleasure with the rapid response I received from Netscape, enabling me to discuss with them the privacy issues surrounding their new "Smart Browsing" and "DNS Help" type features. Unfortunately, since my initial report, the situation has become considerably more murky. First, it turned out that the e-mail address the Netscape managers gave me, for people to use to express opinions or concerns about these features, turned out to be invalid. Persons who used this address reported getting back automatic messages explaining that mail to the address was not read, and were presented with URL information pointing at various web pages. I found this surprising, since I had explicitly asked for an e-mail address that people could use for these specific issues, and the address I reported was the one the Netscape managers had assured me was correct. Another concern also surfaced within hours of my last report. It turned out that the release of Netscape 4.0.6 (not a pre-release, but a "regular" release) included, without visible fanfare to the user, some of the very features that had been the center of privacy concerns regarding Netscape 4.5. In particular, the "Smart Browsing" and "Internet Keyword" features were included, and *enabled* by default in 4.0.6, which most persons thought was just an upgrade to cure a security problem in 4.0.5. While it is possible to turn off these features by digging around in Preferences, users reported that they couldn't find any help information in the browser, or the "readme" file, to warn them that such functionality had been added or how to disable it. In fact, the first clue most users had of the new features' existence was when URL entries that used to behave in a known manner instead started resulting in references to Netscape pages. It seemed odd that during a long conference call with Netscape about concerns over 4.5, that nobody there had felt it useful to mention that some of those same features would be appearing in 4.0.6 within hours. These problems became known to me within less than a day of the last digest. I immediately tried to clarify these issues with Netscape. Unfortunately, in stark contrast to their original communicativeness, I've been unable to get useful clarification on these issues. I have spoken again, several times, with the Netscape PR person who had been helpful originally, and she says she's been trying to get answers to my questions and to get the appropriate manager to call me back. But so far, those calls have not been forthcoming, even after numerous attempts. The PR person did offer me a web URL that people could use to send notes to Netscape via forms at: http://home.netscape.com/feedback/site.html but I explained that an e-mail address provided a much more convenient way for interested persons to send detailed messages. Frankly, I don't think that an e-mail address for people to use for these important privacy issues should be a complicated matter to arrange. That's pretty much where it all stands right now. The PR person has told me that the original e-mail address they gave me was an oversight, that the address had worked until recently and the managers apparently weren't aware of the change. She also told me that when 4.0.6 was released, a Netscape press release mentioned the inclusion of the new features that are the main issues of concern. She hasn't been able to explain the apparent lack of online documentation regarding these features at the time of 4.0.6's release, or the seeming lack of any warnings to users about the fundamental changes in the ways their URL and other entries would be handled. She'd really prefer that I speak to the Netscape managers directly about these issues, and seems at a loss as to why we can't get answers to these relatively simple questions. I agree on both points. One can't help but get the feeling that Netscape may not be giving these privacy concerns a high priority. I hope that's not the case--that instead this "failure to communicate" is the result of some less crucial organizational oversight. But right now, the sound of silence regarding these matters is not encouraging. Web browsers are the primary user interface to the Internet for the vast majority of the world's network users. Privacy concerns such as those under discussion are a critical issue that could make or break people's willingness to use these tools for all manner of useful applications. One would expect that Netscape, as a leader in providing these tools, would enthusiastically promote both public discussion and feedback regarding these privacy issues. I still hope they will choose to do so, and I look forward to hearing from them with clarification regarding these matters. I will of course report back when I have more information on this increasingly complicated privacy saga. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Mon, 24 Aug 1998 01:04:10 -0400 From: Joseph S Fulda Subject: Re: Caller ID in the Netherlands In _Privacy Forum Digest_ Volume 7, Number 14, Daniel van Os tells of his ease in turning on or off all-call blocking. All he had to do was call KPN, the telco in question, and give his number. He concluded that but for a follow-up letter sent to one's address of record, this "apparently means that anyone can enable or disable Caller-ID on any number." He adds that "there are other services which ... can be activated in a similar manner." I want to point out that telco's, toll-free numbers, and pay lines use ANI, as readers of this digest know, so the above might not be true. It might be possible to turn Caller ID and other services on or off only *from the phone in question to which one has to have physical access*. Here in the United States, MBNA America, the credit-card issuing bank requires much more information of a cardholder before releasing its data if it is called from any phone other than the one registered as the cardholder's phone. Best wishes, Joseph ************************************************* Joseph S Fulda, CSE, PhD (212) 927-0662 701 West 177th Street, #21 New York, NY 10033 fulda@acm.org jfulda@usa.net http://www.cdfe.org/eight.html ************************************************* [ It is certainly possible that ANI information is being used as an additional authentication step. However, it's often only a very small bit of additional protection, if any. As I've learned in discussions with various banks, credit card firms, and others regarding this exact issue, it's common practice to just ignore the ANI information much of the time, to avoid getting into arguments with customers calling from other than the "known" phone numbers. Sometimes a trivial additional security question will be asked (e.g. your postal/zip code, or mother's maiden name) but often no additional queries at all will be presented. Automated response systems are often willing to provide a vast amount of data concerning customer accounts, regardless of ANI mismatch, given only an account number and zip code or similar very low security data. -- PRIVACY Forum Moderator ] ------------------------------ Date: Mon, 24 Aug 1998 17:34:09 +0100 From: Keith Parkins Subject: Freedom of Information UK Freedom of Information is the other side of the coin to privacy. Whilst the citizen desires privacy for themselves they also desire open access to government information. In the US there is the presumption in favour of the supply of information unless just reason can be shown to block access. In the UK the presumption is reversed, the information will not be supplied unless overriding grounds can be found to enable access. The US has Freedom of Information legislation, the UK does not. The New Labour government has reneged on its promise to bring in legislation. The Minister who was responsible for open government has been sacked. The responsibility is now that of Jack Straw, one of the most reactionary of Home Secretaries and a strong opponent of civil liberties. In a parallel development, David Shayler, ex-MI5 agent, has been arrested in Paris at the request of the British government and is awaiting extradition to the UK. Shayler's crime has been to expose the incompetence and the lack of accountability of MI5. These moves are an attempt to silence Shayler. Shayler was about to post more revelations on Internet. Shayler was foolish enough to give advance notice of his intentions. The surprise is that having been on the run for almost a year, Shayler did not make use of Internet immediately. Keith [ The main reason I've included this submission in the digest is to emphasize the differing world views concerning information and civil liberties in different nations. The presence of the Internet complicates the analysis of these issues by permeating national borders in a manner and degree never previously experienced. Submissions with more detail regarding this particular story, on all sides of the issue, are invited. -- PRIVACY Forum Moderator ] ------------------------------ Date: Tue, 25 Aug 1998 10:13:23 From: "Carlos A. Alvarez" Subject: Cookie control on the web Many people have concerns about cookies and their privacy. I am one of those. However, I, and many others, visit sites where we either want or need to enable cookies. It is a real pain to answer every cookie message, or to change your preferences just to browse different sites. And there are some sites where I want to take some of their cookies, but not all. For example, the phone book site gives me a cookie to identify my last lookup city and state, so I don't have to type it again, so I accept that. But I don't accept the advertising-related cookies. My solution to this cookie problem is to use a shareware product called Cookie Pal from Kookabura Software. A trial is available at www.kburra.com and registration is cheap. It allows me to "remember" the cookies I want or don't want, and handles it all automatically. Everyone concerned about cookie issues should be using this, as it solves all the problems at once. -- Carlos Alvarez, Tucson, AZ, USA, Earth, Sol System, Milky Way Galaxy http://www.neta.com/~carlos [ As a practical matter, I don't feel that "add-on" mechanisms of this sort are the best solution to perceived cookie problems. To be of general value, detailed cookie controls need to be inherent in the browsers themselves, not an add-on that most people will never install or use. At the very least, users should be able to specify in their browser preferences/bookmarks those sites from which they are willing to accept cookies. But this really needs to be a basic browser function to have any significant impact. -- PRIVACY Forum Moderator ] ------------------------------ Date: Tue, 25 Aug 1998 17:51:19 -0700 (PDT) From: Phil Agre Subject: radio scanners I don't normally peruse the weekend calendar section of the newspaper looking for news about privacy, but maybe now I'll have to start. The LA Times' calendar section for 8/20/98 includes an article (Steve Hochman, Scanning the airwaves, pages 30-31) about a Toronto-based company that has been fielding a service called Mobiltrak. If you place a Mobiltrak device alongside a road, it will keep records of what radio stations the passing drivers are tuned to. This is not surprising as technology. The British government has long used such methods to determine which households are watching the BBC without paying for it. What's striking is that the technology is now cheap enough, and demand for the information is now great enough, that someone is actually doing it commercially. Radio stations in Toronto and Phoenix, where the system has been deployed so far, use the system to get instant ratings on their shows. Retail stores are supposedly also using the system to determine what stations their customers listen to, for example to determine where to place ads. Taken in isolation, of course, the privacy problem with Mobiltrak is relatively small. People often do have a sense of violation in cases like this, even when the data being collected is not identified. The concern is from the bigger picture. It is a relatively simple matter to capture license plates from passing cars, and numerous technologies now being deployed are capable of capturing the identities of passing cars in other ways, for example in the course of toll payment. When individuals can be identified in terms of their radio listening habits, possibilities for abuse arise. We can all imagine junk mail scenarios. If the information can be cross-indexed with information from other media, an entirely plausible assumption in the near future, then captured radio listening patterns could result in customized messages in a wide variety of other venues, many of which could never be traced back to the radio scanner. More serious potentials for abuse exist as well. A kid who is listening to an alternative or hip-hop music station may find extra trouble with the cops (due to a "profile", say) without ever knowing why. Even if individual listeners are not identified, locations that are found to be frequented by listeners to such stations may find themselves placed under greater suspicion than any genuine probable cause would justify. The task of imagining other potential abuses is left to the reader. The point here is obviously not that Mobiltrak is inherently evil, or that it is secretly being fielded for evil purposes. The point is that it is part of a much larger pattern that we as a society must contend with as a whole. Do we want to routinize this kind of transparency of our lives? What would it mean to apply fair information practices, or the principles of the European data protection laws, to this kind of passive, invisible, RF-based monitoring of our activities? The issue is significant far beyond real-time location-based radio demographics, given the increasing variety and sensitivity of the relationships that people conduct through the mediation of mobile wireless communications. Phil Agre ------------------------------ Date: Fri, 28 Aug 1998 02:13:09 -0400 From: Monty Solomon Subject: Re: Computer hard disc scanning by HM Customs & Excise Begin forwarded message: Date: Sun, 23 Aug 1998 18:46:03 -0400 From: Vin McLellan Subject: Re: Computer hard disc scanning by HM Customs & Excise Reading the comments of the UK Customs and Excise spokesfolk about their new policy of routinely scanning the digital memories carried by travellers, one is struck by their apparent naivete, e.g.: Nothing bad could be happening since it is all done in the presence of the traveller. The traveller is allowed to watch. It's only a "scan" for appalling digital smut -- although the process, as described, involves copying the disk (and almost any "scan" allows that, overtly or covertly.) It makes me wonder if they had any idea of what kind of Pandora's Box they were opening. Two years ago, a gentleman at Hewett-Packard Labs in California -- the former head of R&D at Apple, as I recall -- mentioned on one of the Internet newsgroups that senior HP executives had been warned by US intelligence agencies that big-number cash bounties that had been posted (where and by whom, it was not clear) for anyone who could obtain the travel laptop of particular US computer industry executives. The targets were identified by name and position. I suspect that the UK bureaucrats who thought up this search for illicit images never considered that the digital soup they were straining for porn in this low-level bureaucratic process might be worth $100K or $500K or $1M on the black market. (They may not have thought about how useful and productive their data-trap might look to Her Majesty's own intel chaps either, although many suspect C&E's naivete in that regard was brief.) Such casually intrusive and randomized search procedures are used for low-value valuables. (I suspect DeBeer's couriers don't get their wares pawed by junior staff who can't tell a diamond from a rhinestone.) Information has always had potentially high value, of course -- but even the post-industrial societies are still adjusting to the way computers concentrate and create such value in data. HM C&E is not likely on the cutting edge here. C&E officials have probably been amazed at anger and passionate resentment many knowledge-workers have shown toward their new policy. The C&E baggage inspector who only barely computer-literate is not likely to realize how profoundly a traveller may feel violated by a process which, by it's nature, necessarily offers Her Majesty's government an opportunity to copy one or two Gigabytes of personal and professional memories -- with the traveller forced to open encrypted files as it they were just another "locked suitcase." At least until this UK initiative raised the possibility of routine data searches, many of us typically travelled with almost all our personal messages, diaries, as well as all our professional work for the past two or three years in a laptop hanging from a shoulder strap. (With my RSA SecurPC, it seemed safe, as well as readily accessible.) My outrage at the invasiveness and indignity of such a search would probably shock someone who doesn't live and work online, the way I and many others do. Corporate execs and couriers may have far more valuable files: business plans, negotiation options, strategic plans, industrial plans, prototype products, competitive analyses, corporate records of all types. (Old and deleted files -- even unsaved data like remote-access passwords and encryption keys dropped in swap or temp files on a PC -- are often retrievable from a copy of a hard disk.) A business traveller planning to negotiate a deal in the City, offer a contract to a British firm, or set up a plant or office in the UK, may now risk corporate treasure, as well as personal indignity, in subjecting himself to such a C&E search. For some of us, a strip search and sodium pentathol session at the C&E post would be less invasive -- but even the British bureaucrats who came up with this policy would probably consider routine truth-serum interrogations of travellers over the top: unreasonable, uncivil, disprespectful, and likely to drive off tourists, merchants, bankers, and traders who bring money and jobs to the UK. Most of us, of course, will immediately jump to Cyberspace, where ready access to encrypted files on a server or website anywhere in the world leaves them available, but largely secure from government eavesdroppers (even when the recipient of the data transfer is in a London hotel!) It only will be a very very stupid smut merchant who gets caught by C&E's memory trap. On the other hand, damage done to the British economy by C&E's routine searches of travellers' digital memories may be apparent rather quickly. I know of several large multinational corporations that have regular couriers who (daily or several times a week) carry sensitive material -- usually in digital form, on a laptop or Zip disks -- from their Paris offices to London, where it is encrypted and transmitted to their corporate offices around the world. These firms, and others with similar requirements, restrict the size of their French installations (and investments) too. This happens because French law forbids any firm, operating within France, from using strong encryption for either domestic or international data transfers... unless they give the French authorities the crypto keys that would allow the SCSSI to access, copy, and potentially exploit those messages or data files. (French intelligence agencies -- like their counterparts in most governments today -- are widely suspected of trying to steal commercial and industrial secrets from non-French businessmen, and using them to benefit French industrial and commercial interests. France, not being a beneficiary of the Echelon net like the US and UK, maybe has to try a little harder. In recent years, rumors have also led many international flyers to believe, rightly or wrongly, that the first class seats on Air France are wired by those same French agencies for commercial espionage.) Now, I wonder if those corporate couriers will be taking the Eurostar through the Chunnel next week? The couriers may lug briefcases full of paper (which C&E is unlikely to read, or Xerox) for a few days. I suspect, however, that many of those firms are even now urgently reviewing their telecom alternatives. As the recent GILC survey and the EC's Copenhagen Hearings make clear, more business-sensitive governments abound, even in Europe. For the past two years, the dominant policies of the OECD and the European Commission have been to foster electronic commerce by respecting the legitimate needs of consumers and businessmen for crypto-enabled confidentiality. Some correlations between policy and investment have been reported. Ireland recently announced what appears to be one of the most liberal national policies, allowing for the use and trade in crypto-enhanced software, among the Wassenaar signatories: At the time, a senior Irish official noted that his government believes that its progressive stance on corporate requirements for crypto-based confidentiality has led over 700 foreign firms to set up plants and offices in the Emerald Isle. It makes you wonder at the cost-benefits of this British government campaign to nail a few closet perverts? Suerte, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A Thinking Man's Creed for Crypto _vbm. * Vin McLellan + The Privacy Guild + * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 ------------------------------ Date: Sun, 30 Aug 1998 10:04:41 +1000 From: Roger Clarke Subject: Privacy Survey References G'day All A couple of years back, I flung together a list of references to surveys that have been published relating to attitudes to privacy. After being asked the same question recently, I now realise that I've never put it up on the web. With some enhancements, it's now up, at: http://www.anu.edu.au/people/Roger.Clarke/DV/Surveys.html Improvements greatly appreciated. Re-posting to other lists invited. Regards ... Roger Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ http://www.etc.com.au/Xamax/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@anu.edu.au Visiting Fellow, Faculty of Engineering and Information Technology The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6249 3666 ------------------------------ Date: Wed, 26 Aug 1998 11:55:51 -0500 From: "Jeremy L. Hart" Subject: Internet Privacy Book I LOVE THE INTERNET, BUT I WANT MY PRIVACY, TOO! by Chris Peterson Published by Prima Publishing (ISBN 0-7615-1436-8, 240 pages, $16.95 paperback) This book explores threats posed by would-be cybersnoops who seek to invade your personal privacy through electronic means. From the e-mail we send our boss to the video games our kids play after school, computers and the Internet permeate nearly every aspect of our lives. These amazing tools allow us effortlessly to tap into vast reservoirs of information, letting us review and then buy the latest best-seller and then scope out our next vacation destination. We can even look up the phone number of a distant cousin through an on-line search engine. But each time we log-on, we are revealing a myriad of personal information to anyone inclined to look. You may ask, does anyone bother to uncover the details about your personal life if you are not rich, famous or both? The answer is yes; more so than people realize. From businesses trying to sell products to thieves looking for personal data to steal, your business can easily become their business. This book will show you who is doing the "cybersnooping," how they are doing it, what they can find out about you, and how you can protect yourself. I LOVE THE INTERNET, BUT I WANT MY PRIVACY, TOO! is available wherever books are sold, online or off, or directly from Prima Publishing at 1-800-632-8676. For more information, please visit the company's web site: Prima Publishing http://www.primapublishing.com/ ------------------------------ End of PRIVACY Forum Digest 07.15 ************************