From: Dave Banisar <banisar@washofc.cpsr.org>
To: CYPHERPUNKS <CYPHERPUNKS@toad.com>
Message Hash: 3ba25da51d86e18b7118518d50d09b3fc83aafb212eb78b28bdb0483c0bd841d
Message ID: <00541.2835954991.594@washofc.cpsr.org>
Reply To: N/A
UTC Datetime: 1993-11-12 19:08:01 UTC
Raw Date: Fri, 12 Nov 93 11:08:01 PST
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 12 Nov 93 11:08:01 PST
To: CYPHERPUNKS <CYPHERPUNKS@toad.com>
Subject: CPSR Alert 2.05
Message-ID: <00541.2835954991.594@washofc.cpsr.org>
MIME-Version: 1.0
Content-Type: text/plain
CPSR Alert 2.05
==============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@
@ @ @ @ @ @ @ @ @ @ @ @ @
@ @@@ @ @@@ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @
=============================================================
Volume 2.05 November 12, 1993
-------------------------------------------------------------
Published by
Computer Professionals for Social Responsibility
Washington Office
(Alert@washofc.cpsr.org)
-------------------------------------------------------------
Contents
[1] Operation "Root Canal" Documents Released:
Questions Raised about FBI's Digital
Telephony Initiative
[2] GAO Report Criticizes Gov't Crypto Policy
[3] Health Care Plan Raises Privacy Questions
[4] Hacker Sentenced to One Year Imprisonment
[5] Matching grant for CPSR FOIA Work Offered
[6] New Documents in the CPSR Internet Library
[7] Upcoming Conferences and Events
-------------------------------------------------------------
[1] FBI's Operation "Root Canal" Documents Disclosed
In response to a CPSR Freedom of Information Act lawsuit, the FBI this
week released 185 pages of documents concerning the Bureau's Digital
Telephony Initiative, code-named Operation "Root Canal." The newly
disclosed material raises serious doubts as to the accuracy of the
FBI's claim that advances in telecommunications technology have
hampered law enforcement efforts to execute court-authorized wiretaps.
The FBI documents reveal that the Bureau initiated a well- orchestrated
public relations campaign in support of "proposed legislation to compel
telecommunications industry cooperation in assuring our digital
telephony intercept requirements are met." A May 26, 1992, memorandum
from the Director of the FBI to the Attorney General lays out a
"strategy ... for gaining support for the bill once it reaches
Congress," including the following:
"Each FBI Special Agent in Charge's contacting key law
enforcement and prosecutorial officials in his/her territory
to stress the urgency of Congress's being sensitized to this
critical issue;
Field Office media representatives educating their contacts
by explaining and documenting, in both local and national
dimensions, the crisis facing law enforcement and the need
for legislation; and
Gaining the support of the professional associations
representing law enforcement and prosecutors."
However, despite efforts to obtain documentation from the field in
support of Bureau claims of a "crisis facing law enforcement," the
response from FBI Field Offices was that they experienced *no*
difficulty in conducting electronic surveillance. For example, a
December 3, 1992, memorandum from Newark reported the following:
The Newark office of the Drug Enforcement Administration
"advised that as of this date, the DEA has not had any
technical problems with advanced telephone technology."
The New Jersey Attorney General's Office "has not experienced
any problems with the telephone company since the last
contact."
An agent from the Newark office of the Internal Revenue
Service "advised that since the last time he was contacted,
his unit has not had any problems with advanced telephony
matters."
An official of the New Jersey State Police "advised that
as of this date he has had no problems with the present
technology hindering his investigations."
Likewise, a memorandum from the Philadelphia Field Office reported that
the local offices of the IRS, Customs Service and the Secret Service
were contacted and "experienced no difficulties with new technologies."
Indeed, the newly-released documents contain no reports of *any*
technical problems in the field.
The documents also reveal the FBI's critical role in the development of
the Digital Signature Standard (DSS), a cryptographic means of
authenticating electronic communications that the National Institute of
Standards and Technology was expected to develop. The DSS was proposed
in August 1991 by the National Institute of Standards and Technology.
NIST later acknowledged that the National Security Agency developed the
standard. The newly disclosed documents appear to confirm speculation
that the FBI and the NSA worked to undermine the legal authority of
the NIST to develop standards for the nation's communications
infrastructure.
CPSR intends to pursue further FOIA litigation to establish the extent
of the FBI involvement in the development of the DSS and also to obtain
a "cost-benefit" study discussed in one of the FBI Director's memos and
other documents the Bureau continues to withhold.
-------------------------------------------------------------
[2] GAO Report Criticizes Gov't Crypto Policy
A Government Accounting Office report has found that government
policies are hindering the development of encryption technology at the
same time the industry is threatened by economic espionage because of
computer networks lacking adequate security. The report was requested
by House Judiciary Chair Jack Brooks.
The report _Communications Privacy: Federal Policy and Actions_
(GAO/OSI-94-2) also found that NIST followed the NSA's lead in
developing cryptographic standards for communications privacy and that
there has been little public input in this process. NIST terminated a
project in 1982 to develop a public key encryption system at the
request of NSA and in 1991 introduced a NSA developed standard for
digital signatures. In addition, no public input was solicited for the
Clipper Chip proposal until 1993, over three years after the initiation
of its development.
The report also noted the wide range of software and hardware available
outside the US and that the continued export controls are apparently
more stringent than those in other countries. This is apparently
hurting sales of U.S. software and hardware products worldwide.
Congressman Brooks said that "[I]t is deeply disturbing to find that
some U.S. government agencies are undermining American corporations
efforts to protect themselves from state-sponsored theft of trade
secrets and other propriety information." Brooks also stated that "The
plain truth is that encryption devices and software are available
around the world. The barn door is open; the horses are out. It is high
time for the government to accept this fact of life and stop hog-tying
U.S. industry with overly restrictive export controls that damage this
country's effort to compete in the global marketplace."
The GAO report is available at the CPSR Internet Library (see below).
A paper copy is available from the GAO by calling 202-512-6000.
-------------------------------------------------------------
[3] Health Care Reform Plan Released Amidst Growing Concern About
Medical Privacy
The Clinton health care reform plan was released the same week that a
new Lou Harris poll found high levels of concern about privacy among
the American public. The health care reform proposal includes important
privacy safeguards, but the measures may not go far enough to address
public concerns.
The Harris poll reveals that Americans are very much concerned about
medical record privacy. The poll conducted by Prof. Alan Westin found
that 49 percent of all Americans are very concerned and 30 percent are
somewhat concerned by the threats to their personal privacy. An
additional 56 percent believe that strong federal protection of medical
records is necessary to accomplish health care reform.
The health care reform proposal includes a strong code of fair
information practices, and an explicit prohibitions on the use of
medical record information for employment purposes. But the plan
leaves open the question of whether the Social Security Number might be
used as a patient identifier and also allows more than three years
before full legislative safeguards are established.
At a conference organized by the US Office of Consumer Affairs, CPSR
Washington Office Director Marc Rotenberg and ACLU Privacy and
Technology Project Director Janlori Goldman said that the health care
reform plan raises far-reaching privacy concerns that must be addressed
at the outset.
The Office of Technology Assessment released a new report on medical
records and privacy at a Congressional hearing held by Rep. Gary
Condit (D-CA). "Protecting Privacy in Computerized Medical Information"
explores the implications of the automation of health care information
and recommends federal legislation to address patient confidentiality
and privacy.
An electronic copy is available at the CPSR Internet Library. (see
below for location details).
Senator Patrick Leahy (D-VT) recently held a hearing to explore the
privacy implications of medical smart cards. The Senator plans to hold
a second hearing on medical record privacy later this year.
-------------------------------------------------------------
[4] Hacker Sentenced to One Year Imprisonment
Mark Abene (a.k.a. Phiber Optik) was sentenced by U.S. District Court
Judge Louis Stanton (E.D. N.Y.) to one year and one day for two counts
of computer crime. He will serve a minimum ten months before he is
eligible for release. He is also required to serve three years
probation and to do 600 hours of community service.
Abene pled guilty to two counts of computer intrusion in July relating
to incidents of break-ins at a NY television station and a Southwestern
Bell computer. He will begin his sentence on January 7, 1994.
-------------------------------------------------------------
[5] CPSR Seeking Donors for Matching FOIA Grant
A CPSR member who wishes to remain anonymous has offered a $500
matching grant to support CPSR's Freedom of Information Act litigation.
If you are interested in supporting CPSR's FOIA work, please send a
message to rotenberg@washofc.cpsr.org
-------------------------------------------------------------
[6] The CPSR Internet Library
The Congressional Office of Technology Assessment report "Protecting
Privacy in Computerized Medical Information"
/cpsr/medical/1993_ota_medical_privacy_report.txt
The Clinton health care reform bill and overview (almost 8 megs)
/cpsr/medical/clinton_health_care_reform/ (folder).
The GAO report is available as
1993_gao_communications_privacy_report.txt in folder cpsr/crypto.
The CPSR Internet Library is available via FTP/WAIS/Gopher from
cpsr.org /cpsr. Materials from Privacy International, the Taxpayers
Assets Project and the Cypherpunks are also archived. For more
information, contact Al Whaley (al@sunnyside.com)
-------------------------------------------------------------
[7] Upcoming Conferences and Events
"Cyberculture Houston 93." Houston, Tx. December 10-12, Contact:
cyber@fisher.psych.uh.edu.
Worldwide Electronic Commerce: Law, Policy and Controls Conference.
MultiCorp, Inc and American Bar Association. Waldorf Astoria Hotel,
New York City. January 17 - 18, 1994. Contact: Fred Sammet
(76520.3713@CompuServe.COM), Phone (214) 516-4900, fax at (214)
475-5917.
"Highways and Toll Roads: Electronic Access in the 21st Century" Panel
Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994
2:30 - 5:30pm. Sponsored by the Association for Computing Machinery
(ACM). Contact: Barbara Simons (simons@vnet.ibm.com)
"Computers, Freedom and Privacy 94." Chicago, Il. March 23-26.
Sponsored by ACM and The John Marshall Law School. Contact: George
Trubow, 312-987-1445 (CFP94@jmls.edu).
CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened
Information Infrastructure." MIT Media Lab, Cambridge, MA. April 1994
(tentative). Contact: Doug Schuler (doug.schuler@cpsr.org).
5th Conference On Women Work And Computerization "Breaking Old
Boundaries: Building New Forms." UMIST, Manchester, UK. July 2-5. 94
Abstracts by 10/1/93. Contact: Andrew Clement (clement@vax.ox.ac.uk)
(Send calendar submissions to Alert@washofc.cpsr.org)
=======================================================================
To subscribe to the Alert, send the message:
"subscribe cpsr <your name>" (without quotes or brackets)
to listserv@gwuvm.gwu.edu. Back issues of the Alert are available at
the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert
Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society. Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country. Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science. Membership is open to everyone.
For more information, please contact: cpsr@cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).
=======================================================================
CPSR MEMBERSHIP FORM
Name ______________________________________________________________
Address ___________________________________________________________
___________________________________________________________________
City/State/Zip ____________________________________________________
Home phone _____________________ Work phone _____________________
Company ___________________________________________________________
Type of work ______________________________________________________
E-mail address ____________________________________________________
CPSR Chapter
__ Acadiana __ Austin __ Berkeley
__ Boston __ Chicago __ Denver/Boulder
__ Los Angeles __ Madison __ Maine
__ Milwaukee __ Minnesota __ New Haven
__ New York __ Palo Alto __ Philadelphia
__ Pittsburgh __ Portland __ San Diego
__ Santa Cruz __ Seattle __ Washington, DC
__ Virtual Chapter (worldwide) __ No chapter in my area
CPSR Membership Categories
__ $ 75 REGULAR MEMBER __ $ 50 Basic member
__ $ 200 Supporting member __ $ 500 Sponsoring member
__ $1000 Lifetime member __ $ 50 Foreign subscriber
__ $ 20 Student/low income members
__ $ 50 Library/institutional subscriber
Additional tax-deductible contribution to support CPSR projects:
__ $50 __ $75 __ $100 __ $250
__ $500 __ $1000 __ Other
Total Enclosed: $ ________
Make check out to CPSR and mail to:
CPSR
P.O. Box 717
Palo Alto, CA 94301
------------------------ END CPSR Alert 2.05-----------------------
Return to November 1993
Return to “szabo@netcom.com (Nick Szabo)”