From: Dave Banisar <banisar@washofc.epic.org>
Date: Thu, 16 Jun 94 19:07:09 PDT
To: Cypherpunks List <cypherpunks@toad.com>
Subject: EPIC Alert 1.02
Message-ID: <00541.2854648641.6481@washofc.epic.org>
MIME-Version: 1.0
Content-Type: text/plain


Date	6/16/94
Subject	EPIC Alert 1.02
From	Dave Banisar
To	CPSR  Listserv

  EPIC Alert 1.02
      =============================================================
    
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
     
    ============================================================
    Volume 1.02                                    June 16, 1994
    ------------------------------------------------------------
    
                        Published by the
           Electronic Privacy Information Center (EPIC)
                         Washington, DC
                        (Alert@epic.org)
     
-----------------------------------------------------------------------
Table of Contents
-----------------------------------------------------------------------
 
 [1] NIST Adopts Digital Signature Standard
 [2] National Performance Review Issues Info Tech Report
 [3] Federal Telephone Transactional Surveillance Increases
 [4] IRS Issues Privacy Principles
 [5] Government Printing Office Goes Online
 [6] New Files at the Internet Library
 [7] Upcoming Conferences and Events
 
-----------------------------------------------------------------------
 [1] NIST Adopts Digital Signature Standard
-----------------------------------------------------------------------
 
On May 19, the National Institute of Standards and Technology approved
its cryptographic standard to provide digital signatures for
electronic documents. Digital signatures are used to authenticate
users and to ensure that messages are not altered. These assurances
are important for applications such as electronic commerce and virus
protection.

The DSS has been mired in controversy since its announcement in 1991.
NIST originally planned to develop an algorithm that also provided
privacy and confidentiality protection to replace the current
government Data Encryption Standard (DES). Documents obtained by CPSR
reveal that the National Security Agency pressured NIST into adopting
the DSS instead. In 1993, NIST proposed the NSA-developed Clipper Chip
to replace DES.

The DSS has also been controversial because RSA Data Security claims
that it infringes several of its patents. NIST contends that it found
no patent infringements.

-----------------------------------------------------------------------
 [2] National Performance Review Releases Info Tech Report
-----------------------------------------------------------------------

Vice President Al Gore's National Performance Review this week
released the long awaited report "Reengineering Through Information
Technology."

The report finds that the federal government lacks leadership and a
coherent plan to address information technology issues. It concludes
that "government is falling dangerously behind the private sector in
using technology to deliver services."

The privacy and security sectio
of a privacy organization within the executive branch. The
organization would advise the president, assist federal agencies,
coordinate US privacy initiatives with international organizations,
and advise state and local governments on privacy issues. The
Information Infrastructure Task Force (IITF) is directed to provide
recommendations on the creation of the organization, including its
size, authority and budget. The IITF will either propose a draft
executive order or legislation for its creation. Office of Management
and Budget official Bruce McConnell is in charge of the effort.

The IITF is also directed to create an interagency task force to
develop uniform privacy principles for information systems by July
1994, coordinated by the OMB. The task force must issue a report in
less a year.

The report calls for NIST, in consultation with the OMB and the
assistance of the NSA, to "create opportunities for industry to
develop the encryption capabilities required for protection of
networked distributed systems." A high priority is set for "finalizing
and promulgating digital encryption standards."

A copy of the full report is available from cpsr.org. See below for
details.

-----------------------------------------------------------------------
 [3] Transactional Surveillance Increased in 1993
-----------------------------------------------------------------------
 
Federal law enforcement use of telephone transactional records
increased in 1993 for the sixth straight year. Last year, the FBI, the
Drug Enforcement Administration, the Immigration and Naturalization
Service and the Marshals Service increased their use of pen registers
and trap and trace devices sharply over 1992.

Pen registers capture the telephone numbers of every phone call made
from a particular line. In 1993, 3,423 orders for pen registers
affecting the lines of 8,130 people were issued, a nine percent
increase over 1992's total. Since 1987, when the use of pen registers
became regulated under the Electronic Communications Privacy Act,
their use has increased 201 percent. While the number of telephone
numbers captured is not available, in 1987 the DEA reported that for
716 installed pen registers, over 53,000 numbers were recorded.

The use of trap and trace devices also increased sharply in 1993 (up
221 percent over 1992), to a total of 2,153 orders affecting 3,777
persons. Since 1987, the use of trap and trace devices has increased
over 2,300 percent. Trap and trace devices capture the originating
telephone numbers of incoming calls to a particular phone line. In
1987, the DEA reported that 91 trap and trace devices captured 2,886
numbers.

-----------------------------------------------------------------------
 [4] IRS Issues Privacy Guidelines
-----------------------------------------------------------------------

The Internal Revenue Service has issued Privacy Guidelines to assist
its employees in maintaining the confidentiality of taxpayer
information. The guidelines provide no additional legal authority but
are intended to remind employees of their already existing legal
obligations.

In 1993, the General Accounting Office reported that 368 IRS employees
had been caught browsing through files, inspecting the records of
relatives and celebrities.

The guidelines set out 10 principles that each employee should follow:

1. Protecting taxpayer privacy and safeguarding confidential taxpayer
information is a public trust.

2. No information will be collected or used with respect to taxpayers
that is not necessary and relevant for tax administration and other
legally mandated or authorized purposes.

3. Information will be collected, to the greatest extent practicable,
directly from the taxpayer to whom it relates.

4. Information about taxpayers collected from third parties will be
verified to the extent practicable with the taxpayers themselves
before action is taken against them.

5. Personally identifiable taxpayer information will be used only for
the purpose for which it was collected, unless other uses are
specifically authorized or mandated by law.

6. Personally identifiable taxpayer information will be disposed of at
the end of the retention period required by law or regulation.

7. Taxpayer information will be kept confidential and will not be
discussed with, nor disclosed to, any person within or outside the IRS
other than as authorized by law in the performance of official duties.

8. Browsing, or any unauthorized access of taxpayer information by any
IRS employee, constitutes a serious breach of the confidentiality of
that information and will not be tolerated.

9. Requirements governing the accuracy, reliability, completeness, and
timeliness of taxpayer information will be such as to ensure fair
treatment of all taxpayers.

10. The privacy rights of taxpayers will be respected at all times and
every taxpayer will be treated honestly, fairly, and respectfully.

Henry Philcox of the IRS told the EPIC Alert that the IRS has produced
instructional videotapes which display scenarios where the privacy
guidelines would be in effect. The IRS has also appointed Rob Veeder,
formerly with the Office of Management and Budget, as director of its
privacy project. Veeder will be on board at the IRS within a few
weeks.


-----------------------------------------------------------------------
 [5] Federal Register, Congressional Record Online	
-----------------------------------------------------------------------

The Government Printing Office has made the Federal Register, the
Congressional Record and copies of bills signed by the President
available on the Internet through its online service.

The Federal Register contains notices filed by every federal agency of
proposed rules, decisions and other operations. The Congressional
Record contains floor statements, copies of some pending legislation
and other materials from both the Senate and the House of
Representatives.

This project is the culmination of a three year effort, led by
Taxpayers Assets Project and the American Library Association, to
increase access to federal government information. Their campaign
resulted in the enactment of the GPO WINDO bill in 1993, which
mandated that the Government Printing Office offer online access to
the Federal Register and the Congressional Record and encouraged more
government agencies to make information available electronically.

However, the high costs for the services have led many to question
whether this project will improve access to government information.
For a single user, access to the Federal Register and the
Congressional Record will cost $375 per year for each publication.
Monthly access at $35 is also available. No provisions are available
for occasional searches. Taxpayers Assets Project has filed a formal
appeal with the GPO, asking it to reconsider its pricing scheme.

For more information on access, telnet to wais.access.gpo.gov, login:
newuser, press <enter> for password or call 202-512-1661, login: wais,
password: <enter>, login: newuser, password: <enter>.


-----------------------------------------------------------------------
 [6] Files Available for retrieval
-----------------------------------------------------------------------

New files on Clipper. /privacy/crypto/privacy
nist_reponse_to_blaze_paper.txt
nist_response_senate_questions_6_94.txt
nsa_response_senate_questions_6_94.txt

Vice President Gore's National Performance Review Report on
Information Technology. /privacy/communications/ 
national_performance_review_info_tech_report.txt
   
Files on the current crisis in the Italian bulletin board community
cpsr/computer_crime
italy_crackdown_may94   News reports on the police crackdown on BBSs
accused of pirating software; large-scale confiscation of equipment.
 
italy_net_politics Speech by Bernardo Parrella of Agora (a
multi-lingual Internet site in Italy: agora.stm.it) on the current
state of BBS's and networking in Italy.

The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from
Privacy International, the Taxpayers Assets Project and the
Cypherpunks are also archived. For more information, contact
ftp-admin@cpsr.org.
  	  

-----------------------------------------------------------------------
 [7] Upcoming Privacy Related Conferences and Events
-----------------------------------------------------------------------

DEF CON ][ ("underground" computer culture) "Load up your laptop
Muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July
22-24. Contact: dtangent@defcon.org.

Symposium on Privacy and Intelligent Vehicle-Highway Systems. Santa
Clara University, Santa Clara, California.  July 29-30.  Contact:
Professor Dorothy J. Glancy 408-554-4075 (tel), 408-554-4426 (fax),
dglancy@suacc.scu.edu.

Hackers on Planet Earth: The First US Hacker Congress. Hotel
Pennsylvania, New York City, NY. August 13-14. Sponsored by 2600
Magazine. Contact: 2600@well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, The
Netherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (davies@privint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands.  September 6-8.  Contact: B. Crouwers 31 70 3190190 (tel),
31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre <pagre@weber.ucsd.edu>

Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16. Sponsored by the
Center for Art Research in Boston. Contact: Jay Jaroslav
(jaroslav@artdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina. October 27-28. Sponsored by CPSR. Contact:
trigg@parc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November
11-13. Sponsored by ACM. Contact: jkizza@utcvm.utc.edu
 
            (Send calendar submissions to Alert@epic.org)

=======================================================================
 
To subscribe to the EPIC Alert, send the message:
 
"subscribe cpsr-announce <your name>" (without quotes or brackets) to
listserv@cpsr.org. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce

=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email info@epic.org, or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
 
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: cpsr@cpsr.org
 
------------------------- END EPIC Alert 1.02 -------------------------