PRIVACY Forum Digest Saturday, 19 September 1992 Volume 01 : Issue 18 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: Telephone comm encryption (Jerry Leichter) Telemarketing (Gerald M. Phillips) Re: "No data collection" pledge as marketing advantage (Jeff Johnson) Postal service privacy RISK (Daniel Burstein) CPSR Seeks Wiretap Info from FBI (Marc Rotenberg) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 18 Quote for the day: "Nothing can go wrong." -- Promotional slogan at the "Delos" resort. "Westworld" (1973) ---------------------------------------------------------------------- Date: Thu, 17 Sep 92 08:36:44 EDT From: Jerry Leichter Subject: Re: Telephone comm encryption Daniel Burstein asks whether anyone manufactures a telephone encryption device as a module that would fit between the handset and the base unit - and if not, why no one has built such an obvious thing. It's not as easy as Mr. Burstein believes! Doing even slightly secure encryp- tion in the analogue domain is quite difficult and expensive. That's way units that do frequency spectrum inversion are still being sold today, at least 50 years after they were first built (and soon found not to be very secure: Even with no electronics, with practice a human being can learn to interpret such a signal). All the fancy encryption technologies of today are digital. So, you ask the obvious question: Why not digitize the signal, encrypt it, then convert it back to analogue for transmission over the phone line? Unfortunately, that doesn't work. A phone line is a noise, sharply bandwidth-limited channel. The output of any decent encryptor will look like essentially random bits, which implies that if transformed back to the analogue domain, it will have its energy spread over a broad spectrum of frequencies - much broader than the original signal. Further, that signal will not be able to tolerate the kinds of distortions a typical telephone channel imposes - the underlying information will also be spread all over the spectrum. It WOULD theoretically be possible to take the output digital data stream and encode it using a fast modem technology - say, the 14.4kbps of V.32bis. (Note that you are pretty certain not to be able to compress an encrypted data stream, so the much higher "typical" numbers you see in the modem ads, which all assume compression, don't apply.) There are many problems with this approach: - While it's possible to encode understandable speech at 14.4kbps (you can actually get well below that), the result will hardly be up to the standards people are used to. - Encoding speech that well is a complicated, expensive process. (When the telephone company digitizes voice channels, it uses 56kbps.) - Not all phone connections will support a 14.4kpbs connection. The V.32bis fallback speeds probably won't be fast enough. - Getting bits through this fast with any reliability requires error checking and possible retransmission. This results in delays, which will have odd effects on the sound of the resulting speech. It may no longer be understandable. Still, I suppose with the technology now available (but really not available more than a year or so ago), one might be able to build such a box. Without a ready source of cheap low-rate speech encoder chips, it would be a fairly expensive piece of equipment. But perhaps there's a sufficient market. (Note that with ISDN, the problem goes away: You are ALREADY sending a digital stream to the telephone company; it makes no difference how that stream has beeen pre-processes before it is handed off, since the ISDN connection provides a transparent "bit pipe".) -- Jerry ------------------------------ Date: Thu, 17 Sep 92 09:12 EDT From: Subject: Telemarketing There were several references to phone marketing in the last issue. On the "Seinfeld" show of September 16, Jerry was called by a phone solicitor. His response was, "give me your home phone number and I'll call you back." Apparently the other party demurred and Seinfeld replied, "well, neither do I." He then hung up. As a disabled American, I am very concerned with privacy. It takes genuine effort to answer the door when the Adventists come around and sometimes trying to reach the phone before it stops ringing almost brings on a medical crisis. It is very disheartening to find you have made that effort for MCI. While I am interested in the sophisticated issues that have characterized these discussions, I would appreciate any advisories about legal protection or recourse I might have against simple invasions of privacy by door-to-door and phone solicitors. Also, please note, in my signature below -- our Ejournal could use a serious statement on this issue in our forthcoming issue. If anyone is interested, please write me privately and I will send a brochure detailing submission policies. I wanted to send a general announcement, but it struck me that solicitation over Email is also an egregious violation of rights. GMP@PSUVM Gerald M. Phillips (Professor Emeritus), Speech Communication Editor, IPCT: An Electronic Journal for the 21st Century ISSN 1064-4326 Pennsylvania State University, University Park, PA 16802 Manuscripts are being accepted for the January, 1993 issue [ Assuming that the IPCT Journal is involved in privacy-related issues, I'd have no problem at all in sending out a "general announcement" with more information through the PRIVACY Forum. -- MODERATOR ] ------------------------------ Date: Thu, 17 Sep 92 09:09:45 -0700 From: Jeff Johnson Subject: Re: "No data collection" pledge as marketing advantage Lynn R Grant writes: > Regarding Randy Gellins' comment in V16 about whether stores could use > the fact that they don't collect data about your buying habits as a > marketing advantage... Some companies and non-profits have long used similar pledges as an incentive to prospective customers. MAD magazine has for decades made the following pledge in each issue of their magazine: "Our pledge: MAD will not sell or give your name and address to anyone for any reason!" Similarly, Computer Professionals for Social Responsibility (CPSR) attracts more members than it otherwise would by making the following pledge: "The CPSR membership database is never sold, rented, lent, exchanged, or used for anything other than official CPSR activity. CPSR may elect to send members mailings with information from other groups, but the mailings will always originate with CPSR." JJ [ Of course, MAD Magazine always had (and probably still has) a person listed in the masthead specifically for "Lawsuits"! -- MODERATOR ] ------------------------------ Date: Fri, 18 Sep 92 05:49 GMT From: Daniel Burstein <0001964967@mcimail.com> Subject: postal service privacy RISK There have been quite a few articles discussing the privacy aspects (or lack thereof), based on the US Postal Service's databases - especially the "forwarding" system. The following article, from "Labor Notes" [with permission -- MODERATOR] (7435 Michigan Avenu, Detroit, Mich. 48210 (313) 842-6262) #160, July 1992, is targeted towards labor issues, but people reading this Digest will quickly grasp the RISKS involved with videotaping all postal envelopes. (see additional comments added at end). ------------- Title: Fighting Privatization. Postal workers urge campaign to organize the new, private sector, mailing industry. by: Sarah Ryan Text: If top US Postal Service officials have their way, private corporations will sort most of the mail by the mid 1990s. And the jobs will pay little better than minimum wage. But some members of the American Postal Workers Union are hoping to block management's plan with an organizing drive in the private sector mailing industry. A resolution will be presented to teh August APWU national convention would, if passed, require the union, which has until now included only government employees, to begin to organize workers in privately-held automated mail processing plants. Over 40,000 postal union jobs have been eliminated in the last two and a half years, and at least 55,000 more are slated to go by 1995. While many postal workers and union officials believe they are losing jobs to "automation," postal work is being pushed into the hands of an alternate, privately-ownbed, mailing industry. Management calls the process "worksharing." contractors are eager to jump inbto mail processing and take advantage of the extremely low wages, absence of unions, new high-speed mail processing equipment, and public subsidies. subtitle: Worksharing A year ago USPS announced that the new Remote Video Encoding operation would be contracted out. Remote encoding was developed as a way to sort mail which cannot be "read" by optical character readers and bar code sorting machines. RVE also allows mail to be sorted without highly trained workers. Some mail, such as handwritten letters, cannot now be read by machines. The new process will transmit the image of these letters through telephone lines to a data entry operator at a video terminal. The worker enters an extract code, and a bar code is chosen by computer and applied to the letter. The operator can be thousands of miles away from the mail. According to former Postmaster General Anthony Frank, the remote video operation will eventually replace most to the nation's 49,000 mechanical letter sorting machine jobs. Over 200 remote keying sites are planned; the first ones are already on line. [the article then goes on to discuss the various financial incentives being proposed by the USPS -and- local governments for the companies setting up these remote operations. It also compares the salaries for the workers. Other tidbits in the piece describe some specific labor issues, use of convicts by the USPS, and the like) ------------- Added comments: No doubt the first few machines will only be used for sorting and bar-code spraying handwritten addresses. HOWEVER, given OCR technology, it would be quite trivial to have EVERY piece of correspondence going through the USPS scanned, and a data list of who sent what to whom could be generated. I can't cite the reference this moment, but I'm pretty sure the courts have ruled that "mail covers" are legal WITHOUT a search warrant. In other words, "they" can look at the return addresses on the letters in your mailbox (or the addresses you send "to") without legal hassles. (Contents, though, are protected, a little...) Seems it may be time to change some laws... ------------------------------ Date: Fri, 18 Sep 1992 10:32:20 EDT From: Marc Rotenberg Subject: CPSR Seeks Wiretap Info from FBI "CPSR Seeks Wiretap Info from FBI" PRESS RELEASE WASHINGTON, DC September 17, 1992 4:30 pm Contact: Marc Rotenberg, CPSR Director (202/544-9240) rotenberg@washofc.cpsr.org David Sobel, CPSR Legal Counsel (202/544-9240) sobel@washofc.cpsr.org CPSR Sues FBI For Information About Wiretap Proposal: Seeks Reasons for New Plan Washington, DC - Computer Professional for Social Responsibility filed suit today against the FBI for information about a new wiretap proposal. The proposal would expand FBI wiretap power and give the Bureau authority to set technical standards for the computer and communications industry. The suit was filed after the FBI failed to make the information public. In April, CPSR requested documents from the Bureau about the reasons for the proposal. The FBI denied that any information existed. But when CPSR pursued the matter with the Department of Justice, the Bureau conceded that it had the information. Now CPSR is trying to force the Bureau to disclose the records. The proposal expands the FBI's ability to intercept communications. It would mandate that every communication system in the United States have a built-in "remote monitoring" capability to make wiretap easier. The proposal covers all communication equipment from office phone systems to advanced computer networks. Companies that do not comply face fines of $10,000 per day. The proposal is opposed by leading phone companies and computer manufacturers, including AT&T, IBM, and Digital Equipment Corporation. Many charge that the FBI has not been adequately forthcoming about the need for the legislation. According to CPSR Washington Office director Marc Rotenberg, "A full disclosure of the reasons for this proposal is necessary. The FBI simply cannot put forward such a sweeping recommendation, keep important documents secret, and expect the public to sign off." In a related effort, a 1989 CPSR FOIA suit uncovered evidence that the FBI established procedures to monitor computer bulletin boards in 1982. CPSR is a national membership organization of computer professionals with over 2,500 members based in Palo Alto, California with offices in Washington, DC and Cambridge, Massachusetts and chapters in over a dozen metropolitan areas across the nation. For membership information, please contact CPSR, P.O. Box 717, Palo Alto, CA 94303, (415) 322- 3778, cpsr@csli.stanford.edu. ------------------------------ End of PRIVACY Forum Digest 01.18 ************************