[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CPSR Alert 2.05



  CPSR Alert 2.05
     ==============================================================
  
       @@@@  @@@@   @@@   @@@@        @    @     @@@@  @@@@ @@@@@@
       @     @  @  @      @  @       @ @   @     @     @  @    @
       @     @@@     @    @@@       @@@@@  @     @@@   @@@     @
       @     @        @   @  @      @   @  @     @     @  @    @
       @@@@  @     @@@    @   @     @   @  @@@@  @@@@  @   @   @
  
     =============================================================
     Volume  2.05                                November 12, 1993
     -------------------------------------------------------------
  
                             Published by
             Computer Professionals for Social Responsibility
                           Washington Office
                       ([email protected])                        
      
     -------------------------------------------------------------
  
Contents
  
        [1] Operation "Root Canal" Documents Released:
		  Questions Raised about FBI's Digital
            Telephony Initiative
        [2] GAO Report Criticizes Gov't Crypto Policy
        [3] Health Care Plan Raises Privacy Questions
        [4] Hacker Sentenced to One Year Imprisonment
        [5] Matching grant for CPSR FOIA Work Offered
        [6] New Documents in the CPSR Internet Library
        [7] Upcoming Conferences and Events
  
     -------------------------------------------------------------
  
[1]  FBI's Operation "Root Canal" Documents Disclosed

In response to a CPSR Freedom of Information Act lawsuit, the FBI this
week released 185 pages of documents concerning the Bureau's Digital
Telephony Initiative,  code-named Operation "Root Canal." The newly
disclosed material raises serious doubts as to the accuracy of the
FBI's claim that advances in telecommunications technology have
hampered law enforcement efforts to execute court-authorized wiretaps.

The FBI documents reveal that the Bureau initiated a well- orchestrated
public relations campaign in support of "proposed legislation to compel
telecommunications industry cooperation in assuring our digital
telephony intercept requirements are met."  A May 26, 1992, memorandum
from the Director of the FBI to the Attorney General lays out a
"strategy ... for gaining support for the bill once it reaches
Congress," including the following:

     "Each FBI Special Agent in Charge's contacting key law
     enforcement and prosecutorial officials in his/her territory
     to stress the urgency of Congress's being sensitized to this
     critical issue;

     Field Office media representatives educating their contacts
     by explaining and documenting, in both local and national
     dimensions, the crisis facing law enforcement and the need
     for legislation; and

     Gaining the support of the professional associations
     representing law enforcement and prosecutors."

However, despite efforts to obtain documentation from the field in
support of Bureau claims of a "crisis facing law enforcement," the
response from FBI Field Offices was that they experienced *no*
difficulty in conducting electronic surveillance.  For example, a
December 3, 1992, memorandum from Newark reported the following:

     The Newark office of the Drug Enforcement Administration
     "advised that as of this date, the DEA has not had any
     technical problems with advanced telephone technology."

     The New Jersey Attorney General's Office "has not experienced
     any problems with the telephone company since the last
     contact."

     An agent from the Newark office of the Internal Revenue
     Service "advised that since the last time he was contacted,
     his unit has not had any problems with advanced telephony
     matters."

     An official of the New Jersey State Police "advised that
     as of this date he has had no problems with the present
     technology hindering his investigations."

Likewise, a memorandum from the Philadelphia Field Office reported that
the local offices of the IRS, Customs Service and the Secret Service
were contacted and "experienced no difficulties with new technologies."
Indeed, the newly-released documents contain no reports of *any*
technical problems in the field.

The documents also reveal the FBI's critical role in the development of
the Digital Signature Standard (DSS), a cryptographic means of
authenticating electronic communications that the National Institute of
Standards and Technology was expected to develop.  The DSS was proposed
in August 1991 by the National Institute of Standards and Technology.
NIST later acknowledged that the National Security Agency developed the
standard.  The newly disclosed documents appear to confirm speculation
that the  FBI and the NSA worked to undermine the legal authority of
the NIST to develop standards for the nation's communications
infrastructure.

CPSR intends to pursue further FOIA litigation to establish the extent
of the FBI involvement in the development of the DSS and also to obtain
a "cost-benefit" study discussed in one of the FBI Director's memos and
other documents the Bureau continues to withhold.

       -------------------------------------------------------------
  
[2] GAO Report Criticizes Gov't Crypto Policy

A Government Accounting Office report has found that government
policies are hindering the development of encryption technology at the
same time the industry is threatened by economic espionage because of
computer networks lacking adequate security.  The report was requested
by House Judiciary Chair Jack Brooks.

The report _Communications Privacy: Federal Policy and Actions_
(GAO/OSI-94-2) also found that NIST followed the NSA's lead in
developing cryptographic standards for communications privacy and that
there has been little public input in this process. NIST terminated a
project in 1982 to develop a public key encryption system at the
request of NSA and in 1991 introduced a NSA developed standard for
digital signatures. In addition, no public input was solicited for the
Clipper Chip proposal until 1993, over three years after the initiation
of its development.

The report also noted the wide range of software and hardware available
outside the US and that the continued export controls are apparently
more stringent than those in other countries. This is apparently
hurting sales of U.S. software and hardware products worldwide.

Congressman Brooks said that "[I]t is deeply disturbing to find that
some U.S. government agencies are undermining American corporations
efforts to protect themselves from state-sponsored theft of trade
secrets and other propriety information." Brooks also stated that "The
plain truth is that encryption devices and software are available
around the world. The barn door is open; the horses are out. It is high
time for the government to accept this fact of life and stop hog-tying
U.S. industry with overly restrictive export controls that damage this
country's effort to compete in the global marketplace."

The GAO report is available at the CPSR Internet Library (see below).

 A paper copy is available from the GAO by calling 202-512-6000.
  
       -------------------------------------------------------------

[3] Health Care Reform Plan Released Amidst Growing Concern About
Medical Privacy

The Clinton health care reform plan was released the same week that a
new Lou Harris poll found high levels of concern about privacy among
the American public. The health care reform proposal includes important
privacy safeguards, but the measures may not go far enough to address
public concerns.

The Harris poll reveals that Americans are very much concerned about
medical record privacy.  The poll conducted by Prof. Alan Westin found
that 49 percent of all Americans are very concerned and 30 percent are
somewhat concerned by the threats to their personal privacy. An
additional 56 percent believe that strong federal protection of medical
records is necessary to accomplish health care reform.

The health care reform proposal includes a strong code of fair
information practices, and an explicit prohibitions on the use of
medical record information for employment purposes.  But the plan
leaves open the question of whether the Social Security Number might be
used as a patient identifier and also allows more than three years
before full legislative safeguards are established.

At a conference organized by the US Office of Consumer Affairs, CPSR
Washington Office Director Marc Rotenberg and ACLU Privacy and
Technology Project Director Janlori Goldman said that the health care
reform plan raises far-reaching privacy concerns that must be addressed
at the outset.

The Office of Technology Assessment released a new report on medical
records and  privacy at a Congressional hearing held by Rep. Gary
Condit (D-CA). "Protecting Privacy in Computerized Medical Information"
explores the implications of the  automation of health care information
and recommends federal legislation to  address patient confidentiality
and privacy.

An electronic copy  is  available at the CPSR Internet Library. (see
below for location details).

Senator Patrick Leahy (D-VT) recently held a hearing to explore the
privacy implications of medical smart cards.  The Senator plans to hold
a second hearing on medical record privacy later this year.
  
       -------------------------------------------------------------
  
[4] Hacker Sentenced to One Year Imprisonment

Mark Abene (a.k.a. Phiber Optik) was sentenced by U.S. District Court
Judge Louis Stanton (E.D. N.Y.) to one year and one day for two counts
of computer crime. He will serve a minimum ten months before he is
eligible for release. He is also required to serve three years
probation and to do 600 hours of community service.

Abene pled guilty to two counts of computer intrusion in July relating
to incidents of break-ins at a NY television station and a Southwestern
Bell computer. He will begin his sentence on January 7, 1994.

       -------------------------------------------------------------
  
[5] CPSR Seeking Donors for Matching FOIA Grant

A CPSR member who wishes to remain anonymous has offered a $500
matching grant to support CPSR's Freedom of Information Act litigation.
If you are interested in supporting CPSR's FOIA work, please send a
message to [email protected]

       -------------------------------------------------------------

[6]  The CPSR Internet Library
  
The Congressional Office of Technology Assessment report "Protecting
Privacy in Computerized Medical Information"

/cpsr/medical/1993_ota_medical_privacy_report.txt

The Clinton health care reform bill and overview (almost 8 megs)
/cpsr/medical/clinton_health_care_reform/ (folder).

The GAO report is available as
1993_gao_communications_privacy_report.txt in folder cpsr/crypto.
  
The CPSR Internet Library is available via FTP/WAIS/Gopher from
cpsr.org /cpsr. Materials from Privacy International, the Taxpayers
Assets Project and the Cypherpunks are also archived. For more
information, contact Al Whaley ([email protected])
  
       -------------------------------------------------------------
  
[7] Upcoming Conferences and Events

"Cyberculture Houston 93." Houston, Tx. December 10-12,  Contact:
[email protected].

Worldwide Electronic Commerce: Law, Policy and Controls Conference.
MultiCorp, Inc and American Bar Association.  Waldorf Astoria Hotel,
New York City. January 17 - 18, 1994.  Contact: Fred Sammet
([email protected]), Phone (214) 516-4900, fax at (214)
475-5917.

"Highways and Toll Roads: Electronic Access in the 21st Century" Panel
Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994
2:30 - 5:30pm. Sponsored by the Association for Computing Machinery
(ACM). Contact: Barbara Simons ([email protected])

"Computers, Freedom and Privacy 94." Chicago, Il. March 23-26.
Sponsored by ACM and The John Marshall Law School. Contact: George
Trubow, 312-987-1445 ([email protected]).

CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened
Information Infrastructure." MIT Media Lab, Cambridge, MA. April 1994
(tentative). Contact: Doug Schuler ([email protected]).

5th Conference On Women Work And Computerization "Breaking Old
Boundaries: Building New Forms." UMIST, Manchester, UK. July 2-5. 94
Abstracts by 10/1/93. Contact: Andrew Clement ([email protected])
  
         (Send calendar submissions to [email protected])
  
=======================================================================
  
To subscribe to the Alert, send the message:

"subscribe cpsr <your name>" (without quotes or brackets)
to [email protected].  Back issues of the Alert are available at
the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society. Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country. Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science. Membership is open to everyone.

For more information, please contact: [email protected] or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).

=======================================================================

CPSR MEMBERSHIP FORM

Name ______________________________________________________________

Address ___________________________________________________________

___________________________________________________________________

City/State/Zip ____________________________________________________

Home phone  _____________________  Work phone _____________________

Company ___________________________________________________________

Type of work ______________________________________________________

E-mail address ____________________________________________________
  
  CPSR Chapter
        __ Acadiana       __ Austin       __ Berkeley
        __ Boston         __ Chicago      __ Denver/Boulder
        __ Los Angeles    __ Madison      __ Maine
        __ Milwaukee      __ Minnesota    __ New Haven
        __ New York       __ Palo Alto    __ Philadelphia
        __ Pittsburgh     __ Portland     __ San Diego
        __ Santa Cruz     __ Seattle      __ Washington, DC
        __ Virtual Chapter (worldwide)    __ No chapter in my area
  
  CPSR Membership Categories
  
   __  $  75  REGULAR MEMBER              __  $  50  Basic member
   __  $ 200  Supporting member           __  $ 500  Sponsoring member
   __  $1000  Lifetime member             __  $  50  Foreign subscriber
   __  $  20  Student/low income members
   __  $  50  Library/institutional subscriber
  
    Additional tax-deductible contribution to support CPSR projects:
  
         __  $50     __  $75      __  $100    __  $250
         __  $500    __  $1000    __  Other
  
     Total Enclosed:  $ ________
  
     Make check out to CPSR and mail to:
           CPSR
           P.O. Box 717
           Palo Alto, CA  94301
  
  ------------------------ END CPSR Alert 2.05-----------------------