CPSR Alert 2.05 ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.05 November 12, 1993 ------------------------------------------------------------- Published by Computer Professionals for Social Responsibility Washington Office (Alert@washofc.cpsr.org) ------------------------------------------------------------- Contents [1] Operation "Root Canal" Documents Released: Questions Raised about FBI's Digital Telephony Initiative [2] GAO Report Criticizes Gov't Crypto Policy [3] Health Care Plan Raises Privacy Questions [4] Hacker Sentenced to One Year Imprisonment [5] Matching grant for CPSR FOIA Work Offered [6] New Documents in the CPSR Internet Library [7] Upcoming Conferences and Events ------------------------------------------------------------- [1] FBI's Operation "Root Canal" Documents Disclosed In response to a CPSR Freedom of Information Act lawsuit, the FBI this week released 185 pages of documents concerning the Bureau's Digital Telephony Initiative, code-named Operation "Root Canal." The newly disclosed material raises serious doubts as to the accuracy of the FBI's claim that advances in telecommunications technology have hampered law enforcement efforts to execute court-authorized wiretaps. The FBI documents reveal that the Bureau initiated a well- orchestrated public relations campaign in support of "proposed legislation to compel telecommunications industry cooperation in assuring our digital telephony intercept requirements are met." A May 26, 1992, memorandum from the Director of the FBI to the Attorney General lays out a "strategy ... for gaining support for the bill once it reaches Congress," including the following: "Each FBI Special Agent in Charge's contacting key law enforcement and prosecutorial officials in his/her territory to stress the urgency of Congress's being sensitized to this critical issue; Field Office media representatives educating their contacts by explaining and documenting, in both local and national dimensions, the crisis facing law enforcement and the need for legislation; and Gaining the support of the professional associations representing law enforcement and prosecutors." However, despite efforts to obtain documentation from the field in support of Bureau claims of a "crisis facing law enforcement," the response from FBI Field Offices was that they experienced *no* difficulty in conducting electronic surveillance. For example, a December 3, 1992, memorandum from Newark reported the following: The Newark office of the Drug Enforcement Administration "advised that as of this date, the DEA has not had any technical problems with advanced telephone technology." The New Jersey Attorney General's Office "has not experienced any problems with the telephone company since the last contact." An agent from the Newark office of the Internal Revenue Service "advised that since the last time he was contacted, his unit has not had any problems with advanced telephony matters." An official of the New Jersey State Police "advised that as of this date he has had no problems with the present technology hindering his investigations." Likewise, a memorandum from the Philadelphia Field Office reported that the local offices of the IRS, Customs Service and the Secret Service were contacted and "experienced no difficulties with new technologies." Indeed, the newly-released documents contain no reports of *any* technical problems in the field. The documents also reveal the FBI's critical role in the development of the Digital Signature Standard (DSS), a cryptographic means of authenticating electronic communications that the National Institute of Standards and Technology was expected to develop. The DSS was proposed in August 1991 by the National Institute of Standards and Technology. NIST later acknowledged that the National Security Agency developed the standard. The newly disclosed documents appear to confirm speculation that the FBI and the NSA worked to undermine the legal authority of the NIST to develop standards for the nation's communications infrastructure. CPSR intends to pursue further FOIA litigation to establish the extent of the FBI involvement in the development of the DSS and also to obtain a "cost-benefit" study discussed in one of the FBI Director's memos and other documents the Bureau continues to withhold. ------------------------------------------------------------- [2] GAO Report Criticizes Gov't Crypto Policy A Government Accounting Office report has found that government policies are hindering the development of encryption technology at the same time the industry is threatened by economic espionage because of computer networks lacking adequate security. The report was requested by House Judiciary Chair Jack Brooks. The report _Communications Privacy: Federal Policy and Actions_ (GAO/OSI-94-2) also found that NIST followed the NSA's lead in developing cryptographic standards for communications privacy and that there has been little public input in this process. NIST terminated a project in 1982 to develop a public key encryption system at the request of NSA and in 1991 introduced a NSA developed standard for digital signatures. In addition, no public input was solicited for the Clipper Chip proposal until 1993, over three years after the initiation of its development. The report also noted the wide range of software and hardware available outside the US and that the continued export controls are apparently more stringent than those in other countries. This is apparently hurting sales of U.S. software and hardware products worldwide. Congressman Brooks said that "[I]t is deeply disturbing to find that some U.S. government agencies are undermining American corporations efforts to protect themselves from state-sponsored theft of trade secrets and other propriety information." Brooks also stated that "The plain truth is that encryption devices and software are available around the world. The barn door is open; the horses are out. It is high time for the government to accept this fact of life and stop hog-tying U.S. industry with overly restrictive export controls that damage this country's effort to compete in the global marketplace." The GAO report is available at the CPSR Internet Library (see below). A paper copy is available from the GAO by calling 202-512-6000. ------------------------------------------------------------- [3] Health Care Reform Plan Released Amidst Growing Concern About Medical Privacy The Clinton health care reform plan was released the same week that a new Lou Harris poll found high levels of concern about privacy among the American public. The health care reform proposal includes important privacy safeguards, but the measures may not go far enough to address public concerns. The Harris poll reveals that Americans are very much concerned about medical record privacy. The poll conducted by Prof. Alan Westin found that 49 percent of all Americans are very concerned and 30 percent are somewhat concerned by the threats to their personal privacy. An additional 56 percent believe that strong federal protection of medical records is necessary to accomplish health care reform. The health care reform proposal includes a strong code of fair information practices, and an explicit prohibitions on the use of medical record information for employment purposes. But the plan leaves open the question of whether the Social Security Number might be used as a patient identifier and also allows more than three years before full legislative safeguards are established. At a conference organized by the US Office of Consumer Affairs, CPSR Washington Office Director Marc Rotenberg and ACLU Privacy and Technology Project Director Janlori Goldman said that the health care reform plan raises far-reaching privacy concerns that must be addressed at the outset. The Office of Technology Assessment released a new report on medical records and privacy at a Congressional hearing held by Rep. Gary Condit (D-CA). "Protecting Privacy in Computerized Medical Information" explores the implications of the automation of health care information and recommends federal legislation to address patient confidentiality and privacy. An electronic copy is available at the CPSR Internet Library. (see below for location details). Senator Patrick Leahy (D-VT) recently held a hearing to explore the privacy implications of medical smart cards. The Senator plans to hold a second hearing on medical record privacy later this year. ------------------------------------------------------------- [4] Hacker Sentenced to One Year Imprisonment Mark Abene (a.k.a. Phiber Optik) was sentenced by U.S. District Court Judge Louis Stanton (E.D. N.Y.) to one year and one day for two counts of computer crime. He will serve a minimum ten months before he is eligible for release. He is also required to serve three years probation and to do 600 hours of community service. Abene pled guilty to two counts of computer intrusion in July relating to incidents of break-ins at a NY television station and a Southwestern Bell computer. He will begin his sentence on January 7, 1994. ------------------------------------------------------------- [5] CPSR Seeking Donors for Matching FOIA Grant A CPSR member who wishes to remain anonymous has offered a $500 matching grant to support CPSR's Freedom of Information Act litigation. If you are interested in supporting CPSR's FOIA work, please send a message to rotenberg@washofc.cpsr.org ------------------------------------------------------------- [6] The CPSR Internet Library The Congressional Office of Technology Assessment report "Protecting Privacy in Computerized Medical Information" /cpsr/medical/1993_ota_medical_privacy_report.txt The Clinton health care reform bill and overview (almost 8 megs) /cpsr/medical/clinton_health_care_reform/ (folder). The GAO report is available as 1993_gao_communications_privacy_report.txt in folder cpsr/crypto. The CPSR Internet Library is available via FTP/WAIS/Gopher from cpsr.org /cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact Al Whaley (al@sunnyside.com) ------------------------------------------------------------- [7] Upcoming Conferences and Events "Cyberculture Houston 93." Houston, Tx. December 10-12, Contact: cyber@fisher.psych.uh.edu. Worldwide Electronic Commerce: Law, Policy and Controls Conference. MultiCorp, Inc and American Bar Association. Waldorf Astoria Hotel, New York City. January 17 - 18, 1994. Contact: Fred Sammet (76520.3713@CompuServe.COM), Phone (214) 516-4900, fax at (214) 475-5917. "Highways and Toll Roads: Electronic Access in the 21st Century" Panel Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994 2:30 - 5:30pm. Sponsored by the Association for Computing Machinery (ACM). Contact: Barbara Simons (simons@vnet.ibm.com) "Computers, Freedom and Privacy 94." Chicago, Il. March 23-26. Sponsored by ACM and The John Marshall Law School. Contact: George Trubow, 312-987-1445 (CFP94@jmls.edu). CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened Information Infrastructure." MIT Media Lab, Cambridge, MA. April 1994 (tentative). Contact: Doug Schuler (doug.schuler@cpsr.org). 5th Conference On Women Work And Computerization "Breaking Old Boundaries: Building New Forms." UMIST, Manchester, UK. July 2-5. 94 Abstracts by 10/1/93. Contact: Andrew Clement (clement@vax.ox.ac.uk) (Send calendar submissions to Alert@washofc.cpsr.org) ======================================================================= To subscribe to the Alert, send the message: "subscribe cpsr <your name>" (without quotes or brackets) to listserv@gwuvm.gwu.edu. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr@cpsr.org or visit the CPSR discussion conferences on The Well (well.sf.ca.us) or Mindvox (phantom.com). ======================================================================= CPSR MEMBERSHIP FORM Name ______________________________________________________________ Address ___________________________________________________________ ___________________________________________________________________ City/State/Zip ____________________________________________________ Home phone _____________________ Work phone _____________________ Company ___________________________________________________________ Type of work ______________________________________________________ E-mail address ____________________________________________________ CPSR Chapter __ Acadiana __ Austin __ Berkeley __ Boston __ Chicago __ Denver/Boulder __ Los Angeles __ Madison __ Maine __ Milwaukee __ Minnesota __ New Haven __ New York __ Palo Alto __ Philadelphia __ Pittsburgh __ Portland __ San Diego __ Santa Cruz __ Seattle __ Washington, DC __ Virtual Chapter (worldwide) __ No chapter in my area CPSR Membership Categories __ $ 75 REGULAR MEMBER __ $ 50 Basic member __ $ 200 Supporting member __ $ 500 Sponsoring member __ $1000 Lifetime member __ $ 50 Foreign subscriber __ $ 20 Student/low income members __ $ 50 Library/institutional subscriber Additional tax-deductible contribution to support CPSR projects: __ $50 __ $75 __ $100 __ $250 __ $500 __ $1000 __ Other Total Enclosed: $ ________ Make check out to CPSR and mail to: CPSR P.O. Box 717 Palo Alto, CA 94301 ------------------------ END CPSR Alert 2.05-----------------------
In the latest CPSR update:
"Each FBI Special Agent in Charge's contacting key law enforcement and prosecutorial officials in his/her territory to stress the urgency of Congress's being sensitized to this critical issue;
Isn't this a violation of the Hatch Act? Either on the part of the agents, or on the part of the "key" officials directly "sensitizing" Congress, or both.
An agent from the Newark office of the Internal Revenue Service "advised that since the last time he was contacted, his unit has not had any problems with advanced telephony matters."
Does the IRS conduct wiretaps? Does it need to obtain court order to do so? Nick Szabo szabo@netcom.com
participants (2)
-
Dave Banisar -
szabo@netcom.com