I. Privacy and the Internet

A. For perspective - privacy on the Internet must be compared with privacy in the outside world:

1. telephone listing
a. your name
b. your address
c. your phone number
2. mailing lists

a. public-sector origin
i. your name
ii. your address
iii. your age
iv. your ownership of certain large items (car, boat, business, land)
v. court records (lawsuits, basic details about divorce, criminal convictions)
b. private-sector origin
i. names of stores where you shop
ii. names of credit cards that you hold
iii. the income range of your neighborhood (from your zipcode)
c. ostensibly "restricted" access - the law requires written consent for anyone accessing this material, but those laws are widely flouted (a little jargon was enough for some kids to access the credit reports of celebrities and national politicians), also, the transferability of this consent allows scofflaw firms to cover for each other
i. your income
ii. your credit history, credit problems, resolution of same
iii. your employment history
iv. your medical history
v. your social security number - the "key field" in all of your electronically stored records
d. derived or compiled information
i. mailing list services can obtain lists from various sources and compare them with each other to find names that overlap; if you are on a list from Microsoft, a list from American Express, a list from an airline and a list from a skiing magazine, it can be assumed that you are an affluent computer user who travels and skis.

ii. Your next door neighbor might have the same income, but different habits and he would not show up on that list.

iii. Marketers can then decide whether they want to mail to you based on your habits. Financial institutions used to make loan and mortgage decisions based on that sort of criteria, but that has been outlawed by "Fair Credit" laws

iv. This information, based on the compilation of "formal" data, is often full of assumptions and inaccuracies.
e. Now, on to the Internet: the foregoing "formal" profile changes enormously when we add:
i. your own comments that you made in a Usenet post or in a piece of e-mail that was captured by an employer

ii. information about your past login schedule (from finger)

iii. a compiled list of Web sites that interest you
B. Internet functions that can release information about you:

1. Finger a. your full name and e-mail address

b. whether you have unread e-mail

  • i. the number of unread messages

  • ii. the time that the first of them arrived

  • iii. the time that the most recent one arrived

  • iv. this is similar to going away on vacation and letting the mail and newspapers pile up; everyone (burglars included) can see that you aren't home

    •  c. the date and time of your last login (usually shell logins only, but may include ftp sessions, such as uploads to your web site)

  • i. a list of previous logins can also be obtained by any user at your site by means of the UNIX "last" command

    •  d. the location of your files

    e. the type of user interface that you use (csh, ksh, sh, etc.)

    f. it also provides for the distribution of other information that you voluntarily provide in a "plan" or "project" file     2. Usenet posts

    a. various universities, certain large computer firms and certain government agencies save Usenet posts, archive them on CD-ROM and then save them forever.

    b. If you have ever posted to the Usenet, you should be able to find your name in an AltaVista (or similar) search of archived Usenet posts (in fact, anyone should be able to find your name that way).

    c. the result is an indexed database of your posts, regardless of topics or newsgroups

    d. this can be much more revealing than the "formal" information (above), in that it collects and organizes your personal writings on a variety of topics that interest you
    i. your personal interests
    ii. your political views
    e. this can fill in the gaps left in your "formal" records; the combined result can be an extremely detailed profile

    3. Web browsers (Netscape, Mosaic, etc.)

    a. the entries that you make in the Preferences dialog can be retrieved by any site that you connect to

    b. the e-mail address that you entered in the Preferences dialog is always retrieved when you do an ftp download (by browser or by dedicated ftp client)

    c. some web sites use fairly sophisticated Perl scripts to resolve your IP number, finger the resulting address and store the results
    i. the variable HTTP_FROM will tell a script the e-mail address that you have entered in your Preferences file

    ii. the variable HTTP_REFERER will tell a script the URL of the site that you just visited (the "referring" site); this can help build a "profile" of the type of person that visits a site (what are their interests?)
    4. Reverse DNS

    a. static IP's will resolve to a usable e-mail address

    b. floating IP's resolve to a given site; that host (ISP) site's records may allow them to determine who had a given IP number at a given time, and thus, who was connected to the remote site at that time

    c. every IP packet that you send, including http requests, can give away your identity; thus, you sign your name and address to every Internet transaction; this is a higher level of accountability than is usual in the world at large

    d. see http://www.patents.com/status.cgi

    C. Extraordinary items - you must keep in mind that traffic on the Internet passes through other, unrelated sites; thus, e-mail can be intercepted by sites that you may not realize are "on the way" of your message (the telegraph is a good analogy)

    1. monitoring of e-mail by employers
    a. some firms clearly inform their employees that every keystroke that they enter into a company-owned computer becomes company property; some firms engage in monitoring, but don't explicitly warn the employees of the practice

    b. any type of communications passing through company facilities may receive the same treatment, as a matter of policy (telephone, fax, postal mail, inter-office envelopes, etc.), so e-mail would not be considered a special case nor would subjecting it to monitoring stand out as any sort of deviation from existing company policies

    c. the legal aspects of this are mainly confined to the issue of notification; if you have been properly notified, then you have little or no grounds for complaint

    d. further, if a firm has policies that bar personal communications during office hours or from company facilities, then, by default, all communications can be assumed to be about company business. Therefore, privacy cannot be expected. In other words, you wouldn't expect to be able to carry on a secret conversation with a customer or a supplier, so why shouldn't the boss listen in? There would be no fear of hearing a personal conversation because there are none; company policy bars it.
    2. monitoring of e-mail and Usenet by government agencies
    a. various U.S. intelligence agencies routinely intercept and archive the private e-mail correspondence of U.S. citizens who are located on American soil (Senator Patrick Leahy, of the Senate Intelligence Committee, admitted this to Tom Brokow on NBC Nightly News on Sat, Feb 25, 1995)

    b. it is a matter of record that Usenet posts receive similar treatment; some DOD agencies have commented in Congressional testimony on the contents of posts to newsgroups that allege UFO cover ups (alt.conspiracy.area-51), for example

    c. see the "Swett paper" for a well-written analysis of this issue (from the DOD's point of view) http://www.fas.org/pub/gen/fas/cp/swett.html

    d. various U.S. intelligence agencies routinely search Usenet posts and e-mail for certain keywords. You don't think that will affect you? Did you ever describe a movie as a real "bomb?"
    3. illegal surveillance by private entities

    a. who would bother to engage in such practices?
    i. a competitor
    ii. a party to a divorce
    iii. a party to a lawsuit (even a suit that doesn't name you)
    b. what does it take to become a target of this sort of thing? i. do you have any information that other people would want?

    ii. do you have any information that is worth money?

  • (1). trade secrets

  • (2). proprietary product information

  • (3). are you involved in a non-profit organization? There have been numerous cases where board members of small neighborhood civic or political associations that were fighting proposed development projects had their phones professionally tapped (at the outdoor junction box); in most cases, no perpetrators were ever found, in most cases, the gross aggregate value of the project was only a few million (before expenses)
    • D. Some Internet Service Providers argue that they must engage in a certain amount of surveillance in order to run their business, but these arguments fall short in several ways:

    1. Internet service providers seeking to solve computer related crimes face many of the same problems as traditional law enforcement personnel, but:

    a. they don't have any training in that field

    b. they aren't trained to avoid violating the rights of others who may be peripheral to an investigation

    c. many of the most obvious tactics that would be used by an untrained investigator are illegal i. seeking the source of threatening e-mail by reading (or keyword searching) everyone's e-mail

    ii. there are laws against placing someone under surveillance without following proper procedures, these amateur investigators may be unaware of the penalties that they could face for violating privacy laws

    iii. some privacy laws treat surveillance as a form of harassment (e.g. looking into neighbors' windows with binoculars, eavesdropping with a laser microphone reflecting off of a neighbor's windowpane, etc.); the applicability of these laws to the Internet is unknown and untested

    iv. many ISP's keep detailed logs of every action by every user, the ostensible purpose of these logs is usually given as billing and system maintenance; such logs could include:

  • (1). every login and logout, including the time of day and the duration of the online session

  • (2). every POP/SMTP transaction (e-mail, that is)

  • (3). every NNTP (Usenet) connection and a log of all posts to the NNTP server

  • (4). every connection to its IRC server

  • (5). every incoming connection to its HTTP (web) server and the names of the documents that were served. This is usually done to allow the ISP to produce an aggregate total of the number of megabytes that outsiders have downloaded from users' web pages. Some ISP's bill for http transfers over a certain limit (10 MB/month is a common figure). While this is reasonable in itself, it has the effect of bringing the more popular documents to the attention of the ISP. The potential is there for the ISP to exert a sort of "editorial control" over such documents. This is another example of a "tabulation" of items that are non-private and trivial in and of themselves, but significant and potentially invasive when compiled.

  • (6). every keystroke that is entered at the command line (i.e., in the shell account)
    • v. If they were used for other purposes, such as law enforcement, would a court of law consider them to be an intrusive form of surveillance? Answer: we don't know; there is no legal precedent and no "case law." In fact, there is very little case law of any sort involving the Internet; would you want to be a test case? Are you absolutely certain that "grepping" the mailspool would pass muster in court (remember the example of the movie described as a "bomb")?
    vi. Is their accuracy guaranteed? If you took action against a user based on logs that later turned out to be faulty, inaccurate or falsified by a sophisticated user who broke into your system, you would incur liability. Consider the case of the spam attack against alt.current-events.net-abuse; someone posted countless articles of gibberish and claimed to be Emmanuel Goldstein, editor of "2600" magazine. Goldstein's account was immediately terminated. It later turned out that the logs and headers were faked and the posts actually originated elsewhere. The real perpetrator was never caught, despite the best efforts of the Internet professionals who read alt.current-events.net-abuse (spamming this group might be compared to burglarizing a police station).

    vii. The expectation of privacy is a key concept when speaking of surveillance; it determines the legality of telephone tape recording, for example. It is legal to tape where there is no expectation of privacy (a call to the fire department, e.g.), but illegal to tape where there is such an expectation (a call between two private individuals, e.g.). Few ISP's clearly inform their customers about the level of privacy that they can expect or the types of surveillance that they may be subjected to; this further muddies the waters in an area where there is little or no precedent.

    viii. since there is little precedent, you may want to ask your ISP a few questions:

  • (1). is customer e-mail considered private?

  • (2). will your e-mail be searched or read by any member of the ISP staff for any reason?

  • (3). are the files in your shell account (this includes your web directory) considered private? While web pages are public by their nature, you may have CGI scripts that are proprietary, is your intellectual property at risk of being copied?

  • (4). do the file "permissions" have any meaning to them in this context (compliance with file permissions is voluntary when you are the "root" operator)
    • 2. Internet service providers may actually increase their own liability by becoming involved as quasi-investigators, when they could preserve their status by simply explaining to the complainant that they have no control over the content on their site or the actions of their subscribers. They could then refer the complainant to the proper authorities. If the complainant is an authority, the ISP should insist on the necessary formalities (court order, search warrant, etc.) prior to granting access or sharing information.

    E. Ways to protect your privacy:

    1. in general

    a. keep the foregoing in mind; just knowing it is half the battle.

    b. most formal data is fragmentary; it becomes revealing only when compiled, saved, stored, recompiled and so on; a full profile (of the type that credit bureaus use) takes years to accumulate; this is where a policy of privacy pays off: someone who is miserly with personal information will have a shorter, less revealing dossier than someone who simply provides whatever information he is asked for, whenever he is asked for it

    c. be very circumspect about releasing your social security number; treat it like a credit card number; it is literally the key to all of your online records (it is the "key field" in relational databases); also, someone who obtains your name, address and SSN can fraudulently obtain credit in your name. When someone who is not absolutely, legally entitled to have it asks you for it, just say no

    d. if your SSN is on your personal checks:
    i. burn them

    ii. ask the bank for new ones that don't have the SSN

    iii. demand that the new batch of checks be provided free of charge, since you were unaware of the privacy aspects of this problem when you agreed to the bank's standard procedure of including it

    iv. complain about the policy of using the SSN on checks

    v. ask that the policy of putting SSN's on checks be discontinued
    e. you must guard your own privacy, you cannot expect any help from anyone on this; no one else has anything to gain by protecting your privacy for you, your privacy rights are just a hindrance to the businesses, government agencies and other institutions that "serve" you

    2. unique to the Internet

    a. don't use your full name in your e-mail address by default, insert it only when you want it there

    b. find out what your employer's policy is toward e-mail; are you entitled to privacy or are your messages and all of the other contents of your hard disk considered company property?

    c. go over the entries in your Preferences files, make sure that you haven't entered anything that you wouldn't want to release to the world

    d. go over the contents of your .signature files (or signature entries in the preferences) for the same reason; you may want to delete your home address and phone number, or possibly use another address, like a PO box or an office address and a workplace phone number

    e. ask your Internet service provider what version of fingerd he uses; ask him to use the latest version of pfingerd (to replace fingerd)

    f. ask your Internet service provider about his policies regarding the users' privacy rights. this is a very competitive industry; if you demand privacy, you are quite likely to get it. ISP's compete with each other on every aspect of operations, if enough people ask about it, we could start to hear claims that this ISP gives you more privacy than that ISP

    g. keep abreast of public policy issues that could affect on-line privacy. One organization that is very active in that field is the Electronic Frontier Foundation. They maintain an archive of useful and interesting information that deals with current issues at http://www.eff.org/pub/EFF/Newsletters/EFFector/

    h. learn how to use the secured page feature of Netscape (watch the key and look for the blue bar); if you connect to a site that wants confidential information, but doesn't provide security:
    i. disconnect

    ii. find another way to send the information

    iii. tell the site owner that you want proper security precautions to be taken with your information (if it didn't occur to him to provide web page security, it may not occur to him to keep his files - your confidential information, under lock and key)

    iv. ask him to add security to his web site
    i. get a copy of PGP; learn how to use it; practice with it
    i. load this URL to get a free copy of PGP (do it now) --> http://web.mit.edu/network/pgp.html

    ii. it comes with a rudimentary electronic manual, but there are a variety of books that are far better at explaining PGP; my choice is "Protect Your Privacy - A Guide for PGP Users" by William Stallings, ISBN 0-13-185596-4

    iii. we could arrange for HRIA and WIA members to practice, with each other, sending and decoding PGP-encrypted e-mail. Let us know if you are interested.


    WelcomeMeetingsArchivesFeedback

    Return to Main Page