******************************************************************************
        P R I V A C Y    P R O T E C T I O N    N E W S L E T T E R


                      Premier Issue            Summer 1995


******************************************************************************
     A Quarterly Publication of Worldwide Information, Ideas, and Advice



COPYRIGHT (c) 1995 DETROIT INTERNATIONAL PUBLISHING

Permission is hereby granted to make, distribute, and upload electronic
copies of this newsletter (in its entirety), via the Internet, BBSs, or any
other public or private, commercial or recreational online service or network
anywhere, provided this copyright and permission notice are preserved on all
copies.

Permission is hereby granted to make, distribute, upload and reprint the
contents of this newsletter (in part), in printed form, provided the following
statement accompanies the reprinted text:

"Reprinted with permission from Privacy Protection Newsletter.
Subscription costs are $20/year.  Sample copy $5.  Delivery by Postal or
E-mail.  Send to: Detroit International Publishing, 5139 S. Clarendon Ave.,
Detroit, Michigan 48204 USA.  E-mail: 102246.3341@compuserve.com (Internet)."

Unauthorized duplication (outside of the aforementioned terms in permission
notices) is a violation of Pan-American & International Copyright Conventions.
Any and all parties found guilty of infringement will be fully prosecuted.



[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


PURPOSE & POLICY STATEMENT: Privacy Protection Newsletter is a private journal
devoted exclusively to topics related to financial and personal privacy
protection issues.  It is circulated throughout the Internet, in addition to
various public-sector commercial networks.

MAILING LIST: Subscriptions are available for $20 annually for electronic or
Airmail delivery ($25 foreign Airmail delivery).  Sample copies and back
issues cost $5 each ($6 foreign Airmail delivery).  To subscribe, send cash,
check or money order payable in U.S. funds along with name, E-mail or Airmail
address to:

Detroit International Publishing
5139 South Clarendon Avenue
Detroit, Michigan 48204-2923
U.S.A.

FREELANCE EDITORIAL SUBMISSIONS ARE WELCOME in the form of letters, articles,
reviews, and news.  Direct all electronic correspondence to Internet address:
102246.3341@compuserve.com

Place us on your mailing list of books, videos, and new products & services
for review.

DISCLAIMER: This newsletter presents information believed to be current and
reliable, however, it can not be guaranteed.  Although every attempt has been
made to ensure the accuracy of data contained herein, the publisher cannot
accept liability for misstatements.  Further, the views represented herein do
not necessarily reflect those of the newsletter.  CONTRIBUTORS ASSUME ALL
RESPONSIBILITY FOR ENSURING COPYRIGHT PROTECTIONS ARE NOT VIOLATED.



[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

FROM THE EDITOR'S DESK

I would like to take this time to welcome you to the premier edition of our
publication.  In this edition and subsequent issues, we will bring you
valuable (and sometimes even bizarre) information.

This first special issue is prepared and provided to serve as an introduction
to our publication, as a courtesy to computer and modem users.

Please keep in mind that there is an open door for you to air your thoughts,
suggestions and grievances (if any) in writing.  Enjoy!

Mr. Shannon Roxborough
Editor & Publisher
Internet: 102246.3341@compuserve.com

ABOUT THE EDITOR: Shannon Roxborough, president of Detroit International
Publishing, is an international consultant, writer & researcher.  He
specializes in locating hard-to-find information on a global level.  He also
distributes pre-paid calling cards for international privacy seekers,
and may be contacted by telephone at (313) 438-1566.


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


NEWS AND RESOURCES FROM AROUND THE WORLD

PRIVACY-RELATED ORGANIZATIONS
Privacy International, E-mail: davies@privint.demon.co.uk
Privacy Rights Clearinghouse, Tel: (619) 298-3396
ACLU Privacy & Technology Project, Tel: (202) 544-1681
Electronic Frontier Foundation, Tel: (202) 347-5400, E-mail: info@eff.org
Computer Professionals for Social Responsibility, E-mail: cpsr@cpsr.org
Electronic Privacy Info Center, Tel: (202) 544-9240, E-mail: info@epic.org


THE LYKE REPORT: Financial Digest & Privacy News is a monthly newsletter
dedicated to domestic and international privacy issues.  For a free sample
copy, call: (800) 725-7714 (U.S. only).

PRIVACY JOURNAL: Newsletter on Privacy in a Computer Age has been tracking
legislation, trends, and events on a worldwide level for more than two
decades.   For a free sample copy, write or call: P.O. Box 28577, Providence,
Rhode Island 02908 USA; (401) 274-7861.

U.S. CREDIT REPORTS are frequently targets of invasion, and more frequently
contain some type of errors.  Credit reports may be obtained from the three
major U.S. reporting bureaus free-of-charge upon rejection by a prospective
creditor (TRW offers one free annually).  For more information, contact:
TRW (800) 422-4879; Equifax: (800) 685-1111; TransUnion (800) 851-2674.

SOLICITATION LISTS are a very legal to invade privacy.  Members of the
Direct Marketing Association frequently rent your address and phone number
to members.  To be removed from mailing & telephone lists, contact:
Mail Preference Service, Box 9008, Farmingdale, New York 11735 USA
Telephone Preference Service, Box 9014, Farmingdale, New York 11735 USA

FULL DISCLOSURE LIVE is a weekly radio talk show which covers topics such as
privacy, surveillance and government invasion.  The show is hosted by
investigative technology expert Glen L. Roberts and Beverly Hills privacy
attorney Will Dwyer II.  Full Disclosure Live is carried on World Wide
Christian Radio, a Nashville, Tennessee-based network.  Full Disclosure Live
airs every Sunday from 7:00 to 8:00pm (U.S. Central Standard Time) on WWCR,
5,810 khz shortwave.

FINANCIAL PRIVACY REPORT is a expensive, but informative source of strategies
and tips for domestic and international protection.  Sample copies are US$15.
Write: The Financial Privacy Report, P.O. Box 1277, Burnsville, MN 55337 USA.

MONITORING TIMES is a monthly magazine covering monitoring airwaves and
communications security.  Sample copies are US$5 each ($7 outside the U.S.).
Contact: Grover Enterprises, P.O. Box 98, Brasstown, NC 28902 USA.

INTERCEPTS is a publication which provides inside information on secret
military projects.  For more information, write: Intercepts, 6303 Cornell,
Amarillo, Texas 79109 USA.

SECURITY AND PRIVACY 2001 is a newlsletter that presents articles on new
technological privacy threats.  For details about subscriptions rates, write:
Ross Engineering, 504 Shaw Road, Suite 222, Sterling, Virginia 20166 USA.


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


THE GLOBAL PRIVACY SNATCHERS: Is Your Financial Privacy Safe?

By Mark Nestman



The Financial Crimes Enforcement Network (FinCEN) is a computerized operation,
international in scope, that collects and analyzes data to unearth criminal
activity.  Its efforts involve more than two dozen U.S. federal, state and
local agencies, foreign police agencies; and a variety of public and private
data bases.

FinCEN's computers use a program called an "expert system" whose reasoning
mimics that of human experts, but millions of times faster.  FinCEN's expert
system, the Customs Artificial Intelligence System (CAIS), investigates
financial fraud and suspicious transactions.  FinCEN compares the unusual
transactions flagged by CAIS with personal and financial information drawn
from U.S. Government, private, and foreign databases.  Essentially, the system
creates a financial dossier of individuals making large currency transactions,
then matches these profiles against typical patterns of persons engaged in
illegal activity.

To construct these profiles, FinCEN uses databases from the IRS, FBI, DEA,
CIA, ATF, DIA, INS, FDIC, DIA (which intercepts data on international wire
transfers), Secret Service, U.S. Postal Service, U.S. Customs Service,
National Security Council, the Comptroller of the Currency, the Federal
Reserve, the State Department's Bureau of Intelligence and Research and the
Census Bureau.

FinCEN also accesses state records of real estate ownership, property tax
payments, motor vehicles, driver licenses, ect. along with commercial databases
that assist it in obtaining credit records, telephone records, magazine
subscription lists and even supermarket purchasing data.  All are available to
FinCEN without a warrant.

FinCEN has negotiated a data-sharing agreement with Interpol that gives it
online access to worldwide criminal tracking data.  Other nations have
developed financial intelligence agencies that swap data with FinCEN:
TRACFIN (France), NCIN (Great Britain), and AUSTRAC (Australia).   FinCEN has
built similar alliances with authorities in Japan, Italy, and Switzerland.

This level of computer matching is unprecedented historically, and indeed, was
banned under the Privacy Act.  But the databases exist, and FinCEN has U.S.
Congressional authority to assemble data in forms useful to law enforcement.

Initially, FinCEN's mission was to help detect narcotics traffickers as the
laundered money.  However, its efforts have expanded to detecting ALL criminal
activity.  U.S. bureaucrats boast that FinCEN is a blueprint for a world
financial intelligence network.  FinCEN has already established relationships
with financial intelligence agencies in several countries.  Organizations such
as the Organization for Economic and Community Development and the Financial
Action Task Force call for initiatives such as a global currency control
agency and global tax collection that are only possible with organizations
such as FinCEN working hand-in-hand with an international financial police
force.

The Computer Professionals for Social Responsibility (CPSR) ask disturbing
questions about FinCEN's role in a "free society":

1.  In what other ways might FinCEN's skill in centralizing information in
matching, comparing, and linking facts in order to reveal hidden activities,
to tell certain kinds of stories, be deployed?  In what ways, for example,
could FinCEN be turned against law-abiding citizens?

2.  How might FinCEN serve a tyrannical successor regime, would it seize power
as a means of control?  There is little question that this anti-drug toll
could also serve as a potent instrument of repression.

3.  Not only do many of FinCEN's record systems contain inaccurate or
incomplete information vulnerable to distortion or misinterpretation, but they
are ripe for countless forms of abuse: temptations to use technology for
improper purposes; intrusive shortcuts that bypass procedural due process
protections; unauthorized access by those who can profit from FinCEN's data or
use it to wreak havoc; political surveillance; unwholesome links to and
fostering of private intelligence agencies; and unregulated, invisible
expansion of government power through means that circumvent public comment and
political accountability.

4.  FinCEN has the potential to reach and scrutinize a great variety of
small-scale, ordinary businesses and activities that touch the lives of
millions of people, and that have done nothing to provoke a reasonable
suspicion of wrongdoing.

5.  Another question is that of the differential impact of a surveillance tool
like FinCEN on businesses particularly oriented toward cash.  One thinks of
car dealers, newsstands,  or companies doing business in third-world countries
where banking infrastructures are not well developed and the economies revolve
around cash.

What are the fallouts from singling out such activities or potentially
catching them within the dragnet of a suspicious expert system?  Will
newsstands be deterred from stocking political materials under present or
future political puritans or ideologues?  Will small businesses without
sophisticated economic practices be disproportionately scrutinized and
persecuted?

ABOUT THE AUTHOR: Mark Nestmann is the author of "How to Achieve Personal
Privacy and Financial Privacy in a Public Age", renamed PRIVACY 1995,
undated annually.  Privacy 1995 may be purchased from the Tattered Cover
Bookstore, 1628 Sixteenth Street, Denver, Colorado 80202 USA; Tel: (303)
322-7727; (800) 833-9327; Fax: (303) 399-2279.


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


COMPUTER SECURITY FOR PRIVACY ADVOCATES

by Ronald L. Mendell, CLI



INTRODUCTION
Why should you worry about security?  The answer lies in the fact that
information has become an extremely marketable commodity.  This commodity
can be stolen from you without your knowledge, causing sometimes
devastating harm to your business and personal life.  Sensitive information
needs guarding.

Implementing an computer security program first requires you to determine
what data is truly sensitive.  The rule of thumb should be that any data,
improperly released, that could cause a loss equivalent to ten percent of
your annual net profit or mental hardship should be classified as sensitive.

METHODS OF ATTACK
Computer-based systems include all machine-readable files and auxiliary items
such as magnetic backup tapes, floppy disks, printer paper carbons, and
printer ribbons.  Common methods of attack include unauthorized copying of
files, hacking (unauthorized access to your system), between-the-lines entry
(using a logged in terminal while the user is away), and hard disk
surveillance (using a utility program to search for sensitive files on your
Hard drive).  Wire taps or other methods used to intrude on your phone lines
or view your monitor.

Imagine that you are holding an unlabeled floppy disk in your hand.  Can you
tell by eye what the disk contains?  No, you need a computer to do that.  How
much information can a 720K disk hold?  Even a disk of that small capacity
holds more data than a regular size novel.  High density disks (1.2 MB) hold
almost twice that amount.  When you give the DOS "Del a: *.*" command for
this disk, all of the files are completely erased from the disk right?  Wrong!
Any good utility program such as the Norton Utilities or Lotus' Magellan can
find those files and undelete them.  Is copying files from a hard disk to a
floppy a time consuming and complex process?  No, even with relatively large
files, it is a fairly simple and quick procedure.  Using a program like
Magellan, one would be able to pick, choose, and sort files to copy very
easily.

From the preceeding questions, the following about floppy disks is evident:

1. Unless they are scanned by a computer, you cannot tell what files are on
them.  External labels may be incorrect or misleading.  Classification labels
can be removed.

2. Their data storage density is such that hundreds of sensitive files could
be walking out your door on a few microfloppies in someone's shirt pocket.

3. Floppies can retain sensitive files even when they look erased.

4. Floppies are easy to copy.  It is easy to copy files from hard disks to
floppies.  None of this requires any extensive computer knowledge.

Since floppy disks and the new 8mm magnetic tape backups for PC's have
extreme portability, rigid measures have to be taken to protect them and to
prevent unauthorized copying of your hard drive onto these media.  The
following would help:

a. While it is fine to keep your programs on hard disk, the sensitive data
files that they generate would be written to floppy disks.  These disks
could be backed up with another disk.  The originals should be locked up
onsite.  The backups should be securely stored offsite.

b. Make sure sensitive magnetic media have both an external label and an
internal electronic label designating their classification (the DOS LABEL
command can do this).

c. Use the DOS ATTRIBUTE command on sensitive files to set an electronic
switch so that the files cannot be accidentally erase.  Attributing sensitive
files on a disk also acts as a deterrent to someone grabbing a classified
disk, changing the external label, then doing a global DELETE on the disk so
they can remove it from the site under the guise of it being empty.  Later
they would UNDELETE the files using a file utility.

d. Employ password security on sensitive files.  Wordperfect 5.1 (and higher)
has the ability to place minimal password protection on files.  While the
password (lockword) protection for Wordperfect is far from foolproof, it,
combined with the other security measures suggested, provides a fairly decent
perimeter of security.  There are software packages available for PC's that
can encrypt entire files.

e. Have a consistent backup procedure for all of your files.  Backup
sensitive
files onto disks designated and labled for that purpose.

f. Do not leave disks with sensitive files on them unattended or unsecured.
In large offices, require that authorized users of classified disks sign the
media in and out through a designated librarian.

g. Before sending a magnetic disk to someone, scan it with a file utility
program to ensure it has no deleted, but recoverable, sensitive files.  If it
does, reformat the disk, and then write the non-sensitive files to the disk.

h. Before trashing magnetic media, cut them up into little pieces.  For
damaged disks containing highly sensitive files, you may wish to use a
degausser on the disk first.

By not keeping sensitive files on your hard disk, you go a long way toward
computer security.  However, you should also consider the importance of not
leaving computers unattended with sensitive information on them.  Before
your employes go to lunch or on break, have them place the computer into a
secure state.  This can be as simple as closing any open files and removing
the disks to a secure place (such as a locked drawer in their desk).  At the
end of the day, all classified media must be returned to the central library
to be locked up.  Also, auxiliary items such as spent carbons, printer
ribbons, printouts, and damaged magnetic media should be securely stored
until disposed of.  Sensitive computer printouts should be shredded and
intermixed with non-sensitive shredded documents prior to disposal.

OTHER COMPUTER DEFENSES
You may decide to use integrated software security packages such as Xtree's
Allsafe or Fifth Generation's Disklock.  These among other packages, offer
hard disk lockdown, file lockword protection, temporary keyboard lockdown,
and some security audit trails.  The best defense though is not to put all
your eggs in one basket.  One can install security software on their computer
and still keep sensitive files on securely locked away floppies.  In fact, it
might behoove you to place "decoy" sensitive files behind your security
software defense.  Decoy files look like they contain valuable, sensitive
information, but in reality, behind their technical appearance, they have no
useful secrets.  These types of files can be "trapped" with information
which, if it becomes public, would be harmless, but would tell you of a
penetration or compromise.  This method can be called the "False Fortress"
defense.  A TSCM (or Technical Surveillance Countermeasures) expert should be
consulted if there is a possibility of some wanting your data so badly that
they would resort to illegal taping or otherwise tampering with your phone
lines or remotely viewing your monitor (yes it can be done).

POINTS TO REMEMBER
1. When the terms "lock" or "locked up" are used for storage areas, we mean
locks or safes that can withstand a physical attack of at least one to two
hours of duration.

2. Do not make it easy for an information thief by placing signs in your
office on where sensitive materials are stored.

3. Keep access to sensitive information by your coworkers and associates on
a need-to-know basis.

SUMMARY
Your computer security will be good only if you use a comprehensive plan.
Each defense must be adequate.  It does little good if the password to a
sensitive file is your first name.  Learn to think like an information thief,
and you will have less chance of being victimized by one.

If you think that there is no possibility of anyone attempting to use covert
methods to steal information from you...think again! In today's high-tech
world, secrets are increasingly at a premium.

ABOUT THE AUTHOR: Ron Mendell is Security Consultant and Certified Legal
Investigator based in Austin, Texas, U.S.A..


RESOURCES (Compiled by Shannon Roxborough, the editor)

The Computer Privacy Report (1995) US$100
Published by:
Scope International Ltd.
Forestside House, Forestside, Rowlands Castle
Hants PO9 6EE, England

2600
P.O. Box 752
Middle Island, New York 11953 USA
(A Computer and Communications Hacker Magazine)

Information Systems Security Monitor
U.S. Department of Treasury
Bureau of Public Debt
AIS Security Branch
200 3rd Street
Parkersburg, West Virginia 26101 USA
Tel: (304) 480-6335
BBS: (304) 480-6083
(free-of-charge subscription newsletter)

The Data Security Letter
3060 Route 97
Glenwood, Maryland 21794 USA
Internet: dsl@tis.com
(free sample issue)

Infosecurity News
498 Concord Street
Framingham, Massachusetts 01701 USA
Tel: (508) 879-9792
Fax: (508) 879-0348
Internet: 2439796@mcimail.com

National Computer Security Association
10 South Courthouse Avenue
Carlisle, Pennsylvania 17013 USA
Tel: (717) 258-1816
Fax: (717) 243-8642
(contact for a free information pack)

Computer Security Institute
600 Harrison Street
San Francisco, Ca 94107
Tel: (415) 905-2626
Fax: (415) 905-2218


Technical Counterespionage Experts

Kevin Murray, Murray & Associates (800) 635-0811 (New Jersey)
Mike Russell, Sherwood Communications (215) 357-9065 (Pennsylvania)
Ray Jarvis, Jarvis International Intelligence (918) 835-3130 (Oklahoma)
James Ross, Ross Engineering, Incorporated (800) US-DEBUG (Nationwide)
Kenneth Lodge, A*SIP Services International (44) 81-524-0911 (Great Britain)
Mr. Bodo Schonebeck, S.I.D.A., P.O. Box 4757, D-78512 Tuttlingen, Germany
Major Ponnosamy Kalastree, Mainguard Security (65) 296-5881 (Singapore)
Mr. Anastasios Panos, Panos Detective Agency (301) 1-9231420 (Greece)

*IMPORTANT: Use of a public (or other) telephone is advised when making
contact.  Using a suspected line and or room alerts the eavesdropper of your
suspicions and intended course of action.


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


SPECIAL OFFER FOR PPN READERS

Readers who mention Privacy Protection Newsletter when ordering any of the
below publications will receive a FREE copy of "The Market for Online Services:
An Introduction".

     * INFORMATION & INTERACTIVE SERVICES REPORT -- a biweekly
newsletter on online information services, multimedia, electronic
publishing, home shopping and banking, and interactive TV and video
services.  Published 25 times/year; $495 ($531 outside North America).

     * WIRELESS MESSAGING REPORT -- covers the burgeoning wireless data
and messaging field, focusing on new products, technology, standards,
spectrum issues, and the information services carried (and planned for)
these emerging networks.  Published 25 times/year; $449 ($484 outside
North America).

    * CORPORATE SECURITY -- looks at methods companies are using to
protect their personnel, physical plant, and information assets, reporting
on new products ... services ... techniques ... policies and procedures.
Published 25 times/year; $295.

TO ORDER, send check or money order to: Information & Interactive Services
Report, P.O. Box 675, Cooper Station, New York, NY 10276 USA; (800) 822-6338;
Tel: (202) 842-0520; Fax: (212) 475-1790.  Credit cards orders also accepted.


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


CLASSIFIEDS
Privacy Protection's classified advertising rate is 50 cents (US$0.50) per
word, per insertion.  Telephone numbers and hyphenated words count as two
words.  Minimum charge is $10 (20 words).  Type or print your ad, and mail
it with payment in U.S. funds to: Detroit International Publishing,
5139 South Clarendon Avenue, Detroit, Michigan 48204-2923 U.S.A..
Privacy Protection Newsletter does not verify the validity of advertisements
and reserves the right to reject any ads which are inappropriate or
blatantly fraudulent or illegal.


PRIVACY. Offshore Financial & Personal Services.  Free information.
For Free information in the US & Canada, write: FEC Source 91/12-0695,
6992 N.W. 50th Street, Miami, Florida 33166 USA.  Other areas, contact:
FEC Source 91/12-0695, Box 959, Centro Colon Office Building - 1007,
San Jose, Costa Rica; Tel: (506) 296-2597; Fax: (506) 220-3470.

INTERNATIONALIST NEWSLETTER.  Covers worldwide recreation and business.
For a FREE copy via e-mail, send a message to: 102246.3341@compuserve.com

INVESTIGATOR (former F.B.I. Special Agent) accepts cases in all countries
of the Asian continent.  Fax: (886) 2-686-8442 (Taiwan, Republic of China).

READ "EAGLE" - Newsletter of the International Security & Detective
Alliance.  Privacy, Security & Information Gathering.  Send $2 for a sample
to: I.S.D.A., Box 6303, Corpus Christi, Texas 78466 U.S.A..

FREE! Full-Disclosure Catalog/Newsletter.  Privacy issues and government
oppression.  For a copy, write: SBC, Box 734, Antioch, Illinois 60002 USA.


------------------------------------------------------------------------------


SUBSCRIBE NOW!  1 YEAR OF PRIVACY PROTECTION NEWSLETTER FOR $20

Yes!  Please start my subscription at the current rate of $20 for four
issues.  (US$25 outside the United States for Airmail delivery).

Please send by (circle your preferred delivery method):   E-mail     Airmail

[ ] Cash enclosed        [ ] Check enclosed       [ ] Money order enclosed


Name:_____________________________________________________________________


Address:__________________________________________________________________


        __________________________________________________________________


E-mail address:___________________________________________________________

          PLEASE SEND THIS FORM ALONG WITH PAYMENT IN U.S. FUNDS TO:

                       Detroit International Publishing
                       5139 South Clarendon Avenue
                       Detroit, Michigan 48204-2923 USA