Date: Thu, 10 Jun 93 17:06:20 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#050
Computer Privacy Digest Thu, 10 Jun 93 Volume 2 : Issue: 050
Today's Topics: Moderator: Dennis G. Rears
Re: WANTED: E-Mail Privacy Policies
Compromise proposal on encryption
Re: even the White House Discovered the risks!
Re: P.O. Boxes Organization: AT&T
Those UPS clipboards again
Re: Retaliatory Crimes
Re: Retaliatory Crimes
Re: California ID Requirement
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Bernie Cosell <cosell@world.std.com>
Subject: Re: WANTED: E-Mail Privacy Policies
Organization: Fantasy Farm Fibers
Date: Thu, 3 Jun 1993 23:47:26 GMT
In article <comp-privacy2.48.4@pica.army.mil>, 13501MBC@msu.edu writes:
}
} I am writing a research paper for a Telecommunications Technology class about
} electronic mail privacy. Accordingly, I would like to collect samples of e-mail
} privacy policies from people so that I can discuss employees' right to privacy
} vs. employer's right to monitor e-mail.
Actually, you might start your paper by exploring why you think employees
*ought* to have a right-to-privacy with email. Basically, I think there is
*no*such*right*. Employees have no _right_ to make non-business/professional
use of their employer's equipment, and so any such investigation must
start with
1) arguing *WHY* you think it is reasonable for employees to make such
use of the equipment in the first place.
2) before there can be a policy on privacy, there has to be a policy on
permission-to-use. Employees have no *rights* in this regard: they
can _ask_, as a fringe benefit quite unrelated to their jobs, whether
it is appropriate and permitted to make non-business use of the
employer's facilities, but it is only *after* you've established
some permitted-use can you go on to ask about what rights the employees
make have so gained and what duties the employer may then inherit.
The point about (2) is that until you ask you have no rights in the
matter [it is *their* system, after all, and it is provided for business
use]. AND, if you ask and are told 'NO', business use only, that's the
end of the line. No rights, no privacy, no nothing.
As a meta comment on this general question, I think that mixing
business and personal use is VERY BAD POLICY, for _both_ parties,
the employer AND the employee. If the system is used for business
at all, then ALL other uses of it must be secondary to this primary
purpose. But what if your break your leg and a temp is brought in
to help out on your project. Can your manager/ the new temp/ anyone
else in the company/ read your email, access all your files, etc?
If the answer is 'no', then how ever do you expect anything to get
done if you are away for a while? If the answer is 'yes', then what
of your "privacy"? It is a very nasty conundrum, with the only real
workable solution being:
1) giving up on privacy: if you want privacy, conduct your personal
affairs on your *own*.
2) asking the employer for a *separate* "play" system and be _scrupulous_
about not mixing things: keep work on the various work systems, and
confine personal/play to the for-play system.
/Bernie\
--
Bernie Cosell cosell@world.std.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
From: Warren Jones <wjones@halcyon.halcyon.com>
Subject: Compromise proposal on encryption
Date: Sun, 6 Jun 1993 12:55:21 -0700 (PDT)
In the June issue of the "Puget Sound Computer User", editor Terry
Hansen suggests a compromise on the Clipper chip. I thought his
idea would interest readers of this group. Hansen says:
... I'm among those who are uncomfortable with the Clipper-chip
plan. It has Orwellian overtones. The underlying assumption
is that Americans cannot be trusted to conduct their affairs in
private ...
Even so, I'm a reasonable man and would be willing to compromise.
As a proponent of open and democratic government, I am at least as
disturbed about the increase in secret federal government programs
(estimated by investigative reporter Tim Weiner to have reached
$36 billion per year by 1989) as the government is with my use of
secret communication methods. Citizens must know where those
off-the-books tax dollars are going.
So I'll make a deal with them: Government agencies can keep
the ability to tap my communications if they will let me monitor
what they are doing with my money.
Deal, guys?
--
Warren Jones
<wjones@halcyon.com>
------------------------------
From: 13501MBC@msu.edu
Subject: Re: even the White House Discovered the risks!
Date: Sun, 06 Jun 93 16:29:47 EDT
Organization: Michigan State University
I also noticed that if you attempt to FINGER someone on the White House
domain, you get a message that says something to the effect of "This
machine does not accept finger requests for arbitrary usernames - valid
addresses are president@ whitehouse.gov and
vice.president@whitehouse.gov". I guess they are either
a) Trying to protect privacy of the machine's users b) Trying to
prevent hackers from finding out valid usernames c) Some combination of
a and b
I suspect c, because I tried to finger postmaster@whitehouse.gov and
got the above message.
======================================================================
Matthew Cravit, Undergraduate | "Tactics is knowing what to
Michigan State University | do when there is something
East Lansing, Michigan 48825 | to do; strategy is knowing
Internet: 13501MBC@IBM.CL.MSU.EDU | what to do when there is
CRAVITMA@STUDENTC.MSU.EDU | nothing to do" -- Author
CompuServe: 71442,225 | Unknown
======================================================================
------------------------------
Newsgroups: comp.society.privacy,alt.privacy
From: "richard.b.dell" <rdell@cbnewsf.cb.att.com>
Subject: Re: P.O. Boxes Organization: AT&T
Date: Sun, 6 Jun 1993 23:06:35 GMT
In article <comp-privacy2.46.4@pica.army.mil> Steve Forrette <stevef@wrq.com> writes:
<deletions>
>
>Another option is to go to one of the private maildrop places. They will
>generally ask you to fill out a form with your name and home address, but
>I've never seen one that actually verifies the information, and you can
>pay in cash, so there's no reason you can't just use false information.
>Generally speaking, you'll pay more than for a P.O. Box, generally $9-$14
>per month.
>
>Steve Forrette, stevef@wrq.com
>
At least in PA, at the private box place I rent a box at, I was told
quite clearly that it is a state (I think) law that they be quite
certain that I was not lying about my home address. The most natural
thing for them to do, of course, is to ask for my drivers license
with photo id (I seem to remember the forms had a spot for the drivers
license number). I saw no reason to suggest anything else at the time,
but I did take note that the glance at it was quite cursory, and in
my opinion if I had lied, they would not have noticed. Particularly
if I made the simple mistake of intermixing digits or some such.
--
Richard Dell
------------------------------
From: Carl Oppedahl <oppedahl@panix.com>
Newsgroups: alt.privacy,comp.society.privacy
Subject: Those UPS clipboards again
Date: 7 Jun 1993 20:33:15 -0400
Organization: PANIX Public Access Internet and Unix, NYC
Remember those UPS clipboards, the ones where the recipient of a
package is asked to sign on a touch pad rather than on a piece
of paper? Well, today's Network World (June 7, 1993) describes
Maxitrac, said to have debuted in 1991, which lets users employ
their own PCs to tie into UPS's computer network to instantly
check the status of any package they have shipped. Users can
display actual receipt signatures on their PC screens for confirmation
of delivery.
--
Carl Oppedahl AA2KW (intellectual property lawyer)
30 Rockefeller Plaza
New York, NY 10112-0228
voice 212-408-2578 fax 212-765-2519
------------------------------
From: Geoffrey Kuenning <geoff@ficus.cs.ucla.edu>
Subject: Re: Retaliatory Crimes
Organization: UCLA, Computer Science Department
Date: Mon, 7 Jun 93 21:57:07 GMT
In article <comp-privacy2.49.7@pica.army.mil> John De Armond
<gatech!dixie.com!jgd@uunet.uu.net> writes:
> I really see no gray area here. Either the
> person is authorized to be on a system or he is not. If he is not,
> he should be punished just like someone who physically tresspasses
> is punished.
The problem here is similar to the "attractive nuisance" and
entrapment laws. If the company in question (ThriftyTel) is actively
pursuing a course which would induce an otherwise law-abiding citizen
to commit a crime, then they are not behaving morally. John Higdon's
original accusation was that ThriftyTel does this, and that their
purpose in doing so is to receive the profits associated with the
penalties. This, according to Justice Scalia, is precisely the reason
the Eighth Amendment to the U.S. Constitution prohibits excessive
fines: to remove the profit motive from classifying certain behavior
as criminal.
--
Geoff Kuenning geoff@maui.cs.ucla.edu geoff@ITcorp.com
------------------------------
From: steven armijo <vortex%phobos.unm.edu%lynx.unm.edu.unm.edu@PICA.ARMY.MIL>
Newsgroups: comp.society.privacy
Subject: Re: Retaliatory Crimes
Date: 8 Jun 1993 09:01:03 GMT
Organization: University of New Mexico, Albuquerque
In article <comp-privacy2.49.7@pica.army.mil> John De Armond <gatech!dixie.com!jgd@uunet.uu.net> writes:
>Perhaps if we adopted something from the Saudi system and chopped off a
>finger of anyone caught hacking or stealing services, there would be no
>need for tight security. I really see no gray area here. Either the
>person is authorized to be on a system or he is not. If he is not,
>he should be punished just like someone who physically tresspasses
>is punished.
>
Perhaps we should just repeal the rest of the constitution while we're
at it eh?
--
I'm just very selective about the reality i choose to accept. -Calvin
I have plenty of common sense, i just choose to ignore it. -Calvin
It's a windowing system named X, not a system named X windows.
Unspoiled by progress,Mac,X,Unix,MsDos,Amiga,I-net, or raisins.
------------------------------
From: Jerry Sweet <jsweet@irvine.com>
Subject: Re: California ID Requirement
Originator: jsweet@fester.irvine.com
Organization: Irvine Compiler Corp., Irvine, California, USA
Date: Tue, 8 Jun 1993 03:48:16 GMT
This is a response from an acquaintance who is a reserve police
officer in the Los Angeles Police Department. (Forwarded with
permission...) He said that he verified this information with LAPD
Devonshire Division Jail.
------ Begin Forwarded Message
Date: Fri, 04 Jun 93 09:35:01 PST
From: jfay@fibermux.com
Subject: [comp.society.privacy: California ID Requirement]
Not having your ID on you will only get you in trouble if you are
arrested (or pulled over for a traffic violation) and you are driving
without a license. Still, if you know your driver's license number,
you can sign the ticket and go. As for having to have your ID or $50
just to be out in public, this was ruled unconstitutional. Except if
you are driving (which requires a driver's license), you are not
required by law to even give your name to a police officer if you
don't want to, but giving him a false name or address is illegal
(Section 148(a) PC).
If you are arrested and want to get out without bail (On Recognisance)
you must be able to prove who you are, and there must be no warrants
for your arrest. Given the above you can sign a RFC (Release from
custody Ticket) saying that you promise to apear (just like a traffic
ticket) and you are released. Valid ID can be any sort of document
with your name and picture on it, or a collection of documents with
your name on it (Credit cards, mail, business license) leading someone
to believe you are that person. Knowing your drivers license number,
you can be looked up on the computer and if you match the description
on the license information to the satisfaction of the jail personal
this might also suffice. Accepting non picture ID is left up to the
discretion of the jail personnel, they must believe it is true. Lack
of credibility and uncooperativeness may make it difficult to get out
with borderline ID.
------- End Forwarded Message
To put this in algorithmic terms:
If: you are driving,
then:
you must have a valid driver's license.
Otherwise: {
If: you are arrested
then: {
If: you want to be released on recognisance,
then: you must be able to identify yourself in some convincing manner.
Otherwise:
you lose.
}
Otherwise:
you are NOT required to identify yourself
BUT if you do, you may not give false information.
}
------------------------------
End of Computer Privacy Digest V2 #050
******************************