Date: Tue, 06 Jul 93 16:30:47 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#055
Computer Privacy Digest Tue, 06 Jul 93 Volume 2 : Issue: 055
Today's Topics: Moderator: Dennis G. Rears
Re: Article on EFF in WIRED
Re: Trials, fines, juries.
Re: new Electronic Cash scheme: technical report available
New Privacy-Oriented Radio Program, and ANI-Readback Number
International Software
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: bl0rp <vortex%phobos.unm.edu%lynx.unm.edu.unm.edu@PICA.ARMY.MIL>
Subject: Re: Article on EFF in WIRED
Date: 26 Jun 1993 00:02:30 GMT
Organization: University of New Mexico, Albuquerque
In article <comp-privacy2.54.2@pica.army.mil> thomas@ponder.csci.unt.edu (Tom Thomas) writes:
>The May/June issue of WIRED contains an article titled 'Crypto Rebels',
>which provides a high-level treatment of issues sourrounding privacy
>in electronic communications. It talks a lot about the EFF and John Gilmore.
>
looks like a decent mag, just found it yesterday, want to mail me a review?
anyone?
>However, on page 97 in the 'Hype List' column, there is a blurb about the
>EFF 'selling out' and reorganizing.
>
>I'm curious about the current state of the EFF, and any other information
>about them. I've seen many references to them in Dorothy Denning's series of
>articles in CACM, but now have a stronger curiosity. Any info/leads will
>be appreciated. Also, any discussion about EFF and its activities would
>be of interest to me.
>
try looking of comp.org.eff.talk or comp.org.eff.news i would think those
are the two best places to find what you are looking for
>Thanks - Tom Thomas
--
I'm just very selective about the reality i choose to accept. -Calvin
I have plenty of common sense, i just choose to ignore it. -Calvin
It's a windowing system named X, not a system named X windows.
Unspoiled by progress,Mac,X,Unix,MsDos,Amiga,I-net, or raisins.
------------------------------
Date: Sat, 26 Jun 93 22:32 PDT
From: Michael Gersten <michael@stb.info.com>
Subject: Re: Trials, fines, juries.
In article <comp-privacy2.50.6@pica.army.mil> Geoffrey Kuenning
<geoff@ficus.cs.ucla.edu> writes:
> This, according to Justice Scalia, is precisely the reason
>the Eighth Amendment to the U.S. Constitution prohibits excessive
>fines: to remove the profit motive from classifying certain behavior
>as criminal.
>--
If this is true, how come the fines for exceeding the posted speed
limit are so high? How come they have a new photo-speed-trap, in
which they take a picture of you & your car & the radar-indicated
speed and _mail_ the picture to you, requesting the payment of a fine?
Low-posted speed limits are a primary method of income to the various
municipal governments lately....
-- George Crissman
-----
That's nothing. What's better is how you can't even get a jury trial
to fight such an accusation. Remember the constitution grants you a
trial in all criminal matters; yet the state (CA) supreme court has
ruled something like, since you didn't get a jury trial before CA was
a state, so you are not entitled to one now. Or something about as
ridiculous as that.
Michael
(ok, so this is even less privacy related than the profit problem.)
--
Michael Gersten michael@stb.info.com
NeXT Registered Developer (NeRD) # 3860 -- Hire me! (Ready around 10/93)
Running for President in 2000 on platform of Integrity in Government and
No Special Cases. Contacts, volunteers, helpers needed.
------------------------------
From: Stefan Brands <Stefan.Brands@cwi.nl>
Newsgroups: comp.society.privacy
Subject: Re: new Electronic Cash scheme: technical report available
Date: 29 Jun 93 10:13:51 GMT
Organization: CWI, Amsterdam
Since any reference to my report have disappeared out of the
references to Niels Ferguson's article (I guess it must be a bug in
bibtex, so perhaps Niels should use a different version when he starts
doing his master's thesis), I hereby post a (modified) repost of an
article I posted almost two and a half months ago on sci.crypt.
PRIVACY-PROTECTING OFF-LINE ELECTRONIC CASH SYSTEMS
___________________________________________________
I recently (Official date March 1993, appeared April 12 with a few
typos removed) published a new privacy-protecting off-line electronic
cash system as a technical report at CWI. I am a PhD-student at David
Chaum's cryptography-group, and our group has a long history of
research in the field of privacy-protecting cash systems.
The electronic version of the report is called CS-R9323.ps.Z, contains
77 pages, and can be retrieved from
ftp.cwi.nl (192.16.184.180)
from the directory pub/CWIreports/AA.
The postscript-file is suitable for 300dpi laserprinters.
====================================================================
TITLE : An Efficient Off-line Electronic Cash System Based On The
Representation Problem
DESCRIPTION (modified): Many privacy-protecting off-line electronic
cash systems have been proposed over the last couple of years, most
building on the work of David Chaum and others. Systems have been
proposed that have a very high degree of PROVABILITY (e.g. the
signature scheme of the bank is secure against an adaptively chosen
message attack) but are (very) inefficient since they use theoretical
schemes for e.g. multi-party computations. These systems aim to
produce results similar to e.g. "a secure digital signature exists if
and only if trapdoor permutations exists" (a result of
Bellare/Micali). In this respect, I want to mention work of Damgard,
Pfitzmann and Waidner, De Santis et al., and Franklin and Yung.
Although it is important to know under what theoretical conditions
secure privacy-protecting off-line electronic cash systems exist, one
would want to have EFFICIENT systems. Recently, such a system was
proposed by Niels Ferguson (see his post). This system is quite
efficient, however it seems difficult to prove anything about its
security.
It is desirable to have systems that have both features, provability
and efficiency. In my technical report, I describe a system that
indeed combines provable security (to a high extent) and efficiency.
It is based on a problem, called the representation problem, of which
little use has thus far been made in literature, in conjunction with
what I call a "restrictive" blind signature scheme. This approach
results in a cash system that not only can be proven secure to a very
high extend, but also is more efficient than the system described by
Ferguson. For example, storage space for a coin is 70 bytes (!), and
in order to make a payment, only two multiplications modulo a 140-bit
prime are required by the user, independent of the lengthe of the
challenge c of the shop -- in Ferguson's system, 250 bytes storage
space are needed, and more than 1.5 * |c| multiplications modulo a
512-bit composite are needed (e.g., over 45 for a 30-bit challenge)
for a payment. In addition, our withdrawal protocol uses less
transmissions and only 4 numbers to be transmitted rather than 12 in
the system of Ferguson.
Apart from provability and efficiency, there is one other important
feature one would like to have in electronic cash systems, namely
EXTENDIBILITY. In the inefficient but highly provably secure systems
mentioned above, this is very hard to achieve. The same holds for the
system of Ferguson. In addition, since the security of his basic
system cannot be proven, the same will certainly hold for any
extensions. In contrast, the system I describe features the following
extensions:
* framing attempts of the bank (saying that a user double-spent a
coin, whereas he did not) are prevented regardless of computational
power, by a simple mechanism.
* electronic checks; these can be achieved almost as efficiently as coins,
whereas they enable the user to spend any amount between, say,
1 and 2^k dollars (for some arbitrary k).
* multi-spendable coins; coins can be spent k times (at the cost of
linkability but NOT traceability) in such a way that the storgae requirements
of the user become k times as efficient.
* Anonymous accounts (i.e. in addition to anonymous payments). This level of
anonymity has not been achieved before. (not yet in report, but will be in
the Crypto 93 pre-proceedings)
* (perhaps the most interesting): The entire off-line cash system
(including all the extensions) can be incorporated in a setting based on
so-called wallets with observers (a user-module with embedded within it a
tamper-resistant module), which has the important advantage that
double-spending can be prevented, rather than detecting the identity of
a double-spender after the fact. In particular, it can be incorporated even
under the most stringent requirements conceivable about the privacy of the
user, which seems to be impossible to do with previously proposed systems.
This important extension builds on the work of David Chaum and
Cramer/Pedersen. As a result, one can build an efficient, highly provably
secure off-line cash system with both security (prior restraint of
double-spending) and privacy (anonymous accounts) guaranteed to a higher
level than before.
In all the extensions, the efficiency is maintained (due to e.g.
vector addition chain techniques applicable to the representation
problem), and the proofs of security follow almost immediately from
that of the basic system. Moreover, a similar system can be based on
RSA; I will publish this soon.
I made a particular effort to keep the report as self-contained as
possible. If you have any questions, please e-mail to me and I will
try to reply as well as I can. Any comments are also welcome!
Stefan Brands,
--------------------------------------------------------
CWI, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands
Tel: +31 20 5924103, e-mail: brands@cwi.nl
------------------------------
Date: Mon, 28 Jun 93 8:18:12 CDT
From: Will Martin <wmartin@stl-06sima.army.mil>
Subject: New Privacy-Oriented Radio Program, and ANI-Readback Number
There is a new radio program about privacy and surveillance issues, put
out by the folks who produce Full Disclosure magazine, called "Full
Disclosure Live". It had been aired only on the Let's Talk Radio
satellite-broadcasting facility, and thus receivable only by people
with satellite dishes, but they have just begun broadcasting on WWCR
shortwave, on 7435 kHz, at 7 PM Sunday evenings Central Time. It is an
hour-long program, and I just lucked out and happened to catch its
first airing on Sunday, 27 June. WWCR has a good signal on 7435 kHz and
can be heard over most of North America and should reach Europe at that
time, too. (Of course, that's 0100 GMT, so much of Europe will be
asleep! :-)
They have a combination of discussions and listener call-ins, with the
call-in number being 708-838-3378. When I called, I got right in with no
delay. I caught a slight reference to the Internet later in the program,
but had had to switch radios before then and start doing something else,
and couldn't hear it clearly, so I can't say if they had stated they were
reachable via the Internet or what the reference was.
They have an ANI-readback 800 number they advertised repeatedly during
the program: 800-235-1414. This is an add for 1-900-STOPPER and for
Full Disclosure magazine, with an opportunity for you to leave your name
and address or a short message afterwards. When I called it from home,
it read back my correct home phone number, but calling it from work
through our PBX here at a federal office building makes it read back a
completely different number on another exchange. That number returns a
constant busy if I call it from here, even using another line.
I don't think this ANI readback number has been mentioned in the Telecom
Digest recently; I can't find any reference to it in Volume 13, at least.
So here is another resource for you.
Regards, Will
[Moderator's Note: This was originally sent to telecom-priv@pica.army.mil.
That address is no longer valid as the telecom-priv was merged into this
forum. ._dennis ]
------------------------------
From: jbowyer@cis.vutbr.cz (Bowyer Jeff)
Subject: International Software
Date: Thu, 1 Jul 1993 11:21:44 GMT
Reply-To: jbowyer@cis.vutbr.cz
Please share your expertise concerning privacy and the
internationalization/localization of software with our mailing list.
INSOFT-L on LISTSERV@CIS.VUTBR.CZ Internationalization of Software
Discussion List
Internationalization of software relates to two subjects:
1. Software that is written so a user can easily change the
language of the interface;
2. Versions of software, such as Czech WordPerfect, whose
interface language differs from the original product.
Topics discussed on this list include:
-- Techniques for developing new software
-- Techniques for converting existing software
-- Internationalization tools
-- Announcements of internationalized public domain software
-- Announcements of foreign-language versions of commercial
software
-- Calls for papers
-- Conference announcements
-- References to documentation related to the
internationalization of software
This list is moderated.
To subscribe to this list, send an electronic mail message to
LISTSERV@CIS.VUTBR.CZ with the body containing the command:
SUB INSOFT-L Yourfirstname Yourlastname
Owner:
Center for Computing and Information Services
Technical University of Brno
Udolni 19, 602 00 BRNO
Czech Republic
INSOFT-L-REQUEST@CIS.VUTBR.CZ
------------------------------
End of Computer Privacy Digest V2 #055
******************************