Date: Mon, 23 Aug 93 16:32:35 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#018
Computer Privacy Digest Mon, 23 Aug 93 Volume 3 : Issue: 018
Today's Topics: Moderator: Dennis G. Rears
SEA Opposes Privatization of Digital Signature Standard
Re: Social Security numbers
Re: License Photo Images
Encryption software for Internet-MCI Mail connection
Re: Enhanced Driver's License
Re: Trusted source for PGP keys
The CA DMV keeps photo and finger print info!!
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Subject: SEA Opposes Privatization of Digital Signature Standard
Date: Thu, 19 Aug 1993 20:13:29 -0400 (EDT)
Reply-To: sea@sea.org
From: The Society for Electronic Access <sea@sea.org>
August 19, 1993 FOR IMMEDIATE RELEASE
CONTACT: Simona Nass
(212) 982-4320 or simona@sea.org
Society for Electronic Access (SEA) Opposes
Privatization of Digital Signature Standard
In June, the National Institute for Standards and Technology (NIST)
published in the Federal Register its intention to grant an exclusive
license for nongovernmental use of the Digital Signature Algorithm
(DSA), a technique developed for NIST by federally-funded researchers.
DSA can help people authenticate the origin of electronic mail and
other computerized messages. NIST has proposed making DSA the basis of
a standard for digital signatures for transactions within federal
agencies and by anyone doing electronic business with the government
(and thus, de facto, by anyone else interested in a widely-accepted
digital-signature standard). Interested parties were given 60 days to
comment. The SEA has now gone on record opposing this license on three
grounds:
1) The law requires an open discussion of whether such an exclusive
license serves the interests of both the government and the public
_before_ the license and its terms are proposed.
2) The proposed license directly contravenes NIST's stated purpose
in developing DSA in the first place, which was to make a
digital-signature standard free of encumbrance from privately held
patent licenses, one that would be available royalty-free worldwide.
3) The proposed license violates federal law governing the granting
of exclusive licenses. The law states that an exclusive license can
only be granted for a patent if it can be shown that the technology
embodied in the patent would not otherwise be developed, brought to
market and widely used. Considering that NIST's proposed licensee,
Public Key Partners, is currently engaged in legal action to prevent
anyone else from developing or marketing digital-signature technology
in the U.S., they appear to be an unlikely choice to ensure the widest
possible use of DSA. Indeed, granting an exclusive license to PKP
would extend their potential legal monopoly on digital signatures
until 2010.
Opposition to the NIST/PKP deal has been widespread throughout the
electronic community. NIST has yet to respond to the SEA's August 9
filing, or to comments filed by other organizations (a full text of
the SEA's statement, written by SEA board member Clay Shirky, is
available via Internet gopher -- reach gopher.panix.com and look under
Society for Electronic Access (SEA), Telecom Law Information, SEA
Comment on NIST-PKP Agreement -- or via e-mail by sending a request
asking for the "SEA Comment on NIST-PKP Agreement" to sea@sea.org).
The Society for Electronic Access is a New York-based organization
focusing on electronic civil liberties and access issues; for more
information, e-mail sea-info@sea.org; write to The Society for
Electronic Access, Post Office Box 3131, Church Street Station,
New York, NY 10008-3131; or call (212) 982-4320.
------------------------------
Newsgroups: comp.org.eff.talk,comp.privacy,comp.society.privacy
From: Chris Hibbert <hibbert@netcom.com>
Subject: Re: Social Security numbers
Followup-To: comp.society.privacy
Organization: CPSR (Computer Professionals for Social Responsibility
Date: Thu, 19 Aug 1993 23:12:16 GMT
There is an FAQ on SSNs. It is available via anonymous ftp from
rtfm.mit.edu in the file /pub/usenet/news/answers/ssn-privacy. It's
also available from mail-server@rtfm.mit.edu by sending a mail message
containing the line "send usenet/news/answers/ssn-privacy" (without
the quote marks) as the sole contents of the body. Send a message
containing "help" to get general information about the mail server,
which also has many other FAQs.
Today is the first time I've read any of these newsgroups, so I don't
know whether SSNs are frequently discussed here. I currently post
the FAQ in all of the following groups:
alt.privacy, misc.legal, news.answers, alt.society.civil-liberty,
comp.society.privacy, misc.answers, comp.answers, alt.answers
Please let me know if I need to add even more groups to my list.
------------------------------
Date: Fri, 20 Aug 93 07:23:27 EST
From: SCHULTZA@pentagon-hqdadss.army.mil
Subject: Re: License Photo Images
Virginia is in the process of converting to a digitized id with a mag
stripe. I'll stay in Maryland where my SS# is not on the id. (Does
anyone have a list of states that use the SS# on the id?)
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
>>A woman in vancover had her life turned into a nightmare after a young
>>man who walked into her place of work distracted her, took her ID and
>>credit cards and disappeared. Her credit cards had been rung up past
>>her credit limit by the time she finished work and reported them stolen.
... remainder of sad story removed ...
This story shows why US citizens should complain about having their
SS# on their id card. Far too many transactions are tracked by SS#.
If anyone is in the D.C. area, I recommend the Holocaust Memorial.
There is an interesting display on how the Germans tracked Jews using
the census, id cards and forced tattooing. Part of the display is a
Hollerith machine.
------------------------------
From: "David H. Rothman" <drothman@access.digex.net>
Newsgroups: alt.privacy,comp.society.privacy,comp.org.eff-talk
Subject: Encryption software for Internet-MCI Mail connection
Date: 20 Aug 1993 12:38:54 -0400
Organization: Express Access Online Communications, Greenbelt, MD USA
What encryption programs would be effective and easy to use for encrypting
messages (in either direction) between MCI Mail and the Internet?
If they're shareware, please pass on ftp information. If they're
commercial, please give phone numbers of vendors if available.
Yes, I welcome *basic* info on PEM.
A lawyer acquaintance is interested in the above. He presumably would like
a program suitable for the nontechnical--something that wouldn't slow them
down, and that would be reliable.
I myself would like to know for the purpose of a brief article I'm writing
about the Internet for PC LapTop.
Indicate if you'd mind being quoted. I may or may not use quotes.
PLEASE REPLY DIRECTLY VIA E-MAIL TO DROTHMAN@DIGEX.NET
Thanks!
David Rothman
P.S. I welcome info from the developers themselves and anyone else with a
vested interest in a particular program. Just please let me know of the
connection.
-------------------------------------------------------------------------------
David H. Rothman "So we beat on, boats against
drothman@digex.net the current...."
805 N. Howard St., #240
Alexandria, Va. 22304
703-370-6540(o)(h)
-------------------------------------------------------------------------------
------------------------------
From: Cristy <cristy@eplrx7.es.dupont.com>
Subject: Re: Enhanced Driver's License
Organization: DuPont Central Research & Development
Date: Fri, 20 Aug 1993 15:10:11 GMT
In article <comp-privacy3.17.4@pica.army.mil> Christopher Zguris <0004854540@mcimail.com> writes:
>photo ID (I don't drive, so I never had the need until recently when
>everyone seems to want photo ID for credit card purchases) ...
If you use VISA a merchant cannot require a photo ID. Quoting from a letter
from VISA International:
Please be assured that it is Visa policy that under no circumstances may
a merchant refuse to honor a Visa card simply because the cardholder
refuses a request for supplementary information.
--
cristy@dupont.com
------------------------------
From: news@cbnewsh.att.com
Date: Sat, 21 Aug 93 03:17:02 GMT
Original-From:
Newsgroups: comp.society.privacy
Subject: Re: Trusted source for PGP keys
Organization: Electronic Birdwatching Society
In article <comp-privacy3.17.1@pica.army.mil> Marcos Javier Polanco <shiva@vega.stanford.edu> writes:
Sorry if this is in a FAQ, but is there some trusted entity in the
internet which publishes the public keys of individuals using PGP?
Sort of by definition, no. There are a couple of archives on the net,
including anonymous ftp at tbird.cc.iastate.edu:/usr/explorer/public-keys.pgp
and email to pgp-public-keys@jpunix.com (send mail with Subject: HELP or GET)
You get a LOT of keys. They've got whatever signatures on them that
they have, from whoever signed them, which lets you build a web of
trust extending out from the people you trust directly.
The tradeoff they've made is the convenience of adding your key to the
server (you basically just email it to them), at the expense of
getting a signature from the maintainer, who is unlikely to know all the
hundreds of people who have their names there. But it's a good start,
and if you can verify the signatures of a few people who've signed
keys for a few other people who've signed keys for well-known people,
you can trust a lot of keys.
--
# Pray for peace; Bill
# Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# White House Comment Line 1-202-456-1111 fax 1-202-456-2461
# ROT-13 public key available upon request
------------------------------
Newsgroups: comp.society.privacy
From: "Richard M. Flood" <rflood@cis.umassd.edu>
Subject: The CA DMV keeps photo and finger print info!!
Organization: University of Massachusetts Dartmouth
Date: Sun, 22 Aug 1993 01:33:25 GMT
Apparently-To: comp-society-privacy@uunet.uu.net
I just read the posts abot the CA DMV keeping photo and finger
print info. When did this start going on? Did any one in CA fight these
laws? Since I live on the East Coast and don't usually read this group I
dodn't know this had happened. I am totaly shocked learning about the
CA DMV's policy. I guess that the fight for privacy is almost lost, DNA
finger prints must not be far away.
-Rich
--
-------------------------------------------------------------------------------
Richard M. Flood
rflood@cis.umassd.edu
------------------------------
End of Computer Privacy Digest V3 #018
******************************