Date: Tue, 21 Dec 93 13:54:26 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#010
Computer Privacy Digest Tue, 21 Dec 93 Volume 4 : Issue: 010
Today's Topics: Moderator: Leonard P. Levine
Maryland to introduce high-tech drivers' license
Privacy in Massachusetts
Question about Social Security Number
Re: Encryption At School
Re: Encryption At School
Re: e-Mail privacy
Re: Citizens Getting Credit Reports on Businesses
Re: Cellular Phone Security
Public Hearings on Privacy
Frequently Asked Privacy Questions (FAQ)
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: Thu, 16 Dec 1993 19:53:28 -0500 (EST)
Subject: Maryland to introduce high-tech drivers' license
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
In "State to Fight Fraud With High-Tech Driver's License" (Page MD-1,
Washington Post, Dec 16), Richard Tapscott reports on Maryland's new
License to be issued January 1.
- Background of photograph will be blue (as is mine);
- License number will also be in barcode on the face of the license (one
of only 1/2 dozen states to do this).
- License will have number "encoded" on a mag strip on the back of the
license.
- Picture appears twice; once in left corner; ghost image in center
printed over the birthdate, and it changes color when the license
is rotated.
- Maryland flag in bottom right corner will also be "ghosted".
- Standard (already in effect) of under 21 to be photographed profile,
over 21 full face; beneath the profile photo will appear "Under 21
alcohol restricted".
- License is laminated causing the information to be destroyed if someone
attempts to tamper with it.
- Document ID line has 5 messages "DRIVER'S LICENSE", "COMMERCIAL DRIVER'S
LICENSE", "PROVISIONAL DRIVER'S LICENSE", "LEARNER'S PERMIT", "MOPED
PERMIT", "IDENTIFICATION CARD" (This is not new).
Comparing this to my own Maryland Driver's License, the differences are:
- More colors; current license is blue, has a blue and red "MVA" logo and
all of the "fill in the blank" fields like "Control", "Weight", "height"
are in black as is the signature; new license puts "fill in the blank"
fields in red.
- Current fill-in information is essentially an all capital letters and
numbers IBM Epson printer font; new font will be a darker (probably
laser printed) font apparently in block style.
- Additional "ghost" photograph in center on new license over birthday.
- Signature appears in center of license across "ghost" photograph; current
signature appears in a box at the bottom.
- Current license has state seal in gold in the center; this will be moved
to the middle right of the back of the license.
- DMV Administrator's signature moves from top right to bottom right of back
of license.
- Photo will be smaller.
- Name and address moves up from bottom left to leave room for bar code.
- Restriction coding appears simplified.
- The photos of two front example licenses appear in the Post in color;
the back of the new license is shown in black and white; the current
license has the back printed in blue. This may be the way the post
photographed it rather than actual appearance.
Maryland will still continue to use a soundex code as opposed to putting
social security numbers on licenses. I note that the article used the
term "ghost" to refer to the secondary photo and state flag image, when
clearly what is being described is a holographic image process.
The signature and photo will be digitized and stored on a computer data
base. This is in response to a 1992 incident in which a man murdered
another, then had the license of the man he killed reissued with his face
on it, even though the murderer was not even the same race as the decedent.
The price of the license will remain at $20. All Maryland licenses are
expected to be on the new system by 1999. (My license, issued in 1992,
does not come up for renewal until 1996.)
What are the issues here?
- Storing digitally both face and signature. (Is it appropriate to
have one's signature stored where it could be easily reproduced?)
- Mag stripe license which can probably be read by anyone with a magcard
reader. (Wait until you write a check and they have you swipe your
license).
- California is alleged to use a very strong system like this; counterfeits
were available within 90 days, according to a report on 60 Minutes last
week.
--
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: tenney@netcom.com (Glenn S. Tenney)
Date: Thu, 16 Dec 1993 18:21:07 -0800
Subject: Privacy in Massachusetts
At 3:33 PM 12/16/93 -0600, levine@blatz.cs.uwm.edu wrote:
>The State of Wisconsin ... According to an official at the Department
>of Transportation, the State sells a tape containing the list of
>some 3,500,000 drivers' licenses for a fee of a little more than
>$2,600 for each tape. (Compare this price with a commercial list
>broker's rate of $50 a thousand names.)
> ... The
>State also sells a tape of 4,800,000 license plate numbers
>with addresses for $2,200.
The state of Massachusetts sells a tape of their drivers license data (or
is it vehicle registration? or both?) for $75. Not too much to pay...
And definitely much less than a commercial broker's rates...
--
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
(415) 574-3420 Fax: (415) 574-0546
------------------------------
From: "Leonard A. Visconti" <SYSNET@engvax.picker.com>
Date: Sat, 18 Dec 1993 05:56:40 GMT
Subject: Question about Social Security Number
Organization: PICKER INTERNATIONAL
I'm sorry if this is not the best group in which to post this, but,...
An individual, with whom I am not on a friendly basis, has apparently
obtained my social security number. Although I do not know what he might
be able to do with such information, I am not happy about it!
Should I be concerned? How would this person get my number? Thanks in
advance.
-------------------------------------------------------------------------------
| Leonard A. Visconti Picker International |
| Network Analyst 595 Miner Road |
| visconti@picker.com Highland Heights, Ohio 44143 |
| (216)473-4801 |
-------------------------------------------------------------------------------
------------------------------
From: jma@ihlpm.att.com
Date: Fri, 17 Dec 93 08:47:32 EST
Subject: Re: Encryption At School
Organization: AT&T
In article <comp-privacy4.7.12@cs.uwm.edu>
kkruse@matt.ksu.ksu.edu (Korey J. Kruse) writes:
>Chris Burris <cburris@cap.gwu.edu> writes:
>
>>I have a question:
>>Suppose that I wrote a simple encryption program and
>>ran it at school, and the administration searched my disk.
>>Could the administration force me to give them the encryption key
>>even if i refused?
>
>They could pull out your fingernails until you told them =)
>Your school adminstrator could threaten you with punishment if you
>refused to supply the key. Using physical force would be illegal.
>Of course you could choose to accept the punishment and refuse to give
>the key, or better yet you could tell the admin. that you forgot the
>key. The latter method could also be used with the police/courts if
>they tried to compel you to divulge the information.
You should also be aware that any court can find you in contempt if
you fail to supply the required information. The usual course is to
imprison persons in contempt until they "purge themselves" of the
contempt by supplying the required information. Some people have spent
more than five years in jail, all the while saying that they "didn't"
know" what they were required to divulge. It may not be a good idea to
plan to rely on this ploy with the police/courts.
--
Ed Schaefer K9JMA ham radio N97178 aviation
------------------------------
From: mckeever@cogsci.uwo.ca (Paul McKeever)
Date: Tue, 14 Dec 1993 04:27:50 GMT
Subject: Re: Encryption At School
Organization: University of Western Ontario, London
In article <comp-privacy4.6.6@cs.uwm.edu>
Chris Burris <cburris@cap.gwu.edu> writes:
>I have a question:
>Suppose that I wrote a simple encryption program and
>ran it at school, and the administration searched my disk.
>Could the administration force me to give them the encryption key
>even if i refused?
Nobody can force you to give them something that you have lost.
>From: bobleigh@world.std.com (Bob Leigh)
Subject: Re: e-Mail privacy
Organization: The World Public Access UNIX, Brookline, MA
Date: Thu, 16 Dec 1993 20:25:10 GMT
Sharon Shea <sshea@world.std.com> writes:
>What do you think of this invation of e-mail privacy? -
>The passwords to my computer were obtained through a trusted student
>worker (without my knowledge or consent, by intimidating my student
>worker - who later reported the incident to me) and my saved e-mail was
>read from my hard drive. This was done at work, by my supervisor. This
>was done at MIT, which has no stated policy about the privacy of
>personal e-mail on university computers.
But if MIT has a policy on unauthorized access to computers, you might
be able to use that as a basis for an official complaint. Seems to me
that intimidating the holder of a password into releasing it might
show intent to access the computer for purposes inappropriate even for a
supervisor.
When I worked at DEC, there were specific procedures for allowing a
supervisor to access a subordinate's account. They didn't include
wheedling the passwords out of another employee.
--
Bob Leigh bobleigh@world.std.com (617) 641-2421
------------------------------
From: sethf@athena.mit.edu (Seth Finkelstein)
Subject: Re: e-Mail privacy
Date: 21 Dec 1993 07:57:53 GMT
Organization: Massachvsetts Institvte of Technology
[Important background note to readers not at MIT - this is apparently a
small part of a incredibly convoluted case with several people making
charges of sexual harassment and retaliation against each other. At MIT, a
Dean with responsibilies of judging sexual harassment cases against students
(reputed to be extremely authoritarian and arbitrary), had an 18-month
long affair with another MIT employee. He and his ex-mistress made
internal (within MIT) charges of sexual harassment against each other,
and he and a student filed an MIT harassment complaint against Shea.
Shea has filed harassment and retaliation charges against MIT with the
state anti-discrimination agency. This isn't a complete account of all
the MIT and legal charges, and doesn't even begin to cover all the
political accusations. You can read all about it in our local newspaper,
which is on-line through various paths. For hypertext programs, the URL is
'http://alexander-hamilton.mit.edu:80/The-Tech', look at issues around 11/30/93
The most informative is 'http://alexander-hamilton.mit.edu/V113/N61/issue'.
Meanwhile, the irony and theater-of-the-absurd drama of it all
has made campus civil-libertarians want to roll on the floor laughing,
and choke out, through tears streaming down their faces, "WE TOLD YOU SO".
I have no connection with this case, except for being one of the
aforementioned floor-rollers.]
Disclaimer: None of the following should be taken as legal advice or
authoritative policy. It is opinion, albeit hopefully educated opinion.
In article <comp-privacy4.7.14@cs.uwm.edu> Sharon Shea <sshea@world.std.com> writes:
> What do you think of this invation of e-mail privacy? -
> The passwords to my computer were obtained through a trusted student
> worker (without my knowledge or consent, by intimidating my student
> worker - who later reported the incident to me) and my saved e-mail was
> read from my hard drive. This was done at work, by my supervisor. This
> was done at MIT, which has no stated policy about the privacy of
> personal e-mail on university computers. It's implied, however, that
Actually, there are statements regarding electronic privacy.
>From the MIT "Policy and Procedures 1990" (which I use as it is on-line):
4.24 PRIVACY OF ELECTRONIC COMMUNICATIONS
Federal laws protect the privacy of users of wire and electronic
communications. Individuals who access electronic files or intercept
network communications at MIT or elsewhere without appropriate
authorization violate Institute policy and may be subject to criminal
penalties.
The law also prohibits providers of electronic mail services
from unauthorized disclosure of information within an electronic mail
system. This provision bars MIT departments and other providers of
electronic mail services at the Institute from disclosing information
from an individual's electronic files without the individual's
authorization.
One of the laws referred to by the above is the Electronic
Communications Privacy Act of 1986. It isn't clear whether the ECPA
applies to private universities. Since I'm interested in this topic,
I've had some discussions with mid-level managers at MIT regarding legal
protections for users. Though I couldn't get it in writing, I was told
an internal decision was made at MIT that MIT would behave as if the
ECPA did apply. Thus, any request to the computer maintenance staff to
access an individual's private files would have to carry a fairly high
level of authorization (exactly how high wasn't spelled out, but the
particular people I spoke to made it clear they would, as a matter of
personal protection, require a written request on official stationery.).
However, it is very unclear as to whether this can be applied to
your case. An important element is that the person who actually
retrieved the files was "authorized" to do so, in the sense that no
computer administration privileges were invoked. The request to get the
files may have been improper - but here's where the political background
comes in - it could easily be claimed that such was a vital part of an
investigation into a sexual harassment charge. From what I've read, I'd
try to frame the argument primarily in terms of lack of following due
process in investigation. But then that goes right into the explosive
issue of what sort of due process a private institution is required to
observe (great amusement can be derived from the flip-flops that some
local activist groups are doing now over when and what due process is
required. I haven't heard for a while of the dire necessity of checking
all computer files for potentially harassing material).
> What's more, my supervisor then copied out my e-mail and passed it
> around, in places where it was obviously hoped that it would do me
> professional harm.
Is this the other side of the following accusations? If so, then
the problem of adjudicating should be clear:
"These attacks have originated from MIT offices, during working hours,
utilizing MIT phones and computers. I have provided MIT with copies of
electronic mail that was sent on May 5, 1993 to former employees
requesting any "dirt" that they might have on me. I have provided MIT
with the name of the individual who sent this e-mail and the names of
the individuals to whom it was sent." (_The Tech_ 11/17/93, p.4)
"E-mail of the most vicious kind has been sent out over a number of MIT
networks describing me as the "main problem with harassment at MIT" as
"a sexual predator" etc. I have provided MIT with copies of some of this
correspondence and with the names of those who received it and the name
of the individual who sent it." (_The Tech_ 11/30/93)
> Does anyone have any suggestions about how to deal with this, or what
> legal possibilities I may have in replying to this action? Thanks.
Well, several members of MIT's free-speech protection group
(SAFE - Student Association for Freedom of Expression) are very
interested in the whole case. Given the intense politics surrounding
this, I don't know if you would want that help, or if it would be
effective, but there is a desire to establish protection for electronic
files wherever possible.
--
Seth Finkelstein sethf@mit.edu
Disclaimer : I am not the Lorax. I speak only for myself.
(and certainly not for Project Athena, MIT, or anyone else).
As Stallman wrote to Lotus: "Any time I can help you overturn a patent ..."
------------------------------
From: wrf@ecse.rpi.edu (Wm Randolph Franklin)
Date: 16 Dec 1993 20:38:20 GMT
Subject: Re: Citizens Getting Credit Reports on Businesses
Organization: Rensselaer Polytechnic Institute, Troy NY
In Nov 10, in message-id <comp-privacy3.73.5@pica.army.mil>, volume 3,
issue 073, message 5 of 9, I spake thus:
There's been extensive discussions about obtaining credit reports on
private citizens (you need to be extending credit, considering
employment etc), and about businesses vetting each other (e.g. D&B).
However, there's another case to consider.
Are there any easy ways for private citizens to obtain credit reports on
businesses with whom they are considering doing business? E.g., when I
went to Borneo, I paid the tour company a few thousand $$$ a few months
in advance. I'd have liked to check them out first. Also, would it be
legal for me to obtain personal credit reports on the company's
officers?
Thanks. Emailed replies will be summarized and posted.
Here are the replies. Thanks everyone. Also, the BBB now has an
automated voice-response system on an 800-number, keyed by the org in
question's phone number. It's quite easy to use, though there have been
questions in the past about the completeness of the data.
-----
Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
------- Forwarded Messages
>From: alexandr@fconvx.ncifcrf.gov (Jerry N. Alexandratos)
>From what I have read, you can get (legally) credit reports on
businesses from certain businesses which check on businesses. The
companies also rate the credit-worthiness of the business for bond
ratings. Getting personal creidt reports for personal use is illegal as
far as I know. (Which isn't much) jna.
------- Message 2
>From: "Patrick A. Townson" <ptownson@delta.eecs.nwu.edu>
Your article in comp.privacy noted. Yes, credit reports on businesses
are available, for about the same cost as credit reports on individ-
uals. I have them here in the Digital Detective database as one
example. You can order them and get them sent to you on fax or through
the mail, etc.
Call me if you are interested in further details or any specific
company. 1-708-329-0571.
Patrick Townson
------- Message 3
>From: Sean Donelan <SEAN@SDG.DRA.COM>
Call the local Better Business Bureau in the city where the company is
located. This is a very effective way of checking out a company, I'm
always surprised more people don't use it.
Call the Attorney General's office in the state where the company is
located. Will alert you of any "legal" action, any even a "high-level"
of complaints.
Visit the local public library, and ask the reference librarian how to
look up the company information. This is most effective for publicly
held companies.
> Also, would it be legal for me to obtain personal credit reports on
> the company's officers?
If it is a corporation, no. If it is a partnership, or proprietership,
maybe, but I would avoid it anyway. It is far too easy to mess up and
break the law. Also, the funny thing about crooks who run companies,
they often have really good personal financies because they often rip
off their own companies too.
- --
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Domain: sean@dra.com, Voice: (Work) +1 314-432-1100
------- Message 4
>From: Bob Stratton <strat@uunet.uu.net>
On GEnie, users may purchase business credit reports in real-time, via
TRW for something like $27.00. I did when last changing jobs, and found
it to be a neat resource.
Bob Stratton (KE4GDC) <strat@uunet.uu.net>
UUNET Technologies, Inc.
3110 Fairview Park Drive, Suite 570, Falls Church, VA 22042
Disclaimer: I just speak for myself, and that's too much
responsibility as it is.
------- Message 5
>From: "Tansin A. Darcos & Company" <0005066432@MCIMAIL.COM>
>From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
You can, if the company is large enough, check the printed records that
Dun & Bradstreet put out. D&B generally also sells reports on
companies; normally you have to subscribe, but I think they have a 1-900
number for getting reports; call your local office and find out how much
it will cost for a report on a company. I'm sure that if someone wants
to pay for a single report they will provide it.
And getting a credit report on some people in Borneo from a U.S. Credit
Reporting Service might be a little hard to do. However, since you are
concerned about prepaying a deposit, you might want to check; this might
fall into the "legitimate business reason" needed to obtain a personal
credit report.
(WRF Note: the company running the tour is in Cambridge MA.)
------- Message 6
>From: wicklund@intellistor.com (Tom Wicklund)
One form of credit report on a company is business directories. There
are several forms put out by Standard and Poors, Dun and Bradstreet, and
others. They cover U.S. public and private companies and many foreign
companies.
In the U.S., if a company is public, it must publish financial and other
results (annual and quarterly reports which meet SEC requirements.
Foreign countries have varying requirements.
If you look in business directories, note that they aren't always
accurate (just like your personal credit report). My father used to own
a small company and was given a report which stated that he refused to
talk to them, when the truth was whoever did the report didn't bother
trying to call the company.
------- End of Forwarded Messages
------------------------------
From: skoper@netcom.com (Stan Koper)
Date: Fri, 17 Dec 1993 20:44:14 GMT
Subject: Re: Cellular Phone Security
Organization: There is no Organization, there is only me
In article <comp-privacy4.8.5@cs.uwm.edu> Mark Eckenwiler wrote:
> In <comp-privacy4.7.6@cs.uwm.edu>, reed@interval.com sez:
> >I have to pay his salary with my taxes so he can apply his personal
> >interpretation of the law by refusing to prosecute a clear violation?
> ...
> >I hope this is yet another hoax.
>
> Apparently not. Mr Grosso is listed in Martindale-Hubbell as an AUSA,
> so unless the post is forged, this is a gen-you-wine remark from a
> federal prosecutor.
Moreover, as an employee, Mr. Grosso will have to follow whatever
lawful instructions his employers give him. "...refusing to
prosecute a clear violation". I love it. There is something
called "administrative discretion", which is another way of
saying "you don't use an elephant gun to kill a flea."
Stan Koper
skoper@netcom.com
------------------------------
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 17 Dec 1993 13:00:10 EST
Subject: Public Hearings on Privacy
Organization: CPSR Washington Office
Public Hearings on Privacy
NEWS
US OFFICE OF CONSUMER AFFAIRS
FOR IMMEDIATE RELEASE Contact: George Idelson (USOCA)
December 10, 1993 (202)634-4344
Patricia Faley (USOCA)
(202)634-4329
PUBLIC HEARINGS ON INFORMATION AGE PRIVACY SET FOR CALIFORNIA AND
WASHINGTON, DC.
Sacramento: January 10-11, 1994; Washington, DC: January 26-27,
1994. Public Invited to Participate.
Representatives from the public, private and non profit
sectors will present their views on personal privacy and data
protection in the information age at public hearings of a U.S.
Government task force in early 1994.
The hearings will be open meetings of the Privacy Working
Group, chaired by Patricia Faley, Acting Director of the United
States Office of Consumer Affairs (USOCA). The Working Group is
part of a task force set up by the Clinton Administration to
consider how to spur development of an "information
superhighway." officially known as the National Information
Infrastructure (NII), the "data highway" will be capable of
exchanging data, voice and images electronically within a vast
network of individuals, businesses, government agencies and other
organizations around the world. Ensuring ready access to
information is the goal of the Administrative initiative, but
protecting individual privacy is essential to its success.
The public meetings will examine privacy issues relating to
such areas as law enforcement, financial services, information
technology, and di:rect marketing. The California mooting,
January 10th and llth, will be hosted by Jim Conran, Director,
California Department of Consumer Affairs in the First Floor
Hearing Room at 400 R Street in Sacramento. The Washington, DC
meeting, January 26th and 27th, will be held at the U.S.
Department of Commerce Auditorium, 14th & Constitution Ave. NW.
Registration begins at 8:30am, meetings at 9am.
The public is invited to attend, question speakers and to
make brief comments, but space is limited. Concise written
statements for the record should be sent to "Privacy," USOCA,
1620 L Street NW, Washington DC 20036 or faxed to (202)634-4135.
# # #
United States Office of Comumer Affairs - 1620 L Street, NW, Washington,
D.C. 20036-5605
------------------------------
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Fri, 17 Dec 93 23:27:35 -0700
Subject: Frequently Asked Privacy Questions (FAQ)
Some Privacy Digest readers may be unaware of some useful FAQs
associated with privacy on the Internet, and I am writing this message
in response to a specific inquiry from Mr. L.P.Levine to describe one
for you. For close to a year I have been maintaining one comprehensive
list of questions and answers that can be obtained from
rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or newsgroups
news.answers, sci.answers, alt.answers every 21 days. Here is a table
of contents from this FAQ. Also, a treatise on the debate that ensued
with the introduction of anonymity on the Internet can be obtained from
rtfm.mit.edu:/pub/usenet/news.answers/net-anonymity.
Also, I am very pleased to announce here for the first time anywhere
that a new Latex version of the P&A FAQ is available! This is complete
with a table of contents and beautiful formatting (some future
adjustments on the way). My immense thanks to Matjaz Rihtar
<matjaz.rihtar@uni-lj.si> for translating the FAQ. See
ripem.msu.edu:/pub/crypt/politics/privacy-anonymity-faq.latex.Z.
A special thanks to all the correspondents who have contributed to
improving the FAQ.
IDENTITY, PRIVACY, and ANONYMITY on the INTERNET
================================================
(c) Copyright 1993 L. Detweiler. Not for commercial use except by
permission from author, otherwise may be freely copied. Not to be
altered. Please credit if quoted.
SUMMARY
=======
Information on email and account privacy, anonymous mailing and
posting, encryption, and other privacy and rights issues associated
with use of the Internet and global networks in general.
(Search for <#.#> for exact section. Search for '_' (underline) for
next section.)
PART 1
====== (this file)
Identity
--------
<1.1> What is `identity' on the internet?
<1.2> Why is identity (un)important on the internet?
<1.3> How does my email address (not) identify me and my background?
<1.4> How can I find out more about somebody from their email address?
<1.5> How do I provide more/less information to others on my identity?
<1.6> Why is identification (un)stable on the internet?
<1.7> What is the future of identification on the internet?
Privacy
-------
<2.1> What is `privacy' on the internet?
<2.2> Why is privacy (un)important on the internet?
<2.3> How (in)secure are internet networks?
<2.4> How (in)secure is my account?
<2.5> How (in)secure are my files and directories?
<2.6> How (in)secure is X Windows?
<2.7> How (in)secure is my email?
<2.8> How am I (not) liable for my email and postings?
<2.9> Who is my sysadmin? What does s/he know about me?
<2.10> Why is privacy (un)stable on the internet?
<2.11> What is the future of privacy on the internet?
Anonymity
---------
<3.1> What is `anonymity' on the internet?
<3.2> Why is `anonymity' (un)important on the internet?
<3.3> How can anonymity be protected on the internet?
<3.4> What is `anonymous mail'?
<3.5> What is `anonymous posting'?
<3.6> Why is anonymity (un)stable on the internet?
<3.7> What is the future of anonymity on the internet?
PART 2
====== (next file)
Issues
------
<4.1> What is the Electronic Frontier Foundation (EFF)?
<4.2> Who are Computer Professionals for Social Responsibility (CPSR)?
<4.3> What was `Operation Sundevil' and the Steve Jackson Game case?
<4.4> What is Integrated Services Digital Network (ISDN)?
<4.5> What is the National Research and Education Network (NREN)?
<4.6> What is the FBI's proposed Digital Telephony Act?
<4.7> What is U.S. policy on freedom/restriction of strong encryption?
<4.8> What other U.S. legislation is related to privacy?
<4.9> What are references on rights in cyberspace?
<4.10> What is the Computers and Academic Freedom (CAF) archive?
<4.11> What is the Conference on Freedom and Privacy (CFP)?
<4.12> What is the NIST computer security bulletin board?
Clipper
-------
<5.1> What is the Clipper Chip Initiative?
<5.2> How does Clipper blunt `cryptography's dual-edge sword'?
<5.3> Why are technical details of the Clipper chip being kept secret?
<5.4> Who was consulted in the development of the Clipper chip?
<5.5> How is commerical use/export of Clipper chips regulated?
<5.6> What are references on the Clipper Chip?
<5.7> What are compliments/criticisms of the Clipper chip?
<5.8> What are compliments/criticisms of the Clipper Initiative?
<5.9> What are compliments/criticisms of the Clipper announcement?
<5.10> Where does Clipper fit in U.S. cryptographic technology policy?
PART 3
====== (last file)
Resources
---------
<6.1> What UNIX programs are related to privacy?
<6.2> How can I learn about or use cryptography?
<6.3> What is the cypherpunks mailing list?
<6.4> What are some privacy-related newsgroups? FAQs?
<6.5> What is internet Privacy Enhanced Mail (PEM)?
<6.6> What are other Request For Comments (RFCs) related to privacy?
<6.7> How can I run an anonymous remailer?
<6.8> What are references on privacy in email?
<6.9> What are some email, Usenet, and internet use policies?
Miscellaneous
-------------
<7.1> What is ``digital cash''?
<7.2> What is a ``hacker'' or ``cracker''?
<7.3> What is a ``cypherpunk''?
<7.4> What is `steganography' and anonymous pools?
<7.5> What is `security through obscurity'?
<7.6> What are `identity daemons'?
<7.7> What standards are needed to guard electronic privacy?
Footnotes
---------
<8.1> What is the background behind the Internet?
<8.2> How is Internet `anarchy' like the English language?
<8.3> Most Wanted list
<8.4> Change history
------------------------------
End of Computer Privacy Digest V4 #010
******************************
.