Date: Fri, 21 Jan 94 14:36:07 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#021
Computer Privacy Digest Fri, 21 Jan 94 Volume 4 : Issue: 021
Today's Topics: Moderator: Leonard P. Levine
GTE and new Fed Compliance
Sprint's new 'voice fonecard'
SSN on Payroll Checks
CD-ROM Software Distribution
Re: Data Encryption and Privacy
Re: Data Encryption and Privacy
Re: Data Encryption and Privacy
Re: Buckley Act Outrage
Re: SSNs and E-mail guidelines
Re: FOIA and Copyright
CFP: Computers and Society journal (long)
Privacy on the Internet (long)
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: keithd@netcom.com (Keith Doyle)
Subject: GTE and new Fed Compliance
Organization: Netcom Online Communications Services (408-241-9760 login: guest)
Date: Wed, 19 Jan 1994 17:05:04 GMT
Here's a curious note I just got from GTE:
----------
Dear Calling Card Customer:
Effective April 9, 1994, when a GTE customer with an unlisted or
unpublished telephone number uses a GTE Calling Card or the Calling
Card feature of the GTE MasterCard, new federal regulations require GTE
to provide the billing name and address of the customer if the
telecommunications company handling the call requests that
information. These companies will use the information to bill you
directly for any calls you make using their services. GTE anticipates
the number of requests for this information will be very limited and
that most telecommunications service providers will use GTE's billing
services as they currently do today.
The FCC also requires GTE to offer customers with unlisted or
unpublished telephone numbers the option to instruct GTE not to release
their billing name and address to these telecommunications service
providers. If you wish to deny release of your billing name and
address, completely fill in the circle labeled "deny" on the attached
Authorization Form and return it to GTE in the enclosed envelope by
February 18, 1994. Be aware that denying release of your billing name
and address will likely result in the majority of telecommunications
service providers refusing to accept your GTE Calling Card and the
Calling Card feature of your GTE MasterCard. GTE will assume you have
agreed to allow the release of this information, should we not receive
the completed Authorization Form within 30 days of receipt of this
notice.
[and then in bold letters] If you wish to ensure that all
telecommunications service providers continue to accept your GTE
Calling Card, NO RESPONSE to this notification is necessary. [end bold]
Sincerely,
Richard Bramlet
Manager-Federal Regulatory Compliance
-------------------------------------
So what do you suppose prompted this? Is there a privacy issue going on
here?
========================================================================
Keith Doyle
keithd@netcom.com
-----------------------covert message packet----------------------------
000eWIAdx0gXyuhQtccBOF<CkKkIgdJHddxqbhmx0ruWhUUrgcMUfvHBbltaLcYpNY3J170d
000f6rxjK<<Gz1buKDvsoyqO1JRlwYEP0c>pMGKqIqCD7DiPDn7RQv9SM3qYw4JxelD11565
========================================================================
------------------------------
From: reb@ingres.com (Phydeaux)
Date: Wed, 19 Jan 1994 12:48:10 -0800
Subject: Sprint's new 'voice fonecard'
From the San Francisco Business Times:
>"The Voice Foncard allows you to let your voice do the dialing,
without punching in authorization codes and individual phone numbers,"
said John Polumbo, Sprint's general manager for the Pacific region.<
>Callers will simply dial an 800 access number and identify themselves
by stating their social security number, preceded by one digit for
additional security. The system recognizes the number and verifies the
"voice print."<
>Callers then simply place calls by using programmed phrases, such as
"call home" or "call doctor."<
The part about callers identifying themselves by SSN really bothers me.
------------------------------
From: joew@resumix.portal.com (Joe Wisniewski x8421)
Subject: SSN on Payroll Checks
Organization: Resumix, Inc., Santa Clara, CA
Date: Thu, 20 Jan 1994 02:19:49 GMT
My employer went to a new payroll system, ADT. Got our first check today.
Guess what was on it. Yup, ss#.
1. Is this a requirement of ADT, if anyone out there knows?
2. Is there any legal prohibition against this?
(Comapny is in California, I am in Arizona).
3. Has anyone else ever heard of this with their employers?
Joe Wisniewski <joew@baloo.geg.mot.com>
------------------------------
From: "becky (b.l.) chan" <beckyc@bnr.ca>
Date: Thu, 20 Jan 1994 13:33:00 +0000
Subject: CD-ROM Software Distribution
I heard that Apple and Sun have a new way of distributing software on
CD-ROMs. Both companies allow users to try out any number of software
programs on the CD-ROM before making a purchase. Once the users make a
choice, they can call a 1-800 number to pay for the software, and to
get a key/code/password to obtain the full program immediately.
How does this CD-ROM distribution scheme work?
What kind of cryptography is being used to prevent the programs from
being stolen?
How difficult will it be to penetrate and disable the protection?
--
Becky L. Chan
Computing Research Lab., Dept. 0R00
Bell-Northern Research Ltd
P.O. Box 3511, Station C
Ottawa, Ontario
Canada K1Y 4H7
------------------------------
From: rerodd@eos.ncsu.edu (Richard Roda)
Subject: Re: Data Encryption and Privacy
Organization: North Carolina State University, Project Eos
Date: Thu, 20 Jan 1994 02:16:39 GMT
In article <comp-privacy4.20.8@cs.uwm.edu>
Chuck Weckesser <71233.677@compuserve.com> writes:
>[Details of Protection Ommitted] Finally, is anyone aware of a
shareware program which DESTROYS your disc (if you so set that option)
after incorrectly entering the password on the third attempt *after*
first getting through security measures which cause no harm?<
Something you might want to look at is called a morphic cypher.
Basically, it has more than one password, and depending on which
password is entered it will produce different things. So you could
have one password for bogus stuff and one for the real stuff, then if
asked for a password give the bogous one out.
>I am new to Internet and am following the PGP debate with great
interest. As things now stand, and someone please correct me if I am
wrong, it is absolutely *IMPOSSIBLE* to penetrate a system using PGP,
correct?<
No. If someone finds an efficent way to calculate the inverse of the
RSA algorythm (factoring the public key) *OR* finds a way to break the
IDEA algorythm then the system is comprimised. This is a weakness of a
hybrid system: there are two points of attack. A system that ran with
just RSA could not be comprimised by breaking the IDEA algorythm. The
reason that PGP is a hybrid system is that RSA is simply too slow to
encrypt data of any length other than very short, so only the IDEA key
used to create a particular message (the session key) is RSA encoded.
There are no gurantees.
--
PGP 2.3 Public key by mail | Richard E. Roda <rerodd@eos.ncsu.edu>
Disclaimer--------------------------------------------------------------
| The opinions expressed above are those of a green alien who spoke to
| | me in a vision. They do not necessarily represent the views of
NCSU | | or any other person, dead or alive, or of any entity on
Earth. |
------------------------------------------------------------------------
Criminals prefer unarmed victims. Oppose gun control. Drug Dealers
prefer a monopoly. Support legalization of drugs.
------------------------------
From: mdw@cscns.com (Mike Watson)
Subject: Re: Data Encryption and Privacy
Organization: Community_News_Service
Date: Thu, 20 Jan 1994 03:22:25 GMT
>In theory, could even NSA penetrate my system given the steps I have
taken to protect my data?<
I'm the author of the shareware DES encryption program Enigma so I have
more than a passing interest in your questions. I am not however a
professional cryptographer.
Nothing is completely safe in theory except one-time pads which are
totally impractical for data security.
I believe that DES does not have any back doors which make it easy to
decrypt. If so, triple-DES in theory would provide total security for
the forseeable future if DES is not what is called a group. A group
means that for keys 1, 2 and 3, there exists a key 4 which is
equivalent. Many mathematical operations are groups (addition is an
obvious example). Most mathematicians believe DES is not a group and
thus triple-DES is very secure. If this is not the case triple-DES is
a waste of time (though just as secure as regular DES).
There are two major areas you are exposed with any encryption program.
First, can you trust the package. Do the packages you use hide the key
somewhere within the data, perhaps protected by an "administrative"
key. Make sure that the manufacturer can not "recover" your data for
you if you forget your key. Secondly make sure any administrative
override features are turned off.
Second, and even more importantly is key security! If your password is
only words in a dictionary it will be trivial to break. You can bet
that the codebreakers of the world have massive dictionaries of
probable keys. These dictionaries can be searched in seconds or at
worst hours by super fast computers. Your program should also "crunch"
keys. This has to do with how characters are stored on a computer.
Each character normally takes up 8 bits, yet the number of characters
people choose their keys from is only about 5 bits. If you are trying
to break a key you would search for only normal printable ascii
characters first reducing by an almost unimaginable amount the time the
search will take. Crunching solves this problem by using data
compression to make more than 7 characters (in the case of DES with a
56 bit key) meaningful.
>Finally, is anyone aware of a shareware program which DESTROYS your
disc (if you so set that option) after incorrectly entering the
password on the third attempt *after* first getting through security
measures which cause no harm?<
Any decent programmer could write such a program but I would never
recommend its use. Chance of harm is tremendous, plus its a huge pain
to test such a thing.
>I am new to Internet and am following the PGP debate with great
interest. As things now stand, and someone please correct me if I am
wrong, it is absolutely *IMPOSSIBLE* to penetrate a system using PGP,
correct?<
Nothing is impossible. PGP uses a relatively new encryption method
that has not been in use long enough to gurantee no weaknesses.
mdw@cns.cscns.com -- Write if you want info about Enigma (for Macintosh)
------------------------------
From: gene michael stover <gangrene!gene@netcom.com>
Date: Thu, 20 Jan 94 14:33:06 -0800
Subject: Re: Data Encryption and Privacy
Chuck,
I'm responding to your message in Computer Privacy Digest V4 #020.
I'll answer your last question first (and then amble into an answer for
everything else): ``It is absolutely *IMPOSSIBLE* to penetrate a system
using PGP, correct?''
*Not* correct.
There currently exist many algorithms for cryptanalysing (decrypting
without the key) a PGP message, but they are very expensive to use on
the average message. There's nothing to prevent me from putting one of
these programs on a spare computer and feed it a PGP message and
letting it go. In a few (or a few million ;-) years, I'd probably have
the decryption.
With any cryptosystem (not just PGP), you have to compare the amount of
money your ``enemy'' is willing to spend in decrypting your messages,
the technology and knowledge he might be able to employ, and the time
you need the messages to stay secret.
For example, you don't need to worry much about me breaking your PGP
messages because it's not worth more than a few pennies for me to do
it, I don't have access to any super-secret high-tech magic to do it
with, and it would take me so long that you and I would probably both
be dead by the time I found the solution.
On the other hand, a government agency might be willing to spend
millions to break your messages. Some agencies, like the NSA, might
have access to super-duper-cryptanalysis technology that we don't know
about. (For what it's worth, I doubt that the NSA knows anything that
the published, academic experts don't.)
So your data is never absolutely secure. You have to weigh the cost to
you of disclosure with the gain to your enemy. It's too bad
cryptosystems can't be rated by the approximate cost to break a
message.
My guess is that PGP is fine. Same with the three systems you currently
use. If the details of the commercial systems are kept secret by the
manufacturer, I would suggest you drop them and use PGP because
``security through obscurity'' isn't [Kerckhoff's principle, improved
by paraphrasing ;-].
--
gene m. stover "Making the world safe from democracy."
CyberTiggyr Software Development
Internet: gene@netcom.com
NeXT Mail spoken here
For PGP public key, finger gene@netcom.com
------------------------------
From: cfrye@ciis.mitre.org (Curtis D. Frye)
Subject: Re: Buckley Act Outrage
Date: Thu, 20 Jan 1994 10:26:01 -0600 (CST)
Organization: University of Wisconsin-Milwaukee
Anonymous writes:
>I would GREATLY appreciate help from any one of you as to how best to
deal with this outrage. Can violations of the Buckley Act and
dissemination of information in student files be punished on a criminal
basis? If so, who/where does one complain?<
I would concentrate on pursuing the civil penalities, up to and
including dismissal for cause if the professor in question is tenured.
Tape record all conversations with the school administration if
possible (and legal in your jurisdiction), prepare a press release to
use as a bargaining chip (put "NOT FOR ATTRIBUTION OR QUOTATION" on the
top, but indicate that it could be easily erased if necessary), and see
if you can get the individuals who provided the information off the
hook (assuming no malice) if they will merely testify to the fact that
Professor X was the individual who requested your student records.
Also, I would email Mike Godwin of the EFF (Senior Counsel, or some
such) at mnemonic@eff.org.
--
Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author
cfrye@ciis.mitre.org
"If you think I speak for MITRE, I'll tell you how much they
pay me and make you feel foolish."
------------------------------
From: "Michael T. Palmer" <palmer@chmsr.isye.gatech.edu>
Subject: Re: SSNs and E-mail guidelines
Date: 20 Jan 1994 14:03:55 GMT
Organization: Georgia Institute of Technology
Robert Ellis Smith <0005101719@mcimail.com> writes:
>Michael T. Palmer asked about SSNs and the Virginia drivers license.
There was long litigation concerning the Virginia requirement that SSNs
be provided IN ORDER TO VOTE, but not concerning the SSN on drivers
licenses. A federal Court of Appeals ruled in March 1993 that Virginia
could not demand the SSN in order to vote.<
Thanks for the followup! I also was aware of the lawsuit concerning
the SSN being required to vote (and then available as part of the
public voter registration records).
What I meant to refer to, though, was the hearings that CPSR
participated in with some House of Delegates subcommittee about the SSN
on drivers' licenses. References to these meetings was even made in
our local papers, and I typed in (from the Hampton, VA Daily Press) a
related article called "Thieves Have Your Number" that talked about
this problem. I still have a copy if anyone wants it -- let me know
and I'll post it again.
But this was over a year ago, and I haven't seen or heard anything
since. Any CPSR folks out there following up on this?
Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available
Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng
Georgia Institute of Technology, Atlanta, Georgia 30332-0205
------------------------------
From: wrf@ecse.rpi.edu (Wm. Randolph U Franklin)
Subject: Re: FOIA and Copyright
Date: 20 Jan 1994 23:03:53 GMT
Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA
reed@interval.com (David P. Reed) writes:
>The recent note by James Love of Nader's Taxpayer's Assets Project
attempt to break West's control of the Juris database raises
interesting issues related to the use of FOIA to allow one taxpayer to
seize another's property.<
That's been a supposed problem with FOIA from the beginning. What's
your property?
Companies claim that government forms that they are required to
complete, and which are then available under FOIA, contain confidential
info.
Some years ago there was an outraged letter to Science from a medical
researcher complaining that a rival used FOIA to read his funded grant
proposals. The researcher said that if anyone wanted to read his
proposals, then they should ask him directly, and if he thought that
the request was appropriate, then he would provide the info. Of
course, now NSF, at least, puts the funded abstracts on the Internet
(at stis.nsf.gov).
--
Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
------------------------------
From: Rob Kling <kling@ics.uci.edu>
Subject: CFP: Computers and Society journal (long)
Date: 20 Jan 94 04:56:42 GMT
CALL FOR PAPERS
COMPUTERS AND SOCIETY
This posting contains information about, and a call for papers
for, "Computers and Society" journal, published quarterly by the
Association for Computing Machinery Special Interest Group on
Computers and Society (ACM SIGCAS). This note also includes a
form for subscribing to Computers and Society by joining SIGCAS.
No technology since the automobile has had more impact on our
daily lives than the computer. Yet, computer professionals
involved in the development of computer systems are often
focused solely on the technical side of their work. Often
overlooked when designing and implementing systems is how these
systems affect people, organizations, and society.
"Computers and Society" is a forum for provocative commentary
about the ethical, social, and organizational implications of
computer technology. It is a multidisciplinary journal which is
now publishing its 24th annual volume. We encourage new and
controversial points of view. We're interested in publishing
thought-provoking essays and ideas which can be anchored in
professional experiences or in scholarly study. We want you to
take chances. We also encourage "work-in-progress" where you
publish your ideas to get comments from other professionals
before publishing the article in a refereed journal. (Articles
for "Computers and Society" are not refereed, but they are
subject to some editorial review.)
The scope of "Computers and Society" includes: computer ethics,
organizational issues, privacy, property, equity, gender, health
and safety, environmental, professional certification, teaching
standards, and other topics concerning the social implications
of computers. The audience for the journal includes computer
professionals, teachers of computers & society courses,
students, researchers, and computer ethicists.
For more information about how to subscribe and submit articles
to "Computers and Society," please contact the Editor: Bruce
Jawer, 4504 15th Ave NW, Rochester MN 55901 USA. Phone:
(505) 281-1674; E-mail: 71035.1552@compuserve.com
Thanks for your interest in "Computers and Society."
Examples of recently published articles include:
Allen, Jonathan. "Groupware and Social Reality."
Anderson, Ron, and others. "ACM Code of Ethics and Professional Conduct."
Bergin, Thomas. "Teaching Ethics, Teaching Ethically."
Betts, Mitch. "Plumbing the Soul of IS."
Coldwell, R.A. "University Students' Attitude Towards Computer Crime."
Dahlbom, B, and L. Mathiassen. "Systems Development Philosophy."
Forester, Tom. "Megatrends or Megamistakes?"
Friedman, Batya. "A Course in Professional Responsibility for
Computer Scientists."
Gotterbarn, Donald. Case Studies in computer ethics and
professional responsibility.
Greenbaum, Joan. "The Head and the Heart: Gender Analysis of Computer Systems."
Hollinger, Richard. "Hackers: Computer Heroes or Electronic Highwaymen."
Huff, Chuck. "Peer Learning and Active Involvement in the
'Computers and Society' course."
Johnson, Deborah. An excerpt from "Computer Ethics, Second Edition."
Kling, Rob. "Constructing an Analytical Anthology: Computerization
and Controversy."
Kling, Rob. "Information Systems, Social Transformation, and Quality of Life."
Martin, Dianne, and David Martin. "Professional Codes of Conduct and
Computer Ethics."
Miller, Margaret. "Teaching Computers, Technology, and Society Courses."
Rosen, L., and M. Weil. "The Psychological Impact of Technology."
Sagheb-Tehrani, Mehdi. "The Technology of Expert Systems: Some Social Impacts."
Shneiderman, Ben. "Human Values and the Future of Technology."
=================================
Information about joining the ACM's Special Interest Group on
Computers and Sciety (SIGCAS)
and subscribing to "Computers and Society."
SIGCAS' Scope:
Forum for computer specialists, those in related fields and
public at large to gather and report information, exchange
ideas, and arouse concern about impact of computers and
society. The main concern is ethical and philosophical
implications.
Membership Includes:
- Newsletter Subscription
- Discounts on publication and conferences
Topics:
Societal issues raised by computing technology including
quality of life, ethics and information infrastructure impacts.
Please circle appropriate rate(s) and indicate total.
Overseas Air Options
Partial Full TOTAL
Air Air
To Join ACM/SIGCAS
ACM Associate Member Dues $79.00 + $30.00 + $60.00 =
ACM Student Member Dues $24.00 + $30.00 + $60.00 =
Add SIGCAS to ACM Membership $20.00 + $ 4.00 + $10.00 =
Add SIGCAS to ACM Student Membership $10.00 + $ 4.00 + $10.00 =
TOTAL
ACM Associate and Student Member Dues includes a
subscription to the monthly Communications of the ACM. For Voting
Member privileges contact Member Services at address below.
ACM Membership #_____________________________
To Join or Subscribe to SIGCAS only
SIGCAS Membership only (non-ACM) $56.00 + $ 4.00 + $10.00=
Subscription to SIGCAS newsletter only $56.00 + $ 4.00 + $10.00=
TOTAL
Purposes: To advance the sciences and arts of information
processing; to promote the free interchange of information
processing among computing specialists and the public; and to
develop and maintain the integrity and competence of
individuals engaged in the practice of information processing.
As an ACM member, I subscribe to the purposes of ACM:
Signature ___________________________________
___ Information about ACM and SIGCAS membership? Please
provide your name and address below.
Name (please print) _________________________ E-Mail _____________________
Mailing Address ______________________________ Phone _____________________
City _______________ State or Province __________ Country/Zip Code _______
Form of Payment ___ Check (payable to ACM) ___ Money Order
___ Amex ___ Mastercard ___ Visa
If paying by credit card: Card #____________________________
Card Expiration Date:_______Signature______________________
If you have any questions about ACM and/or SIGCAS membership contact:
ACM Member Service Department, Phone: (212) 626-0500,
E-Mail: ACMHELP@ACM.ORG, Fax: (212) 944-1318
Mail to: Association for Computing Machinery, P.O. Box 12115,
Church Street Station, NY, NY 10249 7/1/93
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: Privacy on the Internet (long)
Date: Thu, 20 Jan 1994 13:02:57 -0600 (CST)
Organization: University of Wisconsin-Milwaukee
ld231782@longs.lance.colostate.edu (L. Detweiler) has prepared his most
recent update of answers to Frequently Asked Questions (FAQ) about
Privacy & Anonymity on the Internet.
The material is contained in three files that he has posted widely. The
files deal with email and account privacy, anonymous mailing and
posting, encryption, and other privacy and rights issues associated
with use of the Internet and global networks in general.
Readers of Computer Privacy Digest (not comp.society.privacy) did not
see this document here. I am posting the title sheet for it and
recommending that those who are interested get a copy via some source.
A copy of the complete document (3 files, each about 50,000 bytes long)
is available via ftp by the following process:
ftp ftp.cs.uwm.edu (on your system)
ftp (answer to login request)
your_userid@your_site (answer to password request)
cd pub/comp-privacy/library (at ftp prompt)
get net-privacy-part1 (move documents to your filespace)
get net-privacy-part2
get net-privacy-part3
quit (back to your system)
or if ftp is unavailable or difficult to use, send a request for
net-privacy-part1, net-privacy-part2, and/or net-privacy-part3 to:
comp-privacy-request@uwm.edu
What follows is the table of contents of these files:
IDENTITY, PRIVACY, and ANONYMITY on the INTERNET
================================================
(c) Copyright 1993 L. Detweiler. Not for commercial use except by
permission from author, otherwise may be freely copied. Not to be
altered. Please credit if quoted.
SUMMARY
=======
Information on email and account privacy, anonymous mailing and
posting, encryption, and other privacy and rights issues associated
with use of the Internet and global networks in general.
(Search for <#.#> for exact section. Search for '_' (underline) for
next section.)
net-privacy-part1
======
Identity
--------
<1.1> What is `identity' on the internet?
<1.2> Why is identity (un)important on the internet?
<1.3> How does my email address (not) identify me and my background?
<1.4> How can I find out more about somebody from their email address?
<1.5> How do I provide more/less information to others on my identity?
<1.6> Why is identification (un)stable on the internet?
<1.7> What is the future of identification on the internet?
Privacy
-------
<2.1> What is `privacy' on the internet?
<2.2> Why is privacy (un)important on the internet?
<2.3> How (in)secure are internet networks?
<2.4> How (in)secure is my account?
<2.5> How (in)secure are my files and directories?
<2.6> How (in)secure is X Windows?
<2.7> How (in)secure is my email?
<2.8> How am I (not) liable for my email and postings?
<2.9> Who is my sysadmin? What does s/he know about me?
<2.10> Why is privacy (un)stable on the internet?
<2.11> What is the future of privacy on the internet?
Anonymity
---------
<3.1> What is `anonymity' on the internet?
<3.2> Why is `anonymity' (un)important on the internet?
<3.3> How can anonymity be protected on the internet?
<3.4> What is `anonymous mail'?
<3.5> What is `anonymous posting'?
<3.6> Why is anonymity (un)stable on the internet?
<3.7> What is the future of anonymity on the internet?
net-privacy-part2
======
Issues
------
<4.1> What is the Electronic Frontier Foundation (EFF)?
<4.2> Who are Computer Professionals for Social Responsibility (CPSR)?
<4.3> What was `Operation Sundevil' and the Steve Jackson Game case?
<4.4> What is Integrated Services Digital Network (ISDN)?
<4.5> What is the National Research and Education Network (NREN)?
<4.6> What is the FBI's proposed Digital Telephony Act?
<4.7> What is U.S. policy on freedom/restriction of strong encryption?
<4.8> What other U.S. legislation is related to privacy?
<4.9> What are references on rights in cyberspace?
<4.10> What is the Computers and Academic Freedom (CAF) archive?
<4.11> What is the Conference on Freedom and Privacy (CFP)?
<4.12> What is the NIST computer security bulletin board?
Clipper
-------
<5.1> What is the Clipper Chip Initiative?
<5.2> How does Clipper blunt `cryptography's dual-edge sword'?
<5.3> Why are technical details of the Clipper chip being kept secret?
<5.4> Who was consulted in the development of the Clipper chip?
<5.5> How is commerical use/export of Clipper chips regulated?
<5.6> What are references on the Clipper Chip?
<5.7> What are compliments/criticisms of the Clipper chip?
<5.8> What are compliments/criticisms of the Clipper Initiative?
<5.9> What are compliments/criticisms of the Clipper announcement?
<5.10> Where does Clipper fit in U.S. cryptographic technology policy?
net-privacy-part3
======
Resources
---------
<6.1> What UNIX programs are related to privacy?
<6.2> How can I learn about or use cryptography?
<6.3> What is the cypherpunks mailing list?
<6.4> What are some privacy-related newsgroups? FAQs?
<6.5> What is internet Privacy Enhanced Mail (PEM)?
<6.6> What are other Request For Comments (RFCs) related to privacy?
<6.7> How can I run an anonymous remailer?
<6.8> What are references on privacy in email?
<6.9> What are some email, Usenet, and internet use policies?
Miscellaneous
-------------
<7.1> What is ``digital cash''?
<7.2> What is a ``hacker'' or ``cracker''?
<7.3> What is a ``cypherpunk''?
<7.4> What is `steganography' and anonymous pools?
<7.5> What is `security through obscurity'?
<7.6> What are `identity daemons'?
<7.7> What standards are needed to guard electronic privacy?
Footnotes
---------
<8.1> What is the background behind the Internet?
<8.2> How is Internet `anarchy' like the English language?
<8.3> Most Wanted list
<8.4> Change history
end
===
------------------------------
End of Computer Privacy Digest V4 #021
******************************
.