Date: Tue, 15 Feb 94 19:01:55 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V1#031
Computer Privacy Digest Tue, 15 Feb 94 Volume 1 : Issue: 031
Today's Topics: Moderator: Leonard P. Levine
Re: Privacy in Mailing Lists
Re: Privacy in Mailing Lists
Re: Privacy in Mailing Lists
Clipper Overseas
Re: WA state bill could censor VR and multimedia
Re: WA state bill could censor VR and multimedia
privacy and sexual crimes
privacy and sexual crimes
privacy and sexual crimes
Electronic Food Stamps
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Alan Bawden <Alan@lcs.mit.edu>
Date: Mon, 14 Feb 94 16:51:45 -0500
Subject: Re: Privacy in Mailing Lists
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: Sun, 13 Feb 1994 03:57:42 GMT
I don't quite understand. Why is the existence of your email address,
when you've freely sent it out to join a public mailing list, a big
privacy matter?
And indeed I imagine that you will not object to my revealing to
everyone here that you subscribe to a mailing list that I maintain for
discussing Rubik's Cube and related puzzles. But suppose my mailing
list was not "Cube-Lovers", but was instead "Recovering-Drug-Addicts".
Would you want me to publicize my membership quite so freely in that
case? Even if you were -not- a recovering drug addict yourself, you
still might prefer to avoid the hassle of explaining to your boss about
why you subscribe to such a list.
------------------------------
From: johnl@iecc.com (John R Levine)
Date: Mon, 14 Feb 94 22:31 EST
Subject: Re: Privacy in Mailing Lists
Organization: I.E.C.C., Cambridge, Mass.
I don't quite understand. Why is the existence of your email
address, when you've freely sent it out to join a public mailing
list, a big privacy matter? _any_ sort of privacy matter? I may
just be looking at this wrong, but I've never considered email
addresses to be particularly confidential information.
This is a classic data protection question. In many places other than
the U.S., information for a database created for one purpose can't be
used for other purposes without the consent of the subjects.
In this case, if I put my name on an e-mail mailing list, I've given
out my address so that I can get messages from that list. I didn't
give it out so that people could collect my name for lists of
electronic or paper junk mail.
It's worth noting that there are starting to be white pages that let
you get a person's e-mail address from the real name and address and
vice-versa. While these directories, like telephone white pages, are
quite useful for getting in touch with individuals, they also mean that
putting your name on a mailing list can easily mean that you could be
setting yourself up for yet more paper and electronic junk mail.
Great.
Regards,
John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com
------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: Tue, 15 Feb 1994 18:17:38 GMT
Subject: Re: Privacy in Mailing Lists
Organization: Fantasy Farm, Pearisburg, VA
In article <comp-privacy4.30.3@cs.uwm.edu>, Stan Hall writes:
"Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> writes:
Mailing lists may not be secure. Even allowing someone to use one,
without allowing him or her to read it, can reveal some of the
names of those in it. If you do not trust your moderator to keep
the data secure and you are concerned, you can not stay on a list.
There is no security to an unmoderated list. I am interested in
the judgements of this group.
I want to thank you for bringing this to everyones attention.
Additionally it would be a good idea that when a user subscribes to a
mailing list that the automated reply would notify the user if the
membership list is public of private information.
Let me just emphasize that this last is the key part. The default for
mailing lists, in general, is that such lists are public info and no
one goes to any bother to even pretend to hide the list of members on
the list [this dating back to the earliest days of mailing lists on the
ARPAnet]. There _have_ been confidential mailing lists and it _is_
possible to manage them. But as Prof Levine points out, it is not
trivial and there are traps and pitfalls at every step [mostly due to
the fact that the defaults for a quarter century have been "this isn't
confidential info"]. But it is doable.
The key point is when you realize that 'public' is the default, you
know what to do: when you sign up for a mailing list, and you DON'T
want your presence on the list to be disclosed, you must *ask* that
your email address be held confidential, and if you get the answer back
"Can't", there's not much you can do except try other alternatives.
[one simple one is to sign up for an account at a random public-access
site with a strange/noninformative email handle ["joker@pub.com" or
"bigdave@pub.com" or whatever] and get on the list via THAT address
[kind of the moral equivalent of using an alias with a PO box]].
/Bernie\
--
Bernie Cosell bernie@fantasyfarm.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
From: Christopher Zguris <0004854540@mcimail.com>
Date: Tue, 15 Feb 94 11:42 EST
Subject: Clipper Overseas
I haven't seen this discussed so I'm going to ask. What are the
implications for Clipper's use on communications between US and foreign
countries and companies? If company A in the US is communicating with
Company B is some other part of the world over a Clipper-encrypted data
link couldn't the NSA legally monitor and decode the communition if
they chose to do so? It's a given that the NSA monitors a lot of data
communications, and I remember reading about the monitoring of US
communications using NSA equipment in foreign countries thereby by
avoiding the issue of monitoring on US soil, so couldn't the same trick
be used to monitor communications in foreign countries that would also
include US links? If we're talking about a world-wide link than a
monitoring link in a foreign node could give access to the whole thing.
How does key escrow affect potential international users? Anybody care
to shed some light on this subject?
Christopher Zguris
CZGURIS@MCIMAIL.COM
------------------------------
From: Robert Jacobson <cyberoid@u.washington.edu>
Date: Mon, 14 Feb 94 21:07:12 -0800
Subject: Re: WA state bill could censor VR and multimedia
Here's the deal on SBB 6174, the WA state bill that deals with "VR" as
of today, 2/14/94:
SBB 6174, a "substitute" Senate bill, was passing the WA state Senate
with a requirement for licensure of anyone commercializing hardware or
software to create virtual reality, as broadly defined, unless it was
to be used for education, training, or R&D. There was to be a fee
imposed by the state licensing department, to fund the program and also
anti-violence programs.
The bill was amended to remove this clause and to simply state that
virtual reality, like other media (including videogames), should have
an age-group rating concocted by the local software association. It's
fairly sure that the bill may go through other changes in a conference
with a House bill not containing these clauses.
It was and remains a serious bill, a complete, 200-page overhaul of the
WA state health structure. Thanks to the Washington Software Assn., it
was amended and tamed. But bills like this are being introduced around
the nation, due to the carelessness of Sega and Nintendo in marketing
truly offensive software. They get rich, the rest of us get licensed.
No fair.
------------------------------
From: vapspcx@cad.gatech.edu (S. Keith Graham)
Date: 15 Feb 1994 15:35:34 -0500
Subject: Re: WA state bill could censor VR and multimedia
Organization: Free Agent
Robert Jacobson <cyberoid@u.washington.edu> writes:
There is a bill at the state level: (excerpts from ``Public Health &
Safety Act 1994'' bill, SBR 6174)
NEW SECTION. Sec. 706 (1) A license is required for the
commercial use of virtual reality technology for entertainment
or purposes other then bona fide education, training, research,
and development.
where VR is defined:
NEW SECTION. Sec 702. (4) ``Virtual Reality'' means any
computer or other electronic technology that creates an enhanced
illusion of three-dimensional, real-time or near-real-time
interactive reality through the use of software, specialized
hardware, holograms, gloves, masks, glasses, computer guns, or
other item capable of producing visual, audio, and sensory
effects of verisimilitude beyond those available with a personal
computer.
I would like to point out that this includes _any_commercial_use_ of
VR. While "education, training, and R&D" is permitted, if you move a
VR application from R&D into "production", it becomes a commercial
use.
Possible uses in the near future for VR include not only entertainment,
but also collages of remote data (ala SeaQuest), remote 3-D video with
graphics overlaid, etc. This can be used by architects and designers
to mention the first obvious markets. (And the company I work for is
investigating overlay of graphics on 3-D video from other sources,
which is a form of VR.)
I have heard that long term exposure to VR can cause people's reactions
to the "real world" to be "slightly off", because they become used to
lags between (head) movement and the "scene" changing. There are also
persistant problems with flickering video causing epilectic attacks.
If the goal of this legislation is to verify that these tools (for
commercial or entertainment use) are safe for extended use, then this
might be a very legitimate legislative endeavor.
Since the bill does excluse "educational" software, I imagine that
their goal is censoring content, rather than safety issues.
------------------------------
From: koos@cvi.ns.nl (Koos de Heer)
Date: Tue, 15 Feb 1994 17:40:54 GMT
Subject: privacy and sexual crimes
Organization: CVI
Chuck Weckesser <71233.677@CompuServe.COM> writes:
Should Rapist's And Pedophiles Be Forced To Register With The
Authorities Every Time They Move Away?
I assume your definition of pedophiles is: people who abuse children
sexually. (My definition is slightly different, but for this topic,
that's OK).
I think this is not really a question of privacy. It is more a question
of whether you believe that someone who has gone astray once will
continue to do so. In a lot of cases, that does happen, but have we
really tried to prevent that in an intelligent way? So maybe it
becomes a question of privacy after all - do we want to give people the
opportunity to build a new life, or will they be tagged forever? The
words I choose are an indication of how I feel.
koos de heer - centrum voor informatieverwerking
information and automation in transportation
utrecht, the netherlands fax ++31.30.924229
koos@cvi.ns.nl voice ++31.30.924860
(my employer has been known to disagree with me)
------------------------------
From: johnl@iecc.com (John R Levine)
Date: Mon, 14 Feb 94 22:40 EST
Subject: privacy and sexual crimes
Organization: I.E.C.C., Cambridge, Mass.
... my state wants *ALL* persons either convicted or *ACCUSED* of
rape to register with the police every time they move.
This is a gross invasion of personal privacy and literacy. The
principle of innocent until proven guilty means that, legally, if you
haven't been convicted, you didn't do it.
Consider a case of an innocent person who bears a physical resemblance
to an actual rapist and is arrested due to mistaken identity. Or a
person who's accused falsely by someone who holds a grudge or wants to
harass him.
Perhaps it would be appropriate to find out who's supporting this
stupid proposal and call in a few anonymous tips to the cops.
Regards,
John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com
------------------------------
From: tcj@netcom.com (Todd Jonz)
Date: Tue, 15 Feb 1994 09:18:38 GMT
Subject: privacy and sexual crimes
Organization: Sanity Cruise Enterprises, Ltd.
Chuck Weckesser (71233.677@CompuServe.COM) writes:
I read in yesterday's paper that my state wants *ALL* persons either
convicted or *ACCUSED* of rape to register with the police every time
they move. Same with pedophiles.
I may be naive, but this seems to me not only an infringement on
privacy rights, but on some very basic civil rights as well.
Just about anybody can be *accused* of just about anything. If I am
acquitted of a charge by the court, wouldn't a regulation like this be
a fundamental violation of my civil rights?
And if I'm convicted, serve my time, and am returned to society having
"paid the price" for my crime, have I somehow relinquished some of my
civil rights in the process?
------------------------------
From: "Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM>
Date: 14 Feb 94 03:21:03 EST
Subject: Electronic Food Stamps
From: Welfare Cards (By Michael Holmes, Associated Press Writer)
AUSTIN, Texas (AP, 10 Feb 1994) -- Texas plans to begin providing
welfare benefits electronically this year with bank-style cards that
take the place of paper coupons. The new system is designed to
reduce administrative expenses, fraud and theft. [From the
Associated Press newswire via Executive News Service (GO ENS) on
CompuServe]
The author continues with the following key points:
o "Electronic benefits transfer" will begin in two counties in autumn 1994
and should be statewide by 1996.
o The Lone Star Card will function like a debit card, allowing holders to
purchase food only in cooperating grocery stores.
o Cardholders will use a 4-digit PIN.
o Officials hope the cards will reduce fraud by eliminating all cash from
food-stamp transactions (sometimes stores returned change).
It will be interesting to watch this program to see how security aspects are
handled.
Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
------------------------------
End of Computer Privacy Digest V1 #031
******************************
.