Date: Sat, 09 Jul 94 12:49:36 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#003
Computer Privacy Digest Sat, 09 Jul 94 Volume 5 : Issue: 003
Today's Topics: Moderator: Leonard P. Levine
SSN of Dependants Now Required
SSNs at Car Dealership
Re: CID is not the same as 800 or 911 ANI
NSA's Response in {Wired}
privacy
Re: Question About CallerID
Re: Question About CallerID
Re: Question About CallerID
Re: Question About CallerID
Re: Question About CallerID
Re: What's a Cop to Do?
Re: Video cameras in City Centres
Re: IRS Speech, Again
Signatures in Electronic Commerce (long)
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Christopher Hoover <ch@lks.csi.com>
Date: 08 Jul 94 15:44:35 -0500
Subject: SSN of Dependants Now Required
My employer has asked me to list all my dependents, their
relationships to me, and their *social security numbers*.
Apparently employers are now required to submit H-2 forms to the
Health Care Financing Administration (HCFA). The HCFA requires ``that
employers maintaining a group health plan that covers at least one
employee must submit information about convered employees, dependents,
and the plan to the Medicare / Medicaid data bank.''
Yet another use of SSN's ...
------------------------------
From: jepstein@cordant.com (Jeremy Epstein -C2 PROJECT)
Date: 08 Jul 1994 16:51:43 -0400 (EDT)
Subject: SSNs at Car Dealership
I was getting my car serviced today at the local Mercury dealership,
and hanging on a wall by the cashier's office was a framed plaque
giving the names and SSNs of mechanics who are authorized to perform
emissions and safety inspections. Wonder how the Commonwealth of
Virginia justifies requiring dealerships to post the list and then
includes SSNs. Sort of like the court case they just lost on requiring
SSNs to vote, and making the voting records public.
--Jeremy Epstein
Cordant, Inc.
jepstein@cordant.com
------------------------------
From: kadokev@rci.ripco.com (Kevin Kadow)
Date: 08 Jul 1994 20:45:41 -0500 (CDT)
Subject: Re: CID is not the same as 800 or 911 ANI
dunn@nlm.nih.gov (Joe Dunn, MSD) said: A big advantage of having
per id blocking on a call by call basis is that it would be
prohibitively expensive for a telemarketing company to block their
number. People could then stop answering calls from them when they
see the number. Downside is that if you had an unlisted number you
would have dial extra numbers for every call to block your number
going out.
Personally, I am in favor of BOTH per call and line blocking, with *67
doing nothing on a line with line blocking enabled, and another code
(*68?) enabling caller-id sending if it was disabled. All at no
charge.
The other solution is line blocking, in which all calls have the id
blocked. Downside: what if you had to call 911 and the number was
blocked because you forgot to dial the extra numbers to send your
number. And telemarkters would pay a one time fee to block the
number so you would be in the same boat you are now. Pick up phone,
listen to pitch, hang-up rudely...
The 911 systems which provide calling number, name, and address, are
not blocked by the caller-id blocking system- the same goes for calling
1-800 numbers- the owner of the 800 system always gets your number.
-- kadokev@ripco.com
Kevin Kadow
FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983
Dialup:(312) 665-0065|Gopher:gopher.ripco.com|Telnet:foley.ripco.com ('info')
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: 09 Jul 1994 09:16:35 -0400 (EDT)
Subject: NSA's Response in {Wired}
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
Nathan Zook <nzook@fireant.ma.utexas.edu>, writes: The biggest
NSA-specific gripe I could come up with is that the system is
classified. That means we can't test it easily. And I believe
that even with _our_ hands tied behind our backs, we are finding
sever[e] technical problems.
Not to mention Mr. Baker's failure to mention that the U.S. Congress
passed a bill which was signed into law _requiring_ the NSA to keep its
hands behind its back, and its thumbs off the new encryption standard.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: WHMurray@dockmaster.ncsc.mil
Date: 09 Jul 94 10:50 EDT
Subject: privacy
patchman at retcocom (J. Patrick Henry) asks: My question regarng
the Clipper is this: If a w enforcement official susp illegal
activity behind ectronic enemy lines, what would he/she do for
surveillancf he/she didn't have the Clipper?
I suspect that the question is facetious. However, just in case it is
serious or the answer is not obvious to readers, the answer is that
they would do the same thing that they will do in the face of strong
private crypto. That is, they will get closer to an end of the
traffic. They will bug, suborn, threaten, coopt and corrupt. Even for
law enforcement, the issue is not one of effectiveness but one of
efficiency. It is not whether or not they can listen in, but how
cheaply. It is not whether they can listen to any conversation that
they want to, but whether or not they can listen to every conversation
that they want to.
However, do not go too far down this path. CLIPPER is not about law
enforcement. It is about the efficiency of signals intelligence. It
is not about the few hundred wiretaps that are done each year under
color of warrant. It is about the hundred of thousands that are done
without warrant. It is not about the taps done by the FBI, state
police, or even municipal police. It is about those done by private
police, private investigators, and other "confidential" paid
informants. It is about all of the jobs (tens of thousands, more than
the FBI or CIA), power (sufficient to command the votes of entire
committees of the congress), and money (tens of billions of dollars) at
Fort Meade.
In the immortal words of Deep Throat, "Follow the money."
William Hugh Murray
New Canaan, Connecticut
------------------------------
From: forags@nature.Berkeley.EDU (Al Stangenberger)
Date: 08 Jul 1994 19:55:15 GMT
Subject: Re: Question About CallerID
Organization: U.C. Forestry & Resource Mgt.
Joe Dunn, MSD <dunn@nlm.nih.gov> wrote: "J. Shickel" writes: Does
'Caller ID' return the telephone number of callers with unlisted
numbers? This is the primary reason for all the legal challanges to
the caller id service. People who have unlisted numbers would be
giving out their numbers unless there is a mechanism of blocking
the number.
The other solution is line blocking, in which all calls have the id
blocked. Downside: what if you had to call 911 and the number was
blocked because you forgot to dial the extra numbers to send your
number.
911 uses a different service, ANI (Automatic Number Identification)
which cannot be blocked.
Another problem is, calling an 800 number. The courts have ruled
since the company with the 800 number is paying for the call they
own the call and have the right to getting your number.
Again, 800-numbers use ANI which is not affected by CNID blocking.
--
Al Stangenberger Univ. of California at Berkeley
forags@nature.berkeley.edu Dept. of Env. Sci., Policy, & Mgt.
BITNET: FORAGS AT UCBNATUR 145 Mulford Hall # 3114
(510) 642-4424 FAX: (510) 643-5438 Berkeley, CA 94720-3114
------------------------------
From: Dean Ridgway <ridgwad@CSOS.ORST.EDU>
Date: 08 Jul 1994 13:53:23 -0700
Subject: Re: Question About CallerID
The other solution is line blocking, in which all calls have the id
blocked. Downside: what if you had to call 911 and the number was
blocked because you forgot to dial the extra numbers to send your
number. And telemarkters would pay a one time fee to block the
number so you would be in the same boat you are now. Pick up phone,
listen to pitch, hang-up rudely...
This is incorrect, 911 calls have realtime ANI like 800 #'s and CAN'T
be blocked. As far as telemarketers go, ask them to remove you from
their list, if they continue to call (or if its a robo-call) then
(don't know about availability in other states) start hitting *57 (call
trace) which logs the number with the phone company as a harassing
call. After three such logs the phone company is usually obliged to
take action (usually by threatening to cancel their phone service).
So, how do you handle not giving out your unlisted number when you
call an 800 number, even when you pay to have your number
blocked??
Four choices; don't call 800 #'s, sacrific privacy (they will get
everything they want from your credit card anyway if your ordering
anything), use one of the ANI stripping call forwarding services, use a
different phone (pay phone).
What bothers me is the fact that even non-published numbers are. I
recently called a local pizza place which I have NEVER patronized
before, they asked for my name (reasonable since I was having a pizza
delivered) and in less than a second they had my address and
unpublished phone number. CallerID doesn't start here for another week
or so and I'm line-blocked. I was too shocked to ask them how they got
this information.
Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@csos.orst.edu
| CIS 73225,512 |
------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: 09 Jul 1994 00:16:18 GMT
Subject: Re: Question About CallerID
Organization: Fantasy Farm, Pearisburg, VA
Joe Dunn, MSD writes: "J. Shickel" writes: Does 'Caller ID' return
the telephone number of callers with unlisted numbers? This is the
primary reason for all the legal challanges to the caller id
service. People who have unlisted numbers would be giving out their
numbers unless there is a mechanism of blocking the number.
But there's an interesting standoff [at least here in Bell Atlantic
land]. One option you can purchase is "refused blocked calls". So
you, with your unpub number, may discover that you're caught between a
rock and a hard place: either you give out your unpub number, or you
can't call the person _at_all_.
--
Bernie Cosell bernie@fantasyfarm.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Date: 09 Jul 1994 6:48:51 -0400 (EDT)
Subject: Re: Question About CallerID
dunn@nlm.nih.gov (Joe Dunn, MSD) writes: "J. Shickel" writes: Does
'Caller ID' return the telephone number of callers with unlisted
numbers? A big advantage of having per id blocking on a call by
call basis is that it would be prohibitively expensive for a
telemarketing company to block their number. People could then stop
answering calls from them when they see the number. Downside is
that if you had an unlisted number you would have dial extra
numbers for every call to block your number going out.
Not necessarily true. If the call is coming through a PBX or Centrex,
the number more than likely will either show a bogus number (a line on
an outgoing trunk and not related to the physical) or show the message
"OUT OF AREA" as what is displayed on my CID unit.
The other solution is line blocking, in which all calls have the id
blocked. Downside: what if you had to call 911 and the number was
blocked because you forgot to dial the extra numbers to send your
number. And telemarkters would pay a one time fee to block the
number so you would be in the same boat you are now. Pick up phone,
listen to pitch, hang-up rudely...
The 911 situation depends on what type of system is installed at the
receiving site. If it is "normal" 911, then the number won't be shown;
if, on the other hand, the system is "Enhanced 911 or E911" then more
than likely the number will be shown. I like the E911 system much
better than the normal one.
Example: My almost three-year-old grandson is in the process of
learning how to use the phone for calling for help if an emergency
exists (using a play phone of course). Suppose something happens and
he has to use that system for real. He'll be panicky enough without
being taken through a maze of questions and if the number is displayed,
it can be cross-referenced to get its location.
Another problem is, calling an 800 number. The courts have ruled
since the company with the 800 number is paying for the call they
own the call and have the right to getting your number. So, how do
you handle not giving out your unlisted number when you call an 800
number, even when you pay to have your number blocked??
You can't. If I'm paying for a call, then I want to know just where
the number is located and who owns it. If I'm paying to give you the
privilege of calling me, then why can't I know where you are and what
your phone number is. Don't call me collect if you don't want your
number made known to me. To me that is fair.
Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred)
niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Senior Technical Specialist, Scientific Computing Facility
Brookhaven National Laboratory Upton, NY 11973 1+(516) 282-3093
FAX 1+(516) 282-7688
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: 09 Jul 1994 09:12:17 -0400 (EDT)
Subject: Re: Question About CallerID
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
"J. Shickel" <STU_JFSHICKE@VAX1.ACS.JMU.EDU>, writes: Does 'Caller
ID' return the telephone number of callers with unlisted numbers?
Yes. All "unlisted numbers" are is numbers the phone company doesn't
publish the information about. Technically there is no difference in
service between listed and unlisted numbers.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: Dean Ridgway <ridgwad@CSOS.ORST.EDU>
Date: 08 Jul 1994 13:17:29 -0700
Subject: Re: What's a Cop to Do?
My question regarding the Clipper is this: If a law enforcement
official suspects illegal activity behind electronic enemy lines,
what would he/she do for surveillance if he/she didn't have the
Clipper?
Probably the same things they do now; beat suspects, intimidate
witnesses, and manufacture evidence. :-)
Ummm, seriously, you are asking the wrong question. Ask this of law
enforcement: How many of your convictions last year depended TOTALLY
on information gathered by a court ordered wiretap? I'll bet the
percentage isn't high enough to even mention.
The bottom line is smart crooks won't be using Clipper, and the dumb
ones won't bother to encrypt at all. The Clipper chip is a solution
looking for a problem.
Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@csos.orst.edu
| CIS 73225,512 |
------------------------------
From: tnyurkiw@napier.uwaterloo.ca (Tom Yurkiw)
Date: 09 Jul 1994 07:15:57 GMT
Subject: Re: Video cameras in City Centres
Organization: University of Waterloo
The RISKS are obvious. With enough crime, poverty, social decay,
people may be willing to assign away all personal freedom in the
perhaps futile attempt to recover the lost days of leaving your
front door open and unlocked, and your car window rolled down
whilst you shop.
This isn't really a *freedom* issue, more of a privacy issue. And city
centres are not private places.
------Tommy the Yurk
------------------------------
From: Paul Robinson <PAUL@TDR.COM>
Date: 09 Jul 1994 09:10:22 -0400 (EDT)
Subject: Re: IRS Speech, Again
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
For example, I just got a GAO report about the fact that they [the IRS]
get TOO MANY CTR's (currency transaction reports). Cash transactions
over $10,000 have to be reported on a CTR. Well, they get so many, it
interferes with the intended purpose of the CTR's.
The original regulations required that all transations over $5,000 be
reported. The IRS got so many that they had to scale it back to
$10,000. Perhaps they should raise it to $25,000, if the load was too
great. But no, it's another means of intimidation.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
------------------------------
From: "Risks Forum Digest"
Date: 08 Jul 1994 11:13:14 -0500 (CDT)
Subject: Signatures in Electronic Commerce (long)
from Risks-Forum Digest Thursday 7 July 1994 (16:21) Forum on Risks to
the Public in Computers and Related Systems ACM Committee on Computers
and Public Policy, Peter G. Neumann, moderator
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 05 Jul 94 23:26:34 EDT
Subject: Signatures in electronic commerce
[Ben Wright, an attorney teaching the online seminar on The Law of
Electronic Commerce in the NCSAFORUM of CompuServe, has granted
permission to post the following article on signatures. I recommend
that it be posted in RISKS because it addresses assumptions about the
need for non-repudiation of contracts--an area which has been fuzzy for
many of us. I hope it will be as useful for others as it has been for
me. --MK]
<<begin article>>
THE VERDICT ON PLAINTEXT SIGNATURES: THEY'RE LEGAL
Summary: Contrary to conventional wisdom, commercial law generally does
not require that a signature be "secure" to be legally effective. That
is good news for e-mail, and electronic commerce in general.
By Benjamin Wright
According to the digital cognoscenti, the only legally effective way to
sign an e-mail message is to run it through a cryptographic algorithm
(such as that for DES or RSA), compute a mathematically unique
authentication code,<1> and append it to the message. But if that's
true, it will be many years before real (legal) electronic commerce
comes to e-mail users because very few people authenticate their e-mail
with cryptography.
But fortunately, that reading of the law is not true. Many business
e-mail users already practice electronic commerce. What's more, the
law should generally recognize and enforce it.
Forming Contracts
In commerce the central transaction is the contract. Classically
speaking, a contract is born any time an offer (e-mail from Joe
Nightclub owner: "Will you make me three custom discs for $1000 and
deliver next week?") meets acceptance (e-mail from Artist: "Yes!").
Once a contract is formed, the law gives one party a remedy if the
other backs out.
The orthodox view is that a simple, wholly plaintext e-mail contract
cannot be enforced because it is not signed in a secure way and it will
be impossible to prove in court. This excerpt from a popular magazine
exemplifies the orthodoxy:
[C]onsider an attempt to create an enforceable contract by
exchanging an E-mail offer and acceptance. In the real world,
exchanging letters of offer and acceptance does create an
enforceable contract (assuming something of value is also
eventually exchanged). Unfortunately, without authentication
techniques (e.g., digital signatures), E-mail agreements are
probably unenforceable in court. Under legal rules governing
evidence and contracts, it's hard to prove the existence of a
contract based on E-mail; fabricating an E-mail message is just
too easy.<2>
With all professional respect to the author of this passage, I
disagree. The orthodoxy is wrong.
Many types of contracts do have to be signed, says a law called the
Statute of Frauds (which dates back to Seventeenth Century England),<3>
but that law is admirably liberal in its use of the term _signed_. One
signs a document when he adopts a symbol (any symbol) on the document
as his signature. A signature need not be in ink; it need not be an
autograph; and it need not be the least bit secure against forgery.
Remember the illiterate geezer in the western movies who couldn't write
his name? He just marked an X on the document. The law recognizes
that X as his signature.
A signature can be the ASCII characters "Joe Nightclub" appearing in
plaintext in the From line of an e-mail message. "Joe Nightclub" need
not even be the sender's real name. What is important is not the
nature of the symbol Joe uses to identify himself, but rather the
intent behind the symbol. If Joe intends the characters to be a token
of his responsibility, then they are his signature. When Joe sends
e-mail offering to buy discs, he intends the characters in the From
line to show he is responsible for the message and the consequences
that flow from it. If that's not his intent, what is it?
Along with Canada, Australia and many other countries, the United
States inherits the common law tradition of ancient England -- a set of
living, breathing principles that are more limber than you might
think. The common law, being the law of the leading industrial
civilization over the past several centuries, has ample experience
negotiating waves of new technology -- handwriting, printing press,
typewriter, telegraph, telephone, telex, fax -- and it is today
suffering no particular problems digesting e-mail as a medium for
transacting commerce.
Given how many thousands of courts and judges there are, it is possible
that the odd one will disagree with my reading of the law. If this
worries you (and those conducting more valuable transactions might be
worried), you can minimize the risk by insisting that the e-mail sender
include a statement that his name in the e-mail is his signature. This
makes it very difficult for him later to claim in court that his name,
written in plaintext, is not his signature.
Proving It
"But wait!" cry the advocates of cryptographic authentication. You
can't prove that e-mail came from Joe Nightclub. Anyone could have
sent it. The Artist herself could have fabricated it.
True. You can write e-mail and make it appear to come from someone
else. You can easily send e-mail from an address opened under a false
name. But just as you can send fake e-mail, so you can send fake
letters, telegrams, telexes, and faxes.
Nonetheless, regardless of the medium through which a business message
is carried, the origin and genuineness of the message can usually be
proven in court. Rarely are they proven from the signature that
happens to be attached to the message (or document), despite what you
may think from watching _Perry Mason_. Much more often, origin and
genuineness are determined in court from all the facts and
circumstances that surround the message -- the full relationship of the
people involved.
We don't do business in vacuums. We do business based on
relationships. When the Artist receives e-mail from Joe Nightclub, she
wants to learn more before she parts with her precious discs. If she's
never dealt with this customer before, she's going to check the guy
out: call him on the phone, go meet him, ask for references, or ask
for advance payment. Lest she be a fool, the Artist wants to collect
evidence that this is a bona fide customer who is very likely to pay as
promised.
All the mundane facts and circumstances she collects can be, through
testimony and otherwise, used in court to lend credence to Joe's
e-mail. Sure, there will be disputed evidence. And under no
circumstances are the judge and jury guaranteed to believe that any
given message is genuine. But that is just the way commercial law
works. Proving things in law is much more sloppy than proving things
in science.
Forgeries
A supposed virtue of paper over e-mail as a legal medium is that it is
hard to make inconspicuous changes to paper, whereas plaintext ASCII
can easily be changed. Upon receipt of Joe's e-mail offering $1000,
the Artist could change it to say the offer is for $2000. If she took
this e-mail to court, there would be no way to tell from the face of
the message whether it originally said $1000 or $2000.
Yet paper suffers the same infirmity. If the Artist receives a letter
from Joe offering $1000, she could rip it up and write a replacement,
offering $2000, on a sheet of cheap, fake letterhead. She could then
scribble something that purports to be Joe's handwritten signature.
Later, a court could not tell from the face of the document whether Joe
did or did not send it. Although Joe would repudiate it, sternly
declaring that neither the letterhead nor the signature is his, the
Artist would swear that this is indeed the letter she received. If
this is not Joe's normal letterhead and signature, she'd contend, then
Joe must have sought to deceive her, and the court, by sending an offer
using unusual letterhead and signature. Although the Artist would be
lying, the court would not know it just from inspecting the letter.
Indeed, we can play the same authentication games with paper that we
can with plaintext e-mail. When you receive a paper letter in the
mail, bearing what looks to be an original autograph, you have no
technical proof of its origin. Neither do you have technical proof of
origin when you get a telegram or telex (unless you require it be
authenticated with a cipher code, which is rarely done). So the
reality is that routine business communications are, and have always
been, risky. Still, business traders seem to have compensated for this
risk.
Cryptography's Role
Don't misunderstand. I'm not denigrating cryptography as a means for
ensuring the authenticity of messages or denying its rightful role in
electronic commerce. Just as the engraved and magnetized paper used
for currency is necessary for financial transactions in the world of
paper, so cryptographic authentication is needed for electronic funds
transfers. But just as we don't securely engrave and magnetize the
pulp on which we write business letters and contracts, so we don't need
to cryptographically authenticate most of our business e-mail.
Sure, if you use e-mail for business you should keep complete records,
and the more secure the records, the better. Consult your own lawyer.
If you work for a large organization, records can be secured by placing
them under the control of an independent department (e.g., internal
audit).<4> But if you work solo, you can just establish a routine for
making a log of business messages on your PC. Yes, someone could claim
you falsified your log. But if you faithfully keep the log as a
regular business practice, you can, if ever called to court,
confidently vouch for the integrity of your records, and your story
will more likely jibe with the ambient facts and circumstances.
It is ironic that some of the most ardent champions of e-mail are so
quick to assume that plaintext e-mail is somehow deficient. If, as
they suggest, it is necessary to use fancy cryptographic methods to
make e-mail legal, then they ask much more of digital media than we do
of its predecessors.
========= NOTES:
<1> The proponents of cryptography often refer to unique
authentication codes as "message authentication codes" or "digital
signatures." These are streams of scrambled numbers that, when
unscrambled using the necessary cryptographic keys, give mathematically
supportable evidence as to who created a message and whether the
message has changed. See Larry Oyama, "Using Encryption and
Authentication for Securing Data," EDI Forum, Special Edition on EDI
Legal and Audit Issues (1992) p. 111.
<2> Victor J. Cosentino, Virtual Legality, BYTE (March 1994) p. 278.
<3> For example, the statute of frauds, as rendered in Section 2- 201
of the Uniform Commercial Code, says that a contract for the sale of
goods worth $500 or more is generally not enforceable unless it is
supported by a "writing" that is "signed."
<4> See, Benjamin Wright, The Law of Electronic Commerce (Boston:
Little, Brown and Company) Section 6.4.
============
Benjamin Wright (bwrigh01@reach.com) is a Dallas-based attorney and
author of _The Law of Electronic Commerce: EDI, Fax and E-mail_. He
is the instructor for a series of "virtual" seminars on the law of
electronic commerce, sponsored by the National Computer Security
Association (75300.2557@compuserve.com or (800) 488-4595). These
seminars will be delivered via online computer conference.
This article provides general information and is not legal advice for
any specific situation. The formation of contracts is inherently
risky, and this article does not advise which level of risk is
appropriate for you. If you plan to conduct legal transactions, you
should consult your own attorney.
Copyright (c) 1994 by Benjamin Wright. All Rights Reserved. This
article may be reprinted or redistributed as a whole, but only with the
above information.
<<end article>>
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
------------------------------
End of Computer Privacy Digest V5 #003
******************************
.