Date: Thu, 15 Dec 94 11:32:35 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#073
Computer Privacy Digest Thu, 15 Dec 94 Volume 5 : Issue: 073
Today's Topics: Moderator: Leonard P. Levine
Re: Value of Pretty Good Privacy
Re: Value of Pretty Good Privacy
Re: Value of Pretty Good Privacy
Zimmermann Defense Fund Appeal
Re: Zimmermann Defense Fund Appeal
Re: Dynamic Negotiation in the Privacy Wars
Re: Question about Electronic Comm. Privacy Act
Re: Question about Electronic Comm. Privacy Act
Databanks and Privacy
Conferences of Potential Interest
Company Snooping/Possible Email monitoring
Info on CPD, (unchanged since 11/28/94)
----------------------------------------------------------------------
From: thwong@cs.cornell.edu (Ted Wong)
Date: 12 Dec 1994 22:04:45 GMT
Subject: Re: Value of Pretty Good Privacy
Organization: Cornell Univ. CS Dept, Ithaca NY 14853
Chuck Weckesser <71233.677@compuserve.com> wrote: PGP is a joke.
Why people even bother with it is beyond me; there is little
difference in leaving your system unlocked--except for time.
I'm a little surprised to see such a damning statement in a moderated
newsgroup. The article contains no facts to back its assertion. If the
author has some important new information about insecurity in PGP, then
I'm sure that all of us here would appreciate hearing it.
--
Ted Wong <thwong@cs.cornell.edu> |DISCLAIMER:
|Cornell's opinions are its own,
Computer Science |and do not necessarily reflect
Cornell University |those of the author.
------------------------------
From: Ted Lemon <mellon@ipd.wellsfargo.com>
Date: 12 Dec 1994 16:11:37 -0800
Subject: Re: Value of Pretty Good Privacy
PGP is a joke. Why people even bother with it is beyond me; there
is little difference in leaving your system unlocked--except for
time.
This is an interesting and provocative statement. Were it accompanied
by some evidence for why we should believe it, I would be happy to see
it. Absent that evidence, it just sounds like a random flame.
Chuck, could you back this up with some facts?
--
Ted Lemon Wells Fargo Bank, Information Protection Division
mellon@ipd.wellsfargo.com +1 415 477 5045
------------------------------
From: palmer@chmsr (Michael T. Palmer)
Date: 14 Dec 1994 18:25:53 GMT
Subject: Re: Value of Pretty Good Privacy
Organization: Georgia Institute of Technology
Chuck Weckesser (71233.677@compuserve.com) wrote: PGP is a joke.
Why people even bother with it is beyond me; there is little
difference in leaving your system unlocked--except for time.
Well, that was enlightening. Without even addressing the truth value
of these statements, could you please tell us WHY? If there are
obvious security holes that we haven't noticed, then we're probably not
going to be able to notice them *now* unless you provide more
information.
--
Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available
Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng
Georgia Institute of Technology, Atlanta, Georgia 30332-0205
------------------------------
From: hmiller@orion.it.luc.edu (Hugh Miller)
Date: 14 Dec 1994 16:47:39 GMT
Subject: Zimmermann Defense Fund Appeal
Organization: Loyola University of Chicago
[ Article crossposted from alt.security.pgp,talk.politics.crypto ]
[ Author was Hugh Miller (hmiller@orion.it.luc.edu) ]
[ Posted on 14 Dec 1994 16:37:04 GMT ]
-----BEGIN PGP SIGNED MESSAGE-----
Phil Zimmermann Legal Defense Fund Appeal
In November, 1976, Martin Hellman and Whitfield Diffie announced
their discovery of public-key cryptography by beginning their paper
with the sentence: "We stand today on the brink of a revolution in
cryptography."
We stand today on the brink of an important battle in the
revolution they unleased. Philip Zimmermann, who encoded and released
the most popular and successful program to flow from that discovery,
Pretty Good Privacy ("PGP"), may be about to go to court.
It has been over fourteen months now since Phil was first informed
that he was the subject of a grand jury investigation being mounted by
the San Jose, CA, office of US Customs into the international
distribution, over the Internet, of the original version of the
program. On January 12th, Phil's legal team will meet for the first
time with William Keane, Assistant US Attorney for the Northern
District of California, who is in charge of the grand jury
investigation, in San Jose. An indictment, if one is pursued by the
government after this meeting, could be handed down very shortly
thereafter.
If indicted, Phil would likely be charged with violating statute 22
USC 2778 of the US Code, "Control of arms exports and imports." This
is the federal statute behind the regulation known as ITAR,
"International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of
the Code of Federal Regulations. Specifically, the indictment would
allege that Phil violated 22 USC 2778 by exporting an item listed as a
"munition" in 22 CFR 120.1 et seq. without having a license to do so.
That item is cryptographic software -- PGP.
At stake, of course, is far more than establishing whether Phil
violated federal law or not. The case presents significant issues and
will establish legal precedent, a fact known to everyone involved.
According to his lead counsel, Phil Dubois, the US government hopes to
establish the proposition that anyone having anything at all to do with
an illegal export -- even someone like Phil, whose only involvement was
writing the program and making it available to US citizens and who has
no idea who actually exported it -- has committed a federal felony
offense. The government also hopes to establish the proposition that
posting a "munition" on a BBS or on the Internet is exportation. If
the government wins its case, the judgment will have a profound
chilling effect on the US software industry, on the free flow of
information on the emerging global networks, and in particular upon the
grassroots movement to put effective cryptography in the hands of
ordinary citizens. The US government will, in effect, resurrect
Checkpoint Charlie -- on the Information Superhighway.
By now, most of us who are reading this know about Phil and the
case, whether by having the program and reading the doc files or by
seeing reports in the Wall Steet Journal, Time, Scientific American,
the New York Times, Wired, US News and World Report, and hundreds of
other news outlets; on Usenet groups like talk.crypto.politics or
alt.security.pgp; or by listening to Phil give talks such as the one he
gave at CFP '94 in Chicago. We know that PGP has made great strides
since version 1.0, and is now a sophisticated encryption and
key-management package which has become the de facto standard in both
micro and mainframe environments. We know that Phil and the PGP
development team successfully negotiated a commercial license with
Viacrypt, and, through the efforts of MIT, a noncommercial license for
PGP with RSA Data Security, the holders of the patent on the RSA
algorithm on which PGP is based, thus freeing the program from the
shadow of allegations of patent infringement. We know that programs
such as PGP represent one of our best bulwarks in the Information Age
against the intrusions of public and private information gatherers. We
know that PGP is a key tool in insuring that the "Information
Superhighway" will open the world to us, without opening us to the
world.
What we may not all know is the price Phil has had to pay for his
courage and willingness to challenge the crypto status quo. For years
now Phil has been the point man in the ongoing campaign for freely
available effective cryptography for the everyday computer user. The
costs, personal and professional, to him have been great. He wrote the
original code for PGP 1.0 by sacrificing months of valuable time from
his consulting career and exhausting his savings. He continues to
devote large amounts of his time to testifying before Congress, doing
public speaking engagements around the world, and agitating for
"cryptography for the masses," largely at his own expense. He is now
working, still for free, on the next step in PGP technology, PGP Phone,
which will turn every PC with a sound card and a modem into a secure
telephone. And we know that, just last month, he was searched and
interrogated in the absence of counsel by US Customs officials upon his
return from a speaking tour in Europe.
Phil's legal team consists of his lead counsel, Philip Dubois of
Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in
Washington, DC, first counsel for intelligence policy for the Justice
Department under President Carter; Eben Moglen, professor of law at
Columbia and Harvard Universities; Curt Karnow, a former assistant US
attorney and intellectual property law specialist at Landels, Ripley &
Diamond in San Francisco; and Thomas Nolan, noted criminal defense
attorney in Menlo Park.
While this is a stellar legal team, what makes it even more
extraordinary is that several of its members have given their time for
free to Phil's case. Still, while their time has been donated so far,
other expenses -- travel, lodging, telephone, and other costs -- have
fallen to Phil. If the indictment is handed down, time and costs will
soar, and the members of the team currently working pro bono may no
longer be able to. Justice does not come cheap in this country, but
Phil deserves the best justice money can buy him.
This is where you and I come in. Phil Dubois estimates that the
costs of the case, leaving aside the lawyers' fees, will run from
US$100,000 - $150,000. If Phil's team must charge for their services,
the total cost of the litigation may range as high as US$300,000. The
legal defense fund is already several thousand dollars in the red and
the airline tickets to San Jose haven't even been purchased yet.
In September, 1993 I wrote a letter urging us all to support Phil,
shortly after the first subpoenas were issued by Customs. Today the
need is greater than ever, and I'm repeating the call.
Phil has assumed the burden and risk of being the first to develop
truly effective tools with which we all might secure our communications
against prying eyes, in a political environment increasingly hostile to
such an idea -- an environment in which Clipper chips and digital
telephony bills are our own government's answer to our concerns. Now
is the time for us all to step forward and help shoulder that burden
with him.
It is time more than ever. I call on all of us, both here in the
US and abroad, to help defend Phil and perhaps establish a
groundbreaking legal precedent. PGP now has an installed base of
hundreds of thousands of users. PGP works. It must -- no other
"crypto" package, of the hundreds available on the Internet and BBS's
worldwide, has ever been subjected to the governmental attention PGP
has. How much is PGP worth to you? How much is the complete security
of your thoughts, writings, ideas, communications, your life's work,
worth to you? The price of a retail application package?i Send it.
More? Send it. Whatever you can spare: send it.
A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has
been established with Phil Dubois in Boulder. Donations will be
accepted in any reliable form, check, money order, or wire transfer,
and in any currency, as well as by credit card.
You may give anonymously or not, but PLEASE - give generously. If
you admire PGP, what it was intended to do and the ideals which
animated its creation, express your support with a contribution to this
fund.
* * *
Here are the details:
To send a check or money order by mail, make it payable, NOT to Phil
Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the
check or money order to the following address:
Philip Dubois
2305 Broadway
Boulder, CO USA 80304
(Phone #: 303-444-3885)
To send a wire transfer, your bank will need the following
information:
Bank: VectraBank
Routing #: 107004365
Account #: 0113830
Account Name: "Philip L. Dubois, Attorney Trust Account"
Now here's the neat bit. You can make a donation to the PZDF by
Internet mail on your VISA or MasterCard. Worried about snoopers
intercepting your e-mail? Don't worry -- use PGP.
Simply compose a message in plain ASCII text giving the following:
the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank
name of your VISA or MasterCard; the name which appears on it (yours,
hopefully :-)); a telephone number at which you can be reached in case
of problems; the card number; date of expiry; and, most important, the
amount you wish to donate. (Make this last item as large as possible.)
Then use PGP to encrypt and ASCII-armor the message using Phil Dubois's
public key, enclosed below. (You can also sign the message if you
like.)i E-mail the output file to Phil Dubois (dubois@csm.org).
Please be sure to use a "Subject:" line reading something like "Phil
Zimmermann Defense Fund" so he'll know to decrypt it right away.
Here is Phil Dubois's public key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8
5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR
rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR
tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE
uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF
i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN
dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw==
=5uit
- -----END PGP PUBLIC KEY BLOCK-----
* * *
This campaign letter will be posted in a number of Usenet groups.
I will also be turning it into a FAQ-formatted document, which will be
posted monthly in the relevant groups and which will be available by
anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If
you come upon, or up with, any other ways in which we can help raise funds
for Phil, drop me a line at hmiller@luc.edu and let me know, so that I
can put it in the FAQ.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBLu6xOtEdYC5Hk8UpAQEhFwP+JrEyY1LvnPmcjp+oLGmIAUbZixJj3QfE
T3KpjnNotoJ7/CtWF1EjhjHN8IXPgcQcyF3p38ekysARDv0MA4tzXhL1Egdq/7QV
L8XW2z0PjWgu8X/Om0eXZkIOGeaoBvP/e/qDYEIcWXtxrwokYcEtoNCR/KQoZw+A
6NnK1nwxnLw=
=Ez3J
-----END PGP SIGNATURE-----
--
Hugh Miller, Ph.D. Voice: 312-508-2727
Asst. Professor of Philosophy FAX: 312-508-2292
Loyola University Chicago Home: 312-338-2689
6525 N. Sheridan Rd. E-mail: hmiller@luc.edu
Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller
PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 14 Dec 1994 13:33:22 -0600 (CST)
Subject: Re: Zimmermann Defense Fund Appeal
Organization: University of Wisconsin-Milwaukee
I sent email to Hugh Miller asking about his public key:
I just received your posting to CPD. It is a signed pgp
posting but I do not know how to verify your sig. Help?
I would like to post it with the sig, how can I inform the
readers how to verify the signature?
His response follows:
You need my public key, included below.
Users can obtain my PGP public key in 3 ways:
- Send mail to me at hmiller@luc.edu with the "Subject:" line
reading "send pubkey"
- Pick it up by ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm
- Get it from an Internet PGP keyserver machine such as
pgp-public-keys@pgp.ai.mit.edu. Just send a mail message to this
address with the "Subject:" field "GET hmiller". Other keyserver
machines on the Net which accept the same message format (and
automatically synchronize keyrings with each other every 10 minutes
or so) include:
pgp-public-keys@pgp.mit.edu
pgp-public-keys@demon.co.uk
pgp-public-keys@pgp.ox.ac.uk
pgp-public-keys@ext221.sra.co.jp
pgp-public-keys@kub.nl
pgp-public-keys@pgp.iastate.edu
pgp-public-keys@dsi.unimi.it
pgp-public-keys@pgp.dhp.com
You can verify my public key by calling me at 312-338-2689 (home)
or 312-508-2727 (office) and letting me read you my key fingerprint
(see pgp -h for syntax). I include it also in my .sig, below, if
that's good enough for you.
Thank you for considering the article for submission!
Public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl
wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0
vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR
tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm
3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93
UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz
0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F
oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF
3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs
xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI=
=hWCA
-----END PGP PUBLIC KEY BLOCK-----
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: rem@world.std.com (Ross E Mitchell)
Date: 12 Dec 1994 22:58:14 GMT
Subject: Re: Dynamic Negotiation in the Privacy Wars
Organization: The World Public Access UNIX, Brookline, MA
Bernie Cosell <bernie@fantasyfarm.com> wrote:
But a call that is rejected because of its anonymity should
entail no charge. This requires that the call be intercepted
by the phone company's central office switchboard before it
reaches the recipient's line.
Doesn't one of the Baby Bells already offer an extra-cost
service that allows one to automatically reject calls where the
ID is blocked (i.e., "out of area" isn't blocked, but *67 calls
would be rejected)?
Bell Altantic, down where we are in SW Viginia, does that. It is
called "Anonymous Call Rejection" and it "lets you reject calls
from callers who have used Per Call Blocking". Another interesting
aspect of the Caller ID mess down here is "NOTE: ... your number
will be shown on their display ... even if your number is
non-published or non-listed".
We described Anonymous Call Rejection when we wrote our article, but
it was cut for space. In fact, all of the elements of our suggestion
exist in existing technology; it is the total solution and the generic
concept of "dynamic negotiation" as a new public policy which we
believe is new.
The problem of not knowing whether one is blocking or unblocking
release of the number with *67 is solved by having a different code for
unblocking. Some areas now use *82 to always unblock (even if the
number was already unblocked) and *67 to always block (even if the
number was already blocked). This way a concerned caller knows that
the desired action will be taken without needing to know the blocking
status of the line.
Also intrinsic to our approach is the notion that per-line blocking is
the default; privacy is NOT relinquished except knowingly and
voluntarily.
--
Regards,
Ross
------------------------------
From: eck@panix.com (Mark Eckenwiler)
Date: 12 Dec 1994 21:37:06 -0500
Subject: Re: Question about Electronic Comm. Privacy Act
Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law
fwilson@acs.bu.edu sez: I am attempting to understand Title 18
U.S.C. as ammended by the Electronic Communications Privacy Act of
1986. Not having any legal training, I am rapidly getting out of
my depth. I'm trying to figure out whether this Act would cover:
(a) Interception of a student's email by a university sysadmin.
(b) Interception of an employee's email by a corporate sysadmin.
No and no. Sections 2701 et seq. cover public providers, not corporate
or university systems. And besides, ECPA isn't about "interception";
for "interception", see Title III (secs. 2510 et seq.).
Correct me if I'm wrong, but it seems that both cases WOULD be
covered if the system involved is considered to "affect interstate
or foreign commerce".
You're wrong :) . See 18 USC 2702(a). The bar against mail disclosure
applies only to public providers.
------------------------------
From: jwolf@sdnva1.attmail.com (jwolf)
Date: 13 Dec 1994 12:38:20 -0500
Subject: Re: Question about Electronic Comm. Privacy Act
fwilson@acs.bu.edu stated: I am attempting to understand Title 18
U.S.C. as ammended by the Electronic Communications Privacy Act of
1986. Not having any legal training, I am rapidly getting out of
my depth. I'm trying to figure out whether this Act would cover:
(a) Interception of a student's email by a university sysadmin.
(b) Interception of an employee's email by a corporate sysadmin.
Sadly, neither of these cases is a violation of The Electronic
Communication Privacy Act. The Electronic Communication Privacy Act
(ECPA) of 1986 restricts the interception of electronic communications
by persons outside of the organization, but the ECPA does not cover the
interception or monitoring of E-Mail by parties within the
organization. A plain reading of ECPA may appear to contradict this,
but many people have sued over this very issue, most, if not all, have
been unsuccessful.
Example A may be a Fourth Amendment issue, but the courts have
consistently held that example B is perfectly legal. It is common
practice in "Corporate America" to monitor employees E-Mail. If the
example B employee worked for the federal government, there may be
some Fourth Amendment questions, but your average corporate worker has
almost no workplace privacy rights.
Employers have the courts permission to intercept your electronic mail
transmissions, monitor your phone calls, and to spy on you with cameras
or one way mirrors throughout the workplace -- including locker rooms
and rest rooms. (I know that this sounds unbelievable, but I can
provide examples for each of these cases.)
Illinois Senator Paul Simon has proposed legislation dealing with the
issue of employee privacy. The bill, the Privacy for Consumers and
Workers Act (PCWA), seeks to limit the ability of companies to monitor
their employees and their communications, including E-Mail, telephone
calls, and video surveillance. The bill has been introduced in every
session of congress since 1989 -- to no avail. I have contacted both
Senator Simons and Virginia Senator John Warners congressional offices
regarding PCWA. Both offices say that there is little chance of the
legislation, or something like it, passing any time soon. Senator Simon
has recently announced his retirement, and with no heir apparent in the
wings, the chances of congress stepping forward to provide legislative
protection of workers seems very bleak.
But, the news is not all bad!
The Internet has become a hotbed of information and opinions regarding
employee monitoring and other privacy rights issues. The Privacy Rights
Clearinghouse and the Electronic Frontier Foundation are two groups
that have specifically formed to fight for civil liberties in the
electronic age. Other sources like Privacy Digest, Mother Jones, and
Whole Earth also make similar information and commentary available
on-line. Many student groups and other activist are starting
newsletters and forums that alert others about threats to our privacy
rights. Among these are Risk Digest (as you know), Computer Underground
Digest, Information Law Alert, Computer Privacy Digest, and the Privacy
Forum, just to name a few. Each of the previously mentioned groups has
newsletters or fact sheets available on the Internet.
Sorry I couldn't be more positive, I hope that this is helpful.
--
James Wolf
------------------------------
From: KAY A SCHAFER <k.schafe@msuacad.morehead-st.edu>
Date: 14 Dec 94 9:27:19 EST
Subject: Databanks and Privacy
In a Newsweek issue labeled December 19, 1994, an article by Michael
Klein states that he has read that Citicorp is building a database of
40 million families collected from 12,000 retail stores. An Ernst and
Young Survey in a recent issue of Retail Information Technology reports
that a major retail chain (whose name you would probably recognize)
obtains phone numbers from customers as a means of identification and
then builds a database storing more than 100 fields of information per
household. This chain is only one example; the report indicates that
72% of retailers surveyed are capturing customer data and 17% plan to
do so.
New technology and the building of a national computer network brings
with it many exciting, wonderful possibilities. As we enjoy these
benefits, we need to plan to build into the system a few privacy
protections. "To the extent that the ability to access, collect,
store, analyze and disseminate data has never been greater, the threat
to personal information privacy has never been greater either." This
quote, used in another context, seems quite applicable here. It is
from an Information Infrastructure Task Force Working Group on Privacy.
(59 Federal Register 27206). Hopefully, the 1995 session of Congress
will again look at possible amendments to the Fair Credit Reporting Act
as they began to do in 1994. This would provide some assistance by
regulating the practices of information sellers to assure that while
there is appropriate access to information, some types of personal
information are protected from disclosure.
I will be teaching a class next year in which some of these types of
topics will be covered. Any specific information which you have -
either from the viewpoint of privacy protection or from the marketer's
perspective - would be appreciated (for example, information on
policies and practices, data statistics, proposed legislation, etc.)
--
k.schafe@msuacad.morehead-st.edu
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Dec 1994 08:01:10 -0600 (CST)
Subject: Conferences of Potential Interest
Organization: University of Wisconsin-Milwaukee
taken from a CPSR (Computer Professionals with Social Responsibility)
posting:
If you are planning to attend one of these conferences, or another that
may be related to CPSR's work, please contact CPSR at cpsr@cpsr.org or
(415) 322-3778 for easy ways for you to be a presence for CPSR.
CONFERENCE /EVENT SCHEDULE
1995 Data Security Conference. Jan 9-11, 1995. Redwood City, CA.
Sponsored by RSA Data Security. Contact: kurt@rsa.com
Second International Conference on Information Warfare: "Chaos on the
Electronic Superhighway," Montreal, CA, Jan. 18-19. .
Contact: Mich Kabay, 75300.3232@compuserve.com
Privacy, The Information Infrastructure and Healthcare Reform,
Ohio State University, Columbus, OH, Jan. 27.
Contact: vberdaye@magnus.acs.ohio-state.edu
New Technologies and the Democratisation of Audiovisual Communication,
New Delhi, INDIA, Feb. 9-12.
Contact: 514 982-6660 (ph) 514 982-6122 (fax) videaz@web.apc.org
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926
(fax).
Access, Privacy, and Commercialism: When States Gather Personal
Information, College of William and Mary, Williamsburg, VA, March 17.
Contact: Trotter Hardy 804 221-3826
Computers, Freedom and Privacy CFP'95, Burlingame CA, Mar 28-31
Contact: <cfp95@forsythe.stanford.edu>
ETHICOMP95: An international conference on the ethical issues of using
Information Technology, DeMontfort University, Leicester, ENGLAND,
March 28-30, 1995. Contact: Simon Rogerson srog@dmu.ac.uk
44 533 577475 (phone) 44 533 541891 (Fax).
1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 8-10.
Contact: sp95@itd.nrl.navy.mil
--- CPSR ANNOUNCE LIST END ---
------------------------------
From: jdc@inca.cs.wayne.edu (Jon Cardwell)
Date: 15 Dec 1994 15:23:31 GMT
Subject: Company Snooping/Possible Email monitoring
Organization: Wayne State University, Detroit, MI
I work for a company which has recently installed some kind of local
harddrive 'snooping'/scanning program on a netware server which scans
the contents of our machines and builds a database entry of thing (?)
that employees have on their machines. Now, I can understand the
concerns that companies (like where I work) would have with people
using pirated and/or non-licensed software packages, but I am concerned
that there is a possibility of abuse on the part of the sys admin's
who're doing the snooping.
Also, some fellow corworkers (myself included) has expressed concerns
that the company may also be monitoring and/or reading people's
internal email, in addition to monitoring the internet connection usage
(we have a T1 line). There is currently no official 'party line'
statement from any company officials or officers on this subject.
I am interested in acquiring any full-text version of the Electronic
Communications Privacy Act of 1986, and/or any other related
documentation on employee rights in such above hypothetical
situtations. Any help would be greatly appreciated.
--
Jon Cardwell
Wayne State University.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Nov 1994 08:46:14 -0600 (CST)
Subject: Info on CPD, (unchanged since 11/28/94)
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions generally are acknowledged within 24 hours of
submission. An article is printed if it is relevant to the charter of
the digest and is not redundant or insulting. If selected, it is
printed within two or three days. The moderator reserves the right to
delete extraneous quoted material. He may change the subject line of
an article in order to make it easier for the reader to follow a
discussion. He will not, however, alter or edit or append to the text
except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V5 #073
******************************
.