Date: Sun, 05 Mar 95 07:53:02 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#024
Computer Privacy Digest Sun, 05 Mar 95 Volume 6 : Issue: 024
Today's Topics: Moderator: Leonard P. Levine
Private Idaho 2.0 beta
A Word of Warning
Re: Compuserve Sued for Delivering "Junk E-Mail"
Re: Compuserve Sued for Delivering "Junk E-Mail"
Re: The IRS and INS
Re: SS Number at College
Net Rape
American Express
Junk e-Mail vs. Junk FAX
More on Junk e-Mail
EFF Sues to Overturn Cryptography Restrictions
Re: Access to Driving Records
Son of 1991's S.266 - With a Vengence
Re: A True Story
Interstate Panopticon
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: joelm@eskimo.com (Joel McNamara)
Date: 01 Mar 1995 16:42:54 -0800
Subject: Private Idaho 2.0 beta
Organization: Eskimo North (206) For-Ever
Private Idaho 2.0 beta, a PGP/anonymous remailer utility for use with
Windows e-mail software, is now available.
I had some unexpected free time, so instead of doing a final release of
the 1.5 beta, I incorporated a variety of new features I was planning
for version 2.0.
The most significant is the ability to send mail through the remailers
using their PGP public keys. What was normally a tedious job of doing
multiple encryption passes on message blocks is now just a simple
couple of mouse clicks. Additionally, there's now limited support for
cut-marks, latent time, and substitute subject headers. Plus a variety
of other new features you'll find useful.
You can download the 2.0 beta (PIDHO20B.ZIP) either from:
anonymous ftp - ftp.eskimo.com /joelm
or
Web page - http://www.eskimo.com/~joelm
As always, any bug reports/suggestions/comments are appreciated.
--
Joel McNamara
joelm@eskimo.com - finger or Web home page for PGP key
------------------------------
From: Jim Silvania <silvania@ohionet.org>
Date: 02 Mar 1995 09:36:35 -0500 (EST)
Subject: A Word of Warning
Thanks for running Braindead In Cyberspace but a word of warning about
R Thomas. All those addresses Ralph uses to send for privacy &
investigative books are companies owned by Ralph. He's hawking his own
goods. Just a word to the wise.
--
Jim Silvania silvania@ohionet.org
Porter,Wright,Morris & Arthur
Columbus, OH
------------------------------
From: rlk@max.tiac.net (Robert Krawitz)
Date: 02 Mar 1995 21:19:38 GMT
Subject: Re: Compuserve Sued for Delivering "Junk E-Mail"
Organization: The Internet Access Company
Privacy Rights Clearinghouse <prc@pwa.acusd.edu> wrote: Robert
Arkow, a Compuserve subscriber, is suing the service for delivering
two unsolicited advertising e-mail messages to his mailbox on
December 21, 1994. The suit, believed to be the first of its kind,
challenges the right of advertisers to deliver so- called "Junk
E-Mail" under the Telephone Consumer Privacy Protection Act of 1991
(TCPA). Arkow argues that the TCPA prohibits the automated calling
of "any service for which the calling party is charged for the
call." Also named in the suit is Compuserve Visa, the business
responsible for the ads.
gmcgath@condes.MV.COM (Gary McGath) writes: The implications of
this are as frightening (assuming equal probability of success) as
those of S. 314. If service providers become responsible for
conveying "junk mail," and can be legally held reliable for it,
then providers will have to scan all messages and somehow decide
which ones are "junk mail."
In this case, it appears (judging from the outfit that posted the ad)
that Compuserve itself sent the ad, rather than merely carrying it.
That's more like the phone company interrupting a long distance call to
advertise a new service, perhaps. In this case, the service is using
the customer's funds to deliver unwanted advertising to the customer.
Worse yet, the criteria used -- that sending mail to a list
constitutes "automated calling" -- could outlaw all automated
mailing lists, and perhaps all mail programs which batch mail, if
they became legal doctrine. Thanks for calling this to our
attention.
In the case of an automated mailing list, normally the subscriber has
to take an explicit action to be placed on the list. I should think
that that would constitute consent to receive any mailings that were
sent to the list.
--
Robert Krawitz
Member of the League for Programming Freedom -- mail lpf@uunet.uu.net
Tall Clubs International -- tci-request@think.com or 1-800-521-2512
------------------------------
From: Mark Eckenwiler <eck@panix.com>
Date: 02 Mar 1995 23:03:05 -0500
Subject: Re: Compuserve Sued for Delivering "Junk E-Mail"
Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law
Robert Arkow, a Compuserve subscriber, is suing the service for
delivering two unsolicited advertising e-mail messages to his
mailbox on December 21, 1994. The suit, believed to be the first
of its kind, challenges the right of advertisers to deliver so-
called "Junk E-Mail" under the Telephone Consumer Privacy
Protection Act of 1991 (TCPA). Arkow argues that the TCPA
prohibits the automated calling of "any service for which the
calling party is charged for the call."
If this is a reference to 47 USC sec. 227(b)(1)(a)(iii), then the
correct phrase is "for which the *called* party is charged for the
call." That's a good reason to doubt Arkow right there, if the mistake
is his.
I think the text of the statute indicates that Arkow's suit has no
merit.
To begin with, subsection (b)(1)(A) only applies to a "call . . .
using any automatic telephone dialing system or an artificial or
prerecorded voice . . . ." An ATDS is defined in (a)(1) as equipment
which can "store or produce *telephone* numbers to be called" and can
"dial such numbers." Since an email address is not a telephone number,
Arkow's claim falls outside the statute.
A second, less powerful argument is that a CIS user is not "charged for
the call" unless s/he chooses to accept it on the basis of the
particularized information available in advance. One can argue that
the policy of (b)(1)(A)(iii) is to protect only recipients who have no
such advance notice, such as cellular phone users, who are explicitly
named in this subsection.
The TCPA provisions are aimed at automated dialers, machines that
call homes and deliver recorded sales pitches. The law also
prohibits unsolicited fax advertisements. The question will be
"How similar is junk E-Mail to recorded telemarketing calls or
unsolicited fax ads?"
The main "prerecorded voice" section is elsewhere, in (b)(1)(B), which
prohibits making such calls to "any residential telephone line." Once
again, the statute's language is not ambiguous: e-mail simply is not
covered.
Unsolicited fax ads: This one is a bit fuzzier. Subsection (b)(1)(C)
prohibts using a "telephone facsimile machine, computer, or other
device to send an unsolicited advertisement to a telephone facsimile
machine . . . ." Now, the text obviously draws a distinction between
the terms "telephone facsimile machine" and "computer," so at first
glance it looks as if junk e-mail isn't covered.
However, a TFM is defined in (a)(1)(2) as equipment which can
"transcribe text or images, or both, from paper into an electronic
signal and to transmit that signal over a regular telephone line" *OR*
"transcribe text or images (or both) from an electronic signal received
over a regular telephone line onto paper." Note that the law is framed
in terms of the equipment's *potential* to perform these acts; there is
no requirement that it *actually* transcribe anything onto paper if it
receives a call, for instance.
In other words, a computer attached to a modem and either a printer or
a scanner would seem to qualify as a TFM. Under those circumstances,
one can easily imagine a case in which a "TFM" might receive junk
e-mail.
One last unrelated point: the federal Ninth Circuit (covering CA, AZ,
WA, OR, AK, etc.) ruled very recently that subsection (b) is
constitutional.
------------------------------
From: wmcclatc@gmu.edu (Bill McClatchie)
Date: 03 Mar 1995 16:38:16 -0500
Subject: Re: The IRS and INS
Jannick Johnsson <wiking@neosoft.com> writes: Does anybody know if
some body has a disagreement with IRS, like not filing your taxes
if this is reported to INS, so next time somebody returns from a
trip they have you in the computer. Is it possible to find out
what INS has in their computer just by asking. I asked the agent
once when I returned if I could see what he had on the screen. He
said he was not allowed to show it to me. I did verify I was
returning to the right the right country!!! I do know the police
does not send your name to INS just because you are not paying you
ticket or a warrent for your arrest not showing in the court. I am
not convicted and do not intent to be, but just curious.
Well, i have a relative who works for INS in one of these booths. What
she said was "The only place you can get this information is by filing
a freedom of information request." The reason for this sounds kind of
lame; but the agents can lose their jobs for showing you what
information is on their screens, I wouldn't count on them showing it to
you.
As for what information is in this file, you would probably be surprised.
--
Bill McClatchie
wmcclatc@gmu.edu
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 02 Mar 95 20:50 EST
Subject: Re: SS Number at College
Organization: I.E.C.C., Cambridge, Mass.
Is there anything I can do about this?
A federal law known as the Buckley Amendment requires that any college
that takes federal money (nearly all of them) use a number other than a
student's SSN if the student so requests. They'll moan and groan, but
the law is quite clear.
I did that at Yale over 10 years ago. Given that the number they
assigned me was 000-10-0001, I would conclude that not many people had
so requested before I did.
--
Regards,
John Levine, johnl@iecc.com
Primary Perpetrator of "The Internet for Dummies"
------------------------------
From: aca3@netaxs.com (Arthur Anderson)
Date: 03 Mar 1995 02:43:37 GMT
Subject: Net Rape
Organization: Netaxs Internet BBS and Shell Accounts
Net Rape; A Warning to All
For the most part, the InterNet has been a realm of free and friendly
information exchange. Lately, however, things have been changing quite
a bit. With all the hype regarding the information superhighway (AKA
Infobahn), more and more opportunists are feeding upon the trusting
nature of optimistic Net users. Writings and ideas are being stolen,
and there's little that can be done about it without sacrificing the
ideals of free communication.
Personally, I have lost hundreds of dollars and hundreds of hours
simply because I risked the trust of someone with an e-mail address.
Its important to remember that intelligence and moral character do not
necessarily go hand in hand. Cold and unsympathetic people now roam the
InterNet, and they can easily sound as warm and friendly as anyone
you've ever known.
The free, uncensored, and global exchange of information is a wonderful
thing. This new environment will change the world in ways we can
scarcely imagine. But be careful. Be very careful. Clever criminals
can now misguide you with a few simple key- strokes. They can claim
whatever you send them, and promptly vanish to seek their own profit
(in literature, science, software, entertainment, ... anything).
------------------------------
From: Timothy Charles Greenleaf <tcg7@columbia.edu>
Date: 03 Mar 1995 01:19:58 -0500
Subject: American Express
Organization: Columbia University
Greetings everyone...
Has anyone heard of American Express doing the following to
non-journalists? How detailed and how private should credit card
records be? (Forwarded from IRE-L - mailing list for disucssion of
computer assisted journalism).
Regards,
Tim Greenleaf - tcg7@columbia.edu
***************Forwarded Message****************
Urgent Notice!
IRE views American Express's zealous compliance with the subpoena of
reporters' monthly statements in the Phillip Morris vs. ABC case as
highly objectionable and an extremely dangerous precedent. (See WSJ
front page 2/24/95) We have cut up and returned our personal and
corporate American Express cards and we are urging IRE members and, in
fact, all journalists to consider whether they should not consider
doing the same. It's more than that American Express has shown an
eagerness to invade the privacy of journalists. The firm's wholesale
turnover of journalist's expense records could endanger the
confidentiality of meetings and contacts with sources.
In addition, we encourage you to write to American Express and express
your opinions regarding these tactics, whether or not you are a
customer.
Please feel free to forward this message to whatever forum seems
appropriate!
--
Rosemary Armao and (314) 882-3364 (v)
Tracy Barnett (314) 882-5431 (f)
PO Box 838 Internet:
Columbia MO 65205 jourtlb@muccmail.missouri.edu
------------------------------
From: Mark Eckenwiler <eck@panix.com>
Date: 02 Mar 1995 23:33:39 -0500
Subject: Junk e-Mail vs. Junk FAX
Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law
Robert Arkow, a Compuserve subscriber, is suing the service for
delivering two unsolicited advertising e-mail messages to his
mailbox on December 21, 1994. The suit, believed to be the first
of its kind, challenges the right of advertisers to deliver so-
called "Junk E-Mail" under the Telephone Consumer Privacy
Protection Act of 1991 (TCPA). Arkow argues that the TCPA
prohibits the automated calling of "any service for which the
calling party is charged for the call."
If this is a reference to 47 USC sec. 227(b)(1)(a)(iii), then the
correct phrase is "for which the *called* party is charged for the
call." That's a good reason to doubt Arkow right there, if the mistake
is his.
I think the text of the statute indicates that Arkow's suit has no
merit.
To begin with, subsection (b)(1)(A) only applies to a "call . . .
using any automatic telephone dialing system or an artificial or
prerecorded voice . . . ." An ATDS is defined in (a)(1) as equipment
which can "store or produce *telephone* numbers to be called" and can
"dial such numbers." Since an email address is not a telephone number,
Arkow's claim falls outside the statute.
A second, less powerful argument is that a CIS user is not "charged for
the call" unless s/he chooses to accept it on the basis of the
particularized information available in advance. One can argue that
the policy of (b)(1)(A)(iii) is to protect only recipients who have no
such advance notice, such as cellular phone users, who are explicitly
named in this subsection.
The TCPA provisions are aimed at automated dialers, machines that
call homes and deliver recorded sales pitches. The law also
prohibits unsolicited fax advertisements. The question will be
"How similar is junk E-Mail to recorded telemarketing calls or
unsolicited fax ads?"
The main "prerecorded voice" section is elsewhere, in (b)(1)(B), which
prohibits making such calls to "any residential telephone line." Once
again, the statute's language is not ambiguous: e-mail simply is not
covered.
Unsolicited fax ads: This one is a bit fuzzier. Subsection (b)(1)(C)
prohibts using a "telephone facsimile machine, computer, or other
device to send an unsolicited advertisement to a telephone facsimile
machine . . . ." Now, the text obviously draws a distinction between
the terms "telephone facsimile machine" and "computer," so at first
glance it looks as if junk e-mail isn't covered.
However, a TFM is defined in (a)(1)(2) as equipment which can
"transcribe text or images, or both, from paper into an electronic
signal and to transmit that signal over a regular telephone line" *OR*
"transcribe text or images (or both) from an electronic signal received
over a regular telephone line onto paper." Note that the law is framed
in terms of the equipment's *potential* to perform these acts; there is
no requirement that it *actually* transcribe anything onto paper if it
receives a call, for instance.
In other words, a computer attached to a modem and either a printer or
a scanner would seem to qualify as a TFM. Under those circumstances,
one can easily imagine a case in which a "TFM" might receive junk
e-mail.
One last unrelated point: the federal Ninth Circuit (covering CA, AZ,
WA, OR, AK, etc.) ruled very recently that subsection (b) is
constitutional.
------------------------------
From: weh@SEI.CMU.EDU (Bill Hefley)
Date: 03 Mar 1995 10:18:53 EST
Subject: More on Junk e-Mail
Organization: Software Engineering Institute
I just had the opportunity to speak on a panel at a marketing
conference about our efforts in developing a World-Wide Web site
(http://www.sei.cmu.edu) to further our Institute's mission of
improving the state of the practice of software engineering.
While there, I picked up a glossy newsmagazine/newspaper intended for
the direct marketing crowd -- not really my specialty, but it looked to
be interesting airplane reading.
I was really amazed to see the news blurb about Worldata
(http://www.worldata.com/), a Florida company, that claims to be able
to send as many as a million and a half e-mail messages to its list of
compiled e-mail addresses -- all for a mere 8 to 10 cents a message.
They claim to be building a suppression file for those who want to opt
out, and also guarantee that mailers won't be flamed.
Gee, I wonder how they can guarantee that? Unless they provide an
anonymizing service (gee, just think of the possibilities, anonymous
e-mail for advertisers), most people will be able to figure out who the
advert is for, and can flame the advertiser. But, maybe they're right,
I might have to pick up the phone to call and complain to the
advertiser--that isn't technically a flame, is it?
--
Bill Hefley - Senior Member of the Technical Staff
Software Engineering Institute, Carnegie Mellon Univ. Pittsburgh, PA 15213
Office: +1-412-268-7793, Fax: +1-412-268-5758, internet: weh@sei.cmu.edu
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 03 Mar 1995 08:51:37 -0600 (CST)
Subject: EFF Sues to Overturn Cryptography Restrictions
Organization: University of Wisconsin-Milwaukee
Taken from Computer underground Digest Wed Mar 1, 1995 Volume 7 :
Issue 17 ISSN 1004-042X
Date: 21 Feb 1995 23:16:46 -0500 (EST)
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 2--EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS
EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS
First Amendment Protects Information about Privacy Technologies
February 21, 1995
San Mateo, California
In a move aimed at expanding the growth and spread of privacy and
security technologies, the Electronic Frontier Foundation is sponsoring a
federal lawsuit filed today seeking to bar the government from restricting
publication of cryptographic documents and software. EFF argues that
the export-control laws, both on their face and as applied to users of
cryptographic materials, are unconstitutional.
Cryptography, defined as "the science and study of secret writing,"
concerns the ways in which communications and data can be encoded to
prevent disclosure of their contents through eavesdropping or message
interception. Although the science of cryptography is very old, the
desktop-computer revolution has made it possible for cryptographic
techniques to become widely used and accessible to nonexperts.
EFF believes that cryptography is central to the preservation of
privacy and security in an increasingly computerized and networked
world. Many of the privacy and security violations alleged in the
Kevin Mitnick case, such as the theft of credit card numbers, the
reading of other peoples' electronic mail, and the hijacking of other
peoples' computer accounts, could have been prevented by widespread
deployment of this technology. The U.S. government has opposed such
deployment, fearing that its citizens will be private and secure from
the government as well as from other vandals.
The plaintiff in the suit is a graduate student in Mathematics at the
University of California at Berkeley named Dan Bernstein. Bernstein
developed an encryption equation, or algorithm, and wishes to publish the
algorithm, a mathematical paper that describes and explains the algorithm,
and a computer program that runs the algorithm. Bernstein also
wishes to discuss these items at mathematical conferences and other open,
public meetings.
The problem is that the government currently treats cryptographic software
as if it were a physical weapon and highly regulates its dissemination. Any
individual or company who wants to export such software -- or to publish
on the Internet any "technical data" such as papers describing encryption
software or algorithms -- must first obtain a license from the State
Department. Under the terms of this license, each recipient of the licensed
software or information must be tracked and reported to the government.
Penalties can be pretty stiff -- ten years in jail, a million dollar
criminal fine, plus civil fines. This legal scheme effectively prevents
individuals from engaging in otherwise legal communications about encryption.
The lawsuit challenges the export-control scheme as an ``impermissible
prior restraint on speech, in violation of the First Amendment.''
Software and its associated documentation, the plaintiff contends, are
published, not manufactured; they are Constitutionally protected works of
human-to-human communication, like a movie, a book, or a telephone
conversation. These communications cannot be suppressed by the government
except under very narrow conditions -- conditions that are not met by the
vague and overbroad export-control laws. In denying people the right to
publish such information freely, these laws, regulations, and procedures
unconstitutionally abridge the right to speak, to publish, to associate
with others, and to engage in academic inquiry and study. They also have
the effect of restricting the availability of a means for individuals to
protect their privacy, which is also a Constitutionally protected interest.
More specifically, the current export control process:
* allows bureaucrats to restrict publication without ever going to court;
* provides too few procedural safeguards for First Amendment rights;
* requires publishers to register with the government, creating in
effect a "licensed press";
* disallows general publication by requiring recipients to be
individually identified;
* is sufficiently vague that ordinary people cannot know what conduct
is allowed and what conduct is prohibited;
* is overbroad because it prohibits conduct that is clearly protected
(such as speaking to foreigners within the United States);
* is applied overbroadly, by prohibiting export of software that
contains no cryptography, on the theory that cryptography could be added
to it later;
* egregiously violates the First Amendment by prohibiting private
speech on cryptography because the government wishes its own opinions
on cryptography to guide the public instead; and
* exceeds the authority granted by Congress in the export control laws
in many ways, as well as exceeding the authority granted by the
Constitution.
If this suit is successful in its challenge of the export-control laws, it
will clear the way for cryptographic software to be treated like any other
kind of software. This will allow companies such as Microsoft, Apple,
IBM, and Sun to build high-quality security and privacy protection into
their operating systems. It will also allow computer and network users,
including those who use the Internet, much more freedom to build and
exchange their own solutions to these problems, such as the freely
available PGP encryption program. And it will enable the next generation
of Internet protocols to come with built-in cryptographic security and
privacy, replacing a sagging part of today's Internet infrastructure.
Lead attorney on the case is Cindy Cohn, of McGlashan and Sarrail in San
Mateo, CA, who is offering her services pro-bono. Major assistance has
been provided by Shari Steele, EFF staff; John Gilmore, EFF Board; and Lee
Tien, counsel to John Gilmore. EFF is organizing and supporting the case
and paying the expenses.
Civil Action No. C95-0582-MHP was filed today in Federal District
Court for the Northern District of California. EFF anticipates that
the case will take several years to win. If the past is any guide,
the government will use every trick and every procedural delaying
tactic available to avoid having a court look at the real issues.
Nevertheless, EFF remains firmly committed to this long term project.
We are confident that, once a court examines the issues on the merits,
the government will be shown to be violating the Constitution, and
that its attempts to restrict both freedom of speech and privacy will
be shown to have no place in an open society.
Full text of the lawsuit and other paperwork filed in the case is available
from the EFF's online archives. The exhibits which contain cryptographic
information are not available online, because making them publicly available
on the Internet could be considered an illegal export until the law is struck
down. We are still uploading some of the documents, including the main
complaint, so please try again later if what you want isn't there yet. See:
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case
Press contact: Shari Steele, EFF: ssteele@eff.org, +1 202 861 7700.
For further reading, we suggest:
The Government's Classification of Private Ideas: Hearings Before a
Subcomm. of the House Comm. on Government Operations, 96th Cong., 2d
Sess. (1980)
John Harmon, Assistant Attorney General, Office of Legal Counsel,
Department of Justice, Memorandum to Dr. Frank Press, Science Advisor to
the President, Re: Constitutionality Under the First Amendment of ITAR
Restrictions on Public Cryptography (May 11, 1978). [Included in the
above Hearings; also online as http://www.eff.org/pub/EFF/Policy/Crypto/
ITAR_export/ITAR_FOIA/itar_hr_govop_hearing.transcript].
Alexander, Preserving High-Tech Secrets: National Security Controls on
University Research and Teaching, 15 Law & Policy in Int'l Business 173
(1983)
Cheh, Government Control of Private Ideas-Striking a Balance Between
Scientific Freedom and National Security, 23 Jurimetrics J. 1 (1982)
Funk, National Security Controls on the Dissemination of Privately
Generated Scientific Information, 30 U.C.L.A. L. Rev. 405 (1982)
Pierce, Public Cryptography, Arms Export Controls, and the First
Amendment: A Need for Legislation, 17 Cornell Int'l L. J. 197 (1984)
Rindskopf and Brown, Jr., Scientific and Technological Information and
the Exigencies of Our Period, 26 Wm. & Mary L. Rev. 909 (1985)
Ramirez, The Balance of Interests Between National Security Controls and
First Amendment Interests in Academic Freedom, 13 J. Coll. & U. Law 179
(1986)
Shinn, The First Amendment and the Export Laws: Free Speech on
Scientific and Technical Matters, 58 Geo. W. L. Rev. 368 (1990)
Neuborne and Shapiro, The Nylon Curtain: America's National Border and
the Free Flow of Ideas, 26 Wm. & Mary L. Rev. 719 (1985)
Greenstein, National Security Controls on Scientific Information, 23
Jurimetrics J. 50 (1982)
Sullivan and Bader, The Application of Export Control Laws to Scientific
Research at Universities, 9 J. Coll. & U. Law 451 (1982)
Wilson, National Security Control of Technological Information, 25
Jurimetrics J. 109 (1985)
Kahn, The Codebreakers: The Story of Secret Writing. New York:
Macmillan (1967) [Great background on cryptography
and its history.]
Relyea, Silencing Science: national security controls and scientific
communication, Congressional Research Service. Norwood, NJ:
Ablex Publishing Corp. (1994)
John Gilmore, Crypto Export Control Archives, online at
http://www.cygnus.com/~gnu/export.html
EFF Crypto Export Control Archives, online at
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/
--
<A HREF="http://www.eff.org/~mech/"> Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org"> mech@eff.org
</A><P><A HREF="http://www.eff.org/"> Electronic Frontier Foundation
</A><P><A HREF="http://www.eff.org/1.html"> Online Services Mgr. </A>
------------------------------
From: jwarren@well.sf.ca.us (Jim Warren)
Date: 03 Mar 1995 19:00:57 +0800
Subject: Re: Access to Driving Records
Regarding access to driver records.
Date: 02 Mar 1995 22:15:25 -0500
From: Robert Becker <rbecker@GWIS2.CIRC.GWU.EDU>
To: Multiple recipients of list SPJ-L <SPJ-L@PSUVM.PSU.EDU>
Subject: Re: Access to driving records
Newspapers, like other businesses, can buy the DMV lists in bulk
under the federal law. They can then use the information for
marketing or other purposes permitted by the statute. But they
cannot redisseminate the information to editorial to be used for
newsgathering purposes.
It is my belief that one way to challenge the constitutionality of
the statute is for a publisher to buy the list for marketing, but
allow its use for news purposes. If the state then penalizes the
paper, either by fining it or denying access subsequently, the
paper could claim that the penalty is, in effect, a prior restraint
or post-publication punishment for publishing legally obtained
information
DMV records access *does* vary from state to state, but within the limits
of federal law, e.g. the Boxer bill. (Would love to know her driving
record :-).
--
jim
------------------------------
From: jwarren@well.sf.ca.us (Jim Warren)
Date: 04 Mar 1995 06:52:56 +0800
Subject: Son of 1991's S.266 - With a Vengence
It appears that Joe McCarthy is back. Bigtime!
In the spring of 1991, S.266 was introduced by Mr. Biden (for himself
and Mr. DeConcini) containing the following section:
SEC. 2201. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW
ENFORCEMENT
It is the sense of Congress that providers of electronic communications
services and manufacturers of electronic communications service
equipment shall ensure that communications systems permit the
government to obtain the plain text contents of voice, data, and other
communications when appropriately authorized by law.
--- I.e., no more private communications. Under pressure, it was
deleted. ---
But that was *peanuts* - look at this thing!
Jim Warren, GovAccess moderator; columnist, MicroTimes/Govt.Tech/BoardWatch
jwarren@well.com (well.com = well.sf.ca.us; also at jwarren@autodesk.com)
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>
[puffery: James Madison Freedom-of-Information Award, Soc. of Professional
Journalists - Nor.Calif.(1994); Hugh Hefner First-Amendment Award, Playboy
Foundation (1994); Pioneer Award, Electronic Frontier Foundation (its first
year, 1992); founded Computers, Freedom & Privacy confs, InfoWorld, etc.]
I got this off another list.
Omnibus Counterterrorism Bill
S. 390 and H.R. 896
New FBI Charter to Investigate Political Groups
February 10, 1995 the Omnibus Counterterrorism Bill was introduced as
S. 390 into the Senate and as H.R. 896 in the House. It was initiated
by the FBI, and passed on by the Justice Department and the White
House. Senators Biden (D-DE) and Specter (R- PA) initiated it in the
Senate, Rep. Schumer (D-NY) and Dicks (D-WA) in the House. It has
bipartisan support and could get expedited action.
SUMMARY
* THIS IS A GENERAL CHARTER FOR THE FBI AND OTHER AGENCIES, INCLUDING
THE MILITARY, TO INVESTIGATE POLITICAL GROUPS AND CAUSES AT WILL. The
bill is a wide-ranging federalization of different kinds of actions
applying to both citizens and non-citizens. The range includes acts of
violence (attempts, threats and conspiracies) as well as giving funds
for humanitarian, legal activity.
* It would allow up to 10 year sentences for citizens and deportation
for permanent resident non-citizens for the "crime" of supporting the
lawful activities of an organization the President declares to be
"terrorist", as the African National Congress, FMLN in El Salvador, IRA
in Northern Ireland, and PLO have been labelled. It broadens the
definition of terrorism. The President's determination of who is a
terrorist is unappealable, and specifically can include groups
regardless of any legitimate activity they might pursue.
* It authorizes secret trials for immigrants who are not charged with
a crime but rather who are accused of supporting lawful activity by
organizations which have also been accused of committing illegal acts.
Immigrants could be deported: 1) using evidence they or their lawyers
would never see, 2) in secret proceedings 3) with one sided appeals 4)
using illegally obtained evidence.
* It suspends posse comitatus - allowing the use of the military to
aid the police regardless of other laws.
* It reverses the presumption of innocence - the accused is presumed
ineligible for bail and can be detained until trial.
* It loosens the rules for wiretaps. It would prohibit probation as a
punishment under the act - even for minor nonviolent offenses.
IMPLICATIONS
* Those who remember the McCarran Walter Act will recognize this bill,
only in some ways this is broader and potentially more dangerous
* This bill is highly political: the President can determine who is a
terrorist and change his/her mind at will and even for economic
reasons. The breadth of its coverage would make it impossible for the
government to prosecute all assistance to groups around the world that
have made or threatened to commit violent acts of any sort.
Necessarily its choices would be targeted at organizations the
government found currently offensive. People to be deported would be
chosen specifically because of their political associations and
beliefs.
* The new federal crime: international terrorism doesn't cover
anything that is not already a crime. As the Center for National
Security Studies notes: "Since the new offense does not cover anything
that is not already a crime, the main purpose of the proposal seems to
be to avoid certain constitutional and statutory protections that would
otherwise apply."
* While many provisions of this bill could well be found
unconstitutional after years of litigation, in the mean time the damage
could be enormous to the First Amendment and other constitutional
rights including presumption of innocence and right to bail.
THE BILL HAS BEEN REFERRED TO JUDICIARY COMMITTEES OF EACH HOUSE. ONLY
THE NEW YORK TIMES HAS AS YET NOTICED THE BILL - A 2/24/95 ANTHONY
LEWIS COLUMN. OTHER PAPERS SHOULD BE ALERTED.
FOR MORE INFORMATION:
Kit Gage, Washington Liaison, National Lawyers Guild
3321-12th St., NE, Washington DC 20017 202-529-4225, fax
202-526-4611, e-mail: kgage@igc.apc.org
<---- End Included Message ---->
------------------------------
From: lkrist@osf1.gmu.edu (Lori Krist)
Date: 04 Mar 1995 16:24:00 -0500
Subject: Re: A True Story
Patrick Brennan wrote: Not only does he have no concept of the
enormous power of large corporate databases to corrupt and degrade
individual privacy, he doesn't care! And most perplexingly : he
actually defended the company's prerogative to gather information,
and the computer's demand to have the information, OVER a PERSON's
right to keep the information. Hey, if I haven't done anything
wrong, I have nothing to worry about. Companies come before
people, anyway. He might as well have come from Mars : I cannot
relate to this guy at all. And it scares me that his may represent
a substantial segment of the popular opinion. If that is so, then
I am glad I've listened to too many liberal college professors.
WOW! What an incredible story. It is scary. The thing I find
interesting is that not only the "liberal college professors" worry
about this issue. There are a substantial number of conservatives (like
myself) who also think the govt and business should stay out of most of
my affairs. Could it be that I have something in common with these
liberals? God help us!
--
Lori Krist
lkrist@gmu.edu
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 05 Mar 1995 07:15:09 -0600 (CST)
Subject: Interstate Panopticon
Taken from RISKS-LIST: RISKS-FORUM Digest Friday 3 March 1995 Volume
16 : Issue 86 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED
SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy,
Peter G. Neumann, moderator
Interstate Panopticon (Phil Agre)
From: Phil Agre <pagre@weber.ucsd.edu>
Date: 25 Feb 1995 17:59:07 -0800
Subject: Interstate Panopticon
The press is starting to notice some of the serious privacy problems
with the rapidly advancing proposals for "Intelligent Transportation
Systems" in the United States. Here are a couple of relevant
articles:
Richard Simon, Camera gains more exposure as a device for traffic
control, Los Angeles Times, 20 February 1995, pages B1 and B3.
This one is about the accelerating use of video cameras on roads in
Southern California. In the near term they're mostly to identify the
causes of traffic jams. But the Blue Line between Los Angeles and Long
Beach will soon have cameras to detect drivers who attempt to
circumvent lowered gates to cross the train tracks. And although the
state Office of Traffic Safety is concerned about "a growing problem
with commuters eating, reading, changing clothes, brushing their teeth
and generally paying less than full attention to the road", it says it
has no current plans to check up on these things with its cameras.
The cameras, in case you're wondering, are in bulletproof containers.
Although some of the problems that state traffic officials have
identified are genuine, the real difficulty is in their basic
philosophy for solving them. Rather than collect information and
circulate it in a decentralized fashion that is useful to individual
drivers and engineering crews without permitting unlimited accumulation
of information that identifies individual drivers, they have set up a
general-purpose centralized observation center in downtown Los
Angeles.
The slippery slope here is steep: as technologies of surveillance are
put in place, new applications will always be available that are only
one short step beyond what they've been used for so far. I am
generally skeptical about visual metaphors for privacy problems, but
this is one case where the Panopticon offers a perfectly simple and
straightforward model.
That's not so clear in another, much bigger and more consequential
case:
Don Phillips, Big Brother in the back seat?: The advent of the
"intelligent highway" spurs a debate over privacy, Washington Post,
23 February 1995, page D10.
This article concerns the "privacy principles" being circulated by the
Intelligent Transportation Society of America, which is the industry
group coordinating the development of a national architecture for
transportation automation systems, including systems that track the
locations of vehicles for a range of purposes. Although nobody in the
United States is currently proposing that the use of these technologies
be made mandatory for drivers, it is very likely that they will become
unavoidable as a practical matter, since they will probably be used to
implement much more widespread roadway toll-collection. The most
recent version of these principles that I have seen is dated December
13th 1994, and they are in fact seriously problematic. For example,
they only place very loose restrictions on secondary uses of the
information by marketers, and they envision no restrictions on the
powers of access to ITS travel information that individual states can
confer upon local police. You can retrieve a copy by sending a message
that looks like this:
To: rre-request@weber.ucsd.edu
Subject: archive send its-privacy
Or you can look at them on WWW at:
http://weber.ucsd.edu/~pagre/its-privacy.html
I will probably circulate another message about these principles soon.
The Phillips article notes that many people are concerned about law
enforcement uses of ITS information; ITS America feels that such use is
inevitable and simply wishes the public to be informed of this fact --
they wish to focus on knowing "what the rules are" rather than on
actual privacy. The tragedy is that it is completely unnecessary for
these systems to collect information that identifies individuals.
Profound violations of individual privacy are not the price of
progress. Rather, they are the price of using old-fashioned
technology, neglecting innovations such as public-key cryptography and
digital cash that protect privacy without sacrificing functionality.
Phil Agre, UCSD
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #024
******************************
.