Date: Wed, 10 May 95 19:53:37 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#044
Computer Privacy Digest Wed, 10 May 95 Volume 6 : Issue: 044
Today's Topics: Moderator: Leonard P. Levine
Re: California Digital Signature Bill
California Bill on CallerID
Digital Signature legislation-in-process
Re: Could What You Post be Used to Profile You?
Privacy of Tax Files
Re: ID Microchip
Re: ID Microchip
Re: What are the VISA Codes?
Re: Just how secure *is* public key encryption?
Databases
Re: SSN Question
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: Privacy Rights Clearinghouse <prc@pwa.acusd.edu>
Date: 05 May 1995 14:18:53 -0700 (PDT)
Subject: Re: California Digital Signature Bill
On 26 Apr 1995, Privacy Rights Clearinghouse wrote: Those
interested in on-line privacy should be aware of a bill in the
California Legislature. A.B. 1577, sponsored by Debra Bowen,
addresses the issue of digital signatures. There are versions of
the same bill under consideration in Oregon, Washington, and Utah
as well.
Peter Marshall <rocque@eskimo.com> wrote: It is not clear that a
version of this same bill, or a substantially similar measure is
"under consideration" in WA. A bill of this topic was intro'd in
the '95 regular session of the WA Leg., and had one informational
hearing. The bill's prime sponsor explained he had no intent in
this session beyond just that, and the measure has gone no further,
with the regular Leg. session just concluded here in WA. Wait 'til
next year....
The Utah bill, Senate Bill 82, was signed into law on March 9, 1995.
The Oregon bill, Senate Bill 992, was introduced on March 20, 1995,
sent to the Judiciary Committee on March 23, and subsequently referred
to the Ways and Means Committee. The Washington bill, Senate Bill 5959,
was introduced on February 17, 1995. It was sent to the Energy,
Telecommunications, and Utilities Committee on that date, and no action
has been taken on it since.
The California Bill, AB 1577, was radically altered on Wednesday, May
3. The original version of the bill was thirty pages long; the new
version is one page long. The original version (patterned after Utah
S.B. 82) set out a complicated "certification authority" licensing
scheme and established a government-run database of public encryption
keys. The new version simply establishes the legality of digital
signatures under certain circumstances.
The American Bar Association is developing model 'Digital Signature'
legislation. The chief reporter on the project is Alan Asay, who
authored the Utah bill. Thus it is likely that the ABA model
legislation will be similar to Utah S.B. 82. As Barry Fraser noted in
the previous message that we sent concerning the California bill, the
Privacy Rights Clearinghouse believes that privacy issues are
inadequately addressed in the current legislation.
--
Brad Biddle, Legal Intern | ** Privacy Resources * Consumer Advocacy **
Privacy Rights Clearinghouse | e-mail: prc@acusd.edu OR biddle@acusd.edu
Ctr. for Public Interest Law | gopher: gopher.acusd.edu (/USD CWIS /PRC)
University of San Diego | telnet: teetot.acusd.edu (login: privacy)
CA HOTLINE: 1-800-773-7748 | anon ftp: ftp.acusd.edu (cd pub/privacy)
OUTSIDE CA: +1-619-260-4806 |URL:gopher://pwa.acusd.edu/11/USDinfo/privacy
------------------------------
From: Privacy Rights Clearinghouse <prc@pwa.acusd.edu>
Date: 08 May 1995 14:58:00 -0700 (PDT)
Subject: California Bill on CallerID
Californians might be interested in knowing that there is a state bill
which proposes to do away with the California Public Utilities
Commission's (CPUC) decision regarding the per line blocking default
for caller ID. A.B. 1889 was amended on April 24, 1995, to provide
that if a caller does not elect either per call or per line blocking,
they will automatically be assigned PER CALL blocking. This would
coincide with the recent FCC ruling regarding caller ID, which is
expected to be appealed by the CPUC. It would gut the CPUC's 1992
ruling that requires those phone customers who already have
unlisted/unpublished numbers to be given per line blocking by default
(43% of California households). Consumer advocates are urging any
Californians who do not want the CPUC's decision to be weakened to
contact their state legislators ASAP. AB 1889 is currently in the
Assembly Committee on Appropriations.
------------------------------
From: jwarren@well.sf.ca.us (Jim Warren)
Date: 08 May 1995 18:07:07 +0800
Subject: Digital Signature legislation-in-process
Please circulate this freely. Although this concerns California
legislation, for better or worse, California statutes often prompt
similar action in other states and even at the federal level.
California state Assembly Bill 1577 (Bowen) would mandate and/or permit
certain things regarding legal status and use of digital signatures -
at least as used in doing business with the state. Its first 8-page
version was originally copied from similar Utah legislation; also
similar to bills in Washington State and Oregon.
A later 1-page version of AB 1577 radically changed things - and
bill-author Debra Bowen has committed to giving full and careful
consideration to all *timely* input and suggestions regarding this
issue before she moves the bill to any final legislative vote.
Bowen's aide handling the bill is Bob Alexander,
alexanrb@assembly.ca.gov .
I suggest that those interested emphasize the word, *TIMELY*.
With Bowen's knowledge and with aide Alexander as one of its
recipients, an open listserv for public discussion of this issue has
been set up by the nonprofit CommerceNet, and extensive comments have
already begun circulating.
If you are interested in these issues - and legislation impacting this
evolving technology - you may wish to [1] subscribe to ca-digsig
(below) and [2] check the bill-text, available from sen.ca.gov or from
the new Assembly web-page that may or may not be up-n-running yet
(http://www.assembly.ca.gov/).
The archived mailing list has been established on the CommerceNet WWW
server. You may reach the archives at:
http://www.commerce.net/archives/ca-digsig/
To subscribe or unsubscribe, simply mail to:
ca-digsig-request@commerce.net
To send a message to the mailing list, simply mail to:
ca-digsig@commerce.net
Since most calgovinfo folks aren't gonna be interested in the arcane
techno-haggles re digital signatures, personally, I would suggest that
most discussion of this might oughta be conducted in that listserv,
rather than here in calgovinfo - at least until/unless grassroots
political action/advocacy/rabble-rousing is needed/desired.
--
Jim Warren, GovAccess moderator; columnist, MicroTimes/Govt.Tech/BoardWatch
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>
jwarren@well.com (well.com = well.sf.ca.us)
[puffery: James Madison Freedom-of-Information Award, Soc. of Professional
Journalists - Nor.Calif.(1994); Hugh Hefner First-Amendment Award, Playboy
Foundation (1994); Pioneer Award, Electronic Frontier Foundation (its first
year, 1992); founded Computers, Freedom & Privacy confs, InfoWorld, etc.]
------------------------------
From: JF_Brown@pnl.gov (Jeff Brown)
Date: 05 May 1995 23:34:26 +0000 (GMT)
Subject: Re: Could What You Post be Used to Profile You?
Organization: Battelle Pacific Northwest Labs
Paul Hanssen (phanssen@uniwa.uwa.edu.au) writes: Isn't it possible
for somone (e.g. the government or a private database provider) to
get an internet site with a news feed and write a program to sort
all incoming articles by person? This information could then be
used to make up a profile of likes/dislikes and opinions of that
[...]
bo774@freenet.carleton.ca says... Have you had an ID for long?
Every few months I get some sort of solicitiation based on postings
to technical newsgroups, ranging from wannabe programmers who think
that I'd pay them to grind micro code for me, to solictations for
products. This is not only possible, it's been going on for
years.
I just recently received a email advertisement which I soon determined
was sent to several posters to a particular "comp." newsgroup.
My company is downsizing, and someone from a Contract Programmer firm
called me to solicit me to join them. So I guess they heard of the
downsizing, and somehow got a list of employees, and perhaps of
employees in Information Technology. I suspect the latter, but I don't
know their information source.
--
Jeff Brown
JF_Brown@pnl.gov
------------------------------
From: anonymous <levine@cs.uwm.edu>
Date: 07 May 1995 15:58:46 -0400 (EDT)
Subject: Privacy of Tax Files
[moderator: this person wished to remain anonymous, I post this over
my own sig.]
One of the posts on the latest edition dealt with the privacy of tax
files. The author took two quotes from a newsletter, the first
implying that the IRS is making all the information available to just
about anyone who wants it. I would appreciate it if any other
responses come to that posting if you could (on my anonymous behalf)
clarify that the 200 recipients of tax information receive that
information ONLY BECAUSE CONGRESS MANDATES THE EXCHANGES OF THE
INFORMATION. IRS has NO authority to determine who gets tax
information. Congress removed that discretion from the IRS in 1976,
when it reformed the tax system. (Also the scope of the disclosures
varies -- everyone does not get everything -- far from it.)
Now to the reason I didn't feel I could claify this one in open
cyberspace -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. I have ignored
postings in the past, however, this one was so out of context, I
couldn't let it pass. So if folks have difficulty with these 200
recipients, tell them to write to Congress.
------------------------------
From: Timothy Brown <publius@prairienet.org>
Date: 08 May 1995 15:49:00 -0500 (CDT)
Subject: Re: ID Microchip
(wjwinn@kocrsv01.delcoelect.com) wrote: > >
As a related aside, the media has reported that several far right-wing
^^^^^
What hasn't the "media" reported about "far right-wing" groups recently?!
I am a loyal reader of comp.society.privacy, and appreciate the
information that is provided in this group. However, last week a
posting by Bill Winn (wjwinn@kocrsv01.delcoelect.com) went beyond the
pale of personal opinion. An attempt was made to use the current
political environment to smear the John Birch Society. I am a member,
and volunteer leader in the John Birch Society, and I have read many of
the books and other publications put out by JBS, but I have never read
anything suggesting a belief that fluoride added to water can be used
for mind control.
I hope readers of this group have enough sense not to believe all that
they read, whether it is on the Internet, or in the local paper. It is
clear that now, more than ever, we must work together to prevent our
civil liberties from being taken away. Blanket smears against
organizations (from the "left" or the "right") harm us all.
Communication and truthful information should be used as the basis of
you opinions, not sensationalism.
Thanks for listening.
------------------------------------------------------------------
| Timothy Brown a.k.a publius@prairienet.org |
| Education is our total strategy; the Truth isour only weapon. |
| For information about the John Birch Society, |
| 'finger publius@prairienet.org' |
------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 09 May 95 09:43 EST
Subject: Re: ID Microchip
Development of ID microchips is not limited to classroom discussions
and right-wing paranoia. PRIVACY JOURNAL reported in its June 1994
edition that most animal shelters in the U.S. are currently using these
chips to keep track of pets. The main obstacl e has been agreement
among the three major manufacturers on uniform standards. They reached
agreement on radio frequencies and other standards Oct. 26, according
to our November 1994 issue.
The manufacturers, which include Trovan in Santa Barbara, Hughes
Aircraft in Los Angeles, and BI in Boulder, Colo., now want to move
into "the human market." Already breast implants include a unique
serial number (which can be recognized without having t o intrude into
the body). The garment industry is working on a microchip implant to
identify garments. Hughes is working on an implant that would include
medical histories that could be read by receivers about 12 inches away,
perhaps in an emergency.
PRIVACY JOURNAL reported in its September 1994 issue that Congress last
summer authorized $900,000 over three years for a private organization
to develop a "Missing Alzheimer's Disease Patient Alert Program" (Title
XXIV of Public Law 103-322). The same i ssue reported that Lawrence
Gold, who does research for the Nielsen TV ratings people in Chicago,
proposed a human implant to identify family members watching TV, to
include their demographic information. Gold wrote in Marketing
Research magazine that he thought new generations of Americans would
not object to having these microchip implants.
The mainstream press has not reported these news items, but PRIVACY
JOURNAL has been on the story. To get subscription information, call
us at 401/274-7861 or write to 0005101719@mcimail.com, or PO Box 28577,
Providence RI 02908. Robert Ellis Smith, Pu blisher
------------------------------
From: sdabbs@netcom.com (\Steven C. Dabbs)
Date: 06 May 1995 01:14:31 GMT
Subject: Re: What are the VISA Codes?
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Mike Leach (mleach@equity2.sbi.com) wrote: The caller said my
friend had won (at least) $2500 worth of prizes... The grand prize
was a car and she was one of only 5 finalists. All that was
required was a small ($750) purchase made with her (my friend's)
visa card. What intrigued me was that the caller wanted to know
what code was next to the expiration date on her visa card! (I have
2 visa cards, both with different codes there.) Was this an attempt
to figure out her Credit Limit or Rating?
usually CV for visa classic or PV for preffered visa(GOLD).
A PV has a minimum limit of $5000 as probably has more :)
obviously they are targeting those with higher limits..
------------------------------
From: wilcoxb@cs.colorado.edu (Bryce Wilcox)
Date: 06 May 1995 20:14:56 GMT
Subject: Re: Just how secure *is* public key encryption?
Organization: University of Colorado, Boulder
Christopher L. Barnard <cbarnard@cs.uchicago.edu> wrote: Contrary
to popular belief, the NSA can decrypt public keys of most
practical key sizes. However, the computer resources need to
decrypt public-key- encrypted messages make it difficult for the
NSA to perform broadband intercept and decryption if many end users
use public-key encryption."
(I assume they mean "decrypt public-key-encrypted messages"...)
Hm. What does "most practical key sizes" mean? It is obviously untrue
on the face of it, since 2048-bits is a practical key-size and the NSA
can *not* factor 2048 bit PGP. (Unless the NSA has some breakthrough
algorithm or technology, but it is unlikely that this magazine would
happen to know about it. :-) )
Could somebody estimate what is the largest key size that the NSA
*could* currently factor? I'd be surprised if 1024-bit wasn't far out
the reach of any current computational effort.
--
Bryce
bryce.wilcox@colorado.edu
------------------------------
From: Kip Guinn <kguinn@du.edu>
Date: 09 May 1995 10:40:47 -0600
Subject: Databases
Rcktexas <rcktexas@aol.com> wrote: Where do I get started in this
topic with regard to databases, in particular medical databases:
Where do I get a list of medical databases? How do I access them or
get information about a client from them? Thanks for your
assistance,
I wanted to add to this with a question that has been on my mind for
some time now:
We hear alot about the databases out there, how easy they are to
access, how PIs (priv. investigators) can find out all about you in one
easy phone call, etc. We also hear about databases that are not
subject specific (like a medical or credit database) but
all-incompassing, basically pulling in info from the specialized
databases and compiling info on you.
But. I have never seen ANY of the companies named. Never seen any
post about how someone checked them out. Never seen any info on how to
go about this. Etc. etc.
So, I thought this would be an excellent place to ask: What large
database companies (besides SS admin, credit agencies, the obvious
ones) are out there and how easy are they to use? How sinister are
they?
--
Kip
trying hard not be scared at this point, but failing... :)
------------------------------
From: Paul Robinson <paul@tdr.com>
Date: 09 Apr 1995 04:59:53 -0500 (EST)
Subject: Re: SSN Question
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
gmcgath@condes.MV.COM (Gary McGath) writes: Recently a magazine
sent me a set of writer's guidelines, which contained the following
remarkable (to me, anyway) claim: "Please understand that, by law,
we can not send payment for an article until we have your personal
information including your social security number."
wmccarth@t4fsa-gw.den.mmc.com (Wil McCarthy), writes in
comp-privacy: This requirement stems from the fact that publishers
have to withold taxes from payments
I do not think this is correct. I am unaware of any withholding
requirement for independent contractors. They may believe they are
required to withhold 20% of the income recieved if no identification
number (Social Security or Taxpayer Identification Number) is obtained,
but to the best of my knowledge, there is no withholding to independent
contractors. I believe the law does not require it.
Whether or not there is actually a statute on the books that clearly
and explicitly requires the reports to be filed is is another matter.
There may be. On the other hand, the IRS routinely has its people lie
to get away with criminal acts, and to collect information which they
are not really entitled to have. Most people are so frightened of them
that if they were told to do something illegal, they would rather than
get the IRS mad at them. With good reason, considering its propensity
to have people shot when they want to make an example of someone if
they think they can get away with it.
to an author if they pay him more than $600 in a year, and as of
1994 I believe they have to file a 1099-MISC on you for
"information purposes" if they pay you anything at all.
I don't think the law could require someone to report minor sums,
assuming the law even requires people to file reports. My guess is
that the law, if it even exists, is very ambiguous and is generally
interpreted in a manner which is most favorable to the government's
efforts at raising fear.
The primary purpose of the IRS is not to collect money, it's to scare
people into doing whatever the government wants, then into collecting
money. There are too many things that the employees get away with that
ordinary police officers would be doing prison sentences if their
primary purpose was only the collection of money.
IRS has no repect for your privacy.
Or your human rights, or anything else.
[moderator: This posting continued for a while on issues that did not
deal with privacy. I had to debate on cutting the whole report or
keeping the part that I felt was pertinent.]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #044
******************************
.