Date: Sun, 02 Jul 95 12:57:08 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#001
Computer Privacy Digest Sun, 02 Jul 95 Volume 7 : Issue: 001
Today's Topics: Moderator: Leonard P. Levine
Re: USPS Question and FBI Question for the List
Re: USPS Question and FBI Question for the List
Re: Credit-Privacy Resources
Encryption Laws
Zimmerman Interview
Internet = Sexuality: A Questionaire
Bitten & Branded
Sixth Conference on Computers, Freedom, and Privacy [long]
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: glr@ripco.com (Glen Roberts)
Date: 27 Jun 1995 15:11:24 GMT
Subject: Re: USPS Question and FBI Question for the List
Organization: Ripco Internet BBS, Chicago
Prof. L. P. Levine (levine@blatz.cs.uwm.edu) wrote: from Society
for Professional Journalism: About 15 months ago my students
discovered that the U.S. Postal Service had changed its rules for
providing forwarding addresses to third parties. Perviously,
postal clerks would provide the forwarding address upon payment of
a small fee, $2 I think, and the submission of a small written card
containing the request. This was construed to be an FOIA request.
You can still get them for free or $.50. I jsut got one in the mail
today. Mark on a First Class mail letter directed to the old address:
"ADDRESS CORRECTION REQUESTED -- DO NOT FORWARD." The piece should be
return to you with a yellow sticker showing the new address.
Read the mail forwarding card, it has a privacy act statement that says
the information will be given out to anyone who asks (or something to
that effect).
Then about 15 months ago the higherups in D.C. decided that such
requests for information on forwarding addresses would not be
answered. They cited privacy, stalkers and all the usual stuff. My
students at that time did a comprehensive piece for Quill on the
topic. My question: has there been any developments on this point
that anyone is aware of? Also, how can postal service bureaucrats
amend the FOI Act unilatterally?
Try making an explicite FOIA request (but my technique above would be
faster). I think the real change may have been more related to selling
the new addresses in mass on mag tape to direct marketers.
Second question: when my students recently filed FOIA requests on
themselves as part of a class learning exercise, the FBI told them
that they had to submit almong other things, a full set of
fingerprints? Has anyone else heard this? I thought there had been
a D.C. court case that loosened the FBI restrictions not tightened
them.
Tell the FBI to get f**ked. At most, they may ask for a notarized
statement of identity. They are not doing an FOIA/ Privacy Act search,
but rather an arrest record search when they ask for the prints.
Better yet, file suit in federal court with all classmembers as
plaintiffs...
--
Glen L. Roberts, Editor, Full Disclosure
Host Full Disclosure Live (WWCR 5065 khz - Sundays 8pm eastern)
(WOYL AM-1340, Oil City, PA)
http://pages.ripco.com:8080/~glr/glr.html
Who's On The Line? Cellular Phone Interception at its Best! $2.00ppd from
Superior Broadcasting Co, Box 1533-N, Oil City, PA 16301
------------------------------
From: bcn@world.std.com (Barry C Nelson)
Date: 28 Jun 1995 03:41:06 -0400
Subject: Re: USPS Question and FBI Question for the List
Organization: The World Public Access UNIX, Brookline, MA
Also, how can postal service bureaucrats amend the FOI Act
unilatterally?
Since FOIA is a federal statute, it can obviously only be changed by
Congress. However, every agency has its own operating regulations
which often include their interpretation of FOIA for their own internal
purpose of compliance. These regs can be formal or informal, and they
can be changed at the whim of the director or commissioner in many
cases. The regulations of the postal service are in Title 39 of the
Code of Federal Regulations.
And as you pointed out, courts can often change the meaning of a
statute by their interpretation of it in a particular case.
--
BCNelson
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 28 Jun 1995 05:38:36 GMT
Subject: Re: Credit-Privacy Resources
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
DanTurk007 (danturk007@aol.com) writes: What would you like to
know. We operate one of those evil little companies that seek out
information on people. Nothing is private. We have access to over
1400 commercial & private data bases and can tell you just about
anything about just about anybody. We access several hundred credit
reports each month attempting to locate people (for a variety of
reasons).
Hmmm. I suppose that if I were following the script I should fly off
the handle and waste bandwidth with epithets and profanity telling you
what a [really bad person] you are.
On the other hand I've seen a few of these before that turned out to be
deliberately provocative attempts to make US residents aware of what
little protection they have.
At the national level the US is really a privacy backwater. Most of the
other major industrial countries have national privacy laws and privacy
commissions and commissioners to see that they are enforced.
The lack of this kind of legally enforceable privacy right(civil remedy
and criminal penal sanctions) is becoming a international issue, since
Council of Europe members, for example, are required as signatories of
human rights treaties to prohibit businesses from transferring personal
information to jurisdictions that don't have similar levels of
protection against data trespass.
I saw a few reports that US multinationals had tried to get the US
government to lobby the EEC to water down this, or to make an exception
for the US, but I didn't hear of them being successful.
Don't some states, such as California, have explicit privacy rights
that provide protection not provided by the so called federal "Privacy
Act", that even extend to the private sector.
Where I live I'd be able to collect a minimum of $100 from both the
source of personal information about me and from the person or company
it was passed to. This particular law has been on the books for over 20
years, so it is nothing new.
I find it doesn't usually take long to find out where people got my
address on the few occasions I get personalized advertising. If they
get obstinate I file a small claims action under the Credit Reporting
act and file for judge's orders for a ban on publication of my name or
address and to produce documents about where my data was obtained.
The last clown to send me advertising had a number of very creative
stories that he told me and the privacy commissioners office until he
stood in front of a judge. Once I found out his real source it didn't
take much to get it shut off as a bulk source of name and address data.
Initially the source didn't seem to take this too seriously, but after
being brought up to speed by the privacy commission things turned
around quickly.
The lack of a federal privacy commission in the US is really
surprising, since there is no lack of horror stories to show that there
is a need for one, and for privacy law covering both the privacy and
public sectors.
So how successful have you been at getting personal information about
Quebec residents in the past year or so? Do you really operate world
wide or were you only making a statement about the USA? Do you ever use
bribery to obtain information from utility company staff contrary to
regulatory policy or utility company policy?
------------------------------
From: david creffield <oje@porky.demon.co.uk>
Date: 30 Jun 95 13:22:51 GMT
Subject: Encryption Laws
Organization: Myorganisation
Is there anyone who knows about encryption laws in Britain, and about
official anxieties here regarding encryption.
Is there any ban, or move to ban, systems such as PGP?
What's the current state of play in the US and elsewhere on these
issues?
I've never thought of using such systems myself and can only guess why
people might want to use them. Should they have a right to use them?
If Di and her friend had scrambled their phone calls, they might have
saved themselves a lot of aggro, nesspar?
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 02 Jul 1995 12:21:32 -0500 (CDT)
Subject: Zimmerman Interview
Organization: University of Wisconsin-Milwaukee
The August 1995 issue of Internet World <subs@mecklermedia.com>
has an excellent interview with Phil Zimmermann, primary author
of Pretty Good Privacy (PGP). In that interview they mention his
continuing legal fees for defending against the lawsuit alleging
his violation of the US Export law (his attorney, Phil DuBois is
at <dubois@csn.org>).
They give an excellent quote from Zimmerman, "I should be able to
whisper something in your ear, even if your ear is 1,000 miles
away."
They give the distribution address for FTP at <netdist.mit.edu>
in the /pub/pgp space and they mention newsgroups such as
<alt.security.pgp>, <talk.politics.crypto> and <sci.crypt>. The
give two home pages, <http://www.csua.berkeley.edu/cypherpunks
/Home.html> and <http://www.eff.org> that deal heavily with the
topic. Finally they have a three page interview with Zimmermann
that has some very interesting privacy quotes.
First they ask him about good uses of encryption. His response
quotes email he has received. He states that authors presently
use PGP for submitting manuscripts and for exchanging samples of
computer viruses, travelers for communicating with their spouses
via email, venture capitalists for discussing buyouts, attorneys
for communications with their clients and the like.
He also points out that government opposition groups in Burma,
where the government is well knows to arrest and kill families of
those named in captured documents, are being trained to use PGP
to maintain secrecy. Human rights workers in AAAS, who document
atrocities use PGP to handle witness lists. If these lists were
to be captured by the government the witnesses be killed.
He points out that PGP changes the power relationship between
governments and their people, and indicates that this might be
for better or for worse.
He agrees that encryption makes it harder for law enforcement to
do its job but believes that there are more cases where it pro-
tects the disempowered from the powerful than where it prevents
proper law enforcement.
He stated that the government is asserting that putting PGP on
the net is tantamount to a violation of the Arms Export Control
Act. If this is so, then he believes that export control is
equivalent to denial of the First Amendment right to speak.
He considers encryption to be the equivalent to speaking in Navaho.
He would be alarmed if he was forced to speak only in English in a
conversation under some government or private edict.
Internet World's interviewer Jeff Ubois then asked if the Nation-
al Security Agency could crack PGP. Zimmermann's answer was to
the point. He stated that every software engineer who writes his
own crypto program believes it is unbreakable. [levine: after
all, if he knew it was breakable, he would fix it.] He then goes
on to give examples show just how wrong several of them were.
Zimmermann points out that we are currently building an
infrastructure that will allow future governments to monitor
every move and every communication by their political opposition.
He does not believe that our government abuses this power but
states that if our government changes, then this structure would
bring about a very bad change for democracy.
He asserts that abuses in cryptography are the equivalent of
abuses with cars. He points out that cars pollute the air, cause
traffic accidents, consume resources, clog our cities, affect
family and housing distribution and even help criminals escape
from the scene of crimes. Yet most people would agree that
blanket banning of cars would be a bad thing.
Other points in the article deal with anonymity, key escrow, and
PDPfone, a new idea that will use SoundBlaster and high speed
modem technology to allow voice encryption [levine: much like the
already existing nautilus system does]. He intends to release
this product in August.
[levine: This is a much shortened review of the Copyrighted
Internet World article. Any errors are mine alone. Any comments
out there?]
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
PGP Public Key: finger llevine@blatz.cs.uwm.edu
------------------------------
From: Marc Mazzariol <mmazzari@didec14.epfl.ch
Date: 01 Jul 1995 11:47:10 +0200
Subject: Internet = Sexuality: A Questionaire
-------------------------------------------------------------------
I N T E R N E T <<<<< >>>>> S E X U A L I T Y
-------------------------------------------------------------------
Having noticed that a large quantity of internet traffic was dedicated
to sex- based data, we have decided to further investigate our
observations by conducting a survey.
The results of this survey will be anonymously used in our university
research project named :
"AUTOROUTES DE L'INFORMATION contre AUTOROUTES DU PLAISIR"
We are two students at the Swiss Federal Institute of Technology,
Lausanne (EPFL). We are conducting a survey, under the direction of
Professor Blaise Galland, as a research subject for our STS course
(Science, Technology and Society).
We are sure that you have a few spare minutes to help us with such a
HOT subject. Your answers will be very useful. You can request forms
and resubmit them send them via e-mail to the following address:
- Marc.Mazzariol@studi.epfl.ch.
If you can access the World Wide Web, you will find a more
user-friendly questionnaire at the URL:
- http://diwww.epfl.ch/~ybologni/english.html
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 30 Jun 1995 05:47:19 -0700
Subject: Bitten & Branded
Taken from the CPSR-GLOBAL Digest 187
Date: 30 Jun 1995 07:38:08 -0600
From: marsha-w@uiuc.edu (Marsha Woodbury)
To: cpsr-global@cpsr.org
Subject: Bitten & Branded (@)
From: janhuss@netpoint.net (richard w spisak jr)
Note: AOL stands for America On-Line, a private net provider--Marsha
Falling Rocks on the Information Highway by rwspisak
A computer savvy businessman, conducting research and communicating via
the WWW on a standard commercial carrier. The AOL network. Suddenly
while online, in a chat room, his screen gets dark a message and a slot
appear on his monitor. An imperative message reported:
THE SYSTEM HAS LOST YOUR PASSWORD
TYPE IN YOUR PASSWORD NOW TO CONTINUE
Very formal, and being the trusting american modern that he is, he
typed in his password. Went back to his chat group and he continued as
before. Minutes pass. The forbidding screen reappears.
THE SYSTEM HAS LOST YOUR PASSWORD
TYPE IN YOUR PASSWORD NOW TO CONTINUE
This time before complying he tried the escape key, he tried alt q, he
types his password and then logs out.
He has conductsed both national and international business online for
years. When he returns online the following day to collect his email
account, his account has been terminated.
He called to learn why his account has been terminated. He was
informed that his account was been terminated for breach of service.
He was accused of vulgarity, and he was also charged with harassing
people by requesting passwords. Exactly what had happened to him. He
was now charged with committing the crime, of which he, was a victim .
His account has been used my someone so sophisicated that they have
crawled through the internet to strike at the intergrity of his online
transaction. What account information has been made accessible to this
thief by this action?
The thief stole not just his password, but victimized him by damaging
his online reputation. He has been accused, tried, and found guilty by
the guardians of AOL
He calls and calls. His faxes have asked for a response, how can he
clear his name? What course does he have? What appeal does he make to
the Cyber Fuzz on AOL? What is the procedure ? Business associates
called complaining of crude & vulgar email...What's gotten into you on
the WEB, BOY?
Eventually the only response he got from AOL in weeks of calls was from
the technical support person.
More in Part II.
He was not AWARE of the "SATAN-Unix-Hack" that provides a backdoor to
any network communications. Where is the warning label ? What files
could have been read? Are all of his, yours, my, email messages
checked, logged, and recorded? If so how long? Who is the censor? What
$5.50 an hour wage-slave, monitors your every keystroke, your business
messages, tracking all your online transactions?
Stay tuned for Part II
Sticking to the Web.......or not just a little fly on the line!
(WARNING ANY COMMUNICATION unencrypted on the WEB.
SHOULD BE ASSUMED TO BE UNSECURE - the author.)
by rw spisak
* * * Rick Spisak * * * Online Nom de Plume - jan huss
Existence is Pure Joy Sorrows are shadows they pass & are done
there is that which remains
------------------------------
End of CPSR-GLOBAL Digest 187
*****************************
------------------------------
From: hal@murren.ai.mit.edu (Hal Abelson)
Date: 28 Jun 1995 02:31:07 GMT
Subject: Sixth Conference on Computers, Freedom, and Privacy [long]
Organization: MIT Artificial Intelligence Lab
***Please redistribute***
Call for Participation (June 27, 1995)
SIXTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY
Massachusetts Institute of Technology
March 27-30, 1996
The sixth annual Conference on Computers, Freedom, and Privacy (CFP96)
will be held in Cambridge, MA, on March 27-30, 1996. The conference
is hosted by the Massachusetts Institute of Technology, and sponsored
by the Association for Computing Machinery and the World Wide Web
Consortium. Cooperating organizations include the Electronic Frontier
Foundation, Privacy International, the Center for Democracy and
Technology, the Electronic Privacy Information Center, and the Harvard
University Institute for Law, Information, and Technology.
CFP96 is the sixth in a series of annual conferences designed to bring
together experts and advocates from the fields of computer science,
law, business, public policy, law enforcement, library science, and
government to explore how information technologies are affecting
freedom and privacy.
Since the first CFP conference in 1991, these concerns have evolved
from the preoccupations of a few specialists to major, controversial
issues of public policy. Topics to be addressed at CFP96 include:
- regulation of content on computer networks
- intellectual property considerations of digital libraries and
electronic communications media
- enhanced access to public government information
- control of cryptographic technology
- illegal activity in cyberspace and challenges for law enforcement
- privacy implications of national/personal identification systems
- standards for transborder data flow and data protection
- proper secondary uses of information in government and electronic
commerce
- new roles for libraries regarding information access and networking.
- liability of system operators and network access providers
CFP offers a much-needed neutral ground where people from widely
different backgrounds and positions can learn from one another other.
Presentations at CFP traditionally take the form of interactive panels
and discussions, rather than formal papers. The CFP96 Program
Committee is currently soliciting proposals for presentations, and we
invite your suggestions. We especially invite proposals that place
issues in an international context and involve participants from
different countries.
Proposals may be for individual talks, panel discussions, debates, or
other events in appropriate formats. (We welcome ideas for "other
events".) Each proposal should be accompanied by a one-page statement
describing the topic and format. Descriptions of multi-person
presentations should include a list of proposed participants and
session chair. Proposals should be sent by email to
cfp96@mit.edu
Proposals should be submitted as soon as possible to allow thorough
consideration for inclusion in the formal program. The deadline for
submissions is 1 September 1995.
For more information on CFP96, consult the conference web page at
web.mit.edu/cfp96
or send email with a blank subject line and blank body to
cfp96-info@mit.edu.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #001
******************************
.