Date: Thu, 05 Oct 95 11:46:42 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#028
Computer Privacy Digest Thu, 05 Oct 95 Volume 7 : Issue: 028
Today's Topics: Moderator: Leonard P. Levine
Re: Knowing Where you Browse?
Re: Knowing Where you Browse?
Re: Knowing Where you Browse?
Re: Grocery Purchases and my Privacy
More on grocery store "scrip"
Re: Grocery Purchases and my Privacy
Check verification (was: Re: Grocery Purcahses...)
Scrip and grocery store data collection
Re: Signature Data Collection at Kinkos
Re: Signature Data Collection at Kinkos
Re: Caller ID Experiences
Re: Computer Privacy Digest V7#027
Re: Computer Privacy Digest V7#027
Re: Junk Faxes & e-mail are Illegal
Re: Junk Faxes & e-mail are Illegal
DateLine NBC to air segment on stopping junk calls
DoD R&D funding for small firms
Federal R&D funding conference
New Int'l Privacy Docs
----------------------------------------------------------------------
From: hedlund@best.com (M. Hedlund)
Date: Fri, 29 Sep 1995 14:34:57 -0700
Subject: Re: Knowing Where you Browse?
Organization: Precipice
shields@tembel.org (Michael Shields) wrote: Netscape, according to
that page, allows anything with at least two periods. Thus, while
you couldn't specify *.com, you could specify *.co.uk. Without
knowledge of the internal structure of each top-level domain, the
browser cannot flag this.
Actually, after posting my note, I went back and tried something that
occured to me while writing it. It is true that you can't set a cookie
for '.com', but there is another way to achieve the same effect. Any
internet domain name can be represented as
machine.domain.dom
OR
machine.domain.dom.
The two forms will resolve to the same address on a properly-configured
name server. Therefore you _can_ set a cookie for the domain '.com.' --
which has the two periods required by the cookie spec. Any other
commercial site could then retrieve whatever information had been stored
in the cookie file.
I submitted a bug report to Netscape and they fixed this in their recent
security-patch. However, I hadn't considered the British domain-naming
scheme .... I'll mention it on the HTTP list.
While cookies are convenient for CGIs that need to maintain state,
the information can already be encoded into the URL, which is a
universally supported technique. The only new functionality
cookies provide is the ability to create detailed clicktrails
without being prominent.
And that "without being prominent" aspect is exactly why this is a privacy
concern.
M. Hedlund <hedlund@best.com>
[n.b.: I tend to post and mail my responses to news articles.]
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: Sat, 30 Sep 1995 00:42:23 GMT
Subject: Re: Knowing Where you Browse?
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
"Prof. L. P. Levine" (levine@blatz.cs.uwm.edu) writes: Anybody out
there know if a browser can be remotely ordered to report its
history?
There is also the "obvious" issue that if you access a web server from
an individual workstation IP address the server and any node in the
link can track your access.
Eg. I tried the WWW test pattern site, (URL=http://www.uark.edu/~wrg/)
and got a page saying hello(IP address) and telling me what browser
software I was running on my workstation.
Vendors running WWW servers shouldn't have much trouble back tracking
from the IP address registration for followup sales soliciations.:-)
------------------------------
From: John Pettitt <jpp@software.net>
Date: 4 Oct 1995 23:24:01 GMT
Subject: Re: Knowing Where you Browse?
Organization: software.net
"Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> wrote: Your note is
the first I have heard about this. I am aware that my browser does
keep a history list, but know only that the remote site gets a
report from the system about my site, not my personal account.
Notes from a webmaster:
We get the following info for each and every page you access:
IP address (and so host name)
Browser type (e.g. netscape, mosiac etc)
Refering page (see below)
Email address (some browsers - notably Netcom Netcruiser)
Clearly the last is a privacy issue. Although in tracing fraud I have
found that with an IP address and a time of day most ISPs will tell me
who was using the dial up port, having an email address just makes it
easy.
About Refering pages:
This is the page the browser was looking at before it loaded
this one. It's usefull for figuring out who has links to you.
Some browsers (notably AOL's windows browser) don't support it.
About browser type:
I use the browser to figure out what machine your using - I then
show ads for software for that machine (mac or win - unix users get
both).
Cookies:
There is also a feature called "cookies" where I can hand your browser
a token (cookie) and it will save it on disk and hand it back next
time you load a page from my site. I use this feature on software.net
(http://software.net) to track users and avoid all that messy "please
join" stuff. Cookies *are only* sent to the site that originaly
handed them out. Currently Netscape and MS Internet Explorer 2 support
cookies.
John Pettitt
jpp@software.net
VP Engineering CyberSource Corp
------------------------------
From: huggins@tarski.eecs.umich.edu (James K. Huggins)
Date: 29 Sep 1995 22:49:33 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: University of Michigan EECS Dept., Ann Arbor, MI
<JEPSTEIN@SMTPGATE.cordant.com> wrote: [...] Some churches,
synagogues, schools, and other non-profit organizations sell
"scrip." It works at the grocery store like cash, and no ID is
required to use it. The charitable organization buys it at a 5%
an274807@anon.penet.fi (Fig) writes: Is the 'script' serialized (it
would make sense to help prevent fraud and to do accounting)? ...
I would guess that it is, for the reasons you cite above.
If so, is your church gathering demographics on you? Or maybe the
store gives the church an extra 2% if they share the data.
Sure, it's possible that they could. But most non-profit sales of this
sort that I've seen are not nearly that well organized. (Often it's
the 12-year-old kid selling scrip for the next youth group missions
trip ... they're lucky to be getting the monetary exchange right, much
less tracking who got which serial nos. on the scrip.)
If you're really concerned about such things, ask the people at your
non-profit if they're tracking it. Most such organizations are open
enough to give you an honest answer. And if you don't feel that they
will be open with you ... well, perhaps you shouldn't be supporting
that organization with your funds, either.
--
Jim Huggins, Univ. of Michigan huggins@umich.edu
"You cannot pray to a personal computer no matter how user-friendly it is."
(PGP key available upon request) W. Bingham Hunter
------------------------------
From: JEREMY J EPSTEIN <JEPSTEIN@SMTPGATE.cordant.com>
Date: Mon, 02 Oct 1995 09:26:11 -0500
Subject: More on grocery store "scrip"
An anonymous user commented on my posting about use of "scrip" for
grocery store purchases. The scrip is serialized to prevent fraud.
I can't speak for other organizations, but my synagogue does not keep
records of who purchases particular serial numbers. Nor do the
grocery stores (that I've seen) enter the serial numbers when I make
a purchase with scrip. So I very much doubt anyone could trace
purchases even to the granularity of the organization, much less to
the individual.
------------------------------
From: pthom@nr.infi.net (Gunslinger)
Date: 2 Oct 1995 14:40:29 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: Customer of InfiNet
In article <comp-privacy7.27.6@cs.uwm.edu>, mjh9@lehigh.edu
says... Mary Jo Bruce writes: My bank, a small one, just installed
the phone in system, and I used it a few times. Last night I
pushed the wrong button, and I was led into a "check verification"
area, where anybody can call to see if my check is good. What I
want to know is this: do all/most phone in systems have this check
verification feature?
Yes, virtually ALL banks have a similar system. It is designed to allow
a merchant to phone in and find out if you actually have the amount in
your account that you are writing the check for. BUT, unless I am
greatly mistaken, they can't find out your actual balance; only will
this account cover a check for XX amount of dollars?
My bank does have a telephone system, however, in order for me to
access any information about my account, I must enter my personally
choosen PIN. While I can find out my balance, and what checks have
cleared, no one else can see if my check is good, at least as far
as I know.
Not on the same setup; see above. Should be two different phone
numbers.
--
P. Thompson "Watch, Read, Listen, Learn....
Sui Juris The TRUTH Shall Set You Free!
------------------------------
From: Barry Gold <barryg@sparc.SanDiegoCA.ATTGIS.COM>
Date: Mon, 2 Oct 95 14:58:51 PDT
Subject: Check verification (was: Re: Grocery Purcahses...)
My father used to run a check-cashing business (he sold it to a major
chain last year), and I used to help out there Friday afternoons (our
busy time). The business would cash payroll and government checks
(_not_ personal checks) for about 1.5% of the face amount.
Check verification was important to our ability to cash payroll
checks. The fee charged covered the cost of operating the business
(rent, wages of employees, utilities) plus the risks inherent in giving
out cash for what amounts to a promise to pay plus a profit for the
owner -- the yearly profit being approximately one day's gross
business.
The vast majority of our customers were garment workers; some of them
worked for large manufacturers, but many worked for small outfits that
with 10-20 employees, and these companies are always being started and
folding. In order to stay in business, we had to be able to add new
companies to our list of those we would cash, to replace the old ones
that had gone out of business.
When we got a payroll check from a new company, we would phone the bank
and ask to verify "two checks":
. one for the actual amount of the check being cashed
. a second for approximately 10 times that amount (plus odd cents
to make it sound real).
If there isn't enough money to cover 10 typical checks, there probably
won't be enough to cover the one we're looking at by the time it gets
to the maker's bank. (We assume the one we're looking at is typical.)
If there is, we assumed the odds were good enough to give it a try.
Back in the '70s when I was doing this we would call the bank and ask
for check verification. A human being would then look up the balance
and tell us if the checks would clear. It seems reasonable that an
attempt to find out someone's bank balance by exhaustion might run into
some sort of reasonableness test in the human who handles the calls.
(Although you might come "close enough" by some sort of binary-search
technique, if you're clever and space out the calls.)
I am disturbed by the idea of doing this by computer, however. I think
the approach we used was a reasonable compromise between privacy and
commercial needs. But a computer probably doesn't have those
reasonableness checks, and putting them in requires significant,
error-prone, effort. Sure, this method is cheaper for the banks and
probably more convenient for the check-casher. And for some of our
customers -- who brought in checks from new companies after the banks
closed -- it would have meant getting their checks cashed right away
instead of having to come back the next day.
But the dangers in terms of letting random people find out your bank
balance -- it makes me shiver.
Btw, since I'm now more privacy-aware than I was back then, it occurs
to me that "check verification" should really be something you can
enable or disable for your account. I suspect most people have no need
to allow merchants to verify their checks -- we use checks mostly for
paying bills by mail, and many transactions that might have been done
by personal check in the early '70s would now be handled by plastic.
But a business with a payroll should probably enable it so
check-cashing businesses can determine that they really can cover their
checks. And if they choose not to, well some cashers will refuse to
accept their checks and they'll have some unhappy employees. The
individual business can decide between their privacy vs. check
verification and the convenience of employees who may not have bank
accounts or be willing to wait 3 days to get the use of the money.
That seems like a fair tradeoff to me.
------------------------------
From: Beverly.Maneatis@ncal.kaiperm.org
Date: Tue, 03 Oct 1995 14:53 -0700 (PDT)
Subject: Scrip and grocery store data collection
In response to queries regarding the use of scrip... My child's school
also sells scrip to be used for purchases instead of cash or checks. I
write a checkto the school for a specific amount of money and I receive
a paper with an amount of money on it specific to whatever store I
chose that will honor scrip. There is no record of any type kept by the
school of which store's certificates I purchase, and there is no record
kept at the stores of who uses the certificates. They are used as cash,
usually in amounts of $10, $25, or $50 at a time. Ourschool sells ones
for chain grocery stores, local grocery stores, department stores, and
the certificates are provided by the stores so they are
store-specific. For example, I might purchase $200 worth of
certificates for Lucky's in $25certificates, $200 worth of gift
certificates for Macys, and $50 for a local grocery store. I cannot
interchange the certificates, but no one knows where I purchased them
or how many I have--even the school keeps only general records of how
many total from each store are purchased. Scrip is therefore, a
terrific way to help organizations raise money, and keep your purchases
private.
------------------------------
From: clouds@rainbow.rmii.com (Philip Duclos)
Date: 29 Sep 1995 15:06:46 -0600
Subject: Re: Signature Data Collection at Kinkos
Organization: Rocky Mountain Internet, Inc
Sears also has this "feature" When it was first introduced there were
accompanying brochures near the register which explained the "signature
capture" feature. The very last sentence in the brochure mentioned that
"signature capture is voluntary" The clerks automatically insert your
receipt into the device when using any credit card and ask you to
sign. Some insisted that it was "required" I used to carry a copy of
the brochure around when I shopped to inform clerks that it was
voluntary. I no longer do so. I recently noticed that none of the
registers had the brochures. I still refuse to sign byt simply removing
the receipt from the device and signing away. The clerks are obliged to
print another receipt and imprint my credit card on it according to
their procedures.
Having a digital copy of my signature scares me, in spite of Sears'
assurances that my signature is only associated with the individual
receipt and cannot be viewed by clerks for verification. Seems like
this is the next logical step. After that, why do they need me to sign
at all? Simply print my digitally captured signature on anything they
please.
--
Phil
------------------------------
From: glr@ripco.com (Glen Roberts)
Date: Sun, 1 Oct 1995 15:26:40 GMT
Subject: Re: Signature Data Collection at Kinkos
Organization: Ripco Internet BBS, Chicago
Shauna Baldwin Associates (Shauna.Baldwin@mixcom.com) wrote: At my
local Kinkos, and I am told, at every Kinko's location since around
mid-August or early September 1995, there is a new device by the
cash register. It is a signature verification data collection
device. When you have an account, as many businesses do, and
charge your purchases, you are now required to sign on the
signature verification device. The clerks are not trained to inform
customers using it for the first time that this is a new system and
it is being used to authenticate their signature. Instead, it is
presented as a convenience, a support on which to rest the invoice
as you sign! As a result, I felt absolutely trapped into their
digital data collection. They had, in effect, scanned my
signature, without my permission. To[...]
But my questions are:
Is there a law against this? (I live in Wisconsin.)
Is signature authentication technology proven as accurate?
Are they really authenticating... or just capturing and storing the
signatures?
What does it prove if the first signature collected is by an
imposter and all subsequent signatures are by the same imposter
posing as a company employee?
Anything can be forged... but the mass collection of data and ease of
manipulation via computer... might inspire some to give it a shot that
would never think of forging paper documents...
--
--------------------------------------
Glen L. Roberts, Host Full Disclosure Live (WWCR 5065khz - Sundays 8pm eastern)
(WOYL AM-1340, Oil City, PA). Tech Talk Network; Telstar 302, Ch 21, 5.8 Audio
Look for articles, catalog, downloadable programs and great links on:
http://pages.ripco.com:8080/~glr/glr.html
-------------------------------------
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: Sat, 30 Sep 1995 01:07:29 GMT
Subject: Re: Caller ID Experiences
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
Jay Harrell (jay@mindspring.com) writes: <snip> distance. My
opinion regarding caller ID is this: the privacy argument misses
the point. The rights in question are those of the person
receiving the call. Someone initiating a call has no right to and
should not have an expectation of anonymity. Phone calls have been
anonymous for so long simply because the technology wasn't there to
make them otherwise. (And we've had many problems as a result. )
That's my opinion, and I respect others whose opinions differ.
With
I posted an article a while back that cited a magazine article about
Telco punchtape machines(automatic message accounting) technology,
which introduced anonymous calling everywhere it was used. That was at
least 4 decades ago. The article stated that the Telco's disemmbled
about this for a long time, telling police that it was impossible to
see who had called a given number, when in fact it was simply a matter
of running through all the tapes.
The reall differnce with Calling Number Id is that they have found a
way to make a buck off it. I don't have much objection to an individual
or business getting my name, what I object to is the fact that the
number data can currently be used to identify which public records my
address can be found it.
No personal horror stories. I've had a few people, who must have
been using caller ID, call me at home when they should have called
my "work" number. I often use my home line to make outgoing work
related calls. [...]Misleading only in that they don't mention
that you are left in the dark with long distance callers.
BC Tel's marketing practices seem to be misleading. They stuffed an ad
for calling number ID hardware in with my last bill, which prompted me
to call them to ask why they hadn't warned me about this. They
confirmed that buying the hardware would be a waste of money for anyone
on the same switch as my line. The reason is the CRTC requirement that
they provide free per call blocking. On older technology switches they
can't turn this "feature" on and off, so they block all lines, all the
time.
The flip side of the policy is that nobody on those switches can use
Caller ID, which is why I was concerned. Ie. as long as I can't get
Caller ID "service" I don't have to worry about my number being given
out.
As with the long distance number issue they fail to mention this when
they are peddling the hardware and related "service". A friend on the
same exchange told me that she couldn't get through to her mother for
days after the mother go a Caller ID box because her mother didn't want
to pick it up for an "unknown number". > > I no longer always answer
the phone everytime it rings. Basically, I > control my phone instead
of it controlling me. I don't talk to nearly > as many telemarketers
as I used to. Oh yes, and because my unit stores > the last 100
callers, when I need to return a call, I don't look up the > number in
my address book, I use the caller ID instead. > As someone at
sol.uvic.ca pointed out to me, BC Tel is refusing to activate Caller ID
Blocking automatically. It is requiring people to call and have their
phones programmed to respond to *67(or whatever the equivalent is on my
rotary dial line). It claims that the CRTC requires them to not
activate it, something I can't wring out of my reading of the CRTC
decision.
Isn't dialing *67 enough of a request for this "service"? Why should
someone have to wait till they can get hold of a BC Tel service rep
during their limited hours of service to activate this?
------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: Fri, 29 Sep 1995 18:11:18 -0700 (PDT)
Subject: Re: Computer Privacy Digest V7#027
I don't think Caller ID is good for prevention of bothersome calls. I
have anonymous call blocking with Caller ID, and when I got home today,
I had four long sales messages on my answering machine, mixed in with
the legitimate calls. When I checked my caller ID box, all the names
were those of males. when I called the numbers from the calls
involving sales pitches to ask that I be put on their no-call lists,
all four were non-working numbers. I phoned the phoco, and I was told
that the sales people who have "pits" can get "outgoing only" numbers
to trick caller id boxes, leaving legitimate looking names and numbers
for the box. You cannot call these numbers back, however. If you try,
you get the canned phoco message saying the number is non-working.
Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com
------------------------------
From: martin@kurahaupo.gen.nz (Martin Kealey)
Date: Sat, 30 Sep 95 13:17:53 NZST
Subject: Re: Computer Privacy Digest V7#027
Organization: Kurahaupo Migratory Canoe
prvtctzn@aol.com (Prvt Ctzn) wrote: Unsolicited advertisements that
are sent to you by e-mail, or to your fax machine are illegal, ...
and you can sue the sender for $500 in your state's small claims
court ...
Dennis G. Rears <drears@Pica.Army.Mil> replied: Your analogy about
a computer-modem-printer system being a fax system is false. It
fails because the printing requires operator intervention, that is
the user must specifically toggle the printer on. If you do sue I
hope that in addition to tossing your case out of court the judge
fines you for a frivilous court action.
The analogy with a fax machine is correct in two ways:
[1] There may be a cost associated with receiving a message. It is
sufficient to demonstrate that I will suffer some loss due to reciept of
an email message *without having done anything to enlarge that cost*.
Not all costs are due necessarily to operator intervention; consider:
(a) it is also possible that I might have a receive-only email service
based on having the messages faxed to me by a gateway. No fax equals
no email, therefore I haven't done anything "optional" to cause it to
cost me money.
(b) some service providers charge by volume (or by time, which amounts
to the same thing when dealing with automated transfers); there is
no "operator intervention" that could have been avoided to avoid
incurring the cost of receiving the message.
[2] Denial of service. If you receive enough junk faxes, it will empty your
roll of paper, and you will be unable to receive valid messages.
Similarly on an email system with limited space per user, flooding my
mailbox so that I can't receive any more messages amounts to the same
thing. If I have to pay extra to get extra mailbox capacity to get
around this problem, then we're back to the real monetary cost problem.
| Unsolicited advertisements that are sent to you by e-mail, or to
| your fax machine are illegal,
> unsolicited email advertisements are not illegal.
May I ask, is it illegal to make junk calls to an 800 number, where the
recipient pays for the call?
Right here where I sit, it costs real money for every megabyte of data both
sent and received (because we live at the end of a very expensive satellite
link, the cost of which varies with the amount of traffic it is required to
carry). 7 years ago a 50kB message from USA would have cost me around US$3;
today, the cost of one email message is pretty negligible, but if I started
to get 12 messages a day, that 152MB per year would cost me around US$30, and
all due entirely to the actions of other people.
How would you feel if strangers came every day and each spent a dime making
calls on your telephone without asking first - assuming you didn't mind them
physically using the phone?
If junk email isn't illegal, it ought to be.
------------------------------
From: haz1@kimbark.uchicago.edu (Bill)
Date: Sat, 30 Sep 1995 08:09:10 GMT
Subject: Re: Junk Faxes & e-mail are Illegal
Organization: The University of Chicago
Dennis G. Rears <drears@Pica.Army.Mil> wrote: I'm assuming you are
complaining about email that aol sent to your aol account. If so
two suggestions: get a life and get a clue! If you don't want aol
to send you email; Get off their system. Your analogy about a
computer-modem-printer system being a fax system is false. It
fails because the printing requires operator intervention, that is
the user must specifically toggle the printer on. If you do sue I
hope
I'm not at all sure that the actual production of a paper copy is
required. You should also bear in mind that the person whose post you
quote is an attorney, and has better reason than you or I to be
familiar with court cases relevant to the interpretation of the law he
cites.
that in addition to tossing your case out of court the judge fines
you for a frivilous court action.
I could wish for a better test case (e.g.: AOL sending unsolicited mail
to an account on *another* system), but I still applaud his intent.
The action may be hopeless, and unlikely to significantly dent the
finances of the offender (unless the plaintiff can also recover court
costs, it's likely to cost the average citizen more than $500 to take
the case to trial)
Unsolicited advertisements that are sent to you by e-mail, or to
your fax machine are illegal,
unsolicited email advertisements are not illegal.
Unsolicited email advertisements are obnoxious. If a court rules that
they do not violate any existing statute, I sincerely hope that
legislation establishing substantial penalties for such activity will
be soon forthcoming.
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 30 Sep 1995 17:40:13 -0400
Subject: Re: Junk Faxes & e-mail are Illegal
Organization: America Online, Inc. (1-800-827-6364)
Evidently you did not read the law I refer to. Rather than suggesting I
get a life, perhaps you should get a copy of the law AND READ IT.
The law has no reference to humann intervention. Indeed, all that is
required is the cabability itself.
As for AOL sending it to me, whether or not I am a subscriber to AOL, they
havce a duty to respect the federal laws of this nation. Furthermore, I
had specifically notified AOL that it was not to send me unsolicited
advertisements by e-mail. Perhaps you accept the proposition that AOL has
a higher calling than respect of its subscriber's wishes.
It seems peculiar that someone reading this newsgroup, such as you, would
be so critical of efforts to enforce statutes put into place to protect
your rights of privacy.
Now you just go and read the law, like a good privacy advocate, and behave
next time.... OK?
Bob Bulmash, President, Private Citizen, Inc.
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 30 Sep 1995 17:49:50 -0400
Subject: DateLine NBC to air segment on stopping junk calls
Organization: America Online, Inc. (1-800-827-6364)
On Friday, October 6th, DateLine NBC will air a segment about two
members of Private Citizen, Inc. that have collected thousands of
dollars from telemarketers.
One, a grandmother sued a newspaper for solictiting her, and was
awarded $2000. Another, a guy in California, has collected $6000+ over
the past 14 months in out-of-court settlements. If you want to learn
about how to stop telenuisance calls, and make money in your spare
time, tune in DateLine next Friday. Or call 1-800-CUT-JUNK (Private
Citizen, Inc.) today.
------------------------------
From: maryh@foresnt.com
Date: 2 Oct 1995 21:09:32 GMT
Subject: DoD R&D funding for small firms
Organization: InterServ News Service
DoD's Small Business Innovation Research (SBIR) program expects to fund
$450 million in early-stage R&D projects at small technology companies
in the next fiscal year. Awards will be made in technology areas that
have defense and commercial applications. Starting this fall, DoD will
give its highest priority in making SBIR awards to small companies that
are able to attract independent third-party investors -- such as
venture capital firms, large companies, or "angel" investors. If
selected for award, these small companies will receive uninterrupted
DoD funding of up to $850,000 over a two-and-a-half year period.</i>
In practice, this means that an investor that offers to help fund an
early-stage technology project at a small company can obtain a match of
between $1 and $4 in DoD SBIR funds for every $1 the investor puts in.
This new policy -- the SBIR "Fast Track" -- was approved for
implementation by Under Secretary of Defense (Acquisition & Technology)
Dr. Paul Kaminski in early June. Its purpose is to significantly
increase DoD's success in converting SBIR research into affordable,
high-performance products which serve military and commercial
customers.
For more information: * see the page entitled "DoD SBIR Fast Track" on
the World Wide Web at http://www.seeport.com/SBIR/fasttrk.htm</a> *
call 1-800-382-4634 * contact our DoD Fast Track listserver by
e-mailing list@seeport.com with the message join DoD on the first line
of your e-mail.
------------------------------
From: maryh@foresnt.com
Date: 2 Oct 1995 21:10:30 GMT
Subject: Federal R&D funding conference
Organization: InterServ News Service
The National Science Foundation and Department of Defense are pleased
to announce the establishment of the National Small Business Innovation
Research (SBIR) Conferences web site at
www.seeport.com/SBIR/95gener1.htm. An ftp server is now also available
at ftp.foresnt.com and a listserver at list@foresnt.com. Your message
to the listserver should be JOIN SBIR. This message should be on the
first line of your e-mail.
The National SBIR Conferences are the most important meetings the
Federal Government holds to inform small companies about the over $2
billion Federal R&D funding opportunities for these firms in FY96. The
conferences are sponsored by Department of Defense and the National
Science Foundation, in association with 19 other federal agencies. This
year's meetings will be held in Washington, D.C. at the Hyatt Regency,
Crystal City from October 16-18, 1995 and in Salt Lake City, UT at The
Salt Lake City Marriott from October 30-November 1, 1995. Program
managers from major Federal R&D agencies will hold seminars and private
one-on-one meetings. Also holding "one-on-one" meetings will be
representatives from some of the country's largest corporations who are
seeking technology they can help commercialize. Experts hold seminars
in fields from proposal preparation to government cost accounting to
commercialization.
------------------------------
From: cpsr-global@Sunnyside.COM
Date: Mon, 2 Oct 1995 01:52:32 -0700
Subject: New Int'l Privacy Docs
Taken from CPSR-GLOBAL Digest 238
According to Marc Rotenberg:
Three important international privacy documents may now be found at
the Privacy International web site (http://www.privacy.org/pi/)
- "The Final Text of the European Commission's Common Position on the
Directive on Data Protection." This is the critical law adopted by
the European nations this summer which establishes a common framework
for privacy protection within the European Union.
- The Canadian Government report, "Review of comments received on the
Industry Canada discussion paper Privacy and the Canadian Information
Highway." The document describes efforts currently underway in Canada
to implement privacy safeguards for the NII.
- "The Council of Europe Recommendations on Criminal Procedural Law
Connected with Information Technology, 11 September 1995." The
COE recommendations raise concerns similar to those expressed in
the USA about the regulation of encryption and the design of
telecommunications systems.
We've received many requests for copies of these documents. We're
pleased that they are now available on-line.
Marc Rotenberg (Rotenberg@epic.org) * +1 202 544 9240 (tel)
> Electronic Privacy Information Center * +1 202 547 5482 (fax)
> 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org/
> Washington, DC 20003 * info@wpic.org
------------------------------
End of Computer Privacy Digest V7 #028
******************************
.