Date: Wed, 22 Nov 95 14:46:28 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#044
Computer Privacy Digest Wed, 22 Nov 95 Volume 7 : Issue: 044
Today's Topics: Moderator: Leonard P. Levine
Looking for Quotable Comments on Deja News
French Agreement to use Netscape Navigator
CPD Footer Message
Re: Unsolicited Email Advertising
Re: Unsolicited email Advertising
Re: Unsolicited Email Advertising
Quicken SSN Alert
Re: Telemarketing
Re: Telemarketing
Re: SSN for CA DL renewal
Mark Twain Bank and DigiCash
Info on CPD [new]
----------------------------------------------------------------------
From: chris@ivanova.punk.net (Christopher Ambler)
Date: 20 Nov 95 22:00:09 PST
Subject: Looking for Quotable Comments on Deja News
I am writing an article for a local paper on Deja News. I would like
comments from those who have expressed an opinion on the service (both
good and bad) that I might quote in my article. Please be sure and send
me your name and title (if applicable) if you don't mind being quoted.
I saw some good quotes in the digest previously, but don't want to use
them without permission.
If anyone from Deja News wishes to contact me, please do so. If I don't
hear from them, however, I'll be sending them email shortly.
Thanks much!
--
(C) Copyright, 1995 Christopher Ambler, Director, Punknet Internet
Cooperative, San Luis Obispo, California Permission to redistribute
electronically via Usenet and mailing lists without fee is granted.
Redistribution for commercial purposes is prohibited.
------------------------------
From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat)
Date: 21 Nov 1995 08:49:06 GMT
Subject: French Agreement to use Netscape Navigator
Organization: FranceNet
Bonjour,
All over the French newgroups, you can read the uncredibled news this
morning: the secret SCSSI (Service Central de la Securite des Systemes
d'Information) from the Premier Ministre' desk in Paris have given the
complete agreement to use Netscape Navigator. The document is like
that:
Titre: "Autorisation de fourniture et d'utilisation generale de moyens
de cryptologie No. 2500"
Signe: 7 Novembre 1995
Par: Jacques VINCENT-CARREFOUR pour la DISSI
Reference: 509/DISSI dossier numero 950038
L'autorisation est fournie aux seuls produits Netscape Navigator suivants:
N. DOS WINDOWS CD ROM
N. DOS WINDOWS KX 23
N. MACINTOSH CD ROM
N. MACINTOSH RX23
N. NT/INTEL CD ROM
N. NT/INTEL RX23
N. NT/ALPHA
N. X-WINDOWS
N. WIN/95 16 BIT CD ROM
N. WIN/95 16 BIT RX 23
N. WIN/95 32 BIT CD ROM
N. WIN/95 32 BIT RX 23
Elle est egalement fournie aux distributeurs de la liste suivante et a
eux seuls:
Sun Microsystems Computers
Digital Equipment
Silicon Graphics
Novell
Siemens Nixdorf
Olivetti
Bull
Zenith Data Systems
Apple Computers
Hewlett Packard
Compaq
Azlan
Softway
France Telecom
Grolier Interactive Europe
General Games
Some remarks can be do: it's no "s" to X-Window in the list of
authorized products. This agreement "is good until 1st October 1997 for
selling and use in France only." This autho- rization will be late to
be given because of some discussions with other hurge software
publishers that don't have receive the same paper.
It's the first time in France that an US specific software will be
accepted in the cryptographic field by our Government. Bravo -:>]
--
Jean-bernard Condat
Computer Security Expert (Paris, France)
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 21 Nov 1995 03:14:19 -0500
Subject: CPD Footer Message
In CPD V7#043, the Info on CPD footer at the end contains:
[new: Ordinary copyrighted material should not be submitted. If a]
[copyright owner wishes to make material available for electronic]
[distribution then a message such as "Copyright 1988 John Doe.]
[Permission to distribute free electronic copies is hereby granted but]
[printed copy or copy distributed for financial gain is forbidden" would]
[be appropriate.]
Now I'm confused after the recent threads re: copyrights. If copyright
is automatic to the owner as soon as it's fixed, then is there any material
anywhere that is not copyrighted?
I wonder if even a statement such as "public domain" in an email message is
sufficient to make it public domain? Is is binding on the author? Could
he change his mind? Can he disavow the statement since it isn't legally
signed or witnessed?
What does the moderator mean by "Ordinary copyrighted material"?
--
Dick Mills +1(518)395-5154
http://www.albany.net/~dmills
[moderator: I give up. Mr. Mills is completely correct and I have
modified the footer by removing this paragraph. The footer now has
been returned to what it was before last October and can be seen
below.]
------------------------------
From: Fred Baube <fbaube@propus.tkk.utu.fi>
Date: 21 Nov 1995 15:39:07 +0200 (EET)
Subject: Re: Unsolicited Email Advertising
tswalton@aol.com (TSWalton) said: I would suggest that the net
begin to charge the spammers a per piece handling charge......just
like the USPS. It would be too costly to spam if they are not
hitting their target audience and would be self limiting in the
long run.
An analogy to chew on ..
In Finland and Sweden, there's no such thing as unlimited local POTS
[that's Plain Old Telephone Service, for the acronymically
challenged]. Every call you make from any telephone, home or
elsewhere, costs you *something*; where I live it's about 12 US cents.
This is irritating if you've become accustomed to unlimited POTS. But
it *does* seem to limit junk phone calls, and it puts a complete stop
to kids with modems trying every damned number in the city looking for
modem tones.
--
F.Baube(tm) * P/T Autodidact, F/T Information Junkie.
G'town U MSFS '88 * The sixth sick sheik's sixth sheep's sick.
fred.baube@utu.fi * Nymphs vex, beg quick fjord waltz.
------------------------------
From: peter@nmti.com (Peter da Silva)
Date: 22 Nov 1995 15:41:12 GMT
Subject: Re: Unsolicited email Advertising
Organization: Network/development platform support, NMTI
Bill <haz1@kimbark.uchicago.edu> wrote: Nice idea, but no cigar.
Searching the last few lines of a post for any string beginning and
ending with whitespace and including an "@" sign is no harder than
searching the first few lines for that.
Make your sig block look like this:
foo@bar.com bar@foo.com yeltzin@kremlin.gov celine@agora.mil bob@sub.net
bar@foo.com yeltzi Peter da Silva, Super Genius ub.net foo@bar.com
yeltzin@kremlin.go peter@nmti.com ar.com bar@foo.com
celine@agora.mil bob@sub.net foo@bar.com bar@foo.com yeltzin@kremlin.gov
I have thought up a much better mechanism for preventing mass-mailings
getting to you, without blocking *individuals* responding to your
message.
Message-ID: <aa.086A90905B@nmti.com>
When the Message-ID contains some hashed secret, you can have your mail
filter toss all messages that don't contain that secret in References
or In-Reply-To. If someone replies to you via a mail program or
newsreader they're supposed to include your message-id in that line.
To help correspondants who have broken software, you can even describe
the mechanism in your .signature. Even if the spammers know what you're
doing it's more trouble than it's worth for them to spam you, since
they'd have to hand-craft a separate email message targeted at you.
Maybe I should patent the idea and email everyone on the net telling
them about it, so they'd have to pay me royalties to actually use
it...
Naaaaah. I'll toss it in the public domain. Go for it.
Another nifty idea, this one designed to let you use "mailto" URLs
safely. You need to be able to run server-side code for this: have
your site generate a mailto: URL containing a one-time address that's
valid for a short period. That way if they put it in a list you'll get
only a single message, and then only if they use it right after
generation.
... privacy through complex mathematics ...
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
------------------------------
From: Maryjo Bruce <sunshine@netcom.com>
Date: 20 Nov 1995 23:24:21 -0800 (PST)
Subject: Re: Unsolicited Email Advertising
Somebody mentioned having spammers charged for junk email, like the
USPS. Interesting analogy. I had to turn in a mail forward four
months ago when my box at X post office was torn out during remodeling
and I was forced to get a new box with a different number at the same
location. Over one thousand pieces of non forwardable junk mail have
been forwarded from one box to the other.
I just found a bill from USPS for $405 in my new box...which I must pay
in addition to my box rent for special handling of all the junk mail,
because of the quantity. The junk mail which is not forwardable to my
new address......
--
Mary Jo Bruce, M.S., M.L.S.
Sunshine@netcom.com
------------------------------
From: wayne@localnet.org
Date: 22 Nov 1995 19:42:24 GMT
Subject: Quicken SSN Alert
Organization: University of California, Berkeley
Quicken Online Banking Users - Social Security Number Alert.
I recently had a long discussion with Union Bank concerning Quicken
Online Banking and social security numbers. Union Bank required me to
provide SSN which they informed me would become part of every online
banking transaction. When asked if this information would be
encrypted the bank representative declined to comment.
DO NOT SIGN UP FOR QUICKEN ONLINE BANKING
The possiblity of your SSN being sent in the clear all over the
Internet as part of every online banking transaction is catastrophic.
It is very easy to snoop on internet packets and copy information. No
online banking convenience is worth the risk of your SSN being copied
and used to destroy your credit rating. You generally have the burden
of proof when others use your SSN to commit credit fraud despite this
information being widely available. Intuit's use of SSN is only a
little better than the IRS's habit of printing your SSN and address on
mailing labels.
I refused to provide SSN to Union Bank as I routinely do to all
requests citing the Federal Privacy Act. Union Bank checked with their
legal department about this. I have often refused to provide SSN for
credit checks and and other non IRS uses and this usually results in
some discussion, but in all other cases the business eventually
acknowledged my right to refuse to provide SSN. Since the IRS has
stopped requiring reporting from credit card companies they no longer
have that excuse to request SSN and I have gotten new credit cards from
several companies without providing SSN. I have also gotten Checkfree
and Charles Schwab to establish online accouts without SSN's. When
companies use nine digit numbers they can substitue a nine digit number
begining with 999 or 888 which will not duplicate a legitimate SSN. I
prefer to refuse to provide SSN rather than simply supplying a fake
number.
Union Bank returned my call and provided some interesting information.
In addtion to Intuit's requireing SSN for their online transactions it
seems the US Treasury wants SSNs for bank accounts. Union Bank's legal
department apparently relies on the advice of the Treasury to require
SSN's. What is interesting here is that both Union Bank and US
Treasury acknowledge a legal right to withhold SSN. The Federal
Privacy Act explictly prohibits and provides criminal penaties for
government agencies requireing SSN unless established by law. The
privacy act provides a legal right to withhold SSN from private
business but does not establish any enforcement proceedure with respect
to private business so that area is unclear. However Union Bank
indicated it acted at the direction of Treasury and it is clearly a
serioius felony for federal officals to conspire to deprive citizens of
legal rights under color of authority (remember Rodney King). Treasury
seems to be illegally trying to accomplish through its regulatory
oversight of banks what it is explicity prohibited from doing by law.
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 22 Nov 1995 01:55:52 -0500
Subject: Re: Telemarketing
Organization: America Online, Inc. (1-800-827-6364)
Private Citizen, Inc. will notify over 1400 national and local
telemarketing relatred firms of your `do-not-call' request, and send
you a list of the firms we notified. Also included in your
notification, will be an offer to allow those firms to tele-solicit you
on a `for hire' basis of $500 per call.
Private Citizen has been in operation since 1988. The result has been a
substatial drop in junk calls to our members.... and they have
collected too: both in and out of court.
--
Robert Bulmash
Private Citizen, Inc. 1/800-CUT-JUNK
------------------------------
From: anonymous <levine@cs.uwm.edu>
Date: 22 Nov 95 12:36:35 EST
Subject: Re: Telemarketing
[moderator: sent to me in my own mailbox, but worth posting.]
I've been looking for creative solutions to the nuisance problem of
telemarketing. One solution to unwanted telemarketing is the
creation of a "don't call me" list wherein people can designate
that they don't wish to be telemarketed. Then, rather than rely on
local or state law
We have a "low tech, non-legislative" solution to this problem. We
tell *all* callers that the fact that they called precludes us from
contributing to their cause or buying their product. We make it clear
that this is an *unequivocal* policy from which we will not stray,
irrespective of the worthiness of the cause or the degree to which we
may want the product. And we keep our word.
Now, if sufficient numbers of callees did this, the loss in
contributions or sales would be discernable to people who detect market
statistics, and we might see less telemarketing.
After all, "they" know everything about our buying habits, right?
------------------------------
From: wayne@localnet.org
Date: 22 Nov 1995 19:54:21 GMT
Subject: Re: SSN for CA DL renewal
Organization: University of California, Berkeley
Ron Richter <shadow@nosc.mil> wrote: I was wondering if anyone
knows what the deal is regarding the Social Security Number that
was required to be disclosed to the Department of Motor Vehicles
for the state of California...
Unfortunately Federal law has been changed to allow requiring SSN for
drivers license. This is used to track people who are not making child
support payments. The SSN cannot be printed on the drivers license
when is required ( it can be used if it is requested) and can only be
disclosed for legitmate law enforcement purposes. (right, cops are
honest and never lie in court).
------------------------------
From: ulmo@Q.Net (Bradley Ward Allen)
Date: 21 Nov 1995 13:40:16 -0500
Subject: Mark Twain Bank and DigiCash
Organization: Q
I would like insight into these issues. First I put excerpts from two
documents, so that I may comment on them and their accuracy:
excerpts from http://www.marktwain.com/press1.html (Mark Train is a
bank, this URL is a press release):
"This launch marks the beginning of a new era, one in which the digital
equivalent of paper money and coins will become even more important
than their physical precursors are today," according to Dr. David
Chaum, Managing Director of DigiCash bv and inventor of electronic
cash. "It will catalyze enormous growth in electronic commerce on the
Internet, and prove of enduring value through its improved protection
of consumers and society at large."
[... and later ...]
How safe is it
Security is fundamental to electronic cash. The cryptographic coding
protecting every 5 cent ecash payment is the same as that routinely
relied upon for authenticating requests to move huge sums between banks
and even for national security. But in principle ecash goes beyond such
communications security to achieve true multiparty security: no one
(buyer, seller, bank) can cheat anyone else, no matter how they might
modify their own software; even if two parties collude, they cannot
cheat the third.
Replacing paper and coins with ecash would make life much harder for
criminals. Because the payer's computer chooses the serial numbers of
the coins, he or she can later irrefutably identify blackmarketeers,
extortionists, and acceptors of bribes--were they to take ecash. Paper
notes, briefcases full of which can be received without leaving any
record, allow money laundering and tax evasion today. With ecash,
however, all the amounts each person receives are known to their bank.
Significant criminal activity could thus be thwarted by completely
replacing paper money; moreover, the privacy of ecash would be
essential to widespread acceptance of any electronic payment system
that in effect becomes mandatory.
/////////////////////////////////////////////////////////////////////
excerpt from Wired, December 1994, page 174:
My fellow passenger and tour guide is David Chaum, the bearded and
ponytailed founder of DigiCash, and the inventor of cryptographic
protocols that could catapult our currency system into the 21st
century. They may, in the process, shatter the Orwellian predictions
of a Big Brother dystopia, replacing them with a world in which the
ease of electronic transactions is combined with the elegant anonymity
of paying in cash.
He points out the plaza where the Nazis rounded up the Jews for
deportation to concentration camps.
This is not idle conversation, but a topic rooted in the Chaum
Weltanschauung - state repression extended to the maximum. David Chaum
has devoted his life, or at least his life's work, to creating
cryptographic technology that liberates individuals from the spooky
shawdows of those who gather digital profiles. In the process, he has
become the central figure in the evolution of electronic money,
advocating a form of it that fits neatly into a privacy paradigm,
whereby the details of people's lives are shielded from the prying eyes
of the state, the corporation, and various unsavory elements.
[... and later ...]
Dining with the Cryptographer
For Chaulm, the politics and the technology reinforce each other. He
believes that as far as privacy is concerned, society stands at a
crossroads. Proceeding in our current direction, we will arrive at a
place where Orwell's worst prophecies are fulfilled. He delineated the
problem in an essay called "Numbers Can Be a Better Form of Cash Than
Paper." "We are fast approaching a moment of crucial and perhaps
irreversible decision, not merely between two kinds of technological
systems, but between two kinds of society," says the article, published
in 1991. "Current developments in applying technology are rendering
hollow both the remaining safeguards on privacy and the right to access
and correct personal data. If these developments continue, their
enormous surveillance potential will leave individuals' lives
vulnerable to an unprecedented concentration of scrutiny and
authority."
In the early 1980s, Chaum conducted a quest for the seemingly
impossible answer to a problem that many people didn't consider
problematic in the first place: how can the domain of electronic life
be extended without further compromising our privacy? Or - more daring
- can we do this and increase privacy?
[... and later ...]
Chaum says he has never argued for total untracability, but sort of a
constrained anonymity. "My work has been trying to establish a whole
space of possibilities, bounded by pure perfet anonymity on one side
and a perfet identification on the other side."
[I didn't re-read the Wired article entirely, and may have missed a
very pertinent paragraph that I remember seeing regarding some of these
issues that would indicate that Chaum has methods which would guard
against some of the worst activities (kidnappings) while not keeping
records at the bank (maybe I figured this out from reading it and Chaum
didn't explicitly say it, in which case of course I'm fallable);
moreover, I know that I'm pretty sure that that is possible, and what's
even more scary to banks is that at some point they could be left out
of the loop entirely. But that would only be a possible (possibly
nice) side-effect; I'm more concerned about the information privacy.]
**********************************************************************
My comments:
Why is Chaum in the Wired article (written first) looking for heavy
privacy, and then later affirming the Bank's choice of a system which
is "With ecash, however, all the amounts each person receives are known
to their bank" which indeed seems to me to have a large amount of
tracabilty (is it in that the bank doesn't know where it's coming
*from*??), and "irrefutably identify blackmarketeers, extortionists,
and acceptors of bribes"? Is the irrefutably some sort of proof that
cannot be made-up (i.e. framing someone)?
Obviously, the bank (Mark Twain) chose one of the points in the "whole
space of possibilities" that Chaum mentions that has a very large
amount of tracability.
I can easily see where someone would set up a mechanism which would
look at the *time* of a transaction *to* my account, and then look at
the *time* of the transaction of those sending it, asking them to bring
forth records identifying the person they were sending it to just for
proof, and then suddenly not allowing someone to do something key to
being able to make it in this world when starving but often illegally
legislated against by so-called religious radicals bowing to the money
paid by rich psychos who wish to see people weeded out by starvation,
such as prostitution (something I myself have been forced to deal with
as Welfare only made me suicidal as I found out that I wasn't allowed
to receive it since I was actually *trying* to get out of it and had to
make an elaborate lie to the welfare agency to qualify for what I
deserved, which I wasn't good at lying so failed).
The bank's method brings up the age-old question: Is the government
good at deciding who is a criminal and who is not? I think the answer
is necessarily half-and-half: the gov't is enough right that people
don't make the gov't irrelevent, and enough wrong to weed out those who
would attempt to live fairly and by the truth as much as possible. I
think it's *what* one is hiding that is always so important, and I
don't claim to have all the answers.
I, for one, am quite baffled by this development.
--
Bradley
(Please, if possible, followup to the newsgroup *AND* copy to me by
email, since I'm sure both discussion is necessary and I don't
frequently have a chance to check USENET.)
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Nov 1995 14:25:54 -0600 (CST)
Subject: Info on CPD [new]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #044
******************************
.