Date: Fri, 08 Dec 95 12:12:56 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#049
Computer Privacy Digest Fri, 08 Dec 95 Volume 7 : Issue: 049
Today's Topics: Moderator: Leonard P. Levine
Re: PGP Moose
Infinity Transmitter
Re: Cashless Society
Re: Cashless Society
Re: Caller ID leakage
Re: Is it Possible to Not GET a SSN?
Re: Is it Possible to Not GET a SSN?
Re: Is it Possible to Not GET a SSN?
Re: Common Carrier
Re: Survey on Privacy in Business
Re: Survey on Privacy in Business
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: fyoung@oxford.net (F Young)
Date: 07 Dec 95 00:56:01 EST
Subject: Re: PGP Moose
To Moderator, Computer Privacy Digest:
I don't fully understand the PGP Moose technology, but so far, I have
not encountered any problem with your implementation of this technology.
I have read the opposition from one of your subscribers, I honestly
cannot see the need for such anger. People are naturally intimated by
"things" they do not understand. For this reason, and also for my
curiousity, how about allowing us more information on how PGP Moose
works? If the author of the software has a Web site, can you give us
the URL?
Would you eventually like your subscribers to PGP sign their submissions
for authenticity?
[moderator: I have taken the liberty of responding to Mr. Young's
questions below:]
I don't fully understand the PGP Moose technology, but so far, I
have not encountered any problem with your implementation of this
technology.
PGP works just fine, but when material is posted rather than mailed
some extra damage sometimes occurs. Lines get folded and extra
characters are added from time to time, often causing conventional PGP
signatures to become errors. Further, the signature takes a good deal
of space, maybe ten lines. What Greg Rose (his sig file and url info
are at the end of the posting along with my sig) has done reduces the
intrusion to 3 lines in the header and is more robust with respect to
known posting problems that the PGP signature itself.
He also works with the header area, rather than the body of the
message. Thus most newsreaders do not even show the X-auth line.
The other half of the program watches all news running through certain
backbone sites examining all postings in _moderated_ newsgroups that
have subscribed to the service (4 so far). At the moment the software
reports to the moderator if any posting to the group has a bad X-auth
line. Already written is the feature that will allow this part of the
moose to issue cancellations of such postings. It will be turned on
when people feel it is time. Any computer can run this code, thus any
computer can check the X-auth line of email or postings for
authentication of authorship.
Since news and mail software generally ignores lines in the header
starting with X, software that does not know about PGPmoose will just
pass it on. Very few errors seem to have occurred.
I have read the opposition from one of your subscribers, I honestly
cannot see the need for such anger. People are naturally intimated
by "things" they do not understand. For this reason, and also for
my curiousity, how about allowing us more information on how PGP
Moose works? If the author of the software has a Web site, can you
give us the URL?
The subscriber has the right to his opinion, and he is correct that
authentication is not directly a privacy issue. It is close, however.
Furthermore, I forsee a day when global unmoderated groups will be so
noise-filled as to be virually useless. I follow alt.privacy and there
are days when I can pass over a hundred messages looking for something
of interest. I knew I had the skills to work with Greg as an early
adopter and we saw a few bugs that had to be fixed. I took my
authority as moderator and did the experiment. I could have just
turned it on and watched for trouble. I chose to let you all know what
was going on.
Would you eventually like your subscribers to PGP sign their
submissions for authenticity?
Maybe. Certainly not right now. I check for authenticity by sending a
canned reply back when I get a posting. If that reply does not bounce,
and the author does not answer with a "that was not mine" message, that
has been good enough for now. Although it is fairly easy to "spoof" an
email message, it is more difficult to intercept email.
Greg Rose's signature files is:
--
Greg Rose INTERNET: greg_rose@sydney.sterling.com
Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921
28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr/
French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45
NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director.
I am:
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
From: Hugh Giblin <ulysses@acpub.duke.edu>
Date: 06 Dec 1995 20:36:51 -0500 (EST)
Subject: Infinity Transmitter
High tech invasion of privacy is a concern as mentioned. Has anyone
heard of an item called an "infinity transmitter"? This device which
is essentially a long distance tap will activate one's phone and use it
as a speaker/listening device. I don't believe they are legal other
then for law-enforcement although you will see very watered-down
versions in various electronic magazines.
--
Hugh Giblin
------------------------------
From: fyoung@oxford.net (F Young)
Date: 07 Dec 95 00:49:47 EST
Subject: Re: Cashless Society
maillist@dazed.nol.net (Al Johnson) said: The governments main
reason for pushing the cashless society idea is that it will
obliterate the underground economy which transactions the IRS is
unable to collect taxes on. But I do not believe that undergroud
transactions put that much of a dent in the governments tax
revenue, besides they collect enough taxes as it is already.
When the government says "underground", they mean transactions which
are hidden from them. High taxes are partially responsible for the
"underground" economy, if the situation is so severe, the problem is
with the government, NOT with the individuals who are trying to keep
more of what they earn.
I see no reason why we cannot have a virtual wallet with digital
cash. The wallets can be mass produced in the form resembling a
credit/ATM card. All cards are generic, meaning that they are
anonymous, have no
The "Cash Card" is being test-marketed as we speak - I'm not sure if it
is exactly what you have in mind, but from what you said, it sounds
pretty close. London, Ontario was the city (or one of the first
cities) they used to test the debit card, they once again get to see
what this new payment form is all about.
modification. But, my point is this: We shouldn't have to give up
our privacy in order to reap the rewards of a cashless economy, or
anything else for that matter.
I agree with you on the benefits of a cashless economy, "convenience"
is the thing that come to my mind. If implemented properly, we
shouldn't have to give up our privacy ... but if all monetary
transactions require some form of electronic gadget to carry out, just
think what would happen if the power goes out! :)
------------------------------
From: haz1@kimbark.uchicago.edu (Bill)
Date: 08 Dec 1995 02:05:05 GMT
Subject: Re: Cashless Society
Organization: The University of Hell at Chicago
Posted only, as the sender's address claims to be a mailing list...
Al Johnson <maillist@dazed.nol.net> wrote: [...] digit cash - cash
is anonymous. I'm talking about cash that functions the same as
the bills in your wallet right now. The digital cash can be
downloaded from your bank account through the ATM directly into you
virtual wallet.
Oops. You were doing fine until you suggested downloading directly
from an (identifiable) bank account into this "virtual wallet".
Digital cash is a complex problem which has so far been solved (as far
as I know) in only two ways: 1) By having a reliable institution (e.g.
a bank) digitally sign a "packet" of cash; at each transfer of the
cash, the recipient must check with the institution to verify that the
packet has not already been used by its current possessor (the
double-spending problem). Or, 2) by creating a tamper-proof card
("wallet") with a unique "signature" which identifies it (to prevent
tampering or phony cards from passing unnoticed).
Now, using method #1, as long as the original obtainer of the "cash" is
not identified, his/her anonymity is preserved; however, downloading
the "cash" from an identifiable personal bank account voids that
protection, by creating a record tying the packet of "cash" to the
person receiving it. Using method #2, the same problem arises with
doing an electronic transfer from a personal account into the "wallet",
since the "wallet" has a unique signature which can be used to trace
where the "cash" gets spent, and the personal account is clearly tied
to its owner. The only way to create a truly anonymous packet of
digital "cash" is to provide a means similar to current methods for
purchasing a money order at a corner currency exchange, whereby anyone
at all can walk in with paper currency and no identification, and
convert that paper currency into anonymous digital "cash"; if there are
electronic (or paper) transfers from an identifiable source, or if
identity of users is recorded in any way, the anonymity of the
electronic "cash" is defeated.
If you have a solution to this problem, by all means do post it; quite
a few people will be elated to see this problem solved... :-)
--
Bill (haz1@midway.uchicago.edu)
------------------------------
From: privacy@interramp.com (Privacy Newsletter)
Date: 07 Dec 1995 17:31:34 GMT
Subject: Re: Caller ID leakage
Organization: Privacy Newsletter
bgivens@pwa.acusd.edu says... Starting December 1, Calling Number
ID is supposedly transmitted on ALL calls, local as well as long
distance, as per a FCC ruling. The one exception is for calls
originating in California. (The California Public Utilities
Commission has requested a 6-month waiver, until it has had the
opportunity to accept or reject the local phone companies'
education plans for alerting California consumers to the privacy
effects of Caller ID.)
It is NOT true whatsoever that there is only ONE exception for
nationwide Caller ID! In a press release (Report No. DC 95-138) issued
November 30, 1995, by the Federal Communications Commission, THREE
exceptions are mentioned. Yes, the first one is the California stay
until June 1, 1996. But the second stay, until March 31, 1996, lets
smaller interexchange carriers, who experience technical glitches in
switching systems to, have some time to catch up. The third stay, until
January 1, 1997 (YES, 1997!), is being offered to certain local
exchange carriers because it is not technically nor economically
feasible for these carriers to provide these capabilities now.
So, YES, I would assume that their might be early compliance, and I
would assume that many calls that shouldn't show now WILL show now. But
it should be well understood that the California stay is not the only
item standing in the way of complete nationwide Caller ID.
For more information on this Caller ID topic or to receive privacy tips
for the holiday season, contact:
--
John Featherman
Privacy Newsletter
PO Box 8206
Philadelphia PA 19101-8206
215-533-7373
Internet: privacy@interramp.com
------------------------------
From: adams@spss.com (Steve Adams)
Date: 07 Dec 1995 15:00:37 GMT
Subject: Re: Is it Possible to Not GET a SSN?
Organization: SPSS, Inc.
adkinsg@piranha.ianet.net (Garry P. Adkins) wrote: I (of course)
have a SSN. I've been wondering if it's possible to not actually
*have* a SSN.... He really really really really objects to getting
them on religious and moral grounds. It sent me to thinking...
Any idea what his options are? Can he be a "conscientious<sp?>
objector" to the SSN deal?
He needs the SSN to claim the deductions for his kids on the 1040. If
he doesn't need the deductions or doesn't want them, then I guess he
could "get away with it" - at least until the kids try to get jobs, go
to college, etc....
--
The opinions expressed above are those of the author and not SPSS Inc.
---NASCAR-#7-#28-#51---
adams@spss.com Soli Deo Gloria Phone: (312) 329-3522
Steve Adams "Space-age cybernomad" Fax: (312) 329-3558
------------------------------
From: ranck@joesbar.cc.vt.edu ()
Date: 07 Dec 1995 18:59:53 GMT
Subject: Re: Is it Possible to Not GET a SSN?
Organization: Virginia Tech, Blacksburg, Virginia
Garry P. Adkins (adkinsg@piranha.ianet.net) wrote: I (of course)
have a SSN. I've been wondering if it's possible to not actually
*have* a SSN.... It sent me to thinking... Any idea what his
options are? Can he be a "conscientious<sp?> objector" to the SSN
deal?
As far as I can tell, you have to have a SSN if you file an income tax
return, but maybe not even then. It seems that if a person was
independently wealthy, and did not keep his/her cash in a bank or
investments, then you could get by without a SSN. The trouble comes as
soon as you earn any money from any source (job, investment income,
bank interest) then the IRS wants it reported and you are required to
have a SSN for that. I think some foreign nationals get what is called
a taxpayer ID number, but it amounts to the same thing, they just
aren't elegible for Social Security benefits so it's not a "real" SSN.
So if you have a mattress full of money, and you only pay cash, then
you can get away without an SSN. I don't see any other legal way.
--
Bill Ranck +1-540-231-3951 ranck@vt.edu
Virginia Polytechnic Institute & State University, Computing Center
------------------------------
From: Bill McClatchie <wmcclatc@nyx10.cs.du.edu>
Date: 28 Nov 1995 20:42:44 -0500
Subject: Re: Is it Possible to Not GET a SSN?
adkinsg@piranha.ianet.net (Garry P. Adkins) said: I (of course)
have a SSN. I've been wondering if it's possible to not actually
*have* a SSN....
Yes. Just don't apply for one for your kids. Or enter the country
illegally :)
I was talking with a guy the other day (he's a pastor), and he
home-schools his kids, etc. They don't have SSNs. (yet...) He
really really really really objects to getting them on religious
and moral grounds.
Objecting to Big Brother in any way is fine - but doing it in this
fashion will hurt his kids more than it will him. Can't get diplomas,
jobs, go to college, or amny other fine things in the US without being
registereed with Uncle Sam.
It sent me to thinking... Any idea what his options are? Can he
be a "conscientious<sp?> objector" to the SSN deal?
Yes. He just can't declare them on his taxes. His kids will pay a
higher price as I said above.
--
Bill McClatchie
wmcclatc@nox.cs.du.edu
http://nox.cs.du.edu:8001/~wmcclatc
------------------------------
From: sarig@teleport.com (Scott Arighi)
Date: 08 Dec 1995 03:29:52 GMT
Subject: Re: Common Carrier
Organization: Teleport - Portland's Public Access (503) 220-1016
Kevin Kadow <kadow@cig.mot.com> writes: Personally I'm more
concerned with the chilling effect on free speech that would result
from restricting content, regardless of who is held liable. As
I've stated in other forums, the question isn't HOW to make the
Internet safe for children (one proposed goal of this bill) but
WHETHER it should be done at all. The Internet is no longer a
publically funded resource, if the politician's want their own safe
and censored network, let them start one for that purpose.
herrin@why.com (William Herrin) wrote: I disagree. The availability
of pornography and similarly problematic material potentially has
the ability to bar children from the Internet, or at least from
huge un-checked expanses of it. That shouldn't be allowed to
happen. The question is how do you let the kids roam without, as
you say, having a chilling effect on free speech. I like safesurf's
answer. Take a look at <URL:http://www.safesurf.com/>. Their plan
adds a voluntary capability to the technology, which if supported
by laws and treaties would allow kids to roam without chilling
anyone's rights.
Should the internet be a childrens library or an adult bookstore? At
least from what I have seen the chance of an innocent little 9 yr. old
girl finding grossly offensive material is small. On the other hand
the probabilty of keeping a computer literate, hormone driven 16 yr.
old away from pornography is equally small. I have less than full
faith that any of the various "watch" programs are going to be *100%*
successful. It seems to me that a rational response to the amendment
that passed conference comm. the other day on the Telecom bill is going
to force a choice between adult and childrens library. Perhaps we need
to *ban* usage of the internet by anyone under 18 :-)
--
Scott Arighi
Those who ignore history are doomed to repeat it.
------------------------------
From: fyoung@oxford.net (F Young)
Date: 28 Nov 95 20:54:10 EST
Subject: Re: Survey on Privacy in Business
rj.mills@pti-us.com (Dick Mills) said: <...snip...> Can fellow
readers of CPD suggest ways that con artists could profit from the
information disclosed in similar requests? Is there reason to
continue to complain about these survey requests, or is everyone
sufficiently aware already?
To Dick and the moderator:
I believe we should allow surveys be posted, but only if the person(s)
conducting the survey provide their real names, mailing address, e-mail
address, phone number, the organization they are affliated with, and
the purpose of the survey.
Even after that, answers to surveys can be sent via a cypherpunk
remailer to ensure a higher degree of anonymity. Of course, it is
always up to the readers (answerers) to decide what information they
are willing to provide or if they want to answer at all.
------------------------------
From: Dick Carlson <dcarlson@honeydew.cc.wwu.edu>
Date: 29 Nov 1995 07:17:23 -0800 (PST)
Subject: Re: Survey on Privacy in Business
[moderator: I am interested also in whether or not I should filter
such items out of the stream. The two postings before this one are
cases in point.]
I would appreciate filtering of these types of posts -- I find your
forum very interesting and useful, but my time to scan huge digests is
limited.
At my University, we expect Froshpersons <gag> to do their *own*
research -- and I would hope their tuition covers libraries, Web
access, and search tools.
If not, they should consider transfer to another institution!
--------------------------------------------------
dcarlson@cc.wwu.edu http://www.az.com:80/~dick/
Fairhaven College -- Western Washington University
Bellingham WA 98225 (360) 650-3680
-------------------------------------
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 22 Nov 1995 14:25:54 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #049
******************************
.