Date: Sat, 17 Feb 96 10:16:00 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#015
Computer Privacy Digest Sat, 17 Feb 96 Volume 8 : Issue: 015
Today's Topics: Moderator: Leonard P. Levine
Re: GM unlocks your car with a phone call
Re: GM unlocks your car with a phone call
Web Surfers: Your Computer Is Watching You
Re: Anonymous Remailers are a Virus Spreading Online
Re: Anonymous Remailers are a Virus Spreading Online
Re: Anonymous Remailers are a Virus Spreading Online
New Discussion Group: Communications Decency Act of 1996
Canadian Privacy Files Abstracts Available Online
Economist magazine Calls for New Privacy Laws
Congress Sets Date for Votes on ID Card Bill
Call for Papers
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: hpage@netcom.com (Howard G. Page)
Date: 14 Feb 1996 16:09:55 GMT
Subject: Re: GM unlocks your car with a phone call
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
References: <comp-privacy8.14.8@cs.uwm.edu>
The following is an internal GM Newsline announcement from 2/9/96.
GM ANNOUNCES ONSTAR .... General Motors today is expected to
announce at its annual Chicago Auto Show press luncheon, a new
on-vehicle communications technology called OnStar -- the most
[...] the driver simply needs to touch the emergency services
button on the cellular phone, and the Customer Assistance Center
advisor locates the vehicle's position on a digital map and alerts
the nearest emergency services provider. OnStar also eliminates the
need to call a locksmith. If a driver has locked the keys in the
car, a toll-free number will connect the driver with the Customer
Assistance Center advisor who will send a cellular data call to the
automobile that instructs the vehicle to unlock itself at a
specified time. OnStar's user-friendly technologies
I wonder whether there is a feature providing the ability of the
"Customer Assistance Center" to disable your auto if you fall a little
behind in your payments. Or maybe they simply send it a command
limiting it's maximum speed is, say, 30 mph!
On the other hand, maybe they can disable the auto if it is reported
stolen. Or, even better, as an act of retribution, one can falsely
report someone's auto as stolen, disabling the auto!
Or maybe, if reported stolen, the assistance center will call you
first, and request your mother's maiden name before they disable your
auto.
The possibilities are endless!
--
Howard G. Page hpage@netcom.com 415-548-1902
"Now I've been to one world fair, a picnic and a rodeo and that's the
stupidest thing I've heard come over a set of earphones."
-- Major T.J. "King" Kong
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 Feb 1996 06:28:54 -0600 (CST)
Subject: Re: GM unlocks your car with a phone call
Organization: University of Wisconsin-Milwaukee
References: <comp-privacy8.14.8@cs.uwm.edu>
Taken from RISKS-LIST: Risks-Forum Digest Thursday 15 February 1996
Volume 17 : Issue 74 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND
RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public
Policy, Peter G. Neumann, moderator
Date: 15 Feb 96 16:54:58 -0500
From: Mark Anthony Beadles <beadles@acm.org>
Subject: GM Plans to Plug Cadillacs into Communication System
Article: "GM Plans to Plug Cadillacs into Automatic Communication System"
WSJ, February 9, 1996, Page B3, Column 1
In summary, GM is introducing a system in its high-end automobiles that will
"automatically call for help" in an accident, including flashing lights and
honking the horn. Called the OnStar system, it is scheduled to appear as an
option in the 1997 front-wheel-drive Caddies. According to the article, it
is activated by the air bag being deployed. In addition to honking and
flashing, the system will transmit (to whom was not clear) the location of
the car in event of accident, theft, or "other emergencies". The system also
includes navigational assistance that works throughout the US, using the car
telephone as the output device.
OnStar's managing director, Chet Huber, is attributed as saying, "the
company has done extensive market research that says drivers want a greater
sense of security and control." Tying the car into a nationwide
communication system that can track your every move and control your car is
evidently how they intend to accomplish this.
The RISKS here are numerous, in my mind:
1.A `false alarm' condition could cause the emergency transmissions,
flashing lights, and honking horns, when there is in fact no emergency.
This is similar to the present risks associated with home alarms.
2.Tracking the location of one's car can be a benefit (prevents you
from getting lost in the Mojave), but it can also allow people to
find you when you don't want them to. Cars have traditionally been
seen as private havens in the US.
3.The system could give wrong navigational information to the driver.
Who will be verifying the nationwide database of road information?
The driver could follow the system's recommendations and become lost.
Come to think of it, I guess that's an argument for having item 2.
Mark Anthony Beadles beadles@acm.org - http://www.acm.org/~beadles
------------------------------
From: taxhaven@ix.netcom.com (Adam Starchild )
Date: 14 Feb 1996 18:30:34 GMT
Subject: Web Surfers: Your Computer Is Watching You
Organization: Netcom
Takeb from The Financial Times (London) for February 12, 1996:
This Bug In Your PC Is A Smart Cookie by Tim Jackson
Dear Mr. Jackson: Our in-store cameras have recorded your repeated
visits to our fruit and vegetable counter. Yet even though you buy
things in other departments -- I hope last month's kid gloves came in
handy during the cold snap! -- we see that you have never bought fresh
produce from us.
Three times last week you stood in front of the fresh mangoes, but
never took the plunge. So I'm writing to let you know about our
upcoming special offer on tropical fruit.
As far as I know, no shopper has ever received such a letter. Camera
technology is many years from being able to follow a single person
around a department store, let alone tally that person's movements
against sales records.
Yet these methods of keeping tabs on the behaviour of customers are
possible today in cyberspace. Technology is already in place -- and
ready to be put to use on the World Wide Web of the Internet -- that
will allow Web site owners to gather an alarming range of information
on the people who look at their Web pages from PCs at home.
Most Internet users are not aware that such possibilities exist. They
believe, correctly, that when they surf the Web, the information sent
from their PC to the Web site is an IP address - - a string of digits
that specify the Internet location of the computer they are logging in
from. Tracking down the customer from that information alone is an
inexact science, since a single IP address can be shared by hundreds of
people working at a company, or thousands of people using an online
service.
But the leading software used on the Web contains a little- known
wrinkle that increases the power of companies to find out who their
customers are and what they are up to. It allows companies to track
which Web pages an individual looks at, when, for how long, and in what
order.
That information can be tallied against information the customer
provides of his own free will -- for instance, when he "registers" for
membership by giving a name and e-mail address, or provides a credit
card number and a address when ordering a delivery -- to produce a
comprehensive record of individual behavior.
Most extraordinary of all, this information can be stored on customers'
own PCs without their knowledge. It can be kept in a form so that only
the company that collected the information can benefit from it. And
when the customer connects to the Web site later, the site can silently
interrogate his PC and pick up the information.
The formal name for the objects where the information is stored is
"persistent client-state hypertext transfer protocol cookies." Those
who dismiss this as an early April Fool joke can find the specification
describing the cookies by using the search engine on Netscape
Communications' home page.
A technical note written in July 1995 describes the specification as
preliminary, and warns users to treat it with caution. But the
facility has been fully operational on Netscape browser software since
version 1.2
Each cookie, or nugget of information, can be up to four kilobytes and
each server is allowed to deposit 20 cookies on every client computer.
The total of 80 kilobytes that this represents is roughly equivalent to
18 articles the length of this one. But this limit can be circumvented
by the simple device of having a number of different servers inside the
company. As a result, a company can theoretically store 1.2 megabytes
of information -- twice the length of Persuasion -- on each customer
PC.
As a group, those who inhabit the online world tend to be watchful of
their privacy. When they became aware last year that MSN, Microsoft's
online service, was able to download a list of programs on customers'
PCs as they logged in from home or work, there was such a fuss that the
company was forced into a hasty damage-control exercise to reassure the
world that its intentions were honourable.
Client-state cookies are in a slightly different category. They do not
allow one company to snoop on another, and they gather only information
about consumers' behaviour at a single company's Web site or
information that customers themselves volunteer.
But many PC users may take a dim view of Netscape's failure to draw
their attention to the fact that their behaviour may be tracked i this
way. Moreover, there appears to be only one way to disable the
facility: by manually amending or deleting the COOKIE.TXT file
containing all the cookies.
Netscape describes the system as a "powerful new tool which enables a
host of new types of applications to be written for Web-based
environments," and of course the company is right. Cookies allow
customers to do repeat business with companies without having to retype
their details. There are plenty of other very useful purposes to which
the cookies could be put in future.
Yet the tale of these cookies is an illustration of the possibilities
that Internet marketing opens up. In the old days, placing an
advertisement was like firing a blunderbuss: remember the old quip that
half the money spent on advertising was wasted, but that no-one knew
which half. Today, technology has created silver bullets that allow
companies to target people individually.
In the long term, this is a good thing, for it will tailor advertising
more closely to what consumers want. But at stake is the issue of
privacy which needs to be debated.
The only consolation is that breaches of privacy using this technology
are unlikely to have any life-and-death consequences. The worst thing
most companies will do, after all, is try to sell you something.
Posted by Adam Starchild
Asset Protection & Becoming Judgement Proof at
http://www.catalog.com/corner/taxhaven
------------------------------
From: fyoung@oxford.net (F Young)
Date: 15 Feb 96 01:19:36 EST
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Remember the message written by Phil Zimmermann about the case against
him being dropped? Many people were concerned when the PGP signature
didn't compare, in fact, the signature in some of the messages probably
got altered accidentally. By the same token, someone who receives an
anonymous message should read it with a grain of salt.
The authors said "[<anon.penet.fi>] is in Finland. It is frequently
used by the Russian (ex-KGB) criminal element." Is this an attempt to
say because some criminals use such service, legitimate uses should be
curtailed or compromised? I remember similar arguments were used for
the promotion of the Clipper chip and the export control of strong
crypto. Also, because some criminals use guns, then law abiding
citizens should not be allowed to own them? Besides, <anon.penet.fi>
is not truly anonymous. The system operator knows who the users are,
I'm sure the authors konw that.
I'm glad the authors finally recognized legitimate uses of anonymous
remailers. The only problem I can forsee with anonymous re-mailers is
spamming. But comparing anon re-mailers with epidemics is a little far
fetched, and the last thing we need is more government regulations,
PERIOD!
------------------------------
From: cnordin@vni.net (Craig Nordin)
Date: 15 Feb 1996 15:02:16 -0500
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: Virtual Networks
References: <comp-privacy8.14.10@cs.uwm.edu>
Note the SAIC name in the byline. Note that CIA folk have often
published stuff and not fessed up to having a CIA background.
Anonymous remailers are the number one threat to total control via
government.
If you read something anonymous you can discard it simply because the
writer is unwilling to stand beside his words. Or, you can see if it
is an apt piece of writing and decide that it does apply, even without
an author.
This thread is part of a "school" of such topics now reaching us
through various media. Note the recent news made by an internet
announcement that a girl was being abused by her mother. Kids are said
to be making bombs from instructions via the Internet (and why were
they making so many bombs learned from libraries and colleges before
and not even making it past the local news?).
Some people don't like utterly free speech.
--
http://www.vni.net/
cnordin@vni.net Fly VNI: Send E-Mail to info@vni.net
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Feb 1996 16:22:41 -0600 (CST)
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Wisconsin-Milwaukee
My most serious question about anonymous remailers is this: How can we
be sure that the operator of such a remailer is not a federal or other
governmental agent? That person is trusted with our privacy and has
all the data needed to identify a user.
If I were the Feds I would already have set up such a "sting"
operation, the temptation is just too great.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
PGP Public Key: finger llevine@blatz.cs.uwm.edu
------------------------------
From: gmklein@ix.netcom.com (Gary M. Klein )
Date: 16 Feb 1996 09:09:06 GMT
Subject: New Discussion Group: Communications Decency Act of 1996
Organization: Netcom
In light of the recent furor over the airwaves, in the media and in
lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United
States' President Clinton signed into law on February 8, 1996, I have
created a forum for people to discuss the concerns raised by this (and
similar) pieces of legislation.
LISTNAME: CDA96-L
FULL TITLE: Communcations Decency Act of 1996 Discussion Group
FORMAT: Un-moderated, Postings must come from registered
subscribers
SUBSCRIPTIONS: via LISTPROC software
LISTOWNER: Gary M. Klein <gklein@willamette.edu>
Management & Business Economics Librarian
Hatfield Library
Willamette University
Salem, Oregon 97301 USA
DESCRIPTION:
CDA96-L is open to anyone. Its primary role is to serve as a means of
communication among people who are concerned about the implications of
the United States of America's COMMUNICATIONS DECENCY ACT OF 1996
(signed into law by President Willam J. Clinton on February 8, 1996).
Its secondary role is to serve as a discussion forum for similar
legislation or regulation that may be in the formative or final stages
in any other country, or at any local jurisdiction taht would restrict,
limit or inhibit use of Internet resources based on "decency,"
"morality," "offensivness," or based on teh age of someone using,
operating or accessing an Internet resource.
SUBSCRIBING TO THE "CDA96-L" LIST:
Anyone may subscribe to the list by sending a simple subscription
command to <LISTPROC@WILLAMETTE.EDU> SUBSCRIBE CDA96-L Your Name
For example, if Idi Amin were still alive and wanted to subscribe,
the post would resemble this: mailto: LISTPROC@WILLAMETTE.EDU
text: SUBSCRIBE CDA96-L Idi Amin
--
GARY M. KLEIN "not your average leathered librarian & indecent communicator"
Hatfield Library / Willamette University / Salem, Oregon 97301 USA
work #503-370-6743 / gklein@willamette.edu
http://www.pobox.com/~gklein
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 Feb 1996 16:21:23 -0600 (CST)
Subject: Canadian Privacy Files Abstracts Available Online
Organization: University of Wisconsin-Milwaukee
Taken from EPIC Alert 3.04 February 16, 1996 Published by the
Electronic Privacy Information Center (EPIC) Washington, D.C.
info@epic.org http://www.epic.org/
Privacy Files provides detailed information about current privacy
developments in Canada. A recent issue explored the Supreme Court
decision on record confidentiality, Ontario's Bill 26, and the current
status of privacy for municipal employees. To receive Privacy Files
Abstracts, send the message "Add me to 'Privacy Files Abstracts' list
< your name >" to: privacy.files@progesta.com. To subscribe or to
receive detailed information about subscription rates, send
"Subscription information < your name >" to:
privacy.files@progesta.com. More information about Privacy Files is
available at E-mail: privacy.files@progesta.com Snail mail: 1788
d'Argenson, Ste-Julie (Quebec) CANADA J3E 1E3 Voice: +1 (514) 922
9151 Fax: +1 (514) 922 9152 Voice (toll free from Canada & US):
(800) 922 9151.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 Feb 1996 16:22:35 -0600 (CST)
Subject: Economist magazine Calls for New Privacy Laws
Organization: University of Wisconsin-Milwaukee
Taken from EPIC Alert 3.04 February 16, 1996 Published by the
Electronic Privacy Information Center (EPIC) Washington, D.C.
info@epic.org http://www.epic.org/
The Economist magazine called for the adoption of new privacy laws
in an editorial published on February 10, 1996. The international
news publication warned that new technologies and the growing
sale of sensitive data are threatening personal privacy. "Given these
technological advances, maintaining the degree of anonymity that people
used to enjoy will take regulation," said the London-based publication.
The Economist, hardly known for its pro-regulatory stands, recommended
that information gatherers be required to gain explicit permission
before engaging in subsequent use of personal data. "There is little
reason to suppose that market-driven practices will by themselves be
enough to protect privacy." The magazine concludes that if regulations
are adopted "Companies would collect and resell information more
discriminately. And people who cherish their digital privacy would have
the means to protect it -- which is as it should be."
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 16 Feb 1996 16:23:39 -0600 (CST)
Subject: Congress Sets Date for Votes on ID Card Bill
Organization: University of Wisconsin-Milwaukee
Taken from EPIC Alert 3.04 February 16, 1996 Published by the
Electronic Privacy Information Center (EPIC) Washington, D.C.
info@epic.org http://www.epic.org/
The Republican leadership in Congress has set dates for consideration
of two key bills that raise serious privacy issues.
The House has agreed to vote on the controversial Comprehensive
Anti-terrorism Act of 1996 (HR 1710) during the week of March 11-15.
The bill increases the ability of the FBI to conduct wiretaps, use
illegally obtained wiretaps in court, and access travel, purchase and
telephone records without a court order. A previous vote on the bill
was delayed after both liberal and conservative members of Congress
opposed the bill last year. More information is available at:
http://www.epic.org/privacy/terrorism/
The Senate Judiciary Committee has agreed to markup the Immigration
Reform Act of 1996 (S. 269/1394) on February 29. The full House
will vote on HR 2202, the House version of the legislation, on March
18. The bill creates a national registry of all persons in the United
States who are eligible to work. Employers will be required to check
this database before any person can be hired. Several Senators plan to
introduce amendments to require the creation of a national ID card in
addition to the database.
------------------------------
From: lazooli@grove.ufl.EDU
Date: 12 Feb 1996 16:40:14 -0500 (EST)
Subject: Call for Papers
Journal of Technology Law & Policy
University of Florida
College of Law
******************************************
CALL FOR PAPERS
*****************************
Spring 1996
The Journal of Technology Law & Policy is devoted to exploring the
legal and policy issues raised by emerging technology. We invite
contributions of original works for our Spring, 1996 issue. Student
contributions are encouraged.
To promote access to the Journal, the Journal will be published on the
World Wide Web. Submissions to the Journal are encouraged to take full
advantage of this medium. Relevant graphics, sound, and video may be
utilized.
There are no length limitations for submissions. Submissions must
include a copy in electronic form. All citations should be in Bluebook
and endnote form. Please include the URL of any cited information
available online.
Please direct all questions, and submissions to techlaw@grove.ufl.edu
_____________________________
http://grove.ufl.edu/~techlaw
techlaw@grove.ufl.edu
Fax number: (352)-377-7655
Mailing Address:
Journal of Technology Law & Policy
University of Florida
College of Law
P.O. 117640
Gainesville, FL 32611-7640
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 30 Jan 1996 18:45:30 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #015
******************************
.