Date: Fri, 23 Feb 96 16:49:56 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#017
Computer Privacy Digest Fri, 23 Feb 96 Volume 8 : Issue: 017
Today's Topics: Moderator: Leonard P. Levine
Re: Anonymous Remailers are a Virus Spreading Online
Re: Anonymous Remailers are a Virus Spreading Online
Re: Anonymous remailers are a virus spreading online!
Re: Anonymous Remailers are a Virus Spreading Online
Europe Data Protection Directive
Re: Your Computer Is Watching You
Trojan Horse Screensaver
Re: Access to DMV Records by Rental Car Companies
Strange Telemarketing Call
Privacy Effects of CDA
Caller ID: Ameritech -> MCI
JavaScript in Netscape 2.0 Shouldn't Let Me Do This
It's Time To Clarify The Bill of Rights
Northwestern's EECS may be Censoring
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: roman@portal.stwing.upenn.edu (Roman Gollent)
Date: 21 Feb 1996 15:42:56 GMT
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Pennsylvania
References: <comp-privacy8.15.6@cs.uwm.edu> <comp-privacy8.16.6@cs.uwm.edu>
<daveb@iinet.net.au> wrote: One (too?) obvoius defence is to use a
remailer in another country. I greatly doubt if the US Govt. has
subverted a remailer in, say, Finland. The Finnish Govt. might have
something to say about that.
Please explain that to the admin of anon.penet.fi. If the Church of
Scientology can bully admins of systems on foreign soil into giving out
real names and addresses, what's to stop the US government from doing
the same? While I have no doubt that the Church and its mobs of
lawyers has a great deal of power, I'm still under the impression
(perhaps mistaken) that the US government wields even more influence,
especially on an international level. It hasn't happened yet, but it
could.
--
This .sig is a fucking protest. Don't let the assholes in Congress
get away with this abortion of Justice. Feel free to duplicate,
modify and redistribute this .sig, under the condition that the
content remains "indecent". http://www.vtw.org
[moderator: I will leave this signature file in this time, but intend
to censor gratuitous indecent material in the future. Not that I fear
the government but it offends my personal taste.]
------------------------------
From: bruno@cerberus.csd.uwm.edu (Bruno Wolff III)
Date: 21 Feb 1996 18:43:48 GMT
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Wisconsin - Milwaukee
Using multiple remailers is no guarenty of safety even if none of the
machines is compromised. You can still do traffic analysis to connect
anonymous messages to their senders. Delaying messages may help
disguise where traffic is coming from to some extent, but if you send
out anonymous messages that can be identified as being from the same
person, you are giving people a lot of information to work with.
Using sites in over countries is no guarenty either. Governments often
have incentives to cooperate on such matters. The particular example of
Finland was interesting because one of the sites there was forced to
turn over some records matching email addresses to anonymous id numbers
(used for replies).
------------------------------
From: fyoung@oxford.net (F Young)
Date: 22 Feb 96 01:56:18 EST
Subject: Re: Anonymous remailers are a virus spreading online!
Stanton McCandlish <mech@eff.org> said: Only if the message is
encrypted - if not, any users who use a sting remailer as the first
one in the chain are busted. This could hobble the use of
remailers for any public postings in which anonymity is essential.
If the chained message is PGP encrypted in layers (single-receipients)
for the individual remailers in the chain, the first remailer would
only be able to decrypt the top layer, revealling another encrypted
layer and a Request-Remailing-To: field pointing to another remailer.
If the message is a plain text one, then the last remailer will be able
to see the message and the receipient. IMO, if the message is intended
for a known person, then it should be PGP encrypted also, i.e. if it
has to be so secret that it is sent through a chain of remailers.
------------------------------
From: arno@ira.uka.de (Arno Wagner)
Date: 23 Feb 1996 22:05:16 GMT
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Karlsruhe, Germany
References: <comp-privacy8.16.2@cs.uwm.edu>
Roy M. Silvernail (roy@sendai.cybrspc.mn.org) wrote: That's the
reason behind chaining your message through several remailers. The
first remailer in the chain knows your address, but not the
ultimate destination of the traffic. A single uncompromised
remailer in the chain will break the traceability of your message.
Unfortunately that is untrue. If the first and the last remailer
coperate, they can compare the messages routed and discover source and
destination. If it was an anonymous news posting, the first remailer
being corrupt is sufficiently to compromise the sender, as this server
could monitor all newsgroups and recognize messages routed by it. This
schemes needn't use full messages for an initial compare and could
store the full messages on a slow and cheap media like DAT-tapes.
--
Arno Wagner
------------------------------
From: Jacques Lemieux <72470.1055@CompuServe.COM>
Date: 23 Feb 1996 20:34:56 GMT
Subject: Europe Data Protection Directive
Organization: LSE
I am looking for any comment on the European Data Protection Directive.
Any hints for me?
--
Thanks
J. Lemieux, 72470.1055@compuserve.com
------------------------------
From: "anonymous" <levine@blatz.cs.uwm.edu>
Date: 21 Feb 1996 20:25:18 GMT
Subject: Re: Your Computer Is Watching You
Organization: anonymous
References: <comp-privacy8.16.8@cs.uwm.edu>
Please remove my id from this message.
But many PC users may take a dim view of Netscape's failure to draw
their attention to the fact that their behaviour may be tracked i
this way. Moreover, there appears to be only one way to disable
the facility: by manually amending or deleting the COOKIE.TXT file
containing all the cookies.
fyoung@oxford.net (F Young) writes: Is that all? I'm not
overlooking the potential privacy problem with this Netscape
implementation, but someone can write a very simple script to do a
DEL COOKIE.TXT say everytime Netscape is loaded or unloaded. Would
that solve the problem?
Since finding out about this I've deleted the cookies in the file and
made the file read only (using DOS attrib). This allows the software to
rad an empty file. So far this technique is working.
------------------------------
From: taxhaven@ix.netcom.com (Adam Starchild )
Date: 22 Feb 1996 04:56:30 GMT
Subject: Trojan Horse Screensaver
Organization: Netcom
Taken from Information Week for February 19, 1996:
Charge It? Not So Fast
First Virtual Holdings has devised a PC application that masquerades as
a screen saver but actually steals the user's credit-card number as
it's typed into the computer.
The purpose of this ruse, says Nathaniel Borenstein, chief scientists
at First Virtual in San Diego, is to highlight vulnerabilities in
online services that let folks make purchases over the Internet. First
Virtual markets electronic commerce services and software that encrypts
sensitive transactions that travel on the Internet and the World Wide
Web.
The First Virtual program is only one step away from being able to
actually grab credit-card numbers and transmit them over the Net for
nefarious purposes, one analyst says. "We thought only the National
Security Agency could do this," said a government official after a
recent demo.
Which begs the question: Why would Uncle Sam want to do that?
--
Posted by Adam Starchild
Asset Protection & Becoming Judgement Proof at
http://www.catalog.com/corner/taxhaven
------------------------------
From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500)
Date: 22 Feb 96 07:26:50 EST
Subject: Re: Access to DMV Records by Rental Car Companies
References: <comp-privacy8.14.7@cs.uwm.edu>
(Bernie Cosell) <bernie@fantasyfarm.com> said: <snip> [and on the
other hand, considering the nature of rental cars and the
competition therein, I can't imagine that some rental car agency
won't offer a deal like that [or just not check driving records at
all] --- you may not be able to rent from Hertz and friends, but
I"d guess that you'll still be able to get something from one of
the small fry outfits...
Actually, while this might be true, I'd be surprised. The smaller
outfits tend to be *more* restrictive due to liability issues (this is,
of course, making the assumption that a bad driving record implies an
increased chance of you doing something that will result in a lawsuit;
I'm not prepared to debate or defend that, and would argue with it
myself in some circumstances, but neither insurance companies nor car
rental agencies are likely to dispute it).
For example, Hertz has a (probably several) blanket policies such that
if you refuse the extra coverage and run over a kindergarten class, and
20+ parents sue both you AND HERTZ (which they will!), there will be an
insurance company involved on Hertz's behalf.
Small companies, on the other hand, can't afford these policies (or at
least not as large policies) and thus tend to require more in the way
of proof of insurance from renters.
ObTrueStory: In August '95 I was in Orlando at a conference. Made
reservation myself with National; travel agent (and friend) said she
could perhaps do better, so I said fine, no problem. She called back
and said she had an "off-airport" rental, was that OK? I said sure,
I'll try it *this once* (having been advised against same in the
past).
To make a long story semi-short (leaving out the logistical problems
with it being off-airport), I was in line behind a family at the
alleged car rental agency. When it was their turn, the agent demanded
proof of insurance. They didn't have it with them, and were, um, not
very happy to be refused the rental. I was feeling smug, as mine was
in my wallet; imagine my surprise when *I* was refused the rental
because my insurance card didn't specify that I carry comprehensive!!!
The agent refused to call GEICO to answer his questions (interesting --
I could, of course, print myself a nice card saying I have a billion$
of liability and comp and forth, but he wouldn't make a phone call to
verify it), and kept saying "This isn't proof of insurance", despite
the fact that it *is* (as verified by police a few months later when I
was in a car accident).
The denouement is that I (eventually) got back to the terminal, walked
up to National, used my alt.reservation, and was in a car in 5 minutes
(two hours after the flight landed, however).
Moral: never, never, never, never rent off-airport unless you (a) can't
afford a real car rental agency (b) have lots of time and (c) have
proof of lots of insurance.
It's also worth noting -- not directly relevant to this discussion, but
wrt competition among car rental agencies -- that in 10+ years of
fairly heavy travel, I've *never* been able to figure out what
"competition" means in that business. Call 5 companies (say, Hertz,
Avis, National, Alamo, Dollar) for the same reservation and get 5
*wildly* differing prices (by a factor of 2, sometimes!) -- with no
consistency, i.e., Hertz is sometimes the highest, sometimes the
lowest.
But I digress.
--
phsiii
------------------------------
From: Mark.E.Anderson@att.com (Mark Anderson)
Date: 22 Feb 1996 13:26:24 -0600
Subject: Strange Telemarketing Call
The other day I received this very strange telemarketing call that I
thought might interest this list. Unlike some people, for some reason
I don't get too many of these calls. It could be because I'm somewhat
careful about giving out personal information.
Anyway, this person calls asking me to participate in some market
research and insists he didn't want to sell me anything. He claimed he
wanted my 'ideas' about photography. This instantly set off a few
alarms inside of me since I'm currently setting up a studio and have
recently purchased a lot of photo equipment. I agreed to do the survey
if he told me where he got my name from. He hemmed and hawed (sp?) and
said "Kodak" in a way that indicated it was the only photo company he
could think of.
So he transfers me to another person who will be my 'interviewer.' The
interviewer then announces that in order for him not to have to take
notes he wanted to record the conversation. I told him to take notes.
He then started to get nasty and insisted that the conversation be
recorded and that it would be totally "confidential." At that point I
terminated the conversation since they seemed to be getting awfully
legalistic for a lousy survey. Plus, they knew me and I wasn't quite
sure whether they lied about their identity.
Has anyone else heard of a market research survey that had to be
recorded? I've done telephone recordings for insurance depositions
before but it seems odd to cold call someone and demand of them to be
recorded.
--
Mark Anderson
mea@ihgp.att.com
------------------------------
From: arobson@case.cyberspace.com (Andrew Robson)
Date: 22 Feb 1996 13:38:04 -0800 (PST)
Subject: Privacy Effects of CDA
I have seen relatively little on the privacy impacts of the CDA which
may be as important as the chilling effects on free speech. This was
brought home when I read:
In RISKS DIGEST 17.74 padgett@tccslr.dnet.mmc.com (A. Padgett
Peterson) wrote: Along the way we are going to need some sort of
Internet "proof of age"- in the form of a cryptographic ID in which
some agency verifies that the holder is of legal age in the state
of residence. True, there will be screams from the rabid right but
is necessary like a drivers license - you do not have to have one,
but if you want to drive a car...
Indeed, if "adult" is not the default condition for network access,
every access of questionable material will be traceable to the
individual. There is no way to separate proof of age from one's
identity.
Collecting data on accesses to web sites is done now for marketing
reasons; see the recent posting "Tracking Sales Leads on the Internet"
in comp.society.privacy. If available, personal identification
information would no doubt be retained for its value in correlating
interests.
Some issuers of the proof of age might promise to delete the linkage,
but that would cease to be blind as soon as you took any action, such
as buying something, that would tie the proof of age certificate to a
name and address.
Andy
------------------------------
From: cbarnard@cs.uchicago.edu (Christopher L. Barnard)
Date: 23 Feb 1996 03:09:49 GMT
Subject: Caller ID: Ameritech -> MCI
Organization: Univ. of Chicago Computer Science Dept.
Just another data point for those interested in Caller ID
interoperability. I phoned an 800 number from my private residence
line (Ameritech) and preceded the call with *67. The 800 number was
able to determine my phone number (this was an automated system I was
calling). I phoned Ameritech, who identified the 1-800 number as
belonging to MCI. I phoned MCI, and was bounced around for a while by
a gaggle of operators who clearly didn't want to have to answer my
tough questions. I finally got an operator who basically told me that
it is never safe to assume that caller ID will work when crossing from
one company to another.
Yet another reason to never assume that caller ID blocking will
actually block anything...
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@cs.uchicago.edu / \ anybody could become president. |
| (312) 702-8850 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
| Cyber Rights Now: Accept No Compromise. |
+----------PGP public key available via finger or PGP keyserver---------+
------------------------------
From: Ethan Munson <munson@leinie.cs.uwm.edu>
Date: 22 Feb 1996 21:27:57 -0600
Subject: JavaScript in Netscape 2.0 Shouldn't Let Me Do This
Here's a pointer to a description of yet-another hole in WWW security.
--- Forwarded Message
From: Tom Phelps <phelps@CS.Berkeley.EDU>
Date: 22 Feb 1996 16:08:35 -0800
To: net.cool@ginsberg.CS.Berkeley.EDU
Subject: JavaScript in Netscape 2.0 shouldn't
let me do this, but it does
John Robert LoVerso, OSF Research Institute
After you've visited one of my pages, any of my JavaScript ought to get
scrubbed out of your browser's memory. You wouldn't want that code to
live on, snooping, spying, or stealing?
This is a simple example where I engage some JavaScript that runs in a
(mostly) hidden window. This window persists, and hence, the
JavaScript I wrote persists. From then on, it wakes up every second and
sees what page you are viewing. If you've changed pages, it reports
where you now are back to me via a CGI, which saves information like
this:
(The rest at http://www.osf.org/~loverso/javascript/track-me.html)
-- End of Forwarded Message
------------------------------
From: jwarren@well.com (Jim Warren)
Date: 21 Feb 1996 15:20:34 -0800
Subject: It's Time To Clarify The Bill of Rights
As I have gotten older, I have become increasingly loathe to invest
time or energy in action unless it can have lasting or binding impact.
This can!
After the 1994 Democratic Congress mandated a pervasive
half-billion-dollar national wiretap system, many of us helplessly
howled. After the 1996 Republican Congress enacted the Communications
"Decency" Act, we howled again.
Some government enforcers are zealously urging prohibitions against
secure personal privacy protection in the form of uncrackable
cryptography. Others oppose anonymous electronic communication and
publishing, even though everyone from corporate and government
whistle-blowers to the still-unknown authors of the Federalist Papers
have found just cause to publish anonymously. Other threats to our
nation's traditional freedoms have already been proposed, under the
excuse that they involve modern communications and information
technologies.
More of the nation's press have finally even begun to show some
concern. And, responding to the vague censorship mandates of the
Communications Decency Act, Senator Patrick Leahy has proposed
"anti-decency" legislation to "fix" it.
We need more than this small "fix."
THE TIME IS NOW RIPE for us to urge him and other liberal and
conservative legislators who *do* believe in a strong Bill of Rights
(even in modern times) to introduce a bill that is much more
appropriate -- for today and tommorrow -- and one that is much more
politically defensible.
With impressive foresight, it was first proposed in 1991 by Harvard Law
School's Professor Laurence Tribe, who has repeatedly been mentioned as
a possible Supreme Court nominee. For the first time in his entire
career as a internationally-renown Constitutional scholar, he proposed
a constitutional amendment:
"This Constitution's protections for the freedoms of speech,
press, petition, and assembly, and its protections against
unreasonable searches and seizures and the deprivation of life,
liberty or property without due process of law shall be
construed as fully applicable without regard to the
technological method or medium through which information
content is generated, stored, altered, transmitted or
controlled."
Professor Tribe proposed that this be our 27th Amendment on 3/26/91,
during his keynote address at the First Conference on Computers,
Freedom & Privacy, in Burlingame CA. It was published in the
conference's proceedings (now out of print) and in The Humanist,
Sep/Oct'91, pp.15-20,39.
Let us -- as individuals and through our organizations, liberal and
conservative -- NOW urge our federal legislators, our congressional
candidates and our presidential candidates to *promptly* introduce and
pass this as a constitutional amendment, for which the need is becoming
increasingly clear.
Contact your Senators, Representatives and President -- and those
candidates who hope to be. Contact the leaders in your professional,
civic and political organizations that might give a damn about the Bill
of Rights ... even in the 21st Century.
--
Jim Warren, GovAccess list-owner/editor (jwarren@well.com) Advocate &
columnist, MicroTimes, Government Technology, BoardWatch, etc. 345
Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>
[puffery: Dvorak Lifetime Achievement Award (1995); James Madison
Freedom- of-Information Award, Soc. of Professional Journalists -
Nor.Cal. (1994); Hugh Hefner First-Amendment Award, Playboy Foundation
(1994); Pioneer Award, Electronic Frontier Foundation (its first year,
1992); founded the Computers, Freedom & Privacy confs, InfoWorld; blah
blah blah :-).] Apologies for the spam. It *does* seem important.
Please recirculate freely.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 23 Feb 1996 12:45:30 -0600 (CST)
Subject: Northwestern's EECS may be Censoring
Organization: University of Wisconsin-Milwaukee
I saw this on the fight censorship mailing list:
From: Cecelia A Clancy <cacst9+@pitt.edu>
Date: 21 Feb 1996 21:27:18 -0500 (EST)
Subject: Northwestern's EECS may be censoring
Some time ago, I noticed that an omninous notice suddely started
popping up whenever I fingered anybody with an account on the
Northwestern (NU) Electrical Engineering and Computer Science (EECS)
host of eecs.nwu.edu. It does not matter who in EECS you finger, you
get the same message. Since we have been discussing Zu"ndel, I'll
show you the finger of a NU Revisionist who happens to be in EECS:
===================================================================
[delta.eecs.nwu.edu]
This system is for the use of authorized users only. Individuals using
this computer system without authority or in the excess of their
authority are subject to having all their activities on this system
monitored and recorded by system personnel. In the course of
monitoring individuals improperly using this system or in the course of
system maintenance, the activities of authorized user may also be
monitored. Anyone using this system expressly consents to such
monitoring and is advised that if such monitoring reveals possible
evidence of illegal activity or violation of University regulations
system personnel may provide the evidence of such monitoring to
University authorities and/or law enforcement officials.
Login name: butz In real life: Arthur R. Butz
Directory: /homes/butz Shell: /bin/tcsh
Last login Wed Feb 21 09:00 on zoobear from zoobear.eecs.nwu
No unread mail
No Plan.
====================================================================
Finger Butz at his general NU account, and you don't get this:
=====================================================================
[casbah.acns.nwu.edu]
Login name: abutz In real life: Arthur Butz
Work phone:
Directory: /home/u3/abutz Shell: /usr/bin/csh
Never logged in.
No Plan.
=====================================================================
And merle.acns.nwu.edu gets:
=====================================================================
[merle.acns.nwu.edu]
Login name: pokey In real life: Alex Oh
Directory: /home/u4/pokey Shell: /bin/csh
On since Feb 20 17:12:45 on ttyr5 from jon107102.res-ha
3 hours 32 minutes Idle Time
Project: Goo goo gah gah goo gee geh....goo hoo jah gah jah geh goo? Geeee! =]
Plan:
"For God so loved the world that he gave his one and only
Son, that whoever believes in him shall not perish but have
eternal life. For God did not send his Son into the world to
condemn the world, but to save the world through him. Whoever
believes in him is not condemned, but whoever does not believe
stands condemned already because he has not believed in the
name of God's one and only Son. This is the verdict: Light has
come into the world, but men loved darkness instead of light
because their deeds were evil. Everyone who does evil hates
the light, and will not come into the light for fear that his
deeds will be exposed. But whoever lives by the truth comes
into the light, so that it may be seen plainly that what he
has done has been done through God."
(John 3:16-21 NIV)
NOTE: My computer terminal is fused to the network, so if I do not respond
to your talk requests, it is not because you are an ugly, self-righteous,
stinking, immoral pagan with no purpose or direction in life, but simply
because I am either asleep, eating, or at the loo...
========================================================================
--
Cecelia Clancy
University of Pittsburgh
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 30 Jan 1996 18:45:30 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #017
******************************
.