Date: Mon, 15 Apr 96 06:24:36 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#032
Computer Privacy Digest Mon, 15 Apr 96 Volume 8 : Issue: 032
Today's Topics: Moderator: Leonard P. Levine
Re: Robert Arkow vs CompuServe and CompuServe Visa
Re: USENET Reposters: Privacy and Copyright Concerns
Re: USENET Reposters: Privacy and Copyright Concerns
Re: USENET Reposters: Privacy and Copyright Concerns
Re: USENET Reposters: Privacy and Copyright Concerns
Re: Copyright of Usenet Articles
Re: Copyright of Usenet Articles
Re: Caller ID in California
Re: Increasingly Intrusive Capability
Deja News
JAVA
Re: White Pages on the Net
Re: White Pages on the Net
Recent Primenet Spam
Conferences/Events of Interest
FAQ on Where to get PGP
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 12 Apr 1996 00:02:28 -0400
Subject: Re: Robert Arkow vs CompuServe and CompuServe Visa
Organization: America Online, Inc. (1-800-827-6364)
References: <comp-privacy8.31.9@cs.uwm.edu>
I am looking for information on Robert Arkow and his lawsuit
against CompuServe and CompuServe Visa. The information I have to
date is that the lawsuit was filed, however I need to know what the
outcome was or if it is still pending. Do you have such
information, and if so, could you please let me know where I can
find it?
As a member of Private Citizen, Inc. Robert Arkow has, to date,
collected over $8,000 from organizations as a result of telemarketing
related issues.
The matter concerning Compuserve that you are inquiring about is no
longer pending. Mr. Arkow's e-mail address is rarkow@themall.net
--
Robert Bulmash
Private Citizen, Inc.
http://webmill.com/prvtctzn/home
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 12 Apr 1996 09:12:34 -0400
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
andypajta@aol.com (AndyPajta) wrote: But, while we can argue about
fair use of reposting, certainly if someone takes my thoughts and
puts them on a CD and sells it, that's some sort of infringement.
Yes?
What if you post your thoughts on the bulletin board at the
supermarket, them someone photographs the whole bulletin board and
publishes that?
What if someone publishes a photo of the sidewalk view of the movie
theater, capturing images of the copyrighted playbills posted thereto?
Surely copyright disputes must be interpreted in accordance to the
total content and purpose of the allegedly infringing work.
An anthology that includes your short story without permission would
overstep the line of what is permitted. AltaVista, which archives and
indexes everyone's posts, does not overstep the line. At least IMHO.
However, I'm not a lawyer so my HO doesn't count for much.
--
Dick Mills +1(518)395-5154 O- http://www.pti-us.com
AKA dmills@albany.net http://www.albany.net/~dmills
------------------------------
From: forags@nature.Berkeley.EDU (Al Stangenberger)
Date: 12 Apr 1996 15:57:02 GMT
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Organization: U.C. Forestry & Resource Mgt.
References: <comp-privacy8.31.5@cs.uwm.edu>
Patrick Crumhorn (patrik@io.com) wrote: The problem here is that
"middle C" is not a composition, but a frequency (of 256 Hertz, if
memory serves correctly). And over the past several years, the US
government has ruled that actual ownership of specific frequencies
is indeed legal, and protected by law. [...] The bottom line,
though, is that if Mr. Sherman were alive today, he very well
*could* get the legal rights to the frequency of 256 Hz, and anyone
attempting to modulate a signal on that frequency might very well
have to pay a license fee to Mr. Sherman. So his whimsy has bme
reality.
There's a basic difference between the government's legal right to
allocate electromagnetic signals and the question of copyrighting a
sound wave of a specific frequency. If I wanted to get rich, I would
file for copyright of the sound frequency of 60 hertz -- get royalties
from every humming power transformer and fluorescent light ballast in
the country!
--
Al Stangenberger Univ. of California at Berkeley
forags@nature.berkeley.edu Dept. of Env. Sci., Policy, & Mgt.
BITNET: FORAGS AT UCBNATUR 145 Mulford Hall # 3114
(510) 642-4424 FAX: (510) 643-5438 Berkeley, CA 94720-3114
------------------------------
From: peter@nmti.com (Peter da Silva)
Date: 12 Apr 1996 01:36:24 GMT
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Organization: Network/development platform support, NMTI
References: <comp-privacy8.31.3@cs.uwm.edu>
paul@TDR.COM (Paul Robinson) writes: If you posted an article that
you are the owner, it would presume that you gave permission for
its distribution.
AndyPajta <andypajta@aol.com> wrote: Yes, to a SPECIFIC site
You requested (yes, requested) that your message be distributed all
over the world, to sites you have never heard of, and now you want us
to believe that you didn't want that to happen, that you only wanted
your posts to be on one site (America Online, I assume).
Your analogy of a USA Today letter further substantiates my point
because they say.. ALL LETTERS BECOME PROPERTY OF USA TODAY
AltaVista doesn't claim to hold the copyright to your postings.
They are simply a news server that lets anyone read and has no expire.
Web pages are a different matter, because they were intended to be read
from one site. Usenet type broadcasting is a different matter.
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
------------------------------
From: bcn@world.std.com (Barry C Nelson)
Date: 15 Apr 1996 07:07:36 GMT
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Organization: The World Public Access UNIX, Brookline, MA
References: <comp-privacy8.31.3@cs.uwm.edu>
paul@TDR.COM (Paul Robinson) writes: If you posted an article that
you are the owner, it would presume that you gave permission for
its distribution.
AndyPajta <andypajta@aol.com> wrote: Yes, to a SPECIFIC site--I
choose my audience and that is what *I allowed*. Any other use was
*NOT* authorized.
When you publish, even for free, you should expect your words to make
it to every possible reader. Most publishers even hope for wider
dissemination. Nobody needs permission to forward a broadcast message,
since we're all just part of the expectable method of broadcast the
sender initiated.
an author must explicity give-up copyright. There is noting implied
in copyright law.
True, but copyright and contacts go hand in hand.
A contract can be implied. A license to make copies can be an implied
contract: you give me the information and I'll distribute it for free,
if you promise to distribute my information for free when I give it to
you.
The NII white paper and legislation propose making the digital
transmission equivalent to copying (reproduction), the exclusive right
of the owner. We're not talking clip art here; we're talking about
digital transmission of entertainment which is currently worth billions
of dollars, be it music, movies, real-audio, or games.
--
BCNelson (not a lawyer)
------------------------------
From: peter@nmti.com (Peter da Silva)
Date: 12 Apr 1996 01:46:40 GMT
Subject: Re: Copyright of Usenet Articles
Organization: Network/development platform support, NMTI
References: <comp-privacy8.31.8@cs.uwm.edu>
Martin Kealey <martin@kcbbs.gen.nz> wrote: To me, this means that
after 2 years I can expect to publish another article with the same
message-id, and that it will circulate with out any problem.
Then I recommend that you make a habit of doing so and seeing if it
breaks DejaNews.
I would also like to remind everyone of one of the features of
usenet distribution that seems to have been overlooked in the hue
and cry about DejaNews: the "Expires" header. You can set the
lifetime of your message by including an "Expires" header.
Yes, and most sites have treated it as a hint, or outright ignored it,
for many years. However, it is reasonable to claim that this is in fact
a limit on your requested distribution (requested distribution, not
license... when you post to Usenet, it's the service of carrying your
message that is being licensed) and that a system like DejaNews honor
it.
* include !dejanews.com! somewhere in the "Path" header
* keep a store of 2-year-old message IDs and deliberately
reuse them (we aren't under any obligation to make indexing
easy after all)
* include an Expires header
Excellent ideas. Use Usenet as it exists, don't pretend it's something
it isn't. In addition, you can get your collection of clever
message-IDs from DejaNews itself!
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
------------------------------
From: skg@sadr.com (Keith Graham)
Date: 12 Apr 1996 20:19:53 GMT
Subject: Re: Copyright of Usenet Articles
Organization: MindSpring Enterprises
References: <comp-privacy8.31.8@cs.uwm.edu>
martin@kcbbs.gen.nz (Martin Kealey) writes: [lots deleted about
ways to legally prevent DejaNews from distributing material]
However, if there's a market in "tracking specific user's postings for
HR purposes", to give an example, then companies could keep those
profiles and sell them to any buyer. ("Give us an email address and
we'll give you summaries of their posts!")
It's all legal since they aren't redistributing the posts, and locks
out us mundane people from doing searches.
And that assumes that companies wouldn't do the archive internally
(which also gives them internal search capability for other subjects.)
In the meantime, I can go pull all the quotes that a company
representative made (with the company's account). This is a worthwhile
use, even though it does track a specific user name.
One of the things that should happen, is that college and possibly
local newsgroups shouldn't be archived (and perhaps not even
distributed outside of the college.) That would allow "young minds"
to express themselves, work on their debating style, and "grow up",
without having it come back to haunt them. (I'd hate to think
some of my rants on BBSes and private discussion groups 10 years
ago would surface now.)
But once you've made posts to public, international newsgroups, you're
published, and should take responsibility for that publication. (And
for now at least, you can always change your account and claim that the
posts were from a "different Keith Graham". :-) )
This also stresses the need for anonymous remailers, etc. If you're
posting something you don't want attributed to yourself for privacy
reasons, you shouldn't publish under your real name.
But I don't believe copyright is the way to go about "solving" this
"problem".
--
Keith Graham
skg@sadr.com
------------------------------
From: hermit@cats.UCSC.EDU (William R. Ward)
Date: 12 Apr 1996 21:56:19 GMT
Subject: Re: Caller ID in California
Organization: Computing and Telecommunications Services, UCSC
References: <comp-privacy8.31.6@cs.uwm.edu>
Beth Givens <bgivens@pwa.acusd.edu> writes: The Clearinghouse
offers an 8-page guide called "Caller ID and My Privacy." Consumers
can call (800) 773-7748 (California only, elsewhere 619-298-3396)
to order. The guide provides an in-depth discussion of the many
privacy implications of Caller ID.
Wouldn't it be funny if they use the 800 ANI information to identify
callers?
--
William R Ward Bay View Consulting http://www.bayview.com/~hermit/
hermit@bayview.com 1803 Mission St. #339 voicemail +1 408/479-4072
hermit@cats.ucsc.edu Santa Cruz CA 95060 USA pager +1 408/458-8862
------------------------------
From: bo774@FreeNet.Carleton.CA (Kelly Bert Manning)
Date: 13 Apr 1996 01:19:40 GMT
Subject: Re: Increasingly Intrusive Capability
Organization: The National Capital FreeNet
References: <comp-privacy8.30.9@cs.uwm.edu>
Robert Ellis Smith (0005101719@mcimail.com) writes: How can people
who work daily with computers and know their capabilities simply
shrug whenever a new application comes along that threatens
privacy? "So, what else is new?" they ask. Like Michael
Well, some do and some don't.
There has been at least 1 posting in this group from a "Willis Ware".
I never did discover whether this was the same Willis Ware, member of
the Association for Computing Machinery, who chaired the US HEW
Secretary's Advisory Committee the wrote "Records, Computers and the
Rights of Citizens". Hasn't your newsletter identified this report as
providing the basis of the 1974 US Federal Privacy Act, and of much
State Privacy law in the US?
I also recall going to a Canadian Information Processing Society
meeting back in the 70s and hearing the speaker tell the audience that
if they were asked to work on a computer system that did something they
felt was morally questionable they should consider just saying no. He
said that they may find someone else to do it, but then again they
might not.
The ACM has had a Canon of Ethics for a long time, which has been
identified as dealing with the privacy issue. The Institute of
Electrical and Electronics Engineers, whose Computer Society is in a
dead heat with ACM for being "The First Society in Computing", also has
a Code of Ethics which applies to the privacy issue.
In my own career I'm much more proactive. When I come across privacy
issues I make a declaration of how it will impact my own privacy and
inform my immediate superiors of what action I plan to take, such as
filing a complaint with the ombudsman. At the same time I continue to
provide my usual level of technical support, doing things quickly and
simply that others say can only be done slowly or with great complexity
and effort. The sad fact is that they will usually find someone to get
their job done, so it would be pointless, as well as unethical, to say
that it can't be done, or that it is going to be really hard and
difficult.
What needs to be done is to identify this as a moral issue and
establish that a decision is being made and who is responsible for
making it.
Don't make it easy for them to get rid of a critic by saying that you
are foot dragging or failing to do your best. Also don't bypass normal
reporting channels. I first got in a situation like this back in the
80s when I was working for a service bureau. I sent the client a
courtesy copy of my letter of complaint, and found that they sent a
copy of their initial response to the president of the corporation I
worked for. Well that made the issue visible at the highest level, but
not because I'd bypassed anyone in the hierarchy.
Another difficulty may be the lack of patience that many technical
types have with long drawn out bureaucratic struggles. This issue is
still unresolved, although it should be dealt with during 1996.
In the interim we've seen a report on the issues come out of the
Ombudsman's office and be adopted in large part for a bill that died
when the government got voted out of power, only to resurface and get
passed in modified form by the new government, then going on to a
transition and implementatiion period before taking full effect.
This has not been without it's lighter side. I was a bit disconcerted
to hear the word "ombudsman" mentioned in a loud and disparaging tone
when I emerged from an IBM Guided Learning Course study room to get a
cup of coffee. This came from a group of IBM SEs down the corridor, who
looked startled and scattered to their cubicles when I started walking
toward them. I found this a bit disconcerting, as the person making the
remark had no reason that I knew of the be aware that I had filed a
complaint. It also seemed at odds with what I've read about IBM policy
on privacy and information technology.
--
notice: by sending advertising/solicitations to this account you will
be indicating your consent to paying me $70/hour for a minimum of 2
hours for my time spent dealing with it
------------------------------
From: jenny simmonds <jenny@porky.demon.co.uk>
Date: 13 Apr 96 12:37:03 GMT
Subject: Deja News
Organization: Myorganisation
I am writing an article about Deja News and am interested in hearing
from anyone who thinks it breaches their privacy.
In the interests of fairness, I'd also like to hear from those who
don't think it breaches privacy :-)
^^^^^
--| Jenny Simmonds, Overseas Jobs Express Net columnist |
| Send overseas jobs news to jenny@porky.demon.co.uk |
| Visit our home page at http://www.ahoy.com/oje/ |
------------------------------
From: geosys@digital.net (George)
Date: 13 Apr 1996 13:58:10 GMT
Subject: JAVA
Organization: FLORIDA ONLINE, Florida's Premier Internet Provider
Does JAVA and similar programming languages pose a security problem or
a virus risk? As I understand it, these languages are a modified "C"
which are downloaded with a web page and then execute on the local
(terminal) computer.
What to stop this from implanting a virus? or from sending information
on the system to a remote site? Seems risky to me.
--
George
------------------------------
From: bo774@FreeNet.Carleton.CA (Kelly Bert Manning)
Date: 13 Apr 1996 22:16:00 GMT
Subject: Re: White Pages on the Net
Organization: The National Capital FreeNet
References: <comp-privacy8.31.1@cs.uwm.edu>
"Richard Schroeppel" (rcs@cs.arizona.edu) writes: A nation-wide
white pages has been effectively available for 40 years. Chicago
1955: The biggest downtown department store, Marshall Fields,
maintains a bank of >20 public pay phones on the third floor. Next
to the phones is a set of phone directories for the cities of the
US and Canada. They are well used.
Not to mention the entrepreneur who shipped copies of Canadian Phone
books to the Philliipines for key entry and digital mastering, about 3
years before Lotus cancelled plans for a US white pages CD.
However you got lucky. The problem with ANI and Caller ID is that it
the phone numbers(and geographic location) of the 30 to 60% of homes or
businesses that are not in the Telco Directory.
------------------------------
From: dan@dvl.co.nz (Dan Langille)
Date: 15 Apr 1996 03:41:22 GMT
Subject: Re: White Pages on the Net
Organization: DVL Software Limited
References: <comp-privacy8.31.1@cs.uwm.edu>
I don't see what the problem is with white pages on the Net. It just
speeds things up that used to be manually done.
Is this really an issue? I mean, it's public information anyways? It
doesn't inlude unlisted numbers.
--
Dan Langille
DVL Software Limited
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 15 Apr 1996 01:35:09 -0400
Subject: Recent Primenet Spam
When I complained to the postmaster about this MMF spam I got an
automated reply saying that the account had been hosed and the client
was being billed for labor for dealing with the spam fallout.
My initial request was for ID of the spammer, so that I could pass
along my bill for $140. There was another account address provided for
people who want personal replies. Following that up might have 2
beneficial effects:
make it more expensive to SPAM
make it more labor intensive for ISPs to deal spammers, helping to
build a case for applying spam recognition filters that would halt them
when they go over a threshold of recipients and suspend the account
--
notice: by sending advertising/solicitations to this account you will be
indicating your consent to paying me $70/hour for a minimum of 2 hours for
my time spent dealing with it
------------------------------
From: Susan Evoy <evoy@pcd.Stanford.EDU>
Date: 13 Apr 1996 00:01:59 -0700
Subject: Conferences/Events of Interest
[moderator: this is an edited form of this posting.]
CPSR Members and Friends,
If you are planning to attend one of these conferences, or another that
may be related to CPSR's work, please contact CPSR at cpsr@cpsr.org or
(415) 322-3778 for easy ways for you to be a presence for CPSR.
CONFERENCE /EVENT SCHEDULE
Technological Assaults on Privacy, Rochester, NY, April 18-20, 1996.
Contact: privacy@rit.edu 716 475-6643 716 475-7120 (fax)
Electronic Government: Opportunities in Conducting the People's Business
on the Internet, Fairmont Hotel, San Jose, CA, April 19
Contact: 510 464-7973 http://www.abag.ca.gov
Public Access to the Internet via Libraries: The Promise, Problems, and
Prospects, Harvard University, Cambridge, MA, April 22.
Contact: 508 467-4480 moore@rdvax.enet.dec.com
Security and Privacy, IEEE Symposium, Oakland, CA, May 6-8, 1996.
Contact: sp96@cs.pdx.edu http://www.cs.pdx.edu/SP96
Visions of Privacy for the 21st Century: A Search for Solutions,
Victoria, BC, CANADA, May 9-11, 1996. Contact:
http://www.cafe.net./gvc.foi
Public Access Goes Digital: Building our Communities in the
Information Age, May 10-12, Burlington, VT. Contact:
marisa@cctv.org 802 862-1645
Business Ethics Conference, The Waldorf-Astoria, New York, NY, May
22-24. Contact: 212 339-0345
Society and the Future of Computing (SFC'96), Snowbird, UT, June
16-20. Contact: rxl@lanl.gov http://www.lanl.gov/SFC
Australasian Conference on Information Security and Privacy, New South
Wales, AUSTRALIA, June 24-26. Contact: jennie@cs.uow.edu.au
The Privacy Laws & Business, Cambridge, ENGLAND, July 1-3.
Contact: 44 181 423 1300 44 181 423 4536 (fax)
Advanced Surveillance Technologies II. Ottawa, ON, CANADA, Sept. 17.
Contact: pi@privacy.org
------------------------------
From: mpj@csn.net (Michael Johnson)
Date: 13 Apr 1996 01:27:14 -0600
Subject: FAQ on Where to get PGP
Organization: The Web of Trust
WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ
Revised 11 February 1996
Disclaimer -- I haven't recently verified all of the information in
this file, and much of it is probably out of date.
For questions not covered here, please read the documentation that
comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the
alt.security.pgp news group.
WHAT IS THE LATEST VERSION OF PGP?
Viacrypt PGP (commercial version): 2.7.1 (4.0 is due out Real Soon Now)
MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2
Staale Schumacher's International variant: 2.6.3i for non-USA; 2.6.3 for USA
WHERE CAN I GET VIACRYPT PGP?
Just call 800-536-2664 and have your credit card handy.
WHERE IS PGP ON THE WORLD WIDE WEB?
http://web.mit.edu/network/pgp-form.html
(U. S. PGP primary distribution site)
http://web.mit.edu/network/pgpfone
(PGP Fone primary distribution site)
http://www.ifi.uio.no/pgp
(International PGP primary distribution site)
http://www.csua.berkeley.edu/cypherpunks/home.html
WHERE CAN I FTP PGP IN NORTH AMERICA?
If you are in the USA or Canada, you can get PGP by following the
instructions in any of:
ftp://net-dist.mit.edu/pub/PGP/README
ftp://ftp.csn.net/mpj/README.MPJ
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.wimsey.bc.ca/pub/crypto/software/README
WHERE IS PGP ON COMPUSERVE?
GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.
AOL
Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed
above. It is possible to get PGP from ftp sites with hidden
directories with the following trick: (1) View the README file with
the hidden directory name in it, then quickly (2) Start a new ftp
connection, specifiying the hidden directory name with the ftp site's
address, like ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where
the xxxxxxx is replaced with the current character string).
WHAT BULLETIN BOARD SYSTEMS CARRY PGP?
MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.
US
303-343-4053 Hacker's Haven, Denver, CO
303-772-1062 Colorado Catacombs BBS, Longmont CO
8 data bits, 1 stop, no parity, up to 28,800 bps.
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
Login First Name: PGP Last Name: USER Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
Login name: PGP USER Password: PGP
506-457=0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas
GERMANY
+49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP
WHERE CAN I FTP PGP CLOSE TO ME?
DE
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/
ftp://ftp.uni-kl.de/pub/aminet/util/crypt
ftp://ftp.uni-paderborn.de/pub/aminet/util/crypt
ES
ftp://goya.dit.upm.es
IT
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP
FI
ftp://ftp.funet.fi/pub/crypt
NL
ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NZ
ftp://ftphost.vuw.ac.nz
SE
ftp://leif.thep.lu.se
TW
ftp://nctuccca.edu.tw/PC/wuarchive/pgp/
UK
ftp://ftp.demon.co.uk/pub/amiga/pgp
ftp://ftp.ox.ac.uk/pub/crypto/pgp
ftp://src.doc.ic.ac.uk/aminet/amiga-boing
ftp://unix.hensa.ac.uk/pub/uunet/pub/security/virus/crypt/pgp
ZA
ftp://ftp.ee.und.ac.za/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?
If you have access to email, but not to ftp, send a message saying
"help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi
WHERE CAN I GET MORE PGP INFORMATION?
http://www.csn.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html
WHAT ARE SOME GOOD PGP BOOKS?
Protect Your Privacy: A Guide for PGP Users
by William Stallings
Prentice Hall PTR
ISBN 0-13-185596-4
US $19.95
PGP: Pretty Good Privacy
by Simson Garfinkel
O'Reilly & Associates, Inc.
ISBN 1-56592-098-8
US $24.95
E-Mail Security: How to Keep Your Electronic Mail Private
"Covers PGP/PEM"
by Bruce Schneier
Wiley Publishing
The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
Protection, and PGP PRivacy Software
by André Bacard
Peachpit Press
ISBN 1-56609-171-3
US $24.95
800-283-9444 or 510-548-4393
THE OFFICIAL PGP USER'S GUIDE
by Philip R. Zimmerman
MIT Press
April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
Standard PGP documentation neatly typeset and bound.
PGP SOURCE CODE AND INTERNALS
by Philip R. Zimmerman
April 1995 - 804 pp. -
US $55.00 - 0-262-24039-4 ZIMPH
How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting Company,
Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13).
IS PGP LEGAL?
Pretty Good Privacy is legal if you follow these rules:
Don't export PGP from the USA except to Canada, or from Canada except
to the USA, without a license.
If you are in the USA, use either Viacrypt PGP (licensed for commercial
use) or MIT PGP using RSAREF (limited to personal, noncommercial use).
Outside of the USA, where RSA is not patented, you may prefer to use a
version of PGP (2.6.3i) that doesn't use RSAREF to avoid the
restrictions of that license.
If you are in a country where the IDEA cipher patent holds in software
(including the USA, Canada, and some countries in Europe), make sure
you are licensed to use the IDEA cipher commercially before using PGP
commercially. (No separate license is required to use the freeware PGP
for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45
Fax: +41 64 56 59 90
e-mail: IDEA@ascom.ch
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.
If you modify PGP (other than porting it to another platform, fixing a
bug, or adapting it to another compiler), don't call it PGP (TM) or
Pretty Good Privacy (TM) without Philip Zimmermann's permission.
WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?
Philip Zimmermann was under investigation for alleged violation of
export regulations, with a grand jury hearing evidence for about 28
months, ending 11 January 1996. The Federal Government chose not to
comment on why it decided to not prosecute, nor is it likely to. The
Commerce Secretary stated that he would seek relaxed export controls
for cryptographic products, since studies show that U. S. industry is
being harmed by current regulations. Philip endured some serious
threats to his livelihood and freedom, as well as some very real legal
expenses, for the sake of your right to electronic privacy. The battle
is won, but the war is not over. The regulations that caused him so
much grief and which continue to dampen cryptographic development, harm
U. S. industry, and do violence to the U. S. National Security by
eroding the First Ammendment of the U. S. Constitution and encouraging
migration of cryptographic industry outside of the U. S. A. are still
on the books. If you are a U. S. Citizen, please write to your U. S.
Senators, Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.
WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?
http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrcs
WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?
PGP can do conventional encryption only of a file (-c) option, but you
might want to investigate some of the other alternatives if you do this
a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for DOS
& UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a few
others.
Quicrypt is interesting in that it comes in two flavors: shareware
exportable and registered secure. Atbash2 is interesting in that it
generates ciphertext that can be read over the telephone or sent by
Morse code. DLOCK is a no-frills strong encryption program with
complete source code. Curve Encrypt has certain user-friendliness
advantages. HPACK is an archiver (like ZIP or ARC), but with strong
encryption. A couple of starting points for your search are:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
HOW DO I SECURELY DELETE FILES (DOS)?
If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
ftp://ftp.csn.net/mpj/public/del120.zip
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip
WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?
The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.
ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip
WHERE DO I GET PGPfone(tm)?
PGPfone is in beta test for Macintosh users. A Windows 95 version is
being developed.
http://web.mit.edu/network/pgpfone
ftp://net-dist.mit.edu/pub/PGPfone/README
ftp.hacktic.nl/pub/pgp/pgpfone
WHERE DO I GET NAUTILUS?
Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a
program called Nautilus that enables you to engage in secure voice
conversations between people with multimedia PCs and modems capable of
at least 7200 bps (but 14.4 kbps is better). See
ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.dsi.unimi.it/pub/security/crypt/cypherpunks/nautilus
ftp://ftp.ox.ac.uk/pub/crypto/misc
HOW DO I ENCRYPT MY DISK ON-THE-FLY?
Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.
Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.
Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.
Cryptographic File System (CFS) is a Unix device driver that uses DES.
http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.demon.co.uk/pub/ibmpc/secdev/secdev14.arj
WHERE IS PGP'S COMPETITION?
RIPEM is the second most popular freeware email encryption package. I
like PGP better for lots of reasons, but if for some reason you want to
check or generate a PEM signature, RIPEM is available at ripem.msu.edu.
There is also an exportable RIPEM/SIG.
ftp://ripem.msu.edu/pub/GETTING_ACCESS
HOW DO I PUBLISH MY PGP PUBLIC KEY?
Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys
with each other. There are other key servers, too.
pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net
WWW interface to the key servers: http://www.pgp.net/pgp/www-key.html
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
For US $20/year or so, you can have your key officially certified and
published in a "clean" key database that is much less susceptible to
denial-of-service attacks than the other key servers. Send mail to
info-pgp@Four11.com for information, or look at http://www.Four11.com/
Of course, you can always send your key directly to the parties you wish to
correspond with by whatever means you wish.
CAN I COPY AND REDISTRIBUTE THIS FAQ?
Yes. Permission is granted to distribute unmodified copies of this FAQ.
Please e-mail comments to mpj@csn.net
Michael Paul Johnson mailto:mpj@csn.net M i k e ><> ><> ><>
PO Box 1151 http://www.csn.net/~mpj
Longmont CO 80502-1151 Colorado Catacombs BBS 303-772-1062 Jesus is Lord!
mpj8:F25EA1C1A6CFEF71 121F91926AEDAEA9 mpjA:3E67A5800DFBD16A 6D52D3A91C074E41
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Apr 1996 01:35:09 -0400 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #032
******************************
.