Date: Fri, 19 Apr 96 18:02:13 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#033
Computer Privacy Digest Fri, 19 Apr 96 Volume 8 : Issue: 033
Today's Topics: Moderator: Leonard P. Levine
Re: USENET Reposters: Privacy and Copyright Concerns
Re: USENET Reposters: Privacy and Copyright Concerns
Re: USENET Reposters: Privacy and Copyright Concerns
Computer Checking of Australian Air Passengers
Re: Robert Arkow vs CompuServe and CompuServe Visa
Re: Copyright of Usenet Articles
Re: JAVA
Re: JAVA
Re: JAVA
Re: JAVA
Re: Deja News
Re: Deja News
Re: Deja News
Re: Deja News
Deja News
Alternatives to SSN
UK Government to Introduce Key Escrow
Sprint Free Fridays - New Exception List
Final Call for Papers - Colloquium on Personal Information
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: jenny simmonds <jenny@porky.demon.co.uk>
Date: 15 Apr 96 12:30:36 GMT
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Organization: Myorganisation
References: <comp-privacy8.32.2@cs.uwm.edu>
rj.mills@pti-us.com "Dick Mills" writes: What if you post your
thoughts on the bulletin board at the supermarket, them someone
photographs the whole bulletin board and publishes that?
What if you make a speech at a public gathering and all the TV, radio
and newspaper people report it at great length? (you should be so
lucky)
------------------------------
From: Richard_Lee@ssw.mclean.sterling.com (Richard A Lee)
Date: 15 Apr 1996 20:25:10 GMT
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Organization: Sterling Software ITD, McLean, VA
References: <comp-privacy8.30.5@cs.uwm.edu> <comp-privacy8.31.4@cs.uwm.edu>
peter@nmti.com (Peter da Silva) writes: Some years later a company
named Sterling Software started selling Usenet feeds on CDROM.
There was much bitching, but nobody was able to make a convincing
case that this was any different from any other feed. What
happened to them, anyway?
Sterling Software is alive and doing very well, thank you. It used to
put articles from software-related groups onto CDROMs and sell them,
but got out of that business some time ago. There are probably other
companies out there doing it now, but I wouldn't know who.
--
Richard Lee rlee@mclean.sterling.com Sterling Software, McLean VA
"Don't take life so serious, son... It ain't NOHOW permanent."
------------------------------
From: "James Brady" <jlbc@eci-esyst.com>
Date: 16 Apr 1996 15:37:50 -0400
Subject: Re: USENET Reposters: Privacy and Copyright Concerns
Patrick Crumhorn wrote: Well, Allan Sherman's (admittedly humorous)
attempt at copyrighting the note "middle C" would not pass the
eight-bar test, if judged as a musical composition, true.
The problem here is that "middle C" is not a composition, but a
frequency (of 256 Hertz, if memory serves correctly). And over the
past several years, the US government has ruled that actual
ownership of specific frequencies is indeed legal, and protected by
law.
The problem here is in the type of frequency. "Middle C" is only a
valid definition of an AUDIO frequency. It is not a RADIO frequency
governed by the FCC or any other governmental body. Let's keep the
spectrum straight in our discussions.
Ownership of Radio Frequencies _for_communications_ (the Middle C of
FCC) is a legitimate, method of managing a phenomenon that requires
some technological means to generate and/or receive it.
Ownership of "Middle C" in the audio spectrum is just plain silly since
it is a naturally occuring phenomenon in human speech and various
sounds of nature.
As for Mr. Sherman's copyright, I suppose if a particular song had
eight bars of nothing but "Middle C" in the melody, it would pass the
test and be subject to an infringement suit which would probably not
net anything of value since such a monotonous song would not sell a
whole lot of copies. I doubt if even Gregorian chants change notes
THAT slowly....
------------------------------
From: taxhaven@ix.netcom.com (Adam Starchild )
Date: 15 Apr 1996 15:30:10 GMT
Subject: Computer Checking of Australian Air Passengers
Organization: Netcom
Taken from The Financial Times (London), April 15, 1996:
A swipe at queues
Travel News by Roger Bray
Qantas is to launch a new passport and visa checking system in
Sydney which could cut queues for first- and business-class passengers
by an average of 20 minutes. At check-in, passengers' details are
flashed to Canberra for instant verification. Information such as the
passenger's name, passport number and date of birth is then
automatically printed on a boarding pass- style card. The card has a
magnetic strip with an identification number which allows immigration
officers to swipe it through electronic scanners. The system, already
in place for transferees and those arriving from Los Angeles, Auckland
and Hong Kong, will be available to all departing passengers.
--
Posted by Adam Starchild
The Offshore Entrepreneur at http://www.au.com/offshore
------------------------------
From: eck@panix.com (Mark Eckenwiler)
Date: 15 Apr 1996 13:36:36 -0400
Subject: Re: Robert Arkow vs CompuServe and CompuServe Visa
Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law
References: <comp-privacy8.31.9@cs.uwm.edu>
Urs.Gattiker@uniBW-Hamburg.de sez: I am looking for information on
Robert Arkow and his lawsuit against CompuServe and CompuServe
Visa. The information I have to date is that the lawsuit was
filed, however I need to know what the outcome was or if it is
still pending. Do you have such information, and if so, could you
please let me know where I can find it?
The case settled on undisclosed terms. For more on Arkow and the legal
issues he raised re the application of the TCPA (federal anti-junk-fax
law) to junk e-mail, see my article at
http://techweb.cmp.com/net/issues/036issue/036law.htm
--
Sold by weight, not by volume.
Some settling of contents may have occurred during shipment and handling.
Mark Eckenwiler eck@panix.com
------------------------------
From: Jonathon Blake <grafolog@netcom.com>
Date: 16 Apr 1996 02:55:39 +0000 (GMT)
Subject: Re: Copyright of Usenet Articles
skg@sadr.com (Keith Graham) said: However, if there's a market in
"tracking specific user's postings for
I knew somebody who started doing this three or so years ago. << I've
since lost contact with them. >>
HR purposes", to give an example, then companies could keep those
profiles and sell them to any buyer. ("Give us an email address
and we'll give you summaries of their posts!")
The claim was they could provide this service by scanning UUCP
newsgroups, FidoNet, RIME, and several other networks that were
distributed using Fido Technology and QWK technology.
It's all legal since they aren't redistributing the posts, and
locks out us mundane people from doing searches.
There was a legal problem, but I don't remember if it was RIME, Fido or
UUCP Newsgroups that were the problem.
And that assumes that companies wouldn't do the archive internally
(which also gives them internal search capability for other
subjects.)
A few do, most don't yet do it. Within five years I expect it will be
as common as pulling a credit report on a proposed new hire currently
is.
One of the things that should happen, is that college and possibly
local newsgroups shouldn't be archived (and perhaps not even
distributed outside of the college.) That would allow "young
minds"
That is a good idea. But as the spread of such newsgroups as
netcom.shell.general have shown, just because the site states something
to be a violation of the terms of service, and the newsgroup is not
provided to UUCP feeds, and posts usually have the "Distribution:
netcom" header, they still leak.
some of my rants on BBSes and private discussion groups 10 years
ago would surface now.)
I doubt those from ten years ago would surface now. Five years ago,
possible --- probable if you get into some major flamefests then.
for now at least, you can always change your account and claim that
the posts were from a "different Keith Graham". :-) )
And if somebody has the time, or the money to pay somebody, the post
made by the alleged "different Keith Graham" can be proved to be made
by the "same Keith Graham" that is using a new, different account.
This also stresses the need for anonymous remailers, etc. If
you're posting something you don't want attributed to yourself for
privacy
Agreed.
-
jonathon
grafolog@netcom.com
------------------------------
From: Barry Margolin <barmar@tools.bbnplanet.com>
Date: 15 Apr 1996 23:33:46 -0400
Subject: Re: JAVA
Organization: BBN Planet Corp., Cambridge, MA
References: <comp-privacy8.32.11@cs.uwm.edu>
George <geosys@digital.net> wrote: What to stop this from
implanting a virus? or from sending information on the system to a
remote site? Seems risky to me.
Java has built-in restrictions that are supposed to prevent it from
being used to implant viruses or send information to remote sites. A
Java applet shouldn't be able to read and write arbitrary files or make
random network connections.
--
Barry Margolin
BBN PlaNET Corporation, Cambridge, MA
barmar@bbnplanet.com
Phone (617) 873-3126 - Fax (617) 873-6351
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 16 Apr 96 14:11 EDT
Subject: Re: JAVA
Organization: I.E.C.C., Trumansburg, N.Y.
Does JAVA and similar programming languages pose a security problem
or a virus risk?
Java is designed to make it possible to run downloaded applets
securely. Your browser or whatever can statically scan the applets it
loads to make sure they're logically valid, e.g. no writing to other
people's memory or stuff like that. By default an applet can't read or
write any files and can only communicate with the host it was loaded
from. The guy who designed Java has been around the block enough times
that he's thought out these issues pretty well.
Nonetheless, it seems that with Java we are once again discovering how
many different covert channels there are lurking about on your typical
computers. None of the problems I've heard of are flaws in the basic
Java design, but rather assumptions it makes in the environment in
which it'll be run. For example, Java works by gluing different
modules (classes in OO-speak) together, and it assumed that modules
loaded from the client's local disk were secure. Except that lots of
systems have public "incoming" directories into which anyone can upload
a file. Oops.
The usenet group comp.lang.java has a vigorous discussion of Java
issues going at all times, for people who want to investigate further.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: Shannon Wenzel <s_wenzel@ix.netcom.com>
Date: 18 Apr 1996 21:27:32 -0400
Subject: Re: JAVA
Organization: Netcom
References: <comp-privacy8.32.11@cs.uwm.edu>
George wrote: Does JAVA and similar programming languages pose a
security problem or a virus risk? As I understand it, these
languages are a modified "C" which are downloaded with a web page
and then execute on the local (terminal) computer. What to stop
this from implanting a virus? or from sending information on the
system to a remote site? Seems risky to me.
JAVA does pose a security risk for Internet users. Several JAVA-related
bugs have been identified as related to NETSCAPE 2.0 which is the first
browser (HotJAVA was truly first but only implemented alpha and beta
versions of JAVA) to have JAVA capabilities.
The JAVA language does provide security features, however.
Specifically, java apps "load" on your computer. These apps require
libraries of classes to execute on your computer. If you look in the
NETSCAPE directory, you will find a JAVA subdirectory that contains
these libraries. That does not mean you can write JAVA apps using
NETSCAPE, just that you can execute JAVA apps under NEYSCAPE.
The JAVA apps are designed to call these libraries. The security
feature prevents strange libraries from downloading to your computer --
in ideal circumstances. In addition, the current version of JAVA
prevents reading and writing local files (i.e., the files on your
computer).
JAVA is a language undergoing continuous evolution and development.
Yes, you should be concerned about current JAVA apps but no more
concerned than about other virus delivery methods. SUN has a real
interest in defeating these security risks if they want to truly
supplant C, C++, and VB.
--
/////////////////////////////////////////////////////////////////////
Shannon Wenzel KA3WBH
Princeton, NJ
Is it not possible than an individual may be right and a government
wrong? -- Henry David Thoreau
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
------------------------------
From: klanza@world.std.com (Kurt J Lanza)
Date: 19 Apr 1996 20:25:00 GMT
Subject: Re: JAVA
Organization: The World Public Access UNIX, Brookline, MA
References: <comp-privacy8.32.11@cs.uwm.edu>
geosys@digital.net (George) writes: Does JAVA and similar
programming languages pose a security problem or a virus risk? As
I understand it, these languages are a modified "C" which are
downloaded with a web page and then execute on the local (terminal)
computer. What to stop this from implanting a virus? or from
sending information on the system to a remote site? Seems risky to
me.
Me too. The basic idea seems to be that java code is compiled to a
"byte-code" which is downloaded and executed by a java interpreter on
you system. The interpreter is supposed to stop dangerous things from
happening (assuming all the preferences are set correctly). And if you
think this is safe for the average non-techie user, I have a bridge I
know you'll be interested in. Hope this helps.
--
Kurt J. Lanza <kjl@infor.com>
------------------------------
From: dan@dvl.co.nz (Dan Langille)
Date: 16 Apr 1996 10:08:53 GMT
Subject: Re: Deja News
Organization: DVL Software Limited
References: <comp-privacy8.32.10@cs.uwm.edu>
jenny simmonds <jenny@porky.demon.co.uk> wrote: I am writing an
article about Deja News and am interested in hearing from anyone
who thinks it breaches their privacy. In the interests of
fairness, I'd also like to hear from those who don't think it
breaches privacy :-)
I don't have any problem with Deja News. Anything which I am posting
to UseNet is basically being published on the open market. I feel I
own what I publish. All they are doing is storing it. I don't have a
problem with that. So long as what I write is always attributed to
me.
--
Dan Langille
DVL Software Limited
------------------------------
From: munthali@infi.net
Date: 16 Apr 1996 12:23:34 -0400
Subject: Re: Deja News
Organization: Cerebral Synergy
References: <comp-privacy8.32.10@cs.uwm.edu>
jenny simmonds wrote: I am writing an article about Deja News and
am interested in hearing from anyone who thinks it breaches their
privacy. In the interests of fairness, I'd also like to hear from
those who don't think it breaches privacy :-)
The best explanation I've heard for AltaVista and DejaNews, is that
they are web-based indexing news server with articles that have no
expiry date.
If you don't want your publicly read article to be indexed then
a) don't post it at all to any newsgroups or b) learn to use
"X-No-Archive: Yes" as one of your headers
This should suffice to ensure privacy concerns are met.
--
Donald L Munthali
munthali@infi.net
X-No-Archive: Yes
------------------------------
From: melorama@pixi.com (Mel Matsuoka)
Date: 17 Apr 1996 06:39:27 GMT
Subject: Re: Deja News
Organization: Pacific Information eXchange, Inc.
References: <comp-privacy8.32.10@cs.uwm.edu>
jenny simmonds <jenny@porky.demon.co.uk> wrote: I am writing an
article about Deja News and am interested in hearing from anyone
who thinks it breaches their privacy. In the interests of
fairness, I'd also like to hear from those who don't think it
breaches privacy :-)
I dont see how dejanews breaches anyones privacy. For one thing, if you
dont want anyone to see what you have posted to USENET, why would you
post to USENET at all? If you were going to post to a lascivious
newsgroup, such as alt.sex.stories, etc., you would use an anonymous
remailer if you didnt want anyone to know it was you.
But the biggest reason why this is not an invasion of your privacy is
that dejanews *will not* archive your posting if you add the heading
"X-No-Archive: Yes" to the header fields.
What I think is much more of a privacy breach are are services such as
MapQuest (www.mapquest.com), which lets you graphically "zoom in" on
the location of someone by thier street address, and the wpy.net
service (http://wyp.net/info/search/NA.html) which lets you find anyone
by cross-referencing thier phone number, name, street address, etc.
When used in conjunction with each other, the nefarious applications
become apparant.
--
mel matsuoka <melorama@pixi.com>
PGP public-key available on all internet keyservers
------------------------------
From: markm@xetron.com (Mark Malson)
Date: 18 Apr 1996 20:24:26 GMT
Subject: Re: Deja News
Organization: Xetron Corporation
References: <comp-privacy8.32.10@cs.uwm.edu>
jenny simmonds <jenny@porky.demon.co.uk> wrote: I am writing an
article about Deja News and am interested in hearing from anyone
who thinks it breaches their privacy. In the interests of
fairness, I'd also like to hear from those who don't think it
breaches privacy :-)
I don't ever post anything to Usenet that I wouldn't yell from the top
of my roof. I have no expectation of privacy, therefore I do not think
DejaNews breaches my privacy.
FWIW, I have found DejaNews to be a very valuable tool for searching
UseNet archives in a few ways:
1) to find an old article that I had read and since forgotten,
especially to retrieve vendor phone numbers. I used it just today for
that purpose. I used to depend on the news server to keep them around
long enough, but if it rolled off, it used to be gone forever. Not
anymore.
2) When checking out a company to see if I wanted to work for them, I
used DejaNews once to see what sort of "net presence" that company
had. I figured if they had little presence, then they have no Internet
connection or low bandwidth. If they had presence mainly in, say,
comp.sys.mac.* groups (their main focus), they would have a large basis
of expertise and a desire to be helpful. If their presence was mainly
in, say, rec.travel.cruises, then I figure they're probably _not_ a
very helpful culture, possess little expertise, or are a bunch of
loafers. BTW, I checked out the company I work for _after_ developing
these classifications and was impressed with how my co-workers are
present on the net in areas related to our jobs, and I think my
classification accurately represented my company's culture. NOTE: You
have to know how big the company is to get a good picture, and their
presence must be weighted by their size.
3) DejaNews is useful to news admins because with such a service, the
admin can conserve disk space by eliminating old articles and referring
people to DejaNews for older articles. This lets the admin subscribe to
more newsgroups.
4) I can search newsgroups that my admin does not subscribe to.
IMHO, I think anyone who expects any sort of "privacy" should not open
their window, yell across the street, and then accuse people within
earshot of "eavesdropping". Nor should they use UseNet.
--
Mark Malson
markm@xetron.com
<http://www.xetron.com/~markm>
------------------------------
From: johnb@bird.Printrak.Com (John Bredehoft)
Date: 19 Apr 1996 08:41:33 +0800
Subject: Deja News
Organization: Printrak International Inc.
Jenny Simmonds (jenny@porky.demon.co.uk) wrote: I am writing an
article about Deja News and am interested in hearing from anyone
who thinks it breaches their privacy. In the interests of
fairness, I'd also like to hear from those who don't think it
breaches privacy :-) I would definitely fall in the latter
category. Whatever Deja News, Alta Vista, et al might be, they are
*not* breaches of privacy.
I like to contrast the availability of articles on Deja News to the
availability of cordless phone conversations.
When you use a cordless phone, your intent is to use it to talk to a
single party. Yes, the transmission is broadcast all over the place,
but that is not your intent. Based on intent, I would consider that a
"private" conversation.
However, when you post an article to Usenet, you are intentionally
"broadcasting" to a large number of people. (Some news software
packages explicitly remind you that you are posting to thousands or
millions of machines or whatever the number is now.) When I have posted
articles to alt.fan.kroq (look it up! :) ), I was well aware that the
original message would be read by numerous people at the time that I
posted it. Based on intent, I would *not* consider Usenet postings a
"private" conversation; therefore, no privacy is breached.
The fact that some of the "people" who receive my Usenet postings
(e.g., Deja News and Alta Vista) happen to keep those articles
available for months (eventually, years) does not change the basic fact
that the original conversations were public in the first place. Sure,
one could quibble about ignoring "Expires:" headers and the like, but I
still feel that this is not a *privacy* issue.
One should also remember that Deja News and similar services are not
the only way in which Usenet postings are preserved. Usenet traffic can
also be preserved on an ftp site, or in a Web-accessible digest; I'd
assume that comp.society.privacy postings are accessible via one or
both of these methods.i I don't feel that these violate my privacy,
again since this original posting will be publicly accessible in the
first place.
Well, now it's time to look up Jenny ;) ...
> > --| Jenny Simmonds, Overseas Jobs Express Net columnist | > |
Send overseas jobs news to jenny@porky.demon.co.uk | > | Visit our
home page at http://www.ahoy.com/oje/ |
--
The views of John E. Bredehoft, johnb@printrak.com are not necessarily
those of Printrak International Inc.
"They're faxing, over the Internet, pictures of Madonna and Vanilla Ice."
-Rick Dees
------------------------------
From: Robert Ellis Smith <0005101719@mcimail.com>
Date: 17 Apr 96 20:28 EST
Subject: Alternatives to SSN
Does anyone have ideas and suggestions for alternatives to using Social
Security numbers to manage large personal data bases - methods like
Alpha Search and Soundex? Are there other ways to manage a huge data
base and make matches and retrieve files without using SSNs or even
numerical identifiers?
--
Robert Ellis Smith, Privacy Journal, Providence RI 401/274-7861.
------------------------------
From: rja14@turing.newton.cam.ac.uk (R.J. Anderson)
Date: 18 Apr 1996 08:46:04 GMT
Subject: UK Government to Introduce Key Escrow
Organization: Isaac Newton Institute, University of Cambridge
Despite assurances from John Major to David Shaw MP that the British
government had no intention to limit the domestic use of cryptography,
there is now a UK policy to introduce key escrow. The debate was
conducted in secret in Whitehall; we the people were not consulted at
all.
Details can be found in a booklet called `The use of encryption and
related services with the NHSnet', published by the NHS Executive
(copies from the Department of Health, Fax 01937 845381). The points of
most interest to the privacy community are probably the following.
1. `HMG has, for a number of years, been developing its ideas for
a national Public Key Management Infrastructure having what is
known as Key Recovery (KR) facilities. HMG's interest in Key
Recovery is driven by its Law Enforcement needs. Papers
describing schemes with this capability are now in the public
domain for review and comment. It is expected that eventual
national policy in this areas, supported by legislation, will
involve the use of KR capabilities shaped closely along the
lines indicated by current papers' (p 58).
2. The choice facing the NHS is `whether it wishes to implement
the KR capability within it or not' (p 58).
3. Long term keys will be certified using a `Trusted Third
Party' and there is budgetary provision for eight full time NHS
staff to run this.
4. The critical question of `the legal conditions under which
TTPs will be able to release information under their control or
care' is dodged; it `will have to be investigated'.
5. The encryption algorithm used will be an unpublished block
cipher called `Red Pike' that has been developed by GCHQ. I
have obtained through other channels a copy of a GHCQ
certificate evaluating this algorithm to `Restricted'. Key
establishment will be Diffie Hellman based, and DSA will be
used for signatures.
6. The proposal to make the NHS adopt the TTP/Red Pike strategy
is part of a wider initiative that will include the electronic
submission of proposals to government departments by suppliers
and of tax returns by small businesses. A goal is to
`encourage a wide range of commercial off-the-shelf (COTS)
products to be developed'. (Note: this mirrors the NSA policy
under which the US Department of Defense is trying to get
software suppliers to develop products with weak or escrowed
crypto that can be replaced with plug-compatible but stronger
military crypto. See Microsoft crypto API, the Fortezza card,
and so on.)
7. There is extensive - and grossly inaccurate - criticism of
alternatives (products such as PGP, and algorithms such as RSA
and triple DES). Some of the statements may reflect GCHQ's
legislative or regulatory intentions. For example, on page 61
it is stated that DES `is not normally available to users in
other commercial sectors unless it is used by them only in
relation to the protection of financial data'. The author seems
ignorant of the Unix password mechanism, Sky-TV key management,
prepayment gas meters, and the infrared gate openers used by
season ticket holders at municipal parking garages in Glasgow.
I mentioned this report yesterday evening to an employee of a defence
software firm and he informed me that there was a presentation at GCHQ
two weeks ago for those `inside the tent pissing out' at which all the
above (and presumably more) was revealed.
The implications are many and varied. For example, the establishment
of a government facility to certify who is, and who is not, a medical
doctor would usurp the General Medical Council's traditional function.
One wonders whether there is a plan to nationalise the Law Society,
the Institute of Chartered Accountants, and other professional bodies?
At the most basic level, it appears unlikely that this report will
contribute to establishing the level of trust in the privacy and
safety of clinical telematics that will be needed if we are to
realise its many potential benefits for patient care.
Ross
------------------------------
From: * subramanian sivaramakrishnan * <Z6T@PSUVM.PSU.EDU>
Date: 18 Apr 1996 22:31:08 EDT
Subject: Sprint Free Fridays - New Exception List
Organization: Penn State University
References: <telecom16.184.2@massis.lcs.mit.edu>
According to Sprint, FCC tariff regulations permit a unilateral
change to combat fraud, even if the change affects non-fraudulent
customers.
But, where is the question of fraudulent customer here ? When I signed
up for Business Sense, I asked the Sprint representative at least four
times what the catch is since they were allowing me as a residential
customer to sign up. She said "Sir, we are trying to increase our
market share." In fact, they asked me for my social security number
before signing me up. Doesn't make sense for them to ask for the ss# if
they thought I was a business. If they did, they would have asked me
for my tax id# instead.
Btw, I am one of those who did not get a mailgram asking for proof of
business. I wonder what criterion they used. I did get the mailgram
about the 9 countries though.
Rather than we debating about this Sprint thing, can some lawyers who
read this newsgroup let us know whether there's room for a class action
lawsuit or not ? Did I hear you say that your legal advice is free on
Fridays ?.....:-)
--
subbu
------------------------------
From: rja14@turing.newton.cam.ac.uk (R.J. Anderson)
Date: 18 Apr 1996 08:51:51 GMT
Subject: Final Call for Papers - Colloquium on Personal Information
Organization: Isaac Newton Institute, University of Cambridge
PERSONAL INFORMATION - SECURITY, ENGINEERING AND ETHICS
21-22 June, Isaac Newton Institute, University of Cambridge
FINAL CALL FOR PAPERS
Many organisations are building computer networks that will share medical
records and other highly sensitive personal information. This has led to
debate in the UK, the USA, Germany and elsewhere over both the propriety
of such information sharing and the technical measures that are necessary
to control it. The debate has shown how little we understand about the
protection of personal information.
Most existing models of computer security were developed for applications
in banking and commerce or for the military and intelligence communities.
There the goal of confidentiality is to protect the organisation's assets
and operations. With personal information, on the other hand, the goal is
to uphold the rights of the individual, and to facilitate professional
practice in line with established codes of ethics.
It is becoming clear that systems cannot adequately protect medical
records and other personal information by blindly following the banking
and military paradigms of computer security. A fresh approach is needed.
For this reason, the British Medical Association is sponsoring a two
day colloquium at the Isaac Newton Institute, Cambridge, whose goal is
to bring together medics and other people interested in protecting
personal information with computer security professionals. It will be
the closing event in a six month research programme attended by many
of the world`s top researchers in computer security and related
topics.
Topics of interest include the interaction between privacy and safety,
security and safety policy, technical aspects, practice in different
countries, the tension between clinicians and researchers, privacy in
other systems (such as those supporting legal practice), the
philosophy of privacy, and the regulation of access to personal
information by administrators and law officers.
Instructions for Authors:
Interested parties are invited to submit papers or extended abstracts
of papers electronically (ascii, latex or postscript) or in paper
form; in the latter case, send twelve copies suitable for blind
refereeing (the authors' names should be on a separate cover sheet and
there should be no obvious references). Papers should not exceed
fifteen pages in length.
Addresses for submission:
Dr Ross Anderson
Isaac Newton Institute
20 Clarkson Road
Cambridge CB3 0EH, England
rja14@newton.cam.ac.uk
Programme committee:
Ross Anderson (Cambridge University, UK)
Ab Bakker (Bazis, the Netherlands)
Dave Banisar (Electronic Privacy Information Center, USA)
Gerrit Bleumer (University of Hildesheim, Germany)
Paula Bruening (formerly Office of Technology Assessment, USA)
Ian Cheong (RACGP, Australia)
Fleur Fisher (British Medical Association, UK)
Elizabeth France (Data Protection Registrar, UK)
Bob Frankford (formerly Ontario Legislature, Canada)
Peter Landrock (Aarhus University, Denmark)
Robert Morris (NSA, USA and Cambridge University, UK)
Roderick Neame (Health Information Consulting, New Zealand)
Roger Needham (Cambridge University, UK)
Beverly Woodward (ACLU and Brandeis University, USA)
Deadlines:
Paper submission: 10th May 1996
Notification of acceptance: 3rd June 1996
Camera-ready copy for proceedings: 17th June 1996
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #033
******************************
.