Date:       Sat, 04 May 96 15:22:47 EST
Errors-To:  Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V8#036

Computer Privacy Digest Sat, 04 May 96              Volume 8 : Issue: 036

Today's Topics:			       Moderator: Leonard P. Levine

                      Medical Privacy Legislation
                        Children on the Internet
               Prepaid Calling Card Stores Called Numbers
                     Re A Far-Reaching Privacy Bill
                Re: Security and E-Commerce Information
                   May 10 Workshop on Medical Privacy
         Senator Burns writes open Letter to Internet Community
                 Info on CPD [unchanged since 11/22/95]

----------------------------------------------------------------------

From: Robert Gellman <rgellman@cais.cais.com>
Date: 29 Apr 1996 23:07:40 -0400 (EDT)
Subject: Medical Privacy Legislation

The moderator asked about the status of federal medical privacy
legislation.  The main bill on Capitol Hill is S.1360 (the Bennett
bill).  There was a hearing last year and a committee markup is
expected soon.  It had been scheduled last week and this week, and is
now scheduled for next week.  Don't bet the mortgage on that, but a
markup seems likely eventually.  Significant revisions are in the
works.

The House bill (HR 435, the Condit bill) has seen no action anywhere in
the House.  Other bills have been rumored, but it is hard to see that
anything much will happen soon.  But life in Congress is highly
unpredictable these days.

The only relevant bill that has passed either House is the Insurance
Portability bill (I don't have the number within reach).  Both House
and Senate have passed different versions.  The House bill includes a
one liner directing the Secretary of HHS to write privacy rules for
electronic health care data.  This bill will be in conference soon and
the privacy outcome is uncertain at best.  Both bills also include some
language preventing some use of genetic information in determing
preexisting conditions.

This is my latest understanding as of the end of last week.  Of course,
everything is subject to change and interpretation in the usual
fashion.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+   Robert Gellman          rgellman@cais.com   +
+   Privacy and Information Policy Consultant   +
+   431 Fifth Street S.E.                       +    
+   Washington, DC 20003                        + 
+   202-543-7923 (phone)   202-547-8287 (fax)   +
+ + + + + + + + + + + + + + + + + + + + + + + + +


------------------------------

From: "David E. Sorkin" <7sorkin@jmls.edu>
Date: 01 May 1996 00:47:14 GMT
Subject: Children on the Internet
Organization: John Marshall Law School

The John Marshall Law School Center for Informatics Law, in association
with the Illinois Privacy Council, announces the following conference:

CHILDREN ON THE INTERNET:  A FORUM FOR PARENTS AND EDUCATORS.
Saturday, May 18, 1996, 8:30 am-5:30 pm, at The John Marshall Law
School, 315 South Plymouth Court, Chicago, Illinois.

The purpose of The Forum is to explore the benefits of the Internet and
online services and to learn about risks as well, so that informed
parents and educators can cooperate with service providers so as to
enjoy the advantages of the Internet while avoiding the negatives.
Panelists will demonstrate Internet resources available for children;
will discuss the potential for commercial manipulation of children,
invasions of privacy, access to objectionable materials, and other
risks; and will suggest appropriate roles and responsibilities of
parents, educators, and institutions in minimizing these risks.

The registration fee of $40 includes continental breakfast, lunch, and
conference materials.  Registration deadline:  May 13, 1996.  Space is
limited.

For more information, call the Center for informatics Law at (312)
987-1419, or e-mail privacy@jmls.edu.  Information about the Forum is
also available on the World Wide Web at
http://www.jmls.edu/conf/ipcforum/.

--
David E. Sorkin (7sorkin@jmls.edu)
Associate Director, Center for Informatics Law,
The John Marshall Law School


------------------------------

From: wrfuse@mab.ecse.rpi.edu (Wm. Randolph U Franklin)
Date: 02 May 1996 23:13:13 GMT
Subject: Prepaid Calling Card Stores Called Numbers
Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA

If you use a prepaid calling card, then all the numbers that you call
may be stored permanently.  (As I say this, it sounds all so
reasonable; however in the past I've been called paranoid by some
Usenet readers for even observing the possibility.)

My source is

http://www.nando.net/newsroom/ntn/nation/050296/nation13_13359.html

a news article saying that the Oklahoma City bombing suspects used a
pre-paid phone calling card purchased in November 1993 thru the
Spotlight to make 634 calls to bomb suppliers, the truck rental
company, etc.

--
Wm. Randolph Franklin.


------------------------------

From: Pirkko Kallaper <kallapep@ux1.atki.helbp.fi>
Date: 30 Apr 1996 13:43:39 +0200
Subject: Re A Far-Reaching Privacy Bill

A few weeks ago I read about Far-Reaching Privacy bills and I'd like to
tell my opion about it.  In Finland some busineses have placed for many
years a few sentences in their contracts like this which Glenn Foote
wrote:

you agree thatt all information contained heirein and/or resulting[...]

Here in Finland a person can strike out such a sentence. I do so and I
do not have any problems while doing it

--
pirkko kallaper=E4 	kallapep@atki.helbp.fi


------------------------------

From: Mich Kabay <75300.3232@CompuServe.COM>
Date: 30 Apr 96 09:30:38 EDT
Subject: Re: Security and E-Commerce Information

Joan Andreu (DCQ006@ps.uib.es) asked for URLs dealing with e-commerce and
security.  Here are some basic information-technology security pointers from my
MOSAIC browser hotlist:

Hotlist
Security
{
  Item
    CERT-CC
    http://www.sei.cmu.edu/technology/cert.cc.html
  Item
    CIAC Security Web Site
    http://ciac.llnl.gov/ciac/CIACHome.html
  Item
    Cryptorebel/Cypherpunk Page 
    ftp://furmint.nectar.cs.cmu.edu/security/README.html
  Item
    Cypherpunks Home Page
    ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html
  Item
    Electronic Frontier Foundation
    http://www.eff.org/
  Item
    Galactus' homepage
    http://toad.stack.urc.tue.nl/~galactus/index.html
  Item
    InfoSec Heaven
    URL http://all.net/
  Item
    InfoSec News
    http://www.infosecnews.com/isn
  Item
    NCSA Home Page
    http://www.ncsa.com
  Item
    NIST Computer Security Resource Clearinghouse
    http://csrc.ncsl.nist.gov/
  Item
    Privacy Rights Clearinghouse
    gopher://pwa.acusd.edu/11/USDinfo/privacy
  Item
    Sources
    http://www.dso.com/sources/
  Item
    SRI Computer Science Laboratory
    http://www.csl.sri.com/sri-csl.html
  Item
    SRI-CSL-Security-Research
    http://www.csl.sri.com/sri-csl-security.html
}

You might also want to scan the archives of the RISKS FORUM DIGEST which are
available as described in that e-publication:

RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR> 
 cd risks<CR> or cwd risks<CR>, depending on your particular FTP.  [...]
 [Back issues are in the subdirectory corresponding to the volume number.]
   Individual issues can be accessed using a URL of the form
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
     ftp://ftp.sri.com/risks

I hope you will let us know the results of your research by posting a
summary in a later issue of COMPUTER PRIVACY DIGEST. [moderator: as do
I.]

Best wishes,

--
M. E. Kabay, Ph.D. (Kirkland, QC) / Director of Education / National
Computer Security Association (Carlisle, PA)


------------------------------

From: James Love <love@tap.org>
Date: 30 Apr 1996 16:56:47 -0400 (EDT)
Subject: May 10 Workshop on Medical Privacy

                Workshop on Medical Records Privacy

                          CO-SPONSORED BY:

                   American Civil Liberties Union
                   Consumer Project on Technology
           Computer Professionals for Social Responsibility
                   Coalition for Patient Rights 
             Electronic Privacy Information Center (EPIC)
                      JRI Health Law Center 

	       Friday, May 10, 9 a.m. to 5:30 p.m.
		    The Carnegie Institution 1530 P Street, NW,
		Washington, DC

The U.S. Senate is considering legislation that would pre-empt most
state laws on health care privacy, and create a new federal system
regulating access to medical records.  The proposed legislation, S.
1360 is controversial.

Many privacy groups say that S. 1360 provides far too much access to
personally identified medical records by insurance companies,
employers, schools, medical researchers, public health and law
enforcement officials.  These groups say that technology has outpaced
policy, that the legislation fails to address the radical changes in
the way records are stored and disseminated, and that the proposed
legislation does more to promote access to records than to assure
patients that their medical records will be private.

Supporters of S. 1360 claim that the legislation strikes a balance
between the needs of industry and government and the patient's rights
to privacy, and that extensive third party access to personal medical
records is both inevitable and socially desirable.

The May 10 workshop features experts from a number of fields, and
tackles some of the most thorny controversies.

9:00 am   Who really controls access to medical records?  What is
	  coercive consent?  What proposals would enhance patient
	  control over access to records?

Lawrence Gostin, Professor of Law at Georgetown University Law
     Center and Professor of Public Health at Johns Hopkins University
     School of Hygiene and Public Health.  Editor of JAMA's section on
     Health Law and Ethics, and former Chair of President Clinton's
     Health Care Task Force group on Privacy and the Health Care
     Infrastructure.

Mark Rothstein, Hugh Roy and Lille Cranz Cullen Distinguished
     Professor of Law and Director of the Health Law and Policy
     Institute at the University of Houston.  Author of The Genome and
     the Future of Health Care,  and consultant to several federal
     agencies.

Anthony Kraus.  Mr. Kraus is a principal with the firm of Miles
     & Stockbridge, a litigator of invasion of privacy suits, and is
     active in efforts to preserve medical privacy.

10:30 am    Non-consensual Access to Medical Records by Civil
	    Litigants, Law Enforcement and Other Government Oversight
	    Officials

Moderator, David Banisar.  Policy Analyst, Electronic Privacy
     Information Center (EPIC), Deputy Director of Privacy
     International, Editor of Privacy Bulletin.

Don Haines, Attorney,  American Civil Liberties Union.

Andrew Grosso, formerly the head of the first joint federal and
     state health care fraud task force.  Vice Chair of the ABA
     Criminal Justice Section's Committee on Science and Technology,
     member of Association for Computing's Committee on U.S. Pubic
     Policy (USACM).

A.G. Breitensten, Director of the JRI Health Law Institute
     (HLI), Attorney with the JRI Health Law Center in Boston,
     Massachusetts. HLI represents over 20 AIDS service Organizations
     in the Boston area who are suing the Inspector general of Health
     and Human Services regarding the Inspector General's claimed right
     to access and disclose the identities of people receiving AIDS
     services from federally funded organizations.

Noon to 1:30 p.m.       Lunch.

1:30 p.m.       Management of Medical Records.  What types of
		security are desirable and feasible in computerized
		health care information systems?

Professor Ross Anderson.  Faculty member at Cambridge
     University Computer Laboratory and Security Adviser to the British
     Medical Association.  Professor Anderson is a well known
     specialist in cyptography and computer security who has developed
     a security policy model for medical records.

Professor James Fackler.  Professor of Anesthesia and
     Pediatrics at Harvard Medical School, Associate Director of
     Children's  Hospital Informatics Program.  Professor Fackler's
     research includes explorations of the use of the world-wide-web
     technologies for medical record integration, and systems and
     policies for protecting patient privacy.

3:00 p.m.     Privacy of Mental Health records.  State Efforts
	      to Collect Medical Data.

Denise Nagel, MD.  Psychiatrist in private practice, President
     of the Coalition for Patient Rights of New England, Chair of
     Medical Privacy Confidentially Project, Coalition for Patient
     Rights, Chair of the Medical Privacy Coalition.

Mimi Azrael, Attorney in Private Practice with the firm Azrael,
     Gann and Franz.  A specialist in state laws concerning medical
     records privacy.

Version 1.0

REGISTRATION

Registration isn't required, but it is appreciated (it helps us plan).
To register, please send a note to:

Manon Anne Ress
Consumer Project on Technology
P.O. Box 19367, Washington, DC 20036
Voice: 202/387-8030; Fax 202/234-5176
Internet:  mress@essential.org

Name:
Organization:
Telephone:
Fax:
Internet:


------------------------------

From: akrause@Sunnyside.COM (Audrie Krause)
Date: 03 May 1996 00:23:51 -0700
Subject: Senator Burns writes open Letter to Internet Community

CPSR Members and Supporters,

U.S. Senator Conrad Burns is asking the Internet community to support
legislation that would promote the development and use of encryption
technology.  CPSR is a member of the Internet Privacy Coalition (IPC),
which supports this legislation.  For more information on IPC, visit
the CPSR web page at:  http://www.cpsr.org/home/html

To receive alerts about encryption legislation, send a message to:
IPC-announce@privacy.org The body of the message should say: subscribe
IPC-announce

To unsubscribe to *this* cpsr-announce list, send a message to:
listserv@cpsr.org The body of the message should say: unsubscribe
cpsr-announce

###############################################################################

Sender: Conrad_Burns@burns.senate.gov

     OPEN LETTER TO THE INTERNET COMMUNITY

     May 2, 1996

     Dear friends:

     As an Internet user, you are no doubt aware of some of the hurdles
     the federal government has put up that limit the growth and full
     potential of exciting, emerging technologies.  One of the most
     egregious of these has been the governmentally set limits on
     so-called "encryption" technologies.  Today I am introducing a
     bill to address this major problem for businesses and users of the
     Internet.

     If the telecommunications law enacted this year is a vehicle to
     achieve real changes in the ways we interact with each other
     electronically, my bill is the engine that will allow this vehicle
     to move forward.  The bill would promote the growth of electronic
     commerce, encourage the widespread availability to strong privacy
     and security technologies for the Internet, and repeal the
     out-dated regulations prohibiting the export of encryption
     technologies.

     This legislation is desperately needed because the Clinton
     administration continues to insist on restricting encryption
     exports, without regard to the harm this policy has on American
     businesses' ability to compete in the global marketplace or the
     ability of American citizens to protect their privacy online.
     Until we get the federal government out of the way and encourage
     the development of strong cryptography for the global market,
     electronic commerce and the potential of the Internet will not be
     realized.

     The last thing the Net needs are repressive and outdated
     regulations prohibiting the exports of strong privacy and security
     tools and making sure that the government has copies of the keys
     to our private communications.  Yet this is exactly the situation
     we have today.

     My new bill, the Promotion of Commerce On-Line in the Digital Era
     (Pro-CODE) Act of 1996, would:

     - Allow for the unrestricted export of "mass-market" or
     "public-domain" encryption programs, including such products as
     Pretty Good Privacy and popular World Wide Web browsers.

     - Require the Secretary of Commerce to allow the unrestricted
     export of other encryption technologies if products of similar
     strength are generally available outside the United States.

     - Prohibit the federal government from imposing mandatory
     key-escrow encryption policies on the domestic market and limit
     the authority of the Secretary of Commerce to set standards for
     encryption products.

     Removing export controls will dramatically increase the domestic
     availability of strong, easy-to-use privacy and security products
     and encourage the use of the Internet as a forum of secure
     electronic commerce. It will also undermine the Clinton
     Administration's "Clipper" proposals which have used export
     restrictions as leverage to impose policies that guarantee
     government access to our encryption keys.

     The Pro-CODE bill is similar to a bill I co-authored with Senator
     Patrick Leahy of Vermont, except that it highlights the importance
     of encryption to electronic commerce and the need to dramatically
     change current policy to encourage its growth.  My bill does not
     add any new criminal provisions and does not establish legal
     requirements for key-escrow agents.

     Over the coming months, I plan to hold hearings on this bill and
     encourage a public debate on the need to change the Clinton
     Administration's restrictive export control policies.  I will need
     your support as we move forward towards building a global Internet
     that is good for electronic commerce and privacy.  I look forward
     to working with the Internet community, online activists, and the
     computer and communications industry as this proposal moves
     through Congress.

     I'd like to hear from you, so please join me on two upcoming
     online events to talk about the new bill.  The first is on America
     Online in the News Room auditorium at 9 p.m. Eastern Daylight Time
     on May 6.  The second will be on Hotwired's Chat at 9 p.m. EDT on
     May 13.

     In the meantime, I need your help in supporting the effort to
     repeal cryptography export controls.  You can find out more by
     visiting my web page http://www.senate.gov/~burns/.  There you
     will find a collection of encryption education resources that my
     Webmaster has assembled.  I trust that the entire Internet
     community, from the old-timers to those just starting to learn
     about encryption, will find this information useful.

     This bill is vital to all Americans, from everyday computer users
     and businesses to manufacturers of computer software and
     hardware.  I very much look forward to working with you on this
     issue.

     Conrad Burns
     United States Senator

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

(The following program announcement comes from a CDT Policy Post.
Email me if you want the whole newsletter, which discusses the current
attempts to legalize encryption export.--Andy)

* SENATORS TO GO ONLINE TO DISCUSS BILLS, TAKE COMMENTS FROM NETIZENS

In an effort to bring the Internet Community into the debate and
encourage members of Congress to work with the Net.community on vital
Internet policy issues, Senator Burns and Senator Leahy will
participate in live, online discussions of the new legislation. CDT and
VTW, who are helping to coordinate these events, will publish the
transcripts of the sessions and encourage Netizens to participate.

Please join Senator Burns live online to discuss the Pro-CODE bill on:

* MONDAY, MAY 6 AT 9:00 PM ET IN AMERICA ONLINE'S NEWS ROOM AUDITORIUM

  Note that you will have to join AOL participate in this chat. (If you
  aren't currently an AOL member, you can obtain the software by either
  a) finding one of those pervasive free floppy disks, or b) by using
  ftp to get it from ftp.aol.com (ftp://www.aol.com/)

* MONDAY, MAY 13 AT 9:00 ET AT HotWired's CLUB WIRED

  Visit http://www.hotwired.com/ for more information.

Senator Leahy will also conduct sessions on America Online and HotWired
in the next several weeks, dates and times are TBA (visit
http://www.crypto.com for updates)

--
Audrie Krause          CPSR Executive Director
PO Box 717   *   Palo Alto, CA     *     94302
Phone: (415) 322-3778   *  Fax: (415) 322-4748
*    *     E-mail: akrause@cpsr.org     *    *
 *  Web Page: http://www.cpsr.org/home.html *


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa.  The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.

This digest is a forum with information contributed via Internet
eMail.  Those who understand the technology also understand the ease of
forgery in this very free medium.  Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top.  Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting.  He will comply.

If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution.  As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute.  If you
do so, it is best to modify the "Subject:" line of your mailing.

Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored.  They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious.  Diversity is welcome, but not personal attacks.  Do
not include entire previous messages in responses to them.  Include
your name & legitimate Internet FROM: address, especially from
 .UUCP and .BITNET folks.  Anonymized mail is not accepted.  All
contributions considered as personal comments; usual disclaimers
apply.  All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.  

Contributions generally are acknowledged within 24 hours of
submission.  If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion.  He will not, however,
alter or edit the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite.  The archives
are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.

Web browsers will find it at gopher://gopher.cs.uwm.edu.

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Web:           gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V8 #036
******************************
.