Date: Thu, 23 May 96 12:10:11 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#041
Computer Privacy Digest Thu, 23 May 96 Volume 8 : Issue: 041
Today's Topics: Moderator: Leonard P. Levine
Re: Automated Toll Collection
Re: Automated Toll Collection
Re: Automated Toll Collection
Re: Automated Toll Collection
Re: Biometric Encryption
Re: Biometric Encryption
Re: Privacy Phone Guard
Re: FDA Approves At-Home HIV Test
Re: FDA Approves At-Home HIV Test
Re: Georgia Law Could Prohibit Web Links
A Privacy Scenario
FTC Online Workshop on Privacy
Free PGP shell available for Windows
Drafts of Medical Records Privacy Legislation
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: dan@dvl.co.nz (Dan Langille)
Date: 19 May 1996 21:10:12 GMT
Subject: Re: Automated Toll Collection
Organization: DVL Software Limited
References: <comp-privacy8.40.8@cs.uwm.edu>
Jonathon Blake <grafolog@netcom.com> wrote:
Do you seriously expect banking institutions to admit to that?
Banks would not have to admit it. Consumers would. And the media
would be sure to publicize it. I stand by my original question. Have
credit card numbers ever been stolen in transit?
Packet sniffers, located at any router between here and there. Any
large computer exposition in the US will have several packet
sniffers running.
Yes, I know of packet sniffers and how they work, and of their
availability. That does not affect the question. The key is to get
into the router first.
As I said, it is possible, but it's not probable.
--
Dan Langille
DVL Software Limited - Wellington, New Zealand
------------------------------
From: johnl@iecc.com
Date: 21 May 96 11:26 EDT
Subject: Re: Automated Toll Collection
Organization: I.E.C.C., Trumansburg, N.Y.
Do you seriously expect banking institutions to admit to that?
Considering how Master Card, Visa, and every bank around have been
telling us how dangerous it is to send info over the Net, I'd expect
reams of press releases headlined "we told you so" if it happened.
(They want us to buy the super duper security packages they're busy
developing.)
Everything I've seen says that losses from credit card usage on the net
are slightly lower than for regular 800-based mail order.
It never fails to amaze me that people who will give their actual
physical credit cards to a minimum wage clerk at the convenience store
without a moment's thought worry about packet sniffers smuggled into an
MCI POP or some such. Yes, a bad guy could with some effort snarf and
untangle enough packets to find some credit card numbers from the net,
but it's a whole lot easier to go dumpster diving behind a restaurant,
and in the process get slips with both numbers and the matching
signatures.
I'm all in favor of making network transactions as secure as possible,
but to claim that they're significantly more risky today than
conventional credit card transactions is just silly.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com
"Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 21 May 96 16:25 EDT
Subject: Re: Automated Toll Collection
Organization: I.E.C.C., Trumansburg, N.Y.
Do you seriously expect banking institutions to admit to that?
Considering how Master Card, Visa, and every bank around have been telling
us how dangerous it is to send info over the Net, I'd expect reams of press
releases headlined "we told you so" if it happened. (They want us to buy
the super duper security packages they're busy developing.)
Everything I've seen says that losses from credit card usage on the net are
slightly lower than for regular 800-based mail order.
It never fails to amaze me that people who will give their actual physical
credit cards to a minimum wage clerk at the convenience store without a
moment's thought worry about packet sniffers smuggled into an MCI POP or
some such. Yes, a bad guy could with some effort snarf and untangle enough
packets to find some credit card numbers from the net, but it's a whole lot
easier to go dumpster diving behind a restaurant, and in the process get
slips with both numbers and the matching signatures.
I'm all in favor of making network transactions as secure as possible, but
to claim that they're significantly more risky today than conventional
credit card transactions is just silly.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: ipcab@planet.eon.net
Date: 21 May 1996 21:49:18 GMT
Subject: Re: Automated Toll Collection
Organization: Public Live Access Network (PLAnet)
References: <comp-privacy8.37.2@cs.uwm.edu> <comp-privacy8.38.6@cs.uwm.edu> <comp-privacy8.39.3@cs.uwm.edu>
dan@dvl.co.nz (Dan Langille) wrote: I do not feel worried about
passing my credit card details over the internet. Is there any
[documented] case of credit card details being stolen whilst in
transmission? Such transmissions must happen thousands of times
daily. Surely, if it was a reasonablely easy way to capture data,
it would be done. But it isn't easy. Sure it's possible, but it's
not probable. For that matter, encryption won't stop. It will
still be possible but a little less probable.
In response, might I respectfully suggest that you should be concerned
about sending any personal information out over the internet,
especially if you are not using some encryption or other security
package. You are correct in pointing out that it is difficult to
obtain documented information about credit card numbers being stolen
and subsequently used improperly. This is the type of information that
Credit Card companies are not keen that the general public know since
it questions the security and reliability of their product.
In any case, let me point you to information that, while not statistics
on the number of stolen credit cards, should concern you. First, in a
post to comp.society.privacy by Professor L.P. Levine on January 31 of
this year, he quotes a Simson Garfunkel article (San Jose Mecury
News). The article describes a company called First Virtual Holdings
that developed a program that was designed to steal credit card numbers
from unsuspecting computer users. While the program was itself
developed to illustrate a point and therefore was not used maliciously,
this possibility remains.
Other kinds of packet sniffing programs are prevalent, to the point
that they are presenting a major threat to transaction security. PC
Magazine (June 13, 1995) writes: "electronic commerce is expected to
take off" once companies can assuage consumer's concerns about using
credit cards on the Net. There is no doubt that supplying credit cards
on the Net will work, "but if you send uprotected credit information
over the security-imparied Internet, you will risk losing it to
data-tapping infohighwaymen." (TIME, June 12, 1995)
It also seems to me that one of the motivations behind the creation of
the CLIPPER initiative or the use of PGP is to discourage inadvertant
or intentional eavesdropping. Similarly, the emergence of David
Chaum's Digicash is to allow secure transmission of moneys over the
Internet.
As things stand today, without encryption, sending personal information
is foolish. Ned Snell wrote in his 1995 book "Curious about the
Internet" (P. 94) that "Just as hackers and uscrupulous system
administrators have the power to read others' e-mail, they could EASILY
steal credit-card numbers, use them to make purchases, and then cover
up their tracks before the credit card owner knows what's happening."
Even if the system administrator were not involved, emailed information
could still be tapped. Andre Bacard (Computer E-Mail Privacy miniFAQ,
95/2/25) writes "most electronic mail is notoriously UNPRIVATE [his
emphasis]. E-mail is less secure and in many ways more dangerous than
sending your personal or business messages on a postcard." All you
have to do is watch alt.hackers to find an intrusion tool kit that will
teach you how to listen to private E-mail between users. If this type
of information is openly accessable, and if all sorts of experts are
warning against sending credit card and other personals over the net in
an insecure fashion, shouldn't you be too?
------------------------------
From: Charles Bryant <ch@chch.demon.co.uk>
Date: 19 May 1996 23:21:16 GMT
Subject: Re: Biometric Encryption
References: <comp-privacy8.38.10@cs.uwm.edu>
Phil Agre <pagre@weber.ucsd.edu> wrote: ...fingerprint
biometrics... I am curious if anybody knows of any criticisms of
this approach.
Two possible problems seem obvious. Firstly, it is very easy to get
someone's fingerprints. We can't avoid leaving prints on vast numbers
of everyday objects (e.g. drinks cans, door handles). Secondly, it
seems that if it were widely used, muggers would start cutting off
people's fingers when stealing their cards to be sure of being able to
generate the fingerprints.
------------------------------
From: bgold@platinum.com (Barry Gold)
Date: 21 May 1996 15:02:42 -0700
Subject: Re: Biometric Encryption
I find myself troubled about the design of this particular biometric
device. If the bad buys get hold of your "Bioscrypt", they can extract
the text string by forcibly holding your finger against the
authentication device. If the result comes out looking like a text
string, it's yours and they have your encryption key, or whatever other
"secret" is hidden in the "Bioscrypt".
Much better, IMO, would be an arrangement like PGP, where you type in a
text string (a "passphrase") _and_ press your finger on the device.
That way you need a volitional act to extract the "secret", whatever it
is. The passphrase needn't even be very long -- a 6 character password
would probably be plenty -- as long as the authentication device is
well-designed(*). Even if the "bad guys" in this case are the
government and they have found a way around the 5th amendment -- like
claiming that forcing your encryption key out of you isn't "testimony"
-- you can just supply a wrong passphrase and when the result isn't a
useful encryption key you just say, "Sorry guys, guess that's not my
Bioscrypt."
(*) Some suggested design parameters:
1. The algorithm for encoding the text string and fingerprint
representation includes a "magic" number that is known to only a very
few people at the manufacturer.
2. An attempt to take the device apart to get the magic number
destroys it irretrievably. (This feature is already built into some
smart cards and suchlike.)
3. X-rays, Electron microscopy, etc. can't find the magic number.
(ditto)
4. The device will perform a small number of decryptions at the rate
of one per second or so (to allow for typing errors or problems
reading the fingerprint). But after, say, 5 tries it will shut down
for a minute or so. This prevents brute force attacks on the
passphrase with the victim's finger held against the device -- after
5 tries you have to wait a while. Even if you have a _lot_ of
devices, you have to keep moving the finger to a new one every five
tries -- and coordinating it with whatever computer or other device
you're using to generate passphrases. And you still only get 1 try a
second.
5. (Probably the hardest): the device should be able to distinguish
between the actual finger and a photo or a plastic replica of the
finger.
------------------------------
From: Charles Bryant <ch@chch.demon.co.uk>
Date: 19 May 1996 23:21:08 GMT
Subject: Re: Privacy Phone Guard
References: <comp-privacy8.38.2@cs.uwm.edu>
chazl <chazl@leonardo.lmt.com> wrote: I really do not understand
all the hullabaloo about how CallerID allegedly violates one's
privacy. Here's the way I view it: If you walked up to my door and
rang the doorbell with a bag over your head, would you be surprised
that I would be unlikely to let you in?
This is not a good analogy. A better one would be that before opening
the door you would want to see the caller's car's registration number
(U.S. license plate) or their bus or train ticket. The so-called
`CallerID' does not identify the caller. It identifies the phone line
that they are using. While you may have a legitimate claim for knowing
who is calling you, I don't see any reasonable grounds for wanting to
know the number of the phone they are calling from.
Someone calls me and wants to talk to me. Why shouldn't I have the
right to know who that individual is before I decide whether or not
to grant that request?
If you are demanding a *right*, the burden should be on you to prove
the legitimacy of that right.
------------------------------
From: Charles Bryant <ch@chch.demon.co.uk>
Date: 19 May 1996 23:21:18 GMT
Subject: Re: FDA Approves At-Home HIV Test
References: <comp-privacy8.40.5@cs.uwm.edu>
Brian Gordon <briang@netcom.com> wrote: ... home HIV test ...
According to today's news, each kit comes with a code number.
After an appropriate wait, you call for the results from that code
number. No name, no traceability. Probably not foolproof, but
pretty good.
Note that if you get someone drunk enough (or maybe just use a sharp
enough needle when they're asleep?) this means you can get someone else
secretly tested.
------------------------------
From: peter@baileynm.com (Peter da Silva)
Date: 20 May 1996 18:19:33 GMT
Subject: Re: FDA Approves At-Home HIV Test
Organization: Network/development platform support, NMTI
References: <comp-privacy8.39.1@cs.uwm.edu> <comp-privacy8.40.6@cs.uwm.edu>
Dan Langille <dan@dvl.co.nz> wrote: AFAIK, [As Far As I Know] the
only hitch to the alleged privacy issue is caller id. Which I
believe to be a separate issue.
Also, reverse-engineering the codes. Hopefully they're protected by a
checksum mechanism at least, so you don't get someone else's code by
accident, and they aren't sold in sequential (or otherwise predictable)
order (so you can't observe someone buying a kit, get the next one, and
search the nearby number space to find out their results).
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. y opinions probably scare them
------------------------------
From: skg@sadr.com (Keith Graham)
Date: 20 May 1996 01:32:49 GMT
Subject: Re: Georgia Law Could Prohibit Web Links
Organization: MindSpring Enterprises
References: <comp-privacy8.40.7@cs.uwm.edu>
Monty Solomon <monty@roscom.COM> writes: Legislation recently
signed into law by Georgia Governor Zell Miller is aimed at
preventing fraud in cyberspace, but the Chronicle of Higher
Education recently reported that critics say it could force
developers of World Wide Web pages to remove links to other pages.
The law, the Chronicle reported, makes it a crime to "falsely
identify" oneself on the Net, or to direct people to someone else's
computer without the other person's explicit permission.
Having read what is, I believe, the entire law, it does no such thing.
First, let me say that I am a resident of Georgia. I think this law is
at best ill-advised, as well as being redundant. However, a number of
articles I have seen have been a bit hysterical.
It does outlaw you "falsely indentifying" yourself. I'm not sure how a
court will interpret this, and is the biggest danger represented by the
law. (I.e. Is a blatant handle or anonymous identifier "falsely
identifying" yourself?)
However, the other part of the law prohibits use of trademarks or
copyrighted material (paraphrased) "in excess of your legal
authorization to do so." As long as I'm not violating trademark or
copyright law, I am in no way threatened by putting anything on my Web
page. My biggest concern is that, until such a matter is taken up in
civil court, it is extremely difficult to determine what trademark or
copyright laws (if any) have been broken.
There is NO mention in the sections of the law I read that mentioned
anything about "requiring permission." It merely requires "legal
authorization or permission", which to the best of my knowledge, does
not require anything from the trademark holder (as long as you do not
exceed what the law allows.)
With all this said, I am not a lawyer, and any lawyers out there should
feel free to correct me. This is not legal advice, etc. etc.
--
Keith Graham
skg@sadr.com
------------------------------
From: martina@unibw-hamburg.de (Martina Schollmeyer)
Date: 21 May 1996 19:07:26 GMT
Subject: A Privacy Scenario
Organization: University of Hamburg -- Germany
For a research project on privacy, we would like to use the following
scenario as part of a question. However, we want to make sure that this
scenario does not break any laws, i.e., that there are no laws that
would make the collection of data such as described here illegal.
This scenario is a bit iffy, and we were told that this is questionable
behavior at least in Germany. How about other countries? Any feedback
with indication of the irespective laws and countries would be
appreciated a lot.
Sincerely,
Martina Schollmeyer
Your friend has recently acquired a new Internet browser for his/her
computer which allows him/her to surf the world wide web from home. One
day, using this new browser, he/she accesses a web page containing
information about an Internet music store called ABC Music. The next
day he/she receives an e-mail message with the following content:
"Thank you for accessing our music site. We at ABC Music would like
to add your e-mail address to our list of preferred customers. This
will allow you to receive announcements about updates on our site and
ordering discounts on a regular basis. Please reply to this message
if you would like to be added to our mailing list."
Your friend is surprised because he/she never entered his/her e-mail
address or name into a form on that particular site. Your friend then
finds out that some new browsers allow web sites to execute programs on
the computer that is accessing the web site, possibly without the
computer owner's knowledge. This feature allowed the music store to
get your friend's login name and computer address to determine the
complete e-mail address.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Martina Schollmeyer, Ph.D.
University of the German Federal Armed-mail: martina@unibw-hamburg.de
Forces at Hamburg phone: (+49)(40) 6541-2889
FB WOW fax: (+49)(40) 6541-2780
Holstenhofweg 85 http://www.sci.tamucc.edu/~martinas
22039 Hamburg/Germany
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 22 May 1996 11:49:54 -0400
Subject: FTC Online Workshop on Privacy
Begin forwarded message:
Date: 19 May 1996 14:41:06 -0700
From: Adam Starchild <taxhaven@ix.netcom.com>
To: privacy@ftc.gov
Subject: FTC Workshop on Consumer Privacy in Cyberspace
FEDERAL TRADE COMMISSION WORKSHOP ON CONSUMER PRIVACY
IN CYBERSPACE TO BE HELD IN JUNE 1996
The Federal Trade Commission's Bureau of Consumer Education will hold a
public workshop on June 4 and 5 to focus on privacy issues in the
online marketplace. The development of technologies such as the
Internet and the World Wide Web has allowed online businesses to
collect and use personal information about consumers, often without
consumers’ knowledge or consent. The workshop will examine
consumer privacy issues in this new marketplace, consumer and business
education about the use of personal information online, and ways to
enhance the growth of the online marketplace by fostering consumer
confidence.
Workshop topics will include the use of consumer information, the use
of medical and financial information online, the collection and use of
information about children, electronic approaches to protecting
consumer privacy online, and the European Union's directive on the
protection of personal data.
The workshop will be open to the public and will be held on June 4,
1996 from 9:00AM to 5:00PM in Room 432 of the FTC headquarters
building, 6th Street and Pennsylvania Avenue, N.W., in Washington,
D.C. On June 5, 1996 the workshop will be held from 9:00AM to 12:30PM
in Room 332 of the FTC headquarters building.
The Bureau invites representatives of consumer groups, industry,
government agencies, and other groups to take part in the workshop.
Any person wishing to be considered for participation in the public
workshop must file a written request, on or before May 24, 1996, to
Martha Landesberg, Division of Credit Practices, Bureau of Consumer
Protection, Federal Trade Commission, Washington, DC 20580.
Posted by Adam Starchild
Asset Protection & Becoming Judgement Proof at
http://www.catalog.com/corner/taxhaven
The privacy list is run automatically by the Majordomo list manager.
Send a "help" command to majordomo@ftc.gov for assistance.
------------------------------
From: alpha1@znet.com
Date: 23 May 1996 15:36:15 GMT
Subject: Free PGP shell available for Windows
Organization: zNET
I have uploaded to Simtel.Net:
http://www.simtel.net/pub/simtelnet/win3/email/pn123-01.zip
ftp://ftp.simtel.net/pub/simtelnet/win3/email/pn123-01.zip
pn123-01.zip Free Windows PGP shell for any e-mail program
PGPn123 is a clipboard based PGP shell for Windows. It has the ability
to connect with any other Windows based program and sit on top of it
without obscuring other windows.
PGPn123 can also run in manual mode, without being linked to another
program. In this mode, it will stay on top of ALL windows, ready to
exchange data between the clip board and PGP.
Key management is included as a stand-alone module.
Special requirements: None.
Freeware. Uploaded by the author.
Alpha1 Enterprises
alpha1@znet.com
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 19 May 1996 14:43:14 -0400
Subject: Drafts of Medical Records Privacy Legislation
Excerpt from RISKS DIGEST 18.12
------------------------------
Date: 14 May 1996 19:05:23 -0400 (EDT)
From: James Love <love@tap.org>
Subject: Drafts of Medical Records Privacy Legislation
USent to RISKS via Stanton McCandlish <mech@eff.org>. RISKS
generally eschews such postings. However, this one may have broad
appeal to readers in the U.S., and far-reaching implications. PGN~
Re: Getting Copies of "Discussion Drafts" of Med Privacy Bill Online
This is a sign-on letter to Senators Kassebaum and Warner, asking that the
Senate make copies of its "discussion drafts" of S. 1360, the Medical
Records Confidentiality Act, on the Internet. The discussion drafts reflect
the current versions of the controversial legislation, after negotiations
between various Senators and lobbyists.
Currently these drafts are only distributed in paper, and are mostly
available to Washington DC lobbyists. Senator Kassebaum controls access to
the discussion drafts, and Senator Warner is in charge of Senate rules on
topics such as public access to Senate documents.
The letter has been signed by Gary Ruskin, Director of the Congressional
Accountability Project, Lori Fena, Director of the Electronic Frontier
Foundation, James Love, Director of Consumer Project on Technology, and Jim
Warren, a well known computer journalist and information activist. To add
your name, send a note to Gary Ruskin at gary@essential.org.
The letter follows:
Senator Nancy Kassebaum, Chair
Committee on Labor and Human Resources
428 Dirksen Senate Office Bldg
Washington, DC 20510-6300
Senator John Warner, Chair
Committee on Rules and Administration
305 Russell Senate Office Bldg
Washington, DC 20510-6325
Dear Senators Kassebaum and Warner:
We are writing to express the frustrations of many American citizens who
cannot effectively monitor the actions of the U.S. Congress, because the
Senate does not give ordinary citizens the same access to key legislative
documents that it gives to interest groups that can afford full time
lobbyists. Our immediate concern is the refusal of the Senate Labor
Committee to provide online access to a series of discussion drafts of S.
1360, the Medical Records Confidentiality Act. This controversial
legislation seeks to pre-empt state laws in favor of a federal system
regulating access to personal medical records. The legislation is
controversial and complex and the stake holders are many. Privacy and
consumer groups say the legislation provides too much access and too little
privacy, while industry groups are pressing for even easier access to
identified medical records.
The legislation was introduced last October. Beginning in April, the
Committee on Labor and Human Resources has prepared several "discussion
drafts" for a new chairman's mark. These drafts have been given to
lobbyists, but the Committee staff has refused to make the text of the
drafts available on the Internet where they would be readily available to
the general public. As a consequence, as Equifax, IBM, Dun & Bradstreet,
TRW, Blue Cross, Aetna, and other groups with full-time lobbyists read each
and every new discussion draft, the general public mistakenly believes the
October 24, 1995 version of the bill represents the relevant text of the
legislation.
Why keep the discussion drafts from the general public? The bill is very
long, and it is costly and difficult to distribute the bill in the paper
formats. Most citizens don't have any way of even knowing that the various
discussion drafts even exist.
With efforts to push for a rapid mark-up on S. 1360 it seems urgent to
resolve this issue soon. More generally, however, the Senate should adopt
new rules about access to the various types of "unofficial" drafts of bills,
including committee prints, managers amendments, chairman's marks, and
widely disseminated discussion drafts, which are the real stuff of the
legislative process. The text of these important documents should be placed
on the Internet for the benefit of the general public, as soon as they are
made available to Washington lobbyists.
Sincerely,
Gray Ruskin, Director, Congressional Accountability Project (Member,
Advisory Committee, Congressional Internet Caucus) gary@essential.org
Lori Fena, Director, Electronic Frontier Foundation, lori@eff.org
James Love, Director, Consumer Project on Technology, love@tap.org
Jim Warren, tech-policy columnist and open-government advocate
Government Technology Magazine, MicroTimes Magazine, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075 jwarren@well.com
To add your name to this letter, send a note to Gary Ruskin.
His contact info is:
Gary Ruskin gary@essential.org 202/296-2787; fax: 202/833-2406
James Love, Center for Study of Responsive Law, P.O. Box 19367, Washington DC
20036 202/387-8030 Consumer Project on Technology; love@tap.org with webpages.
------------------------------
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #041
******************************
.