Date: Thu, 11 Jul 96 16:28:22 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V9#003
Computer Privacy Digest Thu, 11 Jul 96 Volume 9 : Issue: 003
Today's Topics: Moderator: Leonard P. Levine
Re: What's the Word on Cookies?
Bug-fix re-release of NS-DEMO
Calif Man Arrested for Selling Fake SSN and ID's
RE: Student Data Bases
Re: California Caller ID News
Privacy of eMail Address
Tracking Police Calls
TV Show on Encryption Needs People and Stories
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: kaxelson@panix.com
Date: 07 Jul 1996 20:30:56 GMT
Subject: Re: What's the Word on Cookies?
Organization: PANIX Public Access Internet and Unix, NYC
References: <comp-privacy8.47.1@cs.uwm.edu> <comp-privacy8.48.4@cs.uwm.edu>
Ken Peterson <kmp@spiritone.com> wrote: What is the current wisdom
on Netscape Cookies? I have tried to configure Netscape 3.0b4
(Macintosh) to "ask" before accepting a cookie, but some sites try
to send 10-20 of the damn things during loading the first page and
during the simplest navigation of their site. So endlessly clicking
NO in the Ask dialog is a tremendous hassle.
hgoldste@mpcs.com (Howard Goldstein) wrote: Interestingly enough
one of these sites is www.anonymizer.com, a browser anonymizer!
(and the other c2.org pages). If my xwindow cluttered with dialog
boxes is any indication, c2's setup is quite insistent upon cookie
passage.
Aside from RTVReco, does anyone know of sw for win95 that can recognize
pop up status messages from apps, and push buttons? RTVReco only
analyzes the header of the box. Thus for the cookies message it isn't
useful.
--
Kevin
------------------------------
From: kevinmca@wizvax.net (Kevin McAleavey)
Date: 10 Jul 1996 00:16:15 -0400
Subject: Bug-fix re-release of NS-DEMO
Unfortunately, there was a bug in the first release of the
demonstration program for my "NSClean" product which eliminates various
databases and files kept by Netscape on individual user's machines. The
bug affected those using version 2 of Netscape Navigator and has been
fixed in a new release. If anyone tried the first attempt and it
failed to work for them, it should be fine now.
Netscape appeared to provide a means to deflect cookie feeds in their
beta 4 version of Netscape 3.0 whereby a user could reject the cookie.
In the new beta 5 release, Netscape has made the cookies hidden once
again, rendering the user incapable of stopping them from entering
their system. It would seem to me allowing the user the option of
rejecting cookies was a good idea and I am surprised to see the
capability has been removed. My NSClean program allows one to run
NSClean and delete them at will along with other information Netscape
plants on user's computers.
The problems addressed by NSClean for Netscape also occurs in
Microsoft's Internet Explorer and a number of other browsers, but alas,
I was only able to put together a program for Netscape at this time
because that's what I use and am familiar with. I am hoping to tackle
IE as well as versions of Netscape for Macs in the future. I can't asy
now when that may be as I refuse to put Windows95 on my machine (I was
a beta tester) and I can't afford a Mac. I hope to deal with both
situations soon.
I am including clipped text from the announcement posted by the
simtel.net archive to comp.archives.ms-windows.announce below in case
anyone wants to take a peek at the demo and see what I'm talking
about:
I have uploaded to Simtel.Net:
http://www.simtel.net/pub/simtelnet/win3/inet/ns-demo2.zip
ftp://ftp.simtel.net/pub/simtelnet/win3/inet/ns-demo2.zip 157856 bytes
------------------------------
From: David Kennedy <76702.3557@CompuServe.COM>
Date: 07 Jul 96 23:42:10 EDT
Subject: Calif Man Arrested for Selling Fake SSN and ID's
Cops bust suspected forger
UPI Western US 7/4/96 1:50 PM
OAKLAND, Calif., July 4 (UPI) -- An Oakland man suspected of
selling counterfeit Social Security cards and birth certificates to
drug dealers and illegal immigrants trying to escape the law was
behind bars Thursday. ... Sgt. Ersie Joyner said investigators
were tipped off to Adams' illicit business about two months ago
when some of Adams' Hispanic customers complained to authorities
that they were being charged more than other people for the phony
documents.
Using his home computer and a "desk jet" printer, Gregory Adams III, 36
allegedly charged Hispanics US$2,500 to US$5,000 for documents, while
Caucasian and African-Americans were only charged US$250. Police say
most of his customers were drug dealers seeking new, felony-free
identification.
Investigators seized a list of hundreds of names and Social
Security numbers while raiding his home. The list will be used to
try to identify Adams' customers, some of whom may be arrested, as
well, police said.
--
Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer
Security Assoc.
------------------------------
From: Jeffrey Waters 000-000-0000 <WATERSJ1@mail.firn.edu>
Date: 08 Jul 1996 07:43:13 -0400 (EDT)
Subject: RE: Student Data Bases
The state of Florida implemented and has in full use a complete data
base of student information. The data base includes information on
student demographics, student course information, disciplinary records,
attendence information and numerous distict data groups. Most of the
data is updated four times a year and once a year a cumulative
transmission is made that gives an overview of the entire year. Each
transmission period is called a 'survey.' If I remember correctly the
original purpose of the reporting was to calculate funding for the
school district. I believe all this started about 1987 or 88.
The last time I had any contact with the system, a complete set of the
descriptive manuals stood about 18-inches high.
The information is supposed to replace the traditional 'cummulative
folders' that were used for years. But I think once it was recognized
the amount and depth of data available, the system has been continually
ramped up to higher levels. As a student moves from county to county,
their records are xmited to the next school district.
The system was orginally set up to use a 'Florida Student Identifier'
that was generated using a specific formula of district ID number (1 -
67) plus a school number plus a serialized number that represented the
student. That serialized number was simple the next number available
(first student got number 1, next student got 2, etc). The identifier
was 10 bytes in length. Beginning in the early 90's the state begin
moving to the SSN as the identifier but also keeping in place the FSI
since the SSN could not be REQUIRED. This made for some interesting
situations. Some data entry types decided (or misunderstood) and
demanded the SSN from incoming students. Some schools even had forms
requiring the SSN at the time incoming students were enrolled. A lot of
'if we put the field on the form and don't say anything, I'll bet
they'll fill it out without any questions' went on.
As I remember there was some movement by the US Dept of Educ. to
require each state to establish a means of transferring some of the
more basic student data between states. Tie this to funding and it will
happen, I'm sure.
Those of us that have worked on the systems have no doubt that the data
will follow the student well beyond its educational purposes.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Jeff Waters w/\w/\w/\w watersj1@mail.firn.edu /\/\/\ |
| "Research is what I'm doing |
| when I don't know what I'm doing." |
| - Wernher Von Braun |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: mwilson@cts.com (Marc Wilson)
Date: 09 Jul 1996 09:15:51 GMT
Subject: Re: California Caller ID News
Organization: What organization?
References: <comp-privacy9.1.8@cs.uwm.edu>
Beth Givens <bgivens@pwa.acusd.edu> wrote: <much junk about how
wonderful Caller ID blocking supposedly is deleted>
The only response to this drivel I can make is the following:
1. I have an unlisted telephone number. I have ALWAYS had an unlisted
number.
2. I elected minimum (per-call) blocking.
3. I have been badgering Pacific Bell for Caller ID service on a
regular basis since it was first announced (for the last month, almost
daily). I was finally able to sign up for it today. After today,
those persons blocking will not be able to reach me via telephone
except by prior arrangement.
Why? Because, to me, it's an invasion of MY privacy if YOU can call me
without my knowing who you are. You're coming into MY home.
I have an unlisted number to minimize the telemarketers and other
nuisances calling me. I have no problem with the party on the other
end of any phone call I place knowing my name and number... they'll
know who I am as soon as they pick up the phone, anyway. I respect
THEIR privacy enough to allow them the choice of deciding whether or
not they want to talk to me.
If I had my way, there would be no blocking. At all. Ever.
As for the CPUC, I wish they would dry up and blow away. If they
represented my interests, they wouldn't have challenged the FCC on this
in the first place.
Just one person's opinion...
--
Marc Wilson | SD Comic Con '96 Volunteer Coordinator
Imperial Beach, CA | Check this URL for my home page & Con info:
e-mail: mwilson@cts.com | `--> http://www.geocities.com/Athens/1148
------------------------------
From: seidel@zenith.berkeley.edu (Chris Seidel)
Date: 09 Jul 1996 15:40:40 -0800
Subject: Privacy of eMail Address
Organization: UC Berkeley
I'm writing to inquire as to the privacy of e-mail addresses. Recently
someone sent me an e-mail which I temporarily posted on my website,
virtually without comment. Within an hour the person who sent me the
e-mail, wrote to tell me to remove it (which I did). They then went on
to file a police report against me, even though I had not commented on
their letter, but had simply posted it.
The police found their complaint without merit, but I was told the
person is pursuing a civil case against me (even though ALL I did was
post their letter to me, I added no commentary regarding their
character or any action against them).
I hadn't meant at all to harass them, but had simply seen many websites
with letters posted, and was simply posting it for information.
They claimed that their e-mail address was not public information and
that I was in trouble for posting it.
I have been unable to find anything legally definitive on the issue of
publicly posting a letter that someone sends to me. Most people seem to
think it is legal to post a letter that one receives.
Any comments would be helpful.
--
Chris
http://www.he.net/~seidel/
------------------------------
From: Stanton McCandlish <mech@eff.org>
Date: 09 Jul 1996 16:21:43 -0700 (PDT)
Subject: Tracking Police Calls
This just in from JUSTINFO a.k.a. Justice Information (an electronic
newsletter service sponsored by the U.S. Department of Justice, Office
of Justice Programs...It provides the latest criminal justice news,
information, services, and publications"):
***** A N N O U N C E M E N T S *****
<*> NATIONAL INSTITUTE OF JUSTICE (NIJ)
* NIJ and HUD Working Together to Track Police Calls in Public Housing
Developments
NIJ and the Department of Housing and Urban Development (HUD) will
develop a computerized geographic information system (GIS) to track
emergency police calls and fight crime in public housing developments.
Michael A. Stegman, HUD's Assistant Secretary for Policy Development
and Research, and Jeremy Travis, Director of the Justice Department's
National Institute of Justice, signed a memorandum of understanding to
launch an 18-month project to develop a prototype GIS and test it in a
selected housing development.
Police statistics are usually not kept on relatively small divisions
within census tracts, which prevents the collection of information on
the precise location of criminal activity in a large public housing
building. As GIS technology has become commercially available in recent
years, some police departments have begun to use it to identify crime
"hot spots."
Once a GIS is operating, PHAs will use information they collect on
incidents to form crime prevention strategies.
The system will be customized to pinpoint police calls within a single
public housing address, so that users of the system will be able to
tell if an incident occurred in a particular apartment, a lobby,
stairwell, playground, elevator or parking lot.
The major product of the project will be a manual to assist public
housing authorities (PHAs) and police in developing a GIS to map "911"
calls and other calls for service. The project also will include advice
for setting up common computer networks and data recording systems
between local PHAs and police.
[excerpted from JUSTINFO Vol. 2, No. 13; July 1, 1996.]
--
<HTML><A HREF="http://www.eff.org/~mech/"> Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org"> mech@eff.org
</A><P><A HREF="http://www.eff.org/"> Electronic Frontier Foundation
</A><P><A HREF="http://www.eff.org/A"> Online Activist </A></HTML>
------------------------------
From: joyceb@midcoast.com
Date: 10 Jul 1996 18:42:33 GMT
Subject: TV Show on Encryption Needs People and Stories
Organization: Agate Internet Services (AIS)
Dear Readers,
We are developing a television program and the subject is encryption.
The goal is to prove the value of encryption.
We are working with the EFF, a leading organization in support of
encryption.
Our company is looking for ideas and definitely stories; people and
companies that have been broken into. We're looking for characters who
know and have seen the value of encryption.
This television program will be appearing in primetime.
If you are interested or know anyone who might like to appear on our
show please contact me. If anyone prefers to remain anonymous we can
film them in silhouette.
If you have any suggestions, ideas, concepts and would like to express
them, please send me email.
Thank you for reading this post.
--
Joyce Boaz
Researcher
Varied Directions Intl.
69 Elm Street
Camden ME 04843
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 10 Jul 1996 13:19:56 -0500 (CDT)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V9 #003
******************************
.