Date: Mon, 15 Jul 96 14:13:43 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V9#004
Computer Privacy Digest Mon, 15 Jul 96 Volume 9 : Issue: 004
Today's Topics: Moderator: Leonard P. Levine
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Computerworld
From EDUPAGE: Privacy Logo
Re: California Caller ID News
Re: How an Innocent Download Can Lead to Prosecution
Re: Privacy of eMail Address
Unsolicited email
REQUEST: Alternative password schemes
Moderator on Break, Indeces Ready
Where to Get PGP FAQ
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: gabriel@uci.edu (Gabriel B. Gonzalez)
Date: 12 Jul 1996 02:56:49 GMT
Subject: Re: Privacy of eMail Address
Organization: University of California, Irvine
References: <comp-privacy9.3.6@cs.uwm.edu>
seidel@zenith.berkeley.edu (Chris Seidel) wrote: They claimed that
their e-mail address was not public information and that I was in
trouble for posting it.
Hogwash... just prove that anyone could have gotten it by looking it
up in an e-mail adress directory; or make a comparison between an
e-mail address and a street address, anyone can get either one freely.
Don't sweat it. Its probably one of those nuts who claims the US gov't
has put code into C compilers that puts a back door in the executable
anytime one compiles PGP...
------------------------------------------------------------------------
Gabriel B. Gonzalez Information and Computer Science & Biology
gabriel@uci.edu University of California, Irvine
103117.447@CompuServe.COM
------------------------------------------------------------------------
------------------------------
From: michael@tis.com (Michael Elkins)
Date: 12 Jul 1996 15:24:54 GMT
Subject: Re: Privacy of eMail Address
Organization: Trusted Information Systems, Inc., Los Angeles, CA
References: <comp-privacy9.3.6@cs.uwm.edu>
Chris Seidel wrote: I have been unable to find anything legally
definitive on the issue of publicly posting a letter that someone
sends to me. Most people seem to think it is legal to post a letter
that one receives.
You might try reading the Copyright FAQ (misc.legal.computing is a good
place to look). There is some discussion about this. In a nutshell,
it is some people's interpretation of the law that any piece of e-mail
or news posting that you send is copyrighted by you. So legally, you
would have to have their consent to "rebroadcast" their message. There
doesn't even need to be a copyright notice, because this is the default
for anything that you generate. Being that I don't know the nature of
what you posted, it's hard to tell whether or not any compensatory
damages could be awared. I think the fee for copyright violation is
something like $250, but the big $$ comes from the compensatory part
(where you show that the violation caused you to lose big money).
Again, I encourage you to read the Copyright FAQ for more info. I'm
not a lawyer, so don't take my word for it. :-)
--
Michael Elkins <michael@la.tis.com>
Trusted Information Systems, Inc.
Los Angeles, CA
310-477-5828 x123
------------------------------
From: chazl <chazl@leonardo.lmt.com>
Date: 12 Jul 96 10:56:19 -0500
Subject: Re: Privacy of eMail Address
They claimed that their e-mail address was not public information
and that I was in trouble for posting it.
So this party sent you an unsolicited piece of mail, which contained no
advance restrictions as to use; you posted it publically and upon
request immediately removed it from public view.
It seems to me that you've behaved in a perfectly reasonable manner. I
think that their email address became public information the moment
they sent the mail. That's why anonymous remailers exist.
Has this person given you any documentation to back up this
contention?
I have been unable to find anything legally definitive on the issue
of publicly posting a letter that someone sends to me. Most people
seem to think it is legal to post a letter that one receives.
I'd agree.
--
chazl
07.12.96
------------------------------
From: Ben Hammersley <ben@bhammer.demon.co.uk>
Date: 12 Jul 1996 18:54:16 +0100
Subject: Re: Privacy of eMail Address
Organization: Just Messing Around
References: <comp-privacy9.3.6@cs.uwm.edu>
Chris Seidel <seidel@zenith.berkeley.edu> writes I'm writing to
inquire as to the privacy of e-mail addresses. Recently someone
sent me an e-mail which I temporarily posted on my website,
virtually without comment. Within an hour the person who sent me
the e-mail, wrote to tell me to remove it (which I did). They then
went on to file a police report against me, even though I had not
commented on their letter, but had simply posted it.
It really depends on what the letter said, I suppose. Still, even if
the letter was harmless, the fact it was sent as an email, not as a
posting to a public newsgroup _may_ signify that it was meant for your
eyes only.
It probably isn't illegal, but it doesn't seem very polite.
What did it say?
--
Ben Hammersley. The Truth is Merchandising.
ben@bhammer.demon.co.uk
------------------------------
From: Mich Kabay <75300.3232@CompuServe.COM>
Date: 14 Jul 96 15:32:55 EDT
Subject: Re: Privacy of eMail Address
Chris Seidel <seidel@zenith.berkeley.edu> wrote: Most people seem
to think it is legal to post a letter that one receives.
[I am not a lawyer and the following is not legal advice. For legal
advice consult an attorney.]
FWIW, most people seem to think it is polite to request permission of
the author before posting their work--including in particular materials
intended for private communications. Here are some comments from a
textbook on legal issues in cyberspace:
For online systems, the following exclusive rights are
particularly important:
o The right to copy the work.
o The right to make modified versions of the work
(sometimes called "derivative works").
o The right to distribute the work.
o The right to transmit the work.
o The right to perform the work publicly.
o The right to run computer programs on a computer.
All of these activities [referring to a set of examples of
infringement] can be fully legal, as long as all the owners
of the copyrights involved give their permission. However,
getting those permissions requires doing some work, and some
owners may not want to permit the intended use. So we expect
to continue to see such infringing uses by the lazy or
dishonest, replete with ringing defenses of information freedom
whenever it is suggested that they get permission when they use
others' property.
Taken from Rose, L. J. (1994). _NetLaw: Your Rights in the Online
World_. Osborne/McGraw-Hill (New York). ISBN 0-07-882077-4. xx +
372. Index.
I am not including the comments as a personal attack on you <smile>.
You sound neither lazy nor dishonest. It does seem a pity, though,
that if someone has studiously avoided posting _anything_ to the USENET
or any other public site that you should unilaterally expose their
e-mail address and thus make them liable to the floods of junk e-mail
that creeps are sending through the Net. And ask yourself how _you_
might feel if your own private letter were exposed to the public
without your permission.
In the current on-line course on CyberLaw, the authors specifically
address the question of "Fair Use" as defined in law. They state,
3. If you're copying UNPUBLISHED work -- work that
the copyright owner hasn't displayed to all comers -- then
your use is probably NOT FAIR.
The classic example of unpublished work is a personal e-
mail. You might get away with quoting several lines in some
situations, but generally you can't.
from Larry Lessig, David Post & Eugene Volokh, "Cyberspace-Law for
Non-Lawyers" presented by the Cyberspace Law Institute and Counsel
Connect. For more information about this course use URL
http://www.counsel.com/cyberspace
As far as the damage to the author's privacy is concerned, I suggest
you do a search using DejaNews (http://www.dejanews.com) to see if the
complainant has ever, in fact, posted anything to the USENET using the
specific user ID you (wrongly, in my opinion) posted in public. If
they have, it seems to me (as a non-lawyer) that they wouldn't have
much of a case for damages even though you erred in posting without
permission.
Best wishes for an appropriate solution to your legal problems,
--
M. E. Kabay, Ph.D. / Director of Education, National Computer Security
Association
------------------------------
From: wrfuse@mab.ecse.rpi.edu (Wm. Randolph U Franklin)
Date: 14 Jul 1996 21:18:58 GMT
Subject: Re: Privacy of eMail Address
Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA
References: <comp-privacy9.3.6@cs.uwm.edu>
seidel@zenith.berkeley.edu (Chris Seidel) writes: I'm writing to
inquire as to the privacy of e-mail addresses. Recently someone
sent me an e-mail which I temporarily posted on my website,
virtually without comment. Within an hour the person who sent me
the e-mail, wrote to tell me to remove it (which I did). They then
went on to file a police report against me, even though I had not
commented on their letter, but had simply posted it.
What does "virtually" mean? What did you say?
The police found their complaint without merit, but I was told the
person is pursuing a civil case against me (even though ALL I did
was post their letter to me, I added no commentary regarding their
character or any action against them).
You violated his copyright in his letter. However, since you removed
the page when asked, that should end the matter. Civil suits take
years. How rich is this person?
I hadn't meant at all to harass them, but had simply seen many
websites with letters posted, and was simply posting it for
information.
I also post answers to queries that I post, but I mention in the query
that I'll be doing that.
They claimed that their e-mail address was not public information
and that I was in trouble for posting it.
I wish that were true, but don't think so.
I have been unable to find anything legally definitive on the issue
of publicly posting a letter that someone sends to me. Most people
seem to think it is legal to post a letter that one receives.
No. That's been definitely established wrt paper letters for a long
time. Nevertheless, you may post a summary of the letter's
information.
---- wrfuse@mab.ecse.rpi.edu (Wm. Randolph U Franklin)
---- Do not send commercial solications to this address.
---- PGP key available.
------------------------------
From: Steve Ulfelder <sulfelder@cw.com>
Date: 12 Jul 1996 08:14:32 -0400
Subject: Computerworld
Organization: Computerworld
I'm editor of the In Depth section of Computerworld, a weekly
publication for information systems pros. I'm putting together a story
on just how much publicly available information there is on the
Internet about private citizens.
I'd like to speak to people who have been surprised or angered by some
of the data gathered about them -- especially through the passive data
gathering that occurs when you surf the Web. For instance, I know of
one person who casually (honest!) visited a white-supremacist site,
only to receive an email shortly thereafter asking if he wanted more
info.
Do you have any similar stories, or know someone who does? Please email
me or call at the number below. All help is appreciated, and anonymity
is respected.
--
Steve Ulfelder
Editor/In Depth
Computerworld
steve_ulfelder@cw.com
508-620-7745
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 12 Jul 1996 12:44:19 -0500 (CDT)
Subject: From EDUPAGE: Privacy Logo
Organization: University of Wisconsin-Milwaukee
This has been taken from Edupage, 11 July 1996. Edupage, a summary of
news items on information technology, is provided three times each week
as a service by Educom, a Washington, D.C.-based consortium of leading
colleges and universities seeking to transform education through the
use of information technology.
PRIVACY LOGOS The Electronic Frontier Foundation and some companies
doing business over the Internet have developed a privacy rating system
to be offered by a nonprofit group called eTrust, which will license
logos to Web sites indicating how much privacy a person surrenders by
visiting the site. (USA Today 11 Jul 96 1B)
------------------------------
From: wombat@zelazny.aquilagroup.com (Christopher M. Conway)
Date: 12 Jul 1996 20:13:47 GMT
Subject: Re: California Caller ID News
Organization: Prickly Wombat Enterprises
References: <comp-privacy9.1.8@cs.uwm.edu> <comp-privacy9.3.5@cs.uwm.edu>
mwilson@cts.com (Marc Wilson) writes: Why? Because, to me, it's an
invasion of MY privacy if YOU can call me without my knowing who
you are. You're coming into MY home. If I had my way, there would
be no blocking. At all. Ever.
The problem is it's an invasion of privacy both ways.
You have a right to refuse to accept calls with callerid blocked. Or
even have them ring your phone.
I have a right to refuse to give out private information.
I do not have the right to *require* that your phone ring if I call
with caller id blocked.
You do not have the right to *require* my phone number if I attempt to
call.
Blocking is a sensible compromise.
--
Christopher M. Conway Systems and Network Administrator
wombat@aquilagroup.com Don't Tread on Me
We must all hang together, or, most assuredly, we will all hang separately.
I'll be post-feminist in the post-patriarchy.
------------------------------
From: dwwrmk@teleport.com (Warning!)
Date: 12 Jul 1996 21:01:11 -0700
Subject: Re: How an Innocent Download Can Lead to Prosecution
Organization: Teleport - Portland's Public Access (503) 220-1016
References: <comp-privacy9.2.5@cs.uwm.edu>
Articles from the website:
Article one: What Happened. Copyright 1996 by DWWatson
This is what happened to Dennis Watson, a mathematics instructor at
Clark College in Vancouver WA.
Based on a bogus 'whistle blow', two State Auditors entered Dennis'
office, served a subpoena, and confiscated his state owned computer,
his state owned disks, and his personally purchased disks, even though
he told them he had been asked to access the kind of material in
question in order to help establish the local computing policies!
They turned the computer and data over to the Washington State Patrol.
An article ran in the Columbian newspaper that contained allegations of
illegal images. As Dave Barry says, "Every accused person, unless he
has a name like Nicholas 'Nicky the Squid' Calamari, is considered
innocent until such time as his name appears in the newspaper."
The State Police investigated and then the Clark County Prosecutors
reviewed the case and charged Dennis with seven Class C Felonies, a
situation, no doubt, propelled by the Columbian article.
They assumed he had looked at everything he downloaded and they charged
him with 7 counts (7 pictures out of thousands of downloads) of
possessing pictures of minors (under 18) in sexually explicit acts. It
took two pediatricians to determine that the individuals in the
pictures were under 18. And, under the statute, the prosecutors can
call a family eating ice cream cones a 'sexually explicit act' if they
are nude!
He was offered a plea bargain, but declined, since he could not, in
good conscience, plead guilty to a crime he didn't commit!
--
Article two: How you can help! Copyright 1996 by DWWatson
In order to have 'equal justice under law', he needs to raise at least
$60,000 and may need as much as $100,000 or more!! As you may know,
money doesn't guarantee justice, but without money there is no
justice. Dennis' friends have started a defense fund at a local bank
in Vancouver, WA. If we netizens could each donate a small sum, even
$10.00 each, he could reach this goal. Also, any amount not used would
be setup as a defense fund to help with other netizens charged with
crimes, as needed. Of course, larger donations would also help. Any
contributions should be made out to the D.W.Watson Fund and sent to:
--
John Caton, CPA
1104 Main St., Suite 200
Vancouver, WA 98660
For more information send email to dwwrmk@teleport.com
------------------------------
From: dan@dvl.co.nz (Dan Langille)
Date: 13 Jul 1996 20:54:31 GMT
Subject: Re: Privacy of eMail Address
Organization: DVL Software Limited
References: <comp-privacy9.3.6@cs.uwm.edu>
seidel@zenith.berkeley.edu (Chris Seidel) wrote: I have been unable
to find anything legally definitive on the issue of publicly
posting a letter that someone sends to me. Most people seem to
think it is legal to post a letter that one receives.
Regardless of the legality, it is commonly understood that private
email is just that: private. Unless you have the consent of the
author, one must not pass on an email. The easiest way to deal with it
is copyright. The sender is considered the author of the email. Thus,
they hold the copyright. If you forward (or indeed post that email at
a website), you infringe upon their copyright.
Netiquette also holds that even revealing what someone has said in a
email is a no-no.
All of this is quite different from the email address privacy issue.
Has the person in question ever posted their address publicly?
--
Dan Langille
DVL Software Limited - Wellington, New Zealand
------------------------------
From: mhorne@ucla.edu (Mark Horne)
Date: 15 Jul 1996 10:29:02 -0700
Subject: Unsolicited email
With increasing frequency I have been receiving unsolicited email from
persons attempting to sell some product or service. I suspect that my
address is being culled from Usenet posts.
I recall the success of a California man that sued for being added to a
computer store's mailing list (based upon the handwritten a contract on
the back of check). From that idea, I was thinking of adding the
following line to my signature line:
"Unsolicited email of a commercial nature will be read, responded to,
and/or disposed of for a fee of $1,000 (USD). The transmission of an
unsolicited commercial message to the above electronic mail address
constitutes agreement to these terms."
The difficulty I see is proving someone collected my address after this
"contract" is added to my signature line. On the other hand, it may
also scare off many of these junk email operators. Comments?
--
mhorne@ucla.edu
------------------------------
From: Matt Perez - Journalist <8patches@cftnet.com>
Date: 13 Jul 1996 12:34:08 -0400
Subject: REQUEST: Alternative password schemes
Organization: Independent journalism for professional publishers
References: <199607120132.UAA06458@blatz.cs.uwm.edu>
Florida's Department of Labor in Tallahassee has a Web server to allow
job hunters access to state positions. Application forms are filled out
on a Web page, but they require entering your social security number
and a password.
The webmasters are open to suggestions for identifying job seekers
without requiring transfers of SSNs over an unsecured server. If anyone
has a suggestion, please send them via e-mail when you post them to the
list. I'll create a digest to send to the webmasters in Tallahassee,
and if the moderator suggests it, I'll post it back to the digest.
Potential solutions could involve:
-- cost-efficient encryption/scrambling
-- securing the server
-- using non-SSN passwords (how does that work?)
-- using automated telephone confirmations
Key point: DOL needs the SSNs to track progress of individual job
seekers.
--
=^==========^==========^============|>
^^Matt Perez^^^8patches@cftnet.com^^|>>
^"Cruisin' at the speed of life"^^^^|>>>
^^Saint Petersburg, Florida^^^^^^^^^|>>
=^==========^==========^============|>
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Jul 1996 13:42:50 -0500 (CDT)
Subject: Moderator on Break, Indeces Ready
Organization: University of Wisconsin-Milwaukee
Your esteemed moderator will be out of touch with reality (having no
access to a terminal) until July 22nd. There will be a one week
hiatus in any work in the Computer Privacy Digest.
Indeces to volume 8 (Jan 1 - Jun 30 1996) by author and by subject are
available via gopher, ftp or http as 00namelist and 00subjectlist in
volume8. Access is through:
http://www.uwm.edu:80/org/comp-privacy/
for net browsers, and through:
ftp.cs.uwm.edu at /pub/comp-privacy
for ftp and gopher usrs.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
From: mpj@csn.net (Michael Johnson)
Date: 13 Jul 1996 01:27:07 -0600
Subject: Where to Get PGP FAQ
Organization: The Web of Trust
WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ
Revised 28 June 1996
Disclaimer -- I haven't recently verified all of the information in
this file, and much of it is probably out of date.
For questions not covered here, please read the documentation
that comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the
alt.security.pgp
comp.security.pgp
comp.security.pgp.ressources
news group.
A NOTE FROM THE FAQ MAINTAINERS
Peter Herngaard <pethern@datashopper.dk> is taking over the maintenance
of this FAQ until further notice.
Some of you sent me (Mike Johnson) corrections and suggestions for this
FAQ, and I stored them away on my hard disk to edit from. Then, Windows
95 got indigestion (induced by a sound card) and destroyed all of the
data in that partition. If you suggested changes and they aren't in
this FAQ, please send them to Peter Herngaard
<pethern@datashopper.dk>.
WHAT IS THE LATEST VERSION OF PGP?
Viacrypt PGP (commercial version): 2.7.1 (4.0 is due out Real Soon Now)
MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2
Staale Schumacher's International variant: 2.6.3i for non-USA
(2.6.3ai source code only); 2.6.3 for USA
WHERE CAN I GET VIACRYPT PGP?
Just call 800-536-2664 and have your credit card handy.
WHERE IS PGP ON THE WORLD WIDE WEB?
U.S. only availability:
PGP: http://web.mit.edu/network/pgp-form.html
PGPfone: http://web.mit.edu/network/pgpfone
International availability:
PGP and PGPfone: http://www.ifi.uio.no/pgp/
WHERE CAN I FTP PGP IN NORTH AMERICA?
If you are in the USA or Canada, you can get PGP by following the
instructions in any of:
ftp://net-dist.mit.edu/pub/PGP/README
ftp://ftp.csn.net/mpj/README.MPJ
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.wimsey.bc.ca/pub/crypto/software/README
WHERE IS PGP ON COMPUSERVE?
GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.
AOL
Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed
above. It is possible to get PGP from ftp sites with hidden
directories with the following trick: (1) View the README file with
the hidden directory name in it, then quickly (2) Start a new ftp
connection, specifiying the hidden directory name with the ftp site's
address, like ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where
the xxxxxxx is replaced with the current character string).
WHAT BULLETIN BOARD SYSTEMS CARRY PGP?
MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.
US
303-343-4053 Hacker's Haven, Denver, CO
303-772-1062 Colorado Catacombs BBS, Longmont CO
8 data bits, 1 stop, no parity, up to 28,800 bps.
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
Login First Name: PGP Last Name: USER Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
Login name: PGP USER Password: PGP
506-457=0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas
909-681-6221 ATTENTION to Details (ATD BBS)
All lines v.32bis/14.4KBPS minimum
DE
+49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP
NL
+31-26-3890037 Viber BBS, NOTB HOST Gelderland
8 data bits, 1 stop, no parity, up to 28,800 bps. (ISDN soon)
Use ANSI terminal emulation.
For free access: log in with your own name, answer the questions.
Latest vesion and other tools: FILE AREA: [NOTB] - PGP
WHERE CAN I FTP PGP CLOSE TO ME?
DE
ftp://ftp.cert.dfn.de/pub/pgp/
IT
ftp://idea.sec.dsi.unimi.it/pub/security/crypt/PGP
FI
ftp://ftp.funet.fi/pub/crypt/pgp/
NL
ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NO
ftp://menja.ifi.uio.no/pub/pgp/
NZ
ftp://ftphost.vuw.ac.nz
SE
ftp://leif.thep.lu.se
TW
ftp://nctuccca.edu.tw/PC/wuarchive/pgp/
UK
ftp://ftp.ox.ac.uk/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?
If you have access to email, but not to ftp, send a message saying
"help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi
WHERE CAN I GET MORE PGP INFORMATION?
http://www.csn.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html
http://www.ifi.uio.no/pgp/
http://inet.uni-c.dk/~pethern/privacy.html
WHAT ARE SOME GOOD PGP BOOKS?
Protect Your Privacy: A Guide for PGP Users
by William Stallings
Prentice Hall PTR
ISBN 0-13-185596-4
US $19.95
PGP: Pretty Good Privacy
by Simson Garfinkel
O'Reilly & Associates, Inc.
ISBN 1-56592-098-8
US $24.95
E-Mail Security: How to Keep Your Electronic Mail Private
"Covers PGP/PEM"
by Bruce Schneier
Wiley Publishing
The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
Protection, and PGP PRivacy Software
by André Bacard
Peachpit Press
ISBN 1-56609-171-3
US $24.95
800-283-9444 or 510-548-4393
THE OFFICIAL PGP USER'S GUIDE
by Philip R. Zimmerman
MIT Press
April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
Standard PGP documentation neatly typeset and bound.
PGP SOURCE CODE AND INTERNALS
by Philip R. Zimmerman
April 1995 - 804 pp. -
US $55.00 - 0-262-24039-4 ZIMPH
How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting
Company, Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about
US $10-$13).
IS PGP LEGAL?
Pretty Good Privacy is legal if you follow these rules:
Don't export PGP from the USA except to Canada, or from Canada except
to the USA, without a license.
If you are in the USA, use either Viacrypt PGP (licensed for commercial
use) or MIT PGP using RSAREF (limited to personal, noncommercial use).
Outside of the USA, where RSA is not patented, you may prefer to use a
version of PGP (2.6.3i) that doesn't use RSAREF to avoid the
restrictions of that license.
If you are in a country where the IDEA cipher patent holds in software
(including the USA and some countries in Europe), make sure you are
licensed to use the IDEA cipher commercially before using PGP
commercially. (No separate license is required to use the freeware PGP
for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45
Fax: +41 64 56 59 90
e-mail: IDEA@ascom.ch
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.
If you modify PGP (other than porting it to another platform, fixing a
bug, or adapting it to another compiler), don't call it PGP (TM) or
Pretty Good Privacy (TM) without Philip Zimmermann's permission.
IMPORTANT: Please note that there is an official distribution site for
MIT PGP and another for the International version: WorldWideWeb
references: U.S/Canada non-commercial use:
http://web.mit.edu/network/pgp-form.html Norway/International
non-commercial use: http://www.ifi.uio.no/pgp/ U.S. commercial use:
http://www.viacrypt.com
WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?
Philip Zimmermann was under investigation for alleged violation of
export regulations, with a grand jury hearing evidence for about 28
months, ending 11 January 1996. The Federal Government chose not to
comment on why it decided to not prosecute, nor is it likely to. The
Commerce Secretary stated that he would seek relaxed export controls
for cryptographic products, since studies show that U. S. industry is
being harmed by current regulations. Philip endured some serious
threats to his livelihood and freedom, as well as some very real legal
expenses, for the sake of your right to electronic privacy. The battle
is won, but the war is not over. The regulations that caused him so
much grief and which continue to dampen cryptographic development, harm
U. S. industry, and do violence to the U. S. National Security by
eroding the First Ammendment of the U. S. Constitution and encouraging
migration of cryptographic industry outside of the U. S. A. are still
on the books. If you are a U. S. Citizen, please write to your U. S.
Senators, Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.
WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?
http://www.dayton.net/~cwgeib
ftp://menja.ifi.uio.no/pub/pgp/pc/msdos//apgp22b3.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrc
WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?
PGP can do conventional encryption only of a file (-c) option, but you
might want to investigate some of the other alternatives if you do this
a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for DOS
& UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a few
others.
Quicrypt is interesting in that it comes in two flavors: shareware
exportable and registered secure. Atbash2 is interesting in that it generates
ciphertext that can be read over the telephone or sent by Morse code. DLOCK
is a no-frills strong encryption program with complete source code. Curve
Encrypt has certain user-friendliness advantages. HPACK is an archiver (like
ZIP or ARC), but with strong encryption. A couple of starting points for your
search are:
U.S. only availability:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://idea.sec.dsi.unimi.it/pub/crypt/code/
HOW DO I SECURELY DELETE FILES (DOS)?
If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
US
ftp://ftp.csn.net/mpj/public/del120.zip
NL
ftp://basement.replay.com/pub/replay/pub/security/del120.zip
UK
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip
WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?
The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.
ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip
WHERE DO I GET PGPfone(tm)?
PGPfone is in beta test for Macintosh and Windows'9 users.
The MIT has shut down their ftp distribution of PGPfone <tm> for
Macintosh and Windows'95, so within the U.S/Canada you must obtain
PGPfone <tm> using a WorldWideWeb browser.
U.S. only availability:
http://web.mit.edu/network/pgpfone
International availability:
DK
ftp://ftp.datashopper.dk/pub/users/pethern/pgp/
NL
ftp://basement.replay.com/pub/replay/pub/voice/
NO
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://menja.ifi.uio.no/pub/pgp/windows/
WHERE DO I GET NAUTILUS?
Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a
program called Nautilus that enables you to engage in secure voice
conversations between people with multimedia PCs and modems capable of
at least 7200 bps (but 14.4 kbps is better). See:
U.S. only availability:
ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.ox.ac.uk/pub/crypto/misc
ftp://basement.replay.com/pub/replay/pub/voice/
The official Nautilus homepage is at:
http://www.lila.com/nautilus/
HOW DO I ENCRYPT MY DISK ON-THE-FLY?
Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.
Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.
Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.
Cryptographic File System (CFS) is a Unix device driver that uses DES.
CryptDisk is a ShareWare package for Macintosh that uses strong IDEA
encryption like PGP.
U.S. only availability:
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
International availability:
http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.ox.ac.uk/pub/crypto/misc/
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://basement.replay.com/pub/replay/pub/disk/
WHERE IS PGP'S COMPETITION?
RIPEM is the second most popular freeware email encryption package. I like
PGP better for lots of reasons, but if for some reason you want to check or
generate a PEM signature, RIPEM is available at ripem.msu.edu. There is also
an exportable RIPEM/SIG.
U.S. only availability:
ftp://ripem.msu.edu/pub/GETTING_ACCESS
International availability:
ftp://idea.sec.dsi.unimi.it/pub/crypt/code/
HOW DO I PUBLISH MY PGP PUBLIC KEY?
Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other. There are other key servers, too.
pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net
WWW interface to the key servers: http://www.pgp.net/pgp/www-key.html
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
For US $20/year or so, you can have your key officially certified and
published in a "clean" key database that is much less susceptible to
denial-of-service attacks than the other key servers. Send mail to
info-pgp@Four11.com for information, or look at http://www.Four11.com/
Of course, you can always send your key directly to the parties you wish to
correspond with by whatever means you wish.
CAN I COPY AND REDISTRIBUTE THIS FAQ?
Yes. Permission is granted to distribute unmodified copies of this FAQ.
Please e-mail comments to Peter Herngaard <pethern@datashopper.dk>
Look for the latest html version of this FAQ at
http://inet.uni-c.dk/~pethern/getpgp.html
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Jul 1996 13:43:37 -0500 (CDT)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V9 #004
******************************
.