Date: Mon, 22 Jul 96 20:08:23 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V9#005
Computer Privacy Digest Mon, 22 Jul 96 Volume 9 : Issue: 005
Today's Topics: Moderator: Leonard P. Levine
Re: Unsolicited email
Re: Unsolicited email
Re: Unsolicited email
Re: Unsolicited email
Re: Unsolicited email
Re: Privacy of eMail Address
Re: Privacy of eMail Address
Looking for Internet Privacy Stories
Ripem
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: notme@nothere.com
Date: 15 Jul 1996 22:56:54 GMT
Subject: Re: Unsolicited email
Organization: Netcom
References: <comp-privacy9.4.12@cs.uwm.edu>
mhorne@ucla.edu (Mark Horne) wrote:
With increasing frequency I have been receiving unsolicited email
from persons attempting to sell some product or service. I suspect
that my address is being culled from Usenet posts.
I'd suggest not using a real email name in the header. While that's a
bit of a pain, I've decided that I'd rather do that, then continue to
get added to mailing lists.
For the same reason, I decided to enclose my email address in a block
of a's. If somebody wants to go the trouble of manually adding my
email address to a list which I'll ignore, more power to them. :) By
the same token, if somebody makes a program smart enough to stip it out
automatically, good for them. But I'm not going to make it easy. :)
--
Email to: (ignoring the a's :)
aaaaaaaaaaaaaaaaa
aejm@sprynet.coma
aaaaaaaaaaaaaaaaa
------------------------------
From: bo774@FreeNet.Carleton.CA (Kelly Bert Manning)
Date: 17 Jul 1996 07:23:15 GMT
Subject: Re: Unsolicited email
Organization: National Capital Freenet, Ottawa, Canada
Mark Horne (mhorne@ucla.edu) writes: "Unsolicited email of a
commercial nature will be read, responded to, and/or disposed of
for a fee of $1,000 (USD). The transmission of an unsolicited
commercial message to the above electronic mail address constitutes
agreement to these terms."
The difficulty I see is proving someone collected my address after
this "contract" is added to my signature line. On the other hand,
it may also scare off many of these junk email operators.
Comments?
I don't think that someone data mining usenet archives for addresses
will be scared because I can't imagine that they actually read any of
the posts or apply any sort of disclaimer search software. Some of
these creeps claim to have compiled lists of 100000s of IDs through
such careful "research". I expect that the research begins and ends
with a sort and duplicate merge of IDs.
Why not telnet to any member of the National(:-) Public
Telecommunications Network(such as this node), login as guest, fill in
an online application, mail the signed copy, wait for the ID to be
activated, and use that for posting, after typing a SIG such as the one
below.
Also, when using the freeport poster, never use "append to", select an
editor and edit posts.
I'm not sure how you would get an order to produce documents from a
court in the USA, but where I live it is a simple matter of filing a
notice of claim in the court registry, accompanied by a request for a
judges order to produce documents.
If you start fresh with a new ID/node and consistently use your sig
then failure on their part to produce documents will leave the balance
of evidence/presumption on your side. Note that this is civil law, not
criminal law, so "reasonable doubt" just won't buy them anything.
You could probably use your sig to get action if an ISP seems
uncooperative about pulling the plug on an e-mail spammer, because once
advised of the offer they would probably share some liability for any
repeat spamletters sent to you.
I find the best way to shut down the spamletter operators is to look
for bona fide reply IDs in the body of the newsletter and complain to
the ISP, eg. abuse@aol.com. A "legitimate" company that finds it's
reply IDs hosed after advertising in a spamletter might find itself in
a position to seek damages from the spammer.
I believe that there are many legal precedents for obtaining judgements
against junk phone callers and snail mailers.
Hasn't the founder of Private Citizen Inc. won several cases against
junk phone callers. He talks politely to them about how their offer
sounds "really good", but he just is concerned about dealing with some
unknown party over the phone, so they offer some details about who
they(the junk calling boiler room) are. He checks this against his list
of orgs he's already advised of his standard offer. If they are new he
tells them about it. If they are a repeat caller he tells them that
they were warned before and that they now owe him money. He then
collects it.
Note that you do not have to perform any kind of service or use a
"reasonable" rate, although my rate is based on what I get paid if my
employer calls me at home. An Ontario woman won a judgement for almost
$800 against "Columbia House" after they refused to comply with here
initial request to stop sending her crap mail and ignored her first few
invoices for minor amounts. Getting exasperated she sent them another
invoice with a warning that the next piece of junk they sent her would
cost them $750, waited till it arrived, filed a small claim action, and
collected every penny.
Have you reviewed news.admin.net-abuse.misc
or news.admin.net-abuse.email?
--
notice: by sending advertising/solicitations to this account you will be
indicating your consent to paying me $70/hour for a minimum of 2 hours for
my time spent dealing with it
------------------------------
From: dan@dvl.co.nz (Dan Langille)
Date: 17 Jul 1996 19:00:42 GMT
Subject: Re: Unsolicited email
Organization: DVL Software Limited
References: <comp-privacy9.4.12@cs.uwm.edu>
mhorne@ucla.edu (Mark Horne) wrote: The difficulty I see is proving
someone collected my address after this "contract" is added to my
signature line. On the other hand, it may also scare off many of
these junk email operators. Comments?
I am also getting unsolicited mail. To multiple addresses, all of
which arrive here in my intray. I too suspect Usenet. Apart from
complaining to the send and their postmaster, there's not much I feel I
can do. It's really annoying considering I have to mail for this junk
mail and then again to complain about it.
As for scaring them off, I don't think they actually look at the sigs.
I think someone is running a program over the collected messages and
extracting the addresses.
As for proving before/after, given that I'm part of a wider domain, I
could just change my address (say to "langille@dvl.co.nz") and at the
same time add the contract to the sig. But that is not an option for
everyone. Perhaps just changing the name, say to "D Langille
<dvl@co.nz>"
I would like to do something more about junk mail. It should not
continue.
--
Dan Langille
DVL Software Limited - Wellington, New Zealand
------------------------------
From: Pete Morgan-Lucas <pjml@swmis.nerc-swindon.ac.uk>
Date: 18 Jul 1996 14:48:41 -0700
Subject: Re: Unsolicited email
Organization: Natural Environment Research Council
References: <comp-privacy9.4.12@cs.uwm.edu>
Mark Horne wrote: With increasing frequency I have been receiving
unsolicited email from persons attempting to sell some product or
service. I suspect that my address is being culled from Usenet
posts.//Snip// The difficulty I see is proving someone collected my
address after this "contract" is added to my signature line. On
the other hand, it may also scare off many of these junk email
operators. Comments?
As you say, proving they saw your 'contract' would be problematic.
Most of the "Screen-scrapers" who build address-lists from Usenet
postings etc. just run a script that searches for strings with an
@-symbol in them, and assume that this is a mail-address. They most
certainly do *not* have some human actually browsing newsgroups, so
your attempt to prove your "contract" was ever viewed by the sender is
fraught with difficulty.
And bearing in mind the well-established trading of email address-lists
that goes on these days, it could easily be that the person who screen-
scraped your mail address in the first place, and the person who
ultimately junkmails you, could be separated by several steps and a
whole host of intermediate companies.
No easy answer, i'm afraid!
//Pete Morgan-Lucas//
"Do not disengage overdrive at speeds below 120MPH"
------------------------------
From: ratner@sacajawea.cs.ucla.edu (Dave Ratner)
Date: 19 Jul 96 16:20:36 GMT
Subject: Re: Unsolicited email
Organization: University of California, Los Angeles
References: <comp-privacy9.4.12@cs.uwm.edu>
mhorne@ucla.edu (Mark Horne) writes: The difficulty I see is
proving someone collected my address after this "contract" is added
to my signature line. On the other hand, it may also scare off
many of these junk email operators. Comments?
I too have been plagued with increasing numbers of unsolicited email,
sometimes to accounts that I maintain but never use (meaning that they
are getting the address from somewhere other than Usenet).
However, even if they were coming from Usenet posts, I have to assume
that email addresses are collected automatically, and therefore would
be uneffective in scaring off potential junk email operators.
Additionally, since there other methods of obtaining addresses other
than from Usenet posts, I see the difficulty that you point out as
being almost impossible to prove in any legal sense.
Nevertheless, I am considering such measures...even if it helps just a
little.
--
Please send money, | Dave Ratner | "Nun sacciu, nun vidi, nun
beer, or a signed PhD | ratner@cs.ucla.edu | ceru e si ceru durmivu"
<http://ficus-www.cs.ucla.edu/ratner/>
------------------------------
From: skg@sadr.com (Keith Graham)
Date: 16 Jul 1996 00:22:17 GMT
Subject: Re: Privacy of eMail Address
Organization: MindSpring Enterprises
References: <comp-privacy9.4.5@cs.uwm.edu>
Mich Kabay <75300.3232@CompuServe.COM> writes: As far as the damage
to the author's privacy is concerned, I suggest you do a search
using DejaNews (http://www.dejanews.com) to see if the complainant
has ever, in fact, posted anything to the USENET using the specific
user ID you (wrongly, in my opinion) posted in public. If they
have, it seems to me (as a non-lawyer) that they wouldn't have much
of a case for damages even though you erred in posting without
permission.
Since this is a privacy question, I'd like to point out that saying
"I've received email from _____@______._____" is not against the
copyright law. So while posting the entire message might be against
the copyright law, that's not the place to look if you want to protect
your own privacy.
--
Keith Graham
skg@sadr.com
------------------------------
From: pjkrupin@aol.com (P J Krupin)
Date: 20 Jul 1996 13:40:25 -0400
Subject: Re: Privacy of eMail Address
Organization: America Online, Inc. (1-800-827-6364)
References: <comp-privacy9.4.11@cs.uwm.edu>
A copyright does belong to a person on creation of a creative work, and
an e-mail letter is a creative work. Forwarding or posting the e-mail
would be a violation unless you acquired permission prior to forwarding
or posting.
Best advice when you want to use someone's writing is to get permission
before using it. You need to probably explain how your going to use
it, and then be faithful to your stated purpose.
There are fair use exceptions in copyright laws, but it's far better to
work with an author, or owner, rather than risk reprisal and all the
entanglements that go with it.
--
Paul J. Krupin
Direct Contact Publishing
------------------------------
From: Joel McNamara <joelm@eskimo.com>
Date: 22 Jul 1996 10:35:26 -0700
Subject: Looking for Internet Privacy Stories
I'm compiling what I hope will be the definitive source of worldwide
case studies that demonstrate the benefits of Internet privacy tools.
These stories will have a human focus, and clearly show the importance
of PGP, anonymous remailers, and other tools to cultural, economic, and
political processes.
The goal is to have a body of accounts that show Internet privacy
technologies being used to benefit society. These stories will be
published on a Web page, and can be used by privacy advocates to
contrast against government claims that encryption and other tools will
solely benefit criminals. If there are enough compelling stories, they
may eventually find their way into a book.
If you have a story to tell, or know someone who does, I'd like to hear
it. It doesn't have to be an exciting "rebels in the jungle" account
either. In many ways, the everyday "slice of life" stories may be more
important in showing the value of electronic privacy.
Confidentiality will be maintained, of course. For details see:
http://www.eskimo.com/~joelm/privacy.html
--
Joel McNamara
joelm@eskimo.com
------------------------------
From: "howard b.schwartz, m.d." <howards@hbschwartz.com>
Date: 22 Jul 1996 16:36:26 -0500
Subject: Ripem
does anyone know the latest version of ripem for dos/windows95 and
where to get it?
[Ripem is the encryption program developed by mark riordin at michigan
state university,and is an implementation of pem (privacy enhanced
mail)]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Jul 1996 13:43:37 -0500 (CDT)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V9 #005
******************************
.