Date: Wed, 24 Jul 96 21:31:26 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V9#006
Computer Privacy Digest Wed, 24 Jul 96 Volume 9 : Issue: 006
Today's Topics: Moderator: Leonard P. Levine
Call for Papers on Privacy and Technology
National Conference on Ethics and Popular Culture
InfoWorld Magazine gives thumbs-up to NSClean
Privacy and Copyright Disputes
Myers-Briggs
Re: California Caller ID News
Re: Unsolicited email
Re: Unsolicited email
Re: Unsolicited email
Re: Unsolicited email
Re: Cookies
Attorney General on Encryption, Copyrights [long]
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: martina@unibw-hamburg.de (Martina Schollmeyer)
Date: 16 Jul 1996 12:20:48 GMT
Subject: Call for Papers on Privacy and Technology
Organization: University of Hamburg -- Germany
Technology Studies is pleased to announce a Call for Papers for a
Special Issue of the journal devoted to Technology and Privacy in
Organizations. TS is a multidisciplinary, international journal
published by Walter de Gruyter, Inc. (Berlin and New York).
The issue on Technology and Privacy in Organizations will provide a
forum for discussion of privacy issues which arise from the
implementation of specific technologies, as well as with more general
concerns about the increasingly technological nature of society.
Technology includes: artifacts and hardware; technology practices
including human behaviour and related technology; technical phenomena;
techniques or skills involving a significant technical component.
Privacy includes issues related to: the relative effects of various
types of technology on organizational parties, moderators of the
relationship between technology and organizational privacy, the effects
of organizational privacy on job-related outcomes (e.g., attitudes,
behaviours), moderators of the relationship between organizational
privacy on job-related outcomes, relative effectiveness of legal and
contractual (e.g., collective bargaining agreements) strategies for
protecting organizational privacy, invasion of privacy through the
exchange or sale of data about individuals (e.g., employees, customers)
by organizations, and the effectiveness of legislation for protecting
privacy in organizational settings. Papers should address the privacy
issues likely to contribute to the proper use of technology, and of its
role in society.
All papers should conform to the APA Style Guide, and each manuscript
must have a concluding section entitled IMPLICATIONS FOR RESEARCH AND
MANAGEMENT. As well, the paper's relationship to the subject of
TECHNOLOGY must be made clear.
For more information or to submit, please mail six copies of your
manuscript to:
Eugene F. Stone-Romero, Special Issue Editor
Technology Studies
Faculty of Management
University of Lethbridge
Lethbridge, AB Canada T1K 3M4
Phone: (403) 320-6966 (MST, mornings only); Fax: (403) 329-2038
E-Mail: Gattiker2@Cetus.Mngt.ULeth.CA
------------------------------
From: "Robert Huntley (COAS)" <huntley@stpt.usf.edu>
Date: 16 Jul 1996 16:07:18 -0400
Subject: National Conference on Ethics and Popular Culture
Organization: University of South Florida
National Conference on Ethics and Popular Culture
hosted by
The Ethics Center
University of South Florida
The Ethics Center at USF is pleased to announce its second annual
National Conference on Ethics and Popular Culture. The Ethics Center
Program Committee welcomes papers and proposals for panels and
colloquia on ethical issues with respect to popular culture for
presentation at this year's conference. Papers and presentations may
focus on any aspect of the general topic.
** Presentations that depart from the standard academic paper format
are encouraged. **
Manuscripts and proposals must be typed and double-spaced. Papers should
not exceed 45 minutes reading time. Presentations that involve the
audience in an interchange of ideas and scholarship are encouraged.
Conference held on Thurs. and Fri. April 10-11, 1997.
Deadline for the submission of:
Proposals for panels, colloquia, and
special presentations. . . . . . . . . . . . . . . . Nov. 15, 1996
Papers . . . . . . . . . . . . . . . . . . . . . . . Jan. 15, 1997
The program will be finalized by February 1, 1997
Web Page: http://www.stpt.usf.edu/coas/ethics
[moderator: truncated to conserve space.
------------------------------
From: Kevin McAleavey <kevinmca@wizvax.net>
Date: 17 Jul 1996 02:39:39 -0700
Subject: InfoWorld Magazine gives thumbs-up to NSClean
Organization: wizvax.net
For those of you who read InfoWorld, a trade paper for computer IS
managers, an article appeared in the July 15th issue on the front page
regarding the NSClean product for use with Netscape to clean files kept
on your machine that could compromise your security. If you can manage
to find a copy of InfoWorld, do read the article on Web security in
this week's issue.
Rather than beating a dead horse in this newsgroup, I've placed a web
page which describes the product and discusses "cookies", "cache files"
and "user history databases" kept by the Netscape browser which can be
grabbed by strangers, often without your knowledge.
The web site address for your edification and amusement (along with a
free download of a demo of NSClean) can be found at:
http://www.wizvax.net/kevinmca/
I have greatly appreciated the email from readers of this group, but
this will be my final missive before it gets tiresome. Thanks for your
indulgence, folks!
------------------------------
From: Robert Gellman <rgellman@cais.com>
Date: 17 Jul 1996 18:17:04 -0400 (EDT)
Subject: Privacy and Copyright Disputes
There have been some messages posted here lately about some ongoing
disputes about privacy and copyright issues. There is a new Internet
service that offers to arbitrate disputes involving these issues. The
Virtual Magistrate Project is an experimental service that will take
disputes between two (or more) willing parties and provide neutral
decisions by independent and highly qualified arbitrators. Everything
is done through email, and no one needs to have a lawyer. The service
is cheap (ten dollar filing fee) and readily available.
If you think that you might have a qualifying dispute or are interested
in the Virtual Magistrate, surf over to the home page which is
maintained at Villanova Law School. The address is
<http://vmag.law.vill.edu:8080>.
There is a complete explanation and full documentation there. You can
even find a complaint form and a disucssion group.
Bob
Executive Director
Virtual Magistrate Project
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: chuber@hns.com (Carl Huber)
Date: 22 Jul 1996 17:29:12 GMT
Subject: Myers-Briggs
Organization: Hughes Network Systems Inc.
I have been asked by a low level manager to take the Myers-Briggs Type
Indicator (MBTI) test. This is so they can manage the team better, by
knowing which people to put together, etc. I only have a little bit of
a queasy feeling about that aspect of it. I suspect that too much
importance could be placed on it to the extent of superceding common
sense.
The big problem I have, is, how else could this information be used?
And by whom? It would undoubtedly be stored electronically in someone's
database. Could I possibly be haunted by it in the future, in another
job or while searching for a job, or in other unrelated circumstances
(e.g., civil or other court proceedings?)
Does anyone out there have any experience with this sort of thing? Am
I being a hypersensitive jerk about my privacy by declining to complete
the test?
-----------------------------------------------------------
Carl Huber
Chuber@hns.com
-----------------------------------------------------------
------------------------------
From: mwilson@cts.com (Marc Wilson)
Date: 23 Jul 1996 13:25:55 GMT
Subject: Re: California Caller ID News
Organization: What organization?
References: <comp-privacy9.1.8@cs.uwm.edu> <comp-privacy9.3.5@cs.uwm.edu> <comp-privacy9.4.9@cs.uwm.edu>
wombat@zelazny.aquilagroup.com (Christopher M. Conway) wrote: The
problem is it's an invasion of privacy both ways. I have a right
to refuse to give out private information.
Where is the difference in giving out the information before or after
the phone is picked up, other than in convenience to the called party?
Or are you in the habit of making totally anonymous calls (where the
called party doesn't know who you are from start to finish?)
I do not have the right to *require* that your phone ring if I call
with caller id blocked.
True.
You do not have the right to *require* my phone number if I attempt
to call.
Ah... but that's exactly what I'm doing. :)
Blocking is a sensible compromise.
No... it's the least objectionable compromise.
BTW... I'd be satisfied with NAME only, as long as EVERYONE was
required to have it. No blocking at all. Of course, that'll never
happen.
--
Marc Wilson | SD Comic Con '96 Volunteer Coordinator
Imperial Beach, CA | Check this URL for my home page & Con info:
e-mail: mwilson@cts.com | `--> http://www.geocities.com/Athens/1148
------------------------------
From: richard.herring@gecm.com (Richard Herring)
Date: 23 Jul 1996 14:35:49 +0000 (GMT)
Subject: Re: Unsolicited email
Organization: GEC-Marconi Research Centre
References: <comp-privacy9.4.12@cs.uwm.edu> <comp-privacy9.5.1@cs.uwm.edu>
mhorne@ucla.edu (Mark Horne) wrote: With increasing frequency I
have been receiving unsolicited email from persons attempting to
sell some product or service. I suspect that my address is being
culled from Usenet posts.
notme@nothere.com wrote: I'd suggest not using a real email name in
the header. While that's a bit of a pain, I've decided that I'd
rather do that, then continue to get added to mailing lists.
Unfortunately that means that your news posting is not compliant with
RFC1036, which (to assist in tracing delivery problems) requires a real
email address in the From or Sender header. Any news site which cares
enough about these things to check could quite legitimately junk your
postings.
--
Richard Herring | richard.herring@gecm.com | Speaking for myself
GEC-Marconi Research Centre | Not the one on TV.
------------------------------
From: Patrick Crumhorn <patrik@IO.COM>
Date: 23 Jul 1996 10:23:07 -0500 (CDT)
Subject: Re: Unsolicited email
Pete Morgan-Lucas wrote: Most of the "Screen-scrapers" who build
address-lists from Usenet postings etc. just run a script that
searches for strings with an @-symbol in them, and assume that this
is a mail-address. They most certainly do *not* have some human
actually browsing newsgroups, so your attempt to prove your
"contract" was ever viewed by the sender is fraught with
difficulty.
Hmmmm...if I park in a private lot, that is clearly marked with a
"violators will be towed" sign, it is no legal defense for me to claim
I did not see the sign. And my failure to read a lease form will not
protect me if I violate the lease anyway.
I imagine a good contract-law attorney hauling one of these guys to
small-claims court might have enough of a chilling effect (assuming the
case was well-publicized over the net) to eliminate at least a good
percentage of the email spamming. If they DO have to vet each Usenet
message to make sure there is no valid "contract signature" appended,
it becomes less viable for them to do mass spamming.
Now...any suggestions about how to deal with the hundreds of smaller
Usenet groups that have become virtual wastelands due to spammers
outnumbering legit posters by a 50-1 ratio?
--
Patrick Crumhorn patrik@io.com
http://www.io.com/~patrik
------------------------------
From: mjfox@raleigh.ibm.com (Mike Fox)
Date: 23 Jul 1996 18:11:21 GMT
Subject: Re: Unsolicited email
Organization: ISSC South Region, RTP, NC
References: <comp-privacy9.4.12@cs.uwm.edu> <comp-privacy9.5.3@cs.uwm.edu>
mhorne@ucla.edu (Mark Horne) wrote: The difficulty I see is proving
someone collected my address after this "contract" is added to my
signature line. On the other hand, it may also scare off many of
these junk email operators. Comments?
dan@dvl.co.nz (Dan Langille) writes: I am also getting unsolicited
mail. To multiple addresses, all of which arrive here in my
intray. I too suspect Usenet.
I don't think it's usenet. I do most of my usenet posting from this id
and almost never get junk mail here. I have another id that ends in
ibm.net that almost never posts on usenet yet gets on average one piece
of junk a day. I suspect that a mailing list I belong to was
compromised.
Apart from complaining to the send and their postmaster, there's
not much I feel I can do. It's really annoying considering I have
to mail for this junk mail and then again to complain about it.
That's really all I feel I can do too. I usually forward the junk
e-mail in its entirety back to the sender, back to all reply addresses
the sender puts in the junk letter, and to abuse@ and postmaster@ the
sender's domain and the domains of all reply addresses mentioned in the
letter.
--
Mike
------------------------------
From: bruno@cerberus.csd.uwm.edu (Bruno Wolff III)
Date: 23 Jul 1996 18:59:33 GMT
Subject: Re: Unsolicited email
Organization: University of Wisconsin - Milwaukee
I have been looking into dealing with unsolicited email here at
UW-Milwaukee and I haven't had much in the way of positive results.
People who are especially interested in Email spam may want to read
some of news.admin.net-abuse.misc. There are already of number of
groups doing significant email spamming. There are several selling
email spamming packages (using email spam to advertise them).
Unfortunately Email spam is much harder to deal with than usenet spam.
usenet spam can and is being dealt with by a centralized group of
people who have semiautomated cancelling programs that cancel messages
posted to large numbers of groups and about making money fast. Because
Email is mostly point to point, Email spam needs to be dealt with at
each site. or by getting ISPs to prevent people from spamming. Dealing
with the ISPs is becoming more difficult. Many just care about their
income and not how their users affect the net. Some are even owned by
the spammers. Some ISPs are getting reluctant to cut people off who
are causing problems without worrying about lawsuits. By the time
spammers are cut off they have moved on to another location.
We are starting to get some spamming here at UW-Milwaukee. It seems to
be targeted to people who have posted to usenet (some of the Email
addresses mailed to were to a machine that hasn't existed for about 3
years.) rather than using our white pages server. The messages seem to
be on the order of one a week to the targeted people. We haven't been
receiving complaints from our users about this problem. I don't know
what fraction of the people receiving Email spam complain to the people
sending it.
In the near future I expect the amount of Email spam to increase to the
point where a lot of our users will find it an annoyance. I have
started looking into ways to solve the problem, but haven't come
accross any nice solutions.
Mail filtering on our end (on any sort) is going to be expensive in
computing resources. It is going to require someone to find spammers'
messages (unless all mail from unknown senders is discarded) and
provide filtering rules to our users before a majority of them receive
(or perhaps read) the mail.
We can't harrass ISPs because that could result in a lawsuit. We can
notify ISPs of our displeasure with and hope that if enough people
complain the ISPs will stay in line. I don't think this tactic is going
to work that well in the future.
If a group of large networks are willing to shun ISPs that are know to
support such activities, it might be possible to keep ISPs in line.
However this kind of activity could result in expensive lawsuits.
Making sending junk Email illegal has problems. It will be hard to
legally distinguish unsolicited junk Email from other kinds of
unsolicited email.
--
Bruno Wolff III <bruno@csd.uwm.edu>
------------------------------
From: siegman@ee.stanford.edu (A. E. Siegman)
Date: 20 Jul 1996 21:29:11 -0800
Subject: Re: Cookies
Organization: Stanford University
References: <comp-privacy9.2.2@cs.uwm.edu>
For a stark and surprising illustration of the problem, point your
Internet browser at this address:
http://www.13x.com/cgi-bin/cdt/snoop.pl.
I wasn't able to go there directly, but had to get there via
http://www.cdt.org/
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 22 Jul 1996 23:17:26 -0400
Subject: Attorney General on Encryption, Copyrights [long]
Forwarded posting:
Date: 20 Jul 1996 11:09:49 -0400
From: Cyber Rights <cyber-rights@cpsr.org>
To: cyber-rights@cpsr.org
Subject: Attorney General on encryption, copyrights
Message-ID: <199607201509.LAA10452@ruby.ora.com>
(Note from cyber rights moderator: the following is extracted from a
message that appeared on Freematt's Alerts (freematt@coil.com). This
section spends a lot of time justifying the law enforcement approach to
wiretapping/encryption, and also touches on copyright issues. I
believe it's important to hear the official views on these
subjects.--Andy)
Law Enforcement in Cyberspace Address By
The Honorable Janet Reno
United States Attorney General
Presented to the Commonwealth Club of California
San Francisco Hilton Hotel
333 O'Farrell Street, Grand Ballroom
San Francisco, California
June 14, 1996
12:30 PM
Reported by Cynthia M. Frazier
Court Reporter
.
.
.
But I would like to talk with you today about an extraordinary
challenge that our forefathers never dreamed would exist, a challenge
that will be one of the great issues we face in this coming century and
one of the great challenges that we in the Department of Justice face
now: how do we meet the 21st Century with a criminal justice
structure, with an understanding of technology that accounts for
technology while, at the same time, making sure that people control the
technology and that technology does not control people.
Technology permits us wonderful new opportunities, but it can also be
misused just as creatively to threaten public safety and national
security. The public is beginning to understand that information
technology, like other human creations is not an unqualified good.
Whether it benefits us or injures us depends almost entirely on the
fingers on the keyboard. So while the Information Age holds great
promise, it falls, in part, upon law enforcement to ensure that users
of networks do not become victims of New Age crime.
The sprawling networks that high-tech companies here in California use
to communicate with employees and customers worldwide also make those
companies tempting targets for computer intruders. These intruders may
try to steal trade secrets that represent a large investment in
research and development. Others may capitalize on the ability of
computers to cheaply, but reliably, copy and transmit illegally copied
material.
Indeed, the very same digital technologies that created the Information
Age also make software piracy and the counterfeiting of copyrighted
works a shamefully lucrative business. It may be a crime as simple as
somebody sitting in a kitchen in St. Petersburg, Russia with his
computer stealing from a bank in the United States.
Whatever the case, both in terms of technology of investigations and in
terms of law enforcement -- and law that goes with it -- we face a
challenge. With this nation's economic security so closely tied to our
national security, all facets of government must actively protect the
interest of U.S. industry. The Department of Justice is doing its part.
I consider high-tech crime to be one of the most serious issues that I
face in the Department and one of those that demands much of my
attention.
I would like to talk to you today about four of the major challenges
for law enforcement in this case.
First, widespread use of encryption demands that we think carefully and
responsibly about how to preserve law enforcement's access to
electronic evidence and not allow criminals to hide it to make
themselves immune from valid search warrants or valid wiretap orders
properly issued by the court.
For those who don't understand the word encryption -- and I think it is
so important that, as we deal with these new issues of technology, we
talk in small, old words that people can understand so that we, again,
do not let technology control -- it is simply a code than can prevent
people from understanding what you're saying and what you're
communicating, but it is a terribly sophisticated technological
device.
Second, advances in technology require that agents and prosecutors be
specially trained to respond to computer crime.
Third, the creation of global networks means that individuals
increasingly will commit crimes across national borders, requiring
increased cooperation in the international law enforcement community.
Finally, the storage of valuable intellectual property in electronic
form requires that we examine, and perhaps amend, existing laws drafted
with physical objects in mind.
This brings us to our first challenge: Ensuring law enforcement access
to encrypted data. Encryption can protect us. It can prevent criminals
and competitors alike from discovering our secrets and invading our
privacy. We believe that strong encryption is critical if people are
safely and competently working and playing on the global information
infrastructure, but encryption is also a new and powerful tool for
criminals.
Encryption can frustrate completely our ability to lawfully search and
seize evidence and to conduct electronic surveillance, two of the most
effective tools that the law and the people of this country have given
to law enforcement to do its work.
For example, today we can, with a court order secured under a careful
procedure to protect the privacy of innocent people, wiretap a
communication. But if the communication is encrypted, the court order
has no value. Therefore, our goal must be to encourage strong
encryption for privacy in commerce [while] preserving law enforcement's
ability to protect public safety and national security.
A consensus is now emerging throughout much of the world that the best
way to achieve this balance is by creating a system, otherwise known as
Key Escrow, to entrust the encryption keys with a neutral third party
-- these keys, in effect, unlocking the code under certain
circumstances. The government would then obtain the keys from the
escrow agent to decrypt the data but only as part of a legally
authorized and court-supervised investigation.
We are not looking to expand federal power or to increase our authority
to wiretap or to search. We look only to make existing law apply to new
technology. Let me describe, because as a local prosecutor and now as
Attorney General, I have watched the application of search and seizure
laws. I have signed wiretap applications, and so many people are
unfamiliar with them that they do not appreciate the process. But to
get a court-ordered wiretap, you have to present to the court careful
information that will show that there is probable cause to believe that
the individuals whose communication you seek to access is committing an
offense. You must show probably cause to believe that a particular
communication concerning that offense will be obtained by the
interception, and you must show that normal procedures have failed or
are unlikely to succeed or are dangerous.
Searches and seizures are indeed authorized by the Fourth Amendment to
the Constitution. The wiretap order and the search warrant are not the
personal prerogative of a police officer or a federal agent. They must
be approved upon application to an independent judge. We don't seek any
expansion of these powers, only the ability to make sense of the
evidence we can legally obtain to prosecute criminals.
Encryption, as a practical matter, diminishes the power of law
enforcement to do its job, and we seek only the way to maintain the
original status quo. The consequences of our losing the ability to
wiretap would be enormous.
Some of our most important prosecutions have depended on wiretaps, and
that is the same for many police agencies around the country. The
Commission and the Pizza Connection organized crime cases, two of the
most significant organized crime cases in this country's history,
yielded 25 convictions, including the conviction of heads of organized
crime families. One of those cases involved a $1.65 billion heroin
distribution ring. Those convictions and that case depended on
wiretaps.
The Operation Ill-wind Defense Procurement fraud cases resulted in some
60 convictions and hundreds of millions of dollars of fines. Major
investigations of the Columbian drug cartels have been absolutely
dependent on appropriate court-authorized wire taps, and the Polar Cap
money laundering investigation led to 56 arrests and the seizure of
$10.7 million in drug proceeds, again a result of wire taps.
Wire taps can also save lives. One wiretap uncovered the planned kidnap
of a young boy for a pornographic snuff film. Two recent emergency
wiretaps, one in Puerto Rico and the other in Los Angeles, saved the
lives of young children kidnapped and held hostage by narcotics
traffickers took [sic] like debts to the parents.
Some of our most important investigations would be lost if we could not
conduct wiretaps, but the consequences of the spread of unbreakable
encryption would, in fact, have far broader impact because we would
also lose our ability to search for and seize stored data and other
forms of [org.: ever] electronic evidence in all types of cases.
Whereas we might be able to get a regular search warrant if we had
encrypted data, that search warrant would be of no use unless we had
the key.
This is not a theoretical problem. We have already encountered
encryption of stored data in recent investigations. In the Aldrich Ames
[org.: Alder Chang] spy case, Soviet handlers told Ames to encrypt
computer files passed on to them. One subject used encryption to hide
pornographic images of children he had transmitted over the Internet.
In several computer hacker cases, subjects have encrypted computer
files to conceal the evidence. As encryption becomes stronger and is
used more frequently, the threat to public safety will increase. If we
do not preserve law enforcement's present investigative capabilities,
the spread of encryption could dramatically frustrate our ability to
protect the public.
Some suggest that the answer is simply better technology and more money
for law enforcement. They say if law enforcement is given the money, it
can decode even sophisticated 56-bit encryption. That's simply not
true. Money aside, decoding a 56-bit key using current technology is
so time consuming as to render the results useless to law enforcement.
We estimate that even with the top of the line super-computer, decoding
a 56-bit key would take over a year and the evidence would be long
gone. That's clearly too long.
For similar reasons, we continue to support export controls over
unbreakable cryptography. We understand that companies want to export
their encryption products and make sales, but unduly relaxing our
export controls would have significant costs for our national security
and for public safety in this country and worldwide. Nevertheless,
because we recognize the importance of all the interest involved, we
are currently exploring with industry ways to adjust export controls to
meet the needs of industry, consumers and public safety, and we are
working with other countries to develop an international solution that
will protect our privacy, our security, and our companies.
Our second challenge is to ensure that agents and prosecutors have the
knowledge and the tools to address high-tech crime. This is critical
because so many have come up through the traditional ranks of law
enforcement, through law schools, and are, in many instances,
unfamiliar with some of the technology and with some of the issues they
face.
Early on we recognized that computer crimes required specialized
training, and the FBI, which began its first computer crime squad in
1991, now has over 30 specially trained agents and three squads in
Washington, New York, and here in San Francisco.
The FBI has also established a Computer Analysis & Response Team to
deal with the technical problems presented by computer evidence, and
just last month we approved the establishment within the FBI of a
Computer Investigations & Threat Assessment Center to provide analysis,
training and support of all levels of the criminal justice system.
Similarly, the Justice Department created a Computer Crime Unit to lead
prosecutors and address complex issues presented in these cases. The
unit, which is currently doubling in size, operates with the active
support of our United States attorneys nationwide. Indeed, the Computer
Crime Unit has trained a national network of 120 prosecutors from every
district to coordinate nationwide investigations and serve as resident
experts in their offices.
As a result of these and other initiatives, our enforcement
capabilities have expanded dramatically. Although the technology
industry has often regarded computer crimes as technical problems with
technical solution, legal solutions are also necessary and vital. A
problem [sic] this fraud indeed requires us to use all appropriate
methods, and I urge you to call the FBI if you or your company is the
victim of computer crime. These cases are notoriously under-reported,
but there is nothing like a successful prosecution to punish a
criminal, deter others like him, and educate the public. I cannot
stress too much the need to report such crimes.
You can see in different situations what unreported [sic] produces. In
Miami, banks which suffered from embezzlement would be embarrassed to
report the crime and time would go by. Then they would come to us
wanting us to prosecute others. We would say, "Where have you been?" We
should be doing all along to ensure deterrence. It is so important that
we work with you to ensure that these crimes are reported that together
we take effective action to hold people accountable while, at the same
time, analyzing the pattern of the crime to see what could have been
done to prevent it in the first place. Having many talented people is
critical, but that's not enough.
Our third challenge has been to develop an international response to
combat hackers who attack computers across nationwide borders. Computer
offenses differ from traditional international crimes in several ways.
First, they are easier to commit. A hacker needs no passport and
crosses no checkpoints. Invisible to almost everyone, including often
the victim system itself, he simply types a command to gain entry.
Additionally, he needs few criminal associates since the sole hacker,
working alone, can effectively steal as much information as he
desires.
Moreover, until recently, computer crime had not been near the top of
international crime fighting agendas. For an international program to
work, affected nations must first agree that the criminal conduct
threatens public safety and requires international cooperation.
While some countries still have weak laws, or no laws, against computer
crime, I am pleased to report that this is changing. U.S. law
enforcement agencies are quick to help with training and also
unhesitatingly offer and solicit cooperation in investigating
international computer crimes.
Indeed, U.S.-initiated cases have led to foreign investigations of
hackers in Germany, England, Denmark, Sweden, and Argentina, and I
regularly meet with my counterparts around the world to determine just
what we can do to forge an international effort focused on high-tech
crime that really remains indifferent to borders.
The fourth challenge we face is the problem of protecting copyrights
and preventing counterfeiting, both domestically and worldwide. In
recent months, we have sent attorneys to Russia, China and Mexico in an
effort to encourage worldwide respect for intellectual property
rights.
On the domestic front, we are working to amend existing laws to better
protect intangible property. For example, it may surprise you to learn
that the federal statute outlining [sic] the interstate transportation
of stolen property does not cover intangible property such as computer
source code. We've proposed to change the law to correct his gap.
Our legislative proposals, which enjoy wide support, would also
significantly overhaul our most important computer crime statutes to
broadly protect the confidentiality, the integrity, and the
availability of data and systems.
Equally troubling, there is no federal criminal protection specifically
addressing one of the most serious threats posed to U.S. businesses and
to U.S. jobs: Economic espionage. Recent studies estimate that leading
American industries are losing billions of dollars a year from theft
and misuse of proprietary economic information. The global economy also
means that U.S. companies frequently compete with foreign corporations;
thus, proprietary business information about bids, contracts,
customers, and business strategy becomes most precious.
Indeed, since the start of [the] economic counter intelligence program,
the FBI reports 100 percent increase in economic espionage-related
investigations, approximately 800 cases involving the activities of 23
countries.
Despite these dangers and crushing loses, no specialized criminal law
-- federal criminal law -- currently protects a company's trade
secrets. This area of the law has historically been left to the states
to address. And while they have done an admirable job of protecting
victims within their own communities, most states cannot address the
global aspects of the problem. Therefore, we have drafted legislation
to create criminal penalties for economic espionage, especially when
sponsored by a foreign government.
We have also proposed legislation to ensure the law catches up with
technology in other ways. The current copyright law imposes criminal
penalties only when the infringement was committed for purposes of
commercial advantage or private financial gain. This was a sensible
limit in the physical world of books, phono records, and video tapes.
In today's environment, however, digital copies are so easy and
inexpensive to make, that some people are willing to run large
distribution schemes for free. Such a case occurred in Boston, where a
university community allegedly encouraged users of a computer bulletin
board to post and download software. The government's indictment
charged that the copyright holders lost more than $1 million in revenue
in about six weeks. But because the defendant sought no gain, we could
not charge a violation of the Copyright Act and the court thus
dismissed the charge. Our legislation will ensure that software is
protected from pirates, even when the pirate doesn't seek to profit.
The issues confronting us are difficult ones, but we can deal with them
if we make sure that we put people first and take steps to ensure that
technology does not control. It requires that all of us, instead of
holding back and saying, "I don't understand the technology," come
together to move into the 21st Century, to master it, and to make sure
that it serves us rather than threatens us.
Whether the challenge is protecting trade secret information or
defending intellectual property rights or prosecuting a foreign hacker,
if we are to do our job right [sic], citizens will enjoy the benefits
of the Information Age without becoming the victims of criminals who
would exploit it.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
Posted by Andrew Oram - andyo@ora.com - Moderator: CYBER-RIGHTS
A CPSR Project -- http://www.cpsr.org -- cpsr@cpsr.org
Cyber-Rights: http://www.cpsr.org/cpsr/nii/cyber-rights/
ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
CyberJournal: (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore
Materials may be reposted in their _entirety_ for non-commercial use.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
end forwarded material
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 24 Jul 1996 14:57:23 -0500 (CDT)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V9 #006
******************************
.