Date: Mon, 23 Aug 93 16:32:35 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#018 Computer Privacy Digest Mon, 23 Aug 93 Volume 3 : Issue: 018 Today's Topics: Moderator: Dennis G. Rears SEA Opposes Privatization of Digital Signature Standard Re: Social Security numbers Re: License Photo Images Encryption software for Internet-MCI Mail connection Re: Enhanced Driver's License Re: Trusted source for PGP keys The CA DMV keeps photo and finger print info!! The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Subject: SEA Opposes Privatization of Digital Signature Standard Date: Thu, 19 Aug 1993 20:13:29 -0400 (EDT) Reply-To: sea@sea.org From: The Society for Electronic Access August 19, 1993 FOR IMMEDIATE RELEASE CONTACT: Simona Nass (212) 982-4320 or simona@sea.org Society for Electronic Access (SEA) Opposes Privatization of Digital Signature Standard In June, the National Institute for Standards and Technology (NIST) published in the Federal Register its intention to grant an exclusive license for nongovernmental use of the Digital Signature Algorithm (DSA), a technique developed for NIST by federally-funded researchers. DSA can help people authenticate the origin of electronic mail and other computerized messages. NIST has proposed making DSA the basis of a standard for digital signatures for transactions within federal agencies and by anyone doing electronic business with the government (and thus, de facto, by anyone else interested in a widely-accepted digital-signature standard). Interested parties were given 60 days to comment. The SEA has now gone on record opposing this license on three grounds: 1) The law requires an open discussion of whether such an exclusive license serves the interests of both the government and the public _before_ the license and its terms are proposed. 2) The proposed license directly contravenes NIST's stated purpose in developing DSA in the first place, which was to make a digital-signature standard free of encumbrance from privately held patent licenses, one that would be available royalty-free worldwide. 3) The proposed license violates federal law governing the granting of exclusive licenses. The law states that an exclusive license can only be granted for a patent if it can be shown that the technology embodied in the patent would not otherwise be developed, brought to market and widely used. Considering that NIST's proposed licensee, Public Key Partners, is currently engaged in legal action to prevent anyone else from developing or marketing digital-signature technology in the U.S., they appear to be an unlikely choice to ensure the widest possible use of DSA. Indeed, granting an exclusive license to PKP would extend their potential legal monopoly on digital signatures until 2010. Opposition to the NIST/PKP deal has been widespread throughout the electronic community. NIST has yet to respond to the SEA's August 9 filing, or to comments filed by other organizations (a full text of the SEA's statement, written by SEA board member Clay Shirky, is available via Internet gopher -- reach gopher.panix.com and look under Society for Electronic Access (SEA), Telecom Law Information, SEA Comment on NIST-PKP Agreement -- or via e-mail by sending a request asking for the "SEA Comment on NIST-PKP Agreement" to sea@sea.org). The Society for Electronic Access is a New York-based organization focusing on electronic civil liberties and access issues; for more information, e-mail sea-info@sea.org; write to The Society for Electronic Access, Post Office Box 3131, Church Street Station, New York, NY 10008-3131; or call (212) 982-4320. ------------------------------ Newsgroups: comp.org.eff.talk,comp.privacy,comp.society.privacy From: Chris Hibbert Subject: Re: Social Security numbers Followup-To: comp.society.privacy Organization: CPSR (Computer Professionals for Social Responsibility Date: Thu, 19 Aug 1993 23:12:16 GMT There is an FAQ on SSNs. It is available via anonymous ftp from rtfm.mit.edu in the file /pub/usenet/news/answers/ssn-privacy. It's also available from mail-server@rtfm.mit.edu by sending a mail message containing the line "send usenet/news/answers/ssn-privacy" (without the quote marks) as the sole contents of the body. Send a message containing "help" to get general information about the mail server, which also has many other FAQs. Today is the first time I've read any of these newsgroups, so I don't know whether SSNs are frequently discussed here. I currently post the FAQ in all of the following groups: alt.privacy, misc.legal, news.answers, alt.society.civil-liberty, comp.society.privacy, misc.answers, comp.answers, alt.answers Please let me know if I need to add even more groups to my list. ------------------------------ Date: Fri, 20 Aug 93 07:23:27 EST From: SCHULTZA@pentagon-hqdadss.army.mil Subject: Re: License Photo Images Virginia is in the process of converting to a digitized id with a mag stripe. I'll stay in Maryland where my SS# is not on the id. (Does anyone have a list of states that use the SS# on the id?) From: Kelly Bert Manning >>A woman in vancover had her life turned into a nightmare after a young >>man who walked into her place of work distracted her, took her ID and >>credit cards and disappeared. Her credit cards had been rung up past >>her credit limit by the time she finished work and reported them stolen. ... remainder of sad story removed ... This story shows why US citizens should complain about having their SS# on their id card. Far too many transactions are tracked by SS#. If anyone is in the D.C. area, I recommend the Holocaust Memorial. There is an interesting display on how the Germans tracked Jews using the census, id cards and forced tattooing. Part of the display is a Hollerith machine. ------------------------------ From: "David H. Rothman" Newsgroups: alt.privacy,comp.society.privacy,comp.org.eff-talk Subject: Encryption software for Internet-MCI Mail connection Date: 20 Aug 1993 12:38:54 -0400 Organization: Express Access Online Communications, Greenbelt, MD USA What encryption programs would be effective and easy to use for encrypting messages (in either direction) between MCI Mail and the Internet? If they're shareware, please pass on ftp information. If they're commercial, please give phone numbers of vendors if available. Yes, I welcome *basic* info on PEM. A lawyer acquaintance is interested in the above. He presumably would like a program suitable for the nontechnical--something that wouldn't slow them down, and that would be reliable. I myself would like to know for the purpose of a brief article I'm writing about the Internet for PC LapTop. Indicate if you'd mind being quoted. I may or may not use quotes. PLEASE REPLY DIRECTLY VIA E-MAIL TO DROTHMAN@DIGEX.NET Thanks! David Rothman P.S. I welcome info from the developers themselves and anyone else with a vested interest in a particular program. Just please let me know of the connection. ------------------------------------------------------------------------------- David H. Rothman "So we beat on, boats against drothman@digex.net the current...." 805 N. Howard St., #240 Alexandria, Va. 22304 703-370-6540(o)(h) ------------------------------------------------------------------------------- ------------------------------ From: Cristy Subject: Re: Enhanced Driver's License Organization: DuPont Central Research & Development Date: Fri, 20 Aug 1993 15:10:11 GMT In article Christopher Zguris <0004854540@mcimail.com> writes: >photo ID (I don't drive, so I never had the need until recently when >everyone seems to want photo ID for credit card purchases) ... If you use VISA a merchant cannot require a photo ID. Quoting from a letter from VISA International: Please be assured that it is Visa policy that under no circumstances may a merchant refuse to honor a Visa card simply because the cardholder refuses a request for supplementary information. -- cristy@dupont.com ------------------------------ From: news@cbnewsh.att.com Date: Sat, 21 Aug 93 03:17:02 GMT Original-From: Newsgroups: comp.society.privacy Subject: Re: Trusted source for PGP keys Organization: Electronic Birdwatching Society In article Marcos Javier Polanco writes: Sorry if this is in a FAQ, but is there some trusted entity in the internet which publishes the public keys of individuals using PGP? Sort of by definition, no. There are a couple of archives on the net, including anonymous ftp at tbird.cc.iastate.edu:/usr/explorer/public-keys.pgp and email to pgp-public-keys@jpunix.com (send mail with Subject: HELP or GET) You get a LOT of keys. They've got whatever signatures on them that they have, from whoever signed them, which lets you build a web of trust extending out from the people you trust directly. The tradeoff they've made is the convenience of adding your key to the server (you basically just email it to them), at the expense of getting a signature from the maintainer, who is unlikely to know all the hundreds of people who have their names there. But it's a good start, and if you can verify the signatures of a few people who've signed keys for a few other people who've signed keys for well-known people, you can trust a lot of keys. -- # Pray for peace; Bill # Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ # White House Comment Line 1-202-456-1111 fax 1-202-456-2461 # ROT-13 public key available upon request ------------------------------ Newsgroups: comp.society.privacy From: "Richard M. Flood" Subject: The CA DMV keeps photo and finger print info!! Organization: University of Massachusetts Dartmouth Date: Sun, 22 Aug 1993 01:33:25 GMT Apparently-To: comp-society-privacy@uunet.uu.net I just read the posts abot the CA DMV keeping photo and finger print info. When did this start going on? Did any one in CA fight these laws? Since I live on the East Coast and don't usually read this group I dodn't know this had happened. I am totaly shocked learning about the CA DMV's policy. I guess that the fight for privacy is almost lost, DNA finger prints must not be far away. -Rich -- ------------------------------------------------------------------------------- Richard M. Flood rflood@cis.umassd.edu ------------------------------ End of Computer Privacy Digest V3 #018 ******************************