Date: Tue, 21 Dec 93 13:54:26 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#010 Computer Privacy Digest Tue, 21 Dec 93 Volume 4 : Issue: 010 Today's Topics: Moderator: Leonard P. Levine Maryland to introduce high-tech drivers' license Privacy in Massachusetts Question about Social Security Number Re: Encryption At School Re: Encryption At School Re: e-Mail privacy Re: Citizens Getting Credit Reports on Businesses Re: Cellular Phone Security Public Hearings on Privacy Frequently Asked Privacy Questions (FAQ) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Paul Robinson Date: Thu, 16 Dec 1993 19:53:28 -0500 (EST) Subject: Maryland to introduce high-tech drivers' license Organization: Tansin A. Darcos & Company, Silver Spring, MD USA In "State to Fight Fraud With High-Tech Driver's License" (Page MD-1, Washington Post, Dec 16), Richard Tapscott reports on Maryland's new License to be issued January 1. - Background of photograph will be blue (as is mine); - License number will also be in barcode on the face of the license (one of only 1/2 dozen states to do this). - License will have number "encoded" on a mag strip on the back of the license. - Picture appears twice; once in left corner; ghost image in center printed over the birthdate, and it changes color when the license is rotated. - Maryland flag in bottom right corner will also be "ghosted". - Standard (already in effect) of under 21 to be photographed profile, over 21 full face; beneath the profile photo will appear "Under 21 alcohol restricted". - License is laminated causing the information to be destroyed if someone attempts to tamper with it. - Document ID line has 5 messages "DRIVER'S LICENSE", "COMMERCIAL DRIVER'S LICENSE", "PROVISIONAL DRIVER'S LICENSE", "LEARNER'S PERMIT", "MOPED PERMIT", "IDENTIFICATION CARD" (This is not new). Comparing this to my own Maryland Driver's License, the differences are: - More colors; current license is blue, has a blue and red "MVA" logo and all of the "fill in the blank" fields like "Control", "Weight", "height" are in black as is the signature; new license puts "fill in the blank" fields in red. - Current fill-in information is essentially an all capital letters and numbers IBM Epson printer font; new font will be a darker (probably laser printed) font apparently in block style. - Additional "ghost" photograph in center on new license over birthday. - Signature appears in center of license across "ghost" photograph; current signature appears in a box at the bottom. - Current license has state seal in gold in the center; this will be moved to the middle right of the back of the license. - DMV Administrator's signature moves from top right to bottom right of back of license. - Photo will be smaller. - Name and address moves up from bottom left to leave room for bar code. - Restriction coding appears simplified. - The photos of two front example licenses appear in the Post in color; the back of the new license is shown in black and white; the current license has the back printed in blue. This may be the way the post photographed it rather than actual appearance. Maryland will still continue to use a soundex code as opposed to putting social security numbers on licenses. I note that the article used the term "ghost" to refer to the secondary photo and state flag image, when clearly what is being described is a holographic image process. The signature and photo will be digitized and stored on a computer data base. This is in response to a 1992 incident in which a man murdered another, then had the license of the man he killed reissued with his face on it, even though the murderer was not even the same race as the decedent. The price of the license will remain at $20. All Maryland licenses are expected to be on the new system by 1999. (My license, issued in 1992, does not come up for renewal until 1996.) What are the issues here? - Storing digitally both face and signature. (Is it appropriate to have one's signature stored where it could be easily reproduced?) - Mag stripe license which can probably be read by anyone with a magcard reader. (Wait until you write a check and they have you swipe your license). - California is alleged to use a very strong system like this; counterfeits were available within 90 days, according to a report on 60 Minutes last week. -- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: tenney@netcom.com (Glenn S. Tenney) Date: Thu, 16 Dec 1993 18:21:07 -0800 Subject: Privacy in Massachusetts At 3:33 PM 12/16/93 -0600, levine@blatz.cs.uwm.edu wrote: >The State of Wisconsin ... According to an official at the Department >of Transportation, the State sells a tape containing the list of >some 3,500,000 drivers' licenses for a fee of a little more than >$2,600 for each tape. (Compare this price with a commercial list >broker's rate of $50 a thousand names.) > ... The >State also sells a tape of 4,800,000 license plate numbers >with addresses for $2,200. The state of Massachusetts sells a tape of their drivers license data (or is it vehicle registration? or both?) for $75. Not too much to pay... And definitely much less than a commercial broker's rates... -- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER (415) 574-3420 Fax: (415) 574-0546 ------------------------------ From: "Leonard A. Visconti" Date: Sat, 18 Dec 1993 05:56:40 GMT Subject: Question about Social Security Number Organization: PICKER INTERNATIONAL I'm sorry if this is not the best group in which to post this, but,... An individual, with whom I am not on a friendly basis, has apparently obtained my social security number. Although I do not know what he might be able to do with such information, I am not happy about it! Should I be concerned? How would this person get my number? Thanks in advance. ------------------------------------------------------------------------------- | Leonard A. Visconti Picker International | | Network Analyst 595 Miner Road | | visconti@picker.com Highland Heights, Ohio 44143 | | (216)473-4801 | ------------------------------------------------------------------------------- ------------------------------ From: jma@ihlpm.att.com Date: Fri, 17 Dec 93 08:47:32 EST Subject: Re: Encryption At School Organization: AT&T In article kkruse@matt.ksu.ksu.edu (Korey J. Kruse) writes: >Chris Burris writes: > >>I have a question: >>Suppose that I wrote a simple encryption program and >>ran it at school, and the administration searched my disk. >>Could the administration force me to give them the encryption key >>even if i refused? > >They could pull out your fingernails until you told them =) >Your school adminstrator could threaten you with punishment if you >refused to supply the key. Using physical force would be illegal. >Of course you could choose to accept the punishment and refuse to give >the key, or better yet you could tell the admin. that you forgot the >key. The latter method could also be used with the police/courts if >they tried to compel you to divulge the information. You should also be aware that any court can find you in contempt if you fail to supply the required information. The usual course is to imprison persons in contempt until they "purge themselves" of the contempt by supplying the required information. Some people have spent more than five years in jail, all the while saying that they "didn't" know" what they were required to divulge. It may not be a good idea to plan to rely on this ploy with the police/courts. -- Ed Schaefer K9JMA ham radio N97178 aviation ------------------------------ From: mckeever@cogsci.uwo.ca (Paul McKeever) Date: Tue, 14 Dec 1993 04:27:50 GMT Subject: Re: Encryption At School Organization: University of Western Ontario, London In article Chris Burris writes: >I have a question: >Suppose that I wrote a simple encryption program and >ran it at school, and the administration searched my disk. >Could the administration force me to give them the encryption key >even if i refused? Nobody can force you to give them something that you have lost. >From: bobleigh@world.std.com (Bob Leigh) Subject: Re: e-Mail privacy Organization: The World Public Access UNIX, Brookline, MA Date: Thu, 16 Dec 1993 20:25:10 GMT Sharon Shea writes: >What do you think of this invation of e-mail privacy? - >The passwords to my computer were obtained through a trusted student >worker (without my knowledge or consent, by intimidating my student >worker - who later reported the incident to me) and my saved e-mail was >read from my hard drive. This was done at work, by my supervisor. This >was done at MIT, which has no stated policy about the privacy of >personal e-mail on university computers. But if MIT has a policy on unauthorized access to computers, you might be able to use that as a basis for an official complaint. Seems to me that intimidating the holder of a password into releasing it might show intent to access the computer for purposes inappropriate even for a supervisor. When I worked at DEC, there were specific procedures for allowing a supervisor to access a subordinate's account. They didn't include wheedling the passwords out of another employee. -- Bob Leigh bobleigh@world.std.com (617) 641-2421 ------------------------------ From: sethf@athena.mit.edu (Seth Finkelstein) Subject: Re: e-Mail privacy Date: 21 Dec 1993 07:57:53 GMT Organization: Massachvsetts Institvte of Technology [Important background note to readers not at MIT - this is apparently a small part of a incredibly convoluted case with several people making charges of sexual harassment and retaliation against each other. At MIT, a Dean with responsibilies of judging sexual harassment cases against students (reputed to be extremely authoritarian and arbitrary), had an 18-month long affair with another MIT employee. He and his ex-mistress made internal (within MIT) charges of sexual harassment against each other, and he and a student filed an MIT harassment complaint against Shea. Shea has filed harassment and retaliation charges against MIT with the state anti-discrimination agency. This isn't a complete account of all the MIT and legal charges, and doesn't even begin to cover all the political accusations. You can read all about it in our local newspaper, which is on-line through various paths. For hypertext programs, the URL is 'http://alexander-hamilton.mit.edu:80/The-Tech', look at issues around 11/30/93 The most informative is 'http://alexander-hamilton.mit.edu/V113/N61/issue'. Meanwhile, the irony and theater-of-the-absurd drama of it all has made campus civil-libertarians want to roll on the floor laughing, and choke out, through tears streaming down their faces, "WE TOLD YOU SO". I have no connection with this case, except for being one of the aforementioned floor-rollers.] Disclaimer: None of the following should be taken as legal advice or authoritative policy. It is opinion, albeit hopefully educated opinion. In article Sharon Shea writes: > What do you think of this invation of e-mail privacy? - > The passwords to my computer were obtained through a trusted student > worker (without my knowledge or consent, by intimidating my student > worker - who later reported the incident to me) and my saved e-mail was > read from my hard drive. This was done at work, by my supervisor. This > was done at MIT, which has no stated policy about the privacy of > personal e-mail on university computers. It's implied, however, that Actually, there are statements regarding electronic privacy. >From the MIT "Policy and Procedures 1990" (which I use as it is on-line): 4.24 PRIVACY OF ELECTRONIC COMMUNICATIONS Federal laws protect the privacy of users of wire and electronic communications. Individuals who access electronic files or intercept network communications at MIT or elsewhere without appropriate authorization violate Institute policy and may be subject to criminal penalties. The law also prohibits providers of electronic mail services from unauthorized disclosure of information within an electronic mail system. This provision bars MIT departments and other providers of electronic mail services at the Institute from disclosing information from an individual's electronic files without the individual's authorization. One of the laws referred to by the above is the Electronic Communications Privacy Act of 1986. It isn't clear whether the ECPA applies to private universities. Since I'm interested in this topic, I've had some discussions with mid-level managers at MIT regarding legal protections for users. Though I couldn't get it in writing, I was told an internal decision was made at MIT that MIT would behave as if the ECPA did apply. Thus, any request to the computer maintenance staff to access an individual's private files would have to carry a fairly high level of authorization (exactly how high wasn't spelled out, but the particular people I spoke to made it clear they would, as a matter of personal protection, require a written request on official stationery.). However, it is very unclear as to whether this can be applied to your case. An important element is that the person who actually retrieved the files was "authorized" to do so, in the sense that no computer administration privileges were invoked. The request to get the files may have been improper - but here's where the political background comes in - it could easily be claimed that such was a vital part of an investigation into a sexual harassment charge. From what I've read, I'd try to frame the argument primarily in terms of lack of following due process in investigation. But then that goes right into the explosive issue of what sort of due process a private institution is required to observe (great amusement can be derived from the flip-flops that some local activist groups are doing now over when and what due process is required. I haven't heard for a while of the dire necessity of checking all computer files for potentially harassing material). > What's more, my supervisor then copied out my e-mail and passed it > around, in places where it was obviously hoped that it would do me > professional harm. Is this the other side of the following accusations? If so, then the problem of adjudicating should be clear: "These attacks have originated from MIT offices, during working hours, utilizing MIT phones and computers. I have provided MIT with copies of electronic mail that was sent on May 5, 1993 to former employees requesting any "dirt" that they might have on me. I have provided MIT with the name of the individual who sent this e-mail and the names of the individuals to whom it was sent." (_The Tech_ 11/17/93, p.4) "E-mail of the most vicious kind has been sent out over a number of MIT networks describing me as the "main problem with harassment at MIT" as "a sexual predator" etc. I have provided MIT with copies of some of this correspondence and with the names of those who received it and the name of the individual who sent it." (_The Tech_ 11/30/93) > Does anyone have any suggestions about how to deal with this, or what > legal possibilities I may have in replying to this action? Thanks. Well, several members of MIT's free-speech protection group (SAFE - Student Association for Freedom of Expression) are very interested in the whole case. Given the intense politics surrounding this, I don't know if you would want that help, or if it would be effective, but there is a desire to establish protection for electronic files wherever possible. -- Seth Finkelstein sethf@mit.edu Disclaimer : I am not the Lorax. I speak only for myself. (and certainly not for Project Athena, MIT, or anyone else). As Stallman wrote to Lotus: "Any time I can help you overturn a patent ..." ------------------------------ From: wrf@ecse.rpi.edu (Wm Randolph Franklin) Date: 16 Dec 1993 20:38:20 GMT Subject: Re: Citizens Getting Credit Reports on Businesses Organization: Rensselaer Polytechnic Institute, Troy NY In Nov 10, in message-id , volume 3, issue 073, message 5 of 9, I spake thus: There's been extensive discussions about obtaining credit reports on private citizens (you need to be extending credit, considering employment etc), and about businesses vetting each other (e.g. D&B). However, there's another case to consider. Are there any easy ways for private citizens to obtain credit reports on businesses with whom they are considering doing business? E.g., when I went to Borneo, I paid the tour company a few thousand $$$ a few months in advance. I'd have liked to check them out first. Also, would it be legal for me to obtain personal credit reports on the company's officers? Thanks. Emailed replies will be summarized and posted. Here are the replies. Thanks everyone. Also, the BBB now has an automated voice-response system on an 800-number, keyed by the org in question's phone number. It's quite easy to use, though there have been questions in the past about the completeness of the data. ----- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------- Forwarded Messages >From: alexandr@fconvx.ncifcrf.gov (Jerry N. Alexandratos) >From what I have read, you can get (legally) credit reports on businesses from certain businesses which check on businesses. The companies also rate the credit-worthiness of the business for bond ratings. Getting personal creidt reports for personal use is illegal as far as I know. (Which isn't much) jna. ------- Message 2 >From: "Patrick A. Townson" Your article in comp.privacy noted. Yes, credit reports on businesses are available, for about the same cost as credit reports on individ- uals. I have them here in the Digital Detective database as one example. You can order them and get them sent to you on fax or through the mail, etc. Call me if you are interested in further details or any specific company. 1-708-329-0571. Patrick Townson ------- Message 3 >From: Sean Donelan Call the local Better Business Bureau in the city where the company is located. This is a very effective way of checking out a company, I'm always surprised more people don't use it. Call the Attorney General's office in the state where the company is located. Will alert you of any "legal" action, any even a "high-level" of complaints. Visit the local public library, and ask the reference librarian how to look up the company information. This is most effective for publicly held companies. > Also, would it be legal for me to obtain personal credit reports on > the company's officers? If it is a corporation, no. If it is a partnership, or proprietership, maybe, but I would avoid it anyway. It is far too easy to mess up and break the law. Also, the funny thing about crooks who run companies, they often have really good personal financies because they often rip off their own companies too. - -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Domain: sean@dra.com, Voice: (Work) +1 314-432-1100 ------- Message 4 >From: Bob Stratton On GEnie, users may purchase business credit reports in real-time, via TRW for something like $27.00. I did when last changing jobs, and found it to be a neat resource. Bob Stratton (KE4GDC) UUNET Technologies, Inc. 3110 Fairview Park Drive, Suite 570, Falls Church, VA 22042 Disclaimer: I just speak for myself, and that's too much responsibility as it is. ------- Message 5 >From: "Tansin A. Darcos & Company" <0005066432@MCIMAIL.COM> >From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA You can, if the company is large enough, check the printed records that Dun & Bradstreet put out. D&B generally also sells reports on companies; normally you have to subscribe, but I think they have a 1-900 number for getting reports; call your local office and find out how much it will cost for a report on a company. I'm sure that if someone wants to pay for a single report they will provide it. And getting a credit report on some people in Borneo from a U.S. Credit Reporting Service might be a little hard to do. However, since you are concerned about prepaying a deposit, you might want to check; this might fall into the "legitimate business reason" needed to obtain a personal credit report. (WRF Note: the company running the tour is in Cambridge MA.) ------- Message 6 >From: wicklund@intellistor.com (Tom Wicklund) One form of credit report on a company is business directories. There are several forms put out by Standard and Poors, Dun and Bradstreet, and others. They cover U.S. public and private companies and many foreign companies. In the U.S., if a company is public, it must publish financial and other results (annual and quarterly reports which meet SEC requirements. Foreign countries have varying requirements. If you look in business directories, note that they aren't always accurate (just like your personal credit report). My father used to own a small company and was given a report which stated that he refused to talk to them, when the truth was whoever did the report didn't bother trying to call the company. ------- End of Forwarded Messages ------------------------------ From: skoper@netcom.com (Stan Koper) Date: Fri, 17 Dec 1993 20:44:14 GMT Subject: Re: Cellular Phone Security Organization: There is no Organization, there is only me In article Mark Eckenwiler wrote: > In , reed@interval.com sez: > >I have to pay his salary with my taxes so he can apply his personal > >interpretation of the law by refusing to prosecute a clear violation? > ... > >I hope this is yet another hoax. > > Apparently not. Mr Grosso is listed in Martindale-Hubbell as an AUSA, > so unless the post is forged, this is a gen-you-wine remark from a > federal prosecutor. Moreover, as an employee, Mr. Grosso will have to follow whatever lawful instructions his employers give him. "...refusing to prosecute a clear violation". I love it. There is something called "administrative discretion", which is another way of saying "you don't use an elephant gun to kill a flea." Stan Koper skoper@netcom.com ------------------------------ From: Dave Banisar Date: Fri, 17 Dec 1993 13:00:10 EST Subject: Public Hearings on Privacy Organization: CPSR Washington Office Public Hearings on Privacy NEWS US OFFICE OF CONSUMER AFFAIRS FOR IMMEDIATE RELEASE Contact: George Idelson (USOCA) December 10, 1993 (202)634-4344 Patricia Faley (USOCA) (202)634-4329 PUBLIC HEARINGS ON INFORMATION AGE PRIVACY SET FOR CALIFORNIA AND WASHINGTON, DC. Sacramento: January 10-11, 1994; Washington, DC: January 26-27, 1994. Public Invited to Participate. Representatives from the public, private and non profit sectors will present their views on personal privacy and data protection in the information age at public hearings of a U.S. Government task force in early 1994. The hearings will be open meetings of the Privacy Working Group, chaired by Patricia Faley, Acting Director of the United States Office of Consumer Affairs (USOCA). The Working Group is part of a task force set up by the Clinton Administration to consider how to spur development of an "information superhighway." officially known as the National Information Infrastructure (NII), the "data highway" will be capable of exchanging data, voice and images electronically within a vast network of individuals, businesses, government agencies and other organizations around the world. Ensuring ready access to information is the goal of the Administrative initiative, but protecting individual privacy is essential to its success. The public meetings will examine privacy issues relating to such areas as law enforcement, financial services, information technology, and di:rect marketing. The California mooting, January 10th and llth, will be hosted by Jim Conran, Director, California Department of Consumer Affairs in the First Floor Hearing Room at 400 R Street in Sacramento. The Washington, DC meeting, January 26th and 27th, will be held at the U.S. Department of Commerce Auditorium, 14th & Constitution Ave. NW. Registration begins at 8:30am, meetings at 9am. The public is invited to attend, question speakers and to make brief comments, but space is limited. Concise written statements for the record should be sent to "Privacy," USOCA, 1620 L Street NW, Washington DC 20036 or faxed to (202)634-4135. # # # United States Office of Comumer Affairs - 1620 L Street, NW, Washington, D.C. 20036-5605 ------------------------------ From: "L. Detweiler" Date: Fri, 17 Dec 93 23:27:35 -0700 Subject: Frequently Asked Privacy Questions (FAQ) Some Privacy Digest readers may be unaware of some useful FAQs associated with privacy on the Internet, and I am writing this message in response to a specific inquiry from Mr. L.P.Levine to describe one for you. For close to a year I have been maintaining one comprehensive list of questions and answers that can be obtained from rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or newsgroups news.answers, sci.answers, alt.answers every 21 days. Here is a table of contents from this FAQ. Also, a treatise on the debate that ensued with the introduction of anonymity on the Internet can be obtained from rtfm.mit.edu:/pub/usenet/news.answers/net-anonymity. Also, I am very pleased to announce here for the first time anywhere that a new Latex version of the P&A FAQ is available! This is complete with a table of contents and beautiful formatting (some future adjustments on the way). My immense thanks to Matjaz Rihtar for translating the FAQ. See ripem.msu.edu:/pub/crypt/politics/privacy-anonymity-faq.latex.Z. A special thanks to all the correspondents who have contributed to improving the FAQ. IDENTITY, PRIVACY, and ANONYMITY on the INTERNET ================================================ (c) Copyright 1993 L. Detweiler. Not for commercial use except by permission from author, otherwise may be freely copied. Not to be altered. Please credit if quoted. SUMMARY ======= Information on email and account privacy, anonymous mailing and posting, encryption, and other privacy and rights issues associated with use of the Internet and global networks in general. (Search for <#.#> for exact section. Search for '_' (underline) for next section.) PART 1 ====== (this file) Identity -------- <1.1> What is `identity' on the internet? <1.2> Why is identity (un)important on the internet? <1.3> How does my email address (not) identify me and my background? <1.4> How can I find out more about somebody from their email address? <1.5> How do I provide more/less information to others on my identity? <1.6> Why is identification (un)stable on the internet? <1.7> What is the future of identification on the internet? Privacy ------- <2.1> What is `privacy' on the internet? <2.2> Why is privacy (un)important on the internet? <2.3> How (in)secure are internet networks? <2.4> How (in)secure is my account? <2.5> How (in)secure are my files and directories? <2.6> How (in)secure is X Windows? <2.7> How (in)secure is my email? <2.8> How am I (not) liable for my email and postings? <2.9> Who is my sysadmin? What does s/he know about me? <2.10> Why is privacy (un)stable on the internet? <2.11> What is the future of privacy on the internet? Anonymity --------- <3.1> What is `anonymity' on the internet? <3.2> Why is `anonymity' (un)important on the internet? <3.3> How can anonymity be protected on the internet? <3.4> What is `anonymous mail'? <3.5> What is `anonymous posting'? <3.6> Why is anonymity (un)stable on the internet? <3.7> What is the future of anonymity on the internet? PART 2 ====== (next file) Issues ------ <4.1> What is the Electronic Frontier Foundation (EFF)? <4.2> Who are Computer Professionals for Social Responsibility (CPSR)? <4.3> What was `Operation Sundevil' and the Steve Jackson Game case? <4.4> What is Integrated Services Digital Network (ISDN)? <4.5> What is the National Research and Education Network (NREN)? <4.6> What is the FBI's proposed Digital Telephony Act? <4.7> What is U.S. policy on freedom/restriction of strong encryption? <4.8> What other U.S. legislation is related to privacy? <4.9> What are references on rights in cyberspace? <4.10> What is the Computers and Academic Freedom (CAF) archive? <4.11> What is the Conference on Freedom and Privacy (CFP)? <4.12> What is the NIST computer security bulletin board? Clipper ------- <5.1> What is the Clipper Chip Initiative? <5.2> How does Clipper blunt `cryptography's dual-edge sword'? <5.3> Why are technical details of the Clipper chip being kept secret? <5.4> Who was consulted in the development of the Clipper chip? <5.5> How is commerical use/export of Clipper chips regulated? <5.6> What are references on the Clipper Chip? <5.7> What are compliments/criticisms of the Clipper chip? <5.8> What are compliments/criticisms of the Clipper Initiative? <5.9> What are compliments/criticisms of the Clipper announcement? <5.10> Where does Clipper fit in U.S. cryptographic technology policy? PART 3 ====== (last file) Resources --------- <6.1> What UNIX programs are related to privacy? <6.2> How can I learn about or use cryptography? <6.3> What is the cypherpunks mailing list? <6.4> What are some privacy-related newsgroups? FAQs? <6.5> What is internet Privacy Enhanced Mail (PEM)? <6.6> What are other Request For Comments (RFCs) related to privacy? <6.7> How can I run an anonymous remailer? <6.8> What are references on privacy in email? <6.9> What are some email, Usenet, and internet use policies? Miscellaneous ------------- <7.1> What is ``digital cash''? <7.2> What is a ``hacker'' or ``cracker''? <7.3> What is a ``cypherpunk''? <7.4> What is `steganography' and anonymous pools? <7.5> What is `security through obscurity'? <7.6> What are `identity daemons'? <7.7> What standards are needed to guard electronic privacy? Footnotes --------- <8.1> What is the background behind the Internet? <8.2> How is Internet `anarchy' like the English language? <8.3> Most Wanted list <8.4> Change history ------------------------------ End of Computer Privacy Digest V4 #010 ****************************** .