Date: Fri, 21 Jan 94 14:36:07 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#021 Computer Privacy Digest Fri, 21 Jan 94 Volume 4 : Issue: 021 Today's Topics: Moderator: Leonard P. Levine GTE and new Fed Compliance Sprint's new 'voice fonecard' SSN on Payroll Checks CD-ROM Software Distribution Re: Data Encryption and Privacy Re: Data Encryption and Privacy Re: Data Encryption and Privacy Re: Buckley Act Outrage Re: SSNs and E-mail guidelines Re: FOIA and Copyright CFP: Computers and Society journal (long) Privacy on the Internet (long) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: keithd@netcom.com (Keith Doyle) Subject: GTE and new Fed Compliance Organization: Netcom Online Communications Services (408-241-9760 login: guest) Date: Wed, 19 Jan 1994 17:05:04 GMT Here's a curious note I just got from GTE: ---------- Dear Calling Card Customer: Effective April 9, 1994, when a GTE customer with an unlisted or unpublished telephone number uses a GTE Calling Card or the Calling Card feature of the GTE MasterCard, new federal regulations require GTE to provide the billing name and address of the customer if the telecommunications company handling the call requests that information. These companies will use the information to bill you directly for any calls you make using their services. GTE anticipates the number of requests for this information will be very limited and that most telecommunications service providers will use GTE's billing services as they currently do today. The FCC also requires GTE to offer customers with unlisted or unpublished telephone numbers the option to instruct GTE not to release their billing name and address to these telecommunications service providers. If you wish to deny release of your billing name and address, completely fill in the circle labeled "deny" on the attached Authorization Form and return it to GTE in the enclosed envelope by February 18, 1994. Be aware that denying release of your billing name and address will likely result in the majority of telecommunications service providers refusing to accept your GTE Calling Card and the Calling Card feature of your GTE MasterCard. GTE will assume you have agreed to allow the release of this information, should we not receive the completed Authorization Form within 30 days of receipt of this notice. [and then in bold letters] If you wish to ensure that all telecommunications service providers continue to accept your GTE Calling Card, NO RESPONSE to this notification is necessary. [end bold] Sincerely, Richard Bramlet Manager-Federal Regulatory Compliance ------------------------------------- So what do you suppose prompted this? Is there a privacy issue going on here? ======================================================================== Keith Doyle keithd@netcom.com -----------------------covert message packet---------------------------- 000eWIAdx0gXyuhQtccBOFpMGKqIqCD7DiPDn7RQv9SM3qYw4JxelD11565 ======================================================================== ------------------------------ From: reb@ingres.com (Phydeaux) Date: Wed, 19 Jan 1994 12:48:10 -0800 Subject: Sprint's new 'voice fonecard' From the San Francisco Business Times: >"The Voice Foncard allows you to let your voice do the dialing, without punching in authorization codes and individual phone numbers," said John Polumbo, Sprint's general manager for the Pacific region.< >Callers will simply dial an 800 access number and identify themselves by stating their social security number, preceded by one digit for additional security. The system recognizes the number and verifies the "voice print."< >Callers then simply place calls by using programmed phrases, such as "call home" or "call doctor."< The part about callers identifying themselves by SSN really bothers me. ------------------------------ From: joew@resumix.portal.com (Joe Wisniewski x8421) Subject: SSN on Payroll Checks Organization: Resumix, Inc., Santa Clara, CA Date: Thu, 20 Jan 1994 02:19:49 GMT My employer went to a new payroll system, ADT. Got our first check today. Guess what was on it. Yup, ss#. 1. Is this a requirement of ADT, if anyone out there knows? 2. Is there any legal prohibition against this? (Comapny is in California, I am in Arizona). 3. Has anyone else ever heard of this with their employers? Joe Wisniewski ------------------------------ From: "becky (b.l.) chan" Date: Thu, 20 Jan 1994 13:33:00 +0000 Subject: CD-ROM Software Distribution I heard that Apple and Sun have a new way of distributing software on CD-ROMs. Both companies allow users to try out any number of software programs on the CD-ROM before making a purchase. Once the users make a choice, they can call a 1-800 number to pay for the software, and to get a key/code/password to obtain the full program immediately. How does this CD-ROM distribution scheme work? What kind of cryptography is being used to prevent the programs from being stolen? How difficult will it be to penetrate and disable the protection? -- Becky L. Chan Computing Research Lab., Dept. 0R00 Bell-Northern Research Ltd P.O. Box 3511, Station C Ottawa, Ontario Canada K1Y 4H7 ------------------------------ From: rerodd@eos.ncsu.edu (Richard Roda) Subject: Re: Data Encryption and Privacy Organization: North Carolina State University, Project Eos Date: Thu, 20 Jan 1994 02:16:39 GMT In article Chuck Weckesser <71233.677@compuserve.com> writes: >[Details of Protection Ommitted] Finally, is anyone aware of a shareware program which DESTROYS your disc (if you so set that option) after incorrectly entering the password on the third attempt *after* first getting through security measures which cause no harm?< Something you might want to look at is called a morphic cypher. Basically, it has more than one password, and depending on which password is entered it will produce different things. So you could have one password for bogus stuff and one for the real stuff, then if asked for a password give the bogous one out. >I am new to Internet and am following the PGP debate with great interest. As things now stand, and someone please correct me if I am wrong, it is absolutely *IMPOSSIBLE* to penetrate a system using PGP, correct?< No. If someone finds an efficent way to calculate the inverse of the RSA algorythm (factoring the public key) *OR* finds a way to break the IDEA algorythm then the system is comprimised. This is a weakness of a hybrid system: there are two points of attack. A system that ran with just RSA could not be comprimised by breaking the IDEA algorythm. The reason that PGP is a hybrid system is that RSA is simply too slow to encrypt data of any length other than very short, so only the IDEA key used to create a particular message (the session key) is RSA encoded. There are no gurantees. -- PGP 2.3 Public key by mail | Richard E. Roda Disclaimer-------------------------------------------------------------- | The opinions expressed above are those of a green alien who spoke to | | me in a vision. They do not necessarily represent the views of NCSU | | or any other person, dead or alive, or of any entity on Earth. | ------------------------------------------------------------------------ Criminals prefer unarmed victims. Oppose gun control. Drug Dealers prefer a monopoly. Support legalization of drugs. ------------------------------ From: mdw@cscns.com (Mike Watson) Subject: Re: Data Encryption and Privacy Organization: Community_News_Service Date: Thu, 20 Jan 1994 03:22:25 GMT >In theory, could even NSA penetrate my system given the steps I have taken to protect my data?< I'm the author of the shareware DES encryption program Enigma so I have more than a passing interest in your questions. I am not however a professional cryptographer. Nothing is completely safe in theory except one-time pads which are totally impractical for data security. I believe that DES does not have any back doors which make it easy to decrypt. If so, triple-DES in theory would provide total security for the forseeable future if DES is not what is called a group. A group means that for keys 1, 2 and 3, there exists a key 4 which is equivalent. Many mathematical operations are groups (addition is an obvious example). Most mathematicians believe DES is not a group and thus triple-DES is very secure. If this is not the case triple-DES is a waste of time (though just as secure as regular DES). There are two major areas you are exposed with any encryption program. First, can you trust the package. Do the packages you use hide the key somewhere within the data, perhaps protected by an "administrative" key. Make sure that the manufacturer can not "recover" your data for you if you forget your key. Secondly make sure any administrative override features are turned off. Second, and even more importantly is key security! If your password is only words in a dictionary it will be trivial to break. You can bet that the codebreakers of the world have massive dictionaries of probable keys. These dictionaries can be searched in seconds or at worst hours by super fast computers. Your program should also "crunch" keys. This has to do with how characters are stored on a computer. Each character normally takes up 8 bits, yet the number of characters people choose their keys from is only about 5 bits. If you are trying to break a key you would search for only normal printable ascii characters first reducing by an almost unimaginable amount the time the search will take. Crunching solves this problem by using data compression to make more than 7 characters (in the case of DES with a 56 bit key) meaningful. >Finally, is anyone aware of a shareware program which DESTROYS your disc (if you so set that option) after incorrectly entering the password on the third attempt *after* first getting through security measures which cause no harm?< Any decent programmer could write such a program but I would never recommend its use. Chance of harm is tremendous, plus its a huge pain to test such a thing. >I am new to Internet and am following the PGP debate with great interest. As things now stand, and someone please correct me if I am wrong, it is absolutely *IMPOSSIBLE* to penetrate a system using PGP, correct?< Nothing is impossible. PGP uses a relatively new encryption method that has not been in use long enough to gurantee no weaknesses. mdw@cns.cscns.com -- Write if you want info about Enigma (for Macintosh) ------------------------------ From: gene michael stover Date: Thu, 20 Jan 94 14:33:06 -0800 Subject: Re: Data Encryption and Privacy Chuck, I'm responding to your message in Computer Privacy Digest V4 #020. I'll answer your last question first (and then amble into an answer for everything else): ``It is absolutely *IMPOSSIBLE* to penetrate a system using PGP, correct?'' *Not* correct. There currently exist many algorithms for cryptanalysing (decrypting without the key) a PGP message, but they are very expensive to use on the average message. There's nothing to prevent me from putting one of these programs on a spare computer and feed it a PGP message and letting it go. In a few (or a few million ;-) years, I'd probably have the decryption. With any cryptosystem (not just PGP), you have to compare the amount of money your ``enemy'' is willing to spend in decrypting your messages, the technology and knowledge he might be able to employ, and the time you need the messages to stay secret. For example, you don't need to worry much about me breaking your PGP messages because it's not worth more than a few pennies for me to do it, I don't have access to any super-secret high-tech magic to do it with, and it would take me so long that you and I would probably both be dead by the time I found the solution. On the other hand, a government agency might be willing to spend millions to break your messages. Some agencies, like the NSA, might have access to super-duper-cryptanalysis technology that we don't know about. (For what it's worth, I doubt that the NSA knows anything that the published, academic experts don't.) So your data is never absolutely secure. You have to weigh the cost to you of disclosure with the gain to your enemy. It's too bad cryptosystems can't be rated by the approximate cost to break a message. My guess is that PGP is fine. Same with the three systems you currently use. If the details of the commercial systems are kept secret by the manufacturer, I would suggest you drop them and use PGP because ``security through obscurity'' isn't [Kerckhoff's principle, improved by paraphrasing ;-]. -- gene m. stover "Making the world safe from democracy." CyberTiggyr Software Development Internet: gene@netcom.com NeXT Mail spoken here For PGP public key, finger gene@netcom.com ------------------------------ From: cfrye@ciis.mitre.org (Curtis D. Frye) Subject: Re: Buckley Act Outrage Date: Thu, 20 Jan 1994 10:26:01 -0600 (CST) Organization: University of Wisconsin-Milwaukee Anonymous writes: >I would GREATLY appreciate help from any one of you as to how best to deal with this outrage. Can violations of the Buckley Act and dissemination of information in student files be punished on a criminal basis? If so, who/where does one complain?< I would concentrate on pursuing the civil penalities, up to and including dismissal for cause if the professor in question is tenured. Tape record all conversations with the school administration if possible (and legal in your jurisdiction), prepare a press release to use as a bargaining chip (put "NOT FOR ATTRIBUTION OR QUOTATION" on the top, but indicate that it could be easily erased if necessary), and see if you can get the individuals who provided the information off the hook (assuming no malice) if they will merely testify to the fact that Professor X was the individual who requested your student records. Also, I would email Mike Godwin of the EFF (Senior Counsel, or some such) at mnemonic@eff.org. -- Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author cfrye@ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." ------------------------------ From: "Michael T. Palmer" Subject: Re: SSNs and E-mail guidelines Date: 20 Jan 1994 14:03:55 GMT Organization: Georgia Institute of Technology Robert Ellis Smith <0005101719@mcimail.com> writes: >Michael T. Palmer asked about SSNs and the Virginia drivers license. There was long litigation concerning the Virginia requirement that SSNs be provided IN ORDER TO VOTE, but not concerning the SSN on drivers licenses. A federal Court of Appeals ruled in March 1993 that Virginia could not demand the SSN in order to vote.< Thanks for the followup! I also was aware of the lawsuit concerning the SSN being required to vote (and then available as part of the public voter registration records). What I meant to refer to, though, was the hearings that CPSR participated in with some House of Delegates subcommittee about the SSN on drivers' licenses. References to these meetings was even made in our local papers, and I typed in (from the Hampton, VA Daily Press) a related article called "Thieves Have Your Number" that talked about this problem. I still have a copy if anyone wants it -- let me know and I'll post it again. But this was over a year ago, and I haven't seen or heard anything since. Any CPSR folks out there following up on this? Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng Georgia Institute of Technology, Atlanta, Georgia 30332-0205 ------------------------------ From: wrf@ecse.rpi.edu (Wm. Randolph U Franklin) Subject: Re: FOIA and Copyright Date: 20 Jan 1994 23:03:53 GMT Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA reed@interval.com (David P. Reed) writes: >The recent note by James Love of Nader's Taxpayer's Assets Project attempt to break West's control of the Juris database raises interesting issues related to the use of FOIA to allow one taxpayer to seize another's property.< That's been a supposed problem with FOIA from the beginning. What's your property? Companies claim that government forms that they are required to complete, and which are then available under FOIA, contain confidential info. Some years ago there was an outraged letter to Science from a medical researcher complaining that a rival used FOIA to read his funded grant proposals. The researcher said that if anyone wanted to read his proposals, then they should ask him directly, and if he thought that the request was appropriate, then he would provide the info. Of course, now NSF, at least, puts the funded abstracts on the Internet (at stis.nsf.gov). -- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ From: Rob Kling Subject: CFP: Computers and Society journal (long) Date: 20 Jan 94 04:56:42 GMT CALL FOR PAPERS COMPUTERS AND SOCIETY This posting contains information about, and a call for papers for, "Computers and Society" journal, published quarterly by the Association for Computing Machinery Special Interest Group on Computers and Society (ACM SIGCAS). This note also includes a form for subscribing to Computers and Society by joining SIGCAS. No technology since the automobile has had more impact on our daily lives than the computer. Yet, computer professionals involved in the development of computer systems are often focused solely on the technical side of their work. Often overlooked when designing and implementing systems is how these systems affect people, organizations, and society. "Computers and Society" is a forum for provocative commentary about the ethical, social, and organizational implications of computer technology. It is a multidisciplinary journal which is now publishing its 24th annual volume. We encourage new and controversial points of view. We're interested in publishing thought-provoking essays and ideas which can be anchored in professional experiences or in scholarly study. We want you to take chances. We also encourage "work-in-progress" where you publish your ideas to get comments from other professionals before publishing the article in a refereed journal. (Articles for "Computers and Society" are not refereed, but they are subject to some editorial review.) The scope of "Computers and Society" includes: computer ethics, organizational issues, privacy, property, equity, gender, health and safety, environmental, professional certification, teaching standards, and other topics concerning the social implications of computers. The audience for the journal includes computer professionals, teachers of computers & society courses, students, researchers, and computer ethicists. For more information about how to subscribe and submit articles to "Computers and Society," please contact the Editor: Bruce Jawer, 4504 15th Ave NW, Rochester MN 55901 USA. Phone: (505) 281-1674; E-mail: 71035.1552@compuserve.com Thanks for your interest in "Computers and Society." Examples of recently published articles include: Allen, Jonathan. "Groupware and Social Reality." Anderson, Ron, and others. "ACM Code of Ethics and Professional Conduct." Bergin, Thomas. "Teaching Ethics, Teaching Ethically." Betts, Mitch. "Plumbing the Soul of IS." Coldwell, R.A. "University Students' Attitude Towards Computer Crime." Dahlbom, B, and L. Mathiassen. "Systems Development Philosophy." Forester, Tom. "Megatrends or Megamistakes?" Friedman, Batya. "A Course in Professional Responsibility for Computer Scientists." Gotterbarn, Donald. Case Studies in computer ethics and professional responsibility. Greenbaum, Joan. "The Head and the Heart: Gender Analysis of Computer Systems." Hollinger, Richard. "Hackers: Computer Heroes or Electronic Highwaymen." Huff, Chuck. "Peer Learning and Active Involvement in the 'Computers and Society' course." Johnson, Deborah. An excerpt from "Computer Ethics, Second Edition." Kling, Rob. "Constructing an Analytical Anthology: Computerization and Controversy." Kling, Rob. "Information Systems, Social Transformation, and Quality of Life." Martin, Dianne, and David Martin. "Professional Codes of Conduct and Computer Ethics." Miller, Margaret. "Teaching Computers, Technology, and Society Courses." Rosen, L., and M. Weil. "The Psychological Impact of Technology." Sagheb-Tehrani, Mehdi. "The Technology of Expert Systems: Some Social Impacts." Shneiderman, Ben. "Human Values and the Future of Technology." ================================= Information about joining the ACM's Special Interest Group on Computers and Sciety (SIGCAS) and subscribing to "Computers and Society." SIGCAS' Scope: Forum for computer specialists, those in related fields and public at large to gather and report information, exchange ideas, and arouse concern about impact of computers and society. The main concern is ethical and philosophical implications. Membership Includes: - Newsletter Subscription - Discounts on publication and conferences Topics: Societal issues raised by computing technology including quality of life, ethics and information infrastructure impacts. Please circle appropriate rate(s) and indicate total. Overseas Air Options Partial Full TOTAL Air Air To Join ACM/SIGCAS ACM Associate Member Dues $79.00 + $30.00 + $60.00 = ACM Student Member Dues $24.00 + $30.00 + $60.00 = Add SIGCAS to ACM Membership $20.00 + $ 4.00 + $10.00 = Add SIGCAS to ACM Student Membership $10.00 + $ 4.00 + $10.00 = TOTAL ACM Associate and Student Member Dues includes a subscription to the monthly Communications of the ACM. For Voting Member privileges contact Member Services at address below. ACM Membership #_____________________________ To Join or Subscribe to SIGCAS only SIGCAS Membership only (non-ACM) $56.00 + $ 4.00 + $10.00= Subscription to SIGCAS newsletter only $56.00 + $ 4.00 + $10.00= TOTAL Purposes: To advance the sciences and arts of information processing; to promote the free interchange of information processing among computing specialists and the public; and to develop and maintain the integrity and competence of individuals engaged in the practice of information processing. As an ACM member, I subscribe to the purposes of ACM: Signature ___________________________________ ___ Information about ACM and SIGCAS membership? Please provide your name and address below. Name (please print) _________________________ E-Mail _____________________ Mailing Address ______________________________ Phone _____________________ City _______________ State or Province __________ Country/Zip Code _______ Form of Payment ___ Check (payable to ACM) ___ Money Order ___ Amex ___ Mastercard ___ Visa If paying by credit card: Card #____________________________ Card Expiration Date:_______Signature______________________ If you have any questions about ACM and/or SIGCAS membership contact: ACM Member Service Department, Phone: (212) 626-0500, E-Mail: ACMHELP@ACM.ORG, Fax: (212) 944-1318 Mail to: Association for Computing Machinery, P.O. Box 12115, Church Street Station, NY, NY 10249 7/1/93 ------------------------------ From: "Prof. L. P. Levine" Subject: Privacy on the Internet (long) Date: Thu, 20 Jan 1994 13:02:57 -0600 (CST) Organization: University of Wisconsin-Milwaukee ld231782@longs.lance.colostate.edu (L. Detweiler) has prepared his most recent update of answers to Frequently Asked Questions (FAQ) about Privacy & Anonymity on the Internet. The material is contained in three files that he has posted widely. The files deal with email and account privacy, anonymous mailing and posting, encryption, and other privacy and rights issues associated with use of the Internet and global networks in general. Readers of Computer Privacy Digest (not comp.society.privacy) did not see this document here. I am posting the title sheet for it and recommending that those who are interested get a copy via some source. A copy of the complete document (3 files, each about 50,000 bytes long) is available via ftp by the following process: ftp ftp.cs.uwm.edu (on your system) ftp (answer to login request) your_userid@your_site (answer to password request) cd pub/comp-privacy/library (at ftp prompt) get net-privacy-part1 (move documents to your filespace) get net-privacy-part2 get net-privacy-part3 quit (back to your system) or if ftp is unavailable or difficult to use, send a request for net-privacy-part1, net-privacy-part2, and/or net-privacy-part3 to: comp-privacy-request@uwm.edu What follows is the table of contents of these files: IDENTITY, PRIVACY, and ANONYMITY on the INTERNET ================================================ (c) Copyright 1993 L. Detweiler. Not for commercial use except by permission from author, otherwise may be freely copied. Not to be altered. Please credit if quoted. SUMMARY ======= Information on email and account privacy, anonymous mailing and posting, encryption, and other privacy and rights issues associated with use of the Internet and global networks in general. (Search for <#.#> for exact section. Search for '_' (underline) for next section.) net-privacy-part1 ====== Identity -------- <1.1> What is `identity' on the internet? <1.2> Why is identity (un)important on the internet? <1.3> How does my email address (not) identify me and my background? <1.4> How can I find out more about somebody from their email address? <1.5> How do I provide more/less information to others on my identity? <1.6> Why is identification (un)stable on the internet? <1.7> What is the future of identification on the internet? Privacy ------- <2.1> What is `privacy' on the internet? <2.2> Why is privacy (un)important on the internet? <2.3> How (in)secure are internet networks? <2.4> How (in)secure is my account? <2.5> How (in)secure are my files and directories? <2.6> How (in)secure is X Windows? <2.7> How (in)secure is my email? <2.8> How am I (not) liable for my email and postings? <2.9> Who is my sysadmin? What does s/he know about me? <2.10> Why is privacy (un)stable on the internet? <2.11> What is the future of privacy on the internet? Anonymity --------- <3.1> What is `anonymity' on the internet? <3.2> Why is `anonymity' (un)important on the internet? <3.3> How can anonymity be protected on the internet? <3.4> What is `anonymous mail'? <3.5> What is `anonymous posting'? <3.6> Why is anonymity (un)stable on the internet? <3.7> What is the future of anonymity on the internet? net-privacy-part2 ====== Issues ------ <4.1> What is the Electronic Frontier Foundation (EFF)? <4.2> Who are Computer Professionals for Social Responsibility (CPSR)? <4.3> What was `Operation Sundevil' and the Steve Jackson Game case? <4.4> What is Integrated Services Digital Network (ISDN)? <4.5> What is the National Research and Education Network (NREN)? <4.6> What is the FBI's proposed Digital Telephony Act? <4.7> What is U.S. policy on freedom/restriction of strong encryption? <4.8> What other U.S. legislation is related to privacy? <4.9> What are references on rights in cyberspace? <4.10> What is the Computers and Academic Freedom (CAF) archive? <4.11> What is the Conference on Freedom and Privacy (CFP)? <4.12> What is the NIST computer security bulletin board? Clipper ------- <5.1> What is the Clipper Chip Initiative? <5.2> How does Clipper blunt `cryptography's dual-edge sword'? <5.3> Why are technical details of the Clipper chip being kept secret? <5.4> Who was consulted in the development of the Clipper chip? <5.5> How is commerical use/export of Clipper chips regulated? <5.6> What are references on the Clipper Chip? <5.7> What are compliments/criticisms of the Clipper chip? <5.8> What are compliments/criticisms of the Clipper Initiative? <5.9> What are compliments/criticisms of the Clipper announcement? <5.10> Where does Clipper fit in U.S. cryptographic technology policy? net-privacy-part3 ====== Resources --------- <6.1> What UNIX programs are related to privacy? <6.2> How can I learn about or use cryptography? <6.3> What is the cypherpunks mailing list? <6.4> What are some privacy-related newsgroups? FAQs? <6.5> What is internet Privacy Enhanced Mail (PEM)? <6.6> What are other Request For Comments (RFCs) related to privacy? <6.7> How can I run an anonymous remailer? <6.8> What are references on privacy in email? <6.9> What are some email, Usenet, and internet use policies? Miscellaneous ------------- <7.1> What is ``digital cash''? <7.2> What is a ``hacker'' or ``cracker''? <7.3> What is a ``cypherpunk''? <7.4> What is `steganography' and anonymous pools? <7.5> What is `security through obscurity'? <7.6> What are `identity daemons'? <7.7> What standards are needed to guard electronic privacy? Footnotes --------- <8.1> What is the background behind the Internet? <8.2> How is Internet `anarchy' like the English language? <8.3> Most Wanted list <8.4> Change history end === ------------------------------ End of Computer Privacy Digest V4 #021 ****************************** .