Date: Mon, 14 Feb 94 11:17:50 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#030 Computer Privacy Digest Mon, 14 Feb 94 Volume 4 : Issue: 030 Today's Topics: Moderator: Leonard P. Levine Re: WA state bill could censor VR and multimedia Re: Privacy in Mailing Lists Re: Privacy in Mailing Lists Re: WA state bill could censor VR and multimedia Re: Privacy Acts - Ireland, Iceland Re: Privacy in Mailing Lists Re: Data Encryption and Privacy -- PGP Issues PUBLIC SUBMISSION - PLEASE PRINT Re: WA state bill could censor VR and multimedia The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Paul Robinson Date: Sun, 13 Feb 1994 23:32:14 -0500 (EST) Subject: Re: WA state bill could censor VR and multimedia From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- > NEW SECTION. Sec. 706 (1) A license is required for the commercial > use of virtual reality technology for entertainment or purposes > other then bona fide education, training, research, and > development. > > NEW SECTION. Sec 702. (4) ``Virtual Reality'' means any > computer or other electronic technology that creates an enhanced > illusion of three-dimensional, real-time or near-real-time interactive > reality through the use of software, specialized hardware, holograms, > gloves, masks, glasses, computer guns, or other item capable > of producing visual, audio, and sensory effects of verisimilitude > beyond those available with a personal computer. What are the requirements? Is it a requirment on having a license to operate the technology or is it a license on the particular programs. As this appears it seems that the only things it could apply to would be places similar to video game arcades; it seems to try to avoid licensing things like Nintendo or video games in the home, even though _that_ is where all the complaints about too much violence are coming from. If a video game arcade requires a license, then it sounds more like a subterfuge to impose another tax than any concern over the effects of video games on kids. I'm not a lawyer, but because I've been concerned about restrictions on content, I've tried to keep up with the issue. Here is what I understand to be the situation with respect to restricting the content of something visual: If it is a license requiring the individual games to be licensed, it's overbroad and would not stand court challenge. This is well-settled since the 1960s with motion pictures: if a state or local jurisdiction has a licensing, rating or censorship board, the only thing it can do is either approve a particular work or go to court to have it banned. And since the case of _Miller v. California_ the only grounds a local community can have for banning material is if it is obscene. To be 'obscene' requires it contain material which is 'primarily prurient (sexually exciting) in nature' e.g. 'dirt for dirt's sake', it must have 'no socially redeeming value' (which is why most porno books have some sort of editorial in the front section), and violate local standards. Failure to meet all three tests renders the work non-obscene and non-bannable. Violence alone is not sufficient to be obscene. I suspect that a system for licensing places that have these games where the content of the games is being examined would be struck down as a violation of the 1st Amendment. I think that it would be very difficult to create a licensing system which is constitutionally valid, since the reason for the desire to license these works is a dislike of the (non-obscene) content. And content is the explicit provision the First Amendment has taken away from the states as a thing they would be able to regulate. Also, since the license law excludes the level of 'personal computers' if the arcade system is less than or equal to anything sold for individual use, is it no longer objectionable? Anyone seen the speed of an Alpha AXP Risc processor in the single-user desktop or a Pentium (80586)? Want to bet it's easy to argue that the effective processing power of these Virtual Reality systems is less than or equal to that of an 80586, which *is* a personal computer, or that - a lot sooner than people think - the technology available for Personal Computers will equal the stuff being used in VR systems? Usually the only difference between a personal computer and an arcade game machine is the arcade machine has additional chips and circuitry to do fast graphics. My personal favorite among computer games is 'DOOM' from ID Software, which is about 3 meg and can be downloaded from several internet sites including ftp.uwp.edu. On an 80386 it's a nice game; the game's FAQ indicates the 'frame rate' is faster on a 486 than movies or TV. Play that game for a while and tell me where it isn't a very effective 'virtual reality' game. ID's original game Wolfenstein 3d was groundbreaking technology but still looked like a simulation in some areas. DOOM uses much better graphics and the image in many aspects appears real. Yet what are the main playing pieces in the game? A shotgun and a chainsaw! Yet this game is outside of what this law allegedly wants to go after. Also, since the game distinguishes between programs run on personal computers, which can be VERY powerful, and allegedly faster ones, there may be grounds to argue that the 14th amendment is being violated since two different uses of computers are being treated differently, one requiring a license and the other not, even though both are using the same technology. In short, I think it's really a subterfuge to put more taxes on video game arcades and if anyone challenged it in court, their lawyer might have a good chance of getting the law struck down as unconstitutional. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ----- The following Automatic Fortune Cookie was selected only for this message: Ernesto Miranda's conviction was overturned due to the police not informing him of his rights. A few years after this, two men got involved in a bar fight, and one of them killed the other. The police advised the man of his rights, using the so-called "Miranda" warning. The man he killed *was* Ernesto Miranda! ------------------------------ From: "Peter M. Weiss" Date: Sat, 12 Feb 1994 07:56:15 -0500 (EST) Subject: Re: Privacy in Mailing Lists Organization: Penn State University When one subscribes to a Revised LISTSERV, here is a typical message which is created at the time of subscription based upon the list's definitions. Also note that e-mail distributions to a list are sometimes archived via other mechanisms into anonymous FTP/Gopher sites, where the FROM/SENDER field is easily viewable. There are various options that the list-owner/subscriber can do to make retrieval of subscriber addresses more difficult (though not impossible). /Pete (pmw1@psuvm.psu.edu) -- co-owner INFOSYS, TQM-L, LDBASE-L, et -L -- Peter M. Weiss "The 'NET' never naps" +1 814 863 1843 31 Shields Bldg. -- Penn State Univ -- University Park, PA 16802-1202 USA Date: Sat, 12 Feb 1994 07:54:56 -0500 From: BITNET list server at PSUVM (1.7f) Subject: Your subscription to list xxxxx-L To: Pete Weiss Reply-To: xxxxx-L-Request@PSUVM.PSU.EDU X-LSV-ListID: xxxxx-L Dear networker, Your subscription to list xxxxx-L has been accepted. Note: your distribution options have been defaulted as per the "SET xxxxx-L REPRO" command. You may leave the list at any time by sending a "SIGNOFF xxxxx-L" command to LISTSERV@PSUVM.BITNET (or LISTSERV@PSUVM.PSU.EDU). Please note that this command must NOT be sent to the list address (xxxxx-L@PSUVM) but to the LISTSERV address (LISTSERV@PSUVM). The amount of acknowledgement you wish to receive from this list upon completion of a mailing operation can be changed by means of a "SET xxxxx-L option" command, where "option" may be either "ACK" (mail acknowledgement), "MSGACK" (interactive messages only) or "NOACK". Contributions sent to this list are automatically archived. You can obtain a list of the available archive files by sending an "INDEX xxxxx-L" command to LISTSERV@PSUVM.BITNET (or LISTSERV@PSUVM.PSU.EDU). These files can then be retrieved by means of a "GET xxxxx-L filetype" command, or using the database search facilities of LISTSERV. Send an "INFO DATABASE" command for more information on the latter. Please note that it is presently possible for other people to determine that you are signed up to the list through the use of the "REVIEW" command, which returns the network address and name of all the subscribers. If you do not wish your name to be available to others in this fashion, just issue a "SET xxxxx-L CONCEAL" command. More information on LISTSERV commands can be found in the LISTSERV reference card, which you can retrieve by sending an "INFO REFCARD" command to LISTSERV@PSUVM.BITNET (or LISTSERV@PSUVM.PSU.EDU). Virtually, The LISTSERV management ------------------------------ From: kilgore@obelisk.pillar.com (Stan Hall) Date: Sat, 12 Feb 94 09:55:03 CST Subject: Re: Privacy in Mailing Lists Organization: Pillar Communications, Oklahoma City, Ok "Prof. L. P. Levine" writes: > Mailing lists may not be secure. Even allowing someone to use one, > without allowing him or her to read it, can reveal some of the names of > those in it. If you do not trust your moderator to keep the data > secure and you are concerned, you can not stay on a list. There is no > security to an unmoderated list. I am interested in the judgements of > this group. I want to thank you for bringing this to everyones attention. Additionally it would be a good idea that when a user subscribes to a mailing list that the automated reply would notify the user if the membership list is public of private information. Why do you say that there is no security to an unmoderated list? I find that it totally depends on the the software that runs the list. I am running a few mailing list and I am sure that there is only one way to have access to the membership list. That is to have access to the directory where the mailing list address is kept. I do believe that there may be a security compromise via the "Return-Receipt-To:" header on one of my mailing lists. The major list that I run is sent out as a digest daily and all headers except for "From:", "To:", "Date:", and "Message-Id:" are elimated and I cannot imagine any possible compromises that this system would allow. Of course as you stated, any security measures are of no use unless you have can trust the moderator (or list maintainter). Stan Hall -- kilgore@obelisk.pillar.com (Stan Hall) Pillar Communications BBS, Oklahoma City, OK -- +1 405 942 8794 ------------------------------ From: wbe@psr.com (Winston Edmond) Date: Sat, 12 Feb 1994 17:36:29 GMT Subject: Re: WA state bill could censor VR and multimedia Organization: Panther Software and Research Robert Jacobson writes: There is a bill at the state level: (excerpts from ``Public Health & Safety Act 1994'' bill, SBR 6174) NEW SECTION. Sec. 706 (1) A license is required for the commercial use of virtual reality technology for entertainment or purposes other then bona fide education, training, research, and development. where VR is defined: NEW SECTION. Sec 702. (4) ``Virtual Reality'' means any computer or other electronic technology that creates an enhanced illusion of three-dimensional, real-time or near-real-time interactive reality through the use of software, specialized hardware, holograms, gloves, masks, glasses, computer guns, or other item capable of producing visual, audio, and sensory effects of verisimilitude beyond those available with a personal computer. Ah, but what's "available with a personal computer" is a moving target. It looks like VR gear sold for use with, or operated by, a personal computer is not restricted. Similarly, if you buy a VR unit for your enjoyment at home, that's not "for the commercial use of [VR]" and wouldn't be covered. It looks more like they're working on a way to tax/license/control VR-capable video game units at amusement parks/parlors/etc. How bad this is in practice also depends on how hard and how expensive it is to get a license. Still, it'd be better to dump this law and work with the worried folks who see VR as a threat to find a more appropriate solution or to help them understand the technology. -WBE ------------------------------ From: cpsr@access.digex.net (Dave Banisar) Date: 12 Feb 1994 18:06:32 -0500 Subject: Re: Privacy Acts - Ireland, Iceland Organization: Express Access Online Communications, Greenbelt, MD USA matyas@scs.carleton.ca (Vaclav Matyas) writes: >Does anyone know whether or not (resp. what kind of and where to get >them in electronic form, if possible) do Ireland and Iceland have >Privacy Acts ? Both Iceland and Ireland have Privacy Acts. Iceland - Protection of Personal Records Act, No. 121 (28 December 1989) Ireland -Data Protection Act 1988 (13th July 1988) I'm not aware of an electronic version of either of these acts. The best source I've seen is Wayne Madsen, Handbook of Personal Data Protection (stockton press 1992) which contains the english translations of nearly every act in the world. Dave Banisar CPSR/Privacy International Washington Office ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: Sun, 13 Feb 1994 03:57:42 GMT Subject: Re: Privacy in Mailing Lists Organization: Fantasy Farm, Pearisburg, VA In article , "Prof. L. P. Levine" writes: } Earlier this month I received the following request in the Computer } Privacy Digest input box: (The userid is deleted.) } I would like to request a mailing list of subscribers who } participate in your bulletin board system. Please send info to: } } I sent the author a response indicating that if it was submitted as a } request for posting, I would be glad to ask each of you if you wanted } to send the author a mailing permitting the author to set up a separate } list. I indicated that such a global request of a Privacy list was } especially insensative. } From: rrb@deja-vu.aiss.uiuc.edu (Bill Pfeiffer) } Date: Tue, 8 Feb 1994 16:55:09 -0600 (CST) } } I get these requests all the time. Seems that bitnet listservers } have that command built in to them and some find it to be } commonplace. Actually, he understates the situation. I believe that most of the automated mailing-list maintainers support a "give me a list of the folk on the list" command [listservers are the most common, but there are several others floating around these days]. } Other intrusions into your privacy also may exist. ... I don't quite understand. Why is the existence of your email address, when you've freely sent it out to join a public mailing list, a big privacy matter? _any_ sort of privacy matter? I may just be looking at this wrong, but I've never considered email addresses to be particularly confidential information. } Mailing lists may not be secure. Even allowing someone to use one, } without allowing him or her to read it, can reveal some of the names of } those in it. If you do not trust your moderator to keep the data } secure and you are concerned, you can not stay on a list. There is no } security to an unmoderated list. I am interested in the judgements of } this group. My two cents is that if worrying about the security of the list of email addresses on a public mailing list is the biggest privacy-challenge you're concerned about at the moment, then you've got a pretty tidied up, secure world! I'm not sure I would even dignify such a thing as a "privacy" matter. /Bernie\ -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 ------------------------------ From: greg@ideath.goldenbear.com (Greg Broiles) Date: Sun, 13 Feb 94 00:41:42 PST Subject: Re: Data Encryption and Privacy -- PGP Issues Organization: iDEATH -----BEGIN PGP SIGNED MESSAGE----- close@lunch.asd.sgi.com (Diane Barlow Close) writes: > Does PGP infringe or doesn't it? Are there exceptions or aren't there? I haven't seen ViaCrypt PGP mentioned here yet; it is the standard MS-DOS version of PGP, modified to use RSA libraries licensed from Public Key Partners. Its output is compatible with that of the freeware PGP. Source code is available for the freeware PGP, but is not available for ViaCrypt PGP. I believe that ViaCrypt is selling ViaCrypt PGP for DOS for approx $100; they are supposed to be working on versions for the Mac and Unix. To contact them: ViaCrypt 2104 W. Peoria Ave. Phoenix, AZ 85029 (602) 944-0773 (602) 943-2601 fax I have no connection with ViaCrypt; I did purchase their version of PGP, since it's a useful program and I don't want to worry about legal hassles stemming from my use of the product. -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLV3ppn3YhjZY3fMNAQHPuwP/VOk8FmZv6Dc/l2x2+AJ4GJ+hzf57GHGt IF5JPGsG+KUyHzL1mLmBFqNrzRAAwP+3PoEYjWjJzprOTdBeXM4SD/+zF/TF/M86 5IF75aCtgdJgrSkbZRflX7IOmjBzZcILFo1wiUiZwhntI7mjPXL5iVr3CrNyYGNf e4CiGgH1rHA= =lTH9 -----END PGP SIGNATURE----- -- Greg Broiles ".. has bizarre Cyberanarchist theories relating greg@goldenbear.com to human punishment." -- L. Detweiler ------------------------------ From: Chuck Weckesser <71233.677@CompuServe.COM> Date: 13 Feb 94 12:27:29 EST Subject: PUBLIC SUBMISSION - PLEASE PRINT Topic: FOR PUBLIC SUBMISSION Should Rapist's And Pedophiles Be Forced To Register With The Authorities Every Time They Move Away? First, let's put a brake on the emotions now. All of here on the digest know how repugnant the crimes that rapist's and pedophiles commit are. This is NOT the subject of this post. I read in yesterday's paper that my state wants *ALL* persons either convicted or *ACCUSED* of rape to register with the police every time they move. Same with pedophiles. I am giving serious thought to whether or not there are any privacy implications here. The emotional part of me says yes, register them ASAP!! But I am concerned about a slippery slope that could lead to registering even non-violent criminals. Please note that what I have just mentioned is, according to the article I have read, extremely common, especially in Japan and Singapore particularly, a country which does not give a tinker's damm about privacy to begin with. I am very interested in feedback from other members of the digest as to whether rapist's and pedophiles should be forced to register their names and places of address *AND* work with the authorities. In addition, should the same standard (assuming you agree with the above) apply to *accused* rapist's and pedophiles?? Frankly, I will have to give this issue much more thought before submitting an answer. However, it was in the paper, I thought my colleagues here on the Digest might find this tidbit interesting and we can all throw it out for debate. What's your vote folks? Kind Regards, Chuck ------------------------------ From: Paul Robinson Date: Sun, 13 Feb 1994 23:32:14 -0500 (EST) Subject: Re: WA state bill could censor VR and multimedia From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- > NEW SECTION. Sec. 706 (1) A license is required for the commercial > use of virtual reality technology for entertainment or purposes > other then bona fide education, training, research, and > development. > > NEW SECTION. Sec 702. (4) ``Virtual Reality'' means any > computer or other electronic technology that creates an enhanced > illusion of three-dimensional, real-time or near-real-time interactive > reality through the use of software, specialized hardware, holograms, > gloves, masks, glasses, computer guns, or other item capable > of producing visual, audio, and sensory effects of verisimilitude > beyond those available with a personal computer. What are the requirements? Is it a requirment on having a license to operate the technology or is it a license on the particular programs. As this appears it seems that the only things it could apply to would be places similar to video game arcades; it seems to try to avoid licensing things like Nintendo or video games in the home, even though _that_ is where all the complaints about too much violence are coming from. If a video game arcade requires a license, then it sounds more like a subterfuge to impose another tax than any concern over the effects of video games on kids. I'm not a lawyer, but because I've been concerned about restrictions on content, I've tried to keep up with the issue. Here is what I understand to be the situation with respect to restricting the content of something visual: If it is a license requiring the individual games to be licensed, it's overbroad and would not stand court challenge. This is well-settled since the 1960s with motion pictures: if a state or local jurisdiction has a licensing, rating or censorship board, the only thing it can do is either approve a particular work or go to court to have it banned. And since the case of _Miller v. California_ the only grounds a local community can have for banning material is if it is obscene. To be 'obscene' requires it contain material which is 'primarily prurient (sexually exciting) in nature' e.g. 'dirt for dirt's sake', it must have 'no socially redeeming value' (which is why most porno books have some sort of editorial in the front section), and violate local standards. Failure to meet all three tests renders the work non-obscene and non-bannable. Violence alone is not sufficient to be obscene. I suspect that a system for licensing places that have these games where the content of the games is being examined would be struck down as a violation of the 1st Amendment. I think that it would be very difficult to create a licensing system which is constitutionally valid, since the reason for the desire to license these works is a dislike of the (non-obscene) content. And content is the explicit provision the First Amendment has taken away from the states as a thing they would be able to regulate. Also, since the license law excludes the level of 'personal computers' if the arcade system is less than or equal to anything sold for individual use, is it no longer objectionable? Anyone seen the speed of an Alpha AXP Risc processor in the single-user desktop or a Pentium (80586)? Want to bet it's easy to argue that the effective processing power of these Virtual Reality systems is less than or equal to that of an 80586, which *is* a personal computer, or that - a lot sooner than people think - the technology available for Personal Computers will equal the stuff being used in VR systems? Usually the only difference between a personal computer and an arcade game machine is the arcade machine has additional chips and circuitry to do fast graphics. My personal favorite among computer games is 'DOOM' from ID Software, which is about 3 meg and can be downloaded from several internet sites including ftp.uwp.edu. On an 80386 it's a nice game; the game's FAQ indicates the 'frame rate' is faster on a 486 than movies or TV. Play that game for a while and tell me where it isn't a very effective 'virtual reality' game. ID's original game Wolfenstein 3d was groundbreaking technology but still looked like a simulation in some areas. DOOM uses much better graphics and the image in many aspects appears real. Yet what are the main playing pieces in the game? A shotgun and a chainsaw! Yet this game is outside of what this law allegedly wants to go after. Also, since the game distinguishes between programs run on personal computers, which can be VERY powerful, and allegedly faster ones, there may be grounds to argue that the 14th amendment is being violated since two different uses of computers are being treated differently, one requiring a license and the other not, even though both are using the same technology. In short, I think it's really a subterfuge to put more taxes on video game arcades and if anyone challenged it in court, their lawyer might have a good chance of getting the law struck down as unconstitutional. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ----- The following Automatic Fortune Cookie was selected only for this message: Ernesto Miranda's conviction was overturned due to the police not informing him of his rights. A few years after this, two men got involved in a bar fight, and one of them killed the other. The police advised the man of his rights, using the so-called "Miranda" warning. The man he killed *was* Ernesto Miranda! ------------------------------ End of Computer Privacy Digest V4 #030 ****************************** .