Date: Tue, 15 Feb 94 19:01:55 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V1#031 Computer Privacy Digest Tue, 15 Feb 94 Volume 1 : Issue: 031 Today's Topics: Moderator: Leonard P. Levine Re: Privacy in Mailing Lists Re: Privacy in Mailing Lists Re: Privacy in Mailing Lists Clipper Overseas Re: WA state bill could censor VR and multimedia Re: WA state bill could censor VR and multimedia privacy and sexual crimes privacy and sexual crimes privacy and sexual crimes Electronic Food Stamps The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Alan Bawden Date: Mon, 14 Feb 94 16:51:45 -0500 Subject: Re: Privacy in Mailing Lists From: bernie@fantasyfarm.com (Bernie Cosell) Date: Sun, 13 Feb 1994 03:57:42 GMT I don't quite understand. Why is the existence of your email address, when you've freely sent it out to join a public mailing list, a big privacy matter? And indeed I imagine that you will not object to my revealing to everyone here that you subscribe to a mailing list that I maintain for discussing Rubik's Cube and related puzzles. But suppose my mailing list was not "Cube-Lovers", but was instead "Recovering-Drug-Addicts". Would you want me to publicize my membership quite so freely in that case? Even if you were -not- a recovering drug addict yourself, you still might prefer to avoid the hassle of explaining to your boss about why you subscribe to such a list. ------------------------------ From: johnl@iecc.com (John R Levine) Date: Mon, 14 Feb 94 22:31 EST Subject: Re: Privacy in Mailing Lists Organization: I.E.C.C., Cambridge, Mass. I don't quite understand. Why is the existence of your email address, when you've freely sent it out to join a public mailing list, a big privacy matter? _any_ sort of privacy matter? I may just be looking at this wrong, but I've never considered email addresses to be particularly confidential information. This is a classic data protection question. In many places other than the U.S., information for a database created for one purpose can't be used for other purposes without the consent of the subjects. In this case, if I put my name on an e-mail mailing list, I've given out my address so that I can get messages from that list. I didn't give it out so that people could collect my name for lists of electronic or paper junk mail. It's worth noting that there are starting to be white pages that let you get a person's e-mail address from the real name and address and vice-versa. While these directories, like telephone white pages, are quite useful for getting in touch with individuals, they also mean that putting your name on a mailing list can easily mean that you could be setting yourself up for yet more paper and electronic junk mail. Great. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: Tue, 15 Feb 1994 18:17:38 GMT Subject: Re: Privacy in Mailing Lists Organization: Fantasy Farm, Pearisburg, VA In article , Stan Hall writes: "Prof. L. P. Levine" writes: Mailing lists may not be secure. Even allowing someone to use one, without allowing him or her to read it, can reveal some of the names of those in it. If you do not trust your moderator to keep the data secure and you are concerned, you can not stay on a list. There is no security to an unmoderated list. I am interested in the judgements of this group. I want to thank you for bringing this to everyones attention. Additionally it would be a good idea that when a user subscribes to a mailing list that the automated reply would notify the user if the membership list is public of private information. Let me just emphasize that this last is the key part. The default for mailing lists, in general, is that such lists are public info and no one goes to any bother to even pretend to hide the list of members on the list [this dating back to the earliest days of mailing lists on the ARPAnet]. There _have_ been confidential mailing lists and it _is_ possible to manage them. But as Prof Levine points out, it is not trivial and there are traps and pitfalls at every step [mostly due to the fact that the defaults for a quarter century have been "this isn't confidential info"]. But it is doable. The key point is when you realize that 'public' is the default, you know what to do: when you sign up for a mailing list, and you DON'T want your presence on the list to be disclosed, you must *ask* that your email address be held confidential, and if you get the answer back "Can't", there's not much you can do except try other alternatives. [one simple one is to sign up for an account at a random public-access site with a strange/noninformative email handle ["joker@pub.com" or "bigdave@pub.com" or whatever] and get on the list via THAT address [kind of the moral equivalent of using an alias with a PO box]]. /Bernie\ -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 ------------------------------ From: Christopher Zguris <0004854540@mcimail.com> Date: Tue, 15 Feb 94 11:42 EST Subject: Clipper Overseas I haven't seen this discussed so I'm going to ask. What are the implications for Clipper's use on communications between US and foreign countries and companies? If company A in the US is communicating with Company B is some other part of the world over a Clipper-encrypted data link couldn't the NSA legally monitor and decode the communition if they chose to do so? It's a given that the NSA monitors a lot of data communications, and I remember reading about the monitoring of US communications using NSA equipment in foreign countries thereby by avoiding the issue of monitoring on US soil, so couldn't the same trick be used to monitor communications in foreign countries that would also include US links? If we're talking about a world-wide link than a monitoring link in a foreign node could give access to the whole thing. How does key escrow affect potential international users? Anybody care to shed some light on this subject? Christopher Zguris CZGURIS@MCIMAIL.COM ------------------------------ From: Robert Jacobson Date: Mon, 14 Feb 94 21:07:12 -0800 Subject: Re: WA state bill could censor VR and multimedia Here's the deal on SBB 6174, the WA state bill that deals with "VR" as of today, 2/14/94: SBB 6174, a "substitute" Senate bill, was passing the WA state Senate with a requirement for licensure of anyone commercializing hardware or software to create virtual reality, as broadly defined, unless it was to be used for education, training, or R&D. There was to be a fee imposed by the state licensing department, to fund the program and also anti-violence programs. The bill was amended to remove this clause and to simply state that virtual reality, like other media (including videogames), should have an age-group rating concocted by the local software association. It's fairly sure that the bill may go through other changes in a conference with a House bill not containing these clauses. It was and remains a serious bill, a complete, 200-page overhaul of the WA state health structure. Thanks to the Washington Software Assn., it was amended and tamed. But bills like this are being introduced around the nation, due to the carelessness of Sega and Nintendo in marketing truly offensive software. They get rich, the rest of us get licensed. No fair. ------------------------------ From: vapspcx@cad.gatech.edu (S. Keith Graham) Date: 15 Feb 1994 15:35:34 -0500 Subject: Re: WA state bill could censor VR and multimedia Organization: Free Agent Robert Jacobson writes: There is a bill at the state level: (excerpts from ``Public Health & Safety Act 1994'' bill, SBR 6174) NEW SECTION. Sec. 706 (1) A license is required for the commercial use of virtual reality technology for entertainment or purposes other then bona fide education, training, research, and development. where VR is defined: NEW SECTION. Sec 702. (4) ``Virtual Reality'' means any computer or other electronic technology that creates an enhanced illusion of three-dimensional, real-time or near-real-time interactive reality through the use of software, specialized hardware, holograms, gloves, masks, glasses, computer guns, or other item capable of producing visual, audio, and sensory effects of verisimilitude beyond those available with a personal computer. I would like to point out that this includes _any_commercial_use_ of VR. While "education, training, and R&D" is permitted, if you move a VR application from R&D into "production", it becomes a commercial use. Possible uses in the near future for VR include not only entertainment, but also collages of remote data (ala SeaQuest), remote 3-D video with graphics overlaid, etc. This can be used by architects and designers to mention the first obvious markets. (And the company I work for is investigating overlay of graphics on 3-D video from other sources, which is a form of VR.) I have heard that long term exposure to VR can cause people's reactions to the "real world" to be "slightly off", because they become used to lags between (head) movement and the "scene" changing. There are also persistant problems with flickering video causing epilectic attacks. If the goal of this legislation is to verify that these tools (for commercial or entertainment use) are safe for extended use, then this might be a very legitimate legislative endeavor. Since the bill does excluse "educational" software, I imagine that their goal is censoring content, rather than safety issues. ------------------------------ From: koos@cvi.ns.nl (Koos de Heer) Date: Tue, 15 Feb 1994 17:40:54 GMT Subject: privacy and sexual crimes Organization: CVI Chuck Weckesser <71233.677@CompuServe.COM> writes: Should Rapist's And Pedophiles Be Forced To Register With The Authorities Every Time They Move Away? I assume your definition of pedophiles is: people who abuse children sexually. (My definition is slightly different, but for this topic, that's OK). I think this is not really a question of privacy. It is more a question of whether you believe that someone who has gone astray once will continue to do so. In a lot of cases, that does happen, but have we really tried to prevent that in an intelligent way? So maybe it becomes a question of privacy after all - do we want to give people the opportunity to build a new life, or will they be tagged forever? The words I choose are an indication of how I feel. koos de heer - centrum voor informatieverwerking information and automation in transportation utrecht, the netherlands fax ++31.30.924229 koos@cvi.ns.nl voice ++31.30.924860 (my employer has been known to disagree with me) ------------------------------ From: johnl@iecc.com (John R Levine) Date: Mon, 14 Feb 94 22:40 EST Subject: privacy and sexual crimes Organization: I.E.C.C., Cambridge, Mass. ... my state wants *ALL* persons either convicted or *ACCUSED* of rape to register with the police every time they move. This is a gross invasion of personal privacy and literacy. The principle of innocent until proven guilty means that, legally, if you haven't been convicted, you didn't do it. Consider a case of an innocent person who bears a physical resemblance to an actual rapist and is arrested due to mistaken identity. Or a person who's accused falsely by someone who holds a grudge or wants to harass him. Perhaps it would be appropriate to find out who's supporting this stupid proposal and call in a few anonymous tips to the cops. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: tcj@netcom.com (Todd Jonz) Date: Tue, 15 Feb 1994 09:18:38 GMT Subject: privacy and sexual crimes Organization: Sanity Cruise Enterprises, Ltd. Chuck Weckesser (71233.677@CompuServe.COM) writes: I read in yesterday's paper that my state wants *ALL* persons either convicted or *ACCUSED* of rape to register with the police every time they move. Same with pedophiles. I may be naive, but this seems to me not only an infringement on privacy rights, but on some very basic civil rights as well. Just about anybody can be *accused* of just about anything. If I am acquitted of a charge by the court, wouldn't a regulation like this be a fundamental violation of my civil rights? And if I'm convicted, serve my time, and am returned to society having "paid the price" for my crime, have I somehow relinquished some of my civil rights in the process? ------------------------------ From: "Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM> Date: 14 Feb 94 03:21:03 EST Subject: Electronic Food Stamps From: Welfare Cards (By Michael Holmes, Associated Press Writer) AUSTIN, Texas (AP, 10 Feb 1994) -- Texas plans to begin providing welfare benefits electronically this year with bank-style cards that take the place of paper coupons. The new system is designed to reduce administrative expenses, fraud and theft. [From the Associated Press newswire via Executive News Service (GO ENS) on CompuServe] The author continues with the following key points: o "Electronic benefits transfer" will begin in two counties in autumn 1994 and should be statewide by 1996. o The Lone Star Card will function like a debit card, allowing holders to purchase food only in cooperating grocery stores. o Cardholders will use a 4-digit PIN. o Officials hope the cards will reduce fraud by eliminating all cash from food-stamp transactions (sometimes stores returned change). It will be interesting to watch this program to see how security aspects are handled. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ End of Computer Privacy Digest V1 #031 ****************************** .