Date: Sun, 29 May 94 16:33:14 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#073 Computer Privacy Digest Sun, 29 May 94 Volume 4 : Issue: 073 Today's Topics: Moderator: Leonard P. Levine Digicash PR Where Can I Find PGP? Covert Communication Privacy Petition Request - Political Re: Encryption in The Netherlands Re: Encryption in The Netherlands Re: Employee looking up your license plate number Re: Privacy of Employee eMail at Private Businesses Re: Anonymous Phoning CPD will be down for a Week The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Dave Banisar Date: 26 May 1994 14:19:24 EST Subject: Digicash PR Organization: Electronic Privacy Information Center Date 5/26/94 Subject Digicash PR From Dave Banisar To Cypherpunks List Digicash PR Thought this might be of some interest. dave --------------------------------------------------------------- DIGICASH PRESS RELEASE World's first electronic cash payment over computer networks. ============================================================= FOR IMMEDIATE RELEASE (Release Date: May 27, 1994) ---------------------------------------------------------------------- Payment from any personal computer to any other workstation, over email or Internet, has been demonstrated for the first time, using electronic cash technology. "You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited" according to David Chaum, Managing Director of DigiCash TM, who announced and demonstrated the product during his keynote address at the first conference on the World Wide Web, in Geneva this week. Electronic cash has the privacy of paper cash, while achieving the high security required for electronic network environments exclusively through innovations in public key cryptography. "It's the first software only solution. In the past we've pioneered such cash for chip cards and electronic wallets, always with a tamper-resistant chip for storing the value--now all you have to do is download the software and you're up and running" continues Dr. Chaum. The product works with Microsoft(R) Windows TM, Macintosh TM, and most UNIX TM platforms. It was shown integrated with Mosaic, the most popular software for people accessing databases, email, or other services on the Internet and World Wide Web. The graphic user interface allows intuitive "dragging and dropping" of icons representing stacks of coins, receipts, record books, etc. The company will be supplying the technology through other firms who will release the products, under various cooperation and trial programs. The user software, which allows both paying and receiving payment, will be distributed free of charge. The product was developed by DigiCash TM Corporation's wholly owned Dutch subsidiary, DigiCash TM BV. It is related to the firm's earlier released product for road pricing, which has been licensed to Amtech TM Corporation, of Dallas, Texas, worldwide leader in automatic road toll collection. This system allows privacy protected payments for road use at full highway speed from a smart card reader affixed to the inside of a vehicle. Also related is the approach of the EU supported CAFE project, of which Dr. Chaum is Chairman, which uses tamper-resistant chips inserted into electronic wallets. The underlying 'blind signature' technology was described in the article "Achieving Electronic Privacy," by David Chaum, Scientific American, August 1992. ---------------------------------------------------------------------- For more information contact: DigiCash bv info@digicash.nl Kruislaan 419 tel +31 20 665 2611 1098 VA Amsterdam fax +31 20 668 5486 The Netherlands ---------------------------------------------------------------------- ------------------------------ From: mb2@kaiwan.com (Mark Brown) Date: 27 May 1994 23:24:06 -0700 Subject: Where Can I Find PGP? Organization: KAIWAN Internet (310/527-4279,818/756-0180,714/741-2920) I was under the impression that PGP was availible via ftp. After doing an archie search I tried four different sites and the only thing I could find were doc and text files relating to PGP but I can't seem to find the program. Does anybody know where I can find it ? ------------------------------ From: thebry@delphi.com Date: 28 May 94 22:16:33 -0500 Subject: Covert Communication Organization: Delphi (info@delphi.com email, 800-695-4005 voice) A novel is being written about a future that is governed by a police state. Communication is via the internet and must be covert. If you would like to participate, email FuturePlot-request@peti.GUN.de and leave the subject blank and type Subscribe (or Add) in the body. Wait a couple of days for info. ------------------------------ From: nzook@bga.com (Nathan Zook) Date: 29 May 1994 20:44:02 GMT Subject: Privacy Petition Request - Political Organization: Real/Time Communications - Bob Gustwick and Associates Sorry for the delay, folks! I need your signatures by 2100 hrs, 08 June 94. You will notice that I have broken things down considerably. Thanks to David Smith of Austin EFF for guidance, and Realtime Communications for technical support! This is an e-mail petition drive. Please crosspost to all who may be interested!! I shall not use this list for solicitation, nor shall I release this list to anyone who does not agree not to release this list, and not to use it for solicitation. Exception: I shall present this list to every elected official I can access. You shall not receive a confirmation notice. A report will be sent to the newsgroups. Please fill in the support statement with X's in the appropriate positions. Do _NOT_ delete part of the statement. Please include the line of astericks in your letter. You may retrieve the resolutions list, with form letter, my reasons list, and the Mass bill by anonymous ftp. ftp ftp.bga.com Name: anonymous Password: cd pub/misc get PrResolutions get PrReasons get PrMass quit Which ever suits your fancy. To add your name to the petition, snip the form letter at the bottom of PrResolutions or of this note. Fill it out, and e-mail it to nzook@bga.com. DO NOT TRIM THE LETTER!!! PLEASE!!! Just because you are a 16-year old from Brazil doesn't mean that your signature doesn't count. Please, everyone that supports this, send it in. If you want to use this list to influence _your_ state government, e-mail me at nzook@math.utexas.edu. I, the undersigned, hearby request that the following resolutions be added to the platform of the Republican party in the state of Texas, and that Republican officeholders undertake all legal means to implement these resolutions: 1) Resolved, that no governmental trapdoor encription standards be advanced for use in any civilian communication systems. (Clipper chip, Digital Telephony Act) 2) Resolved, that the Republican party in the state of Texas petitions Congress that encryption systems or algorithms publicly available outside the US not be classified as munitions. 3) Resolved, that the Republican party in Texas petitions the US patent office to reconsider the RSA patent, to narrow its scope to be in line with the contribution of the authors, and to further the national interest, in privacy and in commerce. 4) Resolved, that the Republican party in Texas urges the appropriate agencies to develop and advance a system for secure communications which fully preserves the privacy of the communicators. 5) Resolved, that the Republican party in Texas petitions Congress that it adopt a bill patterned after House Bill No. 4491 of the Massachusetts 179th General Court, 1994 Regular Session by Mr Cohen of Newton to reduce the chance of records being inadvertently made available to persons without proper authorization. 6) Resolved, that the Republican party in Texas petitions Congress that it adopt a bill to prohibit the cross-use of ID numbers between legal entities, except for those purposes in which the use of such a number is necessary; and that entities requesting or using such numbers without being able to produce proof of their authority to do so shall be liable for damages--both in small claims court, and by federal agency; and that specifically the use of SSNs for driver's licenses, school IDs, or military IDs shall be prohibited. 7) Resolved, that the Republican party in Texas petitions the Texas legislature to adopt bills to these effects, adjusted as appropriate. Nathan Zook (nzook@bga.com) ***************************************************************************** Notice of support for the privacy resolutions posted by Nathan Zook in May of 1994: [ ] I support all seven resolutions. [ ] I support only the following resolutions: 1 [ ] 2 [ ] 3 [ ] 4 [ ] 5 [ ] 6 [ ] 7 [ ] [ ] I am a US citizen. [ ] I am not a US citizen. [ ] I am a legal resident of this state. (eg:TX,LA or KS; or XX if not US) [ ] I am this many years old. [ ] This is a changed statement, please disregard previous notice. I understand that falsifying a petition may result in legal charges, and I have not sent a duplicate signature, under any alias, except as noted above. ------------------------------ From: david@c-cat.PG.MD.US (Dave) Date: 27 May 94 08:40:43 EDT Subject: Re: Encryption in The Netherlands Organization: China Cat BBS (301)604-5976 rcsacw@urc.tue.nl (Christ van Willegen) writes: THe government in The Netherlands is thinking about a law to make all encryption of messages and/or files in The Netherlands a criminal offence. They want to do this because of the encryption used by criminals (so the police etc. won't read their files). a big concern here would be with Internet sites in the Netherlands and the use of the simple ROT-13 encription widely available. if this law was enacted, what would this effect be for these internet sites that would pass along information say for example a ROT-13 excripted joke from the U.S. in rec.humor.funny would this be illegal or accepted ? David R. Ristau ======================== david@c-cat.pg.md.us uunet!anagld!c-cat!david ------------------------------ From: R._Braithwaite-Lee@magic-bbs.corp.apple.com Date: 27 May 1994 16:06:02 EST Subject: Re: Encryption in The Netherlands Organization: M A G I C To: rcsacw@urc.tue.nl (Christ van Willegen) The government in The Netherlands is thinking about a law to make all encryption of messages and/or files in The Netherlands a criminal offence. They want to do this because of the encryption used by criminals (so the police etc. won't read their files). ...SNIP... Then, there was a letter to a newspaper consisting of 2 paragraphs. The first was (it seemed) a random collection of characters, the second said: "Now, let THEM try to prove if the above is garbage or an encrypted message (note that that's impossible to prove). Anyone have anything to say on this subject? Actually, the message you describe *is* definately an encrypted message. So is this post. Any message can be transformed into another message of the same length with the correct one time pad. Regards, Reginald !:-) Public Key Fingerprint: D8 B8 C1 D0 DD 56 20 B4 06 A2 81 83 87 E8 8B 64 (Send message with subject "HELP" to pgp-public-keys@pgp.ox.ac.uk) please cc: all replies and follow-ups to 73114.2055@compuserve.com. Thanks! ------------------------------ From: jmm@elegant.com (John Macdonald) Date: 26 May 1994 12:41:15 -0400 (EDT) Subject: Re: Employee looking up your license plate number dwn@dwn.ccd.bnl.gov (Dave Niebuhr) said: Are you sure it was from the plate? Most government agencies that I know of routinely issue a sticker to facilitate entrance and exit from the site. This is also true for my daughter's truck that she uses to go back and forth from college. I'd suspect that the sticker was used. It might even be simpler than that - there have been a couple of companies that I worked for that asked (not required) that you just tell them the license plate of your car when you started working with them. (It has been a frequent item on visitor registration forms when I'm at customer sites.) In my first job at Control Data, there were a number of times when I got a phone call from the front desk to tell me that I'd left my headlights on - so, against the disadvantages of loss of privacy you have to trade the advantages and decide which is likely to be more significant. -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm@Elegant.COM ------------------------------ From: eck@panix.com (Mark Eckenwiler) Date: 26 May 1994 16:34:29 -0400 Subject: Re: Privacy of Employee eMail at Private Businesses Organization: Superseding Information bernie@fantasyfarm.com sez: Many of us have long been pointing out/arguing that employees should expect *NO* privacy when using company computer resources [unless given assurances of such privacy]. To expand/clarify: by its own terms, ECPA applies only to providers of electronic communication services *to the public*, so it isn't applicable in the employer/employee context. Title III is arguably relevant -- it certainly covers e-mail as well as telephone communications -- but there are two reasons it's not a useful remedy in most cases. First, existing caselaw leans heavily toward interpreting "interception" as being limited to unlawful acquisition at the time of transmission. This excludes the case of an employer invading your mailbox to read messages that have already arrived. This means that unless your employer's mailer daemon is set up to make a copy of messages _en route_ (or some similar mechanism is in place to grab communications when sent), the courts are unlikely to find a Title III violation. Second, section 2511(2)(d) permits interception with consent. "Consent" can be manufactured by the owner/operator simply by notifying users that email may be inspected. In this regard, employees are no better off than prisoners using conspicuously marked tapped phones in the local joint. FYI, Sen. Simon of Illinois has in recent sessions repeatedly sponsored the Privacy for Consumers and Workers Act, which (while not prohibiting surveillance by employers) imposes some limits on the manner of employee monitoring and the types of data that may be collected. The House version of PCWA was approved for full committee action in the Education and Labor Subcommittee on 2/23/94. Note followups to comp.society.privacy. ------------------------------ From: R._Braithwaite-Lee@magic-bbs.corp.apple.com Date: 27 May 1994 17:58:17 EST Subject: Re: Anonymous Phoning Organization: M A G I C Hello: I recently subscribed to Bell Canada's "PrimeLine" service which provides users with a 'virtual' telephone number. You get an incoming number which you forward to you home or business. It also takes voicemail messages for an extra $6.00 a month. There is an extra feature which allows you to make outgoing anonymous calls. If you call in for messages, you can press "9" to get an outbound line. This feature is for the convenience of users who are calling from a phone booth--they can pick up a message and immediately return the call w/o putting another quarter in the booth. Since the call is routed through Bell's switch, the receiving party has no idea where you're calling from. I use this at home when making certain kinds of calls. Regards, Reginald Braithwaite-Lee Public Key Fingerprint: D8 B8 C1 D0 DD 56 20 B4 06 A2 81 83 87 E8 8B 64 (Send message with subject "HELP" to pgp-public-keys@pgp.ox.ac.uk) please cc: all replies and follow-ups to 73114.2055@compuserve.com. Thanks! ------------------------------ From: Prof L. P. Levine Date: 29 May 1994 15:58:17 CST Subject: CPD will be down for a Week Your moderator (me) will be at the Spring Internet World meeting in San Jose so this will be the last posting until 6/7/94. ------------------------------ End of Computer Privacy Digest V4 #073 ****************************** .