Date: Thu, 15 Dec 94 11:32:35 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#073 Computer Privacy Digest Thu, 15 Dec 94 Volume 5 : Issue: 073 Today's Topics: Moderator: Leonard P. Levine Re: Value of Pretty Good Privacy Re: Value of Pretty Good Privacy Re: Value of Pretty Good Privacy Zimmermann Defense Fund Appeal Re: Zimmermann Defense Fund Appeal Re: Dynamic Negotiation in the Privacy Wars Re: Question about Electronic Comm. Privacy Act Re: Question about Electronic Comm. Privacy Act Databanks and Privacy Conferences of Potential Interest Company Snooping/Possible Email monitoring Info on CPD, (unchanged since 11/28/94) ---------------------------------------------------------------------- From: thwong@cs.cornell.edu (Ted Wong) Date: 12 Dec 1994 22:04:45 GMT Subject: Re: Value of Pretty Good Privacy Organization: Cornell Univ. CS Dept, Ithaca NY 14853 Chuck Weckesser <71233.677@compuserve.com> wrote: PGP is a joke. Why people even bother with it is beyond me; there is little difference in leaving your system unlocked--except for time. I'm a little surprised to see such a damning statement in a moderated newsgroup. The article contains no facts to back its assertion. If the author has some important new information about insecurity in PGP, then I'm sure that all of us here would appreciate hearing it. -- Ted Wong |DISCLAIMER: |Cornell's opinions are its own, Computer Science |and do not necessarily reflect Cornell University |those of the author. ------------------------------ From: Ted Lemon Date: 12 Dec 1994 16:11:37 -0800 Subject: Re: Value of Pretty Good Privacy PGP is a joke. Why people even bother with it is beyond me; there is little difference in leaving your system unlocked--except for time. This is an interesting and provocative statement. Were it accompanied by some evidence for why we should believe it, I would be happy to see it. Absent that evidence, it just sounds like a random flame. Chuck, could you back this up with some facts? -- Ted Lemon Wells Fargo Bank, Information Protection Division mellon@ipd.wellsfargo.com +1 415 477 5045 ------------------------------ From: palmer@chmsr (Michael T. Palmer) Date: 14 Dec 1994 18:25:53 GMT Subject: Re: Value of Pretty Good Privacy Organization: Georgia Institute of Technology Chuck Weckesser (71233.677@compuserve.com) wrote: PGP is a joke. Why people even bother with it is beyond me; there is little difference in leaving your system unlocked--except for time. Well, that was enlightening. Without even addressing the truth value of these statements, could you please tell us WHY? If there are obvious security holes that we haven't noticed, then we're probably not going to be able to notice them *now* unless you provide more information. -- Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng Georgia Institute of Technology, Atlanta, Georgia 30332-0205 ------------------------------ From: hmiller@orion.it.luc.edu (Hugh Miller) Date: 14 Dec 1994 16:47:39 GMT Subject: Zimmermann Defense Fund Appeal Organization: Loyola University of Chicago [ Article crossposted from alt.security.pgp,talk.politics.crypto ] [ Author was Hugh Miller (hmiller@orion.it.luc.edu) ] [ Posted on 14 Dec 1994 16:37:04 GMT ] -----BEGIN PGP SIGNED MESSAGE----- Phil Zimmermann Legal Defense Fund Appeal In November, 1976, Martin Hellman and Whitfield Diffie announced their discovery of public-key cryptography by beginning their paper with the sentence: "We stand today on the brink of a revolution in cryptography." We stand today on the brink of an important battle in the revolution they unleased. Philip Zimmermann, who encoded and released the most popular and successful program to flow from that discovery, Pretty Good Privacy ("PGP"), may be about to go to court. It has been over fourteen months now since Phil was first informed that he was the subject of a grand jury investigation being mounted by the San Jose, CA, office of US Customs into the international distribution, over the Internet, of the original version of the program. On January 12th, Phil's legal team will meet for the first time with William Keane, Assistant US Attorney for the Northern District of California, who is in charge of the grand jury investigation, in San Jose. An indictment, if one is pursued by the government after this meeting, could be handed down very shortly thereafter. If indicted, Phil would likely be charged with violating statute 22 USC 2778 of the US Code, "Control of arms exports and imports." This is the federal statute behind the regulation known as ITAR, "International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of the Code of Federal Regulations. Specifically, the indictment would allege that Phil violated 22 USC 2778 by exporting an item listed as a "munition" in 22 CFR 120.1 et seq. without having a license to do so. That item is cryptographic software -- PGP. At stake, of course, is far more than establishing whether Phil violated federal law or not. The case presents significant issues and will establish legal precedent, a fact known to everyone involved. According to his lead counsel, Phil Dubois, the US government hopes to establish the proposition that anyone having anything at all to do with an illegal export -- even someone like Phil, whose only involvement was writing the program and making it available to US citizens and who has no idea who actually exported it -- has committed a federal felony offense. The government also hopes to establish the proposition that posting a "munition" on a BBS or on the Internet is exportation. If the government wins its case, the judgment will have a profound chilling effect on the US software industry, on the free flow of information on the emerging global networks, and in particular upon the grassroots movement to put effective cryptography in the hands of ordinary citizens. The US government will, in effect, resurrect Checkpoint Charlie -- on the Information Superhighway. By now, most of us who are reading this know about Phil and the case, whether by having the program and reading the doc files or by seeing reports in the Wall Steet Journal, Time, Scientific American, the New York Times, Wired, US News and World Report, and hundreds of other news outlets; on Usenet groups like talk.crypto.politics or alt.security.pgp; or by listening to Phil give talks such as the one he gave at CFP '94 in Chicago. We know that PGP has made great strides since version 1.0, and is now a sophisticated encryption and key-management package which has become the de facto standard in both micro and mainframe environments. We know that Phil and the PGP development team successfully negotiated a commercial license with Viacrypt, and, through the efforts of MIT, a noncommercial license for PGP with RSA Data Security, the holders of the patent on the RSA algorithm on which PGP is based, thus freeing the program from the shadow of allegations of patent infringement. We know that programs such as PGP represent one of our best bulwarks in the Information Age against the intrusions of public and private information gatherers. We know that PGP is a key tool in insuring that the "Information Superhighway" will open the world to us, without opening us to the world. What we may not all know is the price Phil has had to pay for his courage and willingness to challenge the crypto status quo. For years now Phil has been the point man in the ongoing campaign for freely available effective cryptography for the everyday computer user. The costs, personal and professional, to him have been great. He wrote the original code for PGP 1.0 by sacrificing months of valuable time from his consulting career and exhausting his savings. He continues to devote large amounts of his time to testifying before Congress, doing public speaking engagements around the world, and agitating for "cryptography for the masses," largely at his own expense. He is now working, still for free, on the next step in PGP technology, PGP Phone, which will turn every PC with a sound card and a modem into a secure telephone. And we know that, just last month, he was searched and interrogated in the absence of counsel by US Customs officials upon his return from a speaking tour in Europe. Phil's legal team consists of his lead counsel, Philip Dubois of Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in Washington, DC, first counsel for intelligence policy for the Justice Department under President Carter; Eben Moglen, professor of law at Columbia and Harvard Universities; Curt Karnow, a former assistant US attorney and intellectual property law specialist at Landels, Ripley & Diamond in San Francisco; and Thomas Nolan, noted criminal defense attorney in Menlo Park. While this is a stellar legal team, what makes it even more extraordinary is that several of its members have given their time for free to Phil's case. Still, while their time has been donated so far, other expenses -- travel, lodging, telephone, and other costs -- have fallen to Phil. If the indictment is handed down, time and costs will soar, and the members of the team currently working pro bono may no longer be able to. Justice does not come cheap in this country, but Phil deserves the best justice money can buy him. This is where you and I come in. Phil Dubois estimates that the costs of the case, leaving aside the lawyers' fees, will run from US$100,000 - $150,000. If Phil's team must charge for their services, the total cost of the litigation may range as high as US$300,000. The legal defense fund is already several thousand dollars in the red and the airline tickets to San Jose haven't even been purchased yet. In September, 1993 I wrote a letter urging us all to support Phil, shortly after the first subpoenas were issued by Customs. Today the need is greater than ever, and I'm repeating the call. Phil has assumed the burden and risk of being the first to develop truly effective tools with which we all might secure our communications against prying eyes, in a political environment increasingly hostile to such an idea -- an environment in which Clipper chips and digital telephony bills are our own government's answer to our concerns. Now is the time for us all to step forward and help shoulder that burden with him. It is time more than ever. I call on all of us, both here in the US and abroad, to help defend Phil and perhaps establish a groundbreaking legal precedent. PGP now has an installed base of hundreds of thousands of users. PGP works. It must -- no other "crypto" package, of the hundreds available on the Internet and BBS's worldwide, has ever been subjected to the governmental attention PGP has. How much is PGP worth to you? How much is the complete security of your thoughts, writings, ideas, communications, your life's work, worth to you? The price of a retail application package?i Send it. More? Send it. Whatever you can spare: send it. A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has been established with Phil Dubois in Boulder. Donations will be accepted in any reliable form, check, money order, or wire transfer, and in any currency, as well as by credit card. You may give anonymously or not, but PLEASE - give generously. If you admire PGP, what it was intended to do and the ideals which animated its creation, express your support with a contribution to this fund. * * * Here are the details: To send a check or money order by mail, make it payable, NOT to Phil Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the check or money order to the following address: Philip Dubois 2305 Broadway Boulder, CO USA 80304 (Phone #: 303-444-3885) To send a wire transfer, your bank will need the following information: Bank: VectraBank Routing #: 107004365 Account #: 0113830 Account Name: "Philip L. Dubois, Attorney Trust Account" Now here's the neat bit. You can make a donation to the PZDF by Internet mail on your VISA or MasterCard. Worried about snoopers intercepting your e-mail? Don't worry -- use PGP. Simply compose a message in plain ASCII text giving the following: the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank name of your VISA or MasterCard; the name which appears on it (yours, hopefully :-)); a telephone number at which you can be reached in case of problems; the card number; date of expiry; and, most important, the amount you wish to donate. (Make this last item as large as possible.) Then use PGP to encrypt and ASCII-armor the message using Phil Dubois's public key, enclosed below. (You can also sign the message if you like.)i E-mail the output file to Phil Dubois (dubois@csm.org). Please be sure to use a "Subject:" line reading something like "Phil Zimmermann Defense Fund" so he'll know to decrypt it right away. Here is Phil Dubois's public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8 5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw== =5uit - -----END PGP PUBLIC KEY BLOCK----- * * * This campaign letter will be posted in a number of Usenet groups. I will also be turning it into a FAQ-formatted document, which will be posted monthly in the relevant groups and which will be available by anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If you come upon, or up with, any other ways in which we can help raise funds for Phil, drop me a line at hmiller@luc.edu and let me know, so that I can put it in the FAQ. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLu6xOtEdYC5Hk8UpAQEhFwP+JrEyY1LvnPmcjp+oLGmIAUbZixJj3QfE T3KpjnNotoJ7/CtWF1EjhjHN8IXPgcQcyF3p38ekysARDv0MA4tzXhL1Egdq/7QV L8XW2z0PjWgu8X/Om0eXZkIOGeaoBvP/e/qDYEIcWXtxrwokYcEtoNCR/KQoZw+A 6NnK1nwxnLw= =Ez3J -----END PGP SIGNATURE----- -- Hugh Miller, Ph.D. Voice: 312-508-2727 Asst. Professor of Philosophy FAX: 312-508-2292 Loyola University Chicago Home: 312-338-2689 6525 N. Sheridan Rd. E-mail: hmiller@luc.edu Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21 ------------------------------ From: "Prof. L. P. Levine" Date: 14 Dec 1994 13:33:22 -0600 (CST) Subject: Re: Zimmermann Defense Fund Appeal Organization: University of Wisconsin-Milwaukee I sent email to Hugh Miller asking about his public key: I just received your posting to CPD. It is a signed pgp posting but I do not know how to verify your sig. Help? I would like to post it with the sig, how can I inform the readers how to verify the signature? His response follows: You need my public key, included below. Users can obtain my PGP public key in 3 ways: - Send mail to me at hmiller@luc.edu with the "Subject:" line reading "send pubkey" - Pick it up by ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm - Get it from an Internet PGP keyserver machine such as pgp-public-keys@pgp.ai.mit.edu. Just send a mail message to this address with the "Subject:" field "GET hmiller". Other keyserver machines on the Net which accept the same message format (and automatically synchronize keyrings with each other every 10 minutes or so) include: pgp-public-keys@pgp.mit.edu pgp-public-keys@demon.co.uk pgp-public-keys@pgp.ox.ac.uk pgp-public-keys@ext221.sra.co.jp pgp-public-keys@kub.nl pgp-public-keys@pgp.iastate.edu pgp-public-keys@dsi.unimi.it pgp-public-keys@pgp.dhp.com You can verify my public key by calling me at 312-338-2689 (home) or 312-508-2727 (office) and letting me read you my key fingerprint (see pgp -h for syntax). I include it also in my .sig, below, if that's good enough for you. Thank you for considering the article for submission! Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0 vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm 3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93 UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz 0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF 3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI= =hWCA -----END PGP PUBLIC KEY BLOCK----- -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: rem@world.std.com (Ross E Mitchell) Date: 12 Dec 1994 22:58:14 GMT Subject: Re: Dynamic Negotiation in the Privacy Wars Organization: The World Public Access UNIX, Brookline, MA Bernie Cosell wrote: But a call that is rejected because of its anonymity should entail no charge. This requires that the call be intercepted by the phone company's central office switchboard before it reaches the recipient's line. Doesn't one of the Baby Bells already offer an extra-cost service that allows one to automatically reject calls where the ID is blocked (i.e., "out of area" isn't blocked, but *67 calls would be rejected)? Bell Altantic, down where we are in SW Viginia, does that. It is called "Anonymous Call Rejection" and it "lets you reject calls from callers who have used Per Call Blocking". Another interesting aspect of the Caller ID mess down here is "NOTE: ... your number will be shown on their display ... even if your number is non-published or non-listed". We described Anonymous Call Rejection when we wrote our article, but it was cut for space. In fact, all of the elements of our suggestion exist in existing technology; it is the total solution and the generic concept of "dynamic negotiation" as a new public policy which we believe is new. The problem of not knowing whether one is blocking or unblocking release of the number with *67 is solved by having a different code for unblocking. Some areas now use *82 to always unblock (even if the number was already unblocked) and *67 to always block (even if the number was already blocked). This way a concerned caller knows that the desired action will be taken without needing to know the blocking status of the line. Also intrinsic to our approach is the notion that per-line blocking is the default; privacy is NOT relinquished except knowingly and voluntarily. -- Regards, Ross ------------------------------ From: eck@panix.com (Mark Eckenwiler) Date: 12 Dec 1994 21:37:06 -0500 Subject: Re: Question about Electronic Comm. Privacy Act Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law fwilson@acs.bu.edu sez: I am attempting to understand Title 18 U.S.C. as ammended by the Electronic Communications Privacy Act of 1986. Not having any legal training, I am rapidly getting out of my depth. I'm trying to figure out whether this Act would cover: (a) Interception of a student's email by a university sysadmin. (b) Interception of an employee's email by a corporate sysadmin. No and no. Sections 2701 et seq. cover public providers, not corporate or university systems. And besides, ECPA isn't about "interception"; for "interception", see Title III (secs. 2510 et seq.). Correct me if I'm wrong, but it seems that both cases WOULD be covered if the system involved is considered to "affect interstate or foreign commerce". You're wrong :) . See 18 USC 2702(a). The bar against mail disclosure applies only to public providers. ------------------------------ From: jwolf@sdnva1.attmail.com (jwolf) Date: 13 Dec 1994 12:38:20 -0500 Subject: Re: Question about Electronic Comm. Privacy Act fwilson@acs.bu.edu stated: I am attempting to understand Title 18 U.S.C. as ammended by the Electronic Communications Privacy Act of 1986. Not having any legal training, I am rapidly getting out of my depth. I'm trying to figure out whether this Act would cover: (a) Interception of a student's email by a university sysadmin. (b) Interception of an employee's email by a corporate sysadmin. Sadly, neither of these cases is a violation of The Electronic Communication Privacy Act. The Electronic Communication Privacy Act (ECPA) of 1986 restricts the interception of electronic communications by persons outside of the organization, but the ECPA does not cover the interception or monitoring of E-Mail by parties within the organization. A plain reading of ECPA may appear to contradict this, but many people have sued over this very issue, most, if not all, have been unsuccessful. Example A may be a Fourth Amendment issue, but the courts have consistently held that example B is perfectly legal. It is common practice in "Corporate America" to monitor employees E-Mail. If the example B employee worked for the federal government, there may be some Fourth Amendment questions, but your average corporate worker has almost no workplace privacy rights. Employers have the courts permission to intercept your electronic mail transmissions, monitor your phone calls, and to spy on you with cameras or one way mirrors throughout the workplace -- including locker rooms and rest rooms. (I know that this sounds unbelievable, but I can provide examples for each of these cases.) Illinois Senator Paul Simon has proposed legislation dealing with the issue of employee privacy. The bill, the Privacy for Consumers and Workers Act (PCWA), seeks to limit the ability of companies to monitor their employees and their communications, including E-Mail, telephone calls, and video surveillance. The bill has been introduced in every session of congress since 1989 -- to no avail. I have contacted both Senator Simons and Virginia Senator John Warners congressional offices regarding PCWA. Both offices say that there is little chance of the legislation, or something like it, passing any time soon. Senator Simon has recently announced his retirement, and with no heir apparent in the wings, the chances of congress stepping forward to provide legislative protection of workers seems very bleak. But, the news is not all bad! The Internet has become a hotbed of information and opinions regarding employee monitoring and other privacy rights issues. The Privacy Rights Clearinghouse and the Electronic Frontier Foundation are two groups that have specifically formed to fight for civil liberties in the electronic age. Other sources like Privacy Digest, Mother Jones, and Whole Earth also make similar information and commentary available on-line. Many student groups and other activist are starting newsletters and forums that alert others about threats to our privacy rights. Among these are Risk Digest (as you know), Computer Underground Digest, Information Law Alert, Computer Privacy Digest, and the Privacy Forum, just to name a few. Each of the previously mentioned groups has newsletters or fact sheets available on the Internet. Sorry I couldn't be more positive, I hope that this is helpful. -- James Wolf ------------------------------ From: KAY A SCHAFER Date: 14 Dec 94 9:27:19 EST Subject: Databanks and Privacy In a Newsweek issue labeled December 19, 1994, an article by Michael Klein states that he has read that Citicorp is building a database of 40 million families collected from 12,000 retail stores. An Ernst and Young Survey in a recent issue of Retail Information Technology reports that a major retail chain (whose name you would probably recognize) obtains phone numbers from customers as a means of identification and then builds a database storing more than 100 fields of information per household. This chain is only one example; the report indicates that 72% of retailers surveyed are capturing customer data and 17% plan to do so. New technology and the building of a national computer network brings with it many exciting, wonderful possibilities. As we enjoy these benefits, we need to plan to build into the system a few privacy protections. "To the extent that the ability to access, collect, store, analyze and disseminate data has never been greater, the threat to personal information privacy has never been greater either." This quote, used in another context, seems quite applicable here. It is from an Information Infrastructure Task Force Working Group on Privacy. (59 Federal Register 27206). Hopefully, the 1995 session of Congress will again look at possible amendments to the Fair Credit Reporting Act as they began to do in 1994. This would provide some assistance by regulating the practices of information sellers to assure that while there is appropriate access to information, some types of personal information are protected from disclosure. I will be teaching a class next year in which some of these types of topics will be covered. Any specific information which you have - either from the viewpoint of privacy protection or from the marketer's perspective - would be appreciated (for example, information on policies and practices, data statistics, proposed legislation, etc.) -- k.schafe@msuacad.morehead-st.edu ------------------------------ From: "Prof. L. P. Levine" Date: 15 Dec 1994 08:01:10 -0600 (CST) Subject: Conferences of Potential Interest Organization: University of Wisconsin-Milwaukee taken from a CPSR (Computer Professionals with Social Responsibility) posting: If you are planning to attend one of these conferences, or another that may be related to CPSR's work, please contact CPSR at cpsr@cpsr.org or (415) 322-3778 for easy ways for you to be a presence for CPSR. CONFERENCE /EVENT SCHEDULE 1995 Data Security Conference. Jan 9-11, 1995. Redwood City, CA. Sponsored by RSA Data Security. Contact: kurt@rsa.com Second International Conference on Information Warfare: "Chaos on the Electronic Superhighway," Montreal, CA, Jan. 18-19. . Contact: Mich Kabay, 75300.3232@compuserve.com Privacy, The Information Infrastructure and Healthcare Reform, Ohio State University, Columbus, OH, Jan. 27. Contact: vberdaye@magnus.acs.ohio-state.edu New Technologies and the Democratisation of Audiovisual Communication, New Delhi, INDIA, Feb. 9-12. Contact: 514 982-6660 (ph) 514 982-6122 (fax) videaz@web.apc.org Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19, 1995. Sponsored by Medical Records Institute. Contact: 617-964-3926 (fax). Access, Privacy, and Commercialism: When States Gather Personal Information, College of William and Mary, Williamsburg, VA, March 17. Contact: Trotter Hardy 804 221-3826 Computers, Freedom and Privacy CFP'95, Burlingame CA, Mar 28-31 Contact: ETHICOMP95: An international conference on the ethical issues of using Information Technology, DeMontfort University, Leicester, ENGLAND, March 28-30, 1995. Contact: Simon Rogerson srog@dmu.ac.uk 44 533 577475 (phone) 44 533 541891 (Fax). 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 8-10. Contact: sp95@itd.nrl.navy.mil --- CPSR ANNOUNCE LIST END --- ------------------------------ From: jdc@inca.cs.wayne.edu (Jon Cardwell) Date: 15 Dec 1994 15:23:31 GMT Subject: Company Snooping/Possible Email monitoring Organization: Wayne State University, Detroit, MI I work for a company which has recently installed some kind of local harddrive 'snooping'/scanning program on a netware server which scans the contents of our machines and builds a database entry of thing (?) that employees have on their machines. Now, I can understand the concerns that companies (like where I work) would have with people using pirated and/or non-licensed software packages, but I am concerned that there is a possibility of abuse on the part of the sys admin's who're doing the snooping. Also, some fellow corworkers (myself included) has expressed concerns that the company may also be monitoring and/or reading people's internal email, in addition to monitoring the internet connection usage (we have a T1 line). There is currently no official 'party line' statement from any company officials or officers on this subject. I am interested in acquiring any full-text version of the Electronic Communications Privacy Act of 1986, and/or any other related documentation on employee rights in such above hypothetical situtations. Any help would be greatly appreciated. -- Jon Cardwell Wayne State University. ------------------------------ From: "Prof. L. P. Levine" Date: 28 Nov 1994 08:46:14 -0600 (CST) Subject: Info on CPD, (unchanged since 11/28/94) Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest and is not redundant or insulting. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #073 ****************************** .