Date: Fri, 28 Apr 95 06:54:00 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#041 Computer Privacy Digest Fri, 28 Apr 95 Volume 6 : Issue: 041 Today's Topics: Moderator: Leonard P. Levine Discussion Program on Internet Security, Social, Legal Issues NYC Event: Consumer's Fear; Tuesday, May 2, 7 P.M. Re: Censorship and Freedom of Speech Re: Censorship and Freedom of Speech A Dumb Question Re: A Dumb Question Is PGP a Dangerous Idea? Clipper Paper Available for Anon FTP Privacy Rights Clearinghouse Second Annual Report Available CPSR / Seattle Opposes WA State Bill ESSB 5466 Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: dilute@panix.com (Ronald Abramson) Date: 26 Apr 1995 14:37:27 -0400 Subject: Discussion Program on Internet Security, Social, Legal Issues Organization: PANIX Public Access Internet and Unix, NYC THE ROBERT B. MC KAY COMMUNITY LAW OUTREACH PROGRAM OF THE ASSOCIATION OF THE BAR OF THE CITY OF NEW YORK PRESENTS DISCUSSION PROGRAM - S E C U R I T Y O N T H E I N T E R N E T - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A discussion program regarding security concerns on the Internet and the related civil liberties, privacy and legal issues. The panelists include Steve Cherry, a frequent speaker and authority on civil liberties and privacy issues in the on-line world, and Ron Abramson, an attorney who is actively involved with the legal issues in these fields. There will be an opportunity for members of the audience to address questions to the speakers. Time: Tuesday May 2, 1995 6:00 to 8:00 p.m. Place: LaGuardia Community College 31-10 Thompson Avenue, Long Island City (Queens), N.Y. Room E242 Directions: Take the No. 7 train; get off at 33rd Street in Queens. In Manhattan the 7 train can be transfered to at Times Square, Grand Central, and the 42nd St/6th Ave stations. Speakers: STEVEN CHERRY Executive Editor, Magazines Association for Computing Machinery Vice President, Society for Electronic Access Member, Advisory Board, Voter's Telecommunications Watch Co-Author, Citizen's Guide to the Net (http://www.panix.com:80/vtw/citiguide/citiguide.html) RONALD ABRAMSON Head of the Intellectual Property and Technology Law practice with the law firm of Hughes Hubbard & Reed, New York, NY Chair, Committee on Computer Law, The Association of the Bar of the City of New York All interested persons are invited to attend. No fees or reservations are required. Refreshments will be provided. ------------------------------ From: bshalit1@vaxa.hofstra.edu (THE FRIENDLY DOLPHIN) Date: 28 Apr 1995 00:25:37 -0400 (EDT) Subject: NYC Event: Consumer's Fear; Tuesday, May 2, 7 P.M. Organization: Hofstra University CONSUMER'S FEAR: Is Privacy Disappearing in the Electronic Marketplace? A panel discussion of important consumer privacy issues, including those arising form credit and telemarketing practices as well as the information superhighway. These issues will be examined from the perspectives of consumers and business, and state and federal government officials. Tuesday, May 2, 1995, 7:00 P.M. House of the Association Moderator: NORMAN I. SILBER Professor, Hofstra University School of Law Keynote Address: ALAN F. WESTIN Professor, Columbia University; Co-Founder, Privacy and American Business Panelists: HON. AUDREY PHEFFER Chair, Consumer Affairs Committee, New York State Assembly EVAN HENDRICKS Editor, Privacy Times DAVID MEDINE Associate Director for Credit Practices, Bureau of Consumer Protection, Federal Trade Commission RONALD PLESSER Piper & Marbury Co-Sponsored by: COMMITTEE ON CONSUMER AFFAIRS, Norman I. Silber, Chair; COMMITTEE ON COMMUNICATIONS AND MEDIA LAW, Floyd Abrams, Chair; COMMITTEE ON COMPUTER LAW, Ronald Abramson, Chair; COMMITTEE ON ENTERTAINMENT LAW, Alan H. Bomser, Chair; COMMITTEE ON RETAIL FINANCIAL SERVICES, Martin P. Unger, Chair; COMMITTEE ON TECHNOLOGY AND THE PRACTICE OF LAW, John Kennedy and Frederic Baum, Co-Chairs; COMMITTEE ON LECTURES AND CONTINUING EDUCATION, Norman L. Greenne, Chair Members of the Association, their guests and all other interested persons are invited to attend. No fees or reservations are required. -- THE ASSOCIATION OF THE BAR OF THE CITY OF NEW YORK 42 West 44th Street New York, N.Y. 10036-6690 Communications Office (212)382-6695 ------------------------------ From: kadokev@rci.ripco.com (Kevin Kadow) Date: 26 Apr 1995 21:49:31 -0500 (CDT) Subject: Re: Censorship and Freedom of Speech Leonard A DiMenna said: How do you decide which is censorship and which is freedom of speech? It is very reasonable that certain people shouldn't have access to areas that have adult matieral. Who descides what is moral and what isn't? There is no black and white only shades of gray. Simple- people that shouldn't have ccess to areas that contain adult material should not be given unsupervised access to the internet. It seems that many people are asking the question "HOW do we make the internet safe for children and easily offended adults" when we should really be asking ourselves "SHOULD we make the internet safe for children and easily offended adults?" -- kadokev@ripco.com Kevin Kadow FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983 Dialup:(312) 665-0065 | http://www.ripco.com/ | Telnet:foley.ripco.com ('info') ------------------------------ From: cburian@ux4.cso.uiuc.edu (Christopher J Burian) Date: 27 Apr 1995 07:08:06 GMT Subject: Re: Censorship and Freedom of Speech Organization: University of Illinois at Urbana Leonard A DiMenna writes: It is very reasonable that certain people shouldn't have access to areas that have adult matieral. I think "tolerable" is a better way of putting it, not "very reasonable." Who descides what is moral and what isn't? Whether something is "moral" or not is completely subjective and impossible to measure. If you mean "children" by "certain people," then it is their own parents' responsibility and decision to regulate the materials they see, and no one else's. -- Chris Burian ------------------------------ From: Matt Koehler Date: 27 Apr 1995 08:22:05 -0400 Subject: A Dumb Question I hate to ask a REALLY DUMB QUESTION, but... from the discussions that I've been reading on c.a.p. (of which Mr. Yeltsin's edict is just one example) it seems like governments are trying to enable themselves to maintain the right to have access to all encrypted data (on demand) or banish encryption altogether. With this in mind... Let me give you one example before I ask my stupid question. Using "des" I can encrypt a data file ("matt.phone.list.data") so it's unreadable. My boss/the government/the person in authority comes up to me and says: "This file is encrypted and I want to know what's in it," or "We noticed you sent a piece of e-mail and we couldn't read it. We think it was encrypted. Decypher it for us." 1. How do they KNOW it's encrypted? Just because it's unreadable data doesn't mean there's significant data in the file. 2. Isn't the burden of proof on THEM to PROVE that there's readable data in the file? 3. How do they handle (in your opinion)..."ummm...I *forgot* the key. Unnnnlucky. Sorry." -- Matthew C. Koehler koehlm@eq.gs.com ------------------------------ From: "Prof. L. P. Levine" Date: 27 Apr 1995 08:02:53 -0500 (CDT) Subject: Re: A Dumb Question Organization: University of Wisconsin-Milwaukee I hate to ask a REALLY DUMB QUESTION, but... from the discussions that I've been reading on c.a.p. (of which Mr. Yeltsin's edict is just one example) it seems like governments are trying to enable themselves to maintain the right to have access to all encrypted data (on demand) or banish encryption altogether. This is NOT a dumb question. The answer depends on a few factors. One for example is the status of the sender. If I (a university professor) encrypt mail and send it from a UWM account my mail is public business. My masters, that is supervisors, can ask to see what I am doing with public money and with public authority. When asked, there are things I can do, such as bring the case before faculty committees etc. but bye and large I work for UWM and UWM has a right to see what I am saying in their name. If I open a private paid-for account, for example my account on omnifest.uwm.edu, they have no such rights. If a student here sends the very same message, we have much less right to examine his work. He pays tuition, and in return gets access to services. We have to go through the same mess as we have to go through to open his locker/room, court orders etc. I suspect that others might have some ideas about this. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 PGP Public Key: finger llevine@blatz.cs.uwm.edu ------------------------------ From: WELKER@a1.vsdec.nl.nuwc.navy.mil Date: 27 Apr 1995 13:24:14 -0400 (EDT) Subject: Is PGP a Dangerous Idea? Any number of citizens armed with PGP and such of its relations as digital cash and anonymous Net remailers can simply vanish from the governmental radar. If this were true, we wouldn't need this forum. If you don't think NSA performs traffic analysis on (for example) mail sent through anon.petit.fi, you're kidding yourself. It probably doesn't matter if you used PGP if they know who sent what to whom and can also analyze their bank records. They are at greater liberty than ever before to conduct any endeavor, including something that, as Phil frankly puts it at the beginning of this book, "shouldn't be illegal, but is." They can exempt themselves from taxes and yet maintain precise accounting records. In many ways, they can effectively resign from the community of the governed and enter a condition in which their actions ordered by conscience and culture alone. I think not (see above). One cannot "exempt oneself from taxes" and still participate in any national or global economy. Such a subculture would have to be inherently self-sufficient. Even the Branch Davidians weren't, or their stockpile of weapons would never have been detected. If you keep financial records in a condition where you can read them, the goverment has the option of auditing you. If you fail to provide a decryption key, you will most likely be jailed for contempt of (tax) court until you do -- and relying on a self- destructing key system is a rather high risk option. You can do this for a while, maybe long enough to detonate one bomb, but you and your organization would be summarily and permanently compromised. If you're willing to do that, then no amount of governmental intrusion or surveillance can stop you anyway. [The above are, of course, my personal opinions and not those of my agency.] ------------------------------ From: Michael Froomkin Date: 27 Apr 1995 15:24:59 -0400 (EDT) Subject: Clipper Paper Available for Anon FTP My paper, "The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution" is now available for anonymous FTP. It is about 180pp. long, and contains more than 800 references. I would welcome your feedback on this paper -- even (especially?) contributions to the inevitable errata sheet. (Please note this docment resides at what is officially a "temporary" site, so that if you create a web link to it, please let me know so that I can notify you when it moves). Contents of FTP://acr.law.miami.edu/pub/.. File Type --------------- ---------- clipper.asc ASCII clipper.wp WP 5.1/Dos clipperwp.zip Pkzipped version of clipper.wp clipper.ps My best effort at Postscript. YMMV. (approx. 7Mb.) clipperps.zip Pkzipped version of clipper.ps clipper.ps.gz Gzipped version of clipper.ps Ports provided by nice people (please note I have not checked these) ------------------------------------------------------------------------ clipper.ps.Z Unix compressed version of clipper.ps with carriage returns removed -- courtesy of Whit Diffie clipperMSW.sea.hqx Binhexed self-extracting Microsoft Word 5.1 for Macintosh version of clipper.wp -- courtesy of Ted Byfield None of these files contains correct and final page numbers, and there are generally trivial typos that were corrected in the printed version. The printed version appears at 143 U.Penn.L.Rev. 709 (1995). I intend to put up a web version presently. The .index file in the above directory will have details when a clean copy is ready for prime time. A link to an experimental and highly buggy HTMLized version may appear at erratic intervals at http://acr.law.miami.edu at the very bottom of the homepage. A.Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U.Miami Law School | MFROOMKI@UMIAMI.IR.MIAMI.EDU PO Box 248087 | Coral Gables, FL 33146 USA | It's warm here. ------------------------------ From: Privacy Rights Clearinghouse Date: 27 Apr 1995 13:40:45 -0700 (PDT) Subject: Privacy Rights Clearinghouse Second Annual Report Available April 24, 1995 The Second Annual Report of the Privacy Rights Clearinghouse is now available. The 68-page report covers the time frame from October 1993 through September 1994, our second full year of hotline operation. We discuss project usage statistics and accomplishments as well as what we consider to be the most significant privacy issues affecting California consumers. This year we have reported privacy issues a little differently, selecting some of the more troubling privacy abuses from hotline calls and discussing them in a separate section of the report. The Second Annual Report highlights nearly 50 such case studies. We have made particular note of what we call invisible information gathering; we also focus on the growing crime of identity theft. In addition, we revisit some of the topics discussed last year, such as "junk" mail, unwanted telemarketing sales calls, medical records privacy and workplace monitoring. A 15-page Executive Summary of the Annual Report can be found on the PRC's gopher site. The Executive Summary includes all of the case studies featured in the full report. Gopher to gopher.acusd.edu. Go into the menu item "USD Campuswide Information Services" to find the PRC's materials. For a complete paper copy of the 68-page report, call the PRC at 800-773-7748 (Calif. only) or 619-298-3396. The PRC is a nonprofit consumer education program administered by the University of San Diego Center for Public Interest Law. It is funded in part by the Telecommunications Education Trust, a program of the California Public Utilities Commission. ==================================================================== Barry D. Fraser fraser@acusd.edu Online Legal Research Associate Privacy Rights Clearinghouse prc@acusd.edu Center for Public Interest Law Gopher gopher.acusd.edu University of San Diego Select "USD Campus-Wide Info" Privacy Hotline: 619-298-3396 BBS: 619-260-4789 In California: 800-773-7748 host: teetot login: privacy ==================================================================== ------------------------------ From: Susan Evoy Date: 27 Apr 1995 02:11:13 -0700 Subject: CPSR / Seattle Opposes WA State Bill ESSB 5466 Computer Professionals for Social Responsibility / Seattle P.O. Box 75481 Seattle, WA 98145 206-783-4821 CPSR / Seattle Opposes WA State Bill ESSB 5466 For Immediate Release Wednesday, April 26, 1995 Contact: Eric Rehm 783-4821 (eves.) 865-8904 (days) Seattle -- Computer Professionals for Social Responsibility / Seattle is calling upon Washington State Governor Lowry to veto Senate Bill 5466. "ESSB 5466 is the wrong medicine at the wrong time!", says Eric Rehm, parent and President of the Seattle chapter of CPSR. "This bill purports to be an 'act relating to the well-being of children'. In fact, it takes away control from parents, unfairly burdens on-line providers to verify the age of it's clients and the nature of their postings. In doing so, it assaults freedom and privacy on the information highway." National CPSR Chair Doug Schuler, also a Seattle parent, is concerned that the Internet and other computer networks are being unfairly assessed for the ease at which information can be transmitted. "CPSR views the information highway as a new medium in which First Amendment rights must first be secured, not limited. Further, on-line services are more akin to a bookstore than a television or radio broadcast studio. On-line users can make choices about what to view and read, just as in a bookstore or library. CPSR NW Regional Director Aki Namioka is concerned about the educational impact of complying with a law like ESSB 5466. "On-line service system operators (sysops) in Washington will have to police all postings, and will effectively become available only to those 18 and older. This will deprive Washington K-12 schools of access to the Internet or other on-line services." Background: On April 14 the Washington State Legislature passed Senate Bill 5466 "An act relating to the well-being of children." This bill is similar to the Exon legislation (Federal bill S. 314, co-sponsored by WA Sen. Slade Gorton) that would restrict minors' access to pornography. On-line services were exempted from the bill in a Senate passed amendment on March 11. However, when the House passed the bill on the 14th, it removed the exemption for on-line services. The bill will go into effect immediately upon the signature of the governor. The result will be that every delivery or display of a picture or text viewed as obscene by community standards will subject the sysop to a $5000 fine or year in jail. Furthermore every day that the offending material is available on a BBS or Internet-connected-system counts as a separate offense! Since the sysop is liable for the infraction and not the person doing the uploading of material, all that is necessary for someone who doesn't like a service to put that service out of business is to upload an offending file, wait a couple of weeks, have an accomplice "find" the file, and turn it, and the hapless sysop, into the authorities. Alternatives: There are other ways to address the legitimate concerns that some Net users and parents have about material on the network without violating the First Amendment's guarantee of free expression. The Center for Democracy and Technology (CDT), a nonprofit public interest organization, suggests an alternative: giving parents and guardians the ability to screen what kids can access. A system akin to telephone restrictions on access to 900-numbers could be created to limit what content could come into one's home. This would not necessarily be foolproof or easy to create, but it is much better than attempting to police the information highway. CPSR History: Founded in 1981 by a group of computer scientists concerned about the use of computers in nuclear weapons systems, CPSR has grown into a national public-interest alliance of information technology professionals and other people. Currently, CPSR has 22 chapters in the U.S. and contacts with similar groups worldwide. CPSR/Seattle has over 200 members, and has been active on the state, county, and local level on computer-related issues confronting Washington's communities. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #041 ****************************** .