Date: Mon, 26 Jun 95 13:15:33 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#058 Computer Privacy Digest Mon, 26 Jun 95 Volume 6 : Issue: 058 Today's Topics: Moderator: Leonard P. Levine Re: Where in the world is PGP? IITF Privacy Principles Final Version International Nautilus Re: ID Cards in the UK IRS Cracks Wrong Dentist's Computer to get Patient List China, U.S., and the Net USPS Question and FBI Question for the List Conferences/Events of Interest to CPSR Cincin OH Cops Illegally Raid BBSs Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: Bob Date: 23 Jun 95 17:39:57 EST Subject: Re: Where in the world is PGP? Organization: Jax Gateway to the World bongo@teleport.com says... I can't seem to find any info on the mit.edu site, or any pgp newsgroups. Can someone steer me right? Thanks, try http://bs.mit.edu:8001/pgp-form.html ------------------------------ From: CFRANZ@ntia.doc.gov Date: 23 Jun 1995 19:12:35 -0400 Subject: IITF Privacy Principles Final Version The Information Infrastructure Task Force's Information Policy Committee Privacy Working Group has recently issued the final version of its Principles for Providing and Using Personal Information. Comments and questions should be referred to Jerry Gates, Chair of the Working Group at ggates@info.census.gov. The file (ascii and html) is located at iitf.doc.gov You can ftp, telnet (login = gopher), gopher or www there. Look in New Items or speeches, papers/papers and documents, or iitf committees/information policy committee Comments on the principles should be addressed to the email address above. Report any problems accessing the document to me at nii@ntia.doc.gov Regards -- Charles W. Franz cfranz@ntia.doc.gov Telecom Policy Analyst webmaster@ntia.doc.gov National Telecommunications and Information Administration 4892 HCHB http://www.ntia.doc.gov Washington, D.C. 20230 202-482-1835 FAX: 482-0979 ------------------------------ From: david creffield Date: 24 Jun 95 10:27:48 GMT Subject: International Nautilus Organization: Myorganisation anyone know of an ftp site in europe when i can obtain nautilus, the voice encryption prog? ------------------------------ From: dave.moore@tcbbs.cais.com (DAVE MOORE) Date: 24 Jun 95 19:07:00 -0400 Subject: Re: ID Cards in the UK Organization: The Tech Connect BBS / Tech Connect Computers / 703-590-5198 Recently the UK Government has published a Green Paper on the introduction of ID cards. These cards are likely to be compulsory and intelligent in that they will hold computer readable information and may even be capable of being updated if SMART Card technology is used. There are a many societal and ethical issues associated with the use of ID cards particularly if they are sophisticated and computerised. I am seeking help to: 1. Compile a comprehensive list of issues 2. Produce a directory of ID cards used around the world 3. Collect information about problems and advantages from other countries that have national ID cards One problem with any kind of mandatory high tech anything is that they tend to have a very high failure rate amongst those who don't like them. I've found that my driver license mag strip fails after *accidental* exposure to magnetic fields and high temperatures. Beepers, pagers, smart cards etc must be protected from high voltages commonly occurring around Van de Graf generators and Tesla coils. I can't see a law making it illegal for you bits to fail. Stuff Happens. ------------------------------ From: wrf@speed.ecse.rpi.edu (Wm Randolph Franklin) Date: 26 Jun 1995 03:46:30 GMT Subject: IRS Cracks Wrong Dentist's Computer to get Patient List Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA (Paraphrased from the Albany NY Times Union, Sat 24 June 95, page B-1) Facts: The IRS accessed the computer of local dentist Alan Goldman to get his list of patients, to send them letters telling the patients to pay the IRS any money they owed to Goldman. However, Goldman is square with the IRS. Goldman rented office space to another dentist, Michael Kole, who is running a separate business. Kole does owe the IRS $132K. However, the IRS didn't send Kole's patients this notice. The IRS says that it got the list from Kole, but Kole denies this. Also, Kole has no access to Goldman's computer, according to Goldman. Goldman is worried that these letters to his patients will cost him business. The IRS denies that it broke into Goldman's computer, saying that it would have obtained a court order if necessary. However, the IRS does like to stage surprise attacks to get assets and info, since it's afraid that they will disappear if the taxpayer is warned. The IRS sent out a "Release of Levy", but the patients will have to file with the IRS to get refunded. Meanwhile Goldman doesn't get the money. Opinions, and why I crossposted to several groups: - (c.security.misc) You need more security than you might think, including against insiders. - I call this a cracking since the IRS secretly obtained info from a computer w/o the owner's knowledge. - (c.s.privacy) Here's another data point for those who think that if you haven't done anything wrong, then you have nothing to hide. Goldman did nothing wrong, but should have hidden his medical records better. - (sci.med) To patients: Even if your doctor won't abuse your records, what about other people who might have access in the doctor's office? - (misc.taxes) When the IRS is angry, they pull out all the stops. -- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA More info: (1) finger -l wrf@ecse.rpi.edu (2) http://www.ecse.rpi.edu/homepages/wrf/ ------------------------------ From: "BRENDZA, TOM" Date: 26 Jun 95 10:41:45 EDT Subject: China, U.S., and the Net The following is an excerpt from Edupage 6/25/95. I find little comfort in the knowledge that both The United States and Communist China are approaching the Internet in the same onerous fashion. Make no mistake--it is for the same reasons. Best, Tom Brendza ----------- BEIJING PLANS TO "MANAGE" INTERNET China's Minister of Posts and Telecommunications says the country will attempt to "manage" access to information available over international computer networks. "China, as a sovereign state, will also increase its control over information." He acknowledged that monitoring content on the Internet might prove to be difficult. China has begun to expand commercial access to the Internet in recent months, hoping to catch up technologically with other countries. (Wall Street Journal 6/23/95 B7B) To subscribe to Edupage: send a message to: listproc@educom.edu and in the body of the message type: subscribe edupage Sergei Prokofiev (assuming that your name is Sergei Prokofiev; if it isn't, substitute your own name). ... To cancel, send a message to: listproc@educom.edu and in the body of the message type: unsubscribe edupage. ------------------------------ From: "Prof. L. P. Levine" Date: 26 Jun 1995 08:32:45 -0500 (CDT) Subject: USPS Question and FBI Question for the List Organization: University of Wisconsin-Milwaukee from Society for Professional Journalism: About 15 months ago my students discovered that the U.S. Postal Service had changed its rules for providing forwarding addresses to third parties. Perviously, postal clerks would provide the forwarding address upon payment of a small fee, $2 I think, and the submission of a small written card containing the request. This was construed to be an FOIA request. Then about 15 months ago the higherups in D.C. decided that such requests for information on forwarding addresses would not be answered. They cited privacy, stalkers and all the usual stuff. My students at that time did a comprehensive piece for Quill on the topic. My question: has there been any developments on this point that anyone is aware of? Also, how can postal service bureaucrats amend the FOI Act unilatterally? Second question: when my students recently filed FOIA requests on themselves as part of a class learning exercise, the FBI told them that they had to submit almong other things, a full set of fingerprints? Has anyone else heard this? I thought there had been a D.C. court case that loosened the FBI restrictions not tightened them. Regards from Denver. Jay Brodell brodellj@mscd.edu ------------------------------ From: Susan Evoy Date: 20 Jun 1995 11:58:34 -0700 Subject: Conferences/Events of Interest to CPSR CPSR Members and Friends, If you are planning to attend one of these conferences, or another that may be related to CPSR's work, please contact CPSR at cpsr@cpsr.org or (415) 322-3778 for easy ways for you to be a presence for CPSR. CONFERENCE /EVENT SCHEDULE [an excerpt of the list, moderator of CPD] Health Care, Privacy & Cyberspace, Albany, New York, June 21-22. Contact: ds3789@albany.edu 17th International Conference of Data Protection and Privacy Commissioners, Copenhagen, DENMARK, Sept. 6-8. Contact: 45 33 14 38 44 45 33 13 38 43 (fax) Computer: Politisches Medium? Medium der Politik?, Bremen, GERMANY, September 15-16. Contact: res@informatik.uni-bremen.de49 421 218 3308 (fax) International Cryptography Institute 1995: Global Challenges, Washington, DC Sep. 21-22. Contact: denning@cs.georgetown.edu 800 301 MIND (US only) 202 962-9494 202 962-9495 (fax) Managing the Privacy Revolution, Washington, DC, Oct. 31-Nov. 1 Contact: 201 996-1154 Technological Assaults on Privacy, Rochester, NY, April 18-20, 1996. Paper drafts by Feb. 1, 1996. Contact: privacy@rit.edu 716 475-6643 716 475-7120 (fax) ------------------------------ From: rickclapp@aol.com (Rick Clapp) Date: 25 Jun 1995 23:30:07 -0400 Subject: Cincin OH Cops Illegally Raid BBSs Organization: America Online, Inc. (1-800-827-6364) Article from : The Marysville Tribune, Marysville Ohio Source: Cincinnati Ohio, AP feed. *************Article TEXT: ************************ Cincinnati (AP) - Computer users questioned whether Hamilton County Sheriff Simon Leis Jr. Had authority to join police in cofiscating computers in a pornography INVESTIGATION. More than 100 people who participated in regional and national "bulletin boards" to communicate by computer met thursday. They protested and discussed the two state, three county raid last Friday by the county's regional Electronics Computer Intelligence Unit. The task force served search warrants at three locations in Hamilton County, one location in neighboring Clermont County (** emailer's note: that is the South side of Dayton**) and one in Kenton County, KY. The task force, an alliance of police in the participating counties seized various items of computer hardware and software. No charges have been filed. "We're still in the process of going through it," Col. Dan Wolfangel, a spokesman for Leis, said Friday. Sheriff's officers said they are investigating complaints that computer users were using electronic networks to relay pornographic images, including some involving children. But several computer users said they think leis and other police agencies overstepped their authority an dviolated the user's rights by investigating messages that should be private and were sent into people's homes. One computer user, Steve Guest, said the group should try and educate Leis and other police officials to the privacy issues involved. "I don't know if education is the key," Guest said. "I don't know if education is possible. But somehow we have to set a precedent that our personal files are sacred." Leis declined an invitation to attend the meeting. He has no comment about the case, Wolfangel said. Computer users said they will contact state lawmakers about the issue. Bob Emerson, operator of Cincinnati Computer Connections, a Bulletin-Board exchange that briefly chut down by last week;'s raid. has hired lawyer Louis Sirkin. When The task force seized Emerson's 70,000 file system, it interupted the networking of at least 5,000 users. Like the other four computer operators, Emerson, a Clermont County resident was not arrested or charged with any crime. **************End of article****************** COMMENTARY & NOTES >From a letter sent to me on this issue: >>>Just want to let you know, that as a native of Ohio, Ohio law enforcement officials have been 'raiding' people's homes and taking computers for over a decade now, expecially in the Cincinnati 'no-smut' zone. The Cincinnati area (where I lived for 5 long years) has several ordenances which no sooner are they declaired unconstitutional, they are reinstated with slightly different words. (once, the new laws were passed within 10 MINUTES of the old ones being declaired unconstitutional.) The Religious Right has a firm grip on the area, so much that it is usually illegal to sell ANYTHING adult-rated. There are no adult movie theathers in that area, as well as no adult book stores, at least none that stay open for more than a few weeks before the authorities shut it down under one of the unconstitutional laws. BTW, as a lawyer, you would probably understand when I say that it takes an average of 6 months to get a law declaired unconstitutional in Ohio, and during that time the law can be in effect (there are no restraining orders). As for fighting fire with fire, since the law is the law, and it is so until declaired unconstitutional, and not a moment sooner, the law enforcement officers are within their 'rights' to take whaever they want, whenever they want. That's how those laws are written in Cincinnati (I know, 3 of them were declaired unconstitutional for that reason alone while I lived there). Of course, they haven't run into anyone who is willing to fight fire with fire yet, because the majority of the folks in Cincinnti are members of the Religious Right and believe that enforcing their religious beliefs on others via the law of the land is a good thing to do. Personlly, I think THAT sort of attitude is unconstitutional.<<< ALSO::: I'm taking the following from the book SysLaw by Lance Rose & Joohnthan Wallace. The Electronic Communications Privacy Act (ECPA) prohibits not just unauthorized interception of messages in transmission, but also unathorized access to messages in storage on a computer system. A government agent must get a warrant to obtain any message less than 180 days old. For older messages, the agent may obtain a court order authorizing the seizure upon proving that the private messages sought are necessary for an investigation... ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #058 ****************************** .