Date: Sun, 02 Jul 95 12:57:08 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#001 Computer Privacy Digest Sun, 02 Jul 95 Volume 7 : Issue: 001 Today's Topics: Moderator: Leonard P. Levine Re: USPS Question and FBI Question for the List Re: USPS Question and FBI Question for the List Re: Credit-Privacy Resources Encryption Laws Zimmerman Interview Internet = Sexuality: A Questionaire Bitten & Branded Sixth Conference on Computers, Freedom, and Privacy [long] Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: glr@ripco.com (Glen Roberts) Date: 27 Jun 1995 15:11:24 GMT Subject: Re: USPS Question and FBI Question for the List Organization: Ripco Internet BBS, Chicago Prof. L. P. Levine (levine@blatz.cs.uwm.edu) wrote: from Society for Professional Journalism: About 15 months ago my students discovered that the U.S. Postal Service had changed its rules for providing forwarding addresses to third parties. Perviously, postal clerks would provide the forwarding address upon payment of a small fee, $2 I think, and the submission of a small written card containing the request. This was construed to be an FOIA request. You can still get them for free or $.50. I jsut got one in the mail today. Mark on a First Class mail letter directed to the old address: "ADDRESS CORRECTION REQUESTED -- DO NOT FORWARD." The piece should be return to you with a yellow sticker showing the new address. Read the mail forwarding card, it has a privacy act statement that says the information will be given out to anyone who asks (or something to that effect). Then about 15 months ago the higherups in D.C. decided that such requests for information on forwarding addresses would not be answered. They cited privacy, stalkers and all the usual stuff. My students at that time did a comprehensive piece for Quill on the topic. My question: has there been any developments on this point that anyone is aware of? Also, how can postal service bureaucrats amend the FOI Act unilatterally? Try making an explicite FOIA request (but my technique above would be faster). I think the real change may have been more related to selling the new addresses in mass on mag tape to direct marketers. Second question: when my students recently filed FOIA requests on themselves as part of a class learning exercise, the FBI told them that they had to submit almong other things, a full set of fingerprints? Has anyone else heard this? I thought there had been a D.C. court case that loosened the FBI restrictions not tightened them. Tell the FBI to get f**ked. At most, they may ask for a notarized statement of identity. They are not doing an FOIA/ Privacy Act search, but rather an arrest record search when they ask for the prints. Better yet, file suit in federal court with all classmembers as plaintiffs... -- Glen L. Roberts, Editor, Full Disclosure Host Full Disclosure Live (WWCR 5065 khz - Sundays 8pm eastern) (WOYL AM-1340, Oil City, PA) http://pages.ripco.com:8080/~glr/glr.html Who's On The Line? Cellular Phone Interception at its Best! $2.00ppd from Superior Broadcasting Co, Box 1533-N, Oil City, PA 16301 ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 28 Jun 1995 03:41:06 -0400 Subject: Re: USPS Question and FBI Question for the List Organization: The World Public Access UNIX, Brookline, MA Also, how can postal service bureaucrats amend the FOI Act unilatterally? Since FOIA is a federal statute, it can obviously only be changed by Congress. However, every agency has its own operating regulations which often include their interpretation of FOIA for their own internal purpose of compliance. These regs can be formal or informal, and they can be changed at the whim of the director or commissioner in many cases. The regulations of the postal service are in Title 39 of the Code of Federal Regulations. And as you pointed out, courts can often change the meaning of a statute by their interpretation of it in a particular case. -- BCNelson ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 28 Jun 1995 05:38:36 GMT Subject: Re: Credit-Privacy Resources Organization: The National Capital FreeNet, Ottawa, Ontario, Canada DanTurk007 (danturk007@aol.com) writes: What would you like to know. We operate one of those evil little companies that seek out information on people. Nothing is private. We have access to over 1400 commercial & private data bases and can tell you just about anything about just about anybody. We access several hundred credit reports each month attempting to locate people (for a variety of reasons). Hmmm. I suppose that if I were following the script I should fly off the handle and waste bandwidth with epithets and profanity telling you what a [really bad person] you are. On the other hand I've seen a few of these before that turned out to be deliberately provocative attempts to make US residents aware of what little protection they have. At the national level the US is really a privacy backwater. Most of the other major industrial countries have national privacy laws and privacy commissions and commissioners to see that they are enforced. The lack of this kind of legally enforceable privacy right(civil remedy and criminal penal sanctions) is becoming a international issue, since Council of Europe members, for example, are required as signatories of human rights treaties to prohibit businesses from transferring personal information to jurisdictions that don't have similar levels of protection against data trespass. I saw a few reports that US multinationals had tried to get the US government to lobby the EEC to water down this, or to make an exception for the US, but I didn't hear of them being successful. Don't some states, such as California, have explicit privacy rights that provide protection not provided by the so called federal "Privacy Act", that even extend to the private sector. Where I live I'd be able to collect a minimum of $100 from both the source of personal information about me and from the person or company it was passed to. This particular law has been on the books for over 20 years, so it is nothing new. I find it doesn't usually take long to find out where people got my address on the few occasions I get personalized advertising. If they get obstinate I file a small claims action under the Credit Reporting act and file for judge's orders for a ban on publication of my name or address and to produce documents about where my data was obtained. The last clown to send me advertising had a number of very creative stories that he told me and the privacy commissioners office until he stood in front of a judge. Once I found out his real source it didn't take much to get it shut off as a bulk source of name and address data. Initially the source didn't seem to take this too seriously, but after being brought up to speed by the privacy commission things turned around quickly. The lack of a federal privacy commission in the US is really surprising, since there is no lack of horror stories to show that there is a need for one, and for privacy law covering both the privacy and public sectors. So how successful have you been at getting personal information about Quebec residents in the past year or so? Do you really operate world wide or were you only making a statement about the USA? Do you ever use bribery to obtain information from utility company staff contrary to regulatory policy or utility company policy? ------------------------------ From: david creffield Date: 30 Jun 95 13:22:51 GMT Subject: Encryption Laws Organization: Myorganisation Is there anyone who knows about encryption laws in Britain, and about official anxieties here regarding encryption. Is there any ban, or move to ban, systems such as PGP? What's the current state of play in the US and elsewhere on these issues? I've never thought of using such systems myself and can only guess why people might want to use them. Should they have a right to use them? If Di and her friend had scrambled their phone calls, they might have saved themselves a lot of aggro, nesspar? ------------------------------ From: "Prof. L. P. Levine" Date: 02 Jul 1995 12:21:32 -0500 (CDT) Subject: Zimmerman Interview Organization: University of Wisconsin-Milwaukee The August 1995 issue of Internet World has an excellent interview with Phil Zimmermann, primary author of Pretty Good Privacy (PGP). In that interview they mention his continuing legal fees for defending against the lawsuit alleging his violation of the US Export law (his attorney, Phil DuBois is at ). They give an excellent quote from Zimmerman, "I should be able to whisper something in your ear, even if your ear is 1,000 miles away." They give the distribution address for FTP at in the /pub/pgp space and they mention newsgroups such as , and . The give two home pages, and that deal heavily with the topic. Finally they have a three page interview with Zimmermann that has some very interesting privacy quotes. First they ask him about good uses of encryption. His response quotes email he has received. He states that authors presently use PGP for submitting manuscripts and for exchanging samples of computer viruses, travelers for communicating with their spouses via email, venture capitalists for discussing buyouts, attorneys for communications with their clients and the like. He also points out that government opposition groups in Burma, where the government is well knows to arrest and kill families of those named in captured documents, are being trained to use PGP to maintain secrecy. Human rights workers in AAAS, who document atrocities use PGP to handle witness lists. If these lists were to be captured by the government the witnesses be killed. He points out that PGP changes the power relationship between governments and their people, and indicates that this might be for better or for worse. He agrees that encryption makes it harder for law enforcement to do its job but believes that there are more cases where it pro- tects the disempowered from the powerful than where it prevents proper law enforcement. He stated that the government is asserting that putting PGP on the net is tantamount to a violation of the Arms Export Control Act. If this is so, then he believes that export control is equivalent to denial of the First Amendment right to speak. He considers encryption to be the equivalent to speaking in Navaho. He would be alarmed if he was forced to speak only in English in a conversation under some government or private edict. Internet World's interviewer Jeff Ubois then asked if the Nation- al Security Agency could crack PGP. Zimmermann's answer was to the point. He stated that every software engineer who writes his own crypto program believes it is unbreakable. [levine: after all, if he knew it was breakable, he would fix it.] He then goes on to give examples show just how wrong several of them were. Zimmermann points out that we are currently building an infrastructure that will allow future governments to monitor every move and every communication by their political opposition. He does not believe that our government abuses this power but states that if our government changes, then this structure would bring about a very bad change for democracy. He asserts that abuses in cryptography are the equivalent of abuses with cars. He points out that cars pollute the air, cause traffic accidents, consume resources, clog our cities, affect family and housing distribution and even help criminals escape from the scene of crimes. Yet most people would agree that blanket banning of cars would be a bad thing. Other points in the article deal with anonymity, key escrow, and PDPfone, a new idea that will use SoundBlaster and high speed modem technology to allow voice encryption [levine: much like the already existing nautilus system does]. He intends to release this product in August. [levine: This is a much shortened review of the Copyrighted Internet World article. Any errors are mine alone. Any comments out there?] -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 PGP Public Key: finger llevine@blatz.cs.uwm.edu ------------------------------ From: Marc Mazzariol >>>> S E X U A L I T Y ------------------------------------------------------------------- Having noticed that a large quantity of internet traffic was dedicated to sex- based data, we have decided to further investigate our observations by conducting a survey. The results of this survey will be anonymously used in our university research project named : "AUTOROUTES DE L'INFORMATION contre AUTOROUTES DU PLAISIR" We are two students at the Swiss Federal Institute of Technology, Lausanne (EPFL). We are conducting a survey, under the direction of Professor Blaise Galland, as a research subject for our STS course (Science, Technology and Society). We are sure that you have a few spare minutes to help us with such a HOT subject. Your answers will be very useful. You can request forms and resubmit them send them via e-mail to the following address: - Marc.Mazzariol@studi.epfl.ch. If you can access the World Wide Web, you will find a more user-friendly questionnaire at the URL: - http://diwww.epfl.ch/~ybologni/english.html ------------------------------ From: "Prof. L. P. Levine" Date: 30 Jun 1995 05:47:19 -0700 Subject: Bitten & Branded Taken from the CPSR-GLOBAL Digest 187 Date: 30 Jun 1995 07:38:08 -0600 From: marsha-w@uiuc.edu (Marsha Woodbury) To: cpsr-global@cpsr.org Subject: Bitten & Branded (@) From: janhuss@netpoint.net (richard w spisak jr) Note: AOL stands for America On-Line, a private net provider--Marsha Falling Rocks on the Information Highway by rwspisak A computer savvy businessman, conducting research and communicating via the WWW on a standard commercial carrier. The AOL network. Suddenly while online, in a chat room, his screen gets dark a message and a slot appear on his monitor. An imperative message reported: THE SYSTEM HAS LOST YOUR PASSWORD TYPE IN YOUR PASSWORD NOW TO CONTINUE Very formal, and being the trusting american modern that he is, he typed in his password. Went back to his chat group and he continued as before. Minutes pass. The forbidding screen reappears. THE SYSTEM HAS LOST YOUR PASSWORD TYPE IN YOUR PASSWORD NOW TO CONTINUE This time before complying he tried the escape key, he tried alt q, he types his password and then logs out. He has conductsed both national and international business online for years. When he returns online the following day to collect his email account, his account has been terminated. He called to learn why his account has been terminated. He was informed that his account was been terminated for breach of service. He was accused of vulgarity, and he was also charged with harassing people by requesting passwords. Exactly what had happened to him. He was now charged with committing the crime, of which he, was a victim . His account has been used my someone so sophisicated that they have crawled through the internet to strike at the intergrity of his online transaction. What account information has been made accessible to this thief by this action? The thief stole not just his password, but victimized him by damaging his online reputation. He has been accused, tried, and found guilty by the guardians of AOL He calls and calls. His faxes have asked for a response, how can he clear his name? What course does he have? What appeal does he make to the Cyber Fuzz on AOL? What is the procedure ? Business associates called complaining of crude & vulgar email...What's gotten into you on the WEB, BOY? Eventually the only response he got from AOL in weeks of calls was from the technical support person. More in Part II. He was not AWARE of the "SATAN-Unix-Hack" that provides a backdoor to any network communications. Where is the warning label ? What files could have been read? Are all of his, yours, my, email messages checked, logged, and recorded? If so how long? Who is the censor? What $5.50 an hour wage-slave, monitors your every keystroke, your business messages, tracking all your online transactions? Stay tuned for Part II Sticking to the Web.......or not just a little fly on the line! (WARNING ANY COMMUNICATION unencrypted on the WEB. SHOULD BE ASSUMED TO BE UNSECURE - the author.) by rw spisak * * * Rick Spisak * * * Online Nom de Plume - jan huss Existence is Pure Joy Sorrows are shadows they pass & are done there is that which remains ------------------------------ End of CPSR-GLOBAL Digest 187 ***************************** ------------------------------ From: hal@murren.ai.mit.edu (Hal Abelson) Date: 28 Jun 1995 02:31:07 GMT Subject: Sixth Conference on Computers, Freedom, and Privacy [long] Organization: MIT Artificial Intelligence Lab ***Please redistribute*** Call for Participation (June 27, 1995) SIXTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY Massachusetts Institute of Technology March 27-30, 1996 The sixth annual Conference on Computers, Freedom, and Privacy (CFP96) will be held in Cambridge, MA, on March 27-30, 1996. The conference is hosted by the Massachusetts Institute of Technology, and sponsored by the Association for Computing Machinery and the World Wide Web Consortium. Cooperating organizations include the Electronic Frontier Foundation, Privacy International, the Center for Democracy and Technology, the Electronic Privacy Information Center, and the Harvard University Institute for Law, Information, and Technology. CFP96 is the sixth in a series of annual conferences designed to bring together experts and advocates from the fields of computer science, law, business, public policy, law enforcement, library science, and government to explore how information technologies are affecting freedom and privacy. Since the first CFP conference in 1991, these concerns have evolved from the preoccupations of a few specialists to major, controversial issues of public policy. Topics to be addressed at CFP96 include: - regulation of content on computer networks - intellectual property considerations of digital libraries and electronic communications media - enhanced access to public government information - control of cryptographic technology - illegal activity in cyberspace and challenges for law enforcement - privacy implications of national/personal identification systems - standards for transborder data flow and data protection - proper secondary uses of information in government and electronic commerce - new roles for libraries regarding information access and networking. - liability of system operators and network access providers CFP offers a much-needed neutral ground where people from widely different backgrounds and positions can learn from one another other. Presentations at CFP traditionally take the form of interactive panels and discussions, rather than formal papers. The CFP96 Program Committee is currently soliciting proposals for presentations, and we invite your suggestions. We especially invite proposals that place issues in an international context and involve participants from different countries. Proposals may be for individual talks, panel discussions, debates, or other events in appropriate formats. (We welcome ideas for "other events".) Each proposal should be accompanied by a one-page statement describing the topic and format. Descriptions of multi-person presentations should include a list of proposed participants and session chair. Proposals should be sent by email to cfp96@mit.edu Proposals should be submitted as soon as possible to allow thorough consideration for inclusion in the formal program. The deadline for submissions is 1 September 1995. For more information on CFP96, consult the conference web page at web.mit.edu/cfp96 or send email with a blank subject line and blank body to cfp96-info@mit.edu. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #001 ****************************** .