Date: Thu, 21 Sep 95 10:52:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#025 Computer Privacy Digest Thu, 21 Sep 95 Volume 7 : Issue: 025 Today's Topics: Moderator: Leonard P. Levine Re: Legality of Unsolicited Advertising Faxes Re: Police Cameras Re: Groceries and Privacy Re: Groceries and Privacy Shockwave Rider, a Recommended Read European Governments Agree to Ban Strong Crypto Re: Knowing Where you Browse? Welfare Reform blows Privacy Security, Privacy and Marketing on the Web Info on CPD [unchanged since 08/01/95] ---------------------------------------------------------------------- From: eck@panix.com (Mark Eckenwiler) Date: 19 Sep 1995 07:30:53 -0400 Subject: Re: Legality of Unsolicited Advertising Faxes Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law Maybe I just overlooked it, but I didn't see anything in the previously posted new regs that relates to unsolicited faxes. FYI, the legality of unsolicited ad faxes -- they ain't -- is addressed directly in a federal statute, 47 USC sec. 227. The ban has been upheld in at least one federal circuit (the Ninth, in the [Moser?] decision from early 1995). ------------------------------ From: WELKER@a1.vsdec.nl.nuwc.navy.mil Date: 19 Sep 1995 09:44:42 -0400 (EDT) Subject: Re: Police Cameras This is worse than police cameras because, at least ostensibly, police- operated cameras are subject to controls, under jurisdiction of the courts, etc. Spying for which police would need a warrant (eavesdropping, snooping, searching) individuals are often allowed to do without justification. Civilian-monitored cameras are a greater threat to privacy than police- monitored ones. Since the individuals may do this in any event your argument appears spurious. If the civilians are monitoring the cameras as part of a government-sanctioned program, the usual rules of evidence would continue to apply. I contend that it is better for communities to police themselves than have an outside agency come in and do it for them. If you don't think you can get along with your neighbors, don't live in the neighborhood. You have the right live in a house in the country, just like I have the right to video tape the street outside my house and show those tapes to anybody I want. I think my ego can withstand having a neighbor send a tape of me scratching my butt to "America's Funniest Home Videos". N.B.- I don't advocate "eavesdropping, snooping, searching" by anybody else; that's in a different league than the subject being discussed. I also believe (though I doubt the law supports me) that I should have the right to surround my house with a 20-foot electrified fence and hedge, and to plant land mines on my lawn -- so go ahead and snoop around my house! Sans these, I can still make tapes of your snooping -- it cuts both ways. ------------------------------ From: Robert Gellman Date: 19 Sep 1995 13:52:15 -0400 (EDT) Subject: Re: Groceries and Privacy I offer a few thoughts about the current threat on the collection of personal information by grocery stores through frequent shopper cards. First, when a local store started this type of promotion, there were many discounts offered for card holders. After a year or so, when everyone signed up, the number of discounts appeared to be significantly reduced. Second, I have a possible response for those who are unhappy about the tracking of data. Of course, you can always pay cash. But you can do better. Obtain a duplicate shopper card from a friend who has one. Pay cash and use the card to obtain any available discounts. The result is that you get the discounts and the store gets bad data. This doesn't work if you need to pay by check, but disrupting the availability of accurate data without committing fraud could undermine the entire effort if enough people did it. + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: dklein@pluto.njcc.com (Dorothy Klein) Date: 19 Sep 1995 19:45:54 GMT Subject: Re: Groceries and Privacy Organization: New Jersey Computer Connection, Lawrenceville, NJ Ellis Weinberger (ew3@soas.ac.uk) wrote: The answer is to pay cash. barthele@ux1.cso.uiuc.edu (barthelemy kevin) writes: I'm pissed. What I buy and when is nobody's business but mine. If going to cash for all purchases is the answer, then I'm right there. Can anyone suggest a way to short-circuit this Orwellian nightmare? Used to be, you got the sale circular and clipped coupons. Now, the coupons are on the "club card", which can also be a "check cashing card". Here in NJ, some supermarkets are casual about signing people up for the temporary card (SuperFresh), and others (ShopRite) stick laminated "permanent" cards right to the "application". If you only want the card for discounts, it doesn't matter if the information is correct -- your bank will never see it. So, if it bothers you for the store to correlate your name, address, and answers to the nosy questions to your purchases, wage a campaign of disinformation. (What, you think everyone's truthful to those nosy clipboard-carrying surveyors who stop every tenth customer and pester them for personal information in public places?) Figure out what bothers you most about the process, and jigger it. Use your pet's name, misspell your street address, give your phone number as 555-whatever. Give a SSN with a field that's all zeroes, or "forget" what it is. Demographically, you can earn less than 10K per year, yet own all the latest electronic gizmos, if you like. If you don't mess up the address too badly, the permanent card will get to you. Until it does, or if it doesn't, use the temporary card. Stretch the truth or shatter it, it's up to you. The programs that do the correlation are largely stupid. "Fifi Smythe" living at 123B Maine Street will not match with Jane Smith at 123 Main Street. Junk mail, credit apps, whatever, addressed to 123B Maine, or to Fifi, is easily traced to its source. The club-card's name and address need not match that of the credit-card/ ATM card you use to pay, though using a card creates a possible link between the alter-ego and the real you. (Hmm -- makes me suspicious about the "$5 off your $20 purchase if you use your MasterCard" promotions!) The store still gets internal correlation for their marketing -- Fifi stocks up on specials, Fifi never buys baby stuff, Fifi didn't come to our store when the supermarket down the street ran their canned-goods sale, Fifi buys lots of frozen dinners but little fresh meat. They get your business, and a record of purchases in response to their promotions. What they don't get is the possible intrusive correlation with the real _you_. Dishonest? About as dishonest as pushing a "club card" as a convenience for the shopper, as representing permanent personal data-snooping and cross-database correlations as "serving our customers better". -- Sincerely, Dotty Klein, data guerilla ------------------------------ From: "Jongsma, Ken" Date: 19 Sep 95 12:57:00 MDT Subject: Shockwave Rider, a Recommended Read Some 20 or so years ago, an English author by the name of John Brunner wrote a novel called Shockwave Rider. For those that are interested in the possibilities of excessive Government surveillance using computer based tracking, I highly recommend this book. It's a fun read and also makes some very topical points. I won't spoil the story except to say that it concerns one individual that fought the system. The author's conclusion: The most damage comes from having data available to only certain individuals. This leads to mistrust of the system and political favoritism. The book is likely out of print but should be available in some larger libraries. -- Ken ------------------------------ From: rja14@cl.cam.ac.uk (Ross Anderson) Date: 20 Sep 1995 12:22:12 GMT Subject: European Governments Agree to Ban Strong Crypto Organization: U of Cambridge Computer Lab, UK According to an article in `Communications Week International', the 34-nation Council of Europe has agreed to outlaw strong encryption products which do not make keys available to governments. The article, `Euro-Clipper chip scheme proposed', is on the front page of the magazine's issue 151, dated 18th September, which arrived in my mail this morning. It relates that the policy was approved on the 8th September at Strasbourg by the Council, and coincides with an attempt by the European Commission to propose a pan-European encryption standard. The Council - unlike the Commission - has no statutory powers to enforce its recommendations. However, Peter Csonka, the chairman of the committee that drafted the document (and an administrative officer at the Council's division of crime problems) says that `it is rare for countries to reject Council of Europe recommendations'. The proposal would make telecomms operators responsible for decrypting traffic and supplying it to governments when asked. It would also `change national laws to enable judicial authorities to chase hackers across borders'. Opposition to this measure was expressed by Mike Strezbek, VP responsible for European telecomms at JP Morgan, who said that his organisation `will challenge any attempt to limit the power of our network encryption technologies very strongly'. Czonka said that the Council had given consideration to business interests but had tries to strike a balance between privacy and justice. However, `it remains possible that cryptography is available to the public which cannot be deciphered,' his document says. `This might lead to the conclusion to put restrictions on the possession, distribution, or use of cryptography.' Apparently another international organisation, the OECD, has called a conference of its members in December to devise a strategy on encryption. I for one will be making clear to my MP that his stand on this issue will determine how I cast my ballot at the next election. I note that John Major stated in a 1994 parliamentary written reply to David Shaw MP that the government did not intend to legislate on data encryption. I am disppointed that government policy has changed to the point of supporting the Council of Europe, and that this change has sneaked through during the parliamentary recess. -- Ross Anderson ------------------------------ From: "Prof. L. P. Levine" Date: 20 Sep 1995 11:16:58 -0500 (CDT) Subject: Re: Knowing Where you Browse? Organization: University of Wisconsin-Milwaukee Hi. My name is Mark Nixon, I am a European-based freelance writer. I am currently researching an article concerning privacy on the web. I would like your help. I have heard that web browsers maintain a record of each site that an individual visits during a session and that this record can be accessed from a remote server to which the individual is connected (providing marketers with a neat way of constructing personal profiles). Is this true and do you know where can I find more information about this 'in-built' facility? Thankyou for your time Cheers...Mark Your note is the first I have heard about this. I am aware that my browser does keep a history list, but know only that the remote site gets a report from the system about my site, not my personal account. If it becomes clear that my browser can be ordered to report history to the remote site by some command at that end then I (and many others) will want to know it. I will post your question (and this response) to CompPrivDigest. Anybody out there know if a browser can be remotely ordered to report its history? ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: 21 Sep 95 09:07 EST Subject: Welfare Reform blows Privacy A part of the welfare reform bill just passed by the Senate affects all of us - whether or not we're receiving welfare. It has been approved by the Senate and the House without any press attention - except in Privacy Journal and in an article by Simson G arfinkel in the San Jose Mercury. Section 517 of the bill requires EVERYBODY to provide a Social Security number to get a drivers license or renew, to register a vehicle, to get a marriage license, to get divorced, or to get a professional license. The Privacy Act presently permits state s to do this for motor vehicle registration. The welfare reform bill REQUIRES this. This. of course, will vastly increase the chances of misuse of Social Security numbers, for credit-card fraud, proof of legal immigration, or total "theft of identity." It will move us closer to being enumerated by a mandatory national ID number. Further, Section 513 of the bill requires all employers to fill out a form for each person newly hired - with Social Security numbers and the nature of the work - and file it with the state. It will then be sent to Washington for inclusion in a new centr al databank of newly hired persons. The bill creates a massive new database for tracking the current whereabouts of most Americans. All of this has little to do with welfare - and so most people don't know this is in the welfare reform bill, but it does have a lot to do with tracking down parents not making child-support payments. In the name of finding "deadbeat Dads," we'll accept just about anything. People who are outraged by this should write or call their members of Congress, as well as the chair of the Senate Finance Committee, Senator Roth of Delaware, and the chair of the House Ways and Means Committee, Rep. Bill Archer of Texas. There is a sli m chance that this could be deleted in the House-Senate conference on the bill, HR 4. Or they can urge that the President veto the bill, a slim possibility. -- Robert Ellis Smith, Privacy Journal ------------------------------ From: "Prof. L. P. Levine" Date: 17 Sep 1995 08:23:43 -0500 (CDT) Subject: Security, Privacy and Marketing on the Web Organization: University of Wisconsin-Milwaukee Taken from PRIVACY Forum Digest Friday, 15 September 1995 Volume 04 : Issue 20 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. From: Denman F. Maroney Date: 12 Sep 1995 12:13:24 -0400 Subject: Security, Privacy and Marketing on the World Wide Web The World Wide Web was conceived and created as a distributed hypermedia environment, a means for people to ride trains of thought across paragraphs, documents and computers around the world. It has evolved as a hub of commercial activity on the Internet. This is indicated by the proliferation of web sites that sell advertising. The currency of advertising is audience ratings (and related measures). The price of commercial time in a TV show, for example, is set based on the show's projected ratings. Similarly, the price of a page ad in a magazine is set based on the publication's projected readership. The web does not have ratings. Web clients browse web servers with ease, but web servers identify web clients with difficulty. The closest thing to ratings on the web is server logs, which log the IP addresses of clients that access server files. Server logs do not produce ratings because, among other difficulties, (1) web clients are not people, (2) web files are not documents but multiples thereof, and (3) cached web file accesses are not logged. Elaborating briefly on each of these points, (1) the number of clients associated with a given IP address may range from one for an individual with a SLIP or PPP account to 2,000,000 or more for a proxy server like AOL or Prodigy; (2) when a client accesses a document comprised of (say) an HTML file and 12 in-line images, the server logs 13 hits; and, (3) cached file accesses are not logged because they are accessed indirectly from the client's computer or proxy server rather than directly from the web site. Several companies including A.C. Nielsen, I/PRO, NetCount and WebTrack have launched web site audience measurement services. But, in reality these are log processing not audience measurement services, because none of them has solved these problems. Some sites try to skirt these problems by asking or requiring their visitors to register. This solution is unsatisfactory because some people do not register, and others register more than once because they forget their passwords. A central registry launched by a joint venture of Nielsen and I/PRO alleviates the problems of registrants forgetting or using multiple passwords but still does not oblige people to register. Suppose HTTP were modified in such a way as to enable web servers to identify and track the behavior of individual users. This would make the Web the best measured of all commercial media. Other commercial media are measured by means of periodic survey sampling. National television audiences for example are measured by means of a nationally projectable sample of some 5,000 people who consent to have "people meters" installed in their homes for a period of years. Magazine audiences are measured by means of a national sample of some 20,000 people who consent on one occasion to be interviewed personally and fill out a questionnaire. If web servers could measure all users individually and continuously, the web would be measured by means of continuous census taking instead of periodic survey sampling. From marketers' perspective, this would be the best of all possible worlds. No more sampling error. No more non-sampling error. No more discontinuous measurement. The ultimate in database marketing. Web users might be less enthusiastic. In fact they might be very put off by the prospect of web behavior monitoring. Would playboy.com continue to be among the most heavily visited web sites if all its visitors knew they were being watched? Not likely. Would people hesitate to visit web sites that espoused particular political ideologies if they thought they might be spied on by federal agents? Very likely. Would people hesitate to visit sites that sell products and services if they thought the behavioral data so generated would trigger email solicitations from those sites or be sold to other sites to similar ends? They might very well. Accurate web measurement offers many potential benefits as well. Web marketers could use audience data to tailor sites to fit users' interests. For example, they might find some areas are visited less often than others and edit those areas accordingly. They might find some areas are favored by some users and program those areas to greet those users on arrival (dynamic page generation already does this to an extent). Consumers who let marketers know what kinds of products and services they are interested in might be glad to receive highly targeted information about those things. If you're shopping for a car, for example, you might welcome a message from a car maker offering you a special deal on exactly the sort of car you want. Very soon the information exchanged through the web will include currency. The financial service and network industries are hard at work on making the Internet secure for financial transactions. It strikes me that there is a conjunction between the efforts at Internet security by these industries and the efforts at audience measurement by web marketers and research suppliers. The question is how to make the Internet secure and transparent and protect people's privacy at the same time. In principle, behavior should not be monitored, and behavioral data should not be exchanged, without users' knowledge and consent. The question is how to implement this principle. One solution might be to create a commercial version of HTTP, a place where web users could go to engage in commercial activity. This would be analogous to a central registry but would apply to a designated area of the Web instead of just selected sites. When users entered this area, they could know or be told that their behavior could be monitored for commercial purposes. To be admitted, they would have to show their license or password. A potential problem wilth this from marketers' perspective is that the area could become a commercial dumping ground, the Web equivalent of a home shopping channel or ad well, and as such repel a sizable segment of consumers and prospects. Marketers are also concerned that users would be put off by repeated warnings or labels about behavior monitoring. Whose responsibility is it to post such warnings or labels? Internet access providers? Online service providers? Information providers? An independent entity? Some combination of these? What should the warnings or labels say? Where and how often should they appear? Another solution might be to let web users relinquish or recover their anonymity at any time by entering or revoking a PIN. In this way users could go wherever they wanted on the web and disclose their identity to exchange certain kinds of information. Of course, this is exactly what is contemplated to effect secure financial transactions on the web. The point is that it might be fruitful to design the process from an audience measurement as well as transaction security perspective. Bottom line, web servers and clients ? marketers and consumers in the context of this post ? ought to be able to exchange information to their mutual benefit. Is this possible? How? I would like to hear directly from anyone with suggestions. Thank you. Denman Maroney Asso. Media Director, New Technologies DMB&B Inc. 1675 Broadway New York NY 10019 email maroney@dmbb.com tel. 212.468.3918 fax 212.468.3770 P.S. I will be out of the country from Sept. 20 until Oct. 16 and so will be unable to respond to any mail I get during that period. [ This article should help to focus the wide range of privacy issues relating to the use of Web (and other Internet) resources. Many persons have had concerns about this area for quite sometime. When I heard that the most popular Web search engine, "Lycos", was now partially owned by a major direct marketing firm (as part of the creation of "Lycos, Inc."), I made a query regarding their policies in this area. I received a response back from their CEO stating that they did not keep records concerning individual users accessing information (i.e. they do not require registration, though presumably site access info is collected as is standard for virtually all servers), and any audit data collected is used only in aggregrate form for marketing and product development purposes. On the other hand, there are firms involved in providing Web statistical information and log analysis who are apparently claiming that they can turn server logs into direct marketing databases--right now. One can easily imagine the potential problems and pitfalls that could result--technical, legal, political, and so on. Will it get to the point where the simple random or errant click of a "netsurfer", or incorrect search engine query response, results in users being added to new marketing lists--perhaps for items in which they have no interest or might even find objectionable? Will user access log data become simply another commodity to buy, sell, trade, use and abuse? Will users find themselves the victims of unscrupulous operations which might embarrass, blackmail, or otherwise threaten them with disclosure of which Web pages they've browsed? Should logs of Web usage be accorded at least as much privacy under the law as videotape rental records? The Web could become a truly fantastic tool for "consensual" marketing of all sorts. The combination of text, audio, graphics, and video is perfect for providing all sorts of useful services, many of which people will be more than happy to pay for. But the key word is "consensual". If we don't act *now* to deal with the privacy issues of these systems during this dawn of the true "information age", and put appropriate legislative safeguards into place, we could end up creating an infrastructure for privacy abuses of which George Orwell would never have dreamed in his deepest nightmares. Comments? -- PRIVACY Forum Digest MODERATOR ] ^A^A^A^A From: "Prof. L. P. Levine" Date: 17 Sep 1995 08:23:43 -0500 (CDT) Subject: 4th Amendment & Encryption Organization: University of Wisconsin-Milwaukee Taken from PRIVACY Forum Digest Friday, 15 September 1995 Volume 04 : Issue 20 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. From: dlh@marsmedia.com (Dlh) Date: 2 Sep 1995 12:59:58 EDT Subject: 4th Amend. & Encryption The fourth amendment to the U.S. constitution forbids unreasonable searches and seizures and guarantees citizens security in their persons, papers, and effects. Relying on commonsense ideas about what's "reasonable", courts have interpreted this language to mean that one is entitled to privacy where he has sought privacy and taken steps to secure his privacy. Katz v. U.S., 389 U.S. 347, 88 S.Ct. 507 (1967); Berger v. New York, 388 U.S. 41, 87 S.Ct. 1873 (1967); U.S. v. Gerena, 662 F.Supp. 1218 (D.Conn. 1987); Smith v. State of Maryland, 283 Md. 156, 389 A.2d 858 (1977); Smith v. Maryland, 99 S.Ct. 2577, 442 U.S. 735, 61 L.Ed.2d 220 (1979); Kemp v. Block, 607 F.Supp. 1262 (D.C.Nev. 1985). In order to protect oneself from government intrusion, it is necessary that one express himself in a manner that exhibits a clear intention and expectation that the expression is made in private. The definition of "private conversation" under the Federal statute prohibiting eavesdropping and interception in electronic communications at 18 U.S.C. section 2510 (2). If the communication can be accessed by third parties, it is not a private communication, and is thus available for anyone who wishes to do so, to intercept it. It is irrelevant to the analysis of whether a communication is private, whether or not such third party actually did perceive the communication - privacy is destroyed if they could have done so. Under federal law and the laws of all of the states as required by the federal statute, interception of the private electronic communication of another is a felony and subjects the offender to civil penalties as well. 18 U.S.C. sections 2511, 2520. The statutes require the interception to have been made intentionally (that is, not inadvertently or accidentally) without the consent of any party to the communication. State laws can be more restrictive, and in Maryland, Ill., Mich., and half a dozen other states, the consent of each and every party to the communication is required. It is axiomatic that the Internet and its various manifestations and incarnations are not secure communications media. Anyone having access to any intermediate node on the virtual connection path can intercept a packet (although the entire communication may not be routed along the same virtual circuit in the packet-switching network) and read it IF IT IS IN CLEAR TEXT. There is no way to assert privacy in the electronic communication that travels over the 'net except by encryption. The Federal Government wants to restrict the ability to encrypt information because it wants law enforcement agents to be able to intercept electronic communications without having to get warrants to do so, as they now can. By restricting the ability of citizens to extend the scope of their privacy rights over the communications on the net, law enforcement's ability to conduct unrestricted surveillance is enhanced, and to be able to use the evidence so obtained without warrants against persons accused of offenses in court. A warrantless search on the net, or any computer connected to the net is acceptable under current law, for the purposes of motions to suppress evidence in criminal proceedings; that is, the evidence cannot be suppressed because of assertions of violations of due process by reason of violation of the fourth amendment search and seizure clause by law enforcement. I believe that the only way to assert a right to privacy on a public data network is by encryption. Encryption and concomitant security of the password/key (e.g., non-escrowed) is the only way to assert that one had a constitutionally-protected right to privacy in the electronic communication so protected. For the purposes of suppression motion, it does not matter whether the communication can be unencrypted, only that the parties to the communication took steps reasonably designed to ensure privacy and to clearly indicate their expectation that the communication be a private communication. === === === === === === === Daniel L. Hawes, Attorney at Law -- Practice Limited to Civil Litigation. Matters relating to Computer and Telecommunications Technology and Domestication and Execution of Foreign Judgments (internet) dlh@marsmedia.com; (voice)703-352-8684; (fax)703-352-5930; (mail) 10312 Cleveland Street, P.O. Box 846, Fairfax, Va. 22030-0846 ------------------------------ ------------------------------ From: "Prof. L. P. Levine" Date: 11 Aug 1995 09:39:43 -0500 (CDT) Subject: Info on CPD [unchanged since 08/01/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #025 ****************************** .