Date: Wed, 22 Nov 95 14:46:28 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#044 Computer Privacy Digest Wed, 22 Nov 95 Volume 7 : Issue: 044 Today's Topics: Moderator: Leonard P. Levine Looking for Quotable Comments on Deja News French Agreement to use Netscape Navigator CPD Footer Message Re: Unsolicited Email Advertising Re: Unsolicited email Advertising Re: Unsolicited Email Advertising Quicken SSN Alert Re: Telemarketing Re: Telemarketing Re: SSN for CA DL renewal Mark Twain Bank and DigiCash Info on CPD [new] ---------------------------------------------------------------------- From: chris@ivanova.punk.net (Christopher Ambler) Date: 20 Nov 95 22:00:09 PST Subject: Looking for Quotable Comments on Deja News I am writing an article for a local paper on Deja News. I would like comments from those who have expressed an opinion on the service (both good and bad) that I might quote in my article. Please be sure and send me your name and title (if applicable) if you don't mind being quoted. I saw some good quotes in the digest previously, but don't want to use them without permission. If anyone from Deja News wishes to contact me, please do so. If I don't hear from them, however, I'll be sending them email shortly. Thanks much! -- (C) Copyright, 1995 Christopher Ambler, Director, Punknet Internet Cooperative, San Luis Obispo, California Permission to redistribute electronically via Usenet and mailing lists without fee is granted. Redistribution for commercial purposes is prohibited. ------------------------------ From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat) Date: 21 Nov 1995 08:49:06 GMT Subject: French Agreement to use Netscape Navigator Organization: FranceNet Bonjour, All over the French newgroups, you can read the uncredibled news this morning: the secret SCSSI (Service Central de la Securite des Systemes d'Information) from the Premier Ministre' desk in Paris have given the complete agreement to use Netscape Navigator. The document is like that: Titre: "Autorisation de fourniture et d'utilisation generale de moyens de cryptologie No. 2500" Signe: 7 Novembre 1995 Par: Jacques VINCENT-CARREFOUR pour la DISSI Reference: 509/DISSI dossier numero 950038 L'autorisation est fournie aux seuls produits Netscape Navigator suivants: N. DOS WINDOWS CD ROM N. DOS WINDOWS KX 23 N. MACINTOSH CD ROM N. MACINTOSH RX23 N. NT/INTEL CD ROM N. NT/INTEL RX23 N. NT/ALPHA N. X-WINDOWS N. WIN/95 16 BIT CD ROM N. WIN/95 16 BIT RX 23 N. WIN/95 32 BIT CD ROM N. WIN/95 32 BIT RX 23 Elle est egalement fournie aux distributeurs de la liste suivante et a eux seuls: Sun Microsystems Computers Digital Equipment Silicon Graphics Novell Siemens Nixdorf Olivetti Bull Zenith Data Systems Apple Computers Hewlett Packard Compaq Azlan Softway France Telecom Grolier Interactive Europe General Games Some remarks can be do: it's no "s" to X-Window in the list of authorized products. This agreement "is good until 1st October 1997 for selling and use in France only." This autho- rization will be late to be given because of some discussions with other hurge software publishers that don't have receive the same paper. It's the first time in France that an US specific software will be accepted in the cryptographic field by our Government. Bravo -:>] -- Jean-bernard Condat Computer Security Expert (Paris, France) ------------------------------ From: rj.mills@pti-us.com (Dick Mills) Date: 21 Nov 1995 03:14:19 -0500 Subject: CPD Footer Message In CPD V7#043, the Info on CPD footer at the end contains: [new: Ordinary copyrighted material should not be submitted. If a] [copyright owner wishes to make material available for electronic] [distribution then a message such as "Copyright 1988 John Doe.] [Permission to distribute free electronic copies is hereby granted but] [printed copy or copy distributed for financial gain is forbidden" would] [be appropriate.] Now I'm confused after the recent threads re: copyrights. If copyright is automatic to the owner as soon as it's fixed, then is there any material anywhere that is not copyrighted? I wonder if even a statement such as "public domain" in an email message is sufficient to make it public domain? Is is binding on the author? Could he change his mind? Can he disavow the statement since it isn't legally signed or witnessed? What does the moderator mean by "Ordinary copyrighted material"? -- Dick Mills +1(518)395-5154 http://www.albany.net/~dmills [moderator: I give up. Mr. Mills is completely correct and I have modified the footer by removing this paragraph. The footer now has been returned to what it was before last October and can be seen below.] ------------------------------ From: Fred Baube Date: 21 Nov 1995 15:39:07 +0200 (EET) Subject: Re: Unsolicited Email Advertising tswalton@aol.com (TSWalton) said: I would suggest that the net begin to charge the spammers a per piece handling charge......just like the USPS. It would be too costly to spam if they are not hitting their target audience and would be self limiting in the long run. An analogy to chew on .. In Finland and Sweden, there's no such thing as unlimited local POTS [that's Plain Old Telephone Service, for the acronymically challenged]. Every call you make from any telephone, home or elsewhere, costs you *something*; where I live it's about 12 US cents. This is irritating if you've become accustomed to unlimited POTS. But it *does* seem to limit junk phone calls, and it puts a complete stop to kids with modems trying every damned number in the city looking for modem tones. -- F.Baube(tm) * P/T Autodidact, F/T Information Junkie. G'town U MSFS '88 * The sixth sick sheik's sixth sheep's sick. fred.baube@utu.fi * Nymphs vex, beg quick fjord waltz. ------------------------------ From: peter@nmti.com (Peter da Silva) Date: 22 Nov 1995 15:41:12 GMT Subject: Re: Unsolicited email Advertising Organization: Network/development platform support, NMTI Bill wrote: Nice idea, but no cigar. Searching the last few lines of a post for any string beginning and ending with whitespace and including an "@" sign is no harder than searching the first few lines for that. Make your sig block look like this: foo@bar.com bar@foo.com yeltzin@kremlin.gov celine@agora.mil bob@sub.net bar@foo.com yeltzi Peter da Silva, Super Genius ub.net foo@bar.com yeltzin@kremlin.go peter@nmti.com ar.com bar@foo.com celine@agora.mil bob@sub.net foo@bar.com bar@foo.com yeltzin@kremlin.gov I have thought up a much better mechanism for preventing mass-mailings getting to you, without blocking *individuals* responding to your message. Message-ID: When the Message-ID contains some hashed secret, you can have your mail filter toss all messages that don't contain that secret in References or In-Reply-To. If someone replies to you via a mail program or newsreader they're supposed to include your message-id in that line. To help correspondants who have broken software, you can even describe the mechanism in your .signature. Even if the spammers know what you're doing it's more trouble than it's worth for them to spam you, since they'd have to hand-craft a separate email message targeted at you. Maybe I should patent the idea and email everyone on the net telling them about it, so they'd have to pay me royalties to actually use it... Naaaaah. I'll toss it in the public domain. Go for it. Another nifty idea, this one designed to let you use "mailto" URLs safely. You need to be able to run server-side code for this: have your site generate a mailto: URL containing a one-time address that's valid for a short period. That way if they put it in a list you'll get only a single message, and then only if they use it right after generation. ... privacy through complex mathematics ... -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. My opinions probably scare them ------------------------------ From: Maryjo Bruce Date: 20 Nov 1995 23:24:21 -0800 (PST) Subject: Re: Unsolicited Email Advertising Somebody mentioned having spammers charged for junk email, like the USPS. Interesting analogy. I had to turn in a mail forward four months ago when my box at X post office was torn out during remodeling and I was forced to get a new box with a different number at the same location. Over one thousand pieces of non forwardable junk mail have been forwarded from one box to the other. I just found a bill from USPS for $405 in my new box...which I must pay in addition to my box rent for special handling of all the junk mail, because of the quantity. The junk mail which is not forwardable to my new address...... -- Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com ------------------------------ From: wayne@localnet.org Date: 22 Nov 1995 19:42:24 GMT Subject: Quicken SSN Alert Organization: University of California, Berkeley Quicken Online Banking Users - Social Security Number Alert. I recently had a long discussion with Union Bank concerning Quicken Online Banking and social security numbers. Union Bank required me to provide SSN which they informed me would become part of every online banking transaction. When asked if this information would be encrypted the bank representative declined to comment. DO NOT SIGN UP FOR QUICKEN ONLINE BANKING The possiblity of your SSN being sent in the clear all over the Internet as part of every online banking transaction is catastrophic. It is very easy to snoop on internet packets and copy information. No online banking convenience is worth the risk of your SSN being copied and used to destroy your credit rating. You generally have the burden of proof when others use your SSN to commit credit fraud despite this information being widely available. Intuit's use of SSN is only a little better than the IRS's habit of printing your SSN and address on mailing labels. I refused to provide SSN to Union Bank as I routinely do to all requests citing the Federal Privacy Act. Union Bank checked with their legal department about this. I have often refused to provide SSN for credit checks and and other non IRS uses and this usually results in some discussion, but in all other cases the business eventually acknowledged my right to refuse to provide SSN. Since the IRS has stopped requiring reporting from credit card companies they no longer have that excuse to request SSN and I have gotten new credit cards from several companies without providing SSN. I have also gotten Checkfree and Charles Schwab to establish online accouts without SSN's. When companies use nine digit numbers they can substitue a nine digit number begining with 999 or 888 which will not duplicate a legitimate SSN. I prefer to refuse to provide SSN rather than simply supplying a fake number. Union Bank returned my call and provided some interesting information. In addtion to Intuit's requireing SSN for their online transactions it seems the US Treasury wants SSNs for bank accounts. Union Bank's legal department apparently relies on the advice of the Treasury to require SSN's. What is interesting here is that both Union Bank and US Treasury acknowledge a legal right to withhold SSN. The Federal Privacy Act explictly prohibits and provides criminal penaties for government agencies requireing SSN unless established by law. The privacy act provides a legal right to withhold SSN from private business but does not establish any enforcement proceedure with respect to private business so that area is unclear. However Union Bank indicated it acted at the direction of Treasury and it is clearly a serioius felony for federal officals to conspire to deprive citizens of legal rights under color of authority (remember Rodney King). Treasury seems to be illegally trying to accomplish through its regulatory oversight of banks what it is explicity prohibited from doing by law. ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 22 Nov 1995 01:55:52 -0500 Subject: Re: Telemarketing Organization: America Online, Inc. (1-800-827-6364) Private Citizen, Inc. will notify over 1400 national and local telemarketing relatred firms of your `do-not-call' request, and send you a list of the firms we notified. Also included in your notification, will be an offer to allow those firms to tele-solicit you on a `for hire' basis of $500 per call. Private Citizen has been in operation since 1988. The result has been a substatial drop in junk calls to our members.... and they have collected too: both in and out of court. -- Robert Bulmash Private Citizen, Inc. 1/800-CUT-JUNK ------------------------------ From: anonymous Date: 22 Nov 95 12:36:35 EST Subject: Re: Telemarketing [moderator: sent to me in my own mailbox, but worth posting.] I've been looking for creative solutions to the nuisance problem of telemarketing. One solution to unwanted telemarketing is the creation of a "don't call me" list wherein people can designate that they don't wish to be telemarketed. Then, rather than rely on local or state law We have a "low tech, non-legislative" solution to this problem. We tell *all* callers that the fact that they called precludes us from contributing to their cause or buying their product. We make it clear that this is an *unequivocal* policy from which we will not stray, irrespective of the worthiness of the cause or the degree to which we may want the product. And we keep our word. Now, if sufficient numbers of callees did this, the loss in contributions or sales would be discernable to people who detect market statistics, and we might see less telemarketing. After all, "they" know everything about our buying habits, right? ------------------------------ From: wayne@localnet.org Date: 22 Nov 1995 19:54:21 GMT Subject: Re: SSN for CA DL renewal Organization: University of California, Berkeley Ron Richter wrote: I was wondering if anyone knows what the deal is regarding the Social Security Number that was required to be disclosed to the Department of Motor Vehicles for the state of California... Unfortunately Federal law has been changed to allow requiring SSN for drivers license. This is used to track people who are not making child support payments. The SSN cannot be printed on the drivers license when is required ( it can be used if it is requested) and can only be disclosed for legitmate law enforcement purposes. (right, cops are honest and never lie in court). ------------------------------ From: ulmo@Q.Net (Bradley Ward Allen) Date: 21 Nov 1995 13:40:16 -0500 Subject: Mark Twain Bank and DigiCash Organization: Q I would like insight into these issues. First I put excerpts from two documents, so that I may comment on them and their accuracy: excerpts from http://www.marktwain.com/press1.html (Mark Train is a bank, this URL is a press release): "This launch marks the beginning of a new era, one in which the digital equivalent of paper money and coins will become even more important than their physical precursors are today," according to Dr. David Chaum, Managing Director of DigiCash bv and inventor of electronic cash. "It will catalyze enormous growth in electronic commerce on the Internet, and prove of enduring value through its improved protection of consumers and society at large." [... and later ...] How safe is it Security is fundamental to electronic cash. The cryptographic coding protecting every 5 cent ecash payment is the same as that routinely relied upon for authenticating requests to move huge sums between banks and even for national security. But in principle ecash goes beyond such communications security to achieve true multiparty security: no one (buyer, seller, bank) can cheat anyone else, no matter how they might modify their own software; even if two parties collude, they cannot cheat the third. Replacing paper and coins with ecash would make life much harder for criminals. Because the payer's computer chooses the serial numbers of the coins, he or she can later irrefutably identify blackmarketeers, extortionists, and acceptors of bribes--were they to take ecash. Paper notes, briefcases full of which can be received without leaving any record, allow money laundering and tax evasion today. With ecash, however, all the amounts each person receives are known to their bank. Significant criminal activity could thus be thwarted by completely replacing paper money; moreover, the privacy of ecash would be essential to widespread acceptance of any electronic payment system that in effect becomes mandatory. ///////////////////////////////////////////////////////////////////// excerpt from Wired, December 1994, page 174: My fellow passenger and tour guide is David Chaum, the bearded and ponytailed founder of DigiCash, and the inventor of cryptographic protocols that could catapult our currency system into the 21st century. They may, in the process, shatter the Orwellian predictions of a Big Brother dystopia, replacing them with a world in which the ease of electronic transactions is combined with the elegant anonymity of paying in cash. He points out the plaza where the Nazis rounded up the Jews for deportation to concentration camps. This is not idle conversation, but a topic rooted in the Chaum Weltanschauung - state repression extended to the maximum. David Chaum has devoted his life, or at least his life's work, to creating cryptographic technology that liberates individuals from the spooky shawdows of those who gather digital profiles. In the process, he has become the central figure in the evolution of electronic money, advocating a form of it that fits neatly into a privacy paradigm, whereby the details of people's lives are shielded from the prying eyes of the state, the corporation, and various unsavory elements. [... and later ...] Dining with the Cryptographer For Chaulm, the politics and the technology reinforce each other. He believes that as far as privacy is concerned, society stands at a crossroads. Proceeding in our current direction, we will arrive at a place where Orwell's worst prophecies are fulfilled. He delineated the problem in an essay called "Numbers Can Be a Better Form of Cash Than Paper." "We are fast approaching a moment of crucial and perhaps irreversible decision, not merely between two kinds of technological systems, but between two kinds of society," says the article, published in 1991. "Current developments in applying technology are rendering hollow both the remaining safeguards on privacy and the right to access and correct personal data. If these developments continue, their enormous surveillance potential will leave individuals' lives vulnerable to an unprecedented concentration of scrutiny and authority." In the early 1980s, Chaum conducted a quest for the seemingly impossible answer to a problem that many people didn't consider problematic in the first place: how can the domain of electronic life be extended without further compromising our privacy? Or - more daring - can we do this and increase privacy? [... and later ...] Chaum says he has never argued for total untracability, but sort of a constrained anonymity. "My work has been trying to establish a whole space of possibilities, bounded by pure perfet anonymity on one side and a perfet identification on the other side." [I didn't re-read the Wired article entirely, and may have missed a very pertinent paragraph that I remember seeing regarding some of these issues that would indicate that Chaum has methods which would guard against some of the worst activities (kidnappings) while not keeping records at the bank (maybe I figured this out from reading it and Chaum didn't explicitly say it, in which case of course I'm fallable); moreover, I know that I'm pretty sure that that is possible, and what's even more scary to banks is that at some point they could be left out of the loop entirely. But that would only be a possible (possibly nice) side-effect; I'm more concerned about the information privacy.] ********************************************************************** My comments: Why is Chaum in the Wired article (written first) looking for heavy privacy, and then later affirming the Bank's choice of a system which is "With ecash, however, all the amounts each person receives are known to their bank" which indeed seems to me to have a large amount of tracabilty (is it in that the bank doesn't know where it's coming *from*??), and "irrefutably identify blackmarketeers, extortionists, and acceptors of bribes"? Is the irrefutably some sort of proof that cannot be made-up (i.e. framing someone)? Obviously, the bank (Mark Twain) chose one of the points in the "whole space of possibilities" that Chaum mentions that has a very large amount of tracability. I can easily see where someone would set up a mechanism which would look at the *time* of a transaction *to* my account, and then look at the *time* of the transaction of those sending it, asking them to bring forth records identifying the person they were sending it to just for proof, and then suddenly not allowing someone to do something key to being able to make it in this world when starving but often illegally legislated against by so-called religious radicals bowing to the money paid by rich psychos who wish to see people weeded out by starvation, such as prostitution (something I myself have been forced to deal with as Welfare only made me suicidal as I found out that I wasn't allowed to receive it since I was actually *trying* to get out of it and had to make an elaborate lie to the welfare agency to qualify for what I deserved, which I wasn't good at lying so failed). The bank's method brings up the age-old question: Is the government good at deciding who is a criminal and who is not? I think the answer is necessarily half-and-half: the gov't is enough right that people don't make the gov't irrelevent, and enough wrong to weed out those who would attempt to live fairly and by the truth as much as possible. I think it's *what* one is hiding that is always so important, and I don't claim to have all the answers. I, for one, am quite baffled by this development. -- Bradley (Please, if possible, followup to the newsgroup *AND* copy to me by email, since I'm sure both discussion is necessary and I don't frequently have a chance to check USENET.) ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [new] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #044 ****************************** .