Date: Wed, 03 Jan 96 10:32:58 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#002 Computer Privacy Digest Wed, 03 Jan 96 Volume 8 : Issue: 002 Today's Topics: Moderator: Leonard P. Levine Re: Unsolicited email Advertising Re: Unsolicited email Advertising Re: Unsolicited email Advertising Re: Compuserve Censoring USENET Re: Compuserve Censoring USENET Re: Compuserve Censoring USENET Re: Compuserve Censoring USENET [long] Re: BC Commissioner Upholds Severing of Voter Addresses Re: Racial Classification Re: Racial Classification Re: Racial Classification Re: Racial Classification Re: Racial Classification Re: Racial Classification Re: The Year We Struggled with On-line Censorship Cyberspace wiretap leads to arrests Re: Risks of Checking Accounts The Computer Law Report #15 Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: David M Kennedy Date: 28 Dec 1995 12:58:47 -0500 Subject: Re: Unsolicited email Advertising 4. If I get no response from this after a few days, then I start sending a huge file (1 megabyte) every day with an explanation that I am trying to get someone's attention. This is designed to eventually fill their disk and makes them look for what filled it. --snip-- 6. Again, I have never reached this stage, but the next step is to start sending the huge file every few minutes until their disk fills. I am not charged by volume for email. Some Monmouth (NJ) University students have been charged in US Federal Court for a denial of service attack similar to the one described above. They are accused of sending some 24,000 mail messages to the system administrator's account. IANAL, but I believe the appropriate citation is 18 USC 1030 (a) (5) (A): (5)(A) through means of a computer used in interstate commerce or communications, knowingly causes the transmission of a program, information, code, or command to a computer or computer system if - (i) the person causing the transmission intends that such transmission will - (II) withhold or deny, or cause the withholding or denial, of the use of a computer, computer services, system or network, information, data or program; and "(G)et someone's attention," may indeed solicit more attention than desired, and receiving mail from a bad net citizen is no excuse for becoming one in return IMHO. -- Dave Kennedy US Army MP, CISSP volunteer SysOp Natl. Computer Security Assoc ------------------------------ From: kmcguire@omni.voicenet.com (Kevin McGuire) Date: 29 Dec 1995 03:04:15 GMT Subject: Re: Unsolicited email Advertising Organization: Voicenet - Internet Access - (215)674-9290 HARRY R. ERWIN (herwin@osf1.gmu.edu) wrote: I have been receiving 'junk email' from a commercial advertiser, netnet@access1.soundcity.net. I have politely asked them to put me on their 'do not contact' list, but I continue to find my mailbox filled with their stuff. What have people found to be the most effective recourse? These folks also spammed me. I tried the various replys to postmaster@ etc., but it all bounced. What did work was 'whois soundcity.net' which yielded: ------------------------------------------------------------------ Sound Computer Service (SOUNDCITY-DOM) 509 2nd Street Juniata Altoona, PA 16601 US Domain Name: SOUNDCITY.NET Administrative Contact, Technical Contact, Zone Contact: Dively, Joe (JD764) scsjoe@AOL.COM 814-942-7777 Record last updated on 27-Oct-95. Record created on 27-Oct-95. Domain servers in listed order: WWW.SOUNDCITY.NET 206.31.166.1 NS.MCI.NET 204.70.128.1 I phoned the number listed, spoke to a slightly surprised woman, and have not heard from them since. A more anarchic solution might be to call the 800# in some of their ads from pay phones. Your milage may vary though. -- Kevin McGuire .sig? My address book is gone and you want a .sig? ------------------------------ From: Bill McClatchie Date: 01 Jan 1996 12:42:06 -0500 Subject: Re: Unsolicited email Advertising Nightwolf said: For the first time in my life, I broke down and mailbombed another Internet E-mail address. What caused me to take such a step, was [snip] Has anyone else reading any of these newsgroups received the same pair of advertisements? If so, then what have you done, or what are you planning to do? I do three things: 1) I read the two net abuse groups and regularly add sites that either spam or allow thier customers to do so to my bozo filter to prevent myself from ever seeing them in my inbox. For new sites/forged e-mail I do the following. 2) I place the address of such spammers into my procmail bozo filter and forward to /dev/null. 3) I use whois to find out who supplies the idiots with service and forward the message to their postmaster. I also encrypt the entore messsage body and reply to the twits (sending the encrypted mess back) and tell them I am unsure what the mess is - but I don't want anything else from them. -- Bill McClatchie wmcclatc@nox.cs.du.edu http://nox.cs.du.edu:8001/~wmcclatc ------------------------------ From: wagnerj@watt.oedison.com (John Wagner) Date: 28 Dec 1995 19:46:27 GMT Subject: Re: Compuserve Censoring USENET Organization: Ohio Edison Company, Akron OH an280463@anon.penet.fi (Thurston J. Whistlestop) wrote: I use Compuserve to access the net. Recently (Around December 26) their USENET server had most of the alt* heirachy removed. I wrote to them to ask why. My letter and response (Unedited except for my pseduonym) are attached. What gives? This really scares the heck out of me. This is the same type of stuff that is in process here in the US as we speak. I don't want my kids into this stuff either. In fact, I'm not even interested in the typical censor targets. But instead of censoring for the whole country/world based on one person or groups definition of indecent, why doesn't the CC or somebody commission some freeware that limits the type of net access available from their computers? There are already some packages available that do this, but apparently these aren't good enough for some people. Ok, fine, write your own and give it away! -- John Wagner wagnerj@watt.oedison.com For Encrypted Mail: PGP Public Key Available upon Request ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 29 Dec 1995 17:41:21 GMT Subject: Re: Compuserve Censoring USENET Organization: The World Public Access UNIX, Brookline, MA Thurston J. Whistlestop wrote: I use Compuserve to access the net. Recently (Around December 26) their USENET server had most of the alt* heirachy removed. I wrote to them to ask why. My letter and response (Unedited except for my pseduonym) are attached. What gives? The Boston Globe reported today that CompuServe temporarily suspended access to "offensive" Usenet groups, including 200 selected by a "Munich official." German prosecutors said CompuServe must stop distributing illegal "obscenity" in Germany. Since CompuServe's entire network is run from servers in Columbus, Ohio, and they "don't possess any technology where we can block access in Germany and leave it open in France or anywhere else," CompuServe decided to remove the selected Usenet groups from its servers Dec 23. No charges have been filed by German authorities. One must wonder whether German authorities will be doing the same for the other major Internet Service Providers, or even academic, government, or commercial sites which have Usenet access from Germany. -- BCNelson (not a lawyer) ------------------------------ From: fyoung@oxford.net (F Young) Date: 01 Jan 96 00:24:09 EST Subject: Re: Compuserve Censoring USENET Thurston J. Whistlestop wrote: I use Compuserve to access the net. Recently (Around December 26) their USENET server had most of the alt* heirachy removed. I wrote to them to ask why. My letter and response (Unedited except for my pseduonym) are attached. What gives? By now, many people in Canada and USA have learn about this incident of CompuServe blocking access to certain newsgroups. A mailing from the e-mailing list of the Electronic Frontier Canada stated, contrary to what CompuServe's response, they were eager to block access to such newsgroups in anticipation to the pending "Internet Decency Act." If it is, in fact, the sole decision of CompuServe to block access to certain newsgroups, it could be a marketing decision. They probably expect to gain some customers while loosing others. There are, nonetheless, many independent ISP's which would gladly take in more business. We don't know for sure what the independent ISP's in Germany are doing. On the other hand, any government's attempt to block certain newsgroups would likely backfire. I would rather have adult materials restricted to adult newsgroups (like the current situation), rather than blocking those newsgroups and possibily making those seeking such materials to post randomnly to the remaining newsgroups. Of course, government have the power to block access to the Internet, period. -- Fergus Young Ontario, Canada ------------------------------ From: Rod Swift Date: 29 Dec 1995 23:49:42 -0500 (EST) Subject: Re: Compuserve Censoring USENET [long] CBS Radio is reporting that CompuServe has discontinued access to 200 "smutty" newsgroups (CBS' word, not mine) because of Germany's ban on electronic pornography. CompuServe cannot selectively discontinue access to them, so they chose to do so globally. I have no idea which particular newsgroups were discontinued. The soc.support.youth.gay-lesbian-bi moderators received this list. We note that the only soc.* sexuality group to be banned was our youth support group for gay youths. We note that soc.motss, soc.bi, soc.support.transgendered and soc.women.lesbian-and-bi were *not* cut off by compuserve, making me at least wonder why we were!: --------------------------------------------------------------------- The following is a list of all the Usenet groups censored by Compuserve on Friday, December 22, without notice. This list was provided by an employee of compuserve alt.binaires.pictures.erotica.teen alt.binaries.erotic.senior-citizens alt.binaries.multimedia.erotica alt.binaries.pictures.black.erotic.females alt.binaries.pictures.erotic.anime alt.binaries.pictures.erotic.centerfolds alt.binaries.pictures.erotic.senior-citizens alt.binaries.pictures.erotica alt.binaries.pictures.erotica.amateur.d alt.binaries.pictures.erotica.amateur.female alt.binaries.pictures.erotica.amateur.male alt.binaries.pictures.erotica.animals alt.binaries.pictures.erotica.anime alt.binaries.pictures.erotica.art.pin-up alt.binaries.pictures.erotica.balls alt.binaries.pictures.erotica.bears alt.binaries.pictures.erotica.bestiality alt.binaries.pictures.erotica.black.females alt.binaries.pictures.erotica.black.male alt.binaries.pictures.erotica.blondes alt.binaries.pictures.erotica.bondage alt.binaries.pictures.erotica.breasts alt.binaries.pictures.erotica.butts alt.binaries.pictures.erotica.cartoons alt.binaries.pictures.erotica.cheerleaders alt.binaries.pictures.erotica.d alt.binaries.pictures.erotica.disney alt.binaries.pictures.erotica.female alt.binaries.pictures.erotica.female.anal alt.binaries.pictures.erotica.fetish alt.binaries.pictures.erotica.fetish.feet alt.binaries.pictures.erotica.fetish.hair alt.binaries.pictures.erotica.fetish.latex alt.binaries.pictures.erotica.fetish.leather alt.binaries.pictures.erotica.furry alt.binaries.pictures.erotica.gaymen alt.binaries.pictures.erotica.latina alt.binaries.pictures.erotica.male alt.binaries.pictures.erotica.male.anal alt.binaries.pictures.erotica.midgets alt.binaries.pictures.erotica.oral alt.binaries.pictures.erotica.orientals alt.binaries.pictures.erotica.plushies alt.binaries.pictures.erotica.pornstar alt.binaries.pictures.erotica.pornstars alt.binaries.pictures.erotica.pre-teen alt.binaries.pictures.erotica.pregnant alt.binaries.pictures.erotica.redheads alt.binaries.pictures.erotica.spanking alt.binaries.pictures.erotica.tasteless alt.binaries.pictures.erotica.teen alt.binaries.pictures.erotica.teen.d alt.binaries.pictures.erotica.teen.female alt.binaries.pictures.erotica.teen.fuck Teens alt.binaries.pictures.erotica.teen.male Teens alt.binaries.pictures.erotica.terry.agar alt.binaries.pictures.erotica.transvestites alt.binaries.pictures.erotica.uncut alt.binaries.pictures.erotica.urine alt.binaries.pictures.erotica.voyeurism alt.binaries.pictures.erotica.young alt.binaries.pictures.groupsex alt.binaries.pictures.lesbians alt.binaries.pictures.lolita.misc alt.binaries.pictures.nude.celebrities alt.binaries.sounds.erotica alt.homosexual alt.magick.sex alt.magick.sex.angst alt.motss.bisexua-l alt.politics.sex alt.recovery.addiction.sexual alt.recovery.sexual-addiction alt.religion.sexuality alt.sex alt.sex.aliens alt.sex.anal alt.sex.animals alt.sex.asphyx alt.sex.balls alt.sex.bears alt.sex.bestiality alt.sex.bestiality.barney alt.sex.bestiality.hamster.duct-tape alt.sex.bondage alt.sex.bondage.furtoonia alt.sex.bondage.sco.unix alt.sex.boredom alt.sex.boys alt.sex.breast alt.sex.brothels alt.sex.carasso alt.sex.children alt.sex.cthulhu alt.sex.disney alt.sex.doom.with-sound alt.sex.dylan alt.sex.enemas alt.sex.erotica.market.place alt.sex.erotica.marketplace alt.sex.escorts.ads alt.sex.escorts.ads.d alt.sex.exhibitionism alt.sex.extropians alt.sex.fat alt.sex.femdom alt.sex.fencing alt.sex.fetish.amputee alt.sex.fetish.diapers alt.sex.fetish.drew-barrymore alt.sex.fetish.fa alt.sex.fetish.fashion alt.sex.fetish.feet alt.sex.fetish.hair alt.sex.fetish.jello alt.sex.fetish.motorcycles alt.sex.fetish.orientals alt.sex.fetish.peterds.momma alt.sex.fetish.power-rangers.kimberly.tight-spandex alt.sex.fetish.robots alt.sex.fetish.scat alt.sex.fetish.size alt.sex.fetish.smoking alt.sex.fetish.sportswear alt.sex.fetish.startrek alt.sex.fetish.the-bob alt.sex.fetish.tickling alt.sex.fetish.tinygirls alt.sex.fetish.trent-reznor alt.sex.fetish.waifs alt.sex.fetish.watersports alt.sex.fetish.wet-and-messy alt.sex.fetish.white-mommas alt.sex.fetish.wrestling alt.sex.first-time alt.sex.fish alt.sex.furry alt.sex.gangbang alt.sex.girl.watchers alt.sex.girls alt.sex.guns alt.sex.hello-kitty alt.sex.historical alt.sex.homosexual alt.sex.incest alt.sex.intergen alt.sex.jesus alt.sex.jp alt.sex.magazines alt.sex.marsha-clark alt.sex.masturbation alt.sex.midgets alt.sex.modem-kamikaze alt.sex.motss alt.sex.movies alt.sex.necrophilia alt.sex.nudels.me.too alt.sex.oral alt.sex.orgy alt.sex.pedophilia alt.sex.pedophilia.boys alt.sex.pedophilia.girls alt.sex.pedophilia.pictures alt.sex.pedophilia.swaps alt.sex.pictures alt.sex.pictures.d alt.sex.pictures.female alt.sex.pictures.male alt.sex.plushies alt.sex.pre-teens alt.sex.prostitution alt.sex.reptiles alt.sex.safe alt.sex.services alt.sex.sgml alt.sex.sm.fig alt.sex.snakes alt.sex.sounds alt.sex.spanking alt.sex.stories alt.sex.stories.d alt.sex.stories.gay alt.sex.stories.hetero alt.sex.stories.moderated alt.sex.stories.tg alt.sex.strip-clubs alt.sex.super-size alt.sex.swingers alt.sex.tasteless alt.sex.telephone alt.sex.toons alt.sex.trans alt.sex.ugly alt.sex.uncut alt.sex.video-swap alt.sex.voxmeet alt.sex.voyeurism alt.sex.wanted alt.sex.wanted.escorts.ads alt.sex.watersports alt.sex.weight-gain alt.sex.wizards alt.sex.young alt.sex.zoophile alt.sexy.bald.captains alt.stories.erotic alt.support.disabled.sexuality alt.tv.tiny-toon.sex clari.news.crime.sex clari.news.gays clari.news.sex aus.sex de.talk.sex es.alt.sexo fido.ger.sex fido.sex-ger fido7.ru-sex fido7.ru-sex.adv fido7.russian-sex finet.sex fiod7.other.russian.sex fiod7.ru.sex gay-net.behinderte gay-net.btx-ecke gay-net.coming-out gay-net.dfue gay-net.erotic-stories gay-net.gruppen.general gay-net.guide.bundesweit gay-net.guide.weltweit gay-net.haushalt gay-net.international gay-net.kontakte gay-net.labern gay-net.lederecke gay-net.spiele gay-net.test rec.arts.erotica shamash.gayjews slo.sex soc.support.youth.gay-lesbian-bi t-netz.sex t-netz.sex-stories tw.bbs.sci.sex ucb.erotica.sensual uw.alt.sex.beastiality uw.alt.sex.bestiality uw.alt.sex.bondage uw.alt.sex.stories uw.alt.sex.stories.d zer.t-netz.sex ------------------------------ From: "Mario M. Butter" Date: 28 Dec 1995 18:21:16 -0500 (EST) Subject: Re: BC Commissioner Upholds Severing of Voter Addresses bo774@freenet.carleton.ca (Kelly Bert Manning) Canada has a much less efficient electoral process than countries such as the US which have a single piece of legislation for all levels of government and a single electoral process. The US has different laws in each state; indeed one state (Louisiana) has laws modeled after the French legal system rather than English common law. In some states, the voter registration lists are public information. -- Mario M. Butter |GAT d++$ H>++ s:+ !g !p au+ a? w+++ v++(-) C++ mbutter@tower.clark.net |UL++++$ P+>++++ L++>++++ 3 N+++ E--- K-- W--- gaummb@fnma.com |M-- V-- -po+ Y+ t++ 5++ jx R++ G' tv+++ b+++ !D #include |B-- e* u*@ h---- f* r+++ !n y** GeekCode v2.1 ------------------------------ From: les@Steam.Stanford.edu (Les Earnest) Date: 29 Dec 1995 08:49:12 GMT Subject: Re: Racial Classification Organization: Computer Science Department, Stanford University Gary McGath writes: An issue which I haven't seen discussed much on this forum is how to deal with requests to categorize oneself racially. Twice in the past two years I've been faced with such requests. My choice of racial classification is "mongrel," which I believe is the most accurate answer for all of us. Some years ago I got sufficiently annoyed by this nonsensical question to write an article about it -- see "Can computers cope with human races?" in Communications of the ACM, February 1989. -- Les Earnest (les@cs.stanford.edu) Phone: 415 941-3984 Computer Science Dept.; Stanford, CA 94305 Fax: 415 941-3934 ------------------------------ From: Graham Smith Date: 31 Dec 1995 01:55:42 +0000 Subject: Re: Racial Classification Organization: Kildwick Smith (Consulting Engineers) Gary_McGath (gmcgath@mv.MV.COM) writes: A little more recently, I received a questionnaire from a company in Georgia for which I'd done some consulting services. This one didn't directly ask for my race, but rather asked if I was a "minority-owned business." This time, I sent back an angry refusal to answer the questionnaire at all. Surely the answer that your shareholders would wish to hear is that your company is a majority-owned business? -- Graham Smith (gks@acm.org) :-) ------------------------------------------------------------------ To experience a Laufschrift applet take a look at the new Kildwick Smith (Consulting Engineers) site "http://www.compulink.co.uk/~ks" ------------------------------------------------------------------ ------------------------------ From: David Beiter <0006351762@mcimail.com> Date: 31 Dec 95 22:23 EST Subject: Re: Racial Classification gmcgath@mv.MV.COM (Gary McGath) asked: An issue which I haven't seen discussed much on this forum is how to deal with requests to categorize oneself racially. Twice in the past two years I've been faced with such requests. When given the choice, I mark SEX YES RACE NO If that doesn't work then I try OTHER then I try NATIVE AMERICAN and claim to be Mohegan. I defy you to prove otherwise. Actually, I tend to stay away from places where they have any interest in my racial background. It has been 20 years sine I had a mortgage, so I don't remember much about what was on the application. And I certainly would not consult for any company who had any interest in knowing the racial composition of the owners of my company. I just don't do business with that sort of [excretive deleted], except at gunpoint. -- David P Beiter , ___ (( _.-| | _-~-_ || { | | (o o(_)___ _) ) "-.|___| _.( Y ) \. `O / .--'-`-. _((_ `^-' /__< \ .+|______|__.-||__)`-'(((/ ((_d On the Internet, no one need know that you are really a dawg. ------------------------------ From: JF_Brown@pnl.gov (Jeff Brown) Date: 02 Jan 1996 23:59:53 +0000 (GMT) Subject: Re: Racial Classification Organization: Battelle Pacific Northwest Labs gmcgath@mv.MV.COM says... An issue which I haven't seen discussed much on this forum is how to deal with requests to categorize oneself racially. Twice in the past two years I've been faced with such requests. Actually, I think that both of those requests were motivated by Federal laws or regulations which require 1) non-discrimatory lending; and, 2) encouragement of minority-owned business. Every lending application I've seen having that question indicates that supplying the data is optional. I know that the business category is used to differentiate between otherwise similar suppliers when a government contractor is making a decision of which supplier to select. It seems well-meaning, which doesn't mean you should provide the information. -- Jeff Brown JF_Brown@Pnl.gov ------------------------------ From: "Mario M. Butter" Date: 28 Dec 1995 18:29:28 -0500 (EST) Subject: Re: Racial Classification gmcgath@mv.MV.COM (Gary McGath) writes: An issue which I haven't seen discussed much on this forum is how to deal with requests to categorize oneself racially. Twice in the past two years I've been faced with such requests. These are mandated by Federal Law to track the company's compliance with Affirmative Action laws. The company is not `racially categorizing' you, the government is. -- Mario M. Butter |GAT d++$ H>++ s:+ !g !p au+ a? w+++ v++(-) C++ mbutter@tower.clark.net |UL++++$ P+>++++ L++>++++ 3 N+++ E--- K-- W--- gaummb@fnma.com |M-- V-- -po+ Y+ t++ 5++ jx R++ G' tv+++ b+++ !D #include |B-- e* u*@ h---- f* r+++ !n y** GeekCode v2.1 ------------------------------ From: gkastane@scsn.net (George Kastanes) Date: 29 Dec 1995 17:09:45 -0500 Subject: Re: Racial Classification gmcgath@mv.MV.COM (Gary McGath) writes concerning his objections to be racially categorized. What is overlooked here I think are two factors. First, the constant and irriating tendency of the bureaucratic mind to know everything about everyone, and more important, the motivating factor that allows - no - encourages businesses to solicit this kind of information. There is little we can do about the government "urge" to collect information. We can however eliminate some of the motivation. The organizations that Mr. McGrath refers to are both in a position to be rewarded if they can demonstrate an acceptable level of involvement with minorities. Mortgage companies in particular are under a lot of pressure for failing to adhere to equal opportunity lending; many contractors are burdened with minority set aside rules that tend to filter down. The point is that both entities are subtly coerced through economic motivation to invade privacy for the purpose of gathering statistical data. If we eliminate the concern - i.e. stop worrying about numbers and percentages of minorities vs. non minorites, a lot of this prying will go away. ------------------------------ From: gkastane@scsn.net (George Kastanes) Date: 02 Jan 1996 17:41:53 -0500 Subject: Re: The Year We Struggled with On-line Censorship Greg DesElms wrote a very interesting essay on the issue of computer censorship and the internet. I must however point out that Greg is sadly resorting to allowing the same concessions which he alerts us to as being dangerous when applied at a different level. The real issue is whether the internet or any media should be subject to censorship at all under any circumstances. Greg asserts that there must be a way to protect children from " premature exposure to prurient materials which could not possibly be of any rational educational value to them". Why is this a concern to the contents of a medium which is addressed to adults? The thrust here should be to give parents and educators the tools, via filtering software etc., to limit what the children are able to be exposed to - not to regulate the entire medium even to the extent of existing laws. We have laws that preclude dissemination of pornography based on community standards. That entire concept is in and of itself patently absurd. Again, we are saying because the majority in a given community finds something objectionable, it should be available to no one. I am as opposed to child pornography and explitation of children as anyone, but at the same time, once the issue of censorship becomes one of degree, then the entire battle is lost and you might as well accept an Orwelian scenario. It makes little logical difference between saying child pornography is illegal, solely because of its content, than it does to say "prurient materials with no educational value" is illegal than to say uttering the word "breasts" is illegal. It is merely a question of degree and timing. The key is to allow people to be responsible for their own conduct and behavior. If you do not elect to view or read blatnant pornography, you have the option not to read or view it. If you have elected to bring children into this world, you (not the rest of us) have undertaken the responsibility to raise them and determine what it is they can and cannot see and read. I find in highly self-centered and arrogant on the part of some parents (and I too am a parent) to expect - no demand - that the media that their children may have access to due to technological develoments be purified so that they themselves can escape the obligation and burden of determining that their children may have access to. ------------------------------ From: "Prof. L. P. Levine" Date: 02 Jan 1996 15:03:39 -0600 (CST) Subject: Cyberspace wiretap leads to arrests Organization: University of Wisconsin-Milwaukee Taken from RISKS-LIST: Risks-Forum Digest Tuesday 2 January 1996 Volume 17 : Issue 59 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator From: David Kennedy <76702.3557@compuserve.com> Date: 31 Dec 95 04:46:21 EST Subject: 1st Net Wiretap (& CompuServe too) Compiled from various wire services extracted from CompuServe's Executive News Service: Cyberspace wiretap leads to arrests UPI Northeastern US 29/12/95 14:46 By TRACEY L. MILLER NEW YORK, Dec. 29 (UPI) -- The G-men have started bugging cyberspace. The U.S. Secret Service announced Friday that a court-sanctioned wiretap on the Internet has led to the arrests of three people who allegedly advertised the sale of illegal electronic surveillance devices through the on-line service, CompuServe. "These arrests offer a glimpse into what crime and law enforcement will look like in the 21st century," Brooklyn U.S. Attorney Zachary Carter said at a Manhattan news conference. "Criminals are adjusting to new means of communications in the same way we are." o Bernard Bowitz a German national, his estranged wife, Rachel, and Gregory Brooks of Seattle were arrested. o Seizures included a cellular phone cloning equipment: a "Lifetime Phone" capable of storing 99 stolen Mobile Identification Numbers (MIN) and Electronic Serial Number (ESN) combinations; a "Celltracker" that also allows the caller to eavesdrop on any nearby cellular conversation, and an "ESN Reader", which allows the user to steal the MIN/ESN combinations. Also seized laptop computers, scanners, covert transmitters and receivers hundreds of cellular phones and a satellite cellphone. Some covert transmitters were disguised as a three-pronged wall socket and a fountain pen. o AT&T Wireless Services Security noticed Bowitz's ads on CompuServe. They verified what he was offering and tipped the US Secret Service (USSS) and the Drug Enforcement Agency (DEA). Bowitz also advertised openly on a World Wide Web site. The Department of Justice and the U.S. district court gave investigators authorization to monitor the trio's outgoing and incoming CompuServe E-mail messages, the first time permission for such a wiretap over the Internet has ever been granted. "This authorization was critical, since Bernhard and Rachel Bowitz, and Gregory Brooks, perhaps believing that Internet communications were immune from interception, spoke relatively openly in their E-mail communications," said Brian Gimlett, who heads the Secret Service's New York Field Office. o Operation has been ongoing for several months and ran from New York City to Seattle, Las Vegas and Hong Kong. o Bowitz communicated with an undercover DEA agent by e-mail and met him several times for buys. Bowitz also was laundering US$225K believed to have come from drug trafficking. "The significance of this case should not be minimized," said Gimlett. "This case has substantially impeded the spread of technology that would undercut law enforcement's ability to conduct effective electronic surveillance, endanger the telecommunications and international business community and intrude upon the public's right to privacy." o All three charged with wire fraud, the manufacture and sale of illegal intercepting devices, and conspiracy. Bernhard Bowitz, alone, was charged with money laundering. Bowitz is in the grey-bar hotel pending US$500K bail. His wife is out and about on bond in Las Vegas. Brooks was arrested in New York and is free pending his arraignment next month. o Joint investigation included AT&T and the New York Electronic Crime Task Force. The task force includes USSS, DEA and the New York Police Department. "The Internet has become the new battleground for law enforcement to fight crime," said Gimlett. Dave Kennedy [US Army MP] [CISSP] Volunteer SysOp National Computer Security Association Forum on CompuServe ------------------------------ From: "Mario M. Butter" Date: 28 Dec 1995 18:24:35 -0500 (EST) Subject: Re: Risks of Checking Accounts Diann <71600.621@CompuServe.COM> writes: However, I've noticed that many places which want account numbers get all bent out of shape if they don't get it. I almost screwed up my car insurance payment by forgetting to write the insurance account number on the memo line; this dispite the fact the silly thing was listed on the sheet of paper from the insurance company that I sent back with my check. I've found that most companies, if sent a check that does *not* include an account number will have someone (I guess some sort of `pre-processing' employee) write the account number in the memo field. I have never included the account information on my checks, but they almost always have them when I get the checks back. -- Mario M. Butter |GAT d++$ H>++ s:+ !g !p au+ a? w+++ v++(-) C++ mbutter@tower.clark.net |UL++++$ P+>++++ L++>++++ 3 N+++ E--- K-- W--- gaummb@fnma.com |M-- V-- -po+ Y+ t++ 5++ jx R++ G' tv+++ b+++ !D #include |B-- e* u*@ h---- f* r+++ !n y** GeekCode v2.1 ------------------------------ From: Galkin@aol.com Date: 02 Jan 1996 12:58:13 -0500 Subject: The Computer Law Report #15 *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ THE COMPUTER LAW REPORT *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ December 28, 1995 [#15] prepared by William S. Galkin, Esq. ===================================== GENERAL INFO: The Computer Law Report is distributed (usually) weekly for free and is prepared by William S. Galkin, Esq. The Report is designed specifically for the non-lawyer. To subscribe, send e-mail to galkin@aol.com. All information contained in The Computer Law Report is for the benefit of the recipients, and should not be relied on or considered as legal advice. Copyright 1995 by William S. Galkin. ===================================== *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ ELECTRONIC PRIVACY RIGHTS: THE WORKPLACE *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ [This is the second of a series of articles discussing privacy rights in the digital age.] With the rise of technology there arose a fear of surveillance. However, George Orwell's 1984 passed us by without noticeable big brother control, and the national concern over espionage diminished with the demise of the U.S.S.R. These past threats were concerns over the use of technology by governments that had sufficient resources to use the technology for sinister purposes. The new threat is not technology in the hands of government, it is technology alone. What once required massive manpower, now requires merely a personal computer. Technology has made the power to monitor others widely available, whether to governments, private enterprise or individuals. This article discusses some of the laws applicable to the monitoring of employees in the private workplace. An employee, by the very nature of the employment relationship, must be subject to some level of monitoring by the employer. However, this monitoring has limits. Courts have held that it is a tortuous invasion of privacy for an employer to monitor employee telephone conversions. Similarly, mail carried through the U.S. postal service is granted a high level of protection. However, much employee communication now takes place over private and public networks via e-mail, or voice mail. These forms of communication are very different from telephone calls and letters. For example, after transmission and receipt, these communications are stored for an indefinite period of time on equipment under the exclusive control of the employer. Additionally, these communications can be examined without the knowledge of the communicators. As is often the case, the law has difficulty keeping pace with the issues raised by fast changing technology. Electronic Communications Privacy Act - In the federal sphere, only the Electronic Communications Privacy Act of 1986 (ECPA) directly prohibits the interception of e-mail transmissions. The ECPA prohibits the interception by (1) unauthorized individuals or (2) individuals working for a government entity, acting without a proper warrant. The ECPA is mostly concerned with the unauthorized access by employees or corporate competitors trying to find out valuable information. However, while there is no specific prohibition in the ECPA for an employer to monitor the e-mail of employees, the ECPA does not specifically exempt employers. The ECPA has several exceptions to the application of the prohibition of interception of electronic communications. The three most relevant to the workplace are (1) where one party consents, (2) where the provider of the communication service can monitor communications, and (3) where the monitoring is done in the ordinary course of business. The first exception, consent, can be implied or actual. Several courts have placed a fairly high standard for establishing implied consent. For example one court held that "knowledge of the capability of monitoring alone cannot be considered implied consent." Accordingly, for an employer to ensure the presence of actual consent, it should prepare, with advice of counsel, a carefully worded e-mail Policy Statement which explains the scope of employer monitoring. This Policy Statement should be signed by the employees. One example of how this Policy Statement needs to be carefully written is that if it states that personal communications will be monitored only to determine whether there is business content in the communications, then this would probably not amount to consent to review the full text of personal communications. Additionally, notice that communications might be monitored may have a significantly different legal affect than a notice stating that communications will be monitored. The second exemption is that the ECPA exempts from liability the person or entity providing the communication service. Where this service is provided by the employer, the ECPA has been interpreted as permitting the employers broad discretion to read and disclose the contents of e-mail communications, without the employee's consent. However, employers should not rely on this exception, because it might not apply in all cases, such as to incoming (as opposed to internal e-mail) if the e-mail service is provided by a common carrier (e.g., America Online or MCI mail, which are not provided by the employer). Under the third exception, courts will analyze whether the content of the interception was business or personal and allow the interception of only business-content communications. State laws - State tort laws are often viewed as the primary sources of protection for privacy of electronic communications. The most common tort that would apply is the tort of invasion of privacy. This tort occurs where "one who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person." This tort does not require that personal information be actually acquired, disclosed or used. However, the intrusion must be intentional and highly offensive to a reasonable person. Additionally, there must be a reasonable expectation of privacy by the employee. Employees often believe that their communications are private because they have a password which they can select and change independently or because they are communicating through outside common carriers. Cases have often turned upon whether this belief was reasonable given the fact that the employer had the ability all along to access the files, though the employees were not aware of this. In determining the outcome, courts will weigh the reasonableness of the employee's expectation of privacy against the business interest of the employer in monitoring the communication. However, it is important to emphasize that in the final analysis courts have traditionally held that legitimate business interests permit employers to intercept communications. Additionally, state constitutions might provide some protection. A number of state constitutions provide a specific right of privacy. But, only California has specifically determined that its constitution provides a cause of action against nongovernmental entities. However, even in California, the courts will give significant weight to the business interests of the employer. Conclusion - As discussed, much of the law of privacy in the workplace turns on the reasonable expectation of privacy. When evaluating different situations, it is important to keep in mind that the law in this area is a moving target, as recently expressed by Professor David Post of Georgetown University Law Center (in The American Lawyer, October 1995) "until we have all spent more time in this new electronic environment, who can say what our expectations really are --let alone whether they are reasonable?" In the workplace, federal and state laws provide some protection to employee communications. However, this protection is quite limited. Until the law develops further, employers should prepare carefully drafted Policy Statements that explain how the employer intends to monitor employee communications. And employees, even in the absence of such Policy Statements, would be well advised to consider their communications available and accessible to the employer. Also, where privacy is an issue, employees and employers can create a more productive work environment if they work together to jointly develop a Policy Statement that balances the legitimate interests of both the employer and the employees. ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #002 ****************************** .