Date: Thu, 23 May 96 12:10:11 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#041 Computer Privacy Digest Thu, 23 May 96 Volume 8 : Issue: 041 Today's Topics: Moderator: Leonard P. Levine Re: Automated Toll Collection Re: Automated Toll Collection Re: Automated Toll Collection Re: Automated Toll Collection Re: Biometric Encryption Re: Biometric Encryption Re: Privacy Phone Guard Re: FDA Approves At-Home HIV Test Re: FDA Approves At-Home HIV Test Re: Georgia Law Could Prohibit Web Links A Privacy Scenario FTC Online Workshop on Privacy Free PGP shell available for Windows Drafts of Medical Records Privacy Legislation Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: dan@dvl.co.nz (Dan Langille) Date: 19 May 1996 21:10:12 GMT Subject: Re: Automated Toll Collection Organization: DVL Software Limited References: Jonathon Blake wrote: Do you seriously expect banking institutions to admit to that? Banks would not have to admit it. Consumers would. And the media would be sure to publicize it. I stand by my original question. Have credit card numbers ever been stolen in transit? Packet sniffers, located at any router between here and there. Any large computer exposition in the US will have several packet sniffers running. Yes, I know of packet sniffers and how they work, and of their availability. That does not affect the question. The key is to get into the router first. As I said, it is possible, but it's not probable. -- Dan Langille DVL Software Limited - Wellington, New Zealand ------------------------------ From: johnl@iecc.com Date: 21 May 96 11:26 EDT Subject: Re: Automated Toll Collection Organization: I.E.C.C., Trumansburg, N.Y. Do you seriously expect banking institutions to admit to that? Considering how Master Card, Visa, and every bank around have been telling us how dangerous it is to send info over the Net, I'd expect reams of press releases headlined "we told you so" if it happened. (They want us to buy the super duper security packages they're busy developing.) Everything I've seen says that losses from credit card usage on the net are slightly lower than for regular 800-based mail order. It never fails to amaze me that people who will give their actual physical credit cards to a minimum wage clerk at the convenience store without a moment's thought worry about packet sniffers smuggled into an MCI POP or some such. Yes, a bad guy could with some effort snarf and untangle enough packets to find some credit card numbers from the net, but it's a whole lot easier to go dumpster diving behind a restaurant, and in the process get slips with both numbers and the matching signatures. I'm all in favor of making network transactions as secure as possible, but to claim that they're significantly more risky today than conventional credit card transactions is just silly. -- John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof ------------------------------ From: johnl@iecc.com (John R Levine) Date: 21 May 96 16:25 EDT Subject: Re: Automated Toll Collection Organization: I.E.C.C., Trumansburg, N.Y. Do you seriously expect banking institutions to admit to that? Considering how Master Card, Visa, and every bank around have been telling us how dangerous it is to send info over the Net, I'd expect reams of press releases headlined "we told you so" if it happened. (They want us to buy the super duper security packages they're busy developing.) Everything I've seen says that losses from credit card usage on the net are slightly lower than for regular 800-based mail order. It never fails to amaze me that people who will give their actual physical credit cards to a minimum wage clerk at the convenience store without a moment's thought worry about packet sniffers smuggled into an MCI POP or some such. Yes, a bad guy could with some effort snarf and untangle enough packets to find some credit card numbers from the net, but it's a whole lot easier to go dumpster diving behind a restaurant, and in the process get slips with both numbers and the matching signatures. I'm all in favor of making network transactions as secure as possible, but to claim that they're significantly more risky today than conventional credit card transactions is just silly. -- John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof ------------------------------ From: ipcab@planet.eon.net Date: 21 May 1996 21:49:18 GMT Subject: Re: Automated Toll Collection Organization: Public Live Access Network (PLAnet) References: dan@dvl.co.nz (Dan Langille) wrote: I do not feel worried about passing my credit card details over the internet. Is there any [documented] case of credit card details being stolen whilst in transmission? Such transmissions must happen thousands of times daily. Surely, if it was a reasonablely easy way to capture data, it would be done. But it isn't easy. Sure it's possible, but it's not probable. For that matter, encryption won't stop. It will still be possible but a little less probable. In response, might I respectfully suggest that you should be concerned about sending any personal information out over the internet, especially if you are not using some encryption or other security package. You are correct in pointing out that it is difficult to obtain documented information about credit card numbers being stolen and subsequently used improperly. This is the type of information that Credit Card companies are not keen that the general public know since it questions the security and reliability of their product. In any case, let me point you to information that, while not statistics on the number of stolen credit cards, should concern you. First, in a post to comp.society.privacy by Professor L.P. Levine on January 31 of this year, he quotes a Simson Garfunkel article (San Jose Mecury News). The article describes a company called First Virtual Holdings that developed a program that was designed to steal credit card numbers from unsuspecting computer users. While the program was itself developed to illustrate a point and therefore was not used maliciously, this possibility remains. Other kinds of packet sniffing programs are prevalent, to the point that they are presenting a major threat to transaction security. PC Magazine (June 13, 1995) writes: "electronic commerce is expected to take off" once companies can assuage consumer's concerns about using credit cards on the Net. There is no doubt that supplying credit cards on the Net will work, "but if you send uprotected credit information over the security-imparied Internet, you will risk losing it to data-tapping infohighwaymen." (TIME, June 12, 1995) It also seems to me that one of the motivations behind the creation of the CLIPPER initiative or the use of PGP is to discourage inadvertant or intentional eavesdropping. Similarly, the emergence of David Chaum's Digicash is to allow secure transmission of moneys over the Internet. As things stand today, without encryption, sending personal information is foolish. Ned Snell wrote in his 1995 book "Curious about the Internet" (P. 94) that "Just as hackers and uscrupulous system administrators have the power to read others' e-mail, they could EASILY steal credit-card numbers, use them to make purchases, and then cover up their tracks before the credit card owner knows what's happening." Even if the system administrator were not involved, emailed information could still be tapped. Andre Bacard (Computer E-Mail Privacy miniFAQ, 95/2/25) writes "most electronic mail is notoriously UNPRIVATE [his emphasis]. E-mail is less secure and in many ways more dangerous than sending your personal or business messages on a postcard." All you have to do is watch alt.hackers to find an intrusion tool kit that will teach you how to listen to private E-mail between users. If this type of information is openly accessable, and if all sorts of experts are warning against sending credit card and other personals over the net in an insecure fashion, shouldn't you be too? ------------------------------ From: Charles Bryant Date: 19 May 1996 23:21:16 GMT Subject: Re: Biometric Encryption References: Phil Agre wrote: ...fingerprint biometrics... I am curious if anybody knows of any criticisms of this approach. Two possible problems seem obvious. Firstly, it is very easy to get someone's fingerprints. We can't avoid leaving prints on vast numbers of everyday objects (e.g. drinks cans, door handles). Secondly, it seems that if it were widely used, muggers would start cutting off people's fingers when stealing their cards to be sure of being able to generate the fingerprints. ------------------------------ From: bgold@platinum.com (Barry Gold) Date: 21 May 1996 15:02:42 -0700 Subject: Re: Biometric Encryption I find myself troubled about the design of this particular biometric device. If the bad buys get hold of your "Bioscrypt", they can extract the text string by forcibly holding your finger against the authentication device. If the result comes out looking like a text string, it's yours and they have your encryption key, or whatever other "secret" is hidden in the "Bioscrypt". Much better, IMO, would be an arrangement like PGP, where you type in a text string (a "passphrase") _and_ press your finger on the device. That way you need a volitional act to extract the "secret", whatever it is. The passphrase needn't even be very long -- a 6 character password would probably be plenty -- as long as the authentication device is well-designed(*). Even if the "bad guys" in this case are the government and they have found a way around the 5th amendment -- like claiming that forcing your encryption key out of you isn't "testimony" -- you can just supply a wrong passphrase and when the result isn't a useful encryption key you just say, "Sorry guys, guess that's not my Bioscrypt." (*) Some suggested design parameters: 1. The algorithm for encoding the text string and fingerprint representation includes a "magic" number that is known to only a very few people at the manufacturer. 2. An attempt to take the device apart to get the magic number destroys it irretrievably. (This feature is already built into some smart cards and suchlike.) 3. X-rays, Electron microscopy, etc. can't find the magic number. (ditto) 4. The device will perform a small number of decryptions at the rate of one per second or so (to allow for typing errors or problems reading the fingerprint). But after, say, 5 tries it will shut down for a minute or so. This prevents brute force attacks on the passphrase with the victim's finger held against the device -- after 5 tries you have to wait a while. Even if you have a _lot_ of devices, you have to keep moving the finger to a new one every five tries -- and coordinating it with whatever computer or other device you're using to generate passphrases. And you still only get 1 try a second. 5. (Probably the hardest): the device should be able to distinguish between the actual finger and a photo or a plastic replica of the finger. ------------------------------ From: Charles Bryant Date: 19 May 1996 23:21:08 GMT Subject: Re: Privacy Phone Guard References: chazl wrote: I really do not understand all the hullabaloo about how CallerID allegedly violates one's privacy. Here's the way I view it: If you walked up to my door and rang the doorbell with a bag over your head, would you be surprised that I would be unlikely to let you in? This is not a good analogy. A better one would be that before opening the door you would want to see the caller's car's registration number (U.S. license plate) or their bus or train ticket. The so-called `CallerID' does not identify the caller. It identifies the phone line that they are using. While you may have a legitimate claim for knowing who is calling you, I don't see any reasonable grounds for wanting to know the number of the phone they are calling from. Someone calls me and wants to talk to me. Why shouldn't I have the right to know who that individual is before I decide whether or not to grant that request? If you are demanding a *right*, the burden should be on you to prove the legitimacy of that right. ------------------------------ From: Charles Bryant Date: 19 May 1996 23:21:18 GMT Subject: Re: FDA Approves At-Home HIV Test References: Brian Gordon wrote: ... home HIV test ... According to today's news, each kit comes with a code number. After an appropriate wait, you call for the results from that code number. No name, no traceability. Probably not foolproof, but pretty good. Note that if you get someone drunk enough (or maybe just use a sharp enough needle when they're asleep?) this means you can get someone else secretly tested. ------------------------------ From: peter@baileynm.com (Peter da Silva) Date: 20 May 1996 18:19:33 GMT Subject: Re: FDA Approves At-Home HIV Test Organization: Network/development platform support, NMTI References: Dan Langille wrote: AFAIK, [As Far As I Know] the only hitch to the alleged privacy issue is caller id. Which I believe to be a separate issue. Also, reverse-engineering the codes. Hopefully they're protected by a checksum mechanism at least, so you don't get someone else's code by accident, and they aren't sold in sequential (or otherwise predictable) order (so you can't observe someone buying a kit, get the next one, and search the nearby number space to find out their results). -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. y opinions probably scare them ------------------------------ From: skg@sadr.com (Keith Graham) Date: 20 May 1996 01:32:49 GMT Subject: Re: Georgia Law Could Prohibit Web Links Organization: MindSpring Enterprises References: Monty Solomon writes: Legislation recently signed into law by Georgia Governor Zell Miller is aimed at preventing fraud in cyberspace, but the Chronicle of Higher Education recently reported that critics say it could force developers of World Wide Web pages to remove links to other pages. The law, the Chronicle reported, makes it a crime to "falsely identify" oneself on the Net, or to direct people to someone else's computer without the other person's explicit permission. Having read what is, I believe, the entire law, it does no such thing. First, let me say that I am a resident of Georgia. I think this law is at best ill-advised, as well as being redundant. However, a number of articles I have seen have been a bit hysterical. It does outlaw you "falsely indentifying" yourself. I'm not sure how a court will interpret this, and is the biggest danger represented by the law. (I.e. Is a blatant handle or anonymous identifier "falsely identifying" yourself?) However, the other part of the law prohibits use of trademarks or copyrighted material (paraphrased) "in excess of your legal authorization to do so." As long as I'm not violating trademark or copyright law, I am in no way threatened by putting anything on my Web page. My biggest concern is that, until such a matter is taken up in civil court, it is extremely difficult to determine what trademark or copyright laws (if any) have been broken. There is NO mention in the sections of the law I read that mentioned anything about "requiring permission." It merely requires "legal authorization or permission", which to the best of my knowledge, does not require anything from the trademark holder (as long as you do not exceed what the law allows.) With all this said, I am not a lawyer, and any lawyers out there should feel free to correct me. This is not legal advice, etc. etc. -- Keith Graham skg@sadr.com ------------------------------ From: martina@unibw-hamburg.de (Martina Schollmeyer) Date: 21 May 1996 19:07:26 GMT Subject: A Privacy Scenario Organization: University of Hamburg -- Germany For a research project on privacy, we would like to use the following scenario as part of a question. However, we want to make sure that this scenario does not break any laws, i.e., that there are no laws that would make the collection of data such as described here illegal. This scenario is a bit iffy, and we were told that this is questionable behavior at least in Germany. How about other countries? Any feedback with indication of the irespective laws and countries would be appreciated a lot. Sincerely, Martina Schollmeyer Your friend has recently acquired a new Internet browser for his/her computer which allows him/her to surf the world wide web from home. One day, using this new browser, he/she accesses a web page containing information about an Internet music store called ABC Music. The next day he/she receives an e-mail message with the following content: "Thank you for accessing our music site. We at ABC Music would like to add your e-mail address to our list of preferred customers. This will allow you to receive announcements about updates on our site and ordering discounts on a regular basis. Please reply to this message if you would like to be added to our mailing list." Your friend is surprised because he/she never entered his/her e-mail address or name into a form on that particular site. Your friend then finds out that some new browsers allow web sites to execute programs on the computer that is accessing the web site, possibly without the computer owner's knowledge. This feature allowed the music store to get your friend's login name and computer address to determine the complete e-mail address. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Martina Schollmeyer, Ph.D. University of the German Federal Armed-mail: martina@unibw-hamburg.de Forces at Hamburg phone: (+49)(40) 6541-2889 FB WOW fax: (+49)(40) 6541-2780 Holstenhofweg 85 http://www.sci.tamucc.edu/~martinas 22039 Hamburg/Germany +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------------------------------ From: Monty Solomon Date: 22 May 1996 11:49:54 -0400 Subject: FTC Online Workshop on Privacy Begin forwarded message: Date: 19 May 1996 14:41:06 -0700 From: Adam Starchild To: privacy@ftc.gov Subject: FTC Workshop on Consumer Privacy in Cyberspace FEDERAL TRADE COMMISSION WORKSHOP ON CONSUMER PRIVACY IN CYBERSPACE TO BE HELD IN JUNE 1996 The Federal Trade Commission's Bureau of Consumer Education will hold a public workshop on June 4 and 5 to focus on privacy issues in the online marketplace. The development of technologies such as the Internet and the World Wide Web has allowed online businesses to collect and use personal information about consumers, often without consumers’ knowledge or consent. The workshop will examine consumer privacy issues in this new marketplace, consumer and business education about the use of personal information online, and ways to enhance the growth of the online marketplace by fostering consumer confidence. Workshop topics will include the use of consumer information, the use of medical and financial information online, the collection and use of information about children, electronic approaches to protecting consumer privacy online, and the European Union's directive on the protection of personal data. The workshop will be open to the public and will be held on June 4, 1996 from 9:00AM to 5:00PM in Room 432 of the FTC headquarters building, 6th Street and Pennsylvania Avenue, N.W., in Washington, D.C. On June 5, 1996 the workshop will be held from 9:00AM to 12:30PM in Room 332 of the FTC headquarters building. The Bureau invites representatives of consumer groups, industry, government agencies, and other groups to take part in the workshop. Any person wishing to be considered for participation in the public workshop must file a written request, on or before May 24, 1996, to Martha Landesberg, Division of Credit Practices, Bureau of Consumer Protection, Federal Trade Commission, Washington, DC 20580. Posted by Adam Starchild Asset Protection & Becoming Judgement Proof at http://www.catalog.com/corner/taxhaven The privacy list is run automatically by the Majordomo list manager. Send a "help" command to majordomo@ftc.gov for assistance. ------------------------------ From: alpha1@znet.com Date: 23 May 1996 15:36:15 GMT Subject: Free PGP shell available for Windows Organization: zNET I have uploaded to Simtel.Net: http://www.simtel.net/pub/simtelnet/win3/email/pn123-01.zip ftp://ftp.simtel.net/pub/simtelnet/win3/email/pn123-01.zip pn123-01.zip Free Windows PGP shell for any e-mail program PGPn123 is a clipboard based PGP shell for Windows. It has the ability to connect with any other Windows based program and sit on top of it without obscuring other windows. PGPn123 can also run in manual mode, without being linked to another program. In this mode, it will stay on top of ALL windows, ready to exchange data between the clip board and PGP. Key management is included as a stand-alone module. Special requirements: None. Freeware. Uploaded by the author. Alpha1 Enterprises alpha1@znet.com ------------------------------ From: Monty Solomon Date: 19 May 1996 14:43:14 -0400 Subject: Drafts of Medical Records Privacy Legislation Excerpt from RISKS DIGEST 18.12 ------------------------------ Date: 14 May 1996 19:05:23 -0400 (EDT) From: James Love Subject: Drafts of Medical Records Privacy Legislation USent to RISKS via Stanton McCandlish . RISKS generally eschews such postings. However, this one may have broad appeal to readers in the U.S., and far-reaching implications. PGN~ Re: Getting Copies of "Discussion Drafts" of Med Privacy Bill Online This is a sign-on letter to Senators Kassebaum and Warner, asking that the Senate make copies of its "discussion drafts" of S. 1360, the Medical Records Confidentiality Act, on the Internet. The discussion drafts reflect the current versions of the controversial legislation, after negotiations between various Senators and lobbyists. Currently these drafts are only distributed in paper, and are mostly available to Washington DC lobbyists. Senator Kassebaum controls access to the discussion drafts, and Senator Warner is in charge of Senate rules on topics such as public access to Senate documents. The letter has been signed by Gary Ruskin, Director of the Congressional Accountability Project, Lori Fena, Director of the Electronic Frontier Foundation, James Love, Director of Consumer Project on Technology, and Jim Warren, a well known computer journalist and information activist. To add your name, send a note to Gary Ruskin at gary@essential.org. The letter follows: Senator Nancy Kassebaum, Chair Committee on Labor and Human Resources 428 Dirksen Senate Office Bldg Washington, DC 20510-6300 Senator John Warner, Chair Committee on Rules and Administration 305 Russell Senate Office Bldg Washington, DC 20510-6325 Dear Senators Kassebaum and Warner: We are writing to express the frustrations of many American citizens who cannot effectively monitor the actions of the U.S. Congress, because the Senate does not give ordinary citizens the same access to key legislative documents that it gives to interest groups that can afford full time lobbyists. Our immediate concern is the refusal of the Senate Labor Committee to provide online access to a series of discussion drafts of S. 1360, the Medical Records Confidentiality Act. This controversial legislation seeks to pre-empt state laws in favor of a federal system regulating access to personal medical records. The legislation is controversial and complex and the stake holders are many. Privacy and consumer groups say the legislation provides too much access and too little privacy, while industry groups are pressing for even easier access to identified medical records. The legislation was introduced last October. Beginning in April, the Committee on Labor and Human Resources has prepared several "discussion drafts" for a new chairman's mark. These drafts have been given to lobbyists, but the Committee staff has refused to make the text of the drafts available on the Internet where they would be readily available to the general public. As a consequence, as Equifax, IBM, Dun & Bradstreet, TRW, Blue Cross, Aetna, and other groups with full-time lobbyists read each and every new discussion draft, the general public mistakenly believes the October 24, 1995 version of the bill represents the relevant text of the legislation. Why keep the discussion drafts from the general public? The bill is very long, and it is costly and difficult to distribute the bill in the paper formats. Most citizens don't have any way of even knowing that the various discussion drafts even exist. With efforts to push for a rapid mark-up on S. 1360 it seems urgent to resolve this issue soon. More generally, however, the Senate should adopt new rules about access to the various types of "unofficial" drafts of bills, including committee prints, managers amendments, chairman's marks, and widely disseminated discussion drafts, which are the real stuff of the legislative process. The text of these important documents should be placed on the Internet for the benefit of the general public, as soon as they are made available to Washington lobbyists. Sincerely, Gray Ruskin, Director, Congressional Accountability Project (Member, Advisory Committee, Congressional Internet Caucus) gary@essential.org Lori Fena, Director, Electronic Frontier Foundation, lori@eff.org James Love, Director, Consumer Project on Technology, love@tap.org Jim Warren, tech-policy columnist and open-government advocate Government Technology Magazine, MicroTimes Magazine, etc. 345 Swett Rd., Woodside CA 94062; voice/415-851-7075 jwarren@well.com To add your name to this letter, send a note to Gary Ruskin. His contact info is: Gary Ruskin gary@essential.org 202/296-2787; fax: 202/833-2406 James Love, Center for Study of Responsive Law, P.O. Box 19367, Washington DC 20036 202/387-8030 Consumer Project on Technology; love@tap.org with webpages. ------------------------------ ------------------------------ From: "Prof. L. P. Levine" Date: 17 Mar 1996 09:14:50 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #041 ****************************** .