Date: Thu, 11 Jul 96 16:28:22 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V9#003 Computer Privacy Digest Thu, 11 Jul 96 Volume 9 : Issue: 003 Today's Topics: Moderator: Leonard P. Levine Re: What's the Word on Cookies? Bug-fix re-release of NS-DEMO Calif Man Arrested for Selling Fake SSN and ID's RE: Student Data Bases Re: California Caller ID News Privacy of eMail Address Tracking Police Calls TV Show on Encryption Needs People and Stories Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: kaxelson@panix.com Date: 07 Jul 1996 20:30:56 GMT Subject: Re: What's the Word on Cookies? Organization: PANIX Public Access Internet and Unix, NYC References: Ken Peterson wrote: What is the current wisdom on Netscape Cookies? I have tried to configure Netscape 3.0b4 (Macintosh) to "ask" before accepting a cookie, but some sites try to send 10-20 of the damn things during loading the first page and during the simplest navigation of their site. So endlessly clicking NO in the Ask dialog is a tremendous hassle. hgoldste@mpcs.com (Howard Goldstein) wrote: Interestingly enough one of these sites is www.anonymizer.com, a browser anonymizer! (and the other c2.org pages). If my xwindow cluttered with dialog boxes is any indication, c2's setup is quite insistent upon cookie passage. Aside from RTVReco, does anyone know of sw for win95 that can recognize pop up status messages from apps, and push buttons? RTVReco only analyzes the header of the box. Thus for the cookies message it isn't useful. -- Kevin ------------------------------ From: kevinmca@wizvax.net (Kevin McAleavey) Date: 10 Jul 1996 00:16:15 -0400 Subject: Bug-fix re-release of NS-DEMO Unfortunately, there was a bug in the first release of the demonstration program for my "NSClean" product which eliminates various databases and files kept by Netscape on individual user's machines. The bug affected those using version 2 of Netscape Navigator and has been fixed in a new release. If anyone tried the first attempt and it failed to work for them, it should be fine now. Netscape appeared to provide a means to deflect cookie feeds in their beta 4 version of Netscape 3.0 whereby a user could reject the cookie. In the new beta 5 release, Netscape has made the cookies hidden once again, rendering the user incapable of stopping them from entering their system. It would seem to me allowing the user the option of rejecting cookies was a good idea and I am surprised to see the capability has been removed. My NSClean program allows one to run NSClean and delete them at will along with other information Netscape plants on user's computers. The problems addressed by NSClean for Netscape also occurs in Microsoft's Internet Explorer and a number of other browsers, but alas, I was only able to put together a program for Netscape at this time because that's what I use and am familiar with. I am hoping to tackle IE as well as versions of Netscape for Macs in the future. I can't asy now when that may be as I refuse to put Windows95 on my machine (I was a beta tester) and I can't afford a Mac. I hope to deal with both situations soon. I am including clipped text from the announcement posted by the simtel.net archive to comp.archives.ms-windows.announce below in case anyone wants to take a peek at the demo and see what I'm talking about: I have uploaded to Simtel.Net: http://www.simtel.net/pub/simtelnet/win3/inet/ns-demo2.zip ftp://ftp.simtel.net/pub/simtelnet/win3/inet/ns-demo2.zip 157856 bytes ------------------------------ From: David Kennedy <76702.3557@CompuServe.COM> Date: 07 Jul 96 23:42:10 EDT Subject: Calif Man Arrested for Selling Fake SSN and ID's Cops bust suspected forger UPI Western US 7/4/96 1:50 PM OAKLAND, Calif., July 4 (UPI) -- An Oakland man suspected of selling counterfeit Social Security cards and birth certificates to drug dealers and illegal immigrants trying to escape the law was behind bars Thursday. ... Sgt. Ersie Joyner said investigators were tipped off to Adams' illicit business about two months ago when some of Adams' Hispanic customers complained to authorities that they were being charged more than other people for the phony documents. Using his home computer and a "desk jet" printer, Gregory Adams III, 36 allegedly charged Hispanics US$2,500 to US$5,000 for documents, while Caucasian and African-Americans were only charged US$250. Police say most of his customers were drug dealers seeking new, felony-free identification. Investigators seized a list of hundreds of names and Social Security numbers while raiding his home. The list will be used to try to identify Adams' customers, some of whom may be arrested, as well, police said. -- Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer Security Assoc. ------------------------------ From: Jeffrey Waters 000-000-0000 Date: 08 Jul 1996 07:43:13 -0400 (EDT) Subject: RE: Student Data Bases The state of Florida implemented and has in full use a complete data base of student information. The data base includes information on student demographics, student course information, disciplinary records, attendence information and numerous distict data groups. Most of the data is updated four times a year and once a year a cumulative transmission is made that gives an overview of the entire year. Each transmission period is called a 'survey.' If I remember correctly the original purpose of the reporting was to calculate funding for the school district. I believe all this started about 1987 or 88. The last time I had any contact with the system, a complete set of the descriptive manuals stood about 18-inches high. The information is supposed to replace the traditional 'cummulative folders' that were used for years. But I think once it was recognized the amount and depth of data available, the system has been continually ramped up to higher levels. As a student moves from county to county, their records are xmited to the next school district. The system was orginally set up to use a 'Florida Student Identifier' that was generated using a specific formula of district ID number (1 - 67) plus a school number plus a serialized number that represented the student. That serialized number was simple the next number available (first student got number 1, next student got 2, etc). The identifier was 10 bytes in length. Beginning in the early 90's the state begin moving to the SSN as the identifier but also keeping in place the FSI since the SSN could not be REQUIRED. This made for some interesting situations. Some data entry types decided (or misunderstood) and demanded the SSN from incoming students. Some schools even had forms requiring the SSN at the time incoming students were enrolled. A lot of 'if we put the field on the form and don't say anything, I'll bet they'll fill it out without any questions' went on. As I remember there was some movement by the US Dept of Educ. to require each state to establish a means of transferring some of the more basic student data between states. Tie this to funding and it will happen, I'm sure. Those of us that have worked on the systems have no doubt that the data will follow the student well beyond its educational purposes. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Jeff Waters w/\w/\w/\w watersj1@mail.firn.edu /\/\/\ | | "Research is what I'm doing | | when I don't know what I'm doing." | | - Wernher Von Braun | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------ From: mwilson@cts.com (Marc Wilson) Date: 09 Jul 1996 09:15:51 GMT Subject: Re: California Caller ID News Organization: What organization? References: Beth Givens wrote: The only response to this drivel I can make is the following: 1. I have an unlisted telephone number. I have ALWAYS had an unlisted number. 2. I elected minimum (per-call) blocking. 3. I have been badgering Pacific Bell for Caller ID service on a regular basis since it was first announced (for the last month, almost daily). I was finally able to sign up for it today. After today, those persons blocking will not be able to reach me via telephone except by prior arrangement. Why? Because, to me, it's an invasion of MY privacy if YOU can call me without my knowing who you are. You're coming into MY home. I have an unlisted number to minimize the telemarketers and other nuisances calling me. I have no problem with the party on the other end of any phone call I place knowing my name and number... they'll know who I am as soon as they pick up the phone, anyway. I respect THEIR privacy enough to allow them the choice of deciding whether or not they want to talk to me. If I had my way, there would be no blocking. At all. Ever. As for the CPUC, I wish they would dry up and blow away. If they represented my interests, they wouldn't have challenged the FCC on this in the first place. Just one person's opinion... -- Marc Wilson | SD Comic Con '96 Volunteer Coordinator Imperial Beach, CA | Check this URL for my home page & Con info: e-mail: mwilson@cts.com | `--> http://www.geocities.com/Athens/1148 ------------------------------ From: seidel@zenith.berkeley.edu (Chris Seidel) Date: 09 Jul 1996 15:40:40 -0800 Subject: Privacy of eMail Address Organization: UC Berkeley I'm writing to inquire as to the privacy of e-mail addresses. Recently someone sent me an e-mail which I temporarily posted on my website, virtually without comment. Within an hour the person who sent me the e-mail, wrote to tell me to remove it (which I did). They then went on to file a police report against me, even though I had not commented on their letter, but had simply posted it. The police found their complaint without merit, but I was told the person is pursuing a civil case against me (even though ALL I did was post their letter to me, I added no commentary regarding their character or any action against them). I hadn't meant at all to harass them, but had simply seen many websites with letters posted, and was simply posting it for information. They claimed that their e-mail address was not public information and that I was in trouble for posting it. I have been unable to find anything legally definitive on the issue of publicly posting a letter that someone sends to me. Most people seem to think it is legal to post a letter that one receives. Any comments would be helpful. -- Chris http://www.he.net/~seidel/ ------------------------------ From: Stanton McCandlish Date: 09 Jul 1996 16:21:43 -0700 (PDT) Subject: Tracking Police Calls This just in from JUSTINFO a.k.a. Justice Information (an electronic newsletter service sponsored by the U.S. Department of Justice, Office of Justice Programs...It provides the latest criminal justice news, information, services, and publications"): ***** A N N O U N C E M E N T S ***** <*> NATIONAL INSTITUTE OF JUSTICE (NIJ) * NIJ and HUD Working Together to Track Police Calls in Public Housing Developments NIJ and the Department of Housing and Urban Development (HUD) will develop a computerized geographic information system (GIS) to track emergency police calls and fight crime in public housing developments. Michael A. Stegman, HUD's Assistant Secretary for Policy Development and Research, and Jeremy Travis, Director of the Justice Department's National Institute of Justice, signed a memorandum of understanding to launch an 18-month project to develop a prototype GIS and test it in a selected housing development. Police statistics are usually not kept on relatively small divisions within census tracts, which prevents the collection of information on the precise location of criminal activity in a large public housing building. As GIS technology has become commercially available in recent years, some police departments have begun to use it to identify crime "hot spots." Once a GIS is operating, PHAs will use information they collect on incidents to form crime prevention strategies. The system will be customized to pinpoint police calls within a single public housing address, so that users of the system will be able to tell if an incident occurred in a particular apartment, a lobby, stairwell, playground, elevator or parking lot. The major product of the project will be a manual to assist public housing authorities (PHAs) and police in developing a GIS to map "911" calls and other calls for service. The project also will include advice for setting up common computer networks and data recording systems between local PHAs and police. [excerpted from JUSTINFO Vol. 2, No. 13; July 1, 1996.] -- Stanton McCandlish
mech@eff.org

Electronic Frontier Foundation

Online Activist ------------------------------ From: joyceb@midcoast.com Date: 10 Jul 1996 18:42:33 GMT Subject: TV Show on Encryption Needs People and Stories Organization: Agate Internet Services (AIS) Dear Readers, We are developing a television program and the subject is encryption. The goal is to prove the value of encryption. We are working with the EFF, a leading organization in support of encryption. Our company is looking for ideas and definitely stories; people and companies that have been broken into. We're looking for characters who know and have seen the value of encryption. This television program will be appearing in primetime. If you are interested or know anyone who might like to appear on our show please contact me. If anyone prefers to remain anonymous we can film them in silhouette. If you have any suggestions, ideas, concepts and would like to express them, please send me email. Thank you for reading this post. -- Joyce Boaz Researcher Varied Directions Intl. 69 Elm Street Camden ME 04843 ------------------------------ From: "Prof. L. P. Levine" Date: 10 Jul 1996 13:19:56 -0500 (CDT) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V9 #003 ****************************** .