Date: Wed, 24 Jul 96 21:31:26 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V9#006 Computer Privacy Digest Wed, 24 Jul 96 Volume 9 : Issue: 006 Today's Topics: Moderator: Leonard P. Levine Call for Papers on Privacy and Technology National Conference on Ethics and Popular Culture InfoWorld Magazine gives thumbs-up to NSClean Privacy and Copyright Disputes Myers-Briggs Re: California Caller ID News Re: Unsolicited email Re: Unsolicited email Re: Unsolicited email Re: Unsolicited email Re: Cookies Attorney General on Encryption, Copyrights [long] Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: martina@unibw-hamburg.de (Martina Schollmeyer) Date: 16 Jul 1996 12:20:48 GMT Subject: Call for Papers on Privacy and Technology Organization: University of Hamburg -- Germany Technology Studies is pleased to announce a Call for Papers for a Special Issue of the journal devoted to Technology and Privacy in Organizations. TS is a multidisciplinary, international journal published by Walter de Gruyter, Inc. (Berlin and New York). The issue on Technology and Privacy in Organizations will provide a forum for discussion of privacy issues which arise from the implementation of specific technologies, as well as with more general concerns about the increasingly technological nature of society. Technology includes: artifacts and hardware; technology practices including human behaviour and related technology; technical phenomena; techniques or skills involving a significant technical component. Privacy includes issues related to: the relative effects of various types of technology on organizational parties, moderators of the relationship between technology and organizational privacy, the effects of organizational privacy on job-related outcomes (e.g., attitudes, behaviours), moderators of the relationship between organizational privacy on job-related outcomes, relative effectiveness of legal and contractual (e.g., collective bargaining agreements) strategies for protecting organizational privacy, invasion of privacy through the exchange or sale of data about individuals (e.g., employees, customers) by organizations, and the effectiveness of legislation for protecting privacy in organizational settings. Papers should address the privacy issues likely to contribute to the proper use of technology, and of its role in society. All papers should conform to the APA Style Guide, and each manuscript must have a concluding section entitled IMPLICATIONS FOR RESEARCH AND MANAGEMENT. As well, the paper's relationship to the subject of TECHNOLOGY must be made clear. For more information or to submit, please mail six copies of your manuscript to: Eugene F. Stone-Romero, Special Issue Editor Technology Studies Faculty of Management University of Lethbridge Lethbridge, AB Canada T1K 3M4 Phone: (403) 320-6966 (MST, mornings only); Fax: (403) 329-2038 E-Mail: Gattiker2@Cetus.Mngt.ULeth.CA ------------------------------ From: "Robert Huntley (COAS)" Date: 16 Jul 1996 16:07:18 -0400 Subject: National Conference on Ethics and Popular Culture Organization: University of South Florida National Conference on Ethics and Popular Culture hosted by The Ethics Center University of South Florida The Ethics Center at USF is pleased to announce its second annual National Conference on Ethics and Popular Culture. The Ethics Center Program Committee welcomes papers and proposals for panels and colloquia on ethical issues with respect to popular culture for presentation at this year's conference. Papers and presentations may focus on any aspect of the general topic. ** Presentations that depart from the standard academic paper format are encouraged. ** Manuscripts and proposals must be typed and double-spaced. Papers should not exceed 45 minutes reading time. Presentations that involve the audience in an interchange of ideas and scholarship are encouraged. Conference held on Thurs. and Fri. April 10-11, 1997. Deadline for the submission of: Proposals for panels, colloquia, and special presentations. . . . . . . . . . . . . . . . Nov. 15, 1996 Papers . . . . . . . . . . . . . . . . . . . . . . . Jan. 15, 1997 The program will be finalized by February 1, 1997 Web Page: http://www.stpt.usf.edu/coas/ethics [moderator: truncated to conserve space. ------------------------------ From: Kevin McAleavey Date: 17 Jul 1996 02:39:39 -0700 Subject: InfoWorld Magazine gives thumbs-up to NSClean Organization: wizvax.net For those of you who read InfoWorld, a trade paper for computer IS managers, an article appeared in the July 15th issue on the front page regarding the NSClean product for use with Netscape to clean files kept on your machine that could compromise your security. If you can manage to find a copy of InfoWorld, do read the article on Web security in this week's issue. Rather than beating a dead horse in this newsgroup, I've placed a web page which describes the product and discusses "cookies", "cache files" and "user history databases" kept by the Netscape browser which can be grabbed by strangers, often without your knowledge. The web site address for your edification and amusement (along with a free download of a demo of NSClean) can be found at: http://www.wizvax.net/kevinmca/ I have greatly appreciated the email from readers of this group, but this will be my final missive before it gets tiresome. Thanks for your indulgence, folks! ------------------------------ From: Robert Gellman Date: 17 Jul 1996 18:17:04 -0400 (EDT) Subject: Privacy and Copyright Disputes There have been some messages posted here lately about some ongoing disputes about privacy and copyright issues. There is a new Internet service that offers to arbitrate disputes involving these issues. The Virtual Magistrate Project is an experimental service that will take disputes between two (or more) willing parties and provide neutral decisions by independent and highly qualified arbitrators. Everything is done through email, and no one needs to have a lawyer. The service is cheap (ten dollar filing fee) and readily available. If you think that you might have a qualifying dispute or are interested in the Virtual Magistrate, surf over to the home page which is maintained at Villanova Law School. The address is . There is a complete explanation and full documentation there. You can even find a complaint form and a disucssion group. Bob Executive Director Virtual Magistrate Project + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: chuber@hns.com (Carl Huber) Date: 22 Jul 1996 17:29:12 GMT Subject: Myers-Briggs Organization: Hughes Network Systems Inc. I have been asked by a low level manager to take the Myers-Briggs Type Indicator (MBTI) test. This is so they can manage the team better, by knowing which people to put together, etc. I only have a little bit of a queasy feeling about that aspect of it. I suspect that too much importance could be placed on it to the extent of superceding common sense. The big problem I have, is, how else could this information be used? And by whom? It would undoubtedly be stored electronically in someone's database. Could I possibly be haunted by it in the future, in another job or while searching for a job, or in other unrelated circumstances (e.g., civil or other court proceedings?) Does anyone out there have any experience with this sort of thing? Am I being a hypersensitive jerk about my privacy by declining to complete the test? ----------------------------------------------------------- Carl Huber Chuber@hns.com ----------------------------------------------------------- ------------------------------ From: mwilson@cts.com (Marc Wilson) Date: 23 Jul 1996 13:25:55 GMT Subject: Re: California Caller ID News Organization: What organization? References: wombat@zelazny.aquilagroup.com (Christopher M. Conway) wrote: The problem is it's an invasion of privacy both ways. I have a right to refuse to give out private information. Where is the difference in giving out the information before or after the phone is picked up, other than in convenience to the called party? Or are you in the habit of making totally anonymous calls (where the called party doesn't know who you are from start to finish?) I do not have the right to *require* that your phone ring if I call with caller id blocked. True. You do not have the right to *require* my phone number if I attempt to call. Ah... but that's exactly what I'm doing. :) Blocking is a sensible compromise. No... it's the least objectionable compromise. BTW... I'd be satisfied with NAME only, as long as EVERYONE was required to have it. No blocking at all. Of course, that'll never happen. -- Marc Wilson | SD Comic Con '96 Volunteer Coordinator Imperial Beach, CA | Check this URL for my home page & Con info: e-mail: mwilson@cts.com | `--> http://www.geocities.com/Athens/1148 ------------------------------ From: richard.herring@gecm.com (Richard Herring) Date: 23 Jul 1996 14:35:49 +0000 (GMT) Subject: Re: Unsolicited email Organization: GEC-Marconi Research Centre References: mhorne@ucla.edu (Mark Horne) wrote: With increasing frequency I have been receiving unsolicited email from persons attempting to sell some product or service. I suspect that my address is being culled from Usenet posts. notme@nothere.com wrote: I'd suggest not using a real email name in the header. While that's a bit of a pain, I've decided that I'd rather do that, then continue to get added to mailing lists. Unfortunately that means that your news posting is not compliant with RFC1036, which (to assist in tracing delivery problems) requires a real email address in the From or Sender header. Any news site which cares enough about these things to check could quite legitimately junk your postings. -- Richard Herring | richard.herring@gecm.com | Speaking for myself GEC-Marconi Research Centre | Not the one on TV. ------------------------------ From: Patrick Crumhorn Date: 23 Jul 1996 10:23:07 -0500 (CDT) Subject: Re: Unsolicited email Pete Morgan-Lucas wrote: Most of the "Screen-scrapers" who build address-lists from Usenet postings etc. just run a script that searches for strings with an @-symbol in them, and assume that this is a mail-address. They most certainly do *not* have some human actually browsing newsgroups, so your attempt to prove your "contract" was ever viewed by the sender is fraught with difficulty. Hmmmm...if I park in a private lot, that is clearly marked with a "violators will be towed" sign, it is no legal defense for me to claim I did not see the sign. And my failure to read a lease form will not protect me if I violate the lease anyway. I imagine a good contract-law attorney hauling one of these guys to small-claims court might have enough of a chilling effect (assuming the case was well-publicized over the net) to eliminate at least a good percentage of the email spamming. If they DO have to vet each Usenet message to make sure there is no valid "contract signature" appended, it becomes less viable for them to do mass spamming. Now...any suggestions about how to deal with the hundreds of smaller Usenet groups that have become virtual wastelands due to spammers outnumbering legit posters by a 50-1 ratio? -- Patrick Crumhorn patrik@io.com http://www.io.com/~patrik ------------------------------ From: mjfox@raleigh.ibm.com (Mike Fox) Date: 23 Jul 1996 18:11:21 GMT Subject: Re: Unsolicited email Organization: ISSC South Region, RTP, NC References: mhorne@ucla.edu (Mark Horne) wrote: The difficulty I see is proving someone collected my address after this "contract" is added to my signature line. On the other hand, it may also scare off many of these junk email operators. Comments? dan@dvl.co.nz (Dan Langille) writes: I am also getting unsolicited mail. To multiple addresses, all of which arrive here in my intray. I too suspect Usenet. I don't think it's usenet. I do most of my usenet posting from this id and almost never get junk mail here. I have another id that ends in ibm.net that almost never posts on usenet yet gets on average one piece of junk a day. I suspect that a mailing list I belong to was compromised. Apart from complaining to the send and their postmaster, there's not much I feel I can do. It's really annoying considering I have to mail for this junk mail and then again to complain about it. That's really all I feel I can do too. I usually forward the junk e-mail in its entirety back to the sender, back to all reply addresses the sender puts in the junk letter, and to abuse@ and postmaster@ the sender's domain and the domains of all reply addresses mentioned in the letter. -- Mike ------------------------------ From: bruno@cerberus.csd.uwm.edu (Bruno Wolff III) Date: 23 Jul 1996 18:59:33 GMT Subject: Re: Unsolicited email Organization: University of Wisconsin - Milwaukee I have been looking into dealing with unsolicited email here at UW-Milwaukee and I haven't had much in the way of positive results. People who are especially interested in Email spam may want to read some of news.admin.net-abuse.misc. There are already of number of groups doing significant email spamming. There are several selling email spamming packages (using email spam to advertise them). Unfortunately Email spam is much harder to deal with than usenet spam. usenet spam can and is being dealt with by a centralized group of people who have semiautomated cancelling programs that cancel messages posted to large numbers of groups and about making money fast. Because Email is mostly point to point, Email spam needs to be dealt with at each site. or by getting ISPs to prevent people from spamming. Dealing with the ISPs is becoming more difficult. Many just care about their income and not how their users affect the net. Some are even owned by the spammers. Some ISPs are getting reluctant to cut people off who are causing problems without worrying about lawsuits. By the time spammers are cut off they have moved on to another location. We are starting to get some spamming here at UW-Milwaukee. It seems to be targeted to people who have posted to usenet (some of the Email addresses mailed to were to a machine that hasn't existed for about 3 years.) rather than using our white pages server. The messages seem to be on the order of one a week to the targeted people. We haven't been receiving complaints from our users about this problem. I don't know what fraction of the people receiving Email spam complain to the people sending it. In the near future I expect the amount of Email spam to increase to the point where a lot of our users will find it an annoyance. I have started looking into ways to solve the problem, but haven't come accross any nice solutions. Mail filtering on our end (on any sort) is going to be expensive in computing resources. It is going to require someone to find spammers' messages (unless all mail from unknown senders is discarded) and provide filtering rules to our users before a majority of them receive (or perhaps read) the mail. We can't harrass ISPs because that could result in a lawsuit. We can notify ISPs of our displeasure with and hope that if enough people complain the ISPs will stay in line. I don't think this tactic is going to work that well in the future. If a group of large networks are willing to shun ISPs that are know to support such activities, it might be possible to keep ISPs in line. However this kind of activity could result in expensive lawsuits. Making sending junk Email illegal has problems. It will be hard to legally distinguish unsolicited junk Email from other kinds of unsolicited email. -- Bruno Wolff III ------------------------------ From: siegman@ee.stanford.edu (A. E. Siegman) Date: 20 Jul 1996 21:29:11 -0800 Subject: Re: Cookies Organization: Stanford University References: For a stark and surprising illustration of the problem, point your Internet browser at this address: http://www.13x.com/cgi-bin/cdt/snoop.pl. I wasn't able to go there directly, but had to get there via http://www.cdt.org/ ------------------------------ From: Monty Solomon Date: 22 Jul 1996 23:17:26 -0400 Subject: Attorney General on Encryption, Copyrights [long] Forwarded posting: Date: 20 Jul 1996 11:09:49 -0400 From: Cyber Rights To: cyber-rights@cpsr.org Subject: Attorney General on encryption, copyrights Message-ID: <199607201509.LAA10452@ruby.ora.com> (Note from cyber rights moderator: the following is extracted from a message that appeared on Freematt's Alerts (freematt@coil.com). This section spends a lot of time justifying the law enforcement approach to wiretapping/encryption, and also touches on copyright issues. I believe it's important to hear the official views on these subjects.--Andy) Law Enforcement in Cyberspace Address By The Honorable Janet Reno United States Attorney General Presented to the Commonwealth Club of California San Francisco Hilton Hotel 333 O'Farrell Street, Grand Ballroom San Francisco, California June 14, 1996 12:30 PM Reported by Cynthia M. Frazier Court Reporter . . . But I would like to talk with you today about an extraordinary challenge that our forefathers never dreamed would exist, a challenge that will be one of the great issues we face in this coming century and one of the great challenges that we in the Department of Justice face now: how do we meet the 21st Century with a criminal justice structure, with an understanding of technology that accounts for technology while, at the same time, making sure that people control the technology and that technology does not control people. Technology permits us wonderful new opportunities, but it can also be misused just as creatively to threaten public safety and national security. The public is beginning to understand that information technology, like other human creations is not an unqualified good. Whether it benefits us or injures us depends almost entirely on the fingers on the keyboard. So while the Information Age holds great promise, it falls, in part, upon law enforcement to ensure that users of networks do not become victims of New Age crime. The sprawling networks that high-tech companies here in California use to communicate with employees and customers worldwide also make those companies tempting targets for computer intruders. These intruders may try to steal trade secrets that represent a large investment in research and development. Others may capitalize on the ability of computers to cheaply, but reliably, copy and transmit illegally copied material. Indeed, the very same digital technologies that created the Information Age also make software piracy and the counterfeiting of copyrighted works a shamefully lucrative business. It may be a crime as simple as somebody sitting in a kitchen in St. Petersburg, Russia with his computer stealing from a bank in the United States. Whatever the case, both in terms of technology of investigations and in terms of law enforcement -- and law that goes with it -- we face a challenge. With this nation's economic security so closely tied to our national security, all facets of government must actively protect the interest of U.S. industry. The Department of Justice is doing its part. I consider high-tech crime to be one of the most serious issues that I face in the Department and one of those that demands much of my attention. I would like to talk to you today about four of the major challenges for law enforcement in this case. First, widespread use of encryption demands that we think carefully and responsibly about how to preserve law enforcement's access to electronic evidence and not allow criminals to hide it to make themselves immune from valid search warrants or valid wiretap orders properly issued by the court. For those who don't understand the word encryption -- and I think it is so important that, as we deal with these new issues of technology, we talk in small, old words that people can understand so that we, again, do not let technology control -- it is simply a code than can prevent people from understanding what you're saying and what you're communicating, but it is a terribly sophisticated technological device. Second, advances in technology require that agents and prosecutors be specially trained to respond to computer crime. Third, the creation of global networks means that individuals increasingly will commit crimes across national borders, requiring increased cooperation in the international law enforcement community. Finally, the storage of valuable intellectual property in electronic form requires that we examine, and perhaps amend, existing laws drafted with physical objects in mind. This brings us to our first challenge: Ensuring law enforcement access to encrypted data. Encryption can protect us. It can prevent criminals and competitors alike from discovering our secrets and invading our privacy. We believe that strong encryption is critical if people are safely and competently working and playing on the global information infrastructure, but encryption is also a new and powerful tool for criminals. Encryption can frustrate completely our ability to lawfully search and seize evidence and to conduct electronic surveillance, two of the most effective tools that the law and the people of this country have given to law enforcement to do its work. For example, today we can, with a court order secured under a careful procedure to protect the privacy of innocent people, wiretap a communication. But if the communication is encrypted, the court order has no value. Therefore, our goal must be to encourage strong encryption for privacy in commerce [while] preserving law enforcement's ability to protect public safety and national security. A consensus is now emerging throughout much of the world that the best way to achieve this balance is by creating a system, otherwise known as Key Escrow, to entrust the encryption keys with a neutral third party -- these keys, in effect, unlocking the code under certain circumstances. The government would then obtain the keys from the escrow agent to decrypt the data but only as part of a legally authorized and court-supervised investigation. We are not looking to expand federal power or to increase our authority to wiretap or to search. We look only to make existing law apply to new technology. Let me describe, because as a local prosecutor and now as Attorney General, I have watched the application of search and seizure laws. I have signed wiretap applications, and so many people are unfamiliar with them that they do not appreciate the process. But to get a court-ordered wiretap, you have to present to the court careful information that will show that there is probable cause to believe that the individuals whose communication you seek to access is committing an offense. You must show probably cause to believe that a particular communication concerning that offense will be obtained by the interception, and you must show that normal procedures have failed or are unlikely to succeed or are dangerous. Searches and seizures are indeed authorized by the Fourth Amendment to the Constitution. The wiretap order and the search warrant are not the personal prerogative of a police officer or a federal agent. They must be approved upon application to an independent judge. We don't seek any expansion of these powers, only the ability to make sense of the evidence we can legally obtain to prosecute criminals. Encryption, as a practical matter, diminishes the power of law enforcement to do its job, and we seek only the way to maintain the original status quo. The consequences of our losing the ability to wiretap would be enormous. Some of our most important prosecutions have depended on wiretaps, and that is the same for many police agencies around the country. The Commission and the Pizza Connection organized crime cases, two of the most significant organized crime cases in this country's history, yielded 25 convictions, including the conviction of heads of organized crime families. One of those cases involved a $1.65 billion heroin distribution ring. Those convictions and that case depended on wiretaps. The Operation Ill-wind Defense Procurement fraud cases resulted in some 60 convictions and hundreds of millions of dollars of fines. Major investigations of the Columbian drug cartels have been absolutely dependent on appropriate court-authorized wire taps, and the Polar Cap money laundering investigation led to 56 arrests and the seizure of $10.7 million in drug proceeds, again a result of wire taps. Wire taps can also save lives. One wiretap uncovered the planned kidnap of a young boy for a pornographic snuff film. Two recent emergency wiretaps, one in Puerto Rico and the other in Los Angeles, saved the lives of young children kidnapped and held hostage by narcotics traffickers took [sic] like debts to the parents. Some of our most important investigations would be lost if we could not conduct wiretaps, but the consequences of the spread of unbreakable encryption would, in fact, have far broader impact because we would also lose our ability to search for and seize stored data and other forms of [org.: ever] electronic evidence in all types of cases. Whereas we might be able to get a regular search warrant if we had encrypted data, that search warrant would be of no use unless we had the key. This is not a theoretical problem. We have already encountered encryption of stored data in recent investigations. In the Aldrich Ames [org.: Alder Chang] spy case, Soviet handlers told Ames to encrypt computer files passed on to them. One subject used encryption to hide pornographic images of children he had transmitted over the Internet. In several computer hacker cases, subjects have encrypted computer files to conceal the evidence. As encryption becomes stronger and is used more frequently, the threat to public safety will increase. If we do not preserve law enforcement's present investigative capabilities, the spread of encryption could dramatically frustrate our ability to protect the public. Some suggest that the answer is simply better technology and more money for law enforcement. They say if law enforcement is given the money, it can decode even sophisticated 56-bit encryption. That's simply not true. Money aside, decoding a 56-bit key using current technology is so time consuming as to render the results useless to law enforcement. We estimate that even with the top of the line super-computer, decoding a 56-bit key would take over a year and the evidence would be long gone. That's clearly too long. For similar reasons, we continue to support export controls over unbreakable cryptography. We understand that companies want to export their encryption products and make sales, but unduly relaxing our export controls would have significant costs for our national security and for public safety in this country and worldwide. Nevertheless, because we recognize the importance of all the interest involved, we are currently exploring with industry ways to adjust export controls to meet the needs of industry, consumers and public safety, and we are working with other countries to develop an international solution that will protect our privacy, our security, and our companies. Our second challenge is to ensure that agents and prosecutors have the knowledge and the tools to address high-tech crime. This is critical because so many have come up through the traditional ranks of law enforcement, through law schools, and are, in many instances, unfamiliar with some of the technology and with some of the issues they face. Early on we recognized that computer crimes required specialized training, and the FBI, which began its first computer crime squad in 1991, now has over 30 specially trained agents and three squads in Washington, New York, and here in San Francisco. The FBI has also established a Computer Analysis & Response Team to deal with the technical problems presented by computer evidence, and just last month we approved the establishment within the FBI of a Computer Investigations & Threat Assessment Center to provide analysis, training and support of all levels of the criminal justice system. Similarly, the Justice Department created a Computer Crime Unit to lead prosecutors and address complex issues presented in these cases. The unit, which is currently doubling in size, operates with the active support of our United States attorneys nationwide. Indeed, the Computer Crime Unit has trained a national network of 120 prosecutors from every district to coordinate nationwide investigations and serve as resident experts in their offices. As a result of these and other initiatives, our enforcement capabilities have expanded dramatically. Although the technology industry has often regarded computer crimes as technical problems with technical solution, legal solutions are also necessary and vital. A problem [sic] this fraud indeed requires us to use all appropriate methods, and I urge you to call the FBI if you or your company is the victim of computer crime. These cases are notoriously under-reported, but there is nothing like a successful prosecution to punish a criminal, deter others like him, and educate the public. I cannot stress too much the need to report such crimes. You can see in different situations what unreported [sic] produces. In Miami, banks which suffered from embezzlement would be embarrassed to report the crime and time would go by. Then they would come to us wanting us to prosecute others. We would say, "Where have you been?" We should be doing all along to ensure deterrence. It is so important that we work with you to ensure that these crimes are reported that together we take effective action to hold people accountable while, at the same time, analyzing the pattern of the crime to see what could have been done to prevent it in the first place. Having many talented people is critical, but that's not enough. Our third challenge has been to develop an international response to combat hackers who attack computers across nationwide borders. Computer offenses differ from traditional international crimes in several ways. First, they are easier to commit. A hacker needs no passport and crosses no checkpoints. Invisible to almost everyone, including often the victim system itself, he simply types a command to gain entry. Additionally, he needs few criminal associates since the sole hacker, working alone, can effectively steal as much information as he desires. Moreover, until recently, computer crime had not been near the top of international crime fighting agendas. For an international program to work, affected nations must first agree that the criminal conduct threatens public safety and requires international cooperation. While some countries still have weak laws, or no laws, against computer crime, I am pleased to report that this is changing. U.S. law enforcement agencies are quick to help with training and also unhesitatingly offer and solicit cooperation in investigating international computer crimes. Indeed, U.S.-initiated cases have led to foreign investigations of hackers in Germany, England, Denmark, Sweden, and Argentina, and I regularly meet with my counterparts around the world to determine just what we can do to forge an international effort focused on high-tech crime that really remains indifferent to borders. The fourth challenge we face is the problem of protecting copyrights and preventing counterfeiting, both domestically and worldwide. In recent months, we have sent attorneys to Russia, China and Mexico in an effort to encourage worldwide respect for intellectual property rights. On the domestic front, we are working to amend existing laws to better protect intangible property. For example, it may surprise you to learn that the federal statute outlining [sic] the interstate transportation of stolen property does not cover intangible property such as computer source code. We've proposed to change the law to correct his gap. Our legislative proposals, which enjoy wide support, would also significantly overhaul our most important computer crime statutes to broadly protect the confidentiality, the integrity, and the availability of data and systems. Equally troubling, there is no federal criminal protection specifically addressing one of the most serious threats posed to U.S. businesses and to U.S. jobs: Economic espionage. Recent studies estimate that leading American industries are losing billions of dollars a year from theft and misuse of proprietary economic information. The global economy also means that U.S. companies frequently compete with foreign corporations; thus, proprietary business information about bids, contracts, customers, and business strategy becomes most precious. Indeed, since the start of [the] economic counter intelligence program, the FBI reports 100 percent increase in economic espionage-related investigations, approximately 800 cases involving the activities of 23 countries. Despite these dangers and crushing loses, no specialized criminal law -- federal criminal law -- currently protects a company's trade secrets. This area of the law has historically been left to the states to address. And while they have done an admirable job of protecting victims within their own communities, most states cannot address the global aspects of the problem. Therefore, we have drafted legislation to create criminal penalties for economic espionage, especially when sponsored by a foreign government. We have also proposed legislation to ensure the law catches up with technology in other ways. The current copyright law imposes criminal penalties only when the infringement was committed for purposes of commercial advantage or private financial gain. This was a sensible limit in the physical world of books, phono records, and video tapes. In today's environment, however, digital copies are so easy and inexpensive to make, that some people are willing to run large distribution schemes for free. Such a case occurred in Boston, where a university community allegedly encouraged users of a computer bulletin board to post and download software. The government's indictment charged that the copyright holders lost more than $1 million in revenue in about six weeks. But because the defendant sought no gain, we could not charge a violation of the Copyright Act and the court thus dismissed the charge. Our legislation will ensure that software is protected from pirates, even when the pirate doesn't seek to profit. The issues confronting us are difficult ones, but we can deal with them if we make sure that we put people first and take steps to ensure that technology does not control. It requires that all of us, instead of holding back and saying, "I don't understand the technology," come together to move into the 21st Century, to master it, and to make sure that it serves us rather than threatens us. Whether the challenge is protecting trade secret information or defending intellectual property rights or prosecuting a foreign hacker, if we are to do our job right [sic], citizens will enjoy the benefits of the Information Age without becoming the victims of criminals who would exploit it. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by Andrew Oram - andyo@ora.com - Moderator: CYBER-RIGHTS A CPSR Project -- http://www.cpsr.org -- cpsr@cpsr.org Cyber-Rights: http://www.cpsr.org/cpsr/nii/cyber-rights/ ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/ CyberJournal: (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore Materials may be reposted in their _entirety_ for non-commercial use. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ end forwarded material ------------------------------ From: "Prof. L. P. Levine" Date: 24 Jul 1996 14:57:23 -0500 (CDT) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V9 #006 ****************************** .