Date: Thu, 05 Oct 95 11:46:42 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#028 Computer Privacy Digest Thu, 05 Oct 95 Volume 7 : Issue: 028 Today's Topics: Moderator: Leonard P. Levine Re: Knowing Where you Browse? Re: Knowing Where you Browse? Re: Knowing Where you Browse? Re: Grocery Purchases and my Privacy More on grocery store "scrip" Re: Grocery Purchases and my Privacy Check verification (was: Re: Grocery Purcahses...) Scrip and grocery store data collection Re: Signature Data Collection at Kinkos Re: Signature Data Collection at Kinkos Re: Caller ID Experiences Re: Computer Privacy Digest V7#027 Re: Computer Privacy Digest V7#027 Re: Junk Faxes & e-mail are Illegal Re: Junk Faxes & e-mail are Illegal DateLine NBC to air segment on stopping junk calls DoD R&D funding for small firms Federal R&D funding conference New Int'l Privacy Docs ---------------------------------------------------------------------- From: hedlund@best.com (M. Hedlund) Date: Fri, 29 Sep 1995 14:34:57 -0700 Subject: Re: Knowing Where you Browse? Organization: Precipice shields@tembel.org (Michael Shields) wrote: Netscape, according to that page, allows anything with at least two periods. Thus, while you couldn't specify *.com, you could specify *.co.uk. Without knowledge of the internal structure of each top-level domain, the browser cannot flag this. Actually, after posting my note, I went back and tried something that occured to me while writing it. It is true that you can't set a cookie for '.com', but there is another way to achieve the same effect. Any internet domain name can be represented as machine.domain.dom OR machine.domain.dom. The two forms will resolve to the same address on a properly-configured name server. Therefore you _can_ set a cookie for the domain '.com.' -- which has the two periods required by the cookie spec. Any other commercial site could then retrieve whatever information had been stored in the cookie file. I submitted a bug report to Netscape and they fixed this in their recent security-patch. However, I hadn't considered the British domain-naming scheme .... I'll mention it on the HTTP list. While cookies are convenient for CGIs that need to maintain state, the information can already be encoded into the URL, which is a universally supported technique. The only new functionality cookies provide is the ability to create detailed clicktrails without being prominent. And that "without being prominent" aspect is exactly why this is a privacy concern. M. Hedlund [n.b.: I tend to post and mail my responses to news articles.] ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: Sat, 30 Sep 1995 00:42:23 GMT Subject: Re: Knowing Where you Browse? Organization: The National Capital FreeNet, Ottawa, Ontario, Canada "Prof. L. P. Levine" (levine@blatz.cs.uwm.edu) writes: Anybody out there know if a browser can be remotely ordered to report its history? There is also the "obvious" issue that if you access a web server from an individual workstation IP address the server and any node in the link can track your access. Eg. I tried the WWW test pattern site, (URL=http://www.uark.edu/~wrg/) and got a page saying hello(IP address) and telling me what browser software I was running on my workstation. Vendors running WWW servers shouldn't have much trouble back tracking from the IP address registration for followup sales soliciations.:-) ------------------------------ From: John Pettitt Date: 4 Oct 1995 23:24:01 GMT Subject: Re: Knowing Where you Browse? Organization: software.net "Prof. L. P. Levine" wrote: Your note is the first I have heard about this. I am aware that my browser does keep a history list, but know only that the remote site gets a report from the system about my site, not my personal account. Notes from a webmaster: We get the following info for each and every page you access: IP address (and so host name) Browser type (e.g. netscape, mosiac etc) Refering page (see below) Email address (some browsers - notably Netcom Netcruiser) Clearly the last is a privacy issue. Although in tracing fraud I have found that with an IP address and a time of day most ISPs will tell me who was using the dial up port, having an email address just makes it easy. About Refering pages: This is the page the browser was looking at before it loaded this one. It's usefull for figuring out who has links to you. Some browsers (notably AOL's windows browser) don't support it. About browser type: I use the browser to figure out what machine your using - I then show ads for software for that machine (mac or win - unix users get both). Cookies: There is also a feature called "cookies" where I can hand your browser a token (cookie) and it will save it on disk and hand it back next time you load a page from my site. I use this feature on software.net (http://software.net) to track users and avoid all that messy "please join" stuff. Cookies *are only* sent to the site that originaly handed them out. Currently Netscape and MS Internet Explorer 2 support cookies. John Pettitt jpp@software.net VP Engineering CyberSource Corp ------------------------------ From: huggins@tarski.eecs.umich.edu (James K. Huggins) Date: 29 Sep 1995 22:49:33 GMT Subject: Re: Grocery Purchases and my Privacy Organization: University of Michigan EECS Dept., Ann Arbor, MI wrote: [...] Some churches, synagogues, schools, and other non-profit organizations sell "scrip." It works at the grocery store like cash, and no ID is required to use it. The charitable organization buys it at a 5% an274807@anon.penet.fi (Fig) writes: Is the 'script' serialized (it would make sense to help prevent fraud and to do accounting)? ... I would guess that it is, for the reasons you cite above. If so, is your church gathering demographics on you? Or maybe the store gives the church an extra 2% if they share the data. Sure, it's possible that they could. But most non-profit sales of this sort that I've seen are not nearly that well organized. (Often it's the 12-year-old kid selling scrip for the next youth group missions trip ... they're lucky to be getting the monetary exchange right, much less tracking who got which serial nos. on the scrip.) If you're really concerned about such things, ask the people at your non-profit if they're tracking it. Most such organizations are open enough to give you an honest answer. And if you don't feel that they will be open with you ... well, perhaps you shouldn't be supporting that organization with your funds, either. -- Jim Huggins, Univ. of Michigan huggins@umich.edu "You cannot pray to a personal computer no matter how user-friendly it is." (PGP key available upon request) W. Bingham Hunter ------------------------------ From: JEREMY J EPSTEIN Date: Mon, 02 Oct 1995 09:26:11 -0500 Subject: More on grocery store "scrip" An anonymous user commented on my posting about use of "scrip" for grocery store purchases. The scrip is serialized to prevent fraud. I can't speak for other organizations, but my synagogue does not keep records of who purchases particular serial numbers. Nor do the grocery stores (that I've seen) enter the serial numbers when I make a purchase with scrip. So I very much doubt anyone could trace purchases even to the granularity of the organization, much less to the individual. ------------------------------ From: pthom@nr.infi.net (Gunslinger) Date: 2 Oct 1995 14:40:29 GMT Subject: Re: Grocery Purchases and my Privacy Organization: Customer of InfiNet In article , mjh9@lehigh.edu says... Mary Jo Bruce writes: My bank, a small one, just installed the phone in system, and I used it a few times. Last night I pushed the wrong button, and I was led into a "check verification" area, where anybody can call to see if my check is good. What I want to know is this: do all/most phone in systems have this check verification feature? Yes, virtually ALL banks have a similar system. It is designed to allow a merchant to phone in and find out if you actually have the amount in your account that you are writing the check for. BUT, unless I am greatly mistaken, they can't find out your actual balance; only will this account cover a check for XX amount of dollars? My bank does have a telephone system, however, in order for me to access any information about my account, I must enter my personally choosen PIN. While I can find out my balance, and what checks have cleared, no one else can see if my check is good, at least as far as I know. Not on the same setup; see above. Should be two different phone numbers. -- P. Thompson "Watch, Read, Listen, Learn.... Sui Juris The TRUTH Shall Set You Free! ------------------------------ From: Barry Gold Date: Mon, 2 Oct 95 14:58:51 PDT Subject: Check verification (was: Re: Grocery Purcahses...) My father used to run a check-cashing business (he sold it to a major chain last year), and I used to help out there Friday afternoons (our busy time). The business would cash payroll and government checks (_not_ personal checks) for about 1.5% of the face amount. Check verification was important to our ability to cash payroll checks. The fee charged covered the cost of operating the business (rent, wages of employees, utilities) plus the risks inherent in giving out cash for what amounts to a promise to pay plus a profit for the owner -- the yearly profit being approximately one day's gross business. The vast majority of our customers were garment workers; some of them worked for large manufacturers, but many worked for small outfits that with 10-20 employees, and these companies are always being started and folding. In order to stay in business, we had to be able to add new companies to our list of those we would cash, to replace the old ones that had gone out of business. When we got a payroll check from a new company, we would phone the bank and ask to verify "two checks": . one for the actual amount of the check being cashed . a second for approximately 10 times that amount (plus odd cents to make it sound real). If there isn't enough money to cover 10 typical checks, there probably won't be enough to cover the one we're looking at by the time it gets to the maker's bank. (We assume the one we're looking at is typical.) If there is, we assumed the odds were good enough to give it a try. Back in the '70s when I was doing this we would call the bank and ask for check verification. A human being would then look up the balance and tell us if the checks would clear. It seems reasonable that an attempt to find out someone's bank balance by exhaustion might run into some sort of reasonableness test in the human who handles the calls. (Although you might come "close enough" by some sort of binary-search technique, if you're clever and space out the calls.) I am disturbed by the idea of doing this by computer, however. I think the approach we used was a reasonable compromise between privacy and commercial needs. But a computer probably doesn't have those reasonableness checks, and putting them in requires significant, error-prone, effort. Sure, this method is cheaper for the banks and probably more convenient for the check-casher. And for some of our customers -- who brought in checks from new companies after the banks closed -- it would have meant getting their checks cashed right away instead of having to come back the next day. But the dangers in terms of letting random people find out your bank balance -- it makes me shiver. Btw, since I'm now more privacy-aware than I was back then, it occurs to me that "check verification" should really be something you can enable or disable for your account. I suspect most people have no need to allow merchants to verify their checks -- we use checks mostly for paying bills by mail, and many transactions that might have been done by personal check in the early '70s would now be handled by plastic. But a business with a payroll should probably enable it so check-cashing businesses can determine that they really can cover their checks. And if they choose not to, well some cashers will refuse to accept their checks and they'll have some unhappy employees. The individual business can decide between their privacy vs. check verification and the convenience of employees who may not have bank accounts or be willing to wait 3 days to get the use of the money. That seems like a fair tradeoff to me. ------------------------------ From: Beverly.Maneatis@ncal.kaiperm.org Date: Tue, 03 Oct 1995 14:53 -0700 (PDT) Subject: Scrip and grocery store data collection In response to queries regarding the use of scrip... My child's school also sells scrip to be used for purchases instead of cash or checks. I write a checkto the school for a specific amount of money and I receive a paper with an amount of money on it specific to whatever store I chose that will honor scrip. There is no record of any type kept by the school of which store's certificates I purchase, and there is no record kept at the stores of who uses the certificates. They are used as cash, usually in amounts of $10, $25, or $50 at a time. Ourschool sells ones for chain grocery stores, local grocery stores, department stores, and the certificates are provided by the stores so they are store-specific. For example, I might purchase $200 worth of certificates for Lucky's in $25certificates, $200 worth of gift certificates for Macys, and $50 for a local grocery store. I cannot interchange the certificates, but no one knows where I purchased them or how many I have--even the school keeps only general records of how many total from each store are purchased. Scrip is therefore, a terrific way to help organizations raise money, and keep your purchases private. ------------------------------ From: clouds@rainbow.rmii.com (Philip Duclos) Date: 29 Sep 1995 15:06:46 -0600 Subject: Re: Signature Data Collection at Kinkos Organization: Rocky Mountain Internet, Inc Sears also has this "feature" When it was first introduced there were accompanying brochures near the register which explained the "signature capture" feature. The very last sentence in the brochure mentioned that "signature capture is voluntary" The clerks automatically insert your receipt into the device when using any credit card and ask you to sign. Some insisted that it was "required" I used to carry a copy of the brochure around when I shopped to inform clerks that it was voluntary. I no longer do so. I recently noticed that none of the registers had the brochures. I still refuse to sign byt simply removing the receipt from the device and signing away. The clerks are obliged to print another receipt and imprint my credit card on it according to their procedures. Having a digital copy of my signature scares me, in spite of Sears' assurances that my signature is only associated with the individual receipt and cannot be viewed by clerks for verification. Seems like this is the next logical step. After that, why do they need me to sign at all? Simply print my digitally captured signature on anything they please. -- Phil ------------------------------ From: glr@ripco.com (Glen Roberts) Date: Sun, 1 Oct 1995 15:26:40 GMT Subject: Re: Signature Data Collection at Kinkos Organization: Ripco Internet BBS, Chicago Shauna Baldwin Associates (Shauna.Baldwin@mixcom.com) wrote: At my local Kinkos, and I am told, at every Kinko's location since around mid-August or early September 1995, there is a new device by the cash register. It is a signature verification data collection device. When you have an account, as many businesses do, and charge your purchases, you are now required to sign on the signature verification device. The clerks are not trained to inform customers using it for the first time that this is a new system and it is being used to authenticate their signature. Instead, it is presented as a convenience, a support on which to rest the invoice as you sign! As a result, I felt absolutely trapped into their digital data collection. They had, in effect, scanned my signature, without my permission. To[...] But my questions are: Is there a law against this? (I live in Wisconsin.) Is signature authentication technology proven as accurate? Are they really authenticating... or just capturing and storing the signatures? What does it prove if the first signature collected is by an imposter and all subsequent signatures are by the same imposter posing as a company employee? Anything can be forged... but the mass collection of data and ease of manipulation via computer... might inspire some to give it a shot that would never think of forging paper documents... -- -------------------------------------- Glen L. Roberts, Host Full Disclosure Live (WWCR 5065khz - Sundays 8pm eastern) (WOYL AM-1340, Oil City, PA). Tech Talk Network; Telstar 302, Ch 21, 5.8 Audio Look for articles, catalog, downloadable programs and great links on: http://pages.ripco.com:8080/~glr/glr.html ------------------------------------- ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: Sat, 30 Sep 1995 01:07:29 GMT Subject: Re: Caller ID Experiences Organization: The National Capital FreeNet, Ottawa, Ontario, Canada Jay Harrell (jay@mindspring.com) writes: distance. My opinion regarding caller ID is this: the privacy argument misses the point. The rights in question are those of the person receiving the call. Someone initiating a call has no right to and should not have an expectation of anonymity. Phone calls have been anonymous for so long simply because the technology wasn't there to make them otherwise. (And we've had many problems as a result. ) That's my opinion, and I respect others whose opinions differ. With I posted an article a while back that cited a magazine article about Telco punchtape machines(automatic message accounting) technology, which introduced anonymous calling everywhere it was used. That was at least 4 decades ago. The article stated that the Telco's disemmbled about this for a long time, telling police that it was impossible to see who had called a given number, when in fact it was simply a matter of running through all the tapes. The reall differnce with Calling Number Id is that they have found a way to make a buck off it. I don't have much objection to an individual or business getting my name, what I object to is the fact that the number data can currently be used to identify which public records my address can be found it. No personal horror stories. I've had a few people, who must have been using caller ID, call me at home when they should have called my "work" number. I often use my home line to make outgoing work related calls. [...]Misleading only in that they don't mention that you are left in the dark with long distance callers. BC Tel's marketing practices seem to be misleading. They stuffed an ad for calling number ID hardware in with my last bill, which prompted me to call them to ask why they hadn't warned me about this. They confirmed that buying the hardware would be a waste of money for anyone on the same switch as my line. The reason is the CRTC requirement that they provide free per call blocking. On older technology switches they can't turn this "feature" on and off, so they block all lines, all the time. The flip side of the policy is that nobody on those switches can use Caller ID, which is why I was concerned. Ie. as long as I can't get Caller ID "service" I don't have to worry about my number being given out. As with the long distance number issue they fail to mention this when they are peddling the hardware and related "service". A friend on the same exchange told me that she couldn't get through to her mother for days after the mother go a Caller ID box because her mother didn't want to pick it up for an "unknown number". > > I no longer always answer the phone everytime it rings. Basically, I > control my phone instead of it controlling me. I don't talk to nearly > as many telemarketers as I used to. Oh yes, and because my unit stores > the last 100 callers, when I need to return a call, I don't look up the > number in my address book, I use the caller ID instead. > As someone at sol.uvic.ca pointed out to me, BC Tel is refusing to activate Caller ID Blocking automatically. It is requiring people to call and have their phones programmed to respond to *67(or whatever the equivalent is on my rotary dial line). It claims that the CRTC requires them to not activate it, something I can't wring out of my reading of the CRTC decision. Isn't dialing *67 enough of a request for this "service"? Why should someone have to wait till they can get hold of a BC Tel service rep during their limited hours of service to activate this? ------------------------------ From: Maryjo Bruce Date: Fri, 29 Sep 1995 18:11:18 -0700 (PDT) Subject: Re: Computer Privacy Digest V7#027 I don't think Caller ID is good for prevention of bothersome calls. I have anonymous call blocking with Caller ID, and when I got home today, I had four long sales messages on my answering machine, mixed in with the legitimate calls. When I checked my caller ID box, all the names were those of males. when I called the numbers from the calls involving sales pitches to ask that I be put on their no-call lists, all four were non-working numbers. I phoned the phoco, and I was told that the sales people who have "pits" can get "outgoing only" numbers to trick caller id boxes, leaving legitimate looking names and numbers for the box. You cannot call these numbers back, however. If you try, you get the canned phoco message saying the number is non-working. Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com ------------------------------ From: martin@kurahaupo.gen.nz (Martin Kealey) Date: Sat, 30 Sep 95 13:17:53 NZST Subject: Re: Computer Privacy Digest V7#027 Organization: Kurahaupo Migratory Canoe prvtctzn@aol.com (Prvt Ctzn) wrote: Unsolicited advertisements that are sent to you by e-mail, or to your fax machine are illegal, ... and you can sue the sender for $500 in your state's small claims court ... Dennis G. Rears replied: Your analogy about a computer-modem-printer system being a fax system is false. It fails because the printing requires operator intervention, that is the user must specifically toggle the printer on. If you do sue I hope that in addition to tossing your case out of court the judge fines you for a frivilous court action. The analogy with a fax machine is correct in two ways: [1] There may be a cost associated with receiving a message. It is sufficient to demonstrate that I will suffer some loss due to reciept of an email message *without having done anything to enlarge that cost*. Not all costs are due necessarily to operator intervention; consider: (a) it is also possible that I might have a receive-only email service based on having the messages faxed to me by a gateway. No fax equals no email, therefore I haven't done anything "optional" to cause it to cost me money. (b) some service providers charge by volume (or by time, which amounts to the same thing when dealing with automated transfers); there is no "operator intervention" that could have been avoided to avoid incurring the cost of receiving the message. [2] Denial of service. If you receive enough junk faxes, it will empty your roll of paper, and you will be unable to receive valid messages. Similarly on an email system with limited space per user, flooding my mailbox so that I can't receive any more messages amounts to the same thing. If I have to pay extra to get extra mailbox capacity to get around this problem, then we're back to the real monetary cost problem. | Unsolicited advertisements that are sent to you by e-mail, or to | your fax machine are illegal, > unsolicited email advertisements are not illegal. May I ask, is it illegal to make junk calls to an 800 number, where the recipient pays for the call? Right here where I sit, it costs real money for every megabyte of data both sent and received (because we live at the end of a very expensive satellite link, the cost of which varies with the amount of traffic it is required to carry). 7 years ago a 50kB message from USA would have cost me around US$3; today, the cost of one email message is pretty negligible, but if I started to get 12 messages a day, that 152MB per year would cost me around US$30, and all due entirely to the actions of other people. How would you feel if strangers came every day and each spent a dime making calls on your telephone without asking first - assuming you didn't mind them physically using the phone? If junk email isn't illegal, it ought to be. ------------------------------ From: haz1@kimbark.uchicago.edu (Bill) Date: Sat, 30 Sep 1995 08:09:10 GMT Subject: Re: Junk Faxes & e-mail are Illegal Organization: The University of Chicago Dennis G. Rears wrote: I'm assuming you are complaining about email that aol sent to your aol account. If so two suggestions: get a life and get a clue! If you don't want aol to send you email; Get off their system. Your analogy about a computer-modem-printer system being a fax system is false. It fails because the printing requires operator intervention, that is the user must specifically toggle the printer on. If you do sue I hope I'm not at all sure that the actual production of a paper copy is required. You should also bear in mind that the person whose post you quote is an attorney, and has better reason than you or I to be familiar with court cases relevant to the interpretation of the law he cites. that in addition to tossing your case out of court the judge fines you for a frivilous court action. I could wish for a better test case (e.g.: AOL sending unsolicited mail to an account on *another* system), but I still applaud his intent. The action may be hopeless, and unlikely to significantly dent the finances of the offender (unless the plaintiff can also recover court costs, it's likely to cost the average citizen more than $500 to take the case to trial) Unsolicited advertisements that are sent to you by e-mail, or to your fax machine are illegal, unsolicited email advertisements are not illegal. Unsolicited email advertisements are obnoxious. If a court rules that they do not violate any existing statute, I sincerely hope that legislation establishing substantial penalties for such activity will be soon forthcoming. ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 30 Sep 1995 17:40:13 -0400 Subject: Re: Junk Faxes & e-mail are Illegal Organization: America Online, Inc. (1-800-827-6364) Evidently you did not read the law I refer to. Rather than suggesting I get a life, perhaps you should get a copy of the law AND READ IT. The law has no reference to humann intervention. Indeed, all that is required is the cabability itself. As for AOL sending it to me, whether or not I am a subscriber to AOL, they havce a duty to respect the federal laws of this nation. Furthermore, I had specifically notified AOL that it was not to send me unsolicited advertisements by e-mail. Perhaps you accept the proposition that AOL has a higher calling than respect of its subscriber's wishes. It seems peculiar that someone reading this newsgroup, such as you, would be so critical of efforts to enforce statutes put into place to protect your rights of privacy. Now you just go and read the law, like a good privacy advocate, and behave next time.... OK? Bob Bulmash, President, Private Citizen, Inc. ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 30 Sep 1995 17:49:50 -0400 Subject: DateLine NBC to air segment on stopping junk calls Organization: America Online, Inc. (1-800-827-6364) On Friday, October 6th, DateLine NBC will air a segment about two members of Private Citizen, Inc. that have collected thousands of dollars from telemarketers. One, a grandmother sued a newspaper for solictiting her, and was awarded $2000. Another, a guy in California, has collected $6000+ over the past 14 months in out-of-court settlements. If you want to learn about how to stop telenuisance calls, and make money in your spare time, tune in DateLine next Friday. Or call 1-800-CUT-JUNK (Private Citizen, Inc.) today. ------------------------------ From: maryh@foresnt.com Date: 2 Oct 1995 21:09:32 GMT Subject: DoD R&D funding for small firms Organization: InterServ News Service DoD's Small Business Innovation Research (SBIR) program expects to fund $450 million in early-stage R&D projects at small technology companies in the next fiscal year. Awards will be made in technology areas that have defense and commercial applications. Starting this fall, DoD will give its highest priority in making SBIR awards to small companies that are able to attract independent third-party investors -- such as venture capital firms, large companies, or "angel" investors. If selected for award, these small companies will receive uninterrupted DoD funding of up to $850,000 over a two-and-a-half year period. In practice, this means that an investor that offers to help fund an early-stage technology project at a small company can obtain a match of between $1 and $4 in DoD SBIR funds for every $1 the investor puts in. This new policy -- the SBIR "Fast Track" -- was approved for implementation by Under Secretary of Defense (Acquisition & Technology) Dr. Paul Kaminski in early June. Its purpose is to significantly increase DoD's success in converting SBIR research into affordable, high-performance products which serve military and commercial customers. For more information: * see the page entitled "DoD SBIR Fast Track" on the World Wide Web at http://www.seeport.com/SBIR/fasttrk.htm * call 1-800-382-4634 * contact our DoD Fast Track listserver by e-mailing list@seeport.com with the message join DoD on the first line of your e-mail. ------------------------------ From: maryh@foresnt.com Date: 2 Oct 1995 21:10:30 GMT Subject: Federal R&D funding conference Organization: InterServ News Service The National Science Foundation and Department of Defense are pleased to announce the establishment of the National Small Business Innovation Research (SBIR) Conferences web site at www.seeport.com/SBIR/95gener1.htm. An ftp server is now also available at ftp.foresnt.com and a listserver at list@foresnt.com. Your message to the listserver should be JOIN SBIR. This message should be on the first line of your e-mail. The National SBIR Conferences are the most important meetings the Federal Government holds to inform small companies about the over $2 billion Federal R&D funding opportunities for these firms in FY96. The conferences are sponsored by Department of Defense and the National Science Foundation, in association with 19 other federal agencies. This year's meetings will be held in Washington, D.C. at the Hyatt Regency, Crystal City from October 16-18, 1995 and in Salt Lake City, UT at The Salt Lake City Marriott from October 30-November 1, 1995. Program managers from major Federal R&D agencies will hold seminars and private one-on-one meetings. Also holding "one-on-one" meetings will be representatives from some of the country's largest corporations who are seeking technology they can help commercialize. Experts hold seminars in fields from proposal preparation to government cost accounting to commercialization. ------------------------------ From: cpsr-global@Sunnyside.COM Date: Mon, 2 Oct 1995 01:52:32 -0700 Subject: New Int'l Privacy Docs Taken from CPSR-GLOBAL Digest 238 According to Marc Rotenberg: Three important international privacy documents may now be found at the Privacy International web site (http://www.privacy.org/pi/) - "The Final Text of the European Commission's Common Position on the Directive on Data Protection." This is the critical law adopted by the European nations this summer which establishes a common framework for privacy protection within the European Union. - The Canadian Government report, "Review of comments received on the Industry Canada discussion paper Privacy and the Canadian Information Highway." The document describes efforts currently underway in Canada to implement privacy safeguards for the NII. - "The Council of Europe Recommendations on Criminal Procedural Law Connected with Information Technology, 11 September 1995." The COE recommendations raise concerns similar to those expressed in the USA about the regulation of encryption and the design of telecommunications systems. We've received many requests for copies of these documents. We're pleased that they are now available on-line. Marc Rotenberg (Rotenberg@epic.org) * +1 202 544 9240 (tel) > Electronic Privacy Information Center * +1 202 547 5482 (fax) > 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org/ > Washington, DC 20003 * info@wpic.org ------------------------------ End of Computer Privacy Digest V7 #028 ****************************** .