Date: Sat, 17 Feb 96 10:16:00 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#015 Computer Privacy Digest Sat, 17 Feb 96 Volume 8 : Issue: 015 Today's Topics: Moderator: Leonard P. Levine Re: GM unlocks your car with a phone call Re: GM unlocks your car with a phone call Web Surfers: Your Computer Is Watching You Re: Anonymous Remailers are a Virus Spreading Online Re: Anonymous Remailers are a Virus Spreading Online Re: Anonymous Remailers are a Virus Spreading Online New Discussion Group: Communications Decency Act of 1996 Canadian Privacy Files Abstracts Available Online Economist magazine Calls for New Privacy Laws Congress Sets Date for Votes on ID Card Bill Call for Papers Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: hpage@netcom.com (Howard G. Page) Date: 14 Feb 1996 16:09:55 GMT Subject: Re: GM unlocks your car with a phone call Organization: NETCOM On-line Communication Services (408 261-4700 guest) References: The following is an internal GM Newsline announcement from 2/9/96. GM ANNOUNCES ONSTAR .... General Motors today is expected to announce at its annual Chicago Auto Show press luncheon, a new on-vehicle communications technology called OnStar -- the most [...] the driver simply needs to touch the emergency services button on the cellular phone, and the Customer Assistance Center advisor locates the vehicle's position on a digital map and alerts the nearest emergency services provider. OnStar also eliminates the need to call a locksmith. If a driver has locked the keys in the car, a toll-free number will connect the driver with the Customer Assistance Center advisor who will send a cellular data call to the automobile that instructs the vehicle to unlock itself at a specified time. OnStar's user-friendly technologies I wonder whether there is a feature providing the ability of the "Customer Assistance Center" to disable your auto if you fall a little behind in your payments. Or maybe they simply send it a command limiting it's maximum speed is, say, 30 mph! On the other hand, maybe they can disable the auto if it is reported stolen. Or, even better, as an act of retribution, one can falsely report someone's auto as stolen, disabling the auto! Or maybe, if reported stolen, the assistance center will call you first, and request your mother's maiden name before they disable your auto. The possibilities are endless! -- Howard G. Page hpage@netcom.com 415-548-1902 "Now I've been to one world fair, a picnic and a rodeo and that's the stupidest thing I've heard come over a set of earphones." -- Major T.J. "King" Kong ------------------------------ From: "Prof. L. P. Levine" Date: 16 Feb 1996 06:28:54 -0600 (CST) Subject: Re: GM unlocks your car with a phone call Organization: University of Wisconsin-Milwaukee References: Taken from RISKS-LIST: Risks-Forum Digest Thursday 15 February 1996 Volume 17 : Issue 74 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Date: 15 Feb 96 16:54:58 -0500 From: Mark Anthony Beadles Subject: GM Plans to Plug Cadillacs into Communication System Article: "GM Plans to Plug Cadillacs into Automatic Communication System" WSJ, February 9, 1996, Page B3, Column 1 In summary, GM is introducing a system in its high-end automobiles that will "automatically call for help" in an accident, including flashing lights and honking the horn. Called the OnStar system, it is scheduled to appear as an option in the 1997 front-wheel-drive Caddies. According to the article, it is activated by the air bag being deployed. In addition to honking and flashing, the system will transmit (to whom was not clear) the location of the car in event of accident, theft, or "other emergencies". The system also includes navigational assistance that works throughout the US, using the car telephone as the output device. OnStar's managing director, Chet Huber, is attributed as saying, "the company has done extensive market research that says drivers want a greater sense of security and control." Tying the car into a nationwide communication system that can track your every move and control your car is evidently how they intend to accomplish this. The RISKS here are numerous, in my mind: 1.A `false alarm' condition could cause the emergency transmissions, flashing lights, and honking horns, when there is in fact no emergency. This is similar to the present risks associated with home alarms. 2.Tracking the location of one's car can be a benefit (prevents you from getting lost in the Mojave), but it can also allow people to find you when you don't want them to. Cars have traditionally been seen as private havens in the US. 3.The system could give wrong navigational information to the driver. Who will be verifying the nationwide database of road information? The driver could follow the system's recommendations and become lost. Come to think of it, I guess that's an argument for having item 2. Mark Anthony Beadles beadles@acm.org - http://www.acm.org/~beadles ------------------------------ From: taxhaven@ix.netcom.com (Adam Starchild ) Date: 14 Feb 1996 18:30:34 GMT Subject: Web Surfers: Your Computer Is Watching You Organization: Netcom Takeb from The Financial Times (London) for February 12, 1996: This Bug In Your PC Is A Smart Cookie by Tim Jackson Dear Mr. Jackson: Our in-store cameras have recorded your repeated visits to our fruit and vegetable counter. Yet even though you buy things in other departments -- I hope last month's kid gloves came in handy during the cold snap! -- we see that you have never bought fresh produce from us. Three times last week you stood in front of the fresh mangoes, but never took the plunge. So I'm writing to let you know about our upcoming special offer on tropical fruit. As far as I know, no shopper has ever received such a letter. Camera technology is many years from being able to follow a single person around a department store, let alone tally that person's movements against sales records. Yet these methods of keeping tabs on the behaviour of customers are possible today in cyberspace. Technology is already in place -- and ready to be put to use on the World Wide Web of the Internet -- that will allow Web site owners to gather an alarming range of information on the people who look at their Web pages from PCs at home. Most Internet users are not aware that such possibilities exist. They believe, correctly, that when they surf the Web, the information sent from their PC to the Web site is an IP address - - a string of digits that specify the Internet location of the computer they are logging in from. Tracking down the customer from that information alone is an inexact science, since a single IP address can be shared by hundreds of people working at a company, or thousands of people using an online service. But the leading software used on the Web contains a little- known wrinkle that increases the power of companies to find out who their customers are and what they are up to. It allows companies to track which Web pages an individual looks at, when, for how long, and in what order. That information can be tallied against information the customer provides of his own free will -- for instance, when he "registers" for membership by giving a name and e-mail address, or provides a credit card number and a address when ordering a delivery -- to produce a comprehensive record of individual behavior. Most extraordinary of all, this information can be stored on customers' own PCs without their knowledge. It can be kept in a form so that only the company that collected the information can benefit from it. And when the customer connects to the Web site later, the site can silently interrogate his PC and pick up the information. The formal name for the objects where the information is stored is "persistent client-state hypertext transfer protocol cookies." Those who dismiss this as an early April Fool joke can find the specification describing the cookies by using the search engine on Netscape Communications' home page. A technical note written in July 1995 describes the specification as preliminary, and warns users to treat it with caution. But the facility has been fully operational on Netscape browser software since version 1.2 Each cookie, or nugget of information, can be up to four kilobytes and each server is allowed to deposit 20 cookies on every client computer. The total of 80 kilobytes that this represents is roughly equivalent to 18 articles the length of this one. But this limit can be circumvented by the simple device of having a number of different servers inside the company. As a result, a company can theoretically store 1.2 megabytes of information -- twice the length of Persuasion -- on each customer PC. As a group, those who inhabit the online world tend to be watchful of their privacy. When they became aware last year that MSN, Microsoft's online service, was able to download a list of programs on customers' PCs as they logged in from home or work, there was such a fuss that the company was forced into a hasty damage-control exercise to reassure the world that its intentions were honourable. Client-state cookies are in a slightly different category. They do not allow one company to snoop on another, and they gather only information about consumers' behaviour at a single company's Web site or information that customers themselves volunteer. But many PC users may take a dim view of Netscape's failure to draw their attention to the fact that their behaviour may be tracked i this way. Moreover, there appears to be only one way to disable the facility: by manually amending or deleting the COOKIE.TXT file containing all the cookies. Netscape describes the system as a "powerful new tool which enables a host of new types of applications to be written for Web-based environments," and of course the company is right. Cookies allow customers to do repeat business with companies without having to retype their details. There are plenty of other very useful purposes to which the cookies could be put in future. Yet the tale of these cookies is an illustration of the possibilities that Internet marketing opens up. In the old days, placing an advertisement was like firing a blunderbuss: remember the old quip that half the money spent on advertising was wasted, but that no-one knew which half. Today, technology has created silver bullets that allow companies to target people individually. In the long term, this is a good thing, for it will tailor advertising more closely to what consumers want. But at stake is the issue of privacy which needs to be debated. The only consolation is that breaches of privacy using this technology are unlikely to have any life-and-death consequences. The worst thing most companies will do, after all, is try to sell you something. Posted by Adam Starchild Asset Protection & Becoming Judgement Proof at http://www.catalog.com/corner/taxhaven ------------------------------ From: fyoung@oxford.net (F Young) Date: 15 Feb 96 01:19:36 EST Subject: Re: Anonymous Remailers are a Virus Spreading Online Remember the message written by Phil Zimmermann about the case against him being dropped? Many people were concerned when the PGP signature didn't compare, in fact, the signature in some of the messages probably got altered accidentally. By the same token, someone who receives an anonymous message should read it with a grain of salt. The authors said "[] is in Finland. It is frequently used by the Russian (ex-KGB) criminal element." Is this an attempt to say because some criminals use such service, legitimate uses should be curtailed or compromised? I remember similar arguments were used for the promotion of the Clipper chip and the export control of strong crypto. Also, because some criminals use guns, then law abiding citizens should not be allowed to own them? Besides, is not truly anonymous. The system operator knows who the users are, I'm sure the authors konw that. I'm glad the authors finally recognized legitimate uses of anonymous remailers. The only problem I can forsee with anonymous re-mailers is spamming. But comparing anon re-mailers with epidemics is a little far fetched, and the last thing we need is more government regulations, PERIOD! ------------------------------ From: cnordin@vni.net (Craig Nordin) Date: 15 Feb 1996 15:02:16 -0500 Subject: Re: Anonymous Remailers are a Virus Spreading Online Organization: Virtual Networks References: Note the SAIC name in the byline. Note that CIA folk have often published stuff and not fessed up to having a CIA background. Anonymous remailers are the number one threat to total control via government. If you read something anonymous you can discard it simply because the writer is unwilling to stand beside his words. Or, you can see if it is an apt piece of writing and decide that it does apply, even without an author. This thread is part of a "school" of such topics now reaching us through various media. Note the recent news made by an internet announcement that a girl was being abused by her mother. Kids are said to be making bombs from instructions via the Internet (and why were they making so many bombs learned from libraries and colleges before and not even making it past the local news?). Some people don't like utterly free speech. -- http://www.vni.net/ cnordin@vni.net Fly VNI: Send E-Mail to info@vni.net ------------------------------ From: "Prof. L. P. Levine" Date: 15 Feb 1996 16:22:41 -0600 (CST) Subject: Re: Anonymous Remailers are a Virus Spreading Online Organization: University of Wisconsin-Milwaukee My most serious question about anonymous remailers is this: How can we be sure that the operator of such a remailer is not a federal or other governmental agent? That person is trusted with our privacy and has all the data needed to identify a user. If I were the Feds I would already have set up such a "sting" operation, the temptation is just too great. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 PGP Public Key: finger llevine@blatz.cs.uwm.edu ------------------------------ From: gmklein@ix.netcom.com (Gary M. Klein ) Date: 16 Feb 1996 09:09:06 GMT Subject: New Discussion Group: Communications Decency Act of 1996 Organization: Netcom In light of the recent furor over the airwaves, in the media and in lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United States' President Clinton signed into law on February 8, 1996, I have created a forum for people to discuss the concerns raised by this (and similar) pieces of legislation. LISTNAME: CDA96-L FULL TITLE: Communcations Decency Act of 1996 Discussion Group FORMAT: Un-moderated, Postings must come from registered subscribers SUBSCRIPTIONS: via LISTPROC software LISTOWNER: Gary M. Klein Management & Business Economics Librarian Hatfield Library Willamette University Salem, Oregon 97301 USA DESCRIPTION: CDA96-L is open to anyone. Its primary role is to serve as a means of communication among people who are concerned about the implications of the United States of America's COMMUNICATIONS DECENCY ACT OF 1996 (signed into law by President Willam J. Clinton on February 8, 1996). Its secondary role is to serve as a discussion forum for similar legislation or regulation that may be in the formative or final stages in any other country, or at any local jurisdiction taht would restrict, limit or inhibit use of Internet resources based on "decency," "morality," "offensivness," or based on teh age of someone using, operating or accessing an Internet resource. SUBSCRIBING TO THE "CDA96-L" LIST: Anyone may subscribe to the list by sending a simple subscription command to SUBSCRIBE CDA96-L Your Name For example, if Idi Amin were still alive and wanted to subscribe, the post would resemble this: mailto: LISTPROC@WILLAMETTE.EDU text: SUBSCRIBE CDA96-L Idi Amin -- GARY M. KLEIN "not your average leathered librarian & indecent communicator" Hatfield Library / Willamette University / Salem, Oregon 97301 USA work #503-370-6743 / gklein@willamette.edu http://www.pobox.com/~gklein ------------------------------ From: "Prof. L. P. Levine" Date: 16 Feb 1996 16:21:23 -0600 (CST) Subject: Canadian Privacy Files Abstracts Available Online Organization: University of Wisconsin-Milwaukee Taken from EPIC Alert 3.04 February 16, 1996 Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. info@epic.org http://www.epic.org/ Privacy Files provides detailed information about current privacy developments in Canada. A recent issue explored the Supreme Court decision on record confidentiality, Ontario's Bill 26, and the current status of privacy for municipal employees. To receive Privacy Files Abstracts, send the message "Add me to 'Privacy Files Abstracts' list < your name >" to: privacy.files@progesta.com. To subscribe or to receive detailed information about subscription rates, send "Subscription information < your name >" to: privacy.files@progesta.com. More information about Privacy Files is available at E-mail: privacy.files@progesta.com Snail mail: 1788 d'Argenson, Ste-Julie (Quebec) CANADA J3E 1E3 Voice: +1 (514) 922 9151 Fax: +1 (514) 922 9152 Voice (toll free from Canada & US): (800) 922 9151. ------------------------------ From: "Prof. L. P. Levine" Date: 16 Feb 1996 16:22:35 -0600 (CST) Subject: Economist magazine Calls for New Privacy Laws Organization: University of Wisconsin-Milwaukee Taken from EPIC Alert 3.04 February 16, 1996 Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. info@epic.org http://www.epic.org/ The Economist magazine called for the adoption of new privacy laws in an editorial published on February 10, 1996. The international news publication warned that new technologies and the growing sale of sensitive data are threatening personal privacy. "Given these technological advances, maintaining the degree of anonymity that people used to enjoy will take regulation," said the London-based publication. The Economist, hardly known for its pro-regulatory stands, recommended that information gatherers be required to gain explicit permission before engaging in subsequent use of personal data. "There is little reason to suppose that market-driven practices will by themselves be enough to protect privacy." The magazine concludes that if regulations are adopted "Companies would collect and resell information more discriminately. And people who cherish their digital privacy would have the means to protect it -- which is as it should be." ------------------------------ From: "Prof. L. P. Levine" Date: 16 Feb 1996 16:23:39 -0600 (CST) Subject: Congress Sets Date for Votes on ID Card Bill Organization: University of Wisconsin-Milwaukee Taken from EPIC Alert 3.04 February 16, 1996 Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. info@epic.org http://www.epic.org/ The Republican leadership in Congress has set dates for consideration of two key bills that raise serious privacy issues. The House has agreed to vote on the controversial Comprehensive Anti-terrorism Act of 1996 (HR 1710) during the week of March 11-15. The bill increases the ability of the FBI to conduct wiretaps, use illegally obtained wiretaps in court, and access travel, purchase and telephone records without a court order. A previous vote on the bill was delayed after both liberal and conservative members of Congress opposed the bill last year. More information is available at: http://www.epic.org/privacy/terrorism/ The Senate Judiciary Committee has agreed to markup the Immigration Reform Act of 1996 (S. 269/1394) on February 29. The full House will vote on HR 2202, the House version of the legislation, on March 18. The bill creates a national registry of all persons in the United States who are eligible to work. Employers will be required to check this database before any person can be hired. Several Senators plan to introduce amendments to require the creation of a national ID card in addition to the database. ------------------------------ From: lazooli@grove.ufl.EDU Date: 12 Feb 1996 16:40:14 -0500 (EST) Subject: Call for Papers Journal of Technology Law & Policy University of Florida College of Law ****************************************** CALL FOR PAPERS ***************************** Spring 1996 The Journal of Technology Law & Policy is devoted to exploring the legal and policy issues raised by emerging technology. We invite contributions of original works for our Spring, 1996 issue. Student contributions are encouraged. To promote access to the Journal, the Journal will be published on the World Wide Web. Submissions to the Journal are encouraged to take full advantage of this medium. Relevant graphics, sound, and video may be utilized. There are no length limitations for submissions. Submissions must include a copy in electronic form. All citations should be in Bluebook and endnote form. Please include the URL of any cited information available online. Please direct all questions, and submissions to techlaw@grove.ufl.edu _____________________________ http://grove.ufl.edu/~techlaw techlaw@grove.ufl.edu Fax number: (352)-377-7655 Mailing Address: Journal of Technology Law & Policy University of Florida College of Law P.O. 117640 Gainesville, FL 32611-7640 ------------------------------ From: "Prof. L. P. Levine" Date: 30 Jan 1996 18:45:30 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #015 ****************************** .