Date: Fri, 19 Apr 96 18:02:13 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#033 Computer Privacy Digest Fri, 19 Apr 96 Volume 8 : Issue: 033 Today's Topics: Moderator: Leonard P. Levine Re: USENET Reposters: Privacy and Copyright Concerns Re: USENET Reposters: Privacy and Copyright Concerns Re: USENET Reposters: Privacy and Copyright Concerns Computer Checking of Australian Air Passengers Re: Robert Arkow vs CompuServe and CompuServe Visa Re: Copyright of Usenet Articles Re: JAVA Re: JAVA Re: JAVA Re: JAVA Re: Deja News Re: Deja News Re: Deja News Re: Deja News Deja News Alternatives to SSN UK Government to Introduce Key Escrow Sprint Free Fridays - New Exception List Final Call for Papers - Colloquium on Personal Information Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: jenny simmonds Date: 15 Apr 96 12:30:36 GMT Subject: Re: USENET Reposters: Privacy and Copyright Concerns Organization: Myorganisation References: rj.mills@pti-us.com "Dick Mills" writes: What if you post your thoughts on the bulletin board at the supermarket, them someone photographs the whole bulletin board and publishes that? What if you make a speech at a public gathering and all the TV, radio and newspaper people report it at great length? (you should be so lucky) ------------------------------ From: Richard_Lee@ssw.mclean.sterling.com (Richard A Lee) Date: 15 Apr 1996 20:25:10 GMT Subject: Re: USENET Reposters: Privacy and Copyright Concerns Organization: Sterling Software ITD, McLean, VA References: peter@nmti.com (Peter da Silva) writes: Some years later a company named Sterling Software started selling Usenet feeds on CDROM. There was much bitching, but nobody was able to make a convincing case that this was any different from any other feed. What happened to them, anyway? Sterling Software is alive and doing very well, thank you. It used to put articles from software-related groups onto CDROMs and sell them, but got out of that business some time ago. There are probably other companies out there doing it now, but I wouldn't know who. -- Richard Lee rlee@mclean.sterling.com Sterling Software, McLean VA "Don't take life so serious, son... It ain't NOHOW permanent." ------------------------------ From: "James Brady" Date: 16 Apr 1996 15:37:50 -0400 Subject: Re: USENET Reposters: Privacy and Copyright Concerns Patrick Crumhorn wrote: Well, Allan Sherman's (admittedly humorous) attempt at copyrighting the note "middle C" would not pass the eight-bar test, if judged as a musical composition, true. The problem here is that "middle C" is not a composition, but a frequency (of 256 Hertz, if memory serves correctly). And over the past several years, the US government has ruled that actual ownership of specific frequencies is indeed legal, and protected by law. The problem here is in the type of frequency. "Middle C" is only a valid definition of an AUDIO frequency. It is not a RADIO frequency governed by the FCC or any other governmental body. Let's keep the spectrum straight in our discussions. Ownership of Radio Frequencies _for_communications_ (the Middle C of FCC) is a legitimate, method of managing a phenomenon that requires some technological means to generate and/or receive it. Ownership of "Middle C" in the audio spectrum is just plain silly since it is a naturally occuring phenomenon in human speech and various sounds of nature. As for Mr. Sherman's copyright, I suppose if a particular song had eight bars of nothing but "Middle C" in the melody, it would pass the test and be subject to an infringement suit which would probably not net anything of value since such a monotonous song would not sell a whole lot of copies. I doubt if even Gregorian chants change notes THAT slowly.... ------------------------------ From: taxhaven@ix.netcom.com (Adam Starchild ) Date: 15 Apr 1996 15:30:10 GMT Subject: Computer Checking of Australian Air Passengers Organization: Netcom Taken from The Financial Times (London), April 15, 1996: A swipe at queues Travel News by Roger Bray Qantas is to launch a new passport and visa checking system in Sydney which could cut queues for first- and business-class passengers by an average of 20 minutes. At check-in, passengers' details are flashed to Canberra for instant verification. Information such as the passenger's name, passport number and date of birth is then automatically printed on a boarding pass- style card. The card has a magnetic strip with an identification number which allows immigration officers to swipe it through electronic scanners. The system, already in place for transferees and those arriving from Los Angeles, Auckland and Hong Kong, will be available to all departing passengers. -- Posted by Adam Starchild The Offshore Entrepreneur at http://www.au.com/offshore ------------------------------ From: eck@panix.com (Mark Eckenwiler) Date: 15 Apr 1996 13:36:36 -0400 Subject: Re: Robert Arkow vs CompuServe and CompuServe Visa Organization: Saltieri, Poore, Nash, deBrutus & Short, Attorneys at Law References: Urs.Gattiker@uniBW-Hamburg.de sez: I am looking for information on Robert Arkow and his lawsuit against CompuServe and CompuServe Visa. The information I have to date is that the lawsuit was filed, however I need to know what the outcome was or if it is still pending. Do you have such information, and if so, could you please let me know where I can find it? The case settled on undisclosed terms. For more on Arkow and the legal issues he raised re the application of the TCPA (federal anti-junk-fax law) to junk e-mail, see my article at http://techweb.cmp.com/net/issues/036issue/036law.htm -- Sold by weight, not by volume. Some settling of contents may have occurred during shipment and handling. Mark Eckenwiler eck@panix.com ------------------------------ From: Jonathon Blake Date: 16 Apr 1996 02:55:39 +0000 (GMT) Subject: Re: Copyright of Usenet Articles skg@sadr.com (Keith Graham) said: However, if there's a market in "tracking specific user's postings for I knew somebody who started doing this three or so years ago. << I've since lost contact with them. >> HR purposes", to give an example, then companies could keep those profiles and sell them to any buyer. ("Give us an email address and we'll give you summaries of their posts!") The claim was they could provide this service by scanning UUCP newsgroups, FidoNet, RIME, and several other networks that were distributed using Fido Technology and QWK technology. It's all legal since they aren't redistributing the posts, and locks out us mundane people from doing searches. There was a legal problem, but I don't remember if it was RIME, Fido or UUCP Newsgroups that were the problem. And that assumes that companies wouldn't do the archive internally (which also gives them internal search capability for other subjects.) A few do, most don't yet do it. Within five years I expect it will be as common as pulling a credit report on a proposed new hire currently is. One of the things that should happen, is that college and possibly local newsgroups shouldn't be archived (and perhaps not even distributed outside of the college.) That would allow "young minds" That is a good idea. But as the spread of such newsgroups as netcom.shell.general have shown, just because the site states something to be a violation of the terms of service, and the newsgroup is not provided to UUCP feeds, and posts usually have the "Distribution: netcom" header, they still leak. some of my rants on BBSes and private discussion groups 10 years ago would surface now.) I doubt those from ten years ago would surface now. Five years ago, possible --- probable if you get into some major flamefests then. for now at least, you can always change your account and claim that the posts were from a "different Keith Graham". :-) ) And if somebody has the time, or the money to pay somebody, the post made by the alleged "different Keith Graham" can be proved to be made by the "same Keith Graham" that is using a new, different account. This also stresses the need for anonymous remailers, etc. If you're posting something you don't want attributed to yourself for privacy Agreed. - jonathon grafolog@netcom.com ------------------------------ From: Barry Margolin Date: 15 Apr 1996 23:33:46 -0400 Subject: Re: JAVA Organization: BBN Planet Corp., Cambridge, MA References: George wrote: What to stop this from implanting a virus? or from sending information on the system to a remote site? Seems risky to me. Java has built-in restrictions that are supposed to prevent it from being used to implant viruses or send information to remote sites. A Java applet shouldn't be able to read and write arbitrary files or make random network connections. -- Barry Margolin BBN PlaNET Corporation, Cambridge, MA barmar@bbnplanet.com Phone (617) 873-3126 - Fax (617) 873-6351 ------------------------------ From: johnl@iecc.com (John R Levine) Date: 16 Apr 96 14:11 EDT Subject: Re: JAVA Organization: I.E.C.C., Trumansburg, N.Y. Does JAVA and similar programming languages pose a security problem or a virus risk? Java is designed to make it possible to run downloaded applets securely. Your browser or whatever can statically scan the applets it loads to make sure they're logically valid, e.g. no writing to other people's memory or stuff like that. By default an applet can't read or write any files and can only communicate with the host it was loaded from. The guy who designed Java has been around the block enough times that he's thought out these issues pretty well. Nonetheless, it seems that with Java we are once again discovering how many different covert channels there are lurking about on your typical computers. None of the problems I've heard of are flaws in the basic Java design, but rather assumptions it makes in the environment in which it'll be run. For example, Java works by gluing different modules (classes in OO-speak) together, and it assumed that modules loaded from the client's local disk were secure. Except that lots of systems have public "incoming" directories into which anyone can upload a file. Oops. The usenet group comp.lang.java has a vigorous discussion of Java issues going at all times, for people who want to investigate further. -- John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof ------------------------------ From: Shannon Wenzel Date: 18 Apr 1996 21:27:32 -0400 Subject: Re: JAVA Organization: Netcom References: George wrote: Does JAVA and similar programming languages pose a security problem or a virus risk? As I understand it, these languages are a modified "C" which are downloaded with a web page and then execute on the local (terminal) computer. What to stop this from implanting a virus? or from sending information on the system to a remote site? Seems risky to me. JAVA does pose a security risk for Internet users. Several JAVA-related bugs have been identified as related to NETSCAPE 2.0 which is the first browser (HotJAVA was truly first but only implemented alpha and beta versions of JAVA) to have JAVA capabilities. The JAVA language does provide security features, however. Specifically, java apps "load" on your computer. These apps require libraries of classes to execute on your computer. If you look in the NETSCAPE directory, you will find a JAVA subdirectory that contains these libraries. That does not mean you can write JAVA apps using NETSCAPE, just that you can execute JAVA apps under NEYSCAPE. The JAVA apps are designed to call these libraries. The security feature prevents strange libraries from downloading to your computer -- in ideal circumstances. In addition, the current version of JAVA prevents reading and writing local files (i.e., the files on your computer). JAVA is a language undergoing continuous evolution and development. Yes, you should be concerned about current JAVA apps but no more concerned than about other virus delivery methods. SUN has a real interest in defeating these security risks if they want to truly supplant C, C++, and VB. -- ///////////////////////////////////////////////////////////////////// Shannon Wenzel KA3WBH Princeton, NJ Is it not possible than an individual may be right and a government wrong? -- Henry David Thoreau \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ------------------------------ From: klanza@world.std.com (Kurt J Lanza) Date: 19 Apr 1996 20:25:00 GMT Subject: Re: JAVA Organization: The World Public Access UNIX, Brookline, MA References: geosys@digital.net (George) writes: Does JAVA and similar programming languages pose a security problem or a virus risk? As I understand it, these languages are a modified "C" which are downloaded with a web page and then execute on the local (terminal) computer. What to stop this from implanting a virus? or from sending information on the system to a remote site? Seems risky to me. Me too. The basic idea seems to be that java code is compiled to a "byte-code" which is downloaded and executed by a java interpreter on you system. The interpreter is supposed to stop dangerous things from happening (assuming all the preferences are set correctly). And if you think this is safe for the average non-techie user, I have a bridge I know you'll be interested in. Hope this helps. -- Kurt J. Lanza ------------------------------ From: dan@dvl.co.nz (Dan Langille) Date: 16 Apr 1996 10:08:53 GMT Subject: Re: Deja News Organization: DVL Software Limited References: jenny simmonds wrote: I am writing an article about Deja News and am interested in hearing from anyone who thinks it breaches their privacy. In the interests of fairness, I'd also like to hear from those who don't think it breaches privacy :-) I don't have any problem with Deja News. Anything which I am posting to UseNet is basically being published on the open market. I feel I own what I publish. All they are doing is storing it. I don't have a problem with that. So long as what I write is always attributed to me. -- Dan Langille DVL Software Limited ------------------------------ From: munthali@infi.net Date: 16 Apr 1996 12:23:34 -0400 Subject: Re: Deja News Organization: Cerebral Synergy References: jenny simmonds wrote: I am writing an article about Deja News and am interested in hearing from anyone who thinks it breaches their privacy. In the interests of fairness, I'd also like to hear from those who don't think it breaches privacy :-) The best explanation I've heard for AltaVista and DejaNews, is that they are web-based indexing news server with articles that have no expiry date. If you don't want your publicly read article to be indexed then a) don't post it at all to any newsgroups or b) learn to use "X-No-Archive: Yes" as one of your headers This should suffice to ensure privacy concerns are met. -- Donald L Munthali munthali@infi.net X-No-Archive: Yes ------------------------------ From: melorama@pixi.com (Mel Matsuoka) Date: 17 Apr 1996 06:39:27 GMT Subject: Re: Deja News Organization: Pacific Information eXchange, Inc. References: jenny simmonds wrote: I am writing an article about Deja News and am interested in hearing from anyone who thinks it breaches their privacy. In the interests of fairness, I'd also like to hear from those who don't think it breaches privacy :-) I dont see how dejanews breaches anyones privacy. For one thing, if you dont want anyone to see what you have posted to USENET, why would you post to USENET at all? If you were going to post to a lascivious newsgroup, such as alt.sex.stories, etc., you would use an anonymous remailer if you didnt want anyone to know it was you. But the biggest reason why this is not an invasion of your privacy is that dejanews *will not* archive your posting if you add the heading "X-No-Archive: Yes" to the header fields. What I think is much more of a privacy breach are are services such as MapQuest (www.mapquest.com), which lets you graphically "zoom in" on the location of someone by thier street address, and the wpy.net service (http://wyp.net/info/search/NA.html) which lets you find anyone by cross-referencing thier phone number, name, street address, etc. When used in conjunction with each other, the nefarious applications become apparant. -- mel matsuoka PGP public-key available on all internet keyservers ------------------------------ From: markm@xetron.com (Mark Malson) Date: 18 Apr 1996 20:24:26 GMT Subject: Re: Deja News Organization: Xetron Corporation References: jenny simmonds wrote: I am writing an article about Deja News and am interested in hearing from anyone who thinks it breaches their privacy. In the interests of fairness, I'd also like to hear from those who don't think it breaches privacy :-) I don't ever post anything to Usenet that I wouldn't yell from the top of my roof. I have no expectation of privacy, therefore I do not think DejaNews breaches my privacy. FWIW, I have found DejaNews to be a very valuable tool for searching UseNet archives in a few ways: 1) to find an old article that I had read and since forgotten, especially to retrieve vendor phone numbers. I used it just today for that purpose. I used to depend on the news server to keep them around long enough, but if it rolled off, it used to be gone forever. Not anymore. 2) When checking out a company to see if I wanted to work for them, I used DejaNews once to see what sort of "net presence" that company had. I figured if they had little presence, then they have no Internet connection or low bandwidth. If they had presence mainly in, say, comp.sys.mac.* groups (their main focus), they would have a large basis of expertise and a desire to be helpful. If their presence was mainly in, say, rec.travel.cruises, then I figure they're probably _not_ a very helpful culture, possess little expertise, or are a bunch of loafers. BTW, I checked out the company I work for _after_ developing these classifications and was impressed with how my co-workers are present on the net in areas related to our jobs, and I think my classification accurately represented my company's culture. NOTE: You have to know how big the company is to get a good picture, and their presence must be weighted by their size. 3) DejaNews is useful to news admins because with such a service, the admin can conserve disk space by eliminating old articles and referring people to DejaNews for older articles. This lets the admin subscribe to more newsgroups. 4) I can search newsgroups that my admin does not subscribe to. IMHO, I think anyone who expects any sort of "privacy" should not open their window, yell across the street, and then accuse people within earshot of "eavesdropping". Nor should they use UseNet. -- Mark Malson markm@xetron.com ------------------------------ From: johnb@bird.Printrak.Com (John Bredehoft) Date: 19 Apr 1996 08:41:33 +0800 Subject: Deja News Organization: Printrak International Inc. Jenny Simmonds (jenny@porky.demon.co.uk) wrote: I am writing an article about Deja News and am interested in hearing from anyone who thinks it breaches their privacy. In the interests of fairness, I'd also like to hear from those who don't think it breaches privacy :-) I would definitely fall in the latter category. Whatever Deja News, Alta Vista, et al might be, they are *not* breaches of privacy. I like to contrast the availability of articles on Deja News to the availability of cordless phone conversations. When you use a cordless phone, your intent is to use it to talk to a single party. Yes, the transmission is broadcast all over the place, but that is not your intent. Based on intent, I would consider that a "private" conversation. However, when you post an article to Usenet, you are intentionally "broadcasting" to a large number of people. (Some news software packages explicitly remind you that you are posting to thousands or millions of machines or whatever the number is now.) When I have posted articles to alt.fan.kroq (look it up! :) ), I was well aware that the original message would be read by numerous people at the time that I posted it. Based on intent, I would *not* consider Usenet postings a "private" conversation; therefore, no privacy is breached. The fact that some of the "people" who receive my Usenet postings (e.g., Deja News and Alta Vista) happen to keep those articles available for months (eventually, years) does not change the basic fact that the original conversations were public in the first place. Sure, one could quibble about ignoring "Expires:" headers and the like, but I still feel that this is not a *privacy* issue. One should also remember that Deja News and similar services are not the only way in which Usenet postings are preserved. Usenet traffic can also be preserved on an ftp site, or in a Web-accessible digest; I'd assume that comp.society.privacy postings are accessible via one or both of these methods.i I don't feel that these violate my privacy, again since this original posting will be publicly accessible in the first place. Well, now it's time to look up Jenny ;) ... > > --| Jenny Simmonds, Overseas Jobs Express Net columnist | > | Send overseas jobs news to jenny@porky.demon.co.uk | > | Visit our home page at http://www.ahoy.com/oje/ | -- The views of John E. Bredehoft, johnb@printrak.com are not necessarily those of Printrak International Inc. "They're faxing, over the Internet, pictures of Madonna and Vanilla Ice." -Rick Dees ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: 17 Apr 96 20:28 EST Subject: Alternatives to SSN Does anyone have ideas and suggestions for alternatives to using Social Security numbers to manage large personal data bases - methods like Alpha Search and Soundex? Are there other ways to manage a huge data base and make matches and retrieve files without using SSNs or even numerical identifiers? -- Robert Ellis Smith, Privacy Journal, Providence RI 401/274-7861. ------------------------------ From: rja14@turing.newton.cam.ac.uk (R.J. Anderson) Date: 18 Apr 1996 08:46:04 GMT Subject: UK Government to Introduce Key Escrow Organization: Isaac Newton Institute, University of Cambridge Despite assurances from John Major to David Shaw MP that the British government had no intention to limit the domestic use of cryptography, there is now a UK policy to introduce key escrow. The debate was conducted in secret in Whitehall; we the people were not consulted at all. Details can be found in a booklet called `The use of encryption and related services with the NHSnet', published by the NHS Executive (copies from the Department of Health, Fax 01937 845381). The points of most interest to the privacy community are probably the following. 1. `HMG has, for a number of years, been developing its ideas for a national Public Key Management Infrastructure having what is known as Key Recovery (KR) facilities. HMG's interest in Key Recovery is driven by its Law Enforcement needs. Papers describing schemes with this capability are now in the public domain for review and comment. It is expected that eventual national policy in this areas, supported by legislation, will involve the use of KR capabilities shaped closely along the lines indicated by current papers' (p 58). 2. The choice facing the NHS is `whether it wishes to implement the KR capability within it or not' (p 58). 3. Long term keys will be certified using a `Trusted Third Party' and there is budgetary provision for eight full time NHS staff to run this. 4. The critical question of `the legal conditions under which TTPs will be able to release information under their control or care' is dodged; it `will have to be investigated'. 5. The encryption algorithm used will be an unpublished block cipher called `Red Pike' that has been developed by GCHQ. I have obtained through other channels a copy of a GHCQ certificate evaluating this algorithm to `Restricted'. Key establishment will be Diffie Hellman based, and DSA will be used for signatures. 6. The proposal to make the NHS adopt the TTP/Red Pike strategy is part of a wider initiative that will include the electronic submission of proposals to government departments by suppliers and of tax returns by small businesses. A goal is to `encourage a wide range of commercial off-the-shelf (COTS) products to be developed'. (Note: this mirrors the NSA policy under which the US Department of Defense is trying to get software suppliers to develop products with weak or escrowed crypto that can be replaced with plug-compatible but stronger military crypto. See Microsoft crypto API, the Fortezza card, and so on.) 7. There is extensive - and grossly inaccurate - criticism of alternatives (products such as PGP, and algorithms such as RSA and triple DES). Some of the statements may reflect GCHQ's legislative or regulatory intentions. For example, on page 61 it is stated that DES `is not normally available to users in other commercial sectors unless it is used by them only in relation to the protection of financial data'. The author seems ignorant of the Unix password mechanism, Sky-TV key management, prepayment gas meters, and the infrared gate openers used by season ticket holders at municipal parking garages in Glasgow. I mentioned this report yesterday evening to an employee of a defence software firm and he informed me that there was a presentation at GCHQ two weeks ago for those `inside the tent pissing out' at which all the above (and presumably more) was revealed. The implications are many and varied. For example, the establishment of a government facility to certify who is, and who is not, a medical doctor would usurp the General Medical Council's traditional function. One wonders whether there is a plan to nationalise the Law Society, the Institute of Chartered Accountants, and other professional bodies? At the most basic level, it appears unlikely that this report will contribute to establishing the level of trust in the privacy and safety of clinical telematics that will be needed if we are to realise its many potential benefits for patient care. Ross ------------------------------ From: * subramanian sivaramakrishnan * Date: 18 Apr 1996 22:31:08 EDT Subject: Sprint Free Fridays - New Exception List Organization: Penn State University References: According to Sprint, FCC tariff regulations permit a unilateral change to combat fraud, even if the change affects non-fraudulent customers. But, where is the question of fraudulent customer here ? When I signed up for Business Sense, I asked the Sprint representative at least four times what the catch is since they were allowing me as a residential customer to sign up. She said "Sir, we are trying to increase our market share." In fact, they asked me for my social security number before signing me up. Doesn't make sense for them to ask for the ss# if they thought I was a business. If they did, they would have asked me for my tax id# instead. Btw, I am one of those who did not get a mailgram asking for proof of business. I wonder what criterion they used. I did get the mailgram about the 9 countries though. Rather than we debating about this Sprint thing, can some lawyers who read this newsgroup let us know whether there's room for a class action lawsuit or not ? Did I hear you say that your legal advice is free on Fridays ?.....:-) -- subbu ------------------------------ From: rja14@turing.newton.cam.ac.uk (R.J. Anderson) Date: 18 Apr 1996 08:51:51 GMT Subject: Final Call for Papers - Colloquium on Personal Information Organization: Isaac Newton Institute, University of Cambridge PERSONAL INFORMATION - SECURITY, ENGINEERING AND ETHICS 21-22 June, Isaac Newton Institute, University of Cambridge FINAL CALL FOR PAPERS Many organisations are building computer networks that will share medical records and other highly sensitive personal information. This has led to debate in the UK, the USA, Germany and elsewhere over both the propriety of such information sharing and the technical measures that are necessary to control it. The debate has shown how little we understand about the protection of personal information. Most existing models of computer security were developed for applications in banking and commerce or for the military and intelligence communities. There the goal of confidentiality is to protect the organisation's assets and operations. With personal information, on the other hand, the goal is to uphold the rights of the individual, and to facilitate professional practice in line with established codes of ethics. It is becoming clear that systems cannot adequately protect medical records and other personal information by blindly following the banking and military paradigms of computer security. A fresh approach is needed. For this reason, the British Medical Association is sponsoring a two day colloquium at the Isaac Newton Institute, Cambridge, whose goal is to bring together medics and other people interested in protecting personal information with computer security professionals. It will be the closing event in a six month research programme attended by many of the world`s top researchers in computer security and related topics. Topics of interest include the interaction between privacy and safety, security and safety policy, technical aspects, practice in different countries, the tension between clinicians and researchers, privacy in other systems (such as those supporting legal practice), the philosophy of privacy, and the regulation of access to personal information by administrators and law officers. Instructions for Authors: Interested parties are invited to submit papers or extended abstracts of papers electronically (ascii, latex or postscript) or in paper form; in the latter case, send twelve copies suitable for blind refereeing (the authors' names should be on a separate cover sheet and there should be no obvious references). Papers should not exceed fifteen pages in length. Addresses for submission: Dr Ross Anderson Isaac Newton Institute 20 Clarkson Road Cambridge CB3 0EH, England rja14@newton.cam.ac.uk Programme committee: Ross Anderson (Cambridge University, UK) Ab Bakker (Bazis, the Netherlands) Dave Banisar (Electronic Privacy Information Center, USA) Gerrit Bleumer (University of Hildesheim, Germany) Paula Bruening (formerly Office of Technology Assessment, USA) Ian Cheong (RACGP, Australia) Fleur Fisher (British Medical Association, UK) Elizabeth France (Data Protection Registrar, UK) Bob Frankford (formerly Ontario Legislature, Canada) Peter Landrock (Aarhus University, Denmark) Robert Morris (NSA, USA and Cambridge University, UK) Roderick Neame (Health Information Consulting, New Zealand) Roger Needham (Cambridge University, UK) Beverly Woodward (ACLU and Brandeis University, USA) Deadlines: Paper submission: 10th May 1996 Notification of acceptance: 3rd June 1996 Camera-ready copy for proceedings: 17th June 1996 ------------------------------ From: "Prof. L. P. Levine" Date: 17 Mar 1996 09:14:50 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #033 ****************************** .