TUCoPS :: Privacy :: priv0814.txt

Privacy Digest 8.14 11/1/99

<head><TITLE>PRIVACY Forum Archive Document - (priv.08.14) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<td bgcolor="#ffffcc" width=30%>

<table border=0 cellpadding=4 cellspacing=0 width=100%>

<a href="/reality.html"><img src="/spkr1.gif" border=0 align=middle></a>
<font size=-1 face="Arial, Helvetica, sans-serif"><b>RealAudio</b></font><br>
A Moment of Sanity & Fun!<br>

<font size=-1 face="Arial, Helvetica, sans-serif">
<font color="#ff0000"><b>& UNREALITY TRIVIA QUIZ!</b></font>

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<table border=0 cellpadding=4 cellspacing=0>

<a href="/reality.html"><i>LISTEN</i> or <i>INFO!</i></a></td>







<td align=center>

<font size=+2><b>PRIVACY Forum Archive Document</b></font><br>

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>



PRIVACY Forum Digest     Monday, 1 November 1999     Volume 08 : Issue 14


            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
	         Committee on Computers and Public Policy,      
		 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	"Spies" in Your Software? 
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Students Forced to Wear SSN
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	IPv6 Identifier Privacy Issues: The Reality
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Video Cameras: "Watching Out For You?"  Or Watching You?
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Concern over home photo database (Dominic Cooney)
        Unsolicited Ad Mailing Containing Private Financial Information
	   (Mr. Bentor)
	Privacy Act system notice rule and amendment (Monty Solomon)
	Telephone Privacy (Monty Solomon)
	Privacy of Health Information (Monty Solomon)
	Thermal Imaging In-Home Surveillance OK Without Warrants
	   (Jim Warren)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

	"I thought I'd wake up dead."

		-- James [Agent 007] Bond (Sean Connery)
		   "Goldfinger" (United Artists; 1964)


Date:    Mon, 1 Nov 99 11:57 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: "Spies" in Your Software?

Greetings.  As the percentage of computer users with either on-demand or
permanent connections to the Internet continues to creep ever closer to
100%, some techniques are beginning to appear in software which can only be
described as underhanded--apparently implemented by software firms who
consider it their right to pry into your behavior.

It's becoming increasingly popular for various software packages, which
would not otherwise seem to have any need for a network connection, to
establish "secret" links back to servers to pass along a variety of
information or to establish hidden control channels.  

One rising star in this area of abuse is remote software control.  Various
firms now promote packages and libraries, which can be "invisibly" added to
*other* software, to provide detailed "command and control" over the
software's use, often without any clue to the user as to what's actually
going on.  These firms promote that they can monitor usage, remotely disable
the software, gather statistics--anything you can imagine.  The oft-cited
major benign justification for such systems is piracy control, leading to
gathering of information such as site IP numbers, for example.  If the
software seems to be running on the "wrong" machine, it can be remotely
disabled.  But information gathering and control most certainly doesn't
necessarily stop there!

Another example is the use of such systems in "demo" software.  I recently
received promotional material from a firm touting their package's ability to
prevent demo software from running without it first "signing in" to a remote
server on each run, which would then report all usage of the demo--so the
demo producer could figure out who to target for more contacts ("buy now!")
or to disable the demo whenever they wished--or whatever might be

It is frequently the case that software using such techniques will establish
network connections without even asking the user (though I did succeed in
getting one such firm to promise to change this policy after a long phone
conversation with their president).  But as a general rule, you cannot
assume that you'll ever know that software is establishing a "hidden"
channel, except in cases with dialup modems where you might actually hear
the process.  With permanent net connections, there'd typically be no clue.  

If you think that your firewalls will protect you against such systems, think
again.  The protocol of choice for such activities is HTTP--the standard web
protocol--meaning that these control and monitoring activities will
typically flow freely through most firewalls and proxies that permit web

Other examples of such "backchannels" have also been appearing, such as
e-mail messages containing "hidden" HTTP keys which will indicate to the
sender when the e-mail was viewed by the recipient (assuming the e-mail was
read in an HTTP-compliant mail package).  Is this any of the firms'
business?  No, of course not.  They just think they're being cute, and do it
since they can.  If you care about this sort of thing, read your e-mail in
text-based packages--they're safer from a wide variety of e-mail "surprises"
(including viruses) in any case.  In the Unix/Linux world, "mh" is a good

Whether one cares to view any particular application of these sorts of
"network spy" technologies as trivial or critical will vary of course.  Some
people probably couldn't care less.  Others (especially in business and
government, where hidden flows of information can have serious consequences
indeed) will be much more concerned.

Unfortunately, until such a time as it is clearly illegal for such packages
to siphon information from, or remotely control, users' computers without
their knowledge or permissions, such abuses are likely only to continue
growing in scope and risks.  We haven't seen anything yet.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Mon, 1 Nov 99 12:29 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Students Forced to Wear SSN

Greetings.  In yet another example of what I'll politely call "muddy"
thinking, a school in Louisiana began forcing students to wear "over the
neck" ID badges at all times in school, which contained a barcoded version
of their Social Security Numbers (even though an alternate Student ID,
established to avoid problems with SSN usage, apparently could have been
used).  Teachers, cafeteria workers, custodians, and administrators must wear
these badges as well, I'm told.

Of course, in no time at all students had decoded the barcodes, and even
established a web site to provide the decoding information, to demonstrate
how trivially the SSN could be derived.  This demonstrates pretty clearly
the difference between "encryption" (the word administrators have apparently
erroneously used to describe the barcoded SSN) and simple standardized
encoding.  As an aside, students also found that it was easy to grab the ID
badge rope around other students' necks and play all sorts of "fun" games
that way...

In the wake of the continuing controversy, the school's principal declared
that concerned students could cover up the bar code--but of course it'll be
the students who don't realize the potential problems, and don't bother to
take such actions, who would continue to be at most risk.

It's a bad policy all around.  These sorts of knee-jerk reaction of schools
to highly publicized (but statistically exceedingly rare) events doesn't
really provide any additional useful security against such occurrences, but
seem designed to convince parents that administrators are "doing something,"
however useless--or counterproductive--they might be.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Mon, 1 Nov 99 11:29 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: IPv6 Identifier Privacy Issues: The Reality

Greetings.  Many of you will by now be aware of all the publicity
surrounding reported privacy problems associated with IPv6 (a new version of
the Internet IP communications protocol) currently being developed under
the auspices of the IETF (Internet Engineering Task Force).  

Executive Summary: "Don't Panic!"

Some Background:

The concerns revolve around the use of hardware identifiers (e.g. Network
Interface Card IDs) as part of IPv6 packet addressing.  It has been asserted
that this would enable tracking of individuals' activities on the net much
more easily than is the case today, and bring forth a new range of privacy

It's of course necessary to have some form of addressing in computer
networks, or you wouldn't be able to read this message right now.  The
packets have to know where they're headed.  In practice, the existing
Internet protocol (IPv4) provides much the same kind of information in many
cases, particularly when "static" (unchanging) addresses are in use.  Static
addresses are the norm for conventional permanent circuit connections to the
net, and increasingly common for DSL and cable modems. 

The IPv6 idea of a unique identifier derived from hardware was intended to
help make sure that address duplication would not occur between different
machines--a continuing headache for present-day network administrators.
It is also considered important to the authentication and security
improvements of IPv6.

The risk of such data potentially being misused would appear to be highest
in "mobile" applications, significantly less in dialup Internet access
environments (since many such computers wouldn't even possess the hardware
ID), and least important in permanently linked dedicated circuit situations,
where a static address already provides an essentially unchanging identity,
even in today's environment.

The Good News:

To the extent that the permanent IDs are considered to be a privacy problem,
it's obvious that existing technologies such as proxy servers could be used
to wall off identifiers.  

This could well prove to be unnecessary, however.  It appears that many of
the folks raising the red flag on this issue may be unfamiliar with the fact
that the IETF has been aware of these privacy concerns regarding the
permanent identifier, and that they have been addressed in the IETF Draft: 

"Privacy Extensions for Stateless Address Autoconfiguration in IPv6"
(Note: as an Internet Draft, this document is subject to removal,
updating, or change at any time--it would be best to track it
via Internet Draft indexes at http://www.ietf.org.)

The above referenced document gives an excellent overview of the issues
involved and a proposed solution to address the privacy concerns.  It would
seem prudent to encourage the adoption of this proposal into the IPv6
specification, and to urge its implementation by IPv6 developers and
vendors, ideally as the default mode under user control.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Mon, 1 Nov 99 10:47 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Video Cameras: "Watching Out For You?"  Or Watching You?

Greetings.  The proliferation of video cameras, often ostensibly for various
"public safety" purposes, has been a matter of concern for some time.  One
interesting example occurred recently when four employees at KEZI-TV in
Oregon were fired for using the station's "Sky-Cam" (mounted on a downtown
Eugene bank building) to spy on patrons of the nearby Eugene Hilton.  KEZI
uses the slogan: "Watching Out For You."

An Oregon State Police Detective confirmed that it is illegal under Oregon
law to photograph or tape a person in the nude in areas where they have an
expectation of privacy, without their consent.  But he emphasized that simple
viewing was *not* a crime in Oregon, unless a visual recording of some sort
were also made, and that they couldn't find any such recordings in the KEZI

It does cause you to wonder about all those cameras one sees around many
cities, that seem to be pointing in "odd" directions much of the time...

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Wed, 29 Sep 1999 22:58:03 +1000
From:    "Dominic Cooney" &lt;coonsta@ozemail.com.au&gt;
Subject: Concern over home photo database

A Brisbane, Australia company, RP Data (http://www.rpdata.com.au), is
developing a database product that includes a photograph of every home in
Brisbane (566,100 households; Source: Australian Bureau of Statistics), who
owns it and the last recorded sales price.

RP Data has claimed that it is not breaking any laws, and that clients are
screened before information is given to them. The Australian Broadcasting
Corporation reports:

(http://www.abc.net.au/news/state/qld/metqld-29sep1999-19.htm) that RP Data

"...stresses it has no known crime gangs as clients".

	   [ This qualifies as the "reassuring quote of the week"!  
			  -- PRIVACY Forum Moderator ]

A state member of parliament has raised privacy and security concerns over
the product.

RP Data has plans to extend the coverage of the database to all of Australia
(Source: ABC News).

Dominic Cooney


Date:    Thu, 21 Oct 1999 23:11:42 -0700
From:    "Ben" &lt;MrBentor@hotmail.com&gt;
Subject: Unsolicited Ad Mailing Containing Private Financial Information.

I do not even know where to begin with this. I am none-the-less a little hot
over this.

Today I received a letter of solicitation in the post from Providian
Financial MasterCard. On it's own, this is not so unusual as many companies
send out many different mailings.

Now comes the rub, which is not even that competitive of an offer; they send
me this letter with attached checks that are pre-made out to other credit
card company saying that they are offering a 12.99% apr.  for 3 months if I
transfer my balances to their card. They do not say what the percentage it
will go to after three months.

Then in this unsolicited offer they include the balances and bank names of
the other credit card accounts I own.

Good Grief! What are these people doing using private information in their
unsolicited advertisement they are sending in the mail me that contain
information of other private accounts such as the names of the other banks
and the balances?

I realize that the reporting companies sell financial information and credit
ratings to other banks so they can determine if the target is worth an offer
of service. But now they are pointing out that you have accounts at XX, YY,
and ZZ with current balances in their offers. I have also told them (banks
an reporting agencies) in the past not to sell my data.

One caveat, I did once have an account with this company; but I terminated
months ago, as they purchased another credit card Company and raised the
rates to 19.8%, their rates were not competitive with other percentages on
other accounts.

All the checks were pre-filled out with the name of the other bank it did
not specifically have the account number on the check. It did have the
balances on the stub of the check for to be put in amount line on the check.
I suppose that any account number could be put on the check if they were to
have been pilfered from the mails.

I guess I resent that they are using private information from other banks to
sell me their services. I find it a privacy violation. I will now write them
a nasty gram.

Mr. Bentor.

Cc:  Providian.
 Credit reporting agencies


Date:    Sun, 24 Oct 1999 15:28:21 -0400
From:    Monty Solomon &lt;monty@roscom.com&gt;
Subject: Privacy Act system notice rule and amendment

* Privacy Act system notice rule and amendment: 

The FTC will publish shortly a Federal Register notice approving the 
development of a records system needed to implement the Identity Theft 
and Assumption Deterrence Act of 1998. The new system is being 
established subject to the Privacy Act of 1974 (as amended) and will be 
used by the Commission to log and acknowledge complaints submitted by 
victims of identity theft, to provide information to such individuals, 
and to refer their complaints to appropriate entities, including, but 
not limited to, the three national consumer reporting agencies and law 
enforcement agencies for potential law enforcement action. 
Because the categories of individuals covered by the system may include 
(among others) the target of an identity theft complaint, the Commission 
has determined that it is necessary to exempt the system from disclosure 
to such individuals for law enforcement purposes. Accordingly, the 
Commission will also publish a notice in the Federal Register to amend 
its Privacy Act rules to include this system in a list of similar 
systems covered by this exemption. 
Comments on this notice (and the related notice amending the 
Commission's Privacy Act rules to exempt the system) must be submitted 
within 30 days following publication in the Federal Register to: Federal 
Trade Commission, Office of the Secretary, 600 Pennsylvania Ave., NW, 
Washington, DC 20580. 
The Commission vote to publish the Federal Register notice was 4-0. (FTC 
File No. P859907; see press release dated May 20, 1998; staff contact is 
Alex Tang, 202-326-2447.) 


Date:    Fri, 29 Oct 1999 03:30:59 -0400
From:    Monty Solomon &lt;monty@roscom.com&gt;
Subject: Telephone Privacy

Excerpt from ACLU News 10-28-99


     Consumer and Privacy Organizations, Legal Scholars
     Urge Appeals Court to Protect Consumers' Telephone Privacy

Monday, October 25, 1999

WASHINGTON -- In a friend-of-the-court brief filed today, 15 consumer and 
privacy organizations and 22 legal scholars urged a federal appeals court 
to reconsider a decision that would allow telephone companies to use 
private telephone records for marketing purposes.

The groups, including the American Civil Liberties Union, said that the 
case is of great importance to consumers across the United States.

The brief, filed in support of a petition from the Federal Communications 
Commission, asks the 10th Circuit Court of Appeals to uphold a privacy 
provision that was enacted by Congress in 1996 and implemented by the FCC.

In US West v. FCC, the federal appeals court said that the "opt-in" privacy 
safeguard recommended by the FCC violated the First Amendment rights of the 
telephone company to market products and services.

The information that would be disclosed "consists of customer calling 
records that would not exist but for the private activities of telephone 
customers," the groups said in legal papers. "These records, which are not 
publicly available, include such sensitive and personal information as who 
an individual calls, when, for how long, and how often."

An alternative "opt-out" approach, they argued, is burdensome and "would 
have required telephone customers to contact their carrier to prevent the 
disclosure of their personal calling records."

The groups concluded that an "opt-in approach is consistent with the First 
Amendment and is the most reasonable fit with Congress's intent to protect 
the privacy of telephone subscribers' personal information."

"This is not a question of whether there is a First Amendment right to 
commercial speech, but instead of whether corporations have a right to 
disclose the sensitive personal information of their customers without 
consent," said Barry Steinhardt, associate director of the ACLU.

"If the courts allow companies to claim a right to disclose personal 
information, then every law that gives us control over our own data is 
called into question," he added.

The brief was supported by a wide range of privacy and consumer 
organizations, including the ACLU, the Electronic Privacy Information 
Center, the Consumer Federation of America, and the U.S. Public Interest 
Research Group. The brief was also endorsed by many leading legal scholars. 
The Washington law firm of Covington &amp; Burling filed the brief on behalf of 
the coalition.

The friend-of-the-court brief filed by the coalition is available on the 
ACLU's website: http://www.aclu.org/court/uswest_brief.html

     Additional information about US West v. FCC:


Date:    Fri, 29 Oct 1999 23:37:11 -0400
From:    Monty Solomon &lt;monty@roscom.com&gt;
Subject: Privacy of Health Information

                            THE WHITE HOUSE

                     Office of the Press Secretary
For Immediate Release                                   October 29, 1999


                           October 29, 1999

President Clinton today will unveil a landmark set of privacy
protections for medical information stored or transmitted
electronically.  This new regulation, which the President is proposing
because of Congress's failure to act, underscores the Administration's
commitment to safeguarding the security of personal health information.
But the President will note that because his regulatory authority is
limited, comprehensive federal legislation is urgently needed, and he
will urge Congress to enact broader privacy protections without further

The new regulation that President Clinton and HHS Secretary Shalala are
announcing today would apply to all health plans and many health care
providers, as well as to health care clearinghouses such as billing
companies.  It would: 1) limit the non-consensual use and release of
private health information; 2) inform consumers about their right to
access their records and to know who else has accessed them; 3) restrict
the disclosure of protected health information to the minimum necessary;
4) establish new disclosure requirements for researchers and others
seeking access to health records; and 5) establish new criminal and
civil sanctions for the improper use or disclosure of such information...


     [ The full release is at (the long!) URL:


		-- PRIVACY Forum Moderator ]


Date:    Sun, 31 Oct 1999 07:55:49 -0700
From:    Jim Warren &lt;jwarren@well.com&gt;
Subject: Thermal Imaging In-Home Surveillance OK Without Warrants

At 1:24 AM -0700 10/31/99, johnnyk@primenet.com (Johnny King) wrote:


Court Reverses:  No Warrant Needed for Thermal Imaging

The 9th Circuit Court of Appeals reversed last week (9/10) by deciding that
police need not obtain a warrant before turning thermal imaging technology
on private homes. The new ruling delighted law enforcement, which uses the
technology to look for indoor marijuana-grow operations or drug labs by
detecting excess heat coming from within a residence.

The original ruling, in August, 1998, said that the technology was
intrusive enough to necessitate a warrant. Even as the government's motion
for re-hearing was pending, however, one of the three panel judges retired,
and the new judge, Melvin Brunetti, joined Judge Michael Hawkins, the lone
dissenter in the first opinion, to overturn.

Judge John Noonan, dissenting to the new ruling, likened the use of thermal
imaging to a high-powered telescope looking into a home, an activity which
would require a warrant.  But Judge Michael Hawkins, who wrote the new
majority opinion said that the technology "intrude(s) into nothing."

Military analyst Joseph Miranda, however, told The Week Online that the
technology is more invasive than the majority opinion lets on.

"Thermal imaging technology involves infrared detectors which basically
allow people to see through walls.  It can determine changes in heat levels
within a house.  While the police might be using this technology to find
marijuana grow lights, they can also determine which rooms have people in
them and even what you are doing in your bedroom.  In fact, the technology
is getting to the stage that with the help of computer-enhancement,
authorities could use the technology to get a pretty accurate picture of
very personal activities."

 From: katz@netwide.net (Blaine-Laura Katz)
 Subject:  Court Reverses:  No Warrant Needed for Thermal Imaging
 Date: Wed, 22 Sep 1999 04:40:29 -0400


The Federal 9th Circuit Court of Appeal covers most of the Western U.S.
Cases are usually decided by a 3 judge panel.  The first time this case was
heard, two of the three judges voted that thermal imaging surveillance was
so intrusive of privacy that it required a warrant.  One judge ruled that
it needed no warrant.  One of the judges that ruled it needed a warrant
retired, and the judge who took his place voted oppositely when the case
was granted a rehearing at the government's (police's) request.  It seem
unlikely that this ruling will stand, but it will probably be the law of
the land for the next year or so, until it is overturned.  The next likely
step will be a rehearing before the court "en banc", when all of the 23 or
so judges who sit on the 9th Circuit Court of Appeal will hear and decide
the case together.  The next, and last step, is an appeal to the U.S.
Supreme Court.



End of PRIVACY Forum Digest 08.14
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>

<font size=-2>Copyright &copy; 2000 Vortex
Technology.  All Rights Reserved.</font> 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH