TUCoPS :: Privacy :: priv_315.txt

Privacy Digest 3.15 8/12/94

PRIVACY Forum Digest      Friday, 12 August 1994       Volume 03 : Issue 15

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	PrivacyGuard (Beth Givens)
	Privacy at risk: Educational Records (CPSR)
	Leahy on Gore Clipper Letter 7/21/94 (Dave Banisar)
	Medical Privacy Dilemma ([Name withheld])
	Re: Discovery (Geoff Kuenning)
	More Foolish Use of the SSN (Willis H. Ware)
	Privacy Book Project (Gini Graham Scott)
	Health Care Privacy Alert (Dave Banisar)
	EPIC Seeks Release of FBI Wiretap Data (Dave Banisar)
	The Privacy Rights Clearinghouse Information Service -- Correction
	  (Privacy Rights Clearinghouse)
	Privacy Conference (Dave Banisar)
	International Cryptography Institute (Dorothy Denning)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 15

   Quote for the day:

	"We have so much time and so little to do. 
	 Strike that!  Reverse it."

		-- Willy Wonka (Gene Wilder)
		   "Willy Wonka & The Chocolate Factory" (1971)

----------------------------------------------------------------------

Date:    Mon, 18 Jul 1994 16:38:33 -0700 (PDT)
From:    "BETH GIVENS, PRIVACY RIGHTS CLEARINGHOUSE, USD" 
	 <B_GIVENS@USDCSV.ACUSD.EDU>
Subject: PrivacyGuard

PrivacyGuard is nothing more than a convenience service. It offers the
subscriber information that anyone can get for themselves free. However,
some people might want the convenience of having someone else go through the
[relatively little] effort of obtaining their credit report, Social Security
earnings record, driving record and medical record for them.
	Regarding the medical record that Privacy Guard states that it will
obtain for the subscriber: This is simply the record held by the Medical
Information Bureau, a life/health insurance company clearinghouse in Boston
that keeps information on significant health problems of about 15 million
Americans and Canadians. The MIB will send you your record in about a week's
time, once you submit an application form. And it's free. Not everyone has a
record in the MIB database--just those who have applied for life insurance
or who have applied for health insurance as an individual (not a group
policy). 
	Here's how to order your MIB record, if indeed there is one. Write:
MIB, P.O. Box 105, Essex St., Boston MA 02112. Or call 617-426-3660. In just
a few days, you will receive a one-page application form to fill out and mail
to MIB.
	By the way, this information and a lot more can be found on our
gopher site [Privacy Rights Clearinghouse, at the University of San Diego].
Gopher to gopher.acusd.edu.  Look for our fact sheets under "USD Campuswide
Information System." 

------------------------------

Date:    Mon, 18 Jul 1994 18:03:24 -0700
From:    cpsr-seattle@csli.stanford.edu (CPSR)
Subject: Privacy at risk: Educational Records


                                             Seattle CPSR Policy Fact Sheet
                                      K-12 Student Records: Privacy at Risk
---------------------------------------------------------------------------

TOPIC

The U.S. education system is rapidly building a nationwide network of
electronic student records.  This computer network will make possible the
exchange of information among various agencies and employers, and the
continuous tracking of individuals through the social service, education
and criminal justice systems, into higher education, the military and the
workplace.

WHAT IS THE ISSUE?

There is no adequate guarantee that the collection and sharing of personal
information will be done only with the knowledge and consent of students or
their parents.

Changes Are Coming to Student Records
National proposals being implemented today include:

-  An electronic "portfolio" to be kept on each student, containing
   personal essays and other completed work.

-  Asking enrolling kindergartners for their Social Security Numbers,
   which will be used to track each student's career after high school.

-  Sending High school students' transcripts and "teachers' confidential
   ratings of a student's work-related behavior," to employers via an
   electronic network called WORKLINK.

At the heart of these changes is a national electronic student records
network, coordinated by the federal government and adopted by states with
federal assistance.

Publication 93-03 of the National Education Goals Panel, a federally
appointed group recently empowered by the Goals 2000 bill to oversee
education restructuring nationally, recommends as "essential" that school
districts and/or states collect expanded information on individual
students, including:
-  month and extent of first prenatal care,
-  birthweight,
-  name, type, and number of years in a preschool program,
-  poverty status,
-  physical, emotional and other development at ages 5 and 6,
-  date of last routine health and dental care,
-  extracurricular activities,
-  type and hours per week of community service,
-  name of post-secondary institution attended,
-  post-secondary degree or credential,
-  employment status,
-  type of employment and employer name,
-  whether registered to vote.

It also notes other "data elements useful for research and school
management purposes":
-  names of persons living in student household,
-  relationship of those persons to student,
-  highest level of education for "primary care-givers,"
-  total family income,
-  public assistance status and years of benefits,
-  number of moves in the last five years,
-  nature and ownership of dwelling.

Many of these information categories also were included in the public draft
of the 'Student Data Handbook for Elementary and Secondary Schools',
developed by the Council of Chief State School Officers to standardize
student record terminology across the nation.  State and local agencies
theoretically design their own information systems, but the handbook
encourages them to collect information for policymakers at all levels. 
Among the data elements are:
-  evidence verifying date of birth,
-  social security number,
-  attitudinal test,
-  personality test,
-  military service experience,
-  description of employment permit (including permit number,)
-  type of dwelling,
-  telephone number of employer.

WHO CAN ACCESS THIS COMPREHENSIVE INFORMATION?

Officers, employees and agents of local, state and federal educational
agencies and private education researchers may be given access to
individual student records without student or parent consent, according to
the federal Family Educational Rights and Privacy Act of 1974 (20 USC
1232g) and related federal regulations (34 CFR 99.3).  Washington state law
echoes this federal law.

WHAT IS COMING NEXT?

Recent Washington state legislation (SB 6428, HB 1209, HB 2319) directly
links each public school district with a self-governing group of social
service and community agencies that will provide services for families.

This type of program is described in detail in the book, Together We Can,
published jointly by the U.S. Department of Education and the U.S.
Department of Health and Human Services.  The book speaks of "overcoming
the confidentiality barrier," and suggests creating centralized data banks
that gather information about individuals from various government agencies -
or in other ways ensuring agencies, "ready access to each other's records."

The book calls for a federal role in coordinating policies, regulations and
data collection.  A group in St. Louis, MO, called Wallbridge Caring
Communities, is cited as a model for seeking agreements to allow computer
linkups with schools and the social service and criminal justice systems to
track school progress, referrals and criminal activity.

WHAT HAPPENED TO ONE COMMUNITY

In Kennewick, WA, over 4,000 kindergarten through fourth graders were rated
by their teachers on how often they lie, cheat, sneak, steal, exhibit a
negative attitude, act aggressively, and whether they are rejected by their
peers.  The scores, with names attached, were sent to a private psychiatric
center under contract to screen for "at-risk" students who might benefit
from its programs.  All of this was done without the knowledge and consent
of the children or their parents. 

CPSR's POSITION

CPSR Seattle believes that schools other agencies should minimize the
collection, distribution and retention of personal data.  Students and/or
their parents should decide who has access to detailed personal
information.

CPSR ACTIONS

Representatives of CPSR Seattle have gone to Olympia to:
-  oppose the use of the Social Security Number as the standard student
   identifier,

-  urge legislators to set educational goals that can be measured without
   invading privacy,

-  oppose turning over individual student records to law enforcement
   officials apart from a court order or official investigation.

    Computer Professionals for Social Responsibility - Seattle Chapter
           P.O. Box 85481, Seattle, WA 98145-1481 (206) 365-4528
                      cpsr-seattle@csli.stanford.edu

------------------------------

Date:    Fri, 22 Jul 1994 16:35:07 +0000
From:    Dave Banisar <banisar@epic.org>
Subject: Leahy on Gore Clipper Letter 7/21/94


                        U.S. SENATOR PATRICK LEAHY

                                                 Vermont

    ________________________________________________________________

                      STATEMENT OF PATRICK LEAHY ON
                VICE PRESIDENT GORE'S CLIPPER CHIP LETTER

                              July 21, 1994

     I have read the July 20th letter from the Vice President about the 
Administration's current thinking on Clipper Chip and, to my mind, it 
represents no change in policy.  In fact, when this letter was sent, I 
would be surprised if the Administration even thought it was news.

     The letter makes clear to me that the Administration continues to 
embrace key escrow encryption technology, and stands behind Clipper Chip 
as a federal standard for telephone communications.  The official 
standard makes clear that this standard applies to any communications 
over telephone lines.  Those communications include not only voice, but 
also low-speed computer data and facsimile messages.  The Administration 
is working on encryption technologies for higher-speed transmissions, 
such as for computer networks and video networks.

     The Vice President says that they want to work with industry to 
design a key escrow system that could be implemented not just in 
hardware, but also in software, that would be voluntary, exportable and 
not rely upon a classified encoding formula.  The Administration said all 
this last February when the federal standard was approved.  Yet, when 
Administration witnesses were questioned about the progress they had made 
in this effort at my Judiciary subcommittee hearing in early May, I 
learned they had held only a few meetings.

     Last week, the Appropriations Committee accepted strong Report 
language I suggested on Clipper Chip.  The Attorney General is directed 
to report to Congress within four months on ten areas of concern about 
Clipper Chip.

     I agree with the Vice President that balancing economic and privacy 
needs with law enforcement and national security is not always an easy 
task.  But we can do better than Clipper Chip.

------------------------------

Date:    Wed, 27 Jul 94 09:49:18
From:    [Name withheld]
Subject: Medical Privacy Dilemma

Here's a hypothetical situation for you.

A man phones up a local paper claiming that he has been mistreated by the
local hospital and this has resulted in serious damage to his health.  The
paper phones up the hospital to check out the story.  The hospital confirms
that the man in question was a patient at the hospital but refuse to say
anything else on the grounds of patient confidentiality.  The paper decide
that they will print the story and, to be polite, inform the hospital.

This is where it gets interesting.

A senior hospital official contacts the paper and requests that they do not
run the story because it would damage the hospital's reputation.  The editor
refuses to withdraw the story.  The official then explains that, to protect
the hospital's good name, he is prepared to release some of the patient's
medical history as long as it is strictly off the record.  He then claims
that the patient has a history of psychiatric problems which explain the
allegation of mistreatment.

Issues:

1. Should the hospital release the information about the patient's psychiatric
   problems to prevent possible damage to its reputation.

2. How does the paper know that the hospital is telling the truth - obviously
   it can't check back with the patient because this would reveal that the
   hospital has disclosed the medical records.

The result is, of course, that the paper drops the story.

------------------------------

Date:    Sat, 30 Jul 94 13:34:34 -0700
From:    desint!geoff@uunet.uu.net (Geoff Kuenning)
Subject: Re: discovery

N.R. Sterling writes:

> every check, which reveals among other things, who the bank customer
> pays money to, e.g., credit card companies (with credit card numbers
> usually appearing on the memo line, written by the unsuspecting maker of
> the check),

It doesn't matter whether the check maker writes the account number on
the check.  The *first* thing that the payee does with the check is to
run it through a machine that prints an audit trail, in case something
untoward happens later.  You guessed it, part of the audit trail
contains the complete account number that the check was credited to.

There's no disadvantage, other than time to writing the account on the
memo line.  The slight advantage occurs in the rare case when the
check gets separated from the bill stub before it makes it into the
processing machine.  Me, I figure that my unusual name is enough to
straighten things out in this instance, and so I lazily don't write
the account number on the check.  But failing to write it won't
protect your privacy one whit.

	Geoff Kuenning   geoff@itcorp.com   uunet!desint!geoff

------------------------------

Date: Mon, 01 Aug 94 09:59:24 PDT
From: "Willis H. Ware" <Willis_Ware@rand.org>
Subject: More Foolish Use of the SSN

The following is a paraphrase and partial excerpt from a posting on
the recent TELECOM Digest, V14 #340.

     "[To use the Sprint Voice FONCARD], basically you dial the 800
     number and "Voice FONCARD Number please" is spoken and then you
     say your "card" number which is some random digit and YOUR SOCIAL
     SECURITY NUMBER [Emphasis added] ... and then you get the "Place
     Call" prompt.....  I don't believe that it would work right off
     the bat in a crowded area from a public payphone unless you set
     it up that way in the first place.  Problems I've had with the
     card .... in loud areas [it is] almost always required me to
     re-speak it with rather long pauses between the system going to
     look up my voice-print with a "Please Wait" prompt....it just
     takes some time in loud areas."

Sprint has thoughtlessly conceived the world's most foolish way to
expose one's SSN to illcit acquisition.  The well know schemes for
stealing conventional telephone credit card numbers is to observe a
user key-in his number on the public touch pad, or to listen to the
user speak his number.  The scam is reported to be particularly
threatening at airports, but now it will be directed at acquiring
"SSNs for sale" rather than telephone credit card numbers.

SPRINT has just made it a lot more convenient for people who want to
surreptitiously steal SSNs and in addition, it not only charges the
customer for the questionable privilege but also imposes a higher
per-use surcharge than for conventional cards.  All the miscreant
needs to do is occupy the adjacent public fone when a Voice CARD is in
use. The thief has two chances by listening: he gets an SSN or he gets
a spoken telephone card number.

It has been frequently described how, given an SSN, one can easily
build a false identity and create all sorts of bad consequences for
the true holder of the number; e.g., fraudulent credit card purchases,
fraudulent driver licenses followed by crime, derogatory entries in
credit data bases, fraudulent health care services. [The SSN plus a
letter is the MediCare number.]

I thought Holiday Inn was unwise in requesting one's SSN as the
personal ID for its Frequent Traveler Program, but Sprint's inept
choice for its Voice-Card tops them all for exposure of the SSN.  What
ever was in the minds of the system designers when they made the
decision?  And where was the management oversight that should have
said "no way"?  But then, the threat in this case is against the
consumer, not against the telephone company for having to swallow the
cost of fraudulent calls.

				Willis Ware
				Santa Monica, CA

------------------------------

Date:    Thu,  4 Aug 94 01:07:00 UTC
From:    g.scott3@genie.geis.com
Subject: Privacy Book Project

PRIVACY BOOK PROJECT: REVIEWERS, QUOTES WANTED
 
I wanted to let all know that I have a book on privacy: THE BATTLE FOR
PERSONAL PRIVACY which will be published next year by Insight and Plenum
Books in New York, scheduled for the Spring.  It is designed to provide a
broad overview of the subject for the general reader, and covers a wide
range of topics, including search and seizure, press and publicity,
government records, employment issues including drug testing and monitoring,
high tech privacy topics including BBs, E- mail, and encryption, financial
privacy, medical records, privacy in litigation, etc. 

It includes some history of privacy from the 1800s to the present, and
focuses on the results of battles over privacy that have ended up in court
in the 1992 and 1993, and recent developments since then.  The book has just
gone to the typesetter for the first galleys.  My publisher has asked me to
contact people in the field who might be interested in reviewing the book,
and if they like it, providing comments that can be used in the book or in
information about it.  Besides the people I already plan to contact, this is
to let others know about it.  If you're interested, please contact me by
E-mail, and please include an address where my publisher can send the
galleys.  You can reach me on E-mail through AOL at GiniS, Genie at
G.SCOTT3, and on Prodigy at MBMV32A.  Also, please feel free to repost this
message on other BBs and newsletters.

                Gini Graham Scott

   [ Since the number of reviewers must be fairly limited, Gini Scott
     would prefer that persons requesting to review the book be 
     working in the privacy field or be experts in the field. -- MODERATOR ]
	  
------------------------------

Date:    Mon, 8 Aug 1994 21:21:37 EST    
From:    Dave Banisar <banisar@washofc.epic.org>
Subject: Health Care Privacy Alert

FYI, pls respond directly to the address below.

Date: Sun, 7 Aug 1994 12:43 EDT
From: WOODWARD@BINAH.CC.BRANDEIS.EDU (Beverly Woodward)
Subject: Health Care Privacy Alert

                                 ALERT

     The health care legislation proposed by Gephardt in the House and
Mitchell in the Senate contains provisions which would establish a
national health care data network and override most state medical
confidentiality laws.  All health care providers, whether paid by
insurance or not, will be required to provide the network with data
from the patient medical record after every clinical encounter.
(The data elements will not be limited to what is necessary for
billing purposes.)  A very weak "privacy" (or "fair information")
code will regulate the redisclosure of such patient-identified
information.  The law will permit person-identified information
to be made available in various circumstances to law enforcement
officials, medical and social studies researchers, and government
authorities without the knowledge or consent of the patient.  
These legislative provisions are being promoted as administrative
simplification and cost-saving measures, but they will seriously
erode patient privacy.  Unfortunately the general public has not
been informed about these sections of the health care reform bills.
Legislation of this kind requires intensive debate and should not
be folded into a bill to extend insurance coverage and reform
health care financing.  Contact your Representative and your Senators
to urge that the "Administrative Simplification," "National Health
Care Data Network," and so-called "Privacy" and "Fair Information
Practices" sections of these bills be deleted.  The general telephone
number for Capitol offices is 202, 224-3121.

Watch for further updates!  You may contact us at 617, 433-0114.
Coaltion for Patient Rights, Massachusetts

------------------------------

Date:    Mon,  9 Aug 1993 13:15:11 +0000
From:    Dave Banisar <banisar@epic.org>
Subject: EPIC Seeks Release of FBI Wiretap Data


             Electronic Privacy Information Center

                          PRESS RELEASE
  _____________________________________________________________

For Release:
August 9, 1994
2:00 pm

            Group Seeks Release of FBI Wiretap Data, 
      Calls Proposed Surveillance Legislation Unnecessary

     Washington, DC:  A leading privacy rights group today sued 
the Federal Bureau of Investigation to force the release of 
documents the FBI claims support its campaign for new wiretap 
legislation.  The documents were cited by FBI Director Louis Freeh 
during testimony before Congress and in a speech to an influential 
legal organization but have never been released to the public.

     The lawsuit was filed as proposed legislation which would 
mandate technological changes long sought by the FBI was scheduled 
to be introduced in Congress.  

     The case was brought in federal district court by the 
Electronic Privacy Information Center (EPIC), a public interest 
research organization that has closely monitored the Bureau's 
efforts to mandate the design of the nation's telecommunications 
infrastructure to facilitate wiretapping.  An earlier EPIC lawsuit 
revealed that FBI field offices had reported no difficulties 
conducting wiretaps as a result of new digital communications 
technology, in apparent contradiction of frequent Bureau claims.

     At issue are two internal FBI surveys that the FBI Director 
has cited as evidence that new telephone systems interfere with 
law enforcement investigations.  During Congressional testimony on 
March 18, Director Freeh described "a 1993 informal survey which 
the FBI did with respect to state and local law enforcement 
authorities."   According to Freeh, the survey describes the 
problems such agencies had encountered in executing court orders 
for electronic surveillance.  On May 19 the FBI Director delivered 
a speech before the American Law Institute in Washington, DC.  In 
his prepared remarks, Freeh stated that "[w]ithin the last month, 
the FBI conducted an informal survey of federal and local law 
enforcement regarding recent technological problems which revealed 
over 180 instances where law enforcement was precluded from 
implementing or fully implementing court [wiretap] orders."

     According to David L. Sobel, EPIC's Legal Counsel, the FBI 
has not yet demonstrated a need for the sweeping new legislation 
that it seeks.  "The Bureau has never presented a convincing case 
that its wiretapping capabilities are threatened.  Yet it seeks to 
redesign the information infrastructure at an astronomical cost to 
the taxpayers."  The nation's telephone companies have 
consistently stated that there have been no cases in which the 
needs of law enforcement have not been met.

     EPIC is a project of the Fund for Constitutional Government 
and Computer Professionals for Social Responsibility.


================================================================


           FBI Director Freeh's Recent Conflicting 
   Statements on the Need for Digital Telephony Legislation
_______________________________________________________________


Speech before the Executives' Club of Chicago, February 17:

   Development of technology is moving so rapidly that several
   hundred court-authorized surveillances already have been
   prevented by new technological impediments with advanced
   communications equipment.

               *               *               *

Testimony before Congress on March 18:

   SEN. LEAHY: Have you had any -- for example, digital telephony,
   have you had any instances where you've had a court order for a
   wiretap  that couldn't be executed because of digital
   telephony?

   MR. FREEH: We've had problems just short of that.  And I was
   going to continue with my statement, but I won't now because
   I'd actually rather answer questions than read. We have
   instances of 91 cases -- this was based on a 1993 informal
   survey which the FBI did with respect to state and local law
   enforcement authorities.  I can break that down for you.

               *               *               *

Newsday interview on May 16:

   We've determined about 81 different instances around the
   country where we were not able to execute a court-authorized
   electronic surveillance order because of lack of access to that
   particular system - a digital switch, a digital loop or some
   blocking technology which we didn't have to deal with four or
   five years ago.
 *

Speech before the American Law Institute on May 19:

   Within the last month, the FBI conducted an informal survey of
   federal and local law enforcement regarding recent techno-
   logical problems which revealed over 180 instances where law
   enforcement was precluded from implementing or fully
   implementing court orders [for electronic surveillance].

------------------------------

Date:    Tue, 9 Aug 1994 23:42:06 -0700 (PDT)
From:    Privacy Rights Clearinghouse <prc@teetot.acusd.edu>
Subject: <<The Privacy Rights Clearinghouse Information Service>> Correction!!!

Information on the PRC gopher site is in error.  The phone number for the
California hotline was incorrectly listed on the factsheets contained on
the gopher.  The correct number for the PRC Hotline, in California only
is, 1-800-773-7748.  We are sorry for any inconvince. 

The Privacy Rights Clearinghouse (PRC) a non-profit consumer education
group, now has a gopher site. The gopher site contains State (California)
and Federal legislation relating to the issue of privacy and informational
fact sheets that are constantly being updated.  Some of the topics
include; Your Social Security number, junk mail, e-mail in the work place
and wiretapping, and many others.  Gopher to gopher.acusd.edu.  To telnet
to the PRC:  telnet teetot.acusd.edu, login: privacy. 

Once in the USD Gopher, Select #4. USD Campus-Wide Information System/. 
then select #8.  Privacy Rights Clearinghouse. 

The Privacy Rights Clearinghouse is a service for California consumers.  It 
is administered by the University of San Diego's Center for Public Interest 
Law. It is funded by the telecommunications Education Trust, a program of
the California Public Utilities Commission. It has been in
operation since October 1992.  Voice (619)298-3396.

------------------------------

Date:    Thu, 11 Aug 1994 10:27:36 -0700
From:	 banisar@epic.org (Dave Banisar)
Subject: Privacy Conference
                  
                     CONFERENCE ANNOUNCEMENT
                  ---------------------------
                  TECHNOLOGIES OF SURVEILLANCE
                   TECHNOLOGIES OF PROTECTION
                  ---------------------------

                          Sponsored by

                       Privacy International
                     The University of Eindhoven
              The Electronic Privacy Information Center


                      Friday,September 9, 1994

                Nieuws Poort International Press Centre
                      The Hague, The Netherlands


The conference will bring together experts in law, privacy, human
rights, telecommunications and technology to discuss new technological
developments that affect personal privacy. The sessions will be
interactive, starting with introductions to the subjects by leading
experts, followed by questions and discussion led by the moderators.


8:45 Introduction

Simon Davies, Chairman, Privacy International

9:00 Information Infrastructures

Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie
Perrin, Industry Canada

10:00  Euopean Government Information Sharing Networks

Jos Dumatier, professor of law and director of the Interdisciplinary
Centre for Law and Information Technology (ICRI) at K.U.Leuven

11:00 Cryptography Policy

David Banisar, Electronic Privacy Information Center Jan Smiths,
University of Eindhoven

12:00 Lunch

1:00 Smart Cards and Anonymous Digital Transactions

David Chaum, Digicash

2:00 Wrap up

---------------------------------------------------------------------


                           Registration Fees


  [] Standard - 220 guilders ($120 US)
  [] Non-profit organisations/Educational - 75 guilders ($40 US)


                             Information


Name:    ____________________________________________________________
  
Organization:  ______________________________________________________

Address:_____________________________________________________________

     ________________________________________________________________

Phone/Fax:___________________________________________________________
  
Electronic Mail: ____________________________________________________


Send registration to:

Privacy International 
Washington Office 
Attn: Conference Registration
666 Pennsylvania Ave, SE,  Suite 301 
Washington, DC 20003

Make Check/Money Order in US Dollars out to Privacy International

Space is limited, please contact us immediately if you wish to attend!

For more information, contact: 
David Banisar 
1+202-544-9240(voice)
1+202-547-5482(fax) 
banisar@epic.org (email)

------------------------------

Date:    Thu, 28 Jul 94 14:20:23 EDT
From:    denning@chair.cosc.georgetown.edu (Dorothy Denning)
Subject: International Cryptography Institute

        International Cryptography Institute 1994: Global Challenges

                          September 22-23, 1994
                       Ritz Carlton, Washington, DC

	                       Presented by
	     The National Intellectual Property Law Institute 


The International Cryptography Institute will focus on problems and
challenges associated with the use of cryptography within nations and
for international communications.  The Institute will address such
questions as:  What are the different national policies and regulations
governing cryptography and how might these evolve?  What cryptographic
technologies are on the market in different countries, what is being
used, and what is it being used for?  What problems is cryptography
causing law enforcement?  What are the requirements of businesses and
other organizations?  What are the new trends in cryptography and what
will be their impact on society?  What efforts are leading toward an
international cryptography framework?  The Institute is for government
officials, industry leaders, policy makers and analysts, researchers,
and users of cryptographic technologies.
	

                                  Program

September 22

8:45-9:00 Opening Remarks
Dorothy E. Denning, Chair of Program
James Chandler, President, National Intellectual Property Law Institute

9:00-9:30  
The Challenges of International Crytography
Edward J. O'Malley, The OSO Group

9:30-10:00
Cryptography in the European Community
Christopher E. Sundt, ICL Secure Systems

10:00-10:30
Cryptography in the German Governmental Area
Ansgar Heuser, BSI

10:30-10:45 Break

10:45-11:15
Cryptography in Belgium
Els Lemmens, Belgian Office for Scientific, Technical and Cultural Affairs

11:15-11:45
The Use of Cryptography in Singapore
Kwok-Yan Lam, National University of Singapore
Seow-Hiong Goh, John Yong, National Computer Board

11:45-12:15
An Australian and South-East Asian View of Cryptography
William J. Caelli, Queensland University of Technology

12:15-1:45 Lunch with Keynote
The Honorable Dan Glickman, U.S. House of Representatives (invited)

1:45-2:15
GSM: Security for World-Wide Mobil Radio
Charles B. Brookston, British Telecomm

2:15-2:45
International Exchange of Digital Signatures in a Diversified World
Jean-Jacques Quisquater, University of Louvain

2:45-3:15
Creating Global Cryptographic Infrastructures
Sead Muftic, Stockholm University

3:15-3:30 Break

3:30-4:00
An International Cryptography Framework
Keith S. Klemba and Jim Schindler, Hewlett-Packard Co.

4:00-4:30
Experiments in International Cryptography and Software Key Escrow
Stephen T. Walker, Trusted Information Systems, Inc.

4:30-5:00
International Escrowed Encryption
Dorothy E. Denning, Georgetown University
John Droge, Mykotronx, Inc.

5:00-6:00 Reception

September 23

9:00-9:30
U.S. Government Cryptography Policy
Michael R. Nelson, Office of Science and Technology Policy

9:30-10:00 
Domestic Regulation of the Exportation of Cryptography
James Chandler, National Intellectual Property Law Institute

10:00-10:30
Sue E. Eckert, U.S. Department of Commerce

10:30-10:45 Break

10:45-11:30
Rose Biancaniello, U.S. Department of State (invited)

11:30-12:00
World-Wide Availability of Cryptography Products
David Balenson, Trusted Information Systems, Inc.

12:00-1:30 Lunch with Keynote
Louis J. Freeh, Director, Federal Bureau of Investigation (invited)

1:30-2:45 
International Regulation of Cryptography
James Chandler, National Intellectual Property Law Institute
Mark King, Communications-Electronics Security Group, United Kingdom
Alexander Patijn, Ministry of Justice, The Netherlands
William Wolfowicz, Fondazione Ugo Bordoni

2:45-3:00 Break

3:00-4:00
Cryptography in the Financial Industry
Mr. Mitsuru Iwamura, The Bank of Japan
Dr. Victor Panchenko, SignalRox, Russia (invited)
others TBA

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                          Hotel and Registration 

A limited block of rooms has been reserved at The Ritz Carlton
Hotel at a special conference rate of $225 per night.  Reservations can
be made by calling or writing The Ritz Carlton Hotel, 2100
Massachusetts Ave., N.W., Washington, DC 20008, 202-293-2100.  Rooms
have also been reserved at the Ramada Plaza Hotel at the special rate
of $89.  Reservations can be made by calling or writing The Ramada
Plaza Hotel, 10 Thomas Circle, N.W., Washington, DC 20005,
202-842-1300.

Tuition is $595, $300 for government & academic, and $150 for
students.  Payment includes all course study materials and attendance
at all sessions of the course, two lunches, and a cocktail reception.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Registration Form For International Cryptography Institute


Name:

Firm:

Address:





Phone:

Payment (check one)
  
  __ Check payable to The National Intellectual Property Law Institute
  
  __  MasterCard  __  VISA

      Card #:
      
      Expiration Date:

      Signature:

Registration by Fax: 800-304-MIND     Phone: 300-301-MIND

Mail Registration with payment to:

  The National Intellectual Property Law Institute
  1350 Eye Street, N.W., Suite 820, Washington, DC 20005
  Phone: 202-962-9494

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

------------------------------

End of PRIVACY Forum Digest 03.15
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH