|
PRIVACY Forum Digest Friday, 19 May 1995 Volume 04 : Issue 11 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS FCC Press Release regarding CNID (Lauren Weinstein; PRIVACY Forum Moderator) Privacy, cellular telephones, and 911 (Les Earnest) Enhanced 911 and Cellular Telephones (Henry Unger) Re: Privacy, cellular telephones, and 911 (Marc Horowitz) Re: Privacy, cellular telephones, and 911 (Jerry Leichter) Thermal Imagers Used To Search Homes (hingson@teleport.com) Digital Signature legislation-in-process (Jim Warren) Privacy Rights Clearinghouse Annual Report (Privacy Rights Clearinghouse) Family Protection Act of 1995 (Faye Hsini Ku) Telecom Post (CWHITCOM@bentley.edu) New book on cryptographic policy (Lance J. Hoffman) Microsoft plans corporate espionage (Chris Norloff) [from RISKS] RISKS in Microsoft's Windows95 (Identity Withheld) [from RISKS] *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 11 Quote for the day: "... Run when he takes out his dental floss! 'Cause my ... son ... the vampire... 'Ain't collecting it for, the Red Cross..." -- Allan Sherman "My Son, the Vampire" (1952) ---------------------------------------------------------------------- Date: Thu, 11 May 95 19:36 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: FCC Press Release regarding CNID Greetings. As you may recall from the previous digest, a new FCC order (the full text of which still doesn't seem to have appeared on their gopher) has enhanced privacy protection for callers relating to calling number ID systems, primarily through permitting the use of per-line ID blocking systems. It's particularly important that the Commission clearly addressed the important issue of ID unblocking (the new *82 code) and the issue of call-return. Below is the full text of the press release announcing this order. It is worth noting however, that litigation regarding this matter may continue. Some states are petitioning for reconsideration on the basis that the FCC didn't go far enough in providing protections to subscribers with non-published numbers (among other matters). Similarly, some major telcos are petitioning with the claim that the FCC went too far in the direction of privacy by allowing per-line ID blocking at all (not unexpected, since per-line ID blocking is a major blow to the desirability of CNID systems for marketing and other purposes). --Lauren-- ------------------------------- Report No. DC 95-71 ACTION IN DOCKET CASE May 4, 1995 FCC FINALIZES RULES FOR CALLER ID; ALLOWS PER LINE BLOCKING WHERE STATES PERMIT; PBX CALLER ID RULES PROPOSED (CC DOCKET 91-281) The Commission today voted to approve national Caller ID rules that will protect the privacy of the called and the calling party by mandating that carriers make available a free, simple and consistent, per call blocking and unblocking mechanism. Under the rules adopted today, callers dialing *67 before dialing a particular call will, for interstate calls, block calling party information for any interstate calls and those callers using a blocked line can unblock the line and release that information by dialing *82. The Order permits carriers to provide privacy on all calls dialed from a particular line, where state policies provide, and the customer selects, that option. Today's action came as the Commission reconsidered its original Caller ID nationwide Caller ID system is in the public interest. It found that passage of the calling party's number, or CPN, could benefit consumers by encouraging the introduction of new technologies and services to the public, enabling service providers and consumers to conduct transactions more efficiently. The rules adopted today will take effect December 1, 1995. Public pay phones and partylines will be required to be in compliance by January 1, 1997. The Commission also issued a rulemaking proposal concerning PBX and private payphone obligations under the Caller ID rules. In March 1994, the Commission adopted a Report and Order that concluded that a nationwide Caller ID system was in the public interest and stated that the potential benefits of a Caller ID system -- efficiency and productivity gains, infrastructure development and network utilization, and new service and employment opportunities -- would only be possible if CPN is passed among carrier networks. It noted two areas of concern however -- compensation issues related to passage of CPN for interstate calls and varying state requirements intended to protect the privacy rights of calling and called parties on interstate calls. In today's action the Commission affirmed its finding that common carriers, including Commercial Mobile Radio Service providers, with Signaling System 7 (SS7)call set up capability, must transport CPN without charge to interstate connecting carriers. The Commission clarified that carriers without SS7 call set upcapability do not have to upgrade their networks just to transport CPN to connecting carriers. The Commission noted that local exchange carriers are required to resell interstate access for Caller ID to other carriers wishing to compete for end-user business in this market. The Commission modified its previous decision that only per-call blocking would be allowed. Today's action permits per-line blocking for interstate calls instates where it is permitted for intrastate calls, provided the customer elects per line blocking. The Commission's original rules required a caller to dial *67 before each call in order to block the called party from knowing the caller's number. The Commission has now modified its rules to permit carriers to provide privacy on all calls dialed from a particular line, where state policies provide, and the customer selects, that option, provided carriers permit callers to unblock calls from that line by dialing *82. Where state policies do not require or permit at the customer's election per line blocking, carriers are bound by the federal privacy protection model to provide privacy only where *67 is dialed. The Commission noted that it continues to exempt calls to emergency lines from its rules; that is, a carrier's obligation to honor caller privacy requests to emergency numbers will be governed by state policies. As an additional privacy measure, the Commission requires that when a caller requests that the calling party number be concealed, a carrier may not reveal the name of the subscriber to that line and callers requesting that their number not be revealed should be able to block an automatic call return feature. The Commission continues to require that carriers with call set up capability that pass CPN or transmit Automatic Number Identification (ANI) educate customers regarding the passage and usage of this information. Finally, the Commission issued a Notice of Proposed Rulemaking proposing that Private Branch Exchange (PBX) systems and private payphones capable of delivering CPN to the public switched telephone network also be capable of delivering a privacy indicator when users dial *67 and be capable of unblocking the line by dialing *82. Action by the Commission May 4, 1995, by MO&O on Reconsideration, Second R&O and Third NPRM (FCC 95 - 187). Chairman Hundt, Commissioners Quello, Barrett, Ness and Chong. -FCC- News Media contact: Susan Lewis Sallet at (202) 418-1500. Common Carrier Bureau contacts: Marian Gordon at (202) 634-4215. ------------------------------ Date: Thu, 11 May 1995 12:18:41 -0700 From: Les Earnest <les@SAIL.Stanford.EDU> Subject: Privacy, cellular telephones, and 911 Regarding Jerry Leichter's report on the proposal to locate cellular phones that make 911 calls, I believe that I pointed out in this forum several years ago that cellular phone systems already track individual phones by comparing signal strengths at various antennas. The available positional accuracy depends on the antenna configuations (I understand that up to six directional antennas are typically used at each site) and the distance from the nearest site. More important, there is no legal requirement for a court order or other official review to track individual phones. As reported earlier, these phones can be tracked as long as they are "on" whether or not there is a call in progress. -Les Earnest ------------------------------ Date: Sat, 6 May 95 10:46:03 -0700 From: Henry Unger <hunger@hitech.com> Subject: Enhanced 911 and Cellular Telephones Jerry Leichter's (or is it Phil Agre's?) article of 4/22 discussed the fact that Enhanced 911 systems do not provide any useful information about the location of a cellular phone user calling 911, and the privacy concerns relating to providing location information. An alternative to the 150 meter accuracy goal could be the following: The telephone companies could easily relay the location of the current cell site with which the cellular phone is communicating to the PSAP (Public Safety Answering Point) with no change in the cellular telephones in use today and no hardware changes to the cell sites, thereby localizing the cell phone caller at least to the sphere of that cell site. For some reason, the telephone companies are dragging their heels on providing such service. As it is the cell site that would be providing the location information, and not the cellular telephone itself, and such location information communicated via land line or microwave, and only in the case of a 911 call, I think that privacy would not be an issue in this scheme. Henry Unger Hitech Systems, Inc. ------------------------------ Date: Sat, 06 May 1995 23:00:22 EDT From: Marc Horowitz <marc@MIT.EDU> Subject: Re: Privacy, cellular telephones, and 911 >> Since 911 is supposed to be useful to people in serious trouble, who >> may not be able to take an explicit action to acknowledge a system >> request, chances are overwhelming that any such system would not >> require explicit action by the cellphone owner. I would expect most >> phones wouldn't even provide an indication that they'd been >> interrogated. My cellphone has an emergency button on it, which is programmed to call 911. It works in all modes, with the phone locked, etc. It would seem to be simple to have the phone only respond to location queries if the call was made using this feature. Of course, you could also have the phone recognize the number "911", and have that turn on the phone's ability for reporting location. This requires me to trust the cellphone vendor not to allow subversion of this feature, but that seems better than trusting the FCC and the telco's. Marc ------------------------------ Date: Sun, 7 May 95 09:56:45 EDT From: Jerry Leichter <leichter@lrw.com> Subject: Re: Privacy, cellular telephones, and 911 My cellphone has an emergency button on it, which is programmed to call 911. It works in all modes, with the phone locked, etc. It would seem to be simple to have the phone only respond to location queries if the call was made using this feature. Of course, you could also have the phone recognize the number "911", and have that turn on the phone's ability for reporting location. This requires me to trust the cellphone vendor not to allow subversion of this feature, but that seems better than trusting the FCC and the telco's. Great theory, but it'll never happen, since it requires changing (in practice, replacing) every cellphone out there - not just at this moment, but up through the moment when a new system is agreed upon, designed, and implemented. None of the existing standards, analogue or digital, traditional cell or newer PCS microcell, have the phone do anything special to provide physical location information. That's tens of millions of cellphone units of various kinds, with more rolling off the assembly lines every day. To have any chance of being accepted, a location system would have to use information that can be gleaned from existing cellphones. Certainly, changes will need to be made at the cell sites, but funding for that kind of thing has a long history (since that, of course, is how 911 and E911 were implemented). There are technical arguments about whether the FCC's proposed 150 meter resolution can be achieved without changes to cellphones - it's probably pretty easy in a microcell system - and both industry and the FCC agree that if it can't be achieved, it'll be the FCC that backs off. (Even if the FCC *didn't* agree, there's no way Congress would let the FCC impose that kind of cost on "consumers" - or industry, which in the end would come down to the same thing.) Once the location system makes use of information inherent in the operation of the cellular net, it makes no difference what you do at your phone, short of leaving it turned off. I'd say that, one way or another, that's where we are going. The old wireline technology inherently gave away your physical location, at least when you spoke on the phone; it'll turn out to be only a short passing phase of technological development that *doesn't* give this information away, though unfortunately it'll do it even when you aren't talking. -- Jerry ------------------------------ Date: Sun, 7 May 1995 10:37:51 -0700 From: hingson@teleport.com Subject: Thermal Imagers Used To Search Homes I am a criminal defense lawyer. I am litigating the issue of whether the use of a thermal imaging device on a home to detect heat emissions constitutes a "search" under the Fourth Amendment. If there are any articles or knowledeable individuals out there who can help me, I would be most appreciative. Thanks. ------------------------------ Date: Mon, 8 May 1995 18:07:07 +0800 From: jwarren@well.sf.ca.us (Jim Warren) Subject: Digital Signature legislation-in-process Please circulate this freely. Although this concerns California legislation, for better or worse, California statutes often prompt similar action in other states and even at the federal level. California state Assembly Bill 1577 (Bowen) would mandate and/or permit certain things regarding legal status and use of digital signatures - at least as used in doing business with the state. Its first 8-page version was originally copied from similar Utah legislation; also similar to bills in Washington State and Oregon. A later 1-page version of AB 1577 radically changed things - and bill-author Debra Bowen has committed to giving full and careful consideration to all *timely* input and suggestions regarding this issue before she moves the bill to any final legislative vote. Bowen's aide handling the bill is Bob Alexander, alexanrb@assembly.ca.gov . I suggest that those interested emphasize the word, *TIMELY*. With Bowen's knowledge and with aide Alexander as one of its recipients, an open listserv for public discussion of this issue has been set up by the nonprofit CommerceNet, and extensive comments have already begun circulating. If you are interested in these issues - and legislation impacting this evolving technology - you may wish to [1] subscribe to ca-digsig (below) and [2] check the bill-text, available from sen.ca.gov or from the new Assembly web-page that may or may not be up-n-running yet (http://www.assembly.ca.gov/). The archived mailing list has been established on the CommerceNet WWW server. You may reach the archives at: http://www.commerce.net/archives/ca-digsig/ To subscribe or unsubscribe, simply mail to: ca-digsig-request@commerce.net To send a message to the mailing list, simply mail to: ca-digsig@commerce.net Since most calgovinfo folks aren't gonna be interested in the arcane techno-haggles re digital signatures, personally, I would suggest that most discussion of this might oughta be conducted in that listserv, rather than here in calgovinfo - at least until/unless grassroots political action/advocacy/rabble-rousing is needed/desired. --jim ------------------------------ Date: Mon, 24 Apr 1995 13:43:35 -0700 (PDT) From: Privacy Rights Clearinghouse <prc@teetot.acusd.edu> Subject: Privacy Rights Clearinghouse Annual Report The Second Annual Report of the Privacy Rights Clearinghouse is now available. The 68-page report covers the time frame from October 1993 through September 1994, our second full year of hotline operation. We discuss project usage statistics and accomplishments as well as what we consider to be the most significant privacy issues affecting California consumers. This year we have reported privacy issues a little differently, selecting some of the more troubling privacy abuses from hotline calls and discussing them in a separate section of the report. The Second Annual Report highlights nearly 50 such case studies. We have made particular note of what we call invisible information gathering; we also focus on the growing crime of identity theft. In addition, we revisit some of the topics discussed last year, such as "junk" mail, unwanted telemarketing sales calls, medical records privacy and workplace monitoring. A 15-page Executive Summary of the Annual Report can be found on the PRC's gopher site. The Executive Summary includes all of the case studies featured in the full report. Gopher to gopher.acusd.edu. Go into the menu item "USD Campuswide Information Services" to find the PRC's materials. The report can be found under "Issue Papers" in the Privacy Rights Clearinghouse directory. For a complete paper copy of the 68-page report, call the PRC at 800-773-7748 (Calif. only) or 619-298-3396. The PRC is a nonprofit consumer education program administered by the University of San Diego Center for Public Interest Law. It is funded in part by the Telecommunications Education Trust, a program of the California Public Utilities Commission. ==================================================================== Barry D. Fraser fraser@acusd.edu ------------------------------ Date: Tue, 9 May 1995 09:11:04 -0700 (PDT) From: Faye Hsini Ku <fayeku@uclink3.berkeley.edu> Subject: Family Protection Act of 1995 It seems to me that the Family Protection Act of 1995 (H.R. 1271) would limit any type of counseling or guidance that is offered outside of the family setting to teens that are becoming sexually active. That would be a grave mistake, because we would be restricting our ability to take preventative measures and thus have to rely on correctional ones. Why should we wait until a problem has happened to deal with it? - Faye - ------------------------------ Date: Thu, 11 May 1995 19:54:43 -0700 From: CWHITCOM@bentley.edu Subject: Telecom Post **********Announcing the Telecom Post********* This spring and early summer will witness the design and passage of legislation that will shape our communication infrastructure for many years to come. In an effort to keep the Internet community abreast of legislative events, Free Speech Media, LLC intends to publish a weekly bulletin, The Telecom Post, with brief updates on the DC action. This alert will cover the issues and concerns of the public interest community and point to actions that can be taken on behalf of these issues. Material will be collected from Internet postings, newsletters, and interviews. It will consist of summarizations, paraphrased articles, and excerpts. There will be at least 8 weekly editions of the Post. It will continue for the duration of the legislative activity. A background piece will sent following this message. A directory of pointers to more in-depth information will be kept in the online archives and Home page of Computer Professionals for Social Responsibility. The directory is currently under construction and will be announced separately. Attention list owner: We can send the Telecom Post either to the entire list or offer it to individuals on a listserv basis. If you would prefer that it not be sent to the list as a whole, please contact Coralee Whitcomb at cwhitcom@bentley.edu. To subscribe to the Telecom Post as an individual please send the message SUBSCRIBE TELECOM-POST your name to LISTSERV@CPSR.ORG ------------------------------ Date: Thu, 18 May 1995 04:48:10 -0400 (EDT) From: "Lance J. Hoffman" <hoffman@seas.gwu.edu> Subject: New book on cryptographic policy BUILDING IN BIG BROTHER: The Cryptographic Policy Debate a collection of readings with commentary by Prof. Lance J. Hoffman of The George Washington University has now been published by Springer Verlag. >From a publisher's blurb: "...This book presents the best readings on cryptographic policy and current cryptography trends. ... Detailed technological descriptions of promising new software schemes are included as well as analysis of the constitutional issues by legal scholars. Important government cost analyses appear here for the first time in any book. Other highlights include the text of the new US digital telephony law and the pending encryption regulation bill and a list of hundreds of cryptographic products available around the world. There is even a paper on how to commit the perfect crime electronically, using public key encryption. Much more detailed information and a table of contents is available by pointing your Web browser to http://www.seas.gwu.edu/seas/instctsp/docs/book ******************* There you will also find endorsements by Marc Rotenberg, Electronic Privacy Information Center Stewart Baker, Steptoe & Johnson (former NSA general counsel) Phil Zimmermann, author of PGP Peter Neumann, moderator of RISKS Forum Michael Froomkin, law professor 560 pages, 19 illustrations, softcover $29.95 ISBN 0-387-94441-9 Call 1-800-SPRINGER to order, email orders to orders@springer-ny.com -- Professor Lance J. Hoffman Dept of Elec Eng and Comp Sci, The Geo Washington U, 801 22nd St NW Wash DC 20052 (202) 994-4955 Fax: (202) 994-0227 hoffman@seas.gwu.edu See also: http://www.seas.gwu.edu/seas/instctsp/ictsp.html ------------------------------ Date: Wed, 17 May 95 13:44:40 EDT From: cnorloff@tecnet1.jcte.jcs.mil Subject: Microsoft plans corporate espionage [ Extracted from RISKS Forum Digest -- Volume 17 : Issue 13 -- PRIVACY Forum Moderator ] Microsoft officials confirm that beta versions of Windows 95 include a small viral routine called Registration Wizard. It interrogates every system on a network gathering intelligence on what software is being run on which machine. It then creates a complete listing of both Microsoft's and competitors' products by machine, which it reports to Microsoft when customers sign up for Microsoft's Network Services, due for launch later this year. "In Short" column, page 88, _Information Week_ magazine, May 22, 1995 The implications of this action, and the attitude of Microsoft to plan such action, beggars the imagination. Chris Norloff cnorloff@tecnet1.jcte.jcs.mil [Also reported by jyoull@cs.bgsu.edu (Jim)" and herzog@uask4it.eng.sun.com (Brian Herzog - Sun Microsystems, Inc.). PGN (RISKS Forum Moderator)] [ A later response to this message in RISKS (from a person at Microsoft) indicated that the program in question isn't a virus and that the user is given the choice of whether or not they want to upload their configuration information during registration (it's apparently an all-or-nothing choice however--you can't easily provide *some* of the config info if you provide any at all). This still begs the question of why Microsoft feels it needs all that info. Is any rationale provided to the user to help them decide whether or not they should agree to provide all that data to Microsoft? Does Microsoft make any statement about what they plan to do with that data? One can't help but wonder if perhaps knowledge of which applications are loaded on a system might not be used to target users for promotions of competing Microsoft products? Without a clear explanation of what is going to be done with that data, it would appear prudent to think carefully about agreeing to such uploads regardless of the systems involved. -- PRIVACY Forum Moderator ] ------------------------------ Date: Wed, 17 May 95 12:22 xxT From: [identity withheld at submitter's request] Subject: RISKS in Microsoft's Windows95 [ Extracted from RISKS Forum Digest -- Volume 17 : Issue 13 -- PRIVACY Forum Moderator ] Sometime in the latter part of the summer, Microsoft is planning to release their Windows95 follow-on for Windows 3.1 to the masses. Whether the effort required to keep things working after installing the release vs. the perceived benefits of Win95 makes the installation a sensible decision is quite an open question. Reports from beta testers are indicating that even for Windows experts, getting their system running again after the upgrade can be a bad experience, given the wide variety of complex hardware, drivers, and other components that have been integrated into Windows 3.1 environments over the years. For Windows users who are less than experts, the problems risk being even more serious, with various applications (or even entire systems) effectively useless without various "tweaks", fixes, new drivers, new software, etc. In other words, the backwards compatibility of Win95 in the real world of people's existing Windows 3.1 installations should be an issue of grave concern, especially among users concerned about prolonged downtime. We may be reaching a stage where the sheer complexity of PC application software and hardware is making the entire concept of major operating system upgrades being installed successfully by average users extremely problematical. It seems very likely that large numbers of Windows 3.1 users will (or at least should) be extremely cautious about being an early adopter of Win95. Bya the way, here's a new feature announced for Win95 that carries new RISKS of its own. Called "AutoPlay" it is apparently a feature of the Win95 CD-ROM driver that allows CD-ROM authors to create a special init file on the disc that will automatically start running programs from the disc as soon as a disc is inserted into the CD-ROM drive. From the descriptions available so far, there doesn't seem to be a system-wide way to disable such a feature, you have to remember to hold down the shift key on your keyboard while inserting the disc to disable it for that particular insertion (apparently folks with remote keyboards might just be out of luck!) What sorts of harm could come from autoloading of CD-ROMs? Outside of the obvious malicious applications (don't laugh, CD-ROMs are getting so cheap to produce that all manner of nasties could be planted on purpose or by accident), there's the obvious problem that most PC CD-ROM applications need considerable software and disk support, often involving significant use of disk space, changes to system-wide configuration and other driver data, etc. It is not unusual for these changes to conflict in some manner with other programs and installations, needing manual intervention. At least when you do the installation manually you can stop, look for README files, etc. before starting the guts of the install, but if the CD-ROM fires off on its own there's no telling what might happen. True, a reasonable CD-ROM author would query the user about this process rather than running off and starting the install without user input, but it's probable that many authors who want things to look "slick" won't bother with this. In fact, Microsoft seems to be encouraging the "slick" attitude in their description of this feature. Another point. You're about to start seeing music CDs that carry CD-ROM programs and data on the initial part of the disc before music track 1. If such discs tried to make use of the Win95 AutoPlay feature, an unsuspecting user who stuck the music disc into his or her CD-ROM player planning to hear only music (lots of PC users play music CDs on their CD-ROM drives these days) could end up getting a lot more than bargained for. [ A later response to this message in RISKS from a long-time Microsoft beta tester claims that some of the installation problems with Win95 have been resolved as the betas have continued. However, others have noted that the computer trade press still abounds with discussion of installation problems even with the latest betas. Also, it would seem likely that the ability of experienced beta testers to deal with installation problems would typically far exceed the ability of average users in that regard--meaning what might be a minor problem to a beta tester could possibly be a total disaster to a "normal" user. The same response message also suggested that there might be some way to globally disable (or at least alter the behavior of) the CD-ROM AutoPlay feature discussed above. But this information had to be dug out of the internal configuration files, the effect was not definite, and clearly the intention is that AutoPlay would be on by default and (at least as it stands now) not something Microsoft expects most users to ever try turning off. -- PRIVACY Forum Moderator ] ------------------------------ End of PRIVACY Forum Digest 04.11 ************************