TUCoPS :: Privacy :: priv_411.txt

Privacy Digest 4.11 5/19/95

PRIVACY Forum Digest     Friday, 19 May 1995     Volume 04 : Issue 11

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	
                       ===== PRIVACY FORUM =====              

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy,
     		     and the Data Services Division 
	           of MCI Communications Corporation.


CONTENTS 
	FCC Press Release regarding CNID
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Privacy, cellular telephones, and 911 (Les Earnest)
	Enhanced 911 and Cellular Telephones (Henry Unger)
	Re: Privacy, cellular telephones, and 911 (Marc Horowitz)
	Re: Privacy, cellular telephones, and 911 (Jerry Leichter)
	Thermal Imagers Used To Search Homes (hingson@teleport.com)
	Digital Signature legislation-in-process (Jim Warren)
	Privacy Rights Clearinghouse Annual Report 
	   (Privacy Rights Clearinghouse)
	Family Protection Act of 1995 (Faye Hsini Ku)
	Telecom Post (CWHITCOM@bentley.edu)
	New book on cryptographic policy (Lance J. Hoffman)
	Microsoft plans corporate espionage (Chris Norloff) [from RISKS]
	RISKS in Microsoft's Windows95 (Identity Withheld) [from RISKS]


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW 
server at the URL: "http://www.vortex.com".
-----------------------------------------------------------------------------

VOLUME 04, ISSUE 11

   Quote for the day:

	"... Run when he takes out his dental floss!
	     'Cause my ... son ... the vampire...
	     'Ain't collecting it for, the Red Cross..."

			-- Allan Sherman
			   "My Son, the Vampire" (1952)

----------------------------------------------------------------------

Date:    Thu, 11 May 95 19:36 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: FCC Press Release regarding CNID

Greetings.  As you may recall from the previous digest, a new FCC order (the
full text of which still doesn't seem to have appeared on their gopher) has
enhanced privacy protection for callers relating to calling number ID
systems, primarily through permitting the use of per-line ID blocking
systems.  It's particularly important that the Commission clearly addressed
the important issue of ID unblocking (the new *82 code) and the issue of
call-return.

Below is the full text of the press release announcing this order.  It is
worth noting however, that litigation regarding this matter may continue.
Some states are petitioning for reconsideration on the basis that the FCC
didn't go far enough in providing protections to subscribers with
non-published numbers (among other matters).  Similarly, some major telcos
are petitioning with the claim that the FCC went too far in the direction of
privacy by allowing per-line ID blocking at all (not unexpected, since
per-line ID blocking is a major blow to the desirability of CNID systems for
marketing and other purposes).

--Lauren--

		     -------------------------------

Report No. DC 95-71        ACTION IN DOCKET CASE      May 4, 1995

FCC FINALIZES RULES FOR CALLER ID; ALLOWS PER LINE BLOCKING WHERE
STATES PERMIT; PBX CALLER ID RULES PROPOSED
         (CC DOCKET 91-281)

The Commission today voted to approve national Caller ID rules that
will protect the privacy of the called and the calling party by
mandating that carriers make available a free, simple and consistent,
per call blocking and unblocking mechanism. Under the rules adopted
today, callers dialing *67 before dialing a particular call will, for
interstate calls, block calling party information for any interstate
calls and those callers using a blocked line can unblock the line and
release that information by dialing *82.  The Order permits carriers
to provide privacy on all calls dialed from a particular line, where
state policies provide, and the customer selects, that option.

Today's action came as the Commission reconsidered its original Caller
ID nationwide Caller ID system is in the public interest.  It found
that passage of the calling party's number, or CPN, could benefit
consumers by encouraging the introduction of new technologies and
services to the public, enabling service providers and consumers to
conduct transactions more efficiently.

The rules adopted today will take effect December 1, 1995.  Public pay 
phones and partylines will be required to be in compliance by January 1, 
1997.  The Commission also issued a rulemaking proposal concerning PBX 
and private payphone obligations under the Caller ID rules.

In March 1994, the Commission adopted a Report and Order that concluded
that a nationwide Caller ID system was in the public interest and stated
that the potential benefits of a Caller ID system -- efficiency and
productivity gains, infrastructure development and network utilization,
and new service and employment opportunities -- would only be possible if
CPN is passed among carrier networks.  It noted two areas of concern
however -- compensation issues related to passage of CPN for interstate
calls and varying state requirements intended to protect the privacy
rights of calling and called parties on interstate calls. 

In today's action the Commission affirmed its finding that common
carriers, including Commercial Mobile Radio Service providers, with
Signaling System 7 (SS7)call set up capability, must transport CPN
without charge to interstate connecting carriers.  The Commission
clarified that carriers without SS7 call set upcapability do not have
to upgrade their networks just to transport CPN to connecting
carriers.  The Commission noted that local exchange carriers are
required to resell interstate access for Caller ID to other carriers
wishing to compete for end-user business in this market.

The Commission modified its previous decision that only per-call
blocking would be allowed.  Today's action permits per-line blocking
for interstate calls instates where it is permitted for intrastate
calls, provided the customer elects per line blocking. The Commission's 
original rules required a caller to dial *67 before each call in order
to block the called party from knowing the caller's number. The
Commission has now modified its rules to permit carriers to provide
privacy on all calls dialed from a particular line, where state
policies provide, and the customer selects, that option, provided
carriers permit callers to unblock calls from that line by dialing
*82.  Where state policies do not require or permit at the customer's
election per line blocking, carriers are bound by the federal privacy
protection model to provide privacy only where *67 is dialed.

The Commission noted that it continues to exempt calls to emergency lines
from its rules; that is, a carrier's obligation to honor caller privacy
requests to emergency numbers will be governed by state policies. 

As an additional privacy measure, the Commission requires that when a
caller requests that the calling party number be concealed, a carrier may
not reveal the name of the subscriber to that line and callers requesting
that their number not be revealed should be able to block an automatic
call return feature.  The Commission continues to require that carriers
with call set up capability that pass CPN or transmit Automatic Number
Identification (ANI) educate customers regarding the passage and usage of
this information. 

Finally, the Commission issued a Notice of Proposed Rulemaking proposing
that Private Branch Exchange (PBX) systems and private payphones capable
of delivering CPN to the public switched telephone network also be capable
of delivering a privacy indicator when users dial *67 and be capable of
unblocking the line by dialing *82. 

Action by the Commission May 4, 1995, by MO&O on Reconsideration, Second
R&O and Third NPRM (FCC 95 - 187). Chairman Hundt, Commissioners Quello,
Barrett, Ness and Chong. 

-FCC-

News Media contact: Susan Lewis Sallet at (202) 418-1500.
Common Carrier Bureau contacts: Marian Gordon at (202) 634-4215.

------------------------------

Date:    Thu, 11 May 1995 12:18:41 -0700
From:    Les Earnest <les@SAIL.Stanford.EDU>
Subject: Privacy, cellular telephones, and 911

Regarding Jerry Leichter's report on the proposal to locate cellular
phones that make 911 calls, I believe that I pointed out in this forum
several years ago that cellular phone systems already track individual
phones by comparing signal strengths at various antennas.  The
available positional accuracy depends on the antenna configuations (I
understand that up to six directional antennas are typically used at
each site) and the distance from the nearest site.

More important, there is no legal requirement for a court order or
other official review to track individual phones.  As reported
earlier, these phones can be tracked as long as they are "on" whether
or not there is a call in progress.

	-Les Earnest

------------------------------

Date:    Sat, 6 May 95 10:46:03 -0700
From:    Henry Unger <hunger@hitech.com>
Subject: Enhanced 911 and Cellular Telephones

Jerry Leichter's (or is it Phil Agre's?) article of 4/22
discussed the fact that Enhanced 911 systems do not provide any
useful information about the location of a cellular phone user
calling 911, and the privacy concerns relating to providing
location information.

An alternative to the 150 meter accuracy goal could be the following:

The telephone companies could easily relay the location of the
current cell site with which the cellular phone is communicating
to the PSAP (Public Safety Answering Point) with no change in the
cellular telephones in use today and no hardware changes to the
cell sites, thereby localizing the cell phone caller at least to
the sphere of that cell site. For some reason, the telephone
companies are dragging their heels on providing such service.

As it is the cell site that would be providing the location
information, and not the cellular telephone itself, and such
location information communicated via land line or microwave, and
only in the case of a 911 call, I think that privacy would not
be an issue in this scheme.

Henry Unger
Hitech Systems, Inc.

------------------------------

Date:    Sat, 06 May 1995 23:00:22 EDT
From:    Marc Horowitz <marc@MIT.EDU>
Subject: Re: Privacy, cellular telephones, and 911

>> Since 911 is supposed to be useful to people in serious trouble, who
>> may not be able to take an explicit action to acknowledge a system
>> request, chances are overwhelming that any such system would not
>> require explicit action by the cellphone owner.  I would expect most
>> phones wouldn't even provide an indication that they'd been
>> interrogated.

My cellphone has an emergency button on it, which is programmed to
call 911.  It works in all modes, with the phone locked, etc.  It
would seem to be simple to have the phone only respond to location
queries if the call was made using this feature.

Of course, you could also have the phone recognize the number "911",
and have that turn on the phone's ability for reporting location.

This requires me to trust the cellphone vendor not to allow subversion
of this feature, but that seems better than trusting the FCC and the
telco's.

		Marc

------------------------------

Date:    Sun,  7 May 95 09:56:45 EDT
From:    Jerry Leichter <leichter@lrw.com>
Subject: Re: Privacy, cellular telephones, and 911

   My cellphone has an emergency button on it, which is programmed to
   call 911.  It works in all modes, with the phone locked, etc.  It
   would seem to be simple to have the phone only respond to location
   queries if the call was made using this feature.

   Of course, you could also have the phone recognize the number "911",
   and have that turn on the phone's ability for reporting location.

   This requires me to trust the cellphone vendor not to allow subversion
   of this feature, but that seems better than trusting the FCC and the
   telco's.

Great theory, but it'll never happen, since it requires changing (in practice,
replacing) every cellphone out there - not just at this moment, but up through
the moment when a new system is agreed upon, designed, and implemented.
None of the existing standards, analogue or digital, traditional cell or newer
PCS microcell, have the phone do anything special to provide physical location
information.  That's tens of millions of cellphone units of various kinds,
with more rolling off the assembly lines every day.

To have any chance of being accepted, a location system would have to use
information that can be gleaned from existing cellphones.  Certainly, changes
will need to be made at the cell sites, but funding for that kind of thing has
a long history (since that, of course, is how 911 and E911 were implemented).
There are technical arguments about whether the FCC's proposed 150 meter
resolution can be achieved without changes to cellphones - it's probably
pretty easy in a microcell system - and both industry and the FCC agree that
if it can't be achieved, it'll be the FCC that backs off.  (Even if the FCC
*didn't* agree, there's no way Congress would let the FCC impose that kind of
cost on "consumers" - or industry, which in the end would come down to the
same thing.)

Once the location system makes use of information inherent in the operation
of the cellular net, it makes no difference what you do at your phone, short
of leaving it turned off.  I'd say that, one way or another, that's where we
are going.  The old wireline technology inherently gave away your physical
location, at least when you spoke on the phone; it'll turn out to be only a
short passing phase of technological development that *doesn't* give this
information away, though unfortunately it'll do it even when you aren't
talking.
							-- Jerry

------------------------------

Date:    Sun, 7 May 1995 10:37:51 -0700
From:    hingson@teleport.com
Subject: Thermal Imagers Used To Search Homes

I am a criminal defense lawyer.  I am litigating the issue of whether the
use of a thermal imaging device on a home to detect heat emissions
constitutes a "search" under the Fourth Amendment.  If there are any
articles or knowledeable individuals out there who can help me, I would
be most appreciative.  Thanks.

------------------------------

Date:    Mon, 8 May 1995 18:07:07 +0800
From:    jwarren@well.sf.ca.us (Jim Warren)
Subject: Digital Signature legislation-in-process

Please circulate this freely.  Although this concerns California
legislation, for better or worse, California statutes often prompt similar
action in other states and even at the federal level.

California state Assembly Bill 1577 (Bowen) would mandate and/or permit
certain things regarding legal status and use of digital signatures - at
least as used in doing business with the state.  Its first 8-page version
was originally copied from similar Utah legislation; also similar to bills
in Washington State and Oregon.

A later 1-page version of AB 1577 radically changed things - and
bill-author Debra Bowen has committed to giving full and careful
consideration to all *timely* input and suggestions regarding this issue
before she moves the bill to any final legislative vote.

Bowen's aide handling the bill is Bob Alexander, alexanrb@assembly.ca.gov .

I suggest that those interested emphasize the word, *TIMELY*.

With Bowen's knowledge and with aide Alexander as one of its recipients, an
open listserv for public discussion of this issue has been set up by the
nonprofit CommerceNet, and extensive comments have already begun
circulating.

If you are interested in these issues - and legislation impacting this
evolving technology - you may wish to [1] subscribe to ca-digsig (below)
and [2] check the bill-text, available from sen.ca.gov or from the new
Assembly web-page that may or may not be up-n-running yet
(http://www.assembly.ca.gov/).

The archived mailing list has been established on the CommerceNet WWW server.
You may reach the archives at:
        http://www.commerce.net/archives/ca-digsig/

To subscribe or unsubscribe, simply mail to:
        ca-digsig-request@commerce.net

To send a message to the mailing list, simply mail to:
        ca-digsig@commerce.net

Since most calgovinfo folks aren't gonna be interested in the arcane
techno-haggles re digital signatures, personally, I would suggest that most
discussion of this might oughta be conducted in that listserv, rather than
here in calgovinfo - at least until/unless grassroots political
action/advocacy/rabble-rousing is needed/desired.

--jim

------------------------------

Date:    Mon, 24 Apr 1995 13:43:35 -0700 (PDT)
From:    Privacy Rights Clearinghouse <prc@teetot.acusd.edu>
Subject: Privacy Rights Clearinghouse Annual Report 

The Second Annual Report of the Privacy Rights Clearinghouse is now
available. The 68-page report covers the time frame from October
1993 through September 1994, our second full year of hotline
operation. We discuss project usage statistics and accomplishments
as well as what we consider to be the most significant privacy
issues affecting California consumers. 

This year we have reported privacy issues a little differently,
selecting some of the more troubling privacy abuses from hotline
calls and discussing them in a separate section of the report. The
Second Annual Report highlights nearly 50 such case studies. We
have made particular note of what we call invisible information
gathering; we also focus on the growing crime of identity theft. In
addition, we revisit some of the topics discussed last year, such
as "junk" mail, unwanted telemarketing sales calls, medical records
privacy and workplace monitoring.

A 15-page Executive Summary of the Annual Report can be found on
the PRC's gopher site. The Executive Summary includes all of the
case studies featured in the full report. Gopher to
gopher.acusd.edu. Go into the menu item "USD Campuswide Information
Services" to find the PRC's materials.  The report can be found under 
"Issue Papers" in the Privacy Rights Clearinghouse directory. 

For a complete paper copy of the 68-page report, call the PRC at
800-773-7748 (Calif. only) or 619-298-3396.

The PRC is a nonprofit consumer education program administered by
the University of San Diego Center for Public Interest Law. It is
funded in part by the Telecommunications Education Trust, a program
of the California Public Utilities Commission.

====================================================================
   Barry D. Fraser                      fraser@acusd.edu

------------------------------

Date:    Tue, 9 May 1995 09:11:04 -0700 (PDT)
From:    Faye Hsini Ku <fayeku@uclink3.berkeley.edu>
Subject: Family Protection Act of 1995

It seems to me that the Family Protection Act of 1995 (H.R. 1271) would 
limit any type of counseling or guidance that is offered outside of the 
family setting to teens that are becoming sexually active.  That would be 
a grave mistake, because we would be restricting our ability to take 
preventative measures and thus have to rely on correctional ones.  Why 
should we wait until a problem has happened to deal with it?

- Faye -

------------------------------

Date:    Thu, 11 May 1995 19:54:43 -0700
From:    CWHITCOM@bentley.edu
Subject: Telecom Post

          **********Announcing the Telecom Post*********

This spring and early summer will witness the design and passage
of legislation that will shape our communication infrastructure
for many years to come.  In an effort to keep the Internet
community abreast of legislative events, Free Speech Media, LLC
intends to publish a weekly bulletin, The Telecom Post, with
brief updates on the DC action.  This alert will cover the issues
and concerns of the public interest community and point to
actions that can be taken on behalf of these issues. Material
will be collected from Internet postings, newsletters, and
interviews.  It will consist of summarizations, paraphrased
articles, and excerpts. There will be at least 8 weekly editions
of the Post.  It will continue for the duration of the
legislative activity. A background piece will sent following this message.

A directory of pointers to more in-depth information will be kept
in the online archives and Home page of Computer Professionals
for Social Responsibility. The directory is currently under
construction and will be announced separately.

Attention list owner:
We can send the Telecom Post either to the entire list or offer it to
individuals on a listserv basis.  If you would prefer that it not be
sent to the list as a whole, please contact Coralee Whitcomb at
cwhitcom@bentley.edu.

To subscribe to the Telecom Post as an individual please send the message
SUBSCRIBE TELECOM-POST your name
to
LISTSERV@CPSR.ORG

------------------------------

Date:    Thu, 18 May 1995 04:48:10 -0400 (EDT)
From:    "Lance J. Hoffman" <hoffman@seas.gwu.edu>
Subject: New book on cryptographic policy

BUILDING IN BIG BROTHER: The Cryptographic Policy Debate

a collection of readings with commentary by Prof. Lance J. Hoffman
of The George Washington University

has now been published by Springer Verlag.

>From a publisher's blurb:

"...This book presents the best readings on cryptographic
policy and current cryptography trends.  ... Detailed technological
descriptions of promising new software schemes are included as well
as analysis of the constitutional issues by legal scholars.  Important
government cost analyses appear here for the first time in any book.
Other highlights include the text of the new US digital telephony law
and the pending encryption regulation bill and a list of hundreds of
cryptographic products available around the world.  There is even a
paper on how to commit the perfect crime electronically, using
public key encryption.

Much more detailed information and a table of contents is available
by pointing your Web browser to

http://www.seas.gwu.edu/seas/instctsp/docs/book
*******************

There you will also find endorsements by
   Marc Rotenberg, Electronic Privacy Information Center
  Stewart Baker, Steptoe & Johnson (former NSA general counsel)
  Phil Zimmermann, author of PGP
  Peter Neumann, moderator of RISKS Forum
  Michael Froomkin, law professor

560 pages, 19 illustrations, softcover $29.95
ISBN 0-387-94441-9

Call 1-800-SPRINGER to order, email orders to orders@springer-ny.com
-- 
Professor Lance J. Hoffman
Dept of Elec Eng and Comp Sci, The Geo Washington U, 801 22nd St NW
Wash DC 20052   (202) 994-4955   Fax: (202) 994-0227  hoffman@seas.gwu.edu
See also:  http://www.seas.gwu.edu/seas/instctsp/ictsp.html               

------------------------------

Date: Wed, 17 May 95 13:44:40 EDT
From: cnorloff@tecnet1.jcte.jcs.mil
Subject: Microsoft plans corporate espionage

       [ Extracted from RISKS Forum Digest -- Volume 17 : Issue 13 
			-- PRIVACY Forum Moderator ]

  Microsoft officials confirm that beta versions of Windows 95 include a
  small viral routine called Registration Wizard.  It interrogates every
  system on a network gathering intelligence on what software is being run
  on which machine.  It then creates a complete listing of both Microsoft's
  and competitors' products by machine, which it reports to Microsoft when
  customers sign up for Microsoft's Network Services, due for launch later
  this year.

"In Short" column, page 88, _Information Week_ magazine, May 22, 1995

The implications of this action, and the attitude of Microsoft to plan
such action, beggars the imagination.

Chris Norloff  cnorloff@tecnet1.jcte.jcs.mil

   [Also reported by jyoull@cs.bgsu.edu (Jim)" and 
   herzog@uask4it.eng.sun.com (Brian Herzog 
   - Sun Microsystems, Inc.). PGN (RISKS Forum Moderator)]

        [ A later response to this message in RISKS (from a person at
	  Microsoft) indicated that the program in question isn't a virus
	  and that the user is given the choice of whether or not they want
	  to upload their configuration information during registration (it's
	  apparently an all-or-nothing choice however--you can't easily
	  provide *some* of the config info if you provide any at all).

	  This still begs the question of why Microsoft feels it needs
	  all that info.  Is any rationale provided to the user to
	  help them decide whether or not they should agree to provide
	  all that data to Microsoft?  Does Microsoft make any statement
	  about what they plan to do with that data?  One can't help
	  but wonder if perhaps knowledge of which applications are
	  loaded on a system might not be used to target users
	  for promotions of competing Microsoft products?

	  Without a clear explanation of what is going to be done
	  with that data, it would appear prudent to think carefully
	  about agreeing to such uploads regardless of the systems involved.

				-- PRIVACY Forum Moderator ]

------------------------------

Date: Wed, 17 May 95 12:22 xxT
From: [identity withheld at submitter's request]
Subject: RISKS in Microsoft's Windows95

       [ Extracted from RISKS Forum Digest -- Volume 17 : Issue 13 
			-- PRIVACY Forum Moderator ]

Sometime in the latter part of the summer, Microsoft is planning to release
their Windows95 follow-on for Windows 3.1 to the masses.  Whether the effort
required to keep things working after installing the release vs. the
perceived benefits of Win95 makes the installation a sensible decision is
quite an open question.  Reports from beta testers are indicating that even
for Windows experts, getting their system running again after the upgrade
can be a bad experience, given the wide variety of complex hardware,
drivers, and other components that have been integrated into Windows 3.1
environments over the years.

For Windows users who are less than experts, the problems risk being even
more serious, with various applications (or even entire systems) effectively
useless without various "tweaks", fixes, new drivers, new software, etc.  In
other words, the backwards compatibility of Win95 in the real world of
people's existing Windows 3.1 installations should be an issue of grave
concern, especially among users concerned about prolonged downtime.

We may be reaching a stage where the sheer complexity of PC application
software and hardware is making the entire concept of major operating system
upgrades being installed successfully by average users extremely
problematical.  It seems very likely that large numbers of Windows 3.1 users
will (or at least should) be extremely cautious about being an early adopter
of Win95.

Bya the way, here's a new feature announced for Win95 that carries new RISKS
of its own.  Called "AutoPlay" it is apparently a feature of the Win95
CD-ROM driver that allows CD-ROM authors to create a special init file on
the disc that will automatically start running programs from the disc as
soon as a disc is inserted into the CD-ROM drive.  From the descriptions
available so far, there doesn't seem to be a system-wide way to disable such
a feature, you have to remember to hold down the shift key on your keyboard
while inserting the disc to disable it for that particular insertion
(apparently folks with remote keyboards might just be out of luck!)

What sorts of harm could come from autoloading of CD-ROMs?  Outside of the
obvious malicious applications (don't laugh, CD-ROMs are getting so cheap to
produce that all manner of nasties could be planted on purpose or by
accident), there's the obvious problem that most PC CD-ROM applications need
considerable software and disk support, often involving significant use of
disk space, changes to system-wide configuration and other driver data, etc.
It is not unusual for these changes to conflict in some manner with other
programs and installations, needing manual intervention.  At least when you
do the installation manually you can stop, look for README files, etc.
before starting the guts of the install, but if the CD-ROM fires off on its
own there's no telling what might happen.

True, a reasonable CD-ROM author would query the user about this process
rather than running off and starting the install without user input, but
it's probable that many authors who want things to look "slick" won't bother
with this.  In fact, Microsoft seems to be encouraging the "slick" attitude
in their description of this feature.

Another point.  You're about to start seeing music CDs that carry CD-ROM
programs and data on the initial part of the disc before music track 1.  If
such discs tried to make use of the Win95 AutoPlay feature, an unsuspecting
user who stuck the music disc into his or her CD-ROM player planning to hear
only music (lots of PC users play music CDs on their CD-ROM drives these
days) could end up getting a lot more than bargained for.

	[ A later response to this message in RISKS from a long-time
	  Microsoft beta tester claims that some of the installation
	  problems with Win95 have been resolved as the betas have continued.
	  However, others have noted that the computer trade press still
	  abounds with discussion of installation problems even with the
	  latest betas.  Also, it would seem likely that the ability of
	  experienced beta testers to deal with installation problems
	  would typically far exceed the ability of average users in that
	  regard--meaning what might be a minor problem to a beta tester
	  could possibly be a total disaster to a "normal" user.

	  The same response message also suggested that there might be some
	  way to globally disable (or at least alter the behavior of) the
	  CD-ROM AutoPlay feature discussed above.  But this information had
	  to be dug out of the internal configuration files, the effect was
	  not definite, and clearly the intention is that AutoPlay would be
	  on by default and (at least as it stands now) not something
	  Microsoft expects most users to ever try turning off.
	
		-- PRIVACY Forum Moderator ]

------------------------------

End of PRIVACY Forum Digest 04.11
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH