TUCoPS :: Privacy :: priv_522.txt

Privacy Digest 5.22 12/22/96

PRIVACY Forum Digest      Sunday, 22 December 1996      Volume 05 : Issue 22

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	"Hidden agendas" in web blocking software 
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Maiden name renewal shortcuts (Howard Goldstein)
	Anonymous opinions (Karin Hansson)
	OPPOSITION: FRC on Supreme Court News (Todd Lappin)
	Resolution Regarding Implementation of the CSU One Card (Phil Agre)
	Dog-mounted video camera (Phil Agre)
	CHRC bumbles into the Net (Mich Kabay)
	CEPIS Statement: Governmental Restrictions on Encryption Products 
	   Put Security at Risk (Kai Rannenberg)
	ANNOUNCEMENT: New low-noise cryptography mailing list
	   (Perry E. Metzger)
	Online Personal Databases (David Kulp)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


   Quote for the day:

        "It's not easy having a good time."

	    -- Dr. Frank-N-Furter (Tim Curry)
	       "The Rocky Horror Picture Show" (20th Century Fox; 1975)


Date:    Fri, 20 Dec 96 15:23 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: "Hidden agendas" in web blocking software

Greetings.  While the ability of parents to control their children's
access to web pages via specialized "blocking" software has been widely
touted, it's becoming apparent that problems are already appearing.

First, there seem to be a variety of "rating" services, all promoting their
own mechanisms (and logos of course) to web sites.  A site operator might be
excused for throwing up his or her hands at the confusion and being rather
reluctant to deal with any of them.

Now it's becoming known that at least some of the available blocking
software packages apparently include what might be called "hidden agendas".
These silently block not only obvious topics like "porn", but also access to
animal rights, feminist, liberal, and other sites that have been identified
as being on various conservative and other "hit" lists. 

What's of particular concern (regardless of one's personal political
leanings) is that the users of such packages may not even be aware that such
broad blocking is going on--or who is being blocked.  In one case, the
manufacturer of such software threatened legal action when the software's
database of blocked sites was "decrypted" and the list published.  The same
manufacturer also reportedly added an entire ISP's domain to the software's
block list, apparently because that was the ISP where the entity publishing
the list (and associated information about the blocking) had their web site
and e-mail addresses.

Such episodes could tend to cast a shadow on the entire category of "parental
control" software.  Clearly, the ability of parents to control access by
their children to materials on the net is important.  But it's also
important that it be completely clear exactly what and who is being blocked,
and that hidden political or economic motives not be embedded within such

I would therefore recommend that parents only use blocking software where
the *complete* list of default blocked sites and site "certification" criteria
are made publicly available by the manufacturer, without any special provisos
or conditions.  Such software should also allow the parent to modify and
update that list (either to add or delete arbitrary specific sites as they
choose, regardless of whether or not a site bears a particular "stamp of
approval" from a "certifier").  Any blocking systems that do not meet these
criteria should be considered unacceptable.



Date:    Sun, 24 Nov 1996 23:54:24 -0500
From:    Howard Goldstein <hgoldste@mpcs.com>
Subject: Maiden name renewal shortcuts

Rex Black's <Rex_Black@dell.com> item in issue 21, vol 5 of the digest
(regarding SSNs floating around in SW Bell files) reminded me of an
phone call around a month ago.  

Seems I had neglected the many solicitations to renew a subscription
to one of those freebie electronics trade publications and someone
claiming to be from the magazine phoned to offer me renewal.  I
accepted and when I thought the call was coming to end the nice lady
asks whether she can have my mother's maiden name.

When I recovered from the shock I asked why and she said it was for
"verification purposes."  At that point I told her that no, she may
not have the maiden name and in an annoyed voice I'm told "well I'll
just put down `refused' to which I said `cool.'"

A small part of me hopes it was an attempted scam because it's
troubling to think of what a large database of name/address/phone
#/mother's maiden name could do.  And imagine merging it with
Mr. Black's phone company's list of SSNs...

			[ Of course, with the confused data in many
			  databases you might start receiving 
			  your magazines addressed to
			  "Howard Refused Goldstein"...

					-- MODERATOR ]


Date: Sun, 08 Dec 1996 21:36:33 +0100
From: karin@it.kth.se
Subject: anonymous opinions

I am writing a paper for The Swedish Agency for Administrative Development,
the subject is "The government as a base in the creation of the public
sphere" - about Internet and democracy.  I will bring up examples from
"community networks" and public discussions on the Internet in general, and
put them in the context of the Swedish model of democracy.

In my search for information on the subject I came in contact with Mirko
Labbri (MILLION Project Manager, labbri@www.omega.it) who told me about the
community network in Bologna (http://www.comune.bologna.it/)where they among
other things support the citizents with free email-accounts. 

What is special though are the conditions for this. Each person is given a
pseudonym, and the tracability is very restricted. Only if a user has
committed a crime and this has gone to court, the police has got the right
to know the true identity of the  user.

I am know searching for other similar exemples where the government act as a
kind of "anonymous remailer". (This far without success.)

If you have heard of any such attemts or other, planed project, or something
that have anything to do with "anonymous discussions", please drop me a note.

Thanks for your attention!

Kind regards,

Karin Hansson
Fleminggatan 73, 112 33 Stockholm, Sweden


Date: Fri, 6 Dec 1996 16:21:07 -0700
From: --Todd Lappin-- <telstar@wired.com>
Subject: OPPOSITION: FRC on Supreme Court News

We're not the only ones who are excited about the pending Supreme Court
case on the constitutionality of the Communications Decency Act.

Turns out, the CDA's proponents are also looking forward to having their
day in court.

The following press release from the Family Research Council gives their
side of the story, complete with Cathy Cleaver's usual rantings about the
dangers of online smut.

Remember... despite what the FRC says, "indecency" is NOT a synonym for

Work the Network!

--Todd Lappin-->
Section Editor
WIRED Magazine


CONTACT: Kristi S. Hamrick, (202) 393-2100
         For Radio, Kristin Hansen


WASHINGTON, D.C. -- The Supreme Court announced Friday that it
will review the Reno v. ACLU decision to enjoin the
Communications Decency Act made earlier this year by a
three-judge panel in Philadelphia.

Family Research Council Director of Legal Studies Cathy Cleaver
said that the Department of Justice's appeal of the
Philadelphia ruling is the right thing to do, and that now the
Supreme Court has the opportunity to "reverse the radical
ruling which gave Bob Guccione the right to give his Penthouse
magazine to our children on the Internet."

Cleaver continued, "Laws against selling porn magazines to kids
are not unconstitutional.  Why should we have to tolerate the
same degrading images of women being given to those same kids

Family Research Council presented a "friend of the court" brief
with the Philadelphia judges in ACLU v. Reno defending the
cyberporn provisions of the Communications Decency Act.
Cleaver said the Philadelphia decision contradicts previous
Supreme Court decisions on the distribution of indecent
material through the media.

The Communications Decency Act:

* Prohibits adults from using a computer to send indecent
pornography directly to a known child

* Prohibits adults from knowingly displaying indecent
pornography to children

* Defines "indecent material" as material, which in context,
depicts or describes sexual or excretory activities or organs
in a patently offensive manner

* Imposes fines, prison sentences (up to 2 years), or both on

* Exempts those who merely provide access to a network or
system over which they have no control

* Provides limited defenses for employers and those who make a
reasonable and effective effort to restrict children's access
to pornography

* Expands telephone harassment prohibitions to include
harassment by computer

Arguments will likely be heard in early spring.  Family
Research Council and other pro-family and anti-pornography
groups will be filing briefs in support of the Justice
Department's defense of the law.



Date: Mon, 9 Dec 1996 14:14:34 -0800 (PST)
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Resolution Regarding Implementation of the CSU One Card

	[ The forwarded portion of this message has been significantly
	  reformatted from its original doublespaced format for 
	  distribution in this digest.  -- MODERATOR ]

Some background: many universities are contemplating or implementing "One
Card" systems whereby all of the means of identification issued by various
campus entities are consolidated to a single card, which is then used for
 access to automated service kiosks and many other purposes.  These cards
have the potential to simplify tasks and provide new services, but they also
raise very significant privacy issues, particularly when their use is
extended to include new functionalities such as opening doors and making
phone calls. 

The California State University system is currently planning a unified One
Card system that would potentially apply to all of the CSU system's 20+
campuses and 300,000+ students.  The system would be funded by including the
functionalities of a telephone calling card and a bank debit card with the
student ID card, and then allowing long-distance phone companies and banks
to bid for access to potentially 300,000+ new customers. 

The California State Student Association, which consists of student
government representatives from all of the CSU campuses, has raised several
objections to the One Card plan, and these are described in the resolution
whose text I have enclosed.  I was an invited speaker at a CSSA meeting just
before the meeting where this resolution was considered, and I offered some
advice about how certain parts of the resolution might be framed.  The
resolution itself, however, is the students' work, and I myself do not take
any position on the issue.

--- Forwarded Message Begins ---

Date: 2 Dec 1996 10:17:21 -0800
From: "Ginny Whitby" <ginny_whitby@qmbridge.calstate.edu>
Subject: One Card Resolution



November 10, 1996

Whereas, It is not the California State University system's mission to
provide convenience banking, long distance calling plans or debit card
services to its students; and

Whereas, Education through public institutions should be free from undue
influence by private industry in order to ensure the preservation of
intellectual freedom and academic integrity; and

Whereas, The One Card potentially jeopardizes regional business communities
thereby compromising local economies and availability of jobs; and

Whereas, The services promised in the One Card proposal are readily
available in the surrounding communities, should the individual student
desire such services; and

Whereas, Offering concession contracts to outside companies, such as vending
and food services, could have negative impacts on the auxiliaries of some
CSU campuses which currently derive revenue from these activities; and

Whereas, Current Federal and State laws are inadequate to ensure the
security and privacy of students' confidential information and therefore put
at risk the privacy and personal autonomy of individuals within our CSU
community; and

Whereas, Some schools have already adopted the One Card without adequate
student consultation; and

Whereas, The principles of consultation, open dialogue and sharing of
information between the CSU and students need examination; therefore be it

Resolved, That the CSU, with adequate student participation, should assess
and detail how One Card systems will comply with "Fair Information
Practices"; be it further

Resolved, That a Privacy Impact Statement should be prepared to describe, in
detail, all anticipated and unanticipated effects and outcomes regarding
privacy as it relates to implementation of the One Card; be it further

Resolved, That the CSU should formally adopt a Privacy Code, which is
developed in consultation with and the approval of the students of the CSU.
Such a Code must not only define how privacy will be handled, but must also
provide for a system of auditing data security as well as detailed penalties
for violation of the Code; be it further

Resolved, That the afore mentioned Code should guarantee due process where
information from the One Card system is used for law enforcement purposes or
for other investigative procedures; be it further

Resolved, That the afore mentioned Code should guarantee that information
generated by the One Card system and its vendors will be prohibited from
unauthorized use by outside companies or use for purposes of creating
profiles for private or commercial use either inside or outside the CSU; be
it further

Resolved, That the CSU should provide a rational assessment of the
application of One Card technologies and address the use of privacy measures
such as digital cache and pseudo-identification; be it further

Resolved, That the Chancellor's office should provide CSSA with a RFP to
conduct independent research, including on-site visits, in order to
investigate experiences with similar information systems on other campuses
nation-wide; be it further

Resolved, That, with the adequate consultation of its student government,
every campus must have the independent choice to decide whether or not to
implement the One Card; be it further

Resolved, That where implementation occurs, specific safeguards be included
which ensure the integrity of the academic environment of our public school
system, and which render it free from undue corporate influence including
corporate ownership, control or profiteering through the use of state assets
including, but not limited to, computers, card readers, databases, related
equipment, software and information; be it further

Resolved, That the CSU administration should not use the 330,000 students of
the CSU system as a leveraging tool to attract private investment in the
CSU's infrastructure; be it further

Resolved, For those campuses where implementation has already occurred, or
is projected to occur, that the administration of any net revenues derived
by the CSU or individual campuses from these ventures be overseen by the
Student Fee Advisory Committee; be it further

Resolved, That copies of this resolution be sent to CSU Chancellor Barry
Munitz; all CSSA Representatives; all CSU Associated Students Presidents and
Councils; all CSU Campus Presidents; the CSU Board of Trustees; the
Honorable Tom Hayden; the Honorable Leroy Green; the Honorable Brian
Sentenich; the Honorable Valerie Brown; the Honorable Stephen Peace; the
Honorable Brooks Firestone; the Honorable Margeritte Archie Hudson; the
Honorable Cruz Bustamante; the Honorable Louis Caldera; the American Civil
Liberties Union; Beth Givens, Privacy Rights Clearinghouse; Phil Agre, U.C.
San Diego; and all media.


Date:    Sun, 1 Dec 1996 14:49:48 -0800 (PST)
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: dog-mounted video camera

High-technology reporter Dave Barry has revealed that a company in England
(Moran Security Support Services Ltd, 47 Livingstone Road, Hove, East Sussex
BN3 3WP, UK; phone +44 (0) 1273 321631; fax +44 (0) 1273 208898) is selling
a dog-mounted video camera for security purposes.  The system, which Dave
absolutely swears is called Wireless Operational Link and Video Exploration
System, or WOLVES, sells for approximately US$11,450.  This report has very
serious privacy implications, which I will explain in Part 2 of this message.

Phil Agre

		[ I will, with considerable restraint, refrain
		  from imparting to the readership the range
		  of jokes that immediately sprang to mind upon
		  reading this message.  



Date:    25 Nov 96 21:25:11 EST
From:    Mich Kabay <75300.3232@CompuServe.COM>
Subject: CHRC bumbles into the Net

>From the _Globe and Mail_ newspaper, a major national daily in Canada:

	Human rights panel to probe Zundel's Web site
	by Dennnis Brueckert, Canadian Press
	_Globe and Mail_ 96.11.23, p. A5

	OTTAWA -- In an unprecedented move, the Canadian Human
	Rights Commission has ordered hearings into complaints that
	Holocaust denier Ernst Zundel is promoting hatred on the Internet.

The author explains the following key points:

o	Head of the Commission, Max Yalden, said on Friday 22 Nov that
	his Commission has jurisdiction over the racist site despite its
	location on a computer physically situated in California.

o	"The signal's being picked up here, and where it's originating 
	doesn't make any difference," Yalden said.

o	Apparently the Commissioner is arguing that because the Canadian
	Human Rights act does allow the Commission to regulate hate speech
	being transmitted through the phone systems, and the Internet functions
	largely through telephone systems, therefore the Commission should be
	able to stop access to the Web site.

[Comments from MK:

Before RISKS is inundated with diatribes from residents and citizens of the
United States about 1st Amendment guarantees of free speech, please remember
that Canada has its own laws.  We don't have as wide a latitude to incite
hatred against identifiable groups as residents of the U.S. do.  The
Commissioner's statements about "picking up the signal" may be an oblique
reference to cases in which Canadian neo-nazis moved a banned telephone
answering machine from its Canadian location to a United States location to
circumvent a court ban on their hate messages.  They were slapped with
contempt of court citations for so doing.

Although I am not a lawyer -- and this is not legal advice <g> -- it seems
to me that the only force the Canadian government will have is on residents
of Canada.  They may be able to demand that Zundel remove his materials from
the US site but I cannot see how they are going to have any
extra-territorial powers whatever over the Internet Service Provider where
his (nauseating) materials are physically located.  In fact, I wonder what
will happen if Zundel agrees to remove his stuff but someone else in the US
posts a copy of them (ostensibly) without his permission?]

M. E. Kabay, Ph.D. / Director of Education
National Computer Security Association (NCSA)


Date:    Tue, 26 Nov 1996 01:16:51 +0200
From:    kara@telematik.iig.uni-freiburg.de (Kai Rannenberg)
Subject: CEPIS Statement: Governmental Restrictions on Encryption Products 
	 Put Security at Risk

The Council of European Professional Informatics Societies (CEPIS) - with
nearly 200,000 professionals in its 20 member societies, the largest
European association of professionals working in information technology
(IT) - has agreed on a Cryptography Policy Statement. It gives an analysis
of crypto restriction methods and concludes with the following

(1)       The use of cryptography for identifying data corruption or
authenticating people/organisations should be free of restrictions and
encouraged by governments.

(2)      All individuals and organisations in the private and public
sectors should be able to store and transmit data to others, with
confidentiality protection appropriate for their requirements, and should
have ready access to the technology to achieve this.

(3)       The opportunity for individuals or organisations in the private
and public sectors to benefit from information systems should not be
reduced by incommensurable measures considered necessary for the
enforcement of law.

(4)       The governments of the world should agree on a policy relating to
their access to other people's computerised data, while seeking the best
technical advice available in the world on:

(4.1)   whether and which access mechanisms to computerised data are an
effective, efficient and adequate way to fight (organised) crime and mount
effective prosecution of criminals, and

(4.2)   how to implement the policy whilst minimising the security risks to
organisations and individual citizens.

(Evaluation and implementation of the policy will require regular review as
the technology evolves).

The full statement is available in the WWW in ASCII and HTML form. Easiest
access is via the web page of the CEPIS "Legal & Security Issues" Network
(CEPIS LSI Network), who prepared the statement:
Further there is a press release based on the statement. It can be reached
via the CEPIS LSI Network web page, too.

For more information on CEPIS please view http://www.bcs.org.uk/cepis.htm
or contact Mrs. Peta Walmisley (E-Mail: cepis@bcs.org.uk, Tel/fax: +44 171
637 5607).

Kai Rannenberg, Secretary CEPIS LSI Network (kara@iig.uni-freiburg.de)
PGP key available on request and in http://www.iig.uni-freiburg.de/~kara/

----------- begin statement ---------

Council of European Professional Informatics Societies (CEPIS)


Governmental Restrictions on Encryption Products Put Security at Risk

Worldwide, there is a political debate regarding the virtue or otherwise of
a control of encryption, in particular whether the import, export, and
production of cryptographic tools and their use should be restricted. In
several countries legal regulations exist, in some others steps are
undertaken towards such regulations. At present an OECD Committee is
drafting guidelines on cryptographic policy.

But there are concerns; the Council of European Professional
Informatics Societies (CEPIS) - with nearly 200,000 professionals in its 20
member societies, the largest European association of professionals working
in information technology (IT) - has agreed the following statement:

Should one wish to employ electronic communication as the main vehicle for
commercial and personal interaction, then one ought to be assured, and be
able to prove, that  messages are
- not disclosed to unauthorised recipients (confidentiality),
- not tampered with (integrity),
- shown to be from the senders stated (authenticity).

It has always been an aim of secure reliable communication to comply with
these requirements. The more the information society becomes a reality, the
more enterprises, administrations and private persons urgently need the
absolute assurance that these requirements are met.

To achieve this, so called "strong" cryptography is available. Several tools
based on strong crypto-algorithms are in the public domain and offered on
the Internet, others are integrated within commercial products.

A different technique for confidential and even unobservable communication
is to use steganography, where secret data are hidden within larger
inconspicuous everyday data in such a way that third parties are unable
even to detect their existence. Hence there is no way of preventing
unobservable secret communication.

To enable surveillance of electronic messaging, many criminal and national
security investigators, i.e. police and secret services, demand access to
keys used for encrypted communication.  In order for this to be effective,
escrowing (bonding) of these keys is advocated.  However, for the reasons
given above, key escrow (i.e. depositing copies of the keys with a "trusted
third party",including back ups) cannot even guarantee effective
monitoring.  Moreover, key escrow already constitutes a risk for the
secrecy of the keys and therefore for the secrecy of the data. This risk is
exacerbated in cases of central escrowing.

Besides, the burdens of cost and administrative effort as well as the loss
of trust in communications could be significant and are prone to deter
individuals and organisations, especially small business users, from
gaining the benefits of modern information and communications systems.

Effective electronic surveillance of digital networks is difficult and time
consuming, and requires extensive resources.  In particular, closed groups
such as criminal organisations might even use steganographic techniques to
avoid any detection short of physical access to the terminals they use.
Thus restrictions on encryption may be of very limited help in the fight
against  organised crime.  On the other hand, the essential security of
business and private communication may be seriously imperiled and
economically hampered should they be subjected to insufficiently secured
key escrow.

On these grounds, CEPIS recommends the following:

(1)       The use of cryptography for identifying data corruption or
authenticating people/organisations should be free of restrictions and
encouraged by governments.

(2)      All individuals and organisations in the private and public
sectors should be able to store and transmit data to others, with
confidentiality protection appropriate for their requirements, and should
have ready access to the technology to achieve this.

(3)       The opportunity for individuals or organisations in the private
and public sectors to benefit from information systems should not be
reduced by incommensurable measures considered necessary for the
enforcement of law.

(4)       The governments of the world should agree on a policy relating to
their access to other people's computerised data, while seeking the best
technical advice available in the world on:

(4.1)   whether and which access mechanisms to computerised data are an
effective, efficient and adequate way to fight (organised) crime and mount
effective prosecution of criminals, and

(4.2)   how to implement the policy whilst minimising the security risks to
organisations and individual citizens.

(Evaluation and implementation of the policy will require regular review as
the technology evolves).

Further Information:

Council of European Professional Informatics Societies (CEPIS)
7 Mansfield Mews
GB London W1M 9FJ
United Kingdom

Tel/fax: +44 171 637 5607
E-mail: cepis@bcs.org.uk
URL: http://www.bcs.org.uk/cepis.htm

The CEPIS Legal & Security Issues Network
URL: http://www.wi.leidenuniv.nl/~verrynst/cepislsi.html
E-mail: Kai Rannenberg (kara@iig.uni-freiburg.de), Secretary


----------- end statement ---------

Kai Rannenberg (kara@iig.uni-freiburg.de)
PGP key available on request and in http://www.iig.uni-freiburg.de/~kara/

Abteilung Telematik                         Phone:                  -4926
Institut fuer Informatik und Gesellschaft   Fax:         +49-761-203-4929
Universitaet Freiburg                       Secr.:                  -4964
Friedrichstr. 50
D-79098 Freiburg


Date: Mon, 2 Dec 1996 22:16:52 -0500 (EST)
From: "Perry E. Metzger" <perry@piermont.com>
Subject: ANNOUNCEMENT: New low-noise cryptography mailing list

"Cryptography" is a low-noise mailing list devoted to cryptographic
technology and its political impact.

  "On topic" discussion includes technical aspects of cryptosystems,
  social repercussions of cryptosystems, and the politics of
  cryptography such as export controls or laws restricting cryptography.

  Discussions unrelated to cryptography are considered "off topic".

  If you subscribe, please try to keep your postings "on topic". In
  order to assure that the quality of postings to the mailing list
  remains high, repeated postings "off topic" may result in action
  being taken by the list moderators.

  In order to keep the signal to noise ratio high, the mailing list
  will be moderated during its initial weeks of operation. This will
  be changed if it appears that the list will remain on topic without

TO SUBSCRIBE: send mail to
  with the line
     subscribe cryptography
  in the body of your mail. If you wish to subscribe a mailing
  address other than the one you are sending from, send a message with
  the line
     subscribe cryptography [address]


Date:    Sat, 21 Dec 96 17:48:17 -0800
From:    dkulp <dkulp@cse.ucsc.edu>
Subject: Online Personal Databases

The other day, I received an email from Phil Agre's Red Rocker Eater News
Service (rre-help@weber.ucsd.edu) from John Handler who had recognized the
potential harm of the numerous online databases that provide personal 
information -- mostly email addresses, postal addresses, and telephone

While this concern is certainly familiar to the readers of this forum,
a secondary issue regarding accuracy seems to receive less attention.
What steps do these database maintainers plan to take to ensure that the
personal data that they offer is accurate?  I surveyed several of the
web sites and queried on my name.  At www.four11.com, 5 different email
addresses were returned for me, of which only two were currently active.
The address identified as "most relevant" was disactivated in 1990!
On another site, www.switchboard.com, a query on my name returned two 
residential addresses and phone numbers, neither correct; the most recent
address listed I occupied 1 1/2 years ago.

It seems to me that we should at least be equally concerned about the
spread of *dis*information about us.  These database companies have
provided mechanisms for removing and updating your listing,
but in both cases the onus is on the individual instead of the company
to maintain the database.  In my opinion, this places an undue burden
and threatens the privacy of the individual.

Following this note is an exerpt from the RRE posting which includes
a list of databases sites and contacts for removing your listing
if you so desire.

-david kulp.
		[ The problem of inaccurate or otherwise "stale" data in
		  databases is a subject of continual discussion.  However,
		  it isn't completely clear which is worse in any given
		  case--accurate data about yourself in a database where
		  you'd prefer it wasn't... or *inaccurate* data about
		  yourself in that same database.  In the long run, the only
		  answers would seem to revolve around consumers gaining the
		  legal right to inspect, correct, and where appropriate
		  control the information about themselves stored,
		  interchanged, and sold via privately maintained databases.

					-- MODERATOR ]

   webmaster@switchboard.com (DELETE in the subject line)
   This service requires a subscription to view information. 
   Their information page claims that they track names, 
   addresses, and telephone numbers.


End of PRIVACY Forum Digest 05.22

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH