|
PRIVACY Forum Digest Friday, 17 January 1997 Volume 06 : Issue 02 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS YOUR SIGNATURE FOR SALE? -- A PRIVACY Forum Special Report (Lauren Weinstein; PRIVACY Forum Moderator) Re: Online Personal Databases (Nickee Sanders) Re: CHRC bumbles into the Net (dlh@marsmedia.com) PRC has new home (Privacy Rights Clearinghouse) D.C. Court of Appeals Hears Encryption Case (Monty Solomon) CFP'97 (Bruce R. Koball) NSPW call for papers (Mary Ellen Zurko) DIAC '97 (Susan Evoy) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 02 Quote for the day: "Next time, why don't we just break up our instruments?" -- Stoney (Jack Nicholson) "Psych-Out" (Dick Clark Enterprises; 1968) ---------------------------------------------------------------------- Date: Fri, 17 Jan 97 20:19 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: YOUR SIGNATURE FOR SALE? -- A PRIVACY Forum Special Report Greetings. By now most of us realize that our social security numbers, unlisted phone numbers, and all manner of other data items that (we thought) were personal and private have become simple commodities flowing openly between various commercial databases and information brokers and pitch-men. Problems ranging from credit nightmares to identity fraud have become commonplace with the help of these databases. It couldn't get much worse, right? Well, hold on to your pens, because it looks like we're poised on the edge of a new frontier in personal data commerce--signature databases. We all sign many documents in the course of daily living and it's generally assumed that signatures have some validity as an identifier, or else why use them? And we also usually implicitly assume that our signatures won't be made available to third parties on any kind of routine basis. But it looks like this is starting to change, with the mammoth U.S. shipping company United Parcel Service (UPS) taking the lead among what can only be assumed will be the first of many entities using new technologies to capture and disseminate signature data. There's been discussion here in the PRIVACY Forum in the past about the implications of those little computerized boxes that UPS delivery persons want you to sign when a package is delivered. Generally, all UPS business deliveries typically request a signature, while residential deliveries may simply be left outside on doorsteps unless the shipper requests otherwise. The signature boxes capture your signature electronically, and they're fed back to UPS headquarters. The idea was apparently that in case of a question about whether or not a delivery was received, these are supposed to be used to verify delivery status. The very existence of the signature capture system perturbed some people, but so long as the signatures stayed within UPS it didn't appear that an especially serious problem would arise. This might have now changed. You may have seen a new television commercial from UPS, touting their new system that allow shippers to electronically obtain copies of recipients' signatures for display on their screens (and apparently for printout as well). Given that it is relatively trivial (through the use of various "background" programs) to capture the video image or printer data from virtually any PC-based application, the availability of electronic signature data raises a number of concerns. Even though the signature data displayed in the actual systems is apparently somewhat pixelated, it still appears to be the case that with minimal processing a reasonable signature facsimile could be obtained. The big issue, of course, is whether such data could be "mined" on a large scale, sold to commercial databases, and become yet another component of our personal lives over which we've lost all control. This scenario is especially easy to imagine in the context of some entity shipping thousands of mail order packages per day, where large databases could be built up quite quickly. Is there any law to prevent such collection, or the sale and resale of signature data collected in this manner? Of course not! Wanting to get the straight information on this issue, I had a number of conversations with Mr. John Flick, the gentleman in charge of international public relations for UPS. I requested a spokesperson to do a recorded interview for PRIVACY Forum Radio, but this was ultimately declined. I was told that they felt they had researched the topic sufficiently before launching the service and that there really weren't any privacy issues involved. I was also told (in what's become a familiar refrain to privacy queries) that "nobody had complained about it before"--more on that below. Here's what I learned during my conversations. UPS has now established a service to which shippers can subscribe that allows them to electronically access recipient signature data. The service appears to be mainly aimed at shippers dealing with significant volumes of packages, so that they can obtain delivery data (including signature) without any manual interaction with UPS. From available information, it does not appear that shippers need to have had any problem with a shipment to obtain signature and other data via this system--they simply make the request through their computer and back it comes. Currently, this data is only provided via dialup to UPS computers. Since UPS already has basic package tracking data available via their Web site, I asked if there were plans to extend the signature delivery system to the Web or other Internet mechanisms as well. No information on this issue was available. I also asked if UPS contractually prohibits entities receiving signature data from providing, selling, or otherwise disseminating it to other parties. The answer is no, they do not have any such prohibitions. They also feel that any such prohibitions would be unenforceable given the lack of any laws addressing this issue. They add that they of course will stay abreast of any changes in this area and would abide by any new applicable laws. Basically, they simply do not consider dissemination of signatures to be a privacy issue. They point out that other organizations scan signature data (e.g. banks), and they feel that other shippers will be providing similar signature delivery services as soon as they are technically able to do so. They apparently do not feel that the large-scale distribution of signatures electronically to "end users" represents any kind of qualitative change from the status quo. They did have two suggestions for those persons who might disagree with their analysis: -- Refuse to sign for packages They say that UPS delivery persons should still allow you to have the package even if you refuse to sign their box. Reports I've received, however, suggest that some UPS delivery persons are not aware of this policy. I might add that you can also request to sign one of their yellow "not present" slips instead of their signature capture box. Some delivery persons will not agree to this, however. -- Don't sign your real signature UPS suggests that if you don't like their system, you can choose not to sign your real signature; instead you can sign with an "X", horizontal line, squiggle, or whatever. The delivery persons are not supposed to complain about this. Again, reports I've heard suggest that "your mileage may vary" with such a technique, depending on the particular delivery person. Of course, both of these techniques obliterate the usefulness of signatures for a very valid purpose, namely helping to verify delivery in case there is some problem or dispute later. It seems very unfortunate that such actions are suggested by UPS as the best means to "protect" your signature from routine, non-dispute-related dissemination to third parties. As I mentioned above, UPS says that they hadn't received any complaints or other concerns about their system until my call. As always, it's not always so simple to know exactly who to contact if, perchance, you decide you would like to express concerns about their signature collection and dissemination system. UPS agents who deal with "routine" complaints can be reached at: (800) 457-4022. You can ask agents to forward your comments onward to UPS management. However, I was able to obtain additional contact information that can be used for more direct access to the appropriate parties to hear your opinions on such matters: UPS Public Relations/Customer Resolution Tel: (404) 828-6000 Fax: (404) 828-6593 United Parcel Service Corporate Building 3, Floor 6 55 Glenlake Parkway Atlanta, GA 30328 You might want to make your feelings about the signature service, either pro or con, known to UPS via one of the above contact methods. UPS is certainly right about at least one thing. This is but the tip of the iceberg when it comes to the development of signature collection and dissemination systems. As usual, laws to protect individuals' personal information are lagging far behind technological developments. If you have concerns in this area, you might consider expressing them not only to the various commercial firms involved, but to your local, state, and federal legislators as well. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Mon, 23 Dec 1996 14:25:24 -0800 From: Nickee Sanders <nsanders@videonics.com> Subject: Re: Online Personal Databases In Digest 05.22, David Kulp writes about the problem of incorrect information being stored in online databases. The moderator ends the piece with a comment: > In the long run, the only > answers would seem to revolve around consumers gaining the > legal right to inspect, correct, and where appropriate > control the information about themselves stored, > interchanged, and sold via privately maintained databases. Those parties interested in this issue may be interested in New Zealand's Privacy Act. This Act, passed in 1993, gives everybody in New Zealand precisely those rights. No organisation may collect information about anyone which is not relevant to the business at hand; I have used this to avoid giving my occupation and other irrelevant information to banks when I was making a fixed-term investments (after all, _how_ I came by the money is hardly relevant; when I take out a loan I don't ask for details about how they came by it!). Furthermore, organisations must state explicitly _what_ they intend doing with the information you give them, and they must get your authorisation before they are allowed to use it in those ways. Several times I have simply crossed out or left blank questions on a form which I considered intrusive or irrelevant to what I was actually transacting with the organisation. If you buy something from a direct mail company in New Zealand, they can't even send you brochures unless you give them the authorisation to do so!!! Best of all, any organisation which collects information about people must have a Privacy Officer who is responsible for maintaining the information and keeping the organisation within this law; any person may request at any time to view the information about them in the organisation's database, and they have the right to have it corrected if that information is incorrect. (Usually the duties of the Privacy Officer are simply added on to someone's existing workload, but the position is a serious one within the framework of the law) The law also brought into existence a Privacy Commissioner to promote awareness/understanding of the Act; do privacy audits; etc, etc, etc. And finally, it is now _illegal_ to sell mailing lists in New Zealand. Believe me, for someone interested in privacy, the Privacy Act is something precious and wonderful. NOTE: I'm not a lawyer and the above is all from memory; for those interested in reading the Act itself, it can be found at <http://mark.law.auckland.ac.nz/Acts/PA93/PA1993-Contents.html> and probably other places online too. The NZ government has a website at <http://www.govt.nz/government.html> but I haven't managed to find the lawbooks online via there. Nickee Sanders, Apprentice Software Engineer, Videonics, Inc -- CA 95008, U.S.A. "I don't speak for Videonics, and they don't speak for me. ------------------------------ Date: 2 Jan 1997 12:27:24 EDT From: dlh@marsmedia.com Subject: Re: CHRC bumbles into the Net Regarding transmission of "hate" content into Canada from California, and proposed regulation thereof by Canada: The issue presented is one of "in-personam jurisdiction", the power to coerce an individual personally. This kind of jurisdiction is required by any political entity anywhere, before the actions taken by that entity will be regarded as "legal" under international law. However, the expansion of communications and commerce in this century have greatly expanded the ability of a jurisdiction to act upon or regulate a person located in another jurisdiction based on the person's having performed some "purposeful act" which had some substantial effect in the foreign jurisdiction. Note that this analysis holds true for any state to state transactions, whether the states are France and Peru or Maryland and Virginia. The modern rules of personal jurisdiction are such that it is possible to commit a criminal offense in a place where one has never been and has no intention of affecting in any way, to be tried there in absentia and sentenced. The only limitation is that service of process has to be personal for criminal prosecutions, and there is no such thing as "substituted service" (i.e., by mail as is allowed in some states for civil cases). Canada could well declare legislatively that it is a felony to transmit "hate" information via the telephone lines in or into Canada, or to provide for a civil cause of action for anyone offended by such transmission. If the person(s) responsible for the transmission can be identified sufficiently, a warrant or summons can be issued, and in the example of a criminal prosecution, a fugitive warrant issued to be executed in California. Extradition to Canada would then ensue, and the person tried there. I would observe that, under U.S. Federal statutes governing the use of telephones, it is already a criminal offense to transmit offensive language of any kind over telephone lines. I have yet to hear of anyone being prosecuted for this offense, although I've observed countless examples in electronic media. Note further, that, with respect to regulation of information content in the United States, that the United States Constitution explicitly prohibits the United States from "abridging the freedom of speech, or of the press, or the right of the people peaceably to assemble..." The Bill of Rights, including the First Amendment, do not apply to the member States directly. It is only through a case by case interpretation of the "due process" clause of the Fourteenth Amendment that citizens have been protected from State regulation of information content. Many States' constitutions contain provisions similar to the First Amendment, but there is no requirement that they do so, and State regulation of health, education, public welfare and morals are preclusive of Federal regulation in those areas under the Tenth Amendment. If a State says it's immoral to say dirty words on the Internet, and to define a criminal offense based on that finding, there is no Federal power to restrict that State's ability to regulate the content of speech. The limits on the coercive power of a state to enforce its laws against nonresidents are purely practical. It may be too much trouble and too costly for British Columbia to arrest and try a California resident for violation of its laws by transmitting obscene content into B.C., even though it could do so. I would set up my hate mail site in Antigua or some other non- extradition State if I were going to do so, nonetheless. ------------------------------ Date: Sun, 5 Jan 1997 07:04:45 -0800 From: Privacy Rights Clearinghouse <bgivens@privacyrights.org> Subject: PRC has new home The Privacy Rights Clearinghouse has separated from the University of San Diego. It is now affiliated with the Utility Consumers' Action Network (UCAN), a San Diego- based nonprofit organization which advocates for consumers' interests regarding telecommunications, energy, insurance and the Internet. (Visit UCAN's web site at www.ucan.org and learn about its "CyberCop" project.) Our new addresses for snailmail, email and our Web site are below. If your Web site links to ours, please change the old domain (acusd.edu/~prc) to our NEW domain, privacyrights.org. Thank you! -- Beth Givens, Project Director -- bgivens@privacyrights.org New Address Information: Privacy Rights Clearinghouse 5384 Linda Vista Rd. #306 San Diego, CA 92110 Voice: (619) 298-3396 Fax: (619) 298-5681 E-mail: prc@privacyrights.org Web: www.privacyrights.org ------------------------------ Date: Sun, 12 Jan 1997 02:46:39 -0500 From: Monty Solomon <monty@roscom.COM> Subject: D.C. Court of Appeals Hears Encryption Case Excerpt from ACLU News 01-09-97 D.C. Court of Appeals Hears Encryption Case FOR IMMEDIATE RELEASE Friday, January 10, 1997 WASHINGTON -- A three-judge panel in the U.S. Court of Appeals for the District of Columbia heard oral arguments today about whether or not cryptography, or encoded electronic speech, is a legitimate form of speech protected under the First Amendment from government access and control. The American Civil Liberties Union, along with Electronic Privacy Information Center (EPIC), The Internet Society and the U.S. Public Policy Committee of the Association for Computing Machinery (USACM), has filed a <A HREF="http://w ww.aclu.org/issues/cyber/priv/karnbrf.html">friend-of-the-court brief</A> on behalf of Philip Karn, the appellant in the case. Mr. Karn, who developed encryption programs as a software engineer, attempted to publish and distribute encoded text stored on a computer diskette. After submitting his product to the Office of Defense Trade Controls (ODTC), a government agency that has review jurisdiction over export products, Karn was told that his product was subject to government licensing requirements and was placed on the United States Munitions List (USML), having been considered a "defense article." Even though the same encoded text that Mr. Karn published on his diskette had been previously printed in a popular cryptography textbook and had not been subject to government control in that format, Mr. Karn was told that the electronic format of the text was subject to censorship. An opinion in this case issued by Judge Charles R. Richey in the U.S. District Court for the District of Columbia approved this action by granting the Governments motion to dismiss and motion for summary judgment. "The lower courts unfortunate decision in this case made a dangerous distinction between printed speech and electronic speech, saying that electronic speech should receive less protection under the First Amendment," said Barry Steinhardt, associate director of the ACLU. Encryption, the process by which "plaintext" speech is encoded into a secret electronic language by means of a mathematical formula or algorithm, was traditionally employed to encrypt military communications. While still used for that purpose, the applications for cryptography have greatly expanded with the growth in electronic communications and commerce. Everything from private e-mail messages to automatic banking transactions can be transmitted in secret code. "Ciphertext," or encrypted language, is free speech, and deserves full protection under the First Amendment, according to the ACLU. As its amicus brief states, "For First Amendment purposes, no meaningful difference exists between high-level programming languages, on the one hand, and natural languages like English and Spanish, on the other." The export restrictions and regulations that the government already imposes on encryption software and information exchange about cryptographic techniques, all in the name of protecting "national security," have had deleterious effects on commerce and individual privacy rights, the ACLU said. Due to the many government restrictions on encryption products, U.S. manufacturers have been forced to market software products with weak security features. These requirements have severely hampered U.S. competition in manufacturing superior encryption software. "Ironically, America's national security is actually jeopardized by our stunted encryption industry, when U.S. companies must use weaker encryption programs, leaving their sensitive data more vulnerable to hackers and information pirates," the ACLU's Steinhardt said. "At the same time, foreign technology and businesses are flourishing." Also at stake in this case is the threat to the privacy of individual communications, a fundamental right repeatedly recognized by the Supreme Court. With increasing amounts of personal information stored electronically, cryptographic techniques can provide confidentiality of medical records, financial data, and electronic mail. The Supreme Court has also recognized Constitutional protections for anonymous speech, the ACLU said. Some encoded materials that are anonymous for personal security reasons are compromised when subjected to government restrictions. Since the appeal in Mr. Karns case, a critical decision was reached in December in a related case, Bernstein v. U.S. Department of State. When defining protected speech, Judge Marilyn Hall Patel in U.S. District Court for the 9th Circuit found no distinction between the printed word and electronic speech. In her ruling, Judge Patel said that an encoded document is protected by the First Amendment "not because it enables encryption, but because it is itself speech." The Bernstein decision, along with ACLU v. Reno, the groundbreaking ruling affirming free speech on the Internet (now on appeal to the Supreme Court), may set valuable precedent in the case being heard today. "We hope todays panel will recognize that private, encoded, electronic speech deserves as much constitutional protection as a campaign flier or any other written document. The First Amendment does not distinguish -- nor should the government," Steinhardt said. ------------------------------ Date: Fri, 10 Jan 1997 15:04:08 -0800 (PST) From: Bruce R Koball <bkoball@well.com> Subject: CFP'97 The Seventh Conference on Computers, Freedom, and Privacy March 11-14, 1997 San Francisco Airport Hyatt Regency; Burlingame, California CFP'97 : Commerce & Community CFP'97 will assemble experts, advocates, and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to address the impact of new technologies on society. This year's theme addresses two of the main drivers of social and technological transformation. How is private enterprise changing cyberspace? How are traditional and virtual communities reacting? Topics in the wide-ranging main track program will include: PERSPECTIVES ON CONTROVERSIAL SPEECH. Different cultural approaches to regulating political expression on the Net. And a peek at the Supreme Court arguments over the Communications Decency Act. THE COMMERCIAL DEVELOPMENT OF THE NET. Opting-in versus opting-out, public regulation versus self-policing, privacy as property, and a possible privacy "seal of approval. GOVERNMENTAL & SOCIAL IMPLICATIONS OF DIGITAL MONEY. How cybercommerce and cyberbanking affect the nation's complex economic engine. INTERNATIONAL PERSPECTIVES ON CRYPTOGRAPHY. The increasingly pivotal role of Europe and Asia in the latest saga of the crypto debate. New crypto developments. Crypto as speech. And a quick look at the coming public key infrastructure. CYPHERPUNKS & CYBERCOPS. Anything from a rapprochement of longtime rivals to a rollicking slugfest over the rules for police cruisers on the Infobahn.. REGULATION OF ISPs. The changing rules governing Internet Service Providers, here and abroad, and how they will affect what you see on the Web. SPAMMING. The tension between the right of free expression and the right not to be forced to carry other's words INFOWAR. The political, social, and technical issues raised by the risks of information warfare. Are we doing enough -- or too much? INTELLECTUAL PROPERTY AND INFO-PROPERTY. How treating information as property affects commerce and new technologies, here and abroad. THE 1996 ELECTIONS. CREATING A NEW DEMOCRACY. Who surfed Bob Dole's web site, anyway? On-line activism. THE COMING COLLAPSE OF THE NET. Cyberspace gurus on the technological and economic realities threatening to overwhelm the Net. CFP'97 will feature parallel-track lunchtime workshops during the main conference on topics including: THE CASE AGAINST PRIVACY HOW A SKIPTRACER OPERATES CYBERBANKING HOW THE ARCHITECTURE REGULATES RIGHTS IN AVATAR CYBERSPACE NATIONAL I.D. CARDS PUBLIC KEY INFRASTRUCTURES EUROPEAN IP LAW SEXUAL HARASSMENT IN CYBERSPACE VIRTUAL COMMUNITIES DOMAIN NAMES ARCHIVES, INDEXES & PRIVACY GOVERNMENT REGULATION OF ECASH CRYPTO AND THE 1st AMENDMENT The conference will also offer a number of in-depth tutorials on subjects including: * The Economics of the Internet * Regulation of Internet Service Providers * The Latest in Cryptography * The Constitution in Cyberspace * Info War: The Day After * Personal Information and Advertising on the Net * Transborder Data Flows and the Coming European Union * Intellectual Property Rights on the Net: A Primer INFORMATION A complete conference brochure and registration information are available on our web site at: http://www.cfp.org For an ASCII version of the conference brochure and registration information, send email to: cfpinfo@cfp.org For additional information or questions, call: 415-548-2424 ------------------------------ Date: Mon, 13 Jan 1997 14:08:33 -0500 From: Mary Ellen Zurko <zurko@osf.org> Subject: NSPW call for papers PRELIMINARY CALL FOR PAPERS NEW SECURITY PARADIGMS '97 A workshop sponsored by ACM and the University of Newcastle upon Tyne. Langdale Hotel Great Langdale, Cumbria, UK 23 - 26 September 1997 Paradigm shifts disrupt the status quo, destroy outdated ideas, and open the way to new possibilities. This workshop explores deficiencies of current computer security paradigms and examines radical new models which address those deficiencies. Previous years' workshops have identified problematic aspects of traditional security paradigms and explored a variety of possible alternatives. Participants have discussed alternative models for access control, intrusion detection; new definitions of security, privacy, secrecy and trust; biological and economic models of security; multiple policies; and a wide variety of other topics. The 1997 workshop will strike a balance between building on the foundations laid in past years and exploring in new directions. We offer a creative and constructive workshop environment for about 25 participants at the Langdale Hotel in the English Lake District. Because of the workshop format, the organizers urge submitters to arrange to be present for all three days of the conference; authors' ability to attend for the duration of the workshop will be considered when evaluating submissions for acceptance. Dress is casual. The tone of the workshop is exploratory rather than critical. The refereed papers will be printed in a workshop proceedings. To participate, please submit the following, preferably via e-mail, to both Program Chairs (Mary Ellen Zurko and Catherine Meadows) at the e-mail addresses listed below by 4 April 1997: (1) Your paper This should be either a research paper or a 5-10 page position paper. Softcopy submissions should be in Postscript or ASCII format. Papers may be submitted in hardcopy. To submit hardcopy, please mail five (5) copies to Program co-chair Mary Ellen Zurko at the address listed below; please allow adequate time for delivery; the hardcopy deadline is 28 March 1997. (2) A justification This should describe, in one page or less, why you think your paper is appropriate for the New Security Paradigms Workshop. A good justification will describe which aspects of the status-quo security paradigm your paper rejects and which new model or models your paper proposes or extends. (3) An attendance statement This should state how many authors wish to attend the workshop, and should indicate whether at least one author will be able to attend for the entire duration of the workshop. The Program Committee will referee the papers and notify authors of acceptance status by 13 June 1997. We expect a limited number of scholarships to be available. More information will be provided on-line as it becomes available. E-mail to: newparadigms97@opengroup.org use anonymous FTP from: ftp.cs.uwm.edu in directory: /pub/new-paradigms Use World Wide Web from: http://www.cs.uwm.edu/~new-paradigms NEW SECURITY PARADIGMS '97 WORKSHOP ORGANIZERS Steering Committee: Tom Haigh, Bob Blakley, Mary Ellen Zurko, Catherine Meadows, John Dobson, Hilary Hosmer Workshop Co-Chair: Tom Haigh voice: +1 (612) 628-2738 fax : +1 (612) 628-2701 email: Haigh@sctc.com post : Tom Haigh Secure Computing Corp. 2678 Long Lake Road Roseville, MN 55113 USA Workshop Co-Chair: Bob Blakley voice: +1 (512) 838-8133 fax : +1 (512) 838-0156 email: blakley@vnet.ibm.com post : Bob Blakley IBM 11400 Burnet Road, Mail Stop 9134 Austin, TX 78758 USA Program Committee Co-Chair: Mary Ellen Zurko voice: +1 (617) 621-7231 fax : +1 (617) 621-8696 email: zurko@osf.org post : Mary Ellen Zurko The Open Group Research Institute 11 Cambridge Center Cambridge, MA 02142 USA Program Committee Co-Chair: Catherine Meadows voice: +1 (202) 767-3490 fax : +1 (202) 404-7942 email: Meadows@itd.nrl.navy.mil post : Catherine Meadows Naval Research Laboratory Code 5543 Washington, DC 20375 USA Program Committee: Shaw Chuang University of Cambridge John Dobson University of Newcastle Steven Greenwald Naval Research Laboratory Steven Hofmeyr University of New Mexico Hilary Hosmer Data Security, Inc. Sverker Janson Swedish Institute of Computer Science Audun Josang Norwegian University of Science and Technology Darrell Kienzle University of Virginia Tom Lincoln Rand Corporation Ruth Nelson Information Systems Security Pierangela Samarati Universita di Milano Cristina Serban Bell Labs (Lucent Technology) Marvin Schaefer Arca Systems Chenxi Wang University of Virginia Mike Williams Local Arrangements: John Dobson (Univ. of Newcastle) +44 (191) 222 8228 Scholarships: chair to be announced; contact workshop co-chairs Publications: chair to be announced; contact workshop co-chairs Publicity: Yvo Desmedt (Univ. of Wisconsin) +1 (414) 229-6762 Treasurer and Registration Chair: Dixie Baker (SAIC) +1 (310) 613-3606 ACM SIGSAC Chair: Ravi Sandhu (George Mason Univ.) +1 (703) 993-1659 ACM Senior Program Director: Julie Goetz (ACM) +1 (212) 626-0610 ------------------------------ Date: Tue, 14 Jan 1997 23:25:00 -0800 From: Susan Evoy <sevoy@Sunnyside.COM> Subject: DIAC '97 {{ Updated information }} Community Space & Cyberspace What's the Connection? http://www.scn.org/tech/diac-97 March 1 - 2, 1997, 9:00 am - 5:00 pm University of Washington HUB Seattle, WA USA Will cyberspace destroy society by turning us all into high tech couch potatoes? Or will it provide unprecented opportunities for community involvement? On March 1 and 2, 1997, Computer Professionals for Social Responsibility (CPSR) will present its sixth DIAC ("Directions and Implications of Advanced Computing") conference to help answer those questions. The theme is "Community Space and Cyberspace: What's the Connection?" and our aim is to challenge some of the cyber-spacy hype and bring the discussion back to earth to the communities we live in. Howard Rheingold, best-selling author of "The Virtual Community: Homesteading on the Electronic Frontier" will give the keynote address on March 1. Howard's presentation will be followed by panel discussions on economics, education, high-technology social mediation, and other topics. In these panels computer pioneers, activists, and other thinkers and doers will describe their experiences and ideas on what has changed, what may change, and, most importantly, what citizens can do to make the technology more responsive to community needs. Some of the Panelists include + Peter van den Besselaar, Social Science Informatics, University of Amsterdam and De Digitale Stad (the Digital City), Amsterdam + Amy Borgstrom, Executive Director, ACENET, OH + Amy Bruckman, Researcher, MIT Media Lab, Cambridge, MA + Steve Cisler, Senior Librarian, Apple Computer, Cupertino, CA + Jamie McClelland, Libraries for the Future, New York, NY + Peter Miller, Network Director, Community Technology Center's Network (CTCNet), Newton, MA + Kevin Rocap, California State University at Long Beach + Roland Waters, CEO, RTIME, Inc. And many others! The second day, March 2, will feature workshops on a variety of topics presented by practitioners from the Pacific Northwest, Boston, Amsterdam, New York City, and many other places. Workshop Topics include + Libraries in Cyberspace + Community Voice Mail for Homeless Clients + Networking for Non-Profits + City Government Programs On-Line + Telecommunications and Educational Reform + On-Line Services: Forum for Collaboration or Technology of Isolation? + Safety in Cyberspace + Civil Liberties in Cyberspace + Navigating the Maze of Telecommunications Policy Changes and many many more. Some Quick Notes... Location: HUB Auditorium, University of Washington, Seattle. Time: On-site egistation opens at 8:00 AM; program begins at 9:00 and ends at 5:00 pm. Registration: $25 students & low income; $50 CPSR and co-sponsors; $75 other. Some scholarships are available. CPSR Benefit: Meet with conference attendees informally while enjoying snacks, drinks, and demos! Saturday, March 1, at Seattle's Speakeasy Cafe. $25 is the suggested donation and additional contributions gladly accepted to help CPSR organize programs like this in the future. Volunteers Wanted: For registration, workshop coordination, virtual conference, and outreach. (And registration is free for volunteers!) Workshops: We are still interested in seeing your workshop proposal. If you have expertise, experience, or concerns to share, please consider proposing a workshop. Please use the form on the web site. Accommodations: We have reserved a number of rooms at the Silver Cloud Inn near the University. Their phone number is 800-205-6940. Rooms are $66 for a single and $78 for a double. Rooms will not be held after the first week in February unless reservations have been made. Air Travel: United Airlines is the official airline for the conference. Please see the conference web site for more information Please join us in Seattle! DIAC-97 will be one of the most timely and significant conferences on Cyberspace themes. We expect an exciting dialogue between educators, librarians, government officials, journalists, and other community members. Please mark you calendars to attend and help us make "Community Space and Cyberspace: What's the Connection?" as important and inspirational as possible. For more information: Doug Schuler, douglas@scn.org, 206.634.0752 -- Susan Evoy * Deputy Director http://www.cpsr.org/home.html Computer Professionals for Social Responsibility P.O. Box 717 * Palo Alto * CA * 94302 Phone: (415) 322-3778 * Fax: (415) 322-4748 * Email: evoy@cpsr.org ------------------------------ End of PRIVACY Forum Digest 06.02 ************************