TUCoPS :: Privacy :: priv_602.txt

Privacy Digest 6.02 1/17/97

PRIVACY Forum Digest      Friday, 17 January 1997      Volume 06 : Issue 02

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
	YOUR SIGNATURE FOR SALE? -- A PRIVACY Forum Special Report
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Re: Online Personal Databases (Nickee Sanders)
	Re: CHRC bumbles into the Net (dlh@marsmedia.com)
	PRC has new home (Privacy Rights Clearinghouse)
	D.C. Court of Appeals Hears Encryption Case (Monty Solomon)
	CFP'97 (Bruce R. Koball)
	NSPW call for papers (Mary Ellen Zurko)
	DIAC '97 (Susan Evoy)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 06, ISSUE 02

   Quote for the day:

	"Next time, why don't we just break up our instruments?"

		-- Stoney (Jack Nicholson) 
  		   "Psych-Out" (Dick Clark Enterprises; 1968)

----------------------------------------------------------------------

Date:    Fri, 17 Jan 97 20:19 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: YOUR SIGNATURE FOR SALE? -- A PRIVACY Forum Special Report

Greetings.  By now most of us realize that our social security numbers,
unlisted phone numbers, and all manner of other data items that (we thought)
were personal and private have become simple commodities flowing openly
between various commercial databases and information brokers and pitch-men.
Problems ranging from credit nightmares to identity fraud have become
commonplace with the help of these databases.  It couldn't get 
much worse, right?

Well, hold on to your pens, because it looks like we're poised on the edge
of a new frontier in personal data commerce--signature databases.  We all
sign many documents in the course of daily living and it's generally assumed
that signatures have some validity as an identifier, or else why use them?
And we also usually implicitly assume that our signatures won't be
made available to third parties on any kind of routine basis.

But it looks like this is starting to change, with the mammoth U.S. shipping
company United Parcel Service (UPS) taking the lead among what can only be
assumed will be the first of many entities using new technologies to capture
and disseminate signature data.

There's been discussion here in the PRIVACY Forum in the past about the
implications of those little computerized boxes that UPS delivery persons
want you to sign when a package is delivered.  Generally, all UPS business
deliveries typically request a signature, while residential deliveries may
simply be left outside on doorsteps unless the shipper requests otherwise.
The signature boxes capture your signature electronically, and they're fed
back to UPS headquarters.  The idea was apparently that in case of a
question about whether or not a delivery was received, these are supposed to
be used to verify delivery status.  

The very existence of the signature capture system perturbed some people,
but so long as the signatures stayed within UPS it didn't appear that an
especially serious problem would arise.  This might have now changed.  You
may have seen a new television commercial from UPS, touting their new system
that allow shippers to electronically obtain copies of recipients'
signatures for display on their screens (and apparently for printout as
well).

Given that it is relatively trivial (through the use of various "background"
programs) to capture the video image or printer data from virtually any
PC-based application, the availability of electronic signature data raises a
number of concerns.  Even though the signature data displayed in the actual
systems is apparently somewhat pixelated, it still appears to be the case
that with minimal processing a reasonable signature facsimile could be
obtained.

The big issue, of course, is whether such data could be "mined" on a large
scale, sold to commercial databases, and become yet another component of our
personal lives over which we've lost all control.  This scenario is
especially easy to imagine in the context of some entity shipping thousands
of mail order packages per day, where large databases could be built up
quite quickly.  Is there any law to prevent such collection, or the sale and
resale of signature data collected in this manner?  Of course not!

Wanting to get the straight information on this issue, I had a number of
conversations with Mr. John Flick, the gentleman in charge of international
public relations for UPS.  I requested a spokesperson to do a recorded
interview for PRIVACY Forum Radio, but this was ultimately declined.  I was
told that they felt they had researched the topic sufficiently before
launching the service and that there really weren't any privacy issues
involved.  I was also told (in what's become a familiar refrain to privacy
queries) that "nobody had complained about it before"--more on that below.

Here's what I learned during my conversations.  UPS has now established a
service to which shippers can subscribe that allows them to
electronically access recipient signature data.  The service appears to be
mainly aimed at shippers dealing with significant volumes of packages, so
that they can obtain delivery data (including signature) without any manual
interaction with UPS.  From available information, it does not appear that
shippers need to have had any problem with a shipment to obtain signature
and other data via this system--they simply make the request through their
computer and back it comes.

Currently, this data is only provided via dialup to UPS computers.  Since
UPS already has basic package tracking data available via their Web site, 
I asked if there were plans to extend the signature delivery system to the Web
or other Internet mechanisms as well.  No information on this issue was
available.  

I also asked if UPS contractually prohibits entities receiving signature
data from providing, selling, or otherwise disseminating it to other
parties.  The answer is no, they do not have any such prohibitions.  They
also feel that any such prohibitions would be unenforceable given the lack
of any laws addressing this issue.  They add that they of course will stay
abreast of any changes in this area and would abide by any new applicable
laws.

Basically, they simply do not consider dissemination of signatures to be a
privacy issue.  They point out that other organizations scan signature data
(e.g. banks), and they feel that other shippers will be providing similar
signature delivery services as soon as they are technically able to do so.
They apparently do not feel that the large-scale distribution of signatures
electronically to "end users" represents any kind of qualitative change from
the status quo.  

They did have two suggestions for those persons who might
disagree with their analysis:

-- Refuse to sign for packages

   They say that UPS delivery persons should still allow you to have the
   package even if you refuse to sign their box.  Reports I've received,
   however, suggest that some UPS delivery persons are not aware of this
   policy.  I might add that you can also request to sign one of their
   yellow "not present" slips instead of their signature capture box.  Some
   delivery persons will not agree to this, however.

-- Don't sign your real signature

   UPS suggests that if you don't like their system, you can choose not to
   sign your real signature; instead you can sign with an "X", horizontal
   line, squiggle, or whatever.  The delivery persons are not supposed to
   complain about this.  Again, reports I've heard suggest that "your
   mileage may vary" with such a technique, depending on the particular
   delivery person.

Of course, both of these techniques obliterate the usefulness of signatures
for a very valid purpose, namely helping to verify delivery in case there is
some problem or dispute later.  It seems very unfortunate that such actions
are suggested by UPS as the best means to "protect" your signature from
routine, non-dispute-related dissemination to third parties.

As I mentioned above, UPS says that they hadn't received any complaints or
other concerns about their system until my call.  As always, it's not always
so simple to know exactly who to contact if, perchance, you decide you would
like to express concerns about their signature collection and dissemination
system.

UPS agents who deal with "routine" complaints can be reached at:
(800) 457-4022.  You can ask agents to forward your comments onward to UPS
management.  However, I was able to obtain additional contact information
that can be used for more direct access to the appropriate parties to hear
your opinions on such matters:

UPS Public Relations/Customer Resolution
Tel: (404) 828-6000   
Fax: (404) 828-6593

United Parcel Service Corporate
Building 3, Floor 6
55 Glenlake Parkway
Atlanta, GA  30328

You might want to make your feelings about the signature service,
either pro or con, known to UPS via one of the above contact
methods.

UPS is certainly right about at least one thing.  This is but the tip of the
iceberg when it comes to the development of signature collection and
dissemination systems.  As usual, laws to protect individuals' personal
information are lagging far behind technological developments.  If you have
concerns in this area, you might consider expressing them not only to the
various commercial firms involved, but to your local, state, and federal
legislators as well.

--Lauren--
Moderator, PRIVACY Forum
www.vortex.com

------------------------------

Date:    Mon, 23 Dec 1996 14:25:24 -0800
From:    Nickee Sanders <nsanders@videonics.com>
Subject: Re: Online Personal Databases

In Digest 05.22, David Kulp writes about the problem of incorrect
information being stored in online databases.  The moderator ends the piece
with a comment:
> In the long run, the only
> answers would seem to revolve around consumers gaining the
> legal right to inspect, correct, and where appropriate
> control the information about themselves stored,
> interchanged, and sold via privately maintained databases.

Those parties interested in this issue may be interested in New Zealand's
Privacy Act.  This Act, passed in 1993, gives everybody in New Zealand
precisely those rights.  No organisation may collect information about
anyone which is not relevant to the business at hand; I have used this to
avoid giving my occupation and other irrelevant information to banks when I
was making a fixed-term investments (after all, _how_ I came by the money
is hardly relevant; when I take out a loan I don't ask for details about
how they came by it!).  Furthermore, organisations must state explicitly
_what_ they intend doing with the information you give them, and they must
get your authorisation before they are allowed to use it in those ways.
Several times I have simply crossed out or left blank questions on a form
which I considered intrusive or irrelevant to what I was actually
transacting with the organisation.  If you buy something from a direct mail
company in New Zealand, they can't even send you brochures unless you give
them the authorisation to do so!!!  Best of all, any organisation which
collects information about people must have a Privacy Officer who is
responsible for maintaining the information and keeping the organisation
within this law; any person may request at any time to view the information
about them in the organisation's database, and they have the right to have
it corrected if that information is incorrect.  (Usually the duties of the
Privacy Officer are simply added on to someone's existing workload, but the
position is a serious one within the framework of the law)  The law also
brought into existence a Privacy Commissioner to promote
awareness/understanding of the Act; do privacy audits; etc, etc, etc.  And
finally, it is now _illegal_ to sell mailing lists in New Zealand.

Believe me, for someone interested in privacy, the Privacy Act is something
precious and wonderful.

NOTE:  I'm not a lawyer and the above is all from memory; for those
interested in reading the Act itself, it can be found at
<http://mark.law.auckland.ac.nz/Acts/PA93/PA1993-Contents.html> and
probably other places online too.  The NZ government has a website at
<http://www.govt.nz/government.html> but I haven't managed to find the
lawbooks online via there.

Nickee Sanders, Apprentice Software Engineer,
Videonics, Inc -- CA 95008, U.S.A.
"I don't speak for Videonics, and they don't speak for me.

------------------------------

Date:    2 Jan 1997 12:27:24 EDT
From:    dlh@marsmedia.com
Subject: Re: CHRC bumbles into the Net

Regarding transmission of "hate" content into Canada from California,
and proposed regulation thereof by Canada:

The issue presented is one of "in-personam jurisdiction", the power to
coerce an individual personally.  This kind of jurisdiction is required by
any political entity anywhere, before the actions taken by that entity will
be regarded as "legal" under international law.  However, the expansion of
communications and commerce in this century have greatly expanded the
ability of a jurisdiction to act upon or regulate a person located in
another jurisdiction based on the person's having performed some "purposeful
act" which had some substantial effect in the foreign jurisdiction.  Note
that this analysis holds true for any state to state transactions, whether
the states are France and Peru or Maryland and Virginia.

The modern rules of personal jurisdiction are such that it is possible to
commit a criminal offense in a place where one has never been and has no
intention of affecting in any way, to be tried there in absentia and
sentenced.  The only limitation is that service of process has to be
personal for criminal prosecutions, and there is no such thing as
"substituted service" (i.e., by mail as is allowed in some states for civil
cases).

Canada could well declare legislatively that it is a felony to transmit
"hate" information via the telephone lines in or into Canada, or to provide
for a civil cause of action for anyone offended by such transmission.  If
the person(s) responsible for the transmission can be identified
sufficiently, a warrant or summons can be issued, and in the example of a
criminal prosecution, a fugitive warrant issued to be executed in
California.  Extradition to Canada would then ensue, and the person tried
there.

I would observe that, under U.S. Federal statutes governing the use of
telephones, it is already a criminal offense to transmit offensive language
of any kind over telephone lines.  I have yet to hear of anyone being
prosecuted for this offense, although I've observed countless examples in
electronic media.

Note further, that, with respect to regulation of information content in the
United States, that the United States Constitution explicitly prohibits the
United States from "abridging the freedom of speech, or of the press, or the
right of the people peaceably to assemble..."  The Bill of Rights, including
the First Amendment, do not apply to the member States directly.  It is only
through a case by case interpretation of the "due process" clause of the
Fourteenth Amendment that citizens have been protected from State regulation
of information content.  Many States' constitutions contain provisions
similar to the First Amendment, but there is no requirement that they do so,
and State regulation of health, education, public welfare and morals are
preclusive of Federal regulation in those areas under the Tenth Amendment.
If a State says it's immoral to say dirty words on the Internet, and to
define a criminal offense based on that finding, there is no Federal power
to restrict that State's ability to regulate the content of speech.

The limits on the coercive power of a state to enforce its laws against
nonresidents are purely practical.  It may be too much trouble and too
costly for British Columbia to arrest and try a California resident for
violation of its laws by transmitting obscene content into B.C., even though
it could do so.  I would set up my hate mail site in Antigua or some other
non- extradition State if I were going to do so, nonetheless.

------------------------------

Date:    Sun, 5 Jan 1997 07:04:45 -0800
From:    Privacy Rights Clearinghouse <bgivens@privacyrights.org>
Subject: PRC has new home

The Privacy Rights Clearinghouse has separated from the University of San
Diego. It is now affiliated with the Utility Consumers' Action Network
(UCAN), a San Diego- based nonprofit organization which advocates for
consumers' interests regarding telecommunications, energy, insurance and the
Internet. (Visit UCAN's web site at www.ucan.org and learn about its
"CyberCop" project.)

Our new addresses for snailmail, email and our Web site are below. If your
Web site links to ours, please change the old domain (acusd.edu/~prc) to our
NEW domain, privacyrights.org. Thank you!

                                --  Beth Givens, Project Director
                                --  bgivens@privacyrights.org

New Address Information:

Privacy Rights Clearinghouse
5384 Linda Vista Rd. #306
San Diego, CA 92110

Voice: (619) 298-3396
Fax: (619) 298-5681

E-mail: prc@privacyrights.org
Web: www.privacyrights.org

------------------------------

Date:    Sun, 12 Jan 1997 02:46:39 -0500
From:    Monty Solomon <monty@roscom.COM>
Subject: D.C. Court of Appeals Hears Encryption Case

Excerpt from ACLU News 01-09-97

D.C. Court of Appeals Hears Encryption Case
 
FOR IMMEDIATE RELEASE
Friday, January 10, 1997

WASHINGTON -- A three-judge panel in the U.S. Court of Appeals for the
District of Columbia heard oral arguments today about whether or not
cryptography, or encoded electronic speech, is a legitimate form of speech
protected under the First Amendment from government access and control.

The American Civil Liberties Union, along with Electronic Privacy Information
Center (EPIC), The Internet Society and the U.S. Public Policy Committee of
the Association for Computing Machinery (USACM), has filed a <A HREF="http://w
ww.aclu.org/issues/cyber/priv/karnbrf.html">friend-of-the-court brief</A> on
behalf of Philip Karn, the appellant in the case.

Mr. Karn, who developed encryption programs as a software engineer, attempted
to publish and distribute encoded text stored on a computer diskette. After
submitting his product to the Office of Defense Trade Controls (ODTC), a
government agency that has review jurisdiction over export products, Karn was
told that his product was subject to government licensing requirements and
was placed on the United States Munitions List (USML), having been considered
a "defense article."

Even though the same encoded text that Mr. Karn published on his diskette had
been previously printed in a popular cryptography textbook and had not been
subject to government control in that format, Mr. Karn was told that the
electronic format of the text was subject to censorship. An opinion in this
case issued by Judge Charles R. Richey in the U.S. District Court for the
District of Columbia approved this action by granting the Governments motion
to dismiss and motion for summary judgment.

"The lower courts unfortunate decision in this case made a dangerous
distinction between printed speech and electronic speech, saying that
electronic speech should receive less protection under the First Amendment,"
said Barry Steinhardt, associate director of the ACLU.

Encryption, the process by which "plaintext" speech is encoded into a secret
electronic language by means of a mathematical formula or algorithm, was
traditionally employed to encrypt military communications. While still used
for that purpose, the applications for cryptography have greatly expanded
with the growth in electronic communications and commerce. Everything from
private e-mail messages to automatic banking transactions can be transmitted
in secret code.

"Ciphertext," or encrypted language, is free speech, and deserves full
protection under the First Amendment, according to the ACLU. As its amicus
brief states, "For First Amendment purposes, no meaningful difference exists
between high-level programming languages, on the one hand, and natural
languages like English and Spanish, on the other."

The export restrictions and regulations that the government already imposes
on encryption software and information exchange about cryptographic
techniques, all in the name of protecting "national security," have had
deleterious effects on commerce and individual privacy rights, the ACLU said.

Due to the many government restrictions on encryption products, U.S.
manufacturers have been forced to market software products with weak
security features. These requirements have severely hampered U.S. competition
in manufacturing superior encryption software. 

"Ironically, America's national security is actually jeopardized by our
stunted encryption industry, when U.S. companies must use weaker encryption
programs, leaving their sensitive data more vulnerable to hackers and
information pirates," the ACLU's Steinhardt said.  "At the same time, foreign
technology and businesses are flourishing."

Also at stake in this case is the threat to the privacy of individual
communications, a fundamental right repeatedly recognized by the Supreme
Court. With increasing amounts of personal information stored electronically,
cryptographic techniques can provide confidentiality of medical records,
financial data, and electronic mail.

The Supreme Court has also recognized Constitutional protections for
anonymous speech, the ACLU said.  Some encoded materials that are anonymous
for personal security reasons are compromised when subjected to government
restrictions.

Since the appeal in Mr. Karns case, a critical decision was reached in
December in a related case, Bernstein v. U.S. Department of State. When
defining protected speech, Judge Marilyn Hall Patel in U.S. District Court
for the 9th Circuit found no distinction between the printed word and
electronic speech. In her ruling, Judge Patel said that an encoded document
is protected by the First Amendment "not because it enables encryption, but
because it is itself speech."

The Bernstein decision, along with ACLU v. Reno, the groundbreaking ruling
affirming free speech on the Internet (now on appeal to the Supreme Court),
may set valuable precedent in the case being heard today.

"We hope todays panel will recognize that private, encoded, electronic speech
deserves as much constitutional protection as a campaign flier or any other
written document. The First Amendment does not distinguish -- nor should the
government," Steinhardt said.

------------------------------

Date:    Fri, 10 Jan 1997 15:04:08 -0800 (PST)
From:    Bruce R Koball <bkoball@well.com>
Subject: CFP'97

 The Seventh Conference on Computers, Freedom, and Privacy
                    March 11-14, 1997
San Francisco Airport Hyatt Regency; Burlingame, California

              CFP'97 : Commerce & Community

CFP'97 will assemble experts, advocates, and interested people
from a broad spectrum of disciplines and backgrounds in a balanced
public forum to address the impact of new technologies on society. 
This year's theme addresses two of the main drivers of social and
technological transformation.  How is private enterprise changing
cyberspace?  How are traditional and virtual communities reacting? 
Topics in the wide-ranging main track program will include:

PERSPECTIVES ON CONTROVERSIAL SPEECH.  Different cultural
approaches to regulating political expression on the Net.  And a
peek at the Supreme Court arguments over the Communications
Decency Act.

THE COMMERCIAL DEVELOPMENT OF THE NET.  Opting-in versus opting-out,
public regulation versus self-policing, privacy as property, and a 
possible privacy "seal of approval.

GOVERNMENTAL & SOCIAL IMPLICATIONS OF DIGITAL MONEY.  How
cybercommerce and cyberbanking affect the nation's complex
economic engine.

INTERNATIONAL PERSPECTIVES ON CRYPTOGRAPHY.  The increasingly
pivotal role of Europe and Asia in the latest saga of the crypto
debate.  New crypto developments.  Crypto as speech.  And a quick
look at the coming public key infrastructure.

CYPHERPUNKS & CYBERCOPS.  Anything from a rapprochement of
longtime rivals to a rollicking slugfest over the rules for police
cruisers on the Infobahn..

REGULATION OF ISPs.  The changing rules governing Internet Service
Providers, here and abroad, and how they will affect what you see
on the Web.

SPAMMING.  The tension between the right of free expression and
the right not to be forced to carry other's words

INFOWAR.  The political, social, and technical issues raised by
the risks of information warfare.  Are we doing enough -- or too
much?

INTELLECTUAL PROPERTY AND INFO-PROPERTY.  How treating information
as property affects commerce and new technologies, here and
abroad.

THE 1996 ELECTIONS.  CREATING A NEW DEMOCRACY.  Who surfed Bob
Dole's web site, anyway?  On-line activism.

THE COMING COLLAPSE OF THE NET.  Cyberspace gurus on the
technological and economic realities threatening to overwhelm the
Net.


CFP'97 will feature parallel-track lunchtime workshops during the
main conference on topics including:


THE CASE AGAINST PRIVACY           HOW A SKIPTRACER OPERATES
CYBERBANKING                       HOW THE ARCHITECTURE REGULATES
RIGHTS IN AVATAR CYBERSPACE        NATIONAL I.D. CARDS
PUBLIC KEY INFRASTRUCTURES         EUROPEAN IP LAW
SEXUAL HARASSMENT IN CYBERSPACE    VIRTUAL COMMUNITIES
DOMAIN NAMES                       ARCHIVES, INDEXES & PRIVACY
GOVERNMENT REGULATION OF ECASH     CRYPTO AND THE 1st AMENDMENT


The conference will also offer a number of in-depth tutorials on
subjects including:

* The Economics of the Internet
* Regulation of Internet Service Providers
* The Latest in Cryptography
* The Constitution in Cyberspace
* Info War: The Day After
* Personal Information and Advertising on the Net
* Transborder Data Flows and the Coming European Union
* Intellectual Property Rights on the Net: A Primer


INFORMATION

A complete conference brochure and registration information are
available on our web site at:   http://www.cfp.org

For an ASCII version of the conference brochure and registration
information, send email to:     cfpinfo@cfp.org

For additional information or questions, call: 415-548-2424

------------------------------

Date:    Mon, 13 Jan 1997 14:08:33 -0500
From:    Mary Ellen Zurko <zurko@osf.org>
Subject: NSPW call for papers

                        PRELIMINARY CALL FOR PAPERS
                         NEW SECURITY PARADIGMS '97

A workshop sponsored by ACM and the University of Newcastle upon Tyne.

                               Langdale Hotel
                        Great Langdale, Cumbria, UK

                           23 - 26 September 1997


Paradigm shifts disrupt the status quo, destroy outdated ideas, and open the
way to new possibilities.  This workshop explores deficiencies of current
computer security paradigms and examines radical new models which address
those deficiencies.  Previous years' workshops have identified problematic
aspects of traditional security paradigms and explored a variety of possible
alternatives.  Participants have discussed alternative models for access
control, intrusion detection; new definitions of security, privacy, secrecy
and trust; biological and economic models of security; multiple policies;
and a wide variety of other topics.  The 1997 workshop will strike a balance
between building on the foundations laid in past years and exploring in new
directions.

We offer a creative and constructive workshop environment for about
25 participants at the Langdale Hotel in the English Lake District.

Because of the workshop format, the organizers urge submitters to arrange to
be present for all three days of the conference; authors' ability to attend
for the duration of the workshop will be considered when evaluating
submissions for acceptance.

Dress is casual.  The tone of the workshop is exploratory rather than
critical.  The refereed papers will be printed in a workshop proceedings.

To participate, please submit the following, preferably via e-mail, to both
Program Chairs (Mary Ellen Zurko and Catherine Meadows) at the e-mail
addresses listed below by 4 April 1997:

  (1) Your paper

      This should be either a research paper or a 5-10 page position paper.
      Softcopy submissions should be in Postscript or ASCII format.

      Papers may be submitted in hardcopy.  To submit hardcopy, please mail
      five (5) copies to Program co-chair Mary Ellen Zurko at the address
      listed below; please allow adequate time for delivery; the hardcopy
      deadline is 28 March 1997.

  (2) A justification

      This should describe, in one page or less, why you think your paper
      is appropriate for the New Security Paradigms Workshop.  A good
      justification will describe which aspects of the status-quo security
      paradigm your paper rejects and which new model or models your paper
      proposes or extends.

  (3) An attendance statement

      This should state how many authors wish to attend the workshop, and
      should indicate whether at least one author will be able to attend for
      the entire duration of the workshop.

The Program Committee will referee the papers and notify authors of
acceptance status by 13 June 1997.

We expect a limited number of scholarships to be available.

More information will be provided on-line as it becomes available.

 E-mail to:                         newparadigms97@opengroup.org

 use anonymous FTP from:            ftp.cs.uwm.edu
           in directory:            /pub/new-paradigms

 Use World Wide Web from:           http://www.cs.uwm.edu/~new-paradigms


NEW SECURITY PARADIGMS '97 WORKSHOP ORGANIZERS
  Steering Committee:  Tom Haigh, Bob Blakley, Mary Ellen Zurko,
                       Catherine Meadows, John Dobson, Hilary Hosmer


  Workshop Co-Chair: Tom Haigh

    voice: +1 (612) 628-2738
    fax  : +1 (612) 628-2701
    email: Haigh@sctc.com
    post : Tom Haigh
           Secure Computing Corp.
           2678 Long Lake Road
           Roseville, MN 55113  USA

  Workshop Co-Chair: Bob Blakley

    voice: +1 (512) 838-8133
    fax  : +1 (512) 838-0156
    email: blakley@vnet.ibm.com
    post : Bob Blakley
           IBM
           11400 Burnet Road, Mail Stop 9134
           Austin, TX  78758  USA

  Program Committee Co-Chair: Mary Ellen Zurko

    voice: +1 (617) 621-7231
    fax  : +1 (617) 621-8696
    email: zurko@osf.org
    post : Mary Ellen Zurko
           The Open Group Research Institute
           11 Cambridge Center
           Cambridge, MA 02142  USA

  Program Committee Co-Chair: Catherine Meadows

    voice: +1 (202) 767-3490
    fax  : +1 (202) 404-7942
    email: Meadows@itd.nrl.navy.mil
    post : Catherine Meadows
           Naval Research Laboratory
           Code 5543
           Washington, DC 20375  USA


  Program Committee:

    Shaw Chuang           University of Cambridge
    John Dobson           University of Newcastle
    Steven Greenwald      Naval Research Laboratory
    Steven Hofmeyr        University of New Mexico
    Hilary Hosmer         Data Security, Inc.
    Sverker Janson        Swedish Institute of Computer Science
    Audun Josang          Norwegian University of Science and Technology
    Darrell Kienzle       University of Virginia
    Tom Lincoln           Rand Corporation
    Ruth Nelson           Information Systems Security
    Pierangela Samarati   Universita di Milano
    Cristina Serban       Bell Labs (Lucent Technology)
    Marvin Schaefer       Arca Systems
    Chenxi Wang           University of Virginia
    Mike Williams

  Local Arrangements:  John Dobson (Univ. of Newcastle) +44 (191) 222 8228
  Scholarships: chair to be announced; contact workshop co-chairs
  Publications: chair to be announced; contact workshop co-chairs
  Publicity:  Yvo Desmedt (Univ. of Wisconsin)         +1 (414) 229-6762
  Treasurer and Registration Chair: Dixie Baker (SAIC) +1 (310) 613-3606
  ACM SIGSAC Chair:  Ravi Sandhu (George Mason Univ.)  +1 (703) 993-1659
  ACM Senior Program Director:  Julie Goetz (ACM)      +1 (212) 626-0610

------------------------------

Date:    Tue, 14 Jan 1997 23:25:00 -0800
From:    Susan Evoy <sevoy@Sunnyside.COM>
Subject: DIAC '97

                       {{ Updated information }}

                     Community Space & Cyberspace
                         What's the Connection?

                   http://www.scn.org/tech/diac-97

                 March 1 - 2, 1997, 9:00 am - 5:00 pm
                    University of Washington HUB
                           Seattle, WA  USA


Will cyberspace destroy society by turning us all into high tech couch
potatoes?  Or will it provide unprecented opportunities for community
involvement?  On March 1 and 2, 1997, Computer Professionals for Social
Responsibility (CPSR) will present its sixth DIAC ("Directions and
Implications of Advanced Computing") conference to help answer those
questions.  The theme is "Community Space and Cyberspace: What's the
Connection?" and our aim is to challenge some of the cyber-spacy hype
and bring the discussion back to earth to the communities we live in.

Howard Rheingold, best-selling author of "The Virtual Community:
Homesteading on the Electronic Frontier" will give the keynote address
on March 1.   Howard's presentation will be followed by panel
discussions on economics, education, high-technology social mediation,
and other topics.  In these panels computer pioneers, activists, and
other thinkers and doers will describe their experiences and ideas on
what has changed, what may change, and, most importantly, what citizens
can do to make the technology more responsive to community needs.

Some of the Panelists include

  + Peter van den Besselaar, Social Science Informatics, University of 
    Amsterdam and De Digitale Stad (the Digital City), Amsterdam 
  + Amy Borgstrom, Executive Director, ACENET, OH
  + Amy Bruckman, Researcher, MIT Media Lab, Cambridge, MA
  + Steve Cisler, Senior Librarian, Apple Computer, Cupertino, CA
  + Jamie McClelland, Libraries for the Future, New York, NY
  + Peter Miller, Network Director, Community Technology 
      Center's Network (CTCNet), Newton, MA
  + Kevin Rocap, California State University at Long Beach
  + Roland Waters, CEO, RTIME, Inc.

And many others!

The second day, March 2, will feature workshops on a variety of topics
presented by practitioners from the Pacific Northwest, Boston,
Amsterdam, New York City, and many other places.

Workshop Topics include 

  + Libraries in Cyberspace 
  + Community Voice Mail for Homeless Clients
  + Networking for Non-Profits
  + City Government Programs On-Line
  + Telecommunications and Educational Reform
  + On-Line Services: Forum for Collaboration or Technology of Isolation?
  + Safety in Cyberspace
  + Civil Liberties in Cyberspace
  + Navigating the Maze of Telecommunications Policy Changes

and many many more.

Some Quick Notes...

Location: HUB Auditorium, University of Washington, Seattle.  

Time: On-site egistation opens at 8:00 AM; program begins at 9:00 and
ends at 5:00 pm.

Registration: $25 students & low income; $50 CPSR and co-sponsors; $75
other.  Some scholarships are available.

CPSR Benefit: Meet with conference attendees informally while enjoying
snacks, drinks, and demos!  Saturday, March 1, at Seattle's Speakeasy
Cafe.  $25 is the suggested donation and additional contributions
gladly accepted to help CPSR organize programs like this in the
future.

Volunteers Wanted: For registration, workshop coordination, virtual
conference, and outreach.  (And registration is free for volunteers!)

Workshops: We are still interested in seeing your workshop proposal.
If you have expertise, experience, or concerns to share, please
consider proposing a workshop.  Please use the form on the web site.

Accommodations: We have reserved a number of rooms at the Silver Cloud
Inn near the University.  Their phone number is 800-205-6940.  Rooms
are $66 for a single and $78 for a double.  Rooms will not be held
after the first week in February unless reservations have been made.

Air Travel: United Airlines is the official airline for the
conference.  Please see the conference web site for more information


Please join us in Seattle!

DIAC-97 will be one of the most timely and significant conferences on
Cyberspace themes.  We expect an exciting dialogue between educators,
librarians, government officials, journalists, and other community
members.  Please mark you calendars to attend and help us make
"Community Space and Cyberspace: What's the Connection?" as important
and inspirational as possible.

For more information: Doug Schuler, douglas@scn.org, 206.634.0752

--
Susan Evoy   *   Deputy Director                     
http://www.cpsr.org/home.html    
Computer Professionals for Social Responsibility
P.O. Box 717  *  Palo Alto  *  CA *  94302         
Phone: (415) 322-3778    *   Fax: (415) 322-4748     *   Email: evoy@cpsr.org 

------------------------------

End of PRIVACY Forum Digest 06.02
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH