TUCoPS :: Privacy :: priv_617.txt

Privacy Digest 6.17 12/19/97

The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:



PRIVACY Forum Digest      Friday, 19 December 1997      Volume 06 : Issue 17

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.

                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	Microsoft Knowledge Base and Cookies
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	More ATM card problems (Robert Beckman)
 	Re: Debit Cards (Susan Kirkland)
	CDA Successor Introduced (ALAWASH)
	Re: The Hazards of Humour... (Ken Meinken)
	Louisiana legislature considers requiring thumbprint to vote
	   (Dean, James L.)
	FC: California's Rep. Eshoo backs Bernstein lawsuit
           (Declan McCullagh)
        Warning of FBI Wiretap 'Wish List,' ACLU Urges FCC To Place
           Digital Telephony Plans on Hold (Monty Solomon)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic list handling system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list handling system.  Please follow the instructions above
for getting the "help" information, which includes details regarding the 
"index" and "get" commands, which are used to access the PRIVACY Forum 
archive via the list handling system.

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL:  "http://www.vortex.com"; full
keyword searching of all PRIVACY Forum files is available via WWW access.


   Quote for the day:

	"There is another system."

		-- Colossus
	           "Colossus: The Forbin Project" (Universal; 1970)


Date:    Mon, 15 Dec 97 14:32 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Microsoft Knowledge Base and Cookies

Greetings.  Many users of Microsoft's products are probably aware of the
extensive "Knowledge Base" (KB) which Microsoft maintains at their web site.
This database contains many articles, whose usefulness vary from minimal to
extreme depending on the particular situation, dealing with many of the
common problems and complications of installing and operating their many
widely used products.  Given the trend for many software products to include
minimal technical documentation, the KB might well be considered a necessary
adjunct to computer operations worldwide.

Since its inception, access to the KB was free and unrestricted.  However,
persons who have visited the KB in the recent past will have noticed a
change.  While access is still free, large numbers of the KB articles are
now marked as "premium content."  What does "premium" mean?  First, it seems
to indicate an article of particularly useful technical content.  Secondly,
it means you cannot access the article unless your browser is set to accept

If cookies are not being accepted and you attempt to access a "premium"
article, you are diverted to a page explaining that if your browser doesn't
support cookies you should try a different browser (a link to download IE4
is nearby).  It also offers a definition of a cookie (entitled "Cookies: How
they work and why they aren't as scary as they seem").  This presents a
completely benign view on cookie use, and makes absolutely no mention of the
problematic uses to which cookies can be applied.  In fact, their definition
states explicitly that cookies are harmless and that they can be a browser's
"very good friend."  There is no discussion of the various privacy-violating
purposes for which cookies can be, have been, and still are being used by
some sites.  The Knowledge Base also now requires completion of a multiple
question, multiple page (theoretically one-time) registration procedure
before "premium" items can be accessed.

Large numbers of users are undoubtedly being exposed to Microsoft's
definition of a cookie in the process of visiting their web site.  Many of
these users are likely to accept this unfortunately non-balanced definition
as complete, based largely on the prestige of the organization.

Users accepting Microsoft's benign cookie definition and leaving cookies
enabled in their browsers could be in for quite a surprise later when they
visit other web sites, some of which may well be using cookies in manners
which are directly invasive of users' privacy. 

By expounding the view that cookies are just small, harmless files, and
never anything to be concerned about, Microsoft seems to be doing users a
disservice.  Microsoft's own use of cookies for the Knowledge Base falls
on the decidedly less onerous side of the cookie-use spectrum.  But it seems
reasonable to expect that a firm of Microsoft's stature would offer a
technically balanced explanation of cookies that would avoid leaving readers
with the impression that all uses of cookies are harmless.

Moderator, PRIVACY Forum


Date:    Fri, 21 Nov 1997 11:27:48 -0500
From:    Robert Beckman <rbeckman@aagis.com>
Subject: More ATM card problems

Reading in the 11/20 Privacy Forum Digest about ATM check cards brought
another problem to light I've recently heard about.

The problem came about when a friend of mine used his check card to
charge approx. $50 on it for numerous items from different stores.
Shortly there after he received overdraft notices from his bank saying
that he had overdrawn his account which was a surprise since he uses his
check card specifically to prevent this from happening.  In his research
he figured out what had happened.  The bank only authorizes the use of
the card, It does nothing to verify that he has the money in the bank or
anything like that.  His problem is now that he is approx. $40 overdrawn
plus another $125 in ISF fees all because the bank said his card was
valid and didn't bother to see if he had the money or not.  Something he
was assured couldn't happen by the person who took his check card

Needless to say he is pursuing this issue with the bank to get the ISF
charges removed and also to find out why they're authorizing charges on
his card when he doesn't even have the money in his account to begin

You can take what Lauren Weinstein pointed out a step further.  If a
criminal would get a hold of your check card he now can not only
withdrawal everything in your bank account but also as much as the bank
will authorize plus the bank's ISF fees for the crook's transactions but
also for all your legitimate transaction also.  Correcting the situation
would probably be a nightmare since getting a hold of anyone at a bank's
customer service who understands the technology is almost impossible.

Maybe this is why the banks are calling these cards "check cards"
instead of "debit cards".  Checks can bounce but direct debiting can't
since they have to check your balance to authorize the transfer.



Date: Sat, 22 Nov 1997 13:27:21 +0000
From: susan kirkland <skirklan@insync.net>
Subject: Re: Debit Cards

I read with interest The ATM Debit Card Switcheroo because my bank did
the same thing.  Suddenly one day I got a new ATM card in the mail--it
was a MasterCard debit.  I didn't want it and so decided to continue
using my old card.   About 2 weeks later, I went to the grocery store,
presented my ATM card and was told it was expired.  When I got home, I
looked at the letter with the debit card and called the 800 number to
activate that card.  There were no options presented, though, as the
example bank you used, to continue using a non-debit card at the ATM.  I
have to use this card or no card.

But there's something scarier--every month now when I get my statement,
my card number appears at the top of every page.  So all anybody has to
do is steal a piece of mail--which happens frequently in my
neighborhood.  I called to complain about this and was referred to the
customer complaint call line--which was manned by a virtual nincompoop
who told me she would refer my comments to the appropriate person and
"Oh, don't worry.  You won't have to pay if that happens."  Maybe not
money, but pay I will in grief and regret.

This is the pits.



Date: Fri, 21 Nov 1997 10:03:54 -0500

ALAWON                                       Volume 6, Number 102
ISSN 1069-7799                                  November 20, 1997

     American Library Association Washington Office Newsline

In this issue: (101 lines)



At the end of the first session of the 105th Congress, Sen. Dan
Coats (R-IN) introduced legislation to prohibit commercial
distribution on the World Wide Web of material that is "harmful
to minors" under the age of 17.  S. 1482, introduced on November
8, is intended, according to its sponsor, to reflect the
parameters laid out by the Supreme Court in its decision on the
Communications Decency Act.  

The "harmful to minors" definition in the bill includes material
that "taken as a whole and with respect to minors, appeals to a
prurient interest in nudity, sex or excretion; depicts,
describes, or represents, in a patently offensive way with
respect to what is suitable for minors, an actual or simulated
sexual act or sexual contact, actual or simulated normal or
perverted sex acts, or a lewd exhibition of the genitals; and
lacks serious literary, artistic, political, or scientific
value." The bill would provide a defense to any prosecution that
the defendant restricted access by requiring a credit card, adult
access code or ID number.

Although the legislation addresses only commercial activity on
the Web, ALA is mentioned several times in Sen. Coats' remarks,
including the following in the Congressional Record (November 8,
p. S12147):

     And what about blocking software? Mr. President, let me
     begin by pointing out the amazing level of deceit that
     proponents of this solution are willing to go to. The
     American Library Association, a principal opponent of
     the CDA, lined up with plaintiffs in challenging the
     Constitutionality of the Act. It was a central argument
     of the Library Association and their cohorts, that
     blocking software presented a non-governmental solution
     to the problem.
     However, Mr. President, if one logs onto the American
     Library Association Web site one finds quite a
     surprise. Contained on the site is a resolution, adopted
     by the ALA Council on July 2, 1997, that resolves:
     "That the American Library Association affirms that the
     use of filtering software by libraries to block access
     . . . violates the Library Bill of Rights." Mr.
     President, I ask unanimous consent that this Resolution
     be inserted into the Record.
     So, here we find the true agenda of the American
     Library Association. They represent to the Court that
     everything is O.K., that all we need is blocking
     software. Then, they turn around and implement a policy
     that says no-way.

The words Sen. Coats left out (indicated by the . . .) in his
reference to the ALA resolution were:  "to constitutionally
protected speech."  However, the full text of ALA's July 2
Resolution on the Use of Filtering Software in Libraries
(www.ala.org/alaorg/oif/filt_res.html) was appended to his

Although no action was taken on this bill before the first
session adjourned, S. 1482 will carry over to the second session
beginning January 1998.  The issue can be expected to generate
considerable attention in an election year.


- -Sen. Coats' bill can be found through Thomas at thomas.loc.gov.
One method is to use the QUICK SEARCH TEXT OF BILLS 105th
CONGRESS: Search by Bill Number: S. 1482.  A free copy will be
mailed upon request from the Senate Document Room, phone 202/
224-7860, specify bill S. 1482.
- -Sen. Coats' introductory remarks are in the Congressional Record
(November 8, pp. S12146-54). The remarks are also available
online through Thomas and GPO Access (one interface is GPO Gate
at the University of California at
www.gpo.ucop.edu/search/crfld.html). However, Coats' remarks are
currently grouped electronically with remarks on "Northern
Ireland/Border Counties Free Trade, Development and Security Act"
and therefore seem mislabeled.  

ALAWON is a free, irregular publication of the American Library
Association Washington Office.  To subscribe, send the message:
subscribe ala-wo [your_firstname] [your_lastname] to listproc
@ala.org.  To unsubscribe, send the message: unsubscribe ala-wo
to listproc@ala.org. ALAWON archives at http://www.ala.org/
washoff/alawon. Visit our Web site at http://www.alawash.org. 

ALA Washington Office                            202.628.8410 (V)
1301 Pennsylvania Ave., NW, #403                 202.628.8419 (F)
Washington, DC 20004-1701                        800.941.8478 (V)

Lynne E. Bradley, Editor                        <leb@alawash.org>
Deirdre Herman, Managing Editor  <alawash@alawash.org>           

Contributors:                                  Carol C. Henderson
All materials subject to copyright by the American Library
Association may be reprinted or redistributed for noncommercial
purposes with appropriate credits.


Date:    Sat, 22 Nov 1997 18:51:00 -4
From:    "Ken Meinken" <kmeinken@one.net>
Subject: Re:  The Hazards of Humour...

Robert Taylor mentioned the repercussions of passing "business 
inappropriate" humor using his employer's account.

Well, my company is quite clear: company facilities are for business 
use only. Using Internet access for personal use is grounds for 
disciplinary action, up to and including dismissal. The company is 
even very sensitive to anything we post for legitimate business 
reasons since it could reflect on the company.

If your employer allows you to use company facilities for personal 
use, I certainly think it is understandable that they expect certain 
behavior when postings could reflect on them.  To put it another way, 
if you want independence, then get your own account.



Date:    Wed, 3 Dec 1997 06:32:36 -0600
From:    jdean@lsumc.edu (Dean, James L)
Subject: Louisiana legislature considers requiring thumbprint to vote

     From page 2 of the 12/3/97 edition of the New Orleans newspaper The
Times-Picayune:  "Future Voters: Swipe your license to cast your
ballot".  The Louisiana legislature is considering voting machines that
read the magnetic stripe on Louisiana drivers licenses.  To insure the
license corresponds to the voter, the machine would read the voters


Date: Mon, 8 Dec 1997 10:06:47 -0500
From: Declan McCullagh <declan@well.com>
Subject: FC: California's Rep. Eshoo backs Bernstein lawsuit

December 8, 1997
CONTACT: Lewis Roth
(202) 225-8104

Rep. Eshoo Says Bernstein Case Underscores Need For Encryption Reform

Washington, D.C.--On the day oral arguments are scheduled to begin in
the government's appeal of the ruling in Bernstein v. Department of
State, Rep. Anna Eshoo (D-CA) said the First Amendment issues raised by
the case underscore the need for reforming federal encryption export
controls.  Daniel Bernstein, a University of Illinois professor,
developed an encrypted e-mail program called Snuffle, for which the
government refused export permission.  He took the government to court
over its decision.  U.S. District Court Judge Marilyn Hall Patel heard
his case and found that federal encryption export restrictions are
unconstitutional because encryption software is a form of speech
protected by the First Amendment.  A three-judge panel from the 9th
Circuit Court of Appeals will be asked by federal attorneys to overturn
the ruling.

"Judge Patel's ruling should give opponents of encryption reform pause
to think about the broader implications of their position," said Eshoo.
"The national security establishment, the Administration, and some
Members of Congress have dismissed concerns about privacy and economics
raised by encryption reform advocates.  But they cannot readily dismiss
the right to free speech enshrined in the First Amendment of the U.S.
Constitution.  The decision in Bernstein underscores the fact that, in
the name of national defense, the U.S. government should not restrict
the very liberties it is supposed to be defending."

Encryption software allows computer data to be scrambled in order to
ensure the confidentiality of information.  It is important to e-mail
users who want to protect the privacy of their messages, companies
looking to protect their computer files from hackers, and businesses
hoping to get customers to purchase goods and services online using
electronic payment methods.

At present, federal law prohibits the export of strong encryption
software due to national security concerns even though powerful
encryption software is readily available overseas or on the Internet
from foreign manufacturers.  Since software companies find it
uneconomical to produce more than one version of the same program,
American encryption users are effectively stuck with weak software,
while U.S. software companies stand to lose billions of dollars in
potential sales abroad.

Rep. Eshoo is an original cosponsor of H.R. 695, the Security and
Freedom through Encryption (SAFE) Act, which would allow U.S.
manufacturers to export encryption software no more powerful than
software already available in other countries.  As a member of the House
Commerce Committee, which has partial jurisdiction over the legislation,
she has fought Administration efforts to weaken the SAFE Act and impose
harsher encryption export curbs than currently exist.  Rep. Eshoo hosted
a major conference on encryption reform at Stanford University during
the 104th Congress.
This list is public. To join fight-censorship-announce, send
"subscribe fight-censorship-announce" to majordomo@vorlon.mit.edu.
More information is at http://www.eff.org/~declan/fc/


Date:    Wed, 17 Dec 97 08:44:42 -0500
From:    Monty Solomon <monty@roscom.COM>
Subject: Warning of FBI Wiretap 'Wish List,' ACLU Urges FCC To Place
         Digital Telephony Plans on Hold

Excerpt from ACLU News 12-14-97


Warning of FBI Wiretap 'Wish List,' ACLU Urges FCC To Place
Digital Telephony Plans on Hold

Friday, December 12, 1997

WASHINGTON -- The American Civil Liberties Union today urged the Federal
Communications Commission to delay implementation of a massive law
enforcement wiretapping scheme, saying that the FBI was attempting to
strong-arm the telecommunications industry into adopting surveillance
capabilities well beyond what the law allows.

The 1994 Communications Assistance for Law Enforcement Act -- also known
as CALEA or "digital telephony" -- requires telecommunications carriers
and manufacturers to build wiretap capabilities into the nation's
communication systems. Under the law, industry is required to implement
this plan by October 24, 1998.

But in comments submitted to the FCC today, the ACLU, the Electronic
Privacy Information Center and the Electronic Frontier Foundation urged
the Commission to use its authority to delay implementation until
October 24, 2000.

"We believe that the FBI has placed a choke hold on the industry process
and as a result pressured industry into devising technical standards
that exceed CALEA's scope by providing unprecedented FBI surveillance
capabilities not contemplated by the Congress," the comments assert.

The groups said that the FBI has devised a "wish list" of capabilities
for surveillance that go far beyond what current law allows. For
instance, in October the FBI called for standards that require every
cell phone to provide location information of users to police -- in
effect, turning the telephone into a homing device.

"The FBI should not be in the business of drawing up the blueprints for
our nation's telecommunications systems," said ACLU Associate Director
Barry Steinhardt. "That's like getting a Peeping Tom to design window

While the FCC request for public comment addressed only narrow and
largely procedural issues, the ACLU said in its comments today that the
agency must force the FBI to spell out its capacity requirements and
thoroughly review all of the proposed technical standards before any
discussion can proceed about implementing the law.

At present, Steinhardt said, "neither the public, nor the
telecommunications industry are in a position to comprehend the scope of
the capacity and surveillance requirements sought by the FBI."

In the three years since CALEA was passed, Steinhardt noted, the FBI has
repeatedly failed to clarify the actual and maximum capacity technical
needs, including an accurate estimate of the number of anticipated
communications interceptions. The Bureau has now said that it intends to
divulge its capacity requirements in a "final" notice in January 1998.

But, even assuming that the requirements will be realistically and
accurately spelled out, the information comes too late in the process,
said David Sobel, Legal Counsel for EPIC. "The Bureau's refusal to
provide the actual capacity requirements denies any possibility of
meaningful public oversight by Congress, the industry and the public. In
addition, it will be impossible for industry to adopt technical
standards under the current deadline of October 25, 1998."

"EPIC, along with EFF and the ACLU, vigorously opposed enactment of
CALEA in 1994 as an unprecedented expansion of government surveillance
authority," Sobel added. "Developments since the law was passed have
only confirmed those fears."

	The comments filed with the FCC can be found at


End of PRIVACY Forum Digest 06.17

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH