From risks@csl.sri.com Mon Feb 22 14:27:21 1993 Return-Path: Received: from nkosi.well.sf.ca.us by well.sf.ca.us with SMTP (5.65c/SMI-4.1/well-930216-1) id AA01529; Mon, 22 Feb 1993 14:26:15 -0800 Received: from chiron.csl.sri.com by nkosi.well.sf.ca.us (5.65c/SMI-4.1/nkosi-930216-1) id AA19587; Mon, 22 Feb 1993 14:26:26 -0800 Received: by chiron.csl.sri.com id AA07295 (5.65b/IDA-1.4.3.12 for aissecur@well.sf.ca.us); Mon, 22 Feb 93 14:24:51 -0800 From: RISKS Forum Sender: RISKS Forum Date: Mon, 22 Feb 93 14:24:49 PST Subject: RISKS DIGEST 14.34 Reply-To: risks@csl.sri.com To: RISKS-LIST:@csl.sri.com ; Message-Id: RISKS-LIST: RISKS-FORUM Digest Monday 22 February 1993 Volume 14 : Issue 34 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: And You thought Your Computer Chat Was Private (Marty Leisner) _Friendly Spies_ (Peter Wayner) The "Information America" service (Brian Randell) "Telephone Service Cut Off" (Lin Zucconi) Computer delays response to fatal fire (Lauren Wiener) Tapping the new digital car phone systems (John W. Sinteur) A quick request for opinions (Fred Cohen) London Ambulance Service (Brian Randell) DCCA-4 Call for Papers (Teresa Lunt) Technology and Society, Call for Papers (William J. Kelly) Privacy Digests (PGN) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sat, 13 Feb 1993 14:06:39 PST From: leisner@eso.mc.xerox.com (Marty Leisner 71348 ) Subject: And You thought Your Computer Chat Was Private In the February 7, 1993 NY Times (sunday) on page 32 they had an article (about 10 column inches) detailing privacy issues with email. They talked about Oliver North's message in 1986 to his aide Ronald Sable: "Oh Lord, I lost the slip and broke one of the high heels. Forgive please. Will return the wig Monday". The article quotes Paul Saffo (Institute for the Future) talking about "we have yet to establish the conventions for e-mail). marty leisner@eso.mc.xerox.com leisner.henr801c@xerox.com Member of the League for Programming Freedom ------------------------------ Date: Mon, 22 Feb 1993 11:12:37 -0500 From: Peter Wayner Subject: _Friendly Spies_ Fans of encryption and those who merely fan the fires of debate about encryption's inherent threat/value will want to dig up Peter Schweitzer's new book _Friendly Spies_ just published by Atlantic Monthly Press. He includes many different details about covert intelligence operations directed against US corporations by cold war allies. Time and time again he says, foreign governments conspire with foreign companies to steal US technology and economic secrets. He mentions that France and Germany and many other countries require US Companies to "register" the encryption key for reasons of national security. All of the American transmissions are monitored and the data is passed on to the local competitors. Companies like IBM finally began to routinely transmit false information to their French subsidiary just to thwart the French Secret Service and by transitive property of economic nationalism, French computer companies. The lessons? Key registration in the world hurts American corporations. Cryptography protects the creators and thwarts those who seek to copy innovation. -Peter Wayner ------------------------------ Date: Wed, 17 Feb 93 12:18:22 GMT From: Brian.Randell@newcastle.ac.uk Subject: The "Information America" service A colleague has just shown me an article about an online service called "Information America". The article is (possibly justifiably) alarmist in tone - and I cannot vouch for its factual accuracy. The article appeared in issue 8 of a (strange, to me at least) magazine called Mondo 2000, published some time in 1992 - the publisher's address is given as PO Box 1071, Berkeley, CA. Let me say no more about the article or the magazine, but just provide soc.roots/ROOTS-L readers some illustrative quotes from it: "BIG BROTHER ISN'T DEAD, HE'S JUST SUBCONTRACTING If you have a modem, a home computer and can afford $95 an hour fees you too can access Information America's online computer database, cross indexing the Postal Service's National Change of Address file (NCOA), major publisher and direct marketing companies' client information, birth records, drivers' license records, phone books, voter registrations, records from up to 49 governmental agencies, and more. Information America boasts up to date information on over 111 million Americans, 80 million households, and 61 million telephones. If you are not scared yet you should be. Because complete strangers can find out where you live, tracing you through extensive relocations even if they have only a last name, or a state, an old address or telephone number. .... Not until recently has information like this been commercially available in a single database, specifically with law enforcement, private investigators, bounty hunters and lawyers in mind. Information America is the first accessible service to make use of previously collected data for the express purpose of providing up-to-date whereabouts and personal profiles of as many Americans as possible. .... People finder is made up of four services: SKIP TRACER, TELEPHONE TRACKER, PERSON LOCATOR and PEOPLE FINDER MULTITRACK ..... SKIP TRACER traces a person's moves or verifies the current address when all you have is an old address. You will enter the person's name, street number, street name, and either the zip code or the city/state. If your subject is in IA's files a profile will be provided that includes the address he moved to (or current address), phone number, length of residence, and more. You may also request a list of ten of the person's neighbours. A profile on the current resident at your subject's old address and up to ten neighbours there may also be available. .... TELEPHONE TRACKER tracks down the owner of a telephone number... If a match is found, you may look at a profile of that individual/residence and a listing of up to ten neighbours. .... PERSON LOCATOR helps you locate a person when specific address information is not available. Enter the person's name and indicate whether you wish to conduct a search by city, state(s), zip or nationwide. Person Locator will compile a list (up to 300 names for nationwide and up to 100 names for individual state searches) that match the information entered..... When you find the right name, you may request a profile and neighbour listing for that individual. ..... PEOPLE FINDER MULTITRACK helps you find multiple people during one search. Search results are available the following business day. .... IA's clients are mostly lawyers and paralegals working at large legal firms, but the FBI is also a major IA client. .... IA has existed for at least three and a half years, but has remained relatively unknown to the public. .... To market its database services, IA seems to have adopted a grass-roots kind of approach. IA employs liaison in major metropolitan cities whose job it is to research and contact prospective clients lawyers, for example. I am unaware of any advertising in specialist journals. ...." Discussions of the potential dangers of a service like this would be better addressed to the splendid Usenet newsgroup comp.risks - to which my colleague is addressing a separate message about Information America. However it seems to me that the service might be of legitimate interest to a number of soc.roots/ROOTS-L readers (for example, those carrying out aextensive "one-name studies"), hence my posting this message. Brian Randell PS I reiterate - I have no personal knowledge of Information America, and cannot vouch for the accuracy or fairness of the Mondo 200 article from which I have quoted. Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923 ------------------------------ Date: 18 Feb 1993 09:06:10 U From: "Lin Zucconi" Subject: "Telephone Service Cut Off" The Valley Times (Feb.18) reported that telephone service was cut off for more than 4 hours to about 37,000 phone lines in Livermore, CA including "911" and operator "O" lines. The article said that "the significance (of the malfunction) was in having three prefixes that can't reach emergency phone lines.... The phone company [Pacific Bell] was stymied in correcting the problem because diagnostic tests of the equipment told technicians that there was no problem....Technicians eventually located the problem in a call processor computer tape and replaced the malfunctioning tape." Luckily for those of us that live here, this is a relatively low crime area and no serious crimes occurred during the outage. Some banks compensated by letting in only a few customers at a time because they were concerned that their alarm systems wouldn't be able to call police. ------------------------------ Date: Sat, 20 Feb 93 10:49:25 -0800 From: Lauren Wiener Subject: Computer delays response to fatal fire >From the Oregonian, Saturday, Feb. 20, 1993, p.B1: "Computer delays response to fatal Bonny Slope fire", by James Mayer It takes seven minutes for the alarm to reach Tualatin Valley Fire & Rescue because of a glitch that sends it to the office that dispatches Portland Fire Bureau units instead of to the proper agency in Washington County [BACKGROUND: Multnomah County is the county that contains the City of Portland. Suburban Washington County adjoins it to the west. Multnomah County is oddly shaped, and small slices of it here and there are served by suburban agencies instead of the corresponding Portland agency. I live in one of those places, and when I moved into my present house in 1980 it took the telephone company two days to find me and sort out who was responsible for hooking up my telephone service. Which fortunately was not an emergency.] A computer error added seven minutes to the time it took firefighters to reach a 68-year-old woman trapped in her burning Bonny Slope home last week. Mildred Smith died of smoke inhalation suffered in a pre-dawn Feb. 12 blaze at her home at 12401 NW Thompson Rd. A neighbor telephoned 9-1-1 to report the fire at 2:40 AM, but firefighters from Tualatin Valley Fire & Rescue were not dispatched until 2:47 AM because a computer error sent the original call to the wrong place. Eugene Jacobus, Washington County deputy medical examiner, said it would be hard to determine whether the dispatching delay made a fatal difference. Firefighters were also delayed by steel-bar security doors when they reached the remote house north of Cedar Mill, 5 and 1/2 minutes after finally getting the call for help. "It's really hard to say, but certainly a delay of that magnitude is going to make a difference, Jacobus said. "You can be relatively sure that any delay, whether two or seven minutes, is going to rob an individual of some ability to be resuscitated." By Friday, officials had traced the problem to the computerized telephone switching system at Portland's 9-1-1 center on Kelly Butte. Fire and US West Communications officials say a "reloading" of some computer software by US West inadvertently changed the way the 9-1-1 system routed calls for a very small number of callers. "We're still looking to find out how that happened," said Jim Haynes, US West spokesman. Here's what happened in the latest incident, as pieced together from interviews and official reports: At 2:40 AM, Jack Gilbert, of 12229 NW Hillar Lane, called 9-1-1 to report what he first thought was a brush fire in the area of the NW Thompson Road home, about 100 yards away. The call was answered at Kelly Butte, because the Gilbert's home is just inside the Multnomah County line. On the enhanced 9-1-1 computer screen, the dispatcher could see that Washington County Consolidated Communication Agency was the appropriate dispatching agency and Tualatin Valley Fire & Rescue was the appropriate fire department. About four seconds later, the dispatcher hit a key that is supposed to route the call automatically to the right place. But, in this case, it didn't work. Although the 9-1-1 operator didn't know it, the call instead went to Portland's Fire Alarm Dispatch office, which dispatches Portland Fire Bureau units. Dispatchers there looked at the address and realized it was a Washington County call. At 2:44 AM Portland fire dispatchers called the Washington County 9-1-1 center. But for reasons that are unclear, Washington County dispatchers looked for "1229" Hillar Road, instead of "12229" for some time without finding it in their computers, finally kicking it back to Portland under the belief that it must be a Portland address. About two minutes later, Portland Fire called Washington County again. This time, the right, five-digit address was exchanged. Finally, at 2:47 AM, Tualatin Valley Fire & Rescue got the call. At almost the exact moment, seven minutes after the first call, Smith herself called 9-1-1 from inside her home. The same thing happened. The Kelly Butte dispatcher hit the key to route the call, and it went to Portland Fire Alarm Dispatch instead of Washington County. About a minute after that, Gilbert called again, this time to report that the fire was in the house. By this time, firefighters were on the way. It took the first company, coming from kaiser Road in the Oak Hills area, 5 and 1/2 minutes to get there. The second unti arrived two minutes after that. Firefighters could hear 73-year-old Robert Smith pounding on the security door, trying to get out. His wife, by that time, however, was silent. Firefighters broke a window to get inside. Robert Smith suffered smoke inhalation, but he survived. Mildred Smith died 12 hours later. Larry Hatch, assistant director of the washington County 9-1-1 center, acknowledged that confusion about the address added minutes to the call, but none of that would have happened without the initial switching error. Gary Schrader, director of Portland's Bureau of Emergency Communications, which runs the Kelly Butte center, said officials originally thought the dispatcher had made a mistake. The telephone problem was discovered and corrected on Monday. The telephone company had done a system "reload" Jan. 30 and that was what resulted in the switch sending calls in the wrong direction, Haynes said. Schrader said the error was not discovered because of the low volume of calls from people who live in Multnomah County but, like the Smiths, are served by an outside fire agency. END Oregonian article COMMENT: The story doesn't say why "reloading" produces erroneous behavior. Maybe US West doesn't know, at this point? ------------------------------ Date: Mon, 22 Feb 1993 12:14:53 -0800 From: fourcnl!sinteur@relay.nluug.nl (John W. Sinteur) Subject: Tapping the new digital car phone systems The following appeared in the Automatiseringsgids in The Netherlands last week. The Automatiseringsgids is a weekly newpaper-like magazine on information technology in the Netherlands. My comments are in [... -JS] I tried to translate literally, any mistakes are mine, but not intented as such. The author of the article gave me permission to send RISKS a translated version of his article. ... I think most comments on what's in the article are already made before, I just wanted to let you know what's happening over here in Europe... -John GSM cannot be tapped. (Automatiseringsgids, 19 Feb 93) The Ministry of Justice is negotiating with PTT Telecom to figure out which way Justice, Police and Security Services can listen in on subscribers of the new digital car phone system (GSM). The government is now discussing the option of tapping conversations at the central PTT switchboards. [PTT Telecom is the sole provider of telecom infrastructure in the Netherlands -JS] GSM is protected by personal subscriber smart-cards and complex algorithms, well enough to stop professional eaves-droppers. Security officials fear that this will be welcomed by criminal organisations, who can communicate through this system without fear of being tapped. [The article does not mention exactly which 'algorithms'. Public key perhaps? If anyone really knows, please tell us -JS] Since GSM will be used throughout Europe, it is especially useful for criminals operating internationally. Secret and Police Services in Europe are trying to convince their Ministries of Internal Affairs of the need to force GSM providers to adapt their services to make tapping possible. The German government is talking to two GSM providers, DBP Telekom and Mannesmann/PacTel, to persuade them to cooperate and implement a tapping option. British Telecom and Vodafone in Great Britain are also discussing this problem with the government. [GSM] providers are thinking about this problem and are trying to find a solution for all of Europe. [end of article] [ sinteur@fourc.nl John W. Sinteur, 2:512/48 (fidonet) ] [ Snail: Jade str 28, 2332 RT Leiden, The Netherlands ] ------------------------------ Date: Fri, 12 Feb 93 19:15:43 -0500 From: fc@turing.duq.edu (Fred Cohen) Subject: A quick request for opinions I am writing a book about artificial life, and have some examples of programs that automate distribution of software in LANs, implement distributed databases, etc. They are all written in the Unix shell, and involve a few lines of code that automatically copy the programs between machines to automate the distribution process. It has come to my attention that there may be substantial objection to this idea and I am asking people in this forum for their opinion. Each program includes explicit safeties to prevent copying to machines where operation is not authorized by the root, and they are designed not to spread outside of particular directories. The code is very obvious (only a few lines of shell script after all), and the book includes explicit warnings not to remove safeties or use on any machine where you don't have permission. Questions: 1 - why not provide this in the book? 2 - what risks do you see in it? 3 - are you an admin or a user? 4 - do you think there is value in including these examples? 5 - do you think the advantages of examples outweigh any risks? 6 - do you think that the versions that optimize their own behavior by `evolving' improved forms should not be included - if not why not? Please Email me your responses ASAP, as the book goes to press in a few weeks. Also, if you DO NOT want your comments included in the book (no names will be used) tell me. Otherwise, I will feel free to include any comments I find particularly enlightening. FC ------------------------------ Date: Fri, 19 Feb 93 12:55:43 GMT From: Brian.Randell@newcastle.ac.uk Subject: London Ambulance Service The London Ambulance Service Crisis reported to RISKS earlier has been absent from the UK press for a while, but now it seems likely to burst forth again. The attached article is reprinted in its entirety from (UK) Computer Weekly, 18 Feb, 1993. Cheers. Brian Randell Report to confirm (pounds)1m 999 systems blunder (by David Evans) LONDON Ambulance Service made a fatal blunder when it bought a (pounds)1m untested computer system to handle 999 calls, an official inquiry will reveal next week. Union leaders have already blamed the system for contributing to the deaths of at least four patients. Around 800,000 emergency calls are handled by the capital's ambulance service each year. But after a spate of incidents, in which calls were lost and emergency victims suffered long delays before ambulances arrived, the system was abandoned. Now an official report into the fiasco, demanded by health secretary Virginia Bottomley, is expected to be scathing in its criticism. Since last November an independent panel has been looking at the circumstances surrounding the purchase of the system, bought when a previous computer-aided dispatch module crashed. Yet after just a few months of use the replacement was similarly suffering from calldata overload. Questions raised by the report will include why Aldershot-based Systems Options was chosen as the main soft-ware supplier when it had no previous experience in providing dispatch systems to the ambulance sector. Jim Pedroza, Systems Options' founder, has consistently refused to talk to the press. His networked solution based on Apricot workstations and servers contrasts markedly with mini-based systems favoured by other emergency services. According to sources working close to the inquiry team, one conclusion is that a replacement computer-aided dispatch system will now take years, rather than months, to implement. It will also confirm that the Systems Options solution is wholly unfit for the task. Said one London ambulance source: "What we're talking about here is an official stamp of condemnation. Not enough attention was paid to the project, and the lack of expertise in choosing the system was completely unacceptable." The outcome of the report has been delayed to allow for the publication this week of the Tomlinson report on London hospitals. Since the system was ditched, the service's chief John Wilby has resigned and control room staff have reverted to manual methods of dispatching crews. Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923 ------------------------------ Date: Mon, 22 Feb 93 10:07:56 -0800 From: Teresa Lunt Subject: DCCA-4 Call for Papers Below is the Call for Papers for the 4th IFIP Working Conference on Dependable Computing for Critical Applications. The conference aims to promote research that considers different aspects of dependability, including security, safety, reliability, and availability, in a common framework, with emphasis on high assurance. Call for Papers: 4th IFIP Working Conference on Dependable Computing for Critical Applications January 4-6, 1994, Catamaran Resort Hotel, San Diego, California, USA Increasingly, individuals and organizations are becoming critically dependent on sophisticated computing systems. In differing circumstances, this dependency might for example center on the continuity of service received from the computing system, the overall performance level achieved, the real-time response rate provided, the extent to which catastrophic failures are avoided, or confidentiality violations prevented. The notion of dependability, defined as the trustworthiness of computer service such that reliance can justifiably be placed on this service, enables these various concerns to be subsumed within a single conceptual framework with reliability, availability, safety and security, for example, being treated as particular attributes of dependability. The fourth IFIP Working Conference on Dependable Computing for Critical Applications aims at bringing together researchers and developers from academia, industry and government for advancing the state of the art in dependable computing. Papers are sought in all areas of dependable computing, including but not limited to models, methods, algorithms, tools and practical experience with specifying, designing, implementing, assessing, validating, operating and maintaining dependable computing systems. Of particular, but not exclusive, interest will be presentations which address combinations of dependability attributes, e.g. safety and security or fault-tolerance and safety, through studies of either a theoretical or an applied nature. Submitting a Paper: Six copies (in English) of original work should be submitted by 30 June 1993, to the Program co-Chair: Dr. Gerard Le Lann INRIA - Project REFLECS BP 105 Tel: +33.1.39635364 78153 Le Chesnay Cedex Fax: +33.1.39635330 France E-mail: Gerard.Le_Lann@inria.fr Papers should be limited to 6000 words, full page figures being counted as 300 words. Each paper should include a short abstract and a list of keywords indicating subject classification. Papers will be refereed and the final choice will be made by the Program Committee. Notification of acceptance will be sent by September 24 1993, and camera-ready copy will be due on November 12, 1993. A digest of papers will be available at the Conference, and hardbound proceedings will be published after the Conference as a volume of the Springer-Verlag series on Dependable Computing and Fault-Tolerant Systems. Important Dates: Submission deadline: June 30, 1993 Acceptance notification: September 24, 1993 Camera-ready copy due: November 12, 1993 General Chair F. Cristian, Univ. of California, USA Program Cochairs G. Le Lann, INRIA, France T. Lunt, SRI International, USA Local Arrangements/Publicity Chair K. Marzullo, Univ. of California, USA Program Committee J. Abraham, U of Texas at Austin, USA A. Avizienis, UCLA, USA D. Bjoerner, UNUIIST, Macau R. Butler, NASA, USA A. Costes, LAAS-CNRS, France M-C. Gaudel, LRI, France V. Gligor, U of Maryland, USA L. Gong, SRI International, USA H. Ihara, Hitachi, Japan J. Jacob, Oxford U, UK S. Jajodia, George Mason U, USA J. Lala, CS Draper Lab, USA C. Landwehr, NRL, USA K. Levitt, U of California Davis, USA C. Meadows, NRL, USA, J. McLean, NRL, USA M. Melliar-Smith, UCSB, USA J. Meyer, U of Michigan, USA J. Millen, MITRE, USA D. Parnas, McMaster U, Canada B. Randell, U of Newcastle upon Tyne, UK G. Rubino, IRISA, France R. Schlichting, U of Arizona, USA J. Stankovic, U of Massachusetts, USA P. Thevenod, LAAS-CNRS, France Y. Tohma, Tokyo Inst. of Technology, Japan Ex-officio J-C. Laprie, LAAS-CNRS, France IFIP WG 10.4 Chair ------------------------------ Date: Tuesday, 16 Feb 1993 20:08:04 EST From: m16805@mwvm.mitre.ogr Subject: Call for papers, Technology and Society CALL FOR PAPERS TECHNOLOGY: WHOSE COSTS?...WHOSE BENEFITS? Areas of Concentration: Computers and Communications, Health Care, Energy and the Environment The International Symposium on Technology and Society 1993 (ISTAS '93) The International Symposium that links Technology and Social Effects Sponsors: The Institute of Electrical and Electronic Engineers Inc. (IEEE) Society for the Social Implications of Technology The IEEE National Capital Area Council The IEEE Technology Policy Conference Committee Washington DC October 22-23, 1993 Technology is constantly changing the our world. New ways of doing things bring benefits undreamed-of just a few years ago. These technologies also have their price. The costs can be financial, but also less freedom, more risks, more stress. How do we balance benefits and costs? Do those who enjoy the benefits bear their fair share of the costs? How can we determine a fair share? If we can, and don't like the results, what do we change? Is the Government always the best way to change things? ISTAS '93 invites significant contributions on these issues from a wide spectrum of scholarly and concerned individuals. The contributions can be papers, proposals for a session or panel of invited experts, or proposals for "poster" or discussion sessions. Please send a 100 word summary for papers or a 1000 word proposal for sessions, to the General Chair Dr. William J. Kelly, Attn. IEEE, MITRE Corporation, m/c Z568, 7525 Colshire Drive, McLean, VA 22102 E-mail: wjkelly@mitre.org Deadline for Submission: March 12, 1993 Notification of Acceptance: April 12, 1993 Camera Ready Copy: June 30, 1993 For information call Jackie Hunter (703)-803-8701 ------------------------------ Date: Mon, 22 Feb 1993 13:13:37 -0800 From: Peter G. Neumann Subject: Privacy Digests Periodically I will remind you of TWO useful digests related to privacy, both of which are siphoning off some of the material that would otherwise appear in RISKS, but which should be read by those of you vitally interested in privacy problems. RISKS will continue to carry higher-level discussions in which risks to privacy are a concern. * The PRIVACY Forum Digest (PFD) is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the BODY of a message to "privacy-request@cv.vortex.com"; you will receive a response from an automated listserv system. To submit contributions, send to "privacy@cv.vortex.com". * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Dennis G. Rears. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. There is clearly much potential for overlap between the two digests, although contributions tend not to appear in both places. If you are very short of time and can scan only one, you might want to try the former. If you are interested in ongoing detailed discussions, try the latter. Otherwise, it may well be appropriate for you to read both, depending on the strength of your interests and time available. PGN ------------------------------ End of RISKS-FORUM Digest 14.34 Downloaded From P-80 International Information Systems 304-744-2253