From privacy@cv.vortex.com Thu Sep 24 03:13:27 1992 Return-Path: Received: from cv.vortex.com by csrc.ncsl.nist.gov (4.1/NIST) id AA10744; Thu, 24 Sep 92 03:12:57 EDT Posted-Date: Wed, 23 Sep 92 23:27 PDT Received-Date: Thu, 24 Sep 92 03:12:57 EDT Received: by cv.vortex.com (Smail3.1.26.7 #2) id m0mXmfW-00026dC; Wed, 23 Sep 92 23:27 PDT Message-Id: Date: Wed, 23 Sep 92 23:27 PDT From: privacy@cv.vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V01 #19 To: PRIVACY-Forum-List@cv.vortex.com Status: R PRIVACY Forum Digest Wednesday, 23 September 1992 Volume 01 : Issue 19 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Draft ACM whitepaper on computers and privacy (David Redell) Medical record database (Jeff Makey) Re: Telephone comm encryption (Steve Bellovin) Announcement of a New Journal (Gerald M. Phillips) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 19 Quote for the day: "You knew the job was dangerous when you took it!" -- "Superchicken" ---------------------------------------------------------------------- Date: Wed, 23 Sep 92 12:43:28 PDT From: redell@src.dec.com (David Redell) Subject: Draft ACM whitepaper on computers and privacy In connection with the ACM's increasing interest in policy issues, I have been writing a draft whitepaper on computers and privacy. It was reviewed by ACM Council, and they recommended soliciting feedback from the readers of Privacy Forum, followed by publication in CACM for comments from the membership at large (similar to the earlier publication of the draft Code of Ethics and Professional Conduct). The eventual goal is to adopt a revised version of this whitepaper as an official statement of the ACM. Your comments are solicited. Please send them to me at: redell@src.dec.com Thanks for your help with this project. Dave Redell [ The complete text of Dave's paper has been placed in the PRIVACY Forum archives. It may be retrieved via anon FTP from site "cv.vortex.com" under the name "/privacy/acm-wpd.1.Z". Be sure to transfer this file in "image" mode if you will be uncompressing it yourself, or leave off the ".Z" for automatic uncompression by the FTP server. The paper may also be obtained by e-mail from the automated listserv system by sending a message to: listserv@cv.vortex.com containing the line: get privacy acm-wpd.1 at the start of the BODY of the message. -- MODERATOR ] ------------------------------ Date: Mon, 21 Sep 92 22:51:40 PDT From: Jeff Makey Subject: Medical record database The October 1992 issue of "Redbook" has a fairly well written article entitled "The Strangers Who Know All Your Secrets" that covers a number of privacy-related topics familiar to PRIVACY Forum readers. In addition to the usual suspects, the article mentioned "the Medical Information Bureau (MIB), a Westwood, Massachusetts-based national clearinghouse for some 750 life and health insurance companies." It seems that the MIB maintains a database of "an estimated 12 to 15 million" medical records that are just as susceptible to errors as credit records. What's worse is that the consumer-protection laws that apply to one's credit record do not reach other areas such as medical records, so correcting an erroneous medical database record may be nearly impossible. :: Jeff Makey makey@VisiCom.COM ------------------------------ Date: Sun, 20 Sep 92 08:08:09 EDT From: smb@ulysses.att.com Subject: Re: Telephone comm encryption I wasn't going to reply until I had some more technical details, but since Jerry explained -- correctly -- how difficult it is, I felt I should say something... First, of course, there have been military-grade encryption units for a few years now, the STU-III's. These are somewhat larger than ordinary phones, and are rated for top-secret traffic. Basically, they're V.32 modems with a fancy encryptor. The original scheme designed by the government called several different models, including one that could be sold to American businesses, using DES. The basic technology could be built into any phone; I think that Motorola even makes cellular STU-III's. But the real reason I'm responding is that AT&T has just introduced a device that sounds exactly like what's being requested here. It's about the size of a calculator, plugs in to either any phone or any handset (I'm not sure), and provides a fair amount of security. I suspect -- but I don't know for sure -- that it uses DES. I don't have any technical details yet, or even a glossy marketing brochure, but I'll be glad to pass along anything I learn to anyone who's interested. (Yah, I know this sounds like an ad, but I didn't plant the original question -- really!) --Steve Bellovin [ A large number of other excellent submissions were received on this topic. Most of them went into a bit more technical detail than I feel is appropriate for the focus of this digest, so I have presented Steve's message as representative of the mail regarding this subject. Other authors pointed out that the reported cost of the AT&T unit is around $1200, and some speculated on the possible limitations of a device interfacing between the handset and the "hybrid" circuitry of the phone, which apparently is the interface mode used by the unit. Phil Karn (karn@servo.qualcomm.com) pointed out that vocoders capable of quality speech at bit rates of 9600 bps do exist, including the chip developed by Qualcomm for their digital cellular system. In short, it appears that the technology required for relatively inexpensive "secure" telephone systems is beginning to appear. Of course, the actual security provided by such systems will depend largely on the algorithms selected and the key distribution methods used. -- MODERATOR ] ------------------------------ Date: Sun, 20 Sep 92 10:14 EDT From: Subject: ANNOUNCEMENT OF NEW JOURNAL ANNOUNCING THE FOUNDING OF IPCT Interpersonal Computing and Technology: An Electronic Journal for the 21st Century IPCT: An Electronic Journal for the 21st Century is based on the following premises: The electronic journal is the wave of the future. By the year 2000, the bulk of information will be exchanged electronically and the nature of print media will have changed drastically. There are, currently, several barriers to the use of electronic journals as outlets for scholarly research. These include: copyright problems, the problem of coordinating with print publication, and especially the validation of the electronic journal as a legitimate outlet for dissemination of scholarly studies, suitable for credit toward promotion and tenure in colleges and universities. IPCT: An Electronic Journal for the 21st Century will attempt to address these three concerns. The first issue of the journal is planned for January, 1993. Depending on the quantity and quality of submissions, the decision will be made as to whether the journal will be issued twice yearly or quarterly. Each journal issue will be the equivalent of 64 print pages. The journal will be coordinated with and issued through the Interpersonal Computing and Technology Discussion List, a list maintained, moderated and operated at Georgetown University. This list will serve as the initial readership. Subscribers to the list will be considered charter subscribers. There will be no charge for the service for the first year. Subscribers will be urged to comment extensively on content and format of the journal. After an experimental year, we will commence library collaboration and may find it necessary to charge for the service. CALL FOR ARTICLES AND PAPERS This is also a formal call for submission of articles for inclusion in the journal. Please submit full length articles (10-20 pages with notes and bibliography) done in APA format on the following topics: Use of electronic networks in the classroom, electronic publishing, use of electronic networks and information exchange, library applications of electronic communication, professional relationships carried on via electronic communication, use of electronic communication in higher education, business, industry and government and related topics. Articles may have a humanistic or social science cast. Technological articles will be considered to the extent that they are intelligible to the bulk of the readers and are not specific to any particular hardware configuration We regret that, at this time, we will be unable to use articles which employ pictures and diagrams and we urge that statistical tables be kept to a mimimum. Our transmission will be in the simplest ASCII format, to make the journal available to greatest number of potential subscribers. We will also consider reviews, approximately eight pages in length, of books relevant to issues of interest to IPCT-L. All articles will be given at least two blind reviews and published articles will be selected by the editors. In our reviewing process, we will conform to the highest standards of reviewing used in the best print journals. Our associate editors (reviewers) will be selected on criteria of editorial experience and status in their field of expertise. SEND ALL ARTICLE AND REVIEW SUBMISSIONS IN ASCII USING A 65 CHARACTER LINE TO; GMP@PSUVM.BITNET or gmp@psuvm.psu.edu (internet). Since the journal will be distributed by IPCT-L, subscription to IPCT-L will be necessary for those desiring copies. TO SUBSCRIBE TO IPCT-L PLEASE FOLLOW THE INSTRUCTIONS BELOW: Send the following one-line message in the body of an email message to LISTSERV@GUVM or LISTSERV@GUVM.GEORGETOWN.EDU SUBCRIBE IPCT-L YOURFIRSTNAME YOURLASTNAME Editor: Gerald M. Phillips, Ph.D. (Professor Emeritus of Speech Communication, Pennsylvania State University) Editorial Board: Zane L. Berge, Ph.D. (Director, Center for Teaching and Technology. Academic Computer Center, Georgetown University Gerald M. Santoro, Ph.D. (Center for Academic Computing, Pennsylvania State University) Managing Editor: Mauri Collins, M.A. (Senior Consultant, Michigan Consultants Group) Associate Editors: Manuel E. Bermudez, Ph.D. (Associate Professor, Computer and Information Sciences, University of Florida) Morton Cotlar, Ph.D. (Professor of Management, University of Hawaii) James A. Danowski, Ph.D. (Associate Professor and Director of Graduate Studies, Department of Communication, University of Illinois at Chicago) Paulo A. Dasilva, Ph.D. (Chairman, Systems and Computation Graduate Program, Military Institute of Engineering, Rio de Janeiro, Brazil) Gordon Dixon, M.Sc., F.B.C.S. (Editor-in-Chief, Literary and Linguistic Computing, The Manchester Metropolitan University, UK) William F. Eadie, Ph.D. (Professor of Speech Communication, California State University, Northridge) Jill Ellsworth, Ph.D. (Assistant Professor, OECD Division, Department of Technology, Southwest Texas State University) Bradley Erlwein, Ph.D. (Research and Development, Zenith Data Systems) Mark Evangelista, B.S. (Telecommunication System Programmer, Georgetown University Allan G. Farman, Ph.D.(Professor, Radiology and Imaging Science Division, University of Louisville) Mark G. Gillingham, Ph.D. (Assistant Professor of Education, Washington State University, Vancouver) Peter Goodyear, Ph.D. (Director, Centre for Studies in Advanced Learning Technology, Lancaster University, UK) Dennis S. Gouran, Ph.D. (Professor of Speech Communication, the Pennsyl- vania State University David Alan Grier, Ph.D. (Assistant Professor of Computer and Information Systems and Director of Honors Education, George Washington University). Thomas S. E. Hilton, Ph.D. (Associate Professor of Business Information Systems and Education, Utah State University) Ken Hirsch, Ph.D. (Professor of Communication Studies, California State University - Sacramento) Alice Horning, Ph.D. (Associate Professor of Rhetoric and Linguistics, Oakland University) Lawrence Johnston, B.A. (Manager, Operations, Office of Telecommuni- cations, Computer, and Information Systems, Pennsylvania State University. Vladimir Klonowski, Ph.D., D.Sc. (Professor of Environmental Science and Engineering, Cracow Institute of Technology) Donald H. Kraft, Ph.D. (Professor, Computer Science, Louisiana State University) Gary L. Kreps, Ph.D. (Professor of Communication Studies, Northern Illinois University Cecelia G. Manrique, Ph.D. (Assistant Professor, Political Science, University of Wisconsin -- LaCrosse) Maurice C. Mitchell, Jr., Ph.D. (Assistant Director, Academic Computing, University and Community College System of Nevada, Las Vegas) Kristine Morrissey, Ph.D. (Curator, Michigan State University Museum) Ann Okerson, MLS (Director, Office of Scientific and Academic Publishing, Association of Research Libraries) David Raitt, Ph.D. (System Engineer, System Design Section, European Space Agency - ESTEC) David E. Sims, Ph.D. (Associate Professor, Veterinary Medicine, Atlantic Veterinary College, University of Prince Edward Island) David L. Schroeder. Ph.D. (Assistant Professor of MIS, Valparaiso University) Gary Lee Stonum, Ph.D. (Professor of English, Case-Western Reserve University Rosalie Wells, Ph.D. (Assistant Faculty and Distance Education Specialist, Centre for Distance Education, Athabaska, Alberta University John W. Wooten, Ph.D. (Educational Technology Coordinator, Oak Ridge National Laboratory) Nancy J. Wyatt, Ph.D. (Associate Professor, Speech Communication, Pennsylvania State University - Delware County Campus) ------------------------------ End of PRIVACY Forum Digest 01.19 ************************