F I D O N E W S -- Vol.10 No.15 (12-Apr-1993)

F I D O N E W S -- Vol.10 No.15 (12-Apr-1993)
+----------------------------+-----------------------------------------+
| A newsletter of the | |
| FidoNet BBS community | Published by: |
| _ | |
| / \ | "FidoNews" BBS |
| /|oo \ | +1-519-570-4176 1:1/23 |
| (_| /_) | |
| _`@/_ \ _ | Editors: |
| | | \ \\ | Sylvia Maxwell 1:221/194 |
| | (*) | \ )) | Donald Tees 1:221/192 |
| |__U__| / \// | Tim Pozar 1:125/555 |
| _//|| _\ / | |
| (_/(_|(____/ | |
| (jm) | Newspapers should have no friends. |
| | -- JOSEPH PULITZER |
+----------------------------+-----------------------------------------+
| Submission address: editors 1:1/23 |
+----------------------------------------------------------------------+
| Internet addresses: |
| |
| Sylvia -- [email protected] |
| Donald -- [email protected] |
| Tim -- [email protected] |
| Both Don & Sylvia (submission address) |
| [email protected] |
+----------------------------------------------------------------------+
| For information, copyrights, article submissions, |
| obtaining copies and other boring but important details, |
| please refer to the end of this file. |
+----------------------------------------------------------------------+
========================================================================
Table of Contents
========================================================================

1. Editorial..................................................... 2
2. Articles...................................................... 2
The Cynic's Sandbox, v2.1BetaTestDoNotDistribute............ 2
The SIP_SURVIVOR Echo....................................... 3
LuxCon/EuroCon '93 announcement............................. 4
Ethical approaches to Postmastering"........................ 8
Alert!...................................................... 19
Caller ID Still Isn't Reliable.............................. 19
New VW echo starting!!!..................................... 21
School Music Echo........................................... 22
FREQ PRIME.ZIP from 1:18/98, 1:18/99, or 6:700/26 for networ 22
3. Fidonews Information.......................................... 23
FidoNews 10-15 Page: 2 12 Apr 1993

========================================================================
Editorial
========================================================================
There is not much of an editorial this week; we have been busy
enjoying ourselves <S>. My son and his other have been sleeping
on the living room floor en route from Vancouver to Moncton by
thumb [maybe 6,000 km]. We have spent lots of hours talking
about the road, and I don't think it has changed much since the
sixties.

We have an extremely interesting article on mail privacy
reprinted by permission of the author. It is a bit longish,
but fascinating reading.

Thank goodness the policy articles seem to have burned
themselves out, 'though caller id lingers on with nothing much
new being said. I would like to read an article that said "I
have caller id because I am a paranoid control freak ... " then
another that said "I want to ban it because my users are
paranoid, and I want them to be comfortable ...".

Anyway, on to the snooze .......................cacti!.

========================================================================
Articles
========================================================================
The Cynic's Sandbox, v2.1BetaTestDoNotDistribute
R. Cynic

Was it March showers bring April flamewars, or the other way around?

Caller*ID: For the man who has nothing to hide.

Ol' Bill "Baldy" Shatner had it right... Get a life! Ever since
this nifty Caller*ID debate came up, people have gotten *SO*
serious. All this talking about MY system and MY privacy and
MY right to know... Tch, tch.

We're getting Caller*ID soon where I live. It should be kinda
funny. I can't wait to be called a fake user 'cause I log on
from a friend's house to get something for him. Ahhh... To be
dumped from a BBS after seeing a polite banner like...

HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER!

You though you could fool ME, didn't you? You stupid hacker.
I hope you burn. I have your phone number, now, and I'll be
calling the police 'cause I got the right to protect MY
computer. Kiss off and die.

HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER!

..Or, in reverse, to get a message from a user...

FidoNews 10-15 Page: 3 12 Apr 1993

From: MAD DEATH 666
To : Sysop
Subj: CALLR ID

DEAR SYSOOP, I HOP THAT U R NOT U-ZING CALLR ID. I THINK THAT
IT A VIOLASION OF MI PRIVASY. DO U HAVE ANY WAREZ?

ALSO, CAN I GET ACESS TO ADULT SEXSHUN?

Of course, Caller*ID does show hope. It's obvious that
computer types are getting serious about security. I think
that the alternate validation methods sure to come into play
will help a lot. I hear that Hayes is introducing a DNA
scanner that plugs right into any Optima modem and allows, for
the first time, TOTAL SYSTEM SECURITY. I'll be looking forward
to that, but I'll probably buy the announced system from US
Robotics which plugs into any dual standard except a Sportster
and operates at twice the speed. Pity they'll be incompatible.
Rockwell is working on a DNA chipset, which will allow low-end
modem vendors to integrate modem, fax, DNA scanning, and
manicure capabilities onto one low-cost board. Should be fun.
It's good to see some security-minded people out there nowadays.

Next week: The policy development kit. Makes FidoNet policy
documents and is still sharp enough to slice through an
aluminum can!

Did I mention, "Fits easily in ANY tacklebox?"

----------------------------------------------------------------------

The SIP_SURVIVOR Echo

Rainbow Warrior
1:130/911.911

The SIP_SURVIVOR Echo

WaZOO ... another echo. Big deal. What interest could yet
another echo hold for me?

In this case, plenty.

SIP_SURVIVOR is an echomail forum dedicated to the discussion of
the issues of survivors of incest and other forms of sexual
abuse, and how to recover from the effects of that abuse using
the Twelve Step model originally outlined in the book
"Alcoholics Anonymous" by Bill W., Dr. Bob, and others.

Most people think of Twelve Step programs in terms of
addictions: alcohol, (Alcoholics Anonymous), other drugs
(Narcotics Anonymous, Cocaine Anonymous, Overeaters Anonymous
[food can be a drug]), and the like. But they don't realize
that the Steps can be applied to recovery from sexual abuse.
And in SIP_SURVIVOR, we discuss how.
FidoNews 10-15 Page: 4 12 Apr 1993

SIP_SURVIVOR is an "open meeting." Anyone who wishes to learn
how the Steps can be used to overcome the effects of incest or
sexual abuse is welcome to participate, even if they are not
themselves a survivor.

Moderator-generated disucssion generally focuses on three
programs: Survivors of Incest Anonymous (SIA), Incest Survivors
Anonymous (ISA), and Incest Victims Anonymous (IVA). If there
are any others, please send netmail and the moderator will be
happy to include 'em.

In compliance with the Sixth Tradition, SIP_SURVIVOR is not
approved by SIA, ISA, IVA, AA, or any other Twelve Step program.
No affiliation or endorsement with any Twelve Step program is
implied or should be inferred.

In compliance with the Eleventh Tradition, handles are
encouraged. You need never use your real name in SIP_SURVIVOR.

Feeds are currently private; we're seeking backbone
distribution. (Send netmail to your REC asking him to support
SIP_SURVIVOR!) If you'd like a feed, contact Barb Murphy at
1:130/911. EVERYONE is welcome to participate. Friends of Bill
will receive a special welcome.

Keep comin' back ...

The Warrior
1:130/911.911

----------------------------------------------------------------------

LuxCon/EuroCon '93 announcement

LUXEMBOURG --- APRIL 5, 1993

We would hereby like to announce LuxCon/EuroCon '93 which will take
place in Remich (just on the German border), Luxembourg between
Friday the 2nd of July and Sunday the 4th of July 1993.

ORGANIZERS

Daniel Gulluni, 2:270/16@fidonet
Joaquim Homrighausen, 2:270/17@fidonet (2:2/1993@fidonet)
Andrew Milner, 2:270/18@fidonet
Josy Minnemeister, 2:270/21@fidonet
Francois Thunus, 2:270/25@fidonet

PLACE OF THE CONFERENCE

The four-star Hotel, HOTEL SAINT NICOLAS, situated on the Mosel
with a splendid view of the river and the many vineyards
surrounding it. SAINT NICOLAS is a Best Western Hotel with every-
thing that is to be expected of a four-star Hotel.
FidoNews 10-15 Page: 5 12 Apr 1993

LANGUAGE

English.

PRELIMINARY PROGRAM

Friday 2/7/93
---------------
1700-2000 Arrival and registration
2000-2200 Friday night welcoming dinner

Saturday 3/7/93
---------------
0800-1000 Breakfast
1000-1230 Product presentations and other sessions.
We intend to run political and technical
tracks comprising 30 to 60 minute
sessions.
1230-1400 Lunch
1400-1800 More political and technical sessions.
2000-2200 Saturday evening dinner and raffle
("lottery").

Sunday 4/7/93
---------------
0800-1000 Breakfast
1000-1200 Checkout from the Hotel
1200-1400 The annual harddisk throwing contest

SPEAKERS AND SPONSORS

> We are currently looking for speakers (political and technical)
> for the sessions and companies to sponsor the prices given away
> during the Saturday evening raffle ("lottery") and the harddisk
> throwing contest.

PROGRAM FOR ACCOMPANYING PERSONS

Several activities are available to those who do not wish to take
part in the sessions. These include a boat ride on the Mosel river,
wine tasting along the Mosel, or simply lying out in the sun
providing the weather is nice :-)

TRAVEL DIRECTIONS

> To be announced as we go along.. watch this space.

Plane
Train
Car

PARTICIPATION FEE

The participation fee is LUF 5500.-, wich covers the sessions,
FidoNews 10-15 Page: 6 12 Apr 1993

conference literature, all meals from Friday evening to Sunday
morning (inclusive), an official LuxCon/EuroCon '93 t-shirt,
two nights in a double room (double occupancy) at the Hotel.

Payment can be made by transferring money to the bank or CCP
(postal giro) account listed below. Please make sure that you
transfer the correct amount (if your bank does not know what LUF
is, tell them to transfer BEF, which is Belgian Francs). You are
responsible for covering all transfer charges. Include your
name, voice telephone number, and FidoNet network address.
Transfers with an insufficient amount or information will not be
honored as a valid registration.

The rooms will be given on a first come, first serve basis (this
is decided upon the arrival of the money transfer should it come
to that). If there are no more rooms available, we will attempt
to find a room in a Hotel nearby, but cannot guarantee this (in
which case your money will, of course, be refunded).

For those who wish to take the economy alternative, there is a
camping ground in Remich (you must still register for the
conference as indicated on the registration form below). The
name of the responsible company is CAMPING EUROPE, telephone
+352 698 018.

REGISTRATION

Print and fill out the registration form and mail it to the below
address BEFORE the 1st of June 1993 (or include it in a NetMail
message to Joaquim Homrighausen on 2:270/17@fidonet). Payment will
be expected to arrive shortly after the registration form has been
received.

Joaquim Homrighausen
389, route d'Arlon
L-8011 Strassen
Luxembourg

Late registration, between June 1st and July 1st 1993, is possible
but carries an additional late-registration fee of LUF 750.- as
indicated below.

PAYMENT

CCP (postal giro)
-----------------
Cheque Postaux
L-1090 Luxembourg

Account #: CCP 108637-94
Joaquim Homrighausen

Bank
----
Banque Generale du Luxembourg
FidoNews 10-15 Page: 7 12 Apr 1993

L-2951 Luxembourg
SWIFT bgll lu ll
Telex 3401 bgl lu

Account #: BGL 30-511818-80-010
Joaquim Homrighausen

REGISTRATION FORM ---- cut here ---- cut here ---- cut here ----

Full name: ______________________________________________

Postal address: __________________________________________

__________________________________________

__________________________________________

Voice phone #: ___________________________

Nationality: ___________________________

eMail address: ___________________________

Accompanying: ______________________________________________

______________________________________________

OPTIONS (check all that apply) COST (LUF)
+---------+--------------------------------------------------+
: : :
: YES : Complete conference package + 5500.- :
: : :
+---------+--------------------------------------------------+
: : :
: ___ : Sharing the room between 3 people - 500.- :
: : :
+---------+--------------------------------------------------+
: : :
: ___ : Single occupancy of room + 1000.- :
: : :
+---------+--------------------------------------------------+
: : :
: ___ : Conference but no meals or Hotel - 3500.- :
: : (includes Saturday lunch) :
: : :
+---------+--------------------------------------------------+
: : :
: ___ : Late registration + 750.- :
: : (1/06/93 - 1/07/93) :
: : :
+---------+--------------------------------------------------+
: : :
: TOTAL : LUF .- :
: : :
+---------+--------------------------------------------------+
FidoNews 10-15 Page: 8 12 Apr 1993

REGISTRATION FORM ---- cut here ---- cut here ---- cut here ----

This file is also file requestable as LUXCON from 2:270/17@fidonet
and 2:270/18@fidonet.

// end of "luxcon.ann"

----------------------------------------------------------------------

Ethical approaches to Postmastering"
Copyright 1990 Pat McGregor all rights reserved.
"Averting One's Eyes -- Ethical approaches to Postmastering"

Author Profile
Pat McGregor
Computing Systems Consultant II
Network Systems Division of Information Technology Division
5115 IST Bldg.
2200 Bonisteel Blvd.
Ann Arbor, MI 48109-2099
(313) 764-9430
[email protected] (Internet)
UserW02V@umichum (BITNET)

Institutional Profile:
Name: The University of Michigan
Location: Ann Arbor, MI
Size:
Students: 36,338 (Fall, 1989 enrollment)
Faculty: 2,882.33 FTE
Staff: 17,573.28 FTE

The Information Technology Division supports over 50,000 users. We
have no way to know how many academics, administrators, and library
users we support, because we have no way to monitor usage at our
over 2000 public workstations. In addition, all the offices on
campus (staff, faculty, and graduate student) and every dorm room
and family housing unit have data ports, of which approximately 60%
are turned on.

ITD Network Systems employs 198 people, both full and part-time.

Abstract

Being an electronic postmaster requires diligence, knowledge of
mailing systems on many mail networks and host operating systems,
and the ability to sit in front of a workstation, trying to
decipher bounced mail headers, for long hours every week.

It also requires that the postmasters be scrupulously ethical about
the confidentiality of the mail that passes in front of them,
despite the fact that sometimes in order to clear up a mail problem
the text of the message comes up on the screen.

FidoNews 10-15 Page: 9 12 Apr 1993

This paper explores some strategies used by campus postmasters on
several campuses, and discusses some relevant issues of security,
ethics, and responsible behavior.

TEXT

When the best way to send information to a colleague was to type it
up, stick it in an envelope and entrust it to a postal carrier, few
people had worries that the contents of that envelope would be seen
by anyone but the intended recipient. "Tampering with the mails"
was a federal offense, and the FBI would come after an offender
with sirens screaming.

Now, when electronic messages containing secret research results,
resumes, corporate business plans, and love letters are flying
around the world, some users have valid concerns about the
confidentiality of their messages. Are they really "confidential"?
Can anything that passes over a phone line be considered secure?
What happens if there is a machine problem, or an incorrect
address, or any of a dozen known mail disasters? Who sees the mail?

As postmasters at the University of Michigan, my colleagues and I
see more than a hundred bounced messages a week. We have no
technological mechanism to keep us from reading the text of these
messages; only our personal ethical systems and a code of
responsibility for postmasters at our site keeps us from reading
the text of users' messages. The question of confidentiality, and
what responsibility postmasters have to keep the contents of mail
confidential, is one that arises in conversation between
postmasters, and in inquiries from users, on a regular basis.

I decided to poll a group of postmasters to see how they felt about
the issue, what guidelines they used, and what responsibility they
felt toward the users' text.

Methodology

Subjects: Sixty-nine people at academic, public, private, and
commercial sites responded to a survey sent to 136 postmasters. I
sent the survey to a list of postmasteres the University of
Michigan postmasters have dealt with in the last year or two, or
who were on a list of postmasters in Michigan. I recognize that
this is by no means a majority of the available postmasters around
the world, but I knew from dealing with most of them on and off
through the past years that they were responsive to mail from other
postmasters and from users. (This in itself may be anomalous, but I
choose to hope not!) I hoped this meant I would get a large return
of my surveys, and I am quite pleased with my 51% return.

Distribution: The survey instrument was distributed and returned by
electronic mail. In one or two instances respondents had questions
about the survey, and these clarification conversations were also
held electronically.

Statistical method: We(1) analyzed the responses to the survey
FidoNews 10-15 Page: 10 12 Apr 1993

statistically with the goal of identifying and describing various
groups and perspectives among the postmasters who responded. The
survey combined closed-ended and open-ended questions; the former
were coded for data entry directly from the survey. I grouped the
open-ended responses to each question into a smaller number of
categories; these categories were then coded as a series of
dichotomous variables. This procedure facilitated later analysis by
accepting any number of responses to a question from each
postmaster who responded. After the data were entered, SPSSx
(Statistical Package for the Social Sciences) was used to generate
frequency and crosstab distributions. SPSSx also includes a
multiple response procedure to facilitate tabulation of responses
when each respondent could make any number of responses. From the
(voluminous) output of these procedures, I could ascertain which
attitudes and behaviors were congruent with a self-description of
"confidential" and which were considered a central focus of
confidentiality less often; these findings are presented in more
detail below.

Who responded to this survey?

The average postmaster who responded is twenty-nine, has worked as
a postmaster for two years, and supports 1500 users. He (only four
of my respondents were female) works on a VMS or Unix machine
that's devoted primarily to academic work, and has a bachelor's
degree.

Postmasters from all sorts of systems responded, including several
from foreign countries: Canada, Ireland, Australia, and Japan. They
ranged in age from twenty-one to fifty-three, and used eighteen
different kinds of machines and operating systems. Only one
respondent had been dealing with electronic mail for over ten
years, while the majority had been in their jobs less than three
years. Eighty percent had at least a college degree, but sixteen
percent had only a high-school education and further on-the-job
training.

Some served as few as ten users, while the highest number of users
was fifty thousand. The systems represented were overwhelmingly
academic: fifty-three academic systems, four commercial, two public
access systems, and four which were research or private use only.

Defining confidentiality

Overwhelmingly, when asked if they had a responsibility to keep
users' mail confidential, the postmasters said "Yes". 94% of those
who responded considered this a prime responsibility. (The other
six percent, who were all on public or commercial systems,
indicated that their users were not supposed to be using the mails
for private or confidential mail, and therefore the postmasters
felt no responsibility to keep the mails confidential.) Some
postmasters felt this was a professional responsibility. Said one,
"Unprofessionalism is the only reason for not respecting user
privacy." Others cited the Electronic Communications Privacy Act of
1986, which requires that system owners keep confidential, under
FidoNews 10-15 Page: 11 12 Apr 1993

penalty of law, the mail messages of users on that system. Some
felt that responsibility for confidentiality went beyond the
message text, and extended to traffic analysis as well. To quote
one postmaster:

Often traffic analysis is as revealing as actual message contents.
One example of this from my own experience came from an affair
between a faculty member and a secretary (both are married, not to
each other). I was perusing the mail logs and noticed a lot of
traffic between these two, and I thought it was a little unusual
since these two would not normally have any job-related reasons for
such extensive communication. About six months later the affair
became common knowledge, and at that point I realized I was
probably the first person to know about their affair.

I have a medical background, and keeping such matters confidential
is second nature to me. Other postmasters without such a background
would do well to examine the medical profession for some lessons on
how to handle confidential material that strays into their path.

To look or not to look -- that is the question

When I began this survey, I was working on the assumption that most
postmasters work as my colleagues and I do: that the text (2) of
the message was not to be read under any circumstances, and that
should we happen to see the text, we forget it immediately and do
not use any information we might gain from the text of the message.

I quickly discovered that we are in the minority.

Most of the postmasters who said mail was confidential also said
there were legitimate reasons to look at the text of messages (48
out of 69, or 78%). By far the most common reason cited was to help
re-direct the message. 53% of the respondents said that they would
read the users' message for clues to help send the message back to
the original sender or on to the intended recipient.(3) Another
common reason was to scan the messages for improper or
inappropriate use of the mails -- 29% look for harassing messages,
illegal transactions, attempts to break into the system, etc.
(Interestingly enough, most of the postmasters who said that they
regularly scan the mails say that they use something like an editor
scan to do this, rather than reading the contents of all the mail
messages themselves. Ten respondents, however, stated categorically
that scanning the mail for any reason was improper.)

Postmasters in this study leave some of the responsibility on the
users, too. "Accidents happen", commented ten in their responses.
One respondent put it succinctly:

Electronic mail is not a secure medium. It's the senders'
responsibility to ensure the privacy of their messages. If they're
not sure of the address they're sending to, they shouldn't put
anything confidential in the text. Anything they don't want seen,
and read, should be encrypted.(4)

FidoNews 10-15 Page: 12 12 Apr 1993

When reading through the postmasters' comments, it was clear that
most of them strongly believe that they act in a manner consistent
with their ethical systems, and that they have given a lot of
thought to confidentiality in mail systems. Confidentiality, it
seems, consists in not looking unless you have to, and if you have
to, treating what you see with respect. Or, as one of our foreign
postmasters said, "... a postmaster is in the same position as a
doctor -- peeking at personal e-mail is rather akin to viewing
inside somebody's underpants -- there MAY be sound reasons for
examining the contents but going out of one's way to do so is a bit
kinky :-)"(5)

Moral Dilemmas

Sometimes what a postmaster sees creates ethical problems. If a
postmaster sees a message in which personal or secret information
is revealed, a postmaster may keep the information confidential but
be troubled by it. Some find themselves in possession of
information which indicates that an illegal transaction or
inappropriate use of the system is going on. Most (65%) of the
postmasters said that if they found information indicating a system
abuse, they would immediately act on it. Their highest
responsibility is to protect the system, and they take that
responsibility very seriously.

Personal information, like the affair that was mentioned above, is
a different matter. Some of the postmasters indicated in their
commentary that they tried to forget such information. Some created
technological barriers for themselves to prevent the viewing of
such information. Most hoped that they never had to make a decision
about dealing with personal information that came into their
possession.(6)

Another dilemma for postmasters comes when they have permission to
read the contents of users' mailboxes by virtue of their position.
Fifty-three of our postmasters (77%) have privileged access. (It
was in asking this question that we discovered how many hats most
postmasters wear. Twenty-nine of them mentioned that they are also
system administrators, and have unlimited access to any system file
by virtue of that position. The others have unlimited access merely
to accomplish their postmaster responsibilities.) However, in
comparing the folks who believed there were good reasons to look in
users' mailboxes against those who had access, only eight
postmasters (less than half of those who believe in regularly
scanning mail) believed this access should be regularly used.

Technical fixes

Technical fixes were also not common for general prevention against
seeing text. Less than one-quarter of the respondents considered
themselves to have a technological barrier to seeing the users'
text. Only 25% of those who had a technical fix had a hard fix
(that is, one which they had to exert special privileges or change
code in order to see the message text): 19% used a filter which
kept the text out of reach, and 6% encrypted the message text,
FidoNews 10-15 Page: 13 12 Apr 1993

leaving only the headers in the clear.

The others who considered themselves to have a technological fix
were split half and half on a honor system where they only looked
at bounced messages which couldn't get back to the sender or on to
the recipient(7), or only read spool or file headers.

"I close my eyes"

By far the largest number of postmasters did not feel they had a
technological barrier to seeing mail. Of those folks (80% of the
total respondents), the three most common methods mentioned(8) as
ways they avoided looking at text were to look away (45%), adjust
the windowing on their screens to exclude the text (or attention
out before the text scrolled by) (17%), or to ask the user's
permission if it was impossible to fix the problem without reading
the text (9%). (Interestingly enough, of those folks who said they
wanted the user's permission before they went poking around in a
mailbox, only two would use that permission even if they had it.)

It was in asking about methods postmasters used to keep themselves
from seeing users' text that the strongest statements about
confidentiality and ethical behavior came out. As one of postmaster
said, when asked the method he used:

Self-restraint. The same thing that keeps me from performing most
other unethical acts. Given my level of technical expertise, I do
not regard "security systems" as any sort of deterrent.

It's worth noting here that a large percentage (68%) of the
respondents mentioned that they were simply too swamped with work
to bother reading other people's mail, even if they were inclined
to do so.

Harassment, obscenity, and other inappropriate mail

Unfortunately, as the telephone companies have discovered, some
people want to use this marvelous new medium as a playground, or as
a method of inflicting pain on another person. Electronic mail is a
perfect opportunity to send harassing, obscene, or otherwise
inappropriate messages to another person.

While postmasters generally have given a lot of thought to their
philosophies concerning what to do about user text, they are less
certain about incidences of inappropriate mail. Seventeen of our
postmasters (25% of the total) believe that there has never been
such an incident at their site. (I confess, I'm inclined to believe
that they simply don't know about it. In our experience, users will
wait a long time without reporting harassment or obscene mail
unless it's widely known that they have a resource for this
situation. When we began advertising that there was a special
office for handling these problems, reporting went up.)

Some of them don't handle cases of inappropriate mail (29%). Of
those who don't handle it themselves, four pass cases along to
FidoNews 10-15 Page: 14 12 Apr 1993

campus security or the local police, and twenty-two let some other
administrator handle it.

A clear division of philosophy showed in deciding what to do about
abusive or inappropriate mail when it happened. When asked whether
they would wait for complaints or pursue a situation if they
stumbled across one, 59% said they would wait for complaints, 23%
said they would pursue it, and 10% said they would have to make a
case-by-case determination.

By and large, the largest group were those who would wait for
complaints. "One person's harassment is another's amusement" was a
frequently expressed sentiment (41%). However, there were some
cases where postmasters felt obliged to step in, as in this
comment:

Material of a libelous nature, for example, is permissible in a
private communication... Certain material is not permissible ....
Child pornography is a good example of this. The Supreme Court just
ruled that private possession of such material is illegal (as
opposed to distributing it, which has been illegal for quite some
time). Although I have never encountered such material, if I
happened to find some in the course of my duties as postmaster I
would have to contact the person responsible and ask them to remove
it from the system. Failure to do so would make me (and the
institution I work for) liable in any subsequent prosecution of the
people involved.

Other reasons for pursuing a problem that dropped into one's lap
were system abuses (such as chain letters, attempts to break into
the system or propagate virii or worms) or mail that came from
another system. Off-site mail would, generally, be referred back to
a postmaster at the originating site.

"Mail is mail"

Mailing lists(9) and newsgroups constitute a large part of the
traffic on the network. Except for the case of usenet news, which
is read with a special program, mailing lists are indistinguishable
from most other mail messages.

Because of mailing lists' public nature, I wondered how postmasters
at other site regarded mailing list messages in terms of
confidentiality.

When asked if they considered mailing list mail in the same class
as "regular" electronic mail, 42% said no. Of those folks who gave
reasons for this answer, sixteen said that mailing list messages
were intended for public distribution and thus not intended to be
confidential or private. Twelve folks compared public mailing lists
to junk mail or newspapers.

The 56% who said "yes" indicated that they considered mailing lists
like any other mail in terms of a need for confidentiality and
respect for users' privacy. Sixteen felt this way because some
FidoNews 10-15 Page: 15 12 Apr 1993

lists have restricted access and fourteen commented on the
politically or personally sensitive contents of some mailing list
discussions. Eleven postmasters felt that the identities of people
who subscribed to mailing lists should be kept confidential,
because of the personality or interest profile that could be
inferred from a complete compilation of the sorts of lists a user
subscribed to. Postmasters were sensitive to this:

Although ostensibly anyone can get access to the same info by
joining the list, membership itself on some lists may be considered
sensitive. For instance, there is a gay-oriented list which one of
my faculty members subscribed to, and the messages all began
bouncing to the postmaster when he incorrectly set a forwarding
address. This person may or may not care who knows about his
subscription, but I can see where he might consider it sensitive
information.

Written ethics guidelines As networking constitutes a greater part
of our lives, more and more personal information is loose on the
nets. Codes of postmaster behavior, once handed down from guru to
guru, may now need to be more formalized. Access to personal
material is more prevalent, and mail is particularly susceptible to
invisible monitoring.

As one postmaster said: No byte of information in any computer
system is immune to the knowledgeable systems programmer. The point
here is that you can tell if your letter from Grandma has been
opened, but you cannot tell if your electronic mail message has.
This makes snooping easier and more prevalent by default. 83% of
the respondents said they didn't have a written code of ethics for
postmasters. Reasons given for why there was no policy varied
across the board: 23% felt they didn't need such a thing, either
because they wouldn't hire someone as a postmaster/system employee
who wouldn't behave ethically or because postmaster ethics were
common knowledge. 6% had orientation sessions in which postmaster
ethics were discussed. 4% felt written policies of any sort were A
Bad Idea. However, 15% of the total respondents wished there was a
written policy, to help orient and train new postmasters or to
cover gray areas. One quarter of those who had written policies
felt that their general systems or employee policies covered
postmasters as well as users. Two postmasters (both from religious
private schools) indicated that Christian ethics covered the
situation, and that they relied upon the Bible as a written policy
for all occasions.

Several postmasters commented that since the passage of the ECPA
(10) in 1986, their sites have modified their systems use policies
to include specifically use and misuse of mail.

Major exceptions

It's worth noting that commercial systems and public access systems
had substantially differing views of user privacy with respect to
mail than did academic systems. Of those who responded, nearly 10%
were commercial or public access. The public access hosts were
FidoNews 10-15 Page: 16 12 Apr 1993

extremely sensitive to their liability should illicit activities
take place on their hosts. One public access "sysop" explained his
approach to confidentiality this way:

The mail on [this system] is specifically disclaimed from ECPA
privacy in light of the fact that I operate a BBS on the machine
and have no wish to have the authorities come seize the machine if
some user does something illegal. Even so, I tend to preserve the
confidence of information gleaned from mail that has to be seen. I
have an automatic process that scans the mail daily for particular
keywords and phrases that would indicate that phreaks or crackers
are communicating via my system. If there is a suspicious item, a
copy is pulled for closer inspection. So far, I have only has to
read mail to/from one pair of users and it turned out that they had
misrepresented themselves and were kicked off the system

Commercial systems were equally cautious. One postmaster who works
for a company which reputedly screens its employees tightly for
ethical and moral fiber had this to say:

Attached you will find your mail survey. Some of the questions are
rather interesting. [Our company] doesn't appear to have similar
problems with ethics as do some of the universities. It probably
has do with the fact that employees are screened before they are
hired to ensure that their ethics fall in line with the companies.
Unfortunately, universities don't have such luxury.

In the questionnaire, I mention that there aren't any formal
policies regarding email. I believe that email would be covered
under the terms of employment, which also specify acceptable ethics
behavior. If somebody was foolish enough to use a corporate asset
to harass somebody, or cause harm or interruption of service due to
"hacking", then they probably would be terminated.

Demographic Differences

I asked a number of demographic questions, intended to see if we
could distinguish behaviors of philosophies based on age, gender,
number of years as a postmaster, systems or software used, or
number of users served. No major discrepancies in behavior turned
up. It's possible that our statistical "universe" was too small to
differentiate such behavior trends. It's also possible that
postmasters all tend to behave in an ethically consistent manner,
despite the demographic differences.

"Satisfaction guaranteed"

Processing this survey has been a learning experience, and not just
because of learning to handle statistical analysis.

My expectations of postmasters have been largely met -- I had hoped
to discover that the electronic information transfer medium was
watched over by folks who would respect my privacy within the
constraints of the technology, and I have not been disappointed.

FidoNews 10-15 Page: 17 12 Apr 1993

I was surprised to see that there was no appreciable difference in
approaches to ethical behavior among systems: some operating
systems, such as Unix (tm), have a reputation for attracting
mavericks; and some mail networks, such as BITNET, have extremely
tight codes for appropriate behaviors. I was pleased to see that
postmasters across the board regarded privacy and confidentiality
as important, and would work to protect the system and the users'
privacy equally.

I would have liked to have seen more women as postmasters. Here at
The University of Michigan, 50% of the postmasters and a large
minority of the mail programmers are women. I hope that my sample
is not representative of the larger whole, and that more than 12%
of postmasters are women. (It's possible that many of the people
who didn't respond to the question about gender were women. I have
no way to tell.)

On the whole, I think our users can be generally reassured that the
electronic postmasters in their lives are concerned about the
integrity of the mail system, both in terms of system security and
user privacy. As electronic mail becomes a more prevalent method of
communications (for both convenience, economic, and ecological
reasons), it's nice to know that the tradition of confidentiality
that we have grown to expect from our paper mail postmasters has
been carried over into the electronic world.
----------------------------------------------------------
Footnotes

(1) Erna-Lynne Bogue, a doctoral candidate in Social Work at the
University of Michigan, and a SPSSx consultant, did all the SPSSx
programming. She also taught me how to interpret the results,
helped me pinpoint places to explore further, and encouraged me to
learn a great deal about statistics while doing this project.

(2) "Text" in this paper is defined to be the content of the
message; the information that the user is transmitting.

(3) Postmasters sometimes see messages in which the headers have
been so thoroughly mangled that the origins are completely
mysterious. For this reason, by the way, it's a good idea to
include your name and electronic mail address at the end of your
message, so that your recipient will know what you think your
address is in case of problems.

(4) Or, as another put it, "Users put the most astonishing things
in electronic mail, and assume that nobody will ever see it. It
never fails to amaze me the things that people say to each other
over electronic mail that they probably don't say to each other in
the bedroom."

(5) For those of you who may be unfamiliar with the "smiley face"
in electronic communications, turn the page sideways. The ) is a
mouth.

(6) One anecdote is particularly telling. To quote the respondent:
FidoNews 10-15 Page: 18 12 Apr 1993

[The story starts with a description of a bug in a mailer that left
a number of messages in the postmaster's queue. The respondent
describes his usual practice of reading only the first 30 lines,
since usually those 30 lines are only header material.]

One of the dead items originated locally. Hence, it had
comparatively few headers, and [the first 30 lines] took care of
all the headers and showed me the body as well. It was from one of
my co-workers, written to a friend with whom I also work
professionally on the side from time to time. Although I didn't
intend to read it, certain words caught my eye without really
looking deliberately, and it became immediately obvious that my
co-worker and this friend were having an affair.

To say that this made me uncomfortable is to put the matter most
mildly. My co-worker is married and the co-worker's spouse is also
an acquaintance of mine. And I have a little (but not much)
professional contact with the spouse as well. It was clear that the
co-worker had not informed the spouse of the matter.

The friend is also married and the friend's spouse was not aware,
either. I have to work with my co-worker and frequently I am in a
position where I can't really afford not to work with the friend.

Now, whether two people want to carry on an affair with one another
is mostly their own business. Whether I agree with it or not is
almost entirely irrelevant, especially considering that my beliefs
do not coincide with my friend's and my co-worker's anyway. But now
I was in a position where a co-worker whom I trusted was violating
the spouse's trust. And likewise for the friend and the friend's
spouse. It became obvious to me in rather short order that it was
going to be difficult to work with either of them, knowing the lack
of trust being shown to their respective spouses.

After some considerable internal warring against myself over what
to do, I approached my co-worker, explained what I'd learned and
the (innocent) circumstances by which I'd learned it, and said that
I thought there were 3 things that could be done. The two of them
could break off the relationship; they could tell their spouses
about it and (I suppose) get the spouses' approval for them to
continue; or I could resign. There wasn't really any way I could
see myself continuing to work with people that I had to trust in
order to get work done, while knowing this violation of trust was
going on. And I don't think I really cared which way the matter
went.

As it happened, they broke off the relationship. Whether spouses
were told about the matter, I can't say.

I have since written a small tool which looks at this type of dead
letter to show me JUST the headers.

(7) One postmaster called these trapped messages "bounce-o-grams".

FidoNews 10-15 Page: 19 12 Apr 1993

(8) Not all respondents made comments, of course, which is why
sometimes the numbers in these sections dealing with commentary
don't always add up.

(9) "Mailing lists" are defined for the purposes of this paper to
be public or semi-public lists or digests, such as Info-IBMPC,
INTER-L, or other such public discussions. Private mailing lists,
such as those created by individual users and which are not open
for the public to join, are not included.

(10) Electronic Communications Privacy Act.

----------------------------------------------------------------------

Alert!
By: Stanton McCandlish

Dear editor, please publish this little note prominently and
save people a lot of money!

NOTICE: 1:301/2 is NOT the support board for the Scrabble door,
and has not been for years! That guy moved. Stop wasting money
sending me netmail about it, eh. Within about a month I WILL
have this door abvailble by FREQ, since it is unlikely that
people will stop try to FREQ it for a few years. FREQ
SCRABBLE.ZIP.

Thanks!

----------------------------------------------------------------------

Caller ID Still Isn't Reliable
Jack Decker
Fidonet 1:154/8

CALLER ID STILL ISN'T RELIABLE

After reading the debate over Caller ID that has been raging in the
last few issues, I have to wonder if anyone stopped to notice the
point that Caller ID is NOT yet reliable. Specifically, it is quite
possible for a call to come in indicating that the calling number has
been blocked by the caller, when in fact the caller has done no such
thing. In my previous article on the subject, I pointed out how ALL
calls from certain exchanges in California were being shown as
"blocked" on displays in other states (Caller ID isn't being made
available in California itself), in what some feel is a blatent
attempt by Pac*Bell to get customers to complain to the California
Public Utilities Commission (when their calls to other states won't
go through), in the hope that the California PUC will drop their
insistance that unlisted calling numbers be blocked by default. The
speculation here is that the erroneous display is intentional; that
is, that Pac*Bell knows that their CUSTOMER never intended to block
display of his number, but that Pac*Bell itself chooses to present
the "blocked" message in an attempt to gain political leverage with
the PUC.
FidoNews 10-15 Page: 20 12 Apr 1993

However, there is a saying that one should never attribute to malice
what can be adequately explained by stupidity... and thus we bring
you this report from New York, courtesy of a reader of the Internet
Telecom Digest (also known as the comp.dcom.telecom moderated
newsgroup):

Date: Sun, 4 Apr 1993 20:48:22 GMT
From: [email protected] (James Gleick)
Newsgroups: comp.dcom.telecom
Subject: Re: Block-the-Blocker CallerID Feature
Message-ID: <[email protected]>
Organization: PANIX Public Access Unix, NYC
Sender: [email protected]

In <[email protected]> [email protected] (Dan
Danz) writes:

> ... this little sucker (when enabled) will say "This party will not
> accept blocked calls" and disconnect. It also records the fact that
> it received and blocked the call.

In New York, where Caller ID is being implemented, slowly, Nynex has
provided the following peculiarity. If you get a call from an
exchange that will *soon* have Caller ID enabled, but doesn't yet, it
shows up as Blocked, not as Out of Area.

Explanation? The switching equipment is now capable of passing the
CLID information along, but the caller has not yet had the
opportunity to select the blocking option. So the phone company has
decided to mark *all* calls as blocked.

(Their explanation, not mine.)

If I had the equipment you describe, I wouldn't be receiving any
local calls for a while.

[End of forwarded message from the Telecom Digest]

By way of explanation, the device originally mentioned in the quoted
section of the above message apparently does for voice calls what
some Fidonet sysops want to do on data calls, that is, it prevents
calls from "blocked" numbers from ever getting through. The point
that needs to be emphasized repeatedly is that Caller ID technology
IS NOT YET RELIABLE. In some cases calls WILL show up indicating
that the caller has blocked transmission of his or her number, when
in fact the caller has done no such thing (and may not even be aware
of what Caller ID is!).

It seems that those who want to argue in favor of using Caller ID
exclusively for verification want to completely ignore this point.
It reminds me of the folks who will argue that cellular telephone
conversations are now secure (in the United States) because the law
says that folks can't legally listen to them, completely ignoring the
fact that there are still thousands of scanners out there capable of
FidoNews 10-15 Page: 21 12 Apr 1993

receiving the cellular frequencies. You would think that folks who
work with a technology would want to be aware of the limitations of
that technology, but I guess it's more convenient to ignore flaws in
the system (at least until they adversely affect you personally).

Again, I am not saying that you shouldn't use Caller ID as ONE method
of verification. All I am saying is that a call comes in as
"blocked", you might want to at least assume that it could be some
hapless soul calling who has no idea that the phone company is
telling you that he has blocked the display of his phone number, and
provide some alternate method of access. Even a one-screen display
explaining the situation and inviting the person to call the sysop on
a voice line (or to send a letter of explanation) would be nicer than
just assuming it's some twit trying to be anonymous, or trying to
crash your system.

Sometimes sysops (and even programmers) just get too smart for their
own good (or at least their callers' good). I recall when the
original Opus BBS software rejected any city name with less than four
characters, presumably under the theory that any real city name was
at least four characters long. Of course, this caused nothing but
trouble for callers from Ada, Michigan (suburb of Grand Rapids and
home of the Amway Corporation). It's bad enough to be discriminated
against by humans for no fault of your own, but when computers start
doing it, it can be really maddening. Please use the new technology
wisely, and realize that it ain't perfect yet!

----------------------------------------------------------------------

New VW echo starting!!!
Andy Heckel
Fido 1:203/15

After hooking up to the Fido echo AUTOMOTIVE, I've started to see
others like myself interested in a specific manufacturer echo. Since
I am a VW nut, I figured I may as well jump on the bandwagon, take
the reins, and go for it, (kinda like jumping head first into an empty
pool). So, this is to announce the newest, (as of this moment), Fido
echo, VOLKS. If you would like to add this echo to your BBS, send me
netmail at 1:203/15, and I'll set you up. Hopefully, this may
eventually make it on to the backbone, if there is enough demand for
it. So help out and if you love your VW as much as I do, areafix it
today!!!
FidoNews 10-15 Page: 22 12 Apr 1993

School Music Echo

by Ian Levstein 1:249/121
Areatag: ORCHESTRA

Although there are many FidoNet echoes dealing with music, there
is a serious lack of information concerning school music. To that
end, several of us have put together an echo specifically dealing
with all aspects of school music - concert band, orchestra, choir,
marching band, and other such groupings. We also discuss other
aspects of music such as: film scores, community and professional
orchestras, conductors, and the like.

This echo began a number of months ago and at present has about a
dozen nodes attached covering Southern Ontario to Texas and points
in between. We would like to see this echo grow and hopefully
get backboned at some point in the future.

If you are interested in receiving this echo, please netmail any of
these persons - we deliver at v32b!

Ian Levstein 1:249/121 (Kingston, Ontario)
John Rappold 1:279/30 (Huntington, WV)
Tony White 1:124/5117 (Dallas, TX)

As Nietzsche said: Life without music would be a mistake.

----------------------------------------------------------------------

The HOLY_BIBLE Echo and the PRIME Network
Steve Winter
FidoNet 1:18/98

Please spread this info around. Thanks!!

***************************************************************
* __________ __________ ___ ________ *
* | | | | | |\ /| | *
* | | | | | | \ / | | *
* |________| |________| | | \ / | |______ *
* | | \ | | \/ | | *
* | | \ | | | | *
* | | \ | | | | *
* | | \ _|_ | | |_______ *
* *
* 'The sun never sets on the PRIME network' *
***************************************************************
* PreRapture(tm) International Message Exchange *
***************************************************************
With nodes in USA, CANADA, EUROPE, ASIA, and growing.

PRIME is the Only True Christian worldwide network on earth.
* Both Religious (Christian) and non-religious conferences. *
FidoNews 10-15 Page: 23 12 Apr 1993

A wholesome, family oriented network with a strict policy
against profanity, lewdness, obscenity etc..
Features echos on educational and technical topics.
* Elaborate Bible Discussion and Debate * False Preachers Exposed *
919-286-3962 * 919-286-3606 * 919-286-3266 * 919-286-2100
Using USRobotics Dual Standard Modems V.32bis-14,400 / HST-16800bps
FREQ PRIME.ZIP from 1:18/98, 1:18/99, or 6:700/26 for network kit *

-={ HOLY_BIBLE Echo Conference }=-
Available through the PRIME Network and
on the FidoNet Zone 1 and Zone 2 Backbone
* The only true Christian Conference in FidoNet *

********
Acts 2:38 *++++++* John 3:5
*+ ** +*
**************+ ** +*************
*+++++++++++ ++++++++++*
*+ ******* HOLY_BIBLE ****** +*
*+++++++++++ ++++++++++*
**************+ ** +*************
*+ ** +*
Gal 1:8 *+ ** +* Mark 12:29
*+ ** +*
I Tim 3:16 *+ ** +* Acts 2:4
*+ ** +*
Isa 45:21 *+ ** +* Mark 16:16
*+ ** +*
Acts 10:46 *++++++* Acts 19:5
********
Hebrews 5:9 Acts 22:16 James 1:22

HOLY_BIBLE (C)Copyright 1988-93 Steve Winter,
All rights reserved worldwide (with contributers
retaining all rights to their contributions)
A very strict conference designed to expose fakes!

----------------------------------------------------------------------

========================================================================
Fidonews Information
========================================================================

------- FIDONEWS MASTHEAD AND CONTACT INFORMATION ----------------

Editors: Sylvia Maxwell, Donald Tees, Tim Pozar
Editors Emeritii: Thom Henderson, Dale Lovell, Vince Perriello,
Tom Jennings

IMPORTANT NOTE: The FidoNet address of the FidoNews BBS has been
changed!!! Please make a note of this.

"FidoNews" BBS
FidoNet 1:1/23 <---- NEW ADDRESS!!!!
BBS +1-519-570-4176, 300/1200/2400/14200/V.32bis/HST(DS)
FidoNews 10-15 Page: 24 12 Apr 1993

Internet addresses:
Don & Sylvia (submission address)
[email protected]

Sylvia -- [email protected]
Donald -- [email protected]
Tim -- [email protected]

(Postal Service mailing address) (have extreme patience)
FidoNews
172 Duke St. E.
Kitchener, Ontario
Canada
N2H 1A7

Published weekly by and for the members of the FidoNet international
amateur electronic mail system. It is a compilation of individual
articles contributed by their authors or their authorized agents. The
contribution of articles to this compilation does not diminish the
rights of the authors. Opinions expressed in these articles are those
of the authors and not necessarily those of FidoNews.

Authors retain copyright on individual works; otherwise FidoNews is
copyright 1993 Sylvia Maxwell. All rights reserved. Duplication and/or
distribution permitted for noncommercial purposes only. For use in
other circumstances, please contact the original authors, or FidoNews
(we're easy).

OBTAINING COPIES: The-most-recent-issue-ONLY of FidoNews in electronic
form may be obtained from the FidoNews BBS via manual download or
Wazoo FileRequest, or from various sites in the FidoNet and Internet.
PRINTED COPIES may be obtained from Fido Software for $10.00US each
PostPaid First Class within North America, or $13.00US elsewhere,
mailed Air Mail. (US funds drawn upon a US bank only.)

BACK ISSUES: Available from FidoNet nodes 1:102/138, 1:216/21,
1:125/1212, (and probably others), via filerequest or download
(consult a recent nodelist for phone numbers).

A very nice index to the Tables of Contents to all FidoNews volumes
can be filerequested from 1:396/1 or 1:216/21. The name(s) to request
are FNEWSxTC.ZIP, where 'x' is the volume number; 1=1984, 2=1985...
through 8=1991.

INTERNET USERS: FidoNews is available via FTP from ftp.ieee.org, in
directory ~ftp/pub/fidonet/fidonews. If you have questions regarding
FidoNet, please direct them to [email protected], not the
FidoNews BBS. (Be kind and patient; David Deitch is generously
volunteering to handle FidoNet/Internet questions.)

SUBMISSIONS: You are encouraged to submit articles for publication in
FidoNews. Article submission requirements are contained in the file
ARTSPEC.DOC, available from the FidoNews BBS, or Wazoo filerequestable
from 1:1/23 as file "ARTSPEC.DOC". Please read it.
FidoNews 10-15 Page: 25 12 Apr 1993

"Fido", "FidoNet" and the dog-with-diskette are U.S. registered
trademarks of Tom Jennings, Box 77731, San Francisco CA 94107, USA and
are used with permission.

Asked what he thought of Western civilization,
M.K. Gandhi said, "I think it would be an excellent idea".
-- END
----------------------------------------------------------------------