Subject: RISKS DIGEST 16.45
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Monday 10 October 1994 Volume 16 : Issue 45
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents: [Only issue this week.]
Anonymity and the Stock Markets... (Peter Wayner)
ICL loses 1.3m pounds poll-tax case (Jonathan Bowen)
AOL sells its subscriber list (David L. Gehrt)
Twins out of luck in Brazil (Debora Weber-Wulff)
Confidential information passed on (Nik Clayton)
Privacy Digests -- and Digital Telephony (PGN)
CFP for CFP'95 (Computers, Freedom, and Privacy) (Carey Heckman)
CALL for PAPERS: EUROCRYPT '95 (Jean-Jacques Quisquater)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Fri, 7 Oct 1994 22:59:20 -0500
From:
[email protected] (Peter Wayner)
Subject: Anonymity and the Stock Markets...
People embroiled in the debate over anonymity on the networks might want to
check out an article entitled "Reuter's Instinet is Biting Off Chunks of
Nasdaq's Territory" in October 4th edition of the Wall Street Journal (p. C1).
The article doesn't deal directly with anonymity-- it just charts the success
of Reuter's Instinet, a computer network that matches up buyers and sellers of
large blocks of stock. The article mentions that many clients selling large
blocks of stock turn to the Instinet because it is anonymous. It's main
competitors are not. It reads, "Large investors, who wish to keep their long
or short positions confidential, especially want to avoid tipping other
investors off about their bets in the volatile, mostly small-capitalization
over-the-counter market."
Ideally, this feature allows the market to be more efficient and more fair.
People who just happen to be selling, say, Apple Computer Company stock to
say, Motorola, won't be able to use their casually acquired knowledge. (Just a
hypothetical example.) Another chance for "insider" like trading is gone.
This anonymity, though, is almost certainly not absolute. The SEC would
probably be able to unwind the trades if they needed to do so. But I'm just
guessing about this.
------------------------------
Date: Mon, 10 Oct 94 09:58:46 BST
From:
[email protected]
Subject: ICL loses 1.3m pounds poll-tax case
Front page news in "Computing", 6 October 1994:
Headline: ICL loses 1.3m pounds poll tax case
In a landmark award, St Albans City Council has won a 1.3m pounds High Court
judgement against ICL for supplying flawed poll tax software, precipitating a
flood of similar claims against the supplier. Monday's judgement has
industry-wide implications because the judge in the case, Mr Justice Scott
Baker, ruled that a clause in ICL's standard contract limiting the supplier's
liability if problems arose did not apply under the Unfair Contract Terms Act
1977.
Notes:
1. "Computing" is a UK computing industry weekly newspaper.
2. ICL is a Japanese owned UK based computer company.
3. 1.3m UK pounds is approximately $2 US million.
4. The "poll tax" was the abortive uniform local tax on individuals
introduced by the Conservative government under Mrs Thatcher,
but now replaced due to public resistance.
Jonathan Bowen, Oxford University Computing Laboratory, Programming Research,
Wolfson Building, Parks Road, Oxford OX1 3QD UK
[email protected]
------------------------------
Date: Wed, 05 Oct 1994 10:03:16 -0700
From: "David L. Gehrt - RIACS" <
[email protected]>
Subject: AOL sells its subscriber list
On the front page of the buiness section of the San Jose Mercury today (5 Oct
1994) is an article describing one of the most egregious privacy violations I
have heard of. America Online, described in the article as the fastest
growing on-line service providers, has or appears to be ready to peddle
subscriber information. The kind of information by AOL collected upon sign up
is (IMHO) excessive. My wife signed up and I nearly told her to find another
service provider and if she had known about the possibility that the info
would be sold I am sure that she would have not signed up.
According to the article the information which might be included in the sale
of AOL subscriber info includes: "...name, gender, address, income, family,
type of computer equipment, and payments to the company."
My hope is that other subscribers will rise up in anger and convince AOL that
this invasion of their privacy will cost them more $$$ in lost subscribers
than they can hope to gain via the sale of the info.
David L. Gehrt
------------------------------
Date: 5 Oct 1994 15:42:41 GMT
From:
[email protected] (Prof Weber-Wulff)
Subject: Twins out of luck in Brazil
The German daily newspaper "Tagespiegel" notes this past weekend that for any
set of twins (or triplets, etc.), in Brazil, only one may register to vote for
the upcoming election. Seems the unique key for the voter registration form
consists of the names of the parents and the birthdate. It was noted that the
problem could not be corrected in time for the election, presumably there will
a number of people contesting the election.
Debora Weber-Wulff, Technische Fachhochschule Berlin, FB Informatik,
Luxemburger Str. 10, 13353 Berlin, Germany email:
[email protected]
------------------------------
Date: Wed, 28 Sep 94 12:57:09 +0100
From: Nik Clayton <
[email protected]>
Subject: Confidential information passed on
"Watchdog", a consumer affairs television program shown on the BBC, Monday
26th September, reported on the experiences of a customer of Dixons (a
computer and other electrical goods retailer). The customer had bought a PC
from them, and had used it extensively, writing letters, doing business and
accounts and so on. The PC started to malfunction, the symptoms being wrong
characters generated by the keyboard. For example, "w" translated to an "f"
and so on.
Dixons said that they couldn't fix it, but would charge UKP 250 for an upgrade
to a new machine. The customer agreed to this, and told them, before he gave
the computer back, that he had confidential information stored on it, and
would they remove it for him. Dixons agreed to this. 6 months later, he
received a phone call from a family who had purchased his old computer from
Dixons, saying that they had found his data still on the computer.
RISKS: Obviously, the retention of the data is a large risk. But in
addition, I think there are several others. Most obvious is the fact
that the customer, while storing important information on the machine
had made no efforts to make it secure. The situation could have been
much worse if the computer had been stolen, or if his children had
access to the data to change it.
Other risks include believing what the retailer tells you. We weren't
told any more technical information about the problem with the machine,
but it looked very much as though either the keyboard was faulty, or,
more likely, that one of the keyboard drivers had become corrupted.
Certainly not something that should UKP 250 to fix.
Also, the second owners of the machine believed that what they were
getting was brand new, with the caveat that it had been used a display
machine. Obviously, it wasn't. But even if it had been a display machine,
it should be a trivial matter to walk into one of the stores and put a
virus on many of the machines available. This could cause havoc for
first time buyers.
Nik
------------------------------
Date: Mon, 10 Oct 94 09:00:10 EDT
From:
[email protected] (Peter G. Neumann)
Subject: Privacy Digests -- and Digital Telephony
Periodically I remind you of TWO useful digests related to privacy, both of
which are siphoning off some of the material that would otherwise appear in
RISKS, but which should be read by those of you vitally interested in privacy
problems. RISKS continues to carry general discussions in which risks to
privacy are a concern. The most recent issues of PFD and CPD include
extensive material on the newly passed Digital Telephony Bill that now awaits
Presidential signature. Because the of the extraordinary volume of that
material, we do not attempt to cover the issues here. If you are seriously
interested in the discussions on privacy, I recommend you try BOTH digests for
a while (free trial subscriptions are terrific, but especially when the
long-term subscriptions are also free AND, perhaps more important, you don't
wind up on anyone ELSE's mailing list!).
* The PRIVACY Forum Digest (PFD) is run by Lauren Weinstein. He manages it as
a rather selectively moderated digest, somewhat akin to RISKS; it spans the
full range of both technological and non-technological privacy-related issues
(with an emphasis on the former). For information regarding the PRIVACY
Forum, please send the exact line:
information privacy
as the BODY of a message to "
[email protected]"; you will receive
a response from an automated listserv system. To submit contributions,
send to "
[email protected]".
* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
run by Leonard P. Levine. It is gatewayed to the USENET newsgroup
comp.society.privacy. It is a relatively open (i.e., less tightly moderated)
forum, and was established to provide a forum for discussion on the
effect of technology on privacy. All too often technology is way ahead of
the law and society as it presents us with new devices and applications.
Technology can enhance and detract from privacy. Submissions should go to
[email protected] and administrative requests to
[email protected].
There is clearly much potential for overlap between the two digests, although
contributions tend not to appear in both places. If you are very short of time
and can scan only one, you might want to try the former. If you are interested
in ongoing detailed discussions, try the latter. Otherwise, it may well be
appropriate for you to read both, depending on the strength of your interests
and time available.
PGN
------------------------------
Date: Thu, 6 Oct 1994 06:12:05 -0700 (PDT)
From: Carey Heckman <
[email protected]>
Subject: CFP for CFP'95! (Computers, Freedom, and Privacy)
Call for Participation - CFP'95
The Fifth Conference on Computers, Freedom and Privacy
Sponsored by the ACM SIGCOMM, SIGCAS, SIGSAC and Stanford Law School
28 - 31 March 1995
San Francisco Airport Marriott Hotel, Burlingame, California
INVITATION
This is an invitation to submit session and topic proposals for
inclusion in the program of the Fifth Conference on Computers, Freedom
and Privacy. Proposals may be for individual talks, panel discussions,
debates, or other presentations in appropriate formats. Proposed topics
should be within the general scope of the conference, as outlined below.
SCOPE
The advance of computer and telecommunications technologies holds great
promise for individuals and society. From convenience for consumers and
efficiency in commerce to improved public health and safety and
increased participation in democratic institutions, these technologies
can fundamentally transform our lives. New computer and
telecommunications technologies are bringing new meanings to our
freedoms to speak, associate, be left alone, learn, and exercise
political power.
At the same time these technologies pose threats to the ideals of a
just, free, and open society. Personal privacy is increasingly at risk
from invasion by high-tech surveillance and eavesdropping. The myriad
databases containing personal information maintained in the public and
private sectors expose private life to constant scrutiny. Political,
social, and economic fairness may hinge on ensuring equal access to
these technologies, but how, at what cost, and who will pay?
Technological advances also enable new forms of illegal activity, posing
new problems for legal and law enforcement officials and challenging the
very definitions of crime and civil liberties. But technologies used to
combat these crimes can threaten the traditional barriers between the
individual and the state.
Even such fundamental notions as speech, assembly and property are being
transformed by these technologies, throwing into question the basic
Constitutional protections that have guarded them. Similarly,
information knows no borders; as the scope of economies becomes global
and as networked communities transcend international boundaries, ways
must be found to reconcile competing political, social, and economic
interests in the digital domain.
The Fifth Conference on Computers, Freedom and Privacy will assemble
experts, advocates and interested people from a broad spectrum of
disciplines and backgrounds in a balanced public forum to explore and
better understand how computer and telecommunications technologies are
affecting freedom and privacy in society. Participants will include
people from the fields of computer science, law, business, research,
information, library science, health, public policy, government, law
enforcement, public advocacy, and many others.
Topics covered in previous CFP conferences include:
Personal Information and Privacy
Access to Government Information
Computers in the Workplace
Electronic Speech, Press and Assembly
Governance of Cyberspace
Role of Libraries on the Information Superhighway
Law Enforcement and Civil Liberties
Privacy and Cryptography
Free Speech and the Public Communications Network
We are also actively seeking proposals with respect to other possible
topics on the general subject of computers, freedom and privacy. Some
new topics we are considering include:
Telecommuting: Liberation or Exploitation?
Courtesy, and the Freedom to be Obnoxious
Commercial Life on the Net
How Does the Net Threaten Government Power?
Universal Access to Network Services
The Meaning of Freedom in the Computer Age
Online Interaction and Communities
Government-Mandated Databases
PROPOSAL SUBMISSION
All proposals should be accompanied by a position statement of at least
one page, describing the proposed topic. Proposals for panel
discussions, debates and other multi-person presentations should include
a list of proposed participants and session chair. Proposals should be
sent to:
CFP'95 Proposals
Stanford Law and Technology Policy Center
Stanford Law School
Stanford, California 94305-8610
or by email to:
[email protected]
with the word RProposalS in the subject line. Proposals should be
submitted as soon as possible to allow thorough consideration for
inclusion in the formal program. The deadline for submissions is
1 November 1994.
STUDENT PAPER COMPETITION
Full time students are invited to enter the student paper competition.
Winners will receive a scholarship to attend the conference and present
their papers. Papers should not exceed 2,500 words and should examine
how computer and telecommunications technologies are affecting freedom
and privacy in society. All papers should be submitted to Professor
Gary T. Marx by 20 November 1994. Authors may submit their papers either
by sending them as straight text via email to:
[email protected]
or by sending six printed copies to:
Professor Gary T. Marx
University of Colorado
Campus Box 327
Boulder, Colorado 80309-0327
(303) 492-1697
Submitters should include the name of their institution, degree program,
and a signed statement affirming that they are a full-time student at
their institution and that the paper is an original, unpublished work of
their own.
INFORMATION
For more information on the CFP'95 program and advance registration, as
it becomes available, write to:
CFP'95 Information
Stanford Law and Technology Policy Center
Stanford Law School
Stanford, California 94305-8610
or send email to:
[email protected]
with the word "Information" in the subject line.
THE ORGANIZERS
General Chair
Carey Heckman
Stanford Law School
Stanford Law & Technology Policy Center
Stanford, CA 94305-8610
415-725-7788 (voice)
415-725-1861 (fax)
[email protected]
To discuss potential CFP'95 speakers, topics, and formats, and to receive
additional CFP'95 information, subscribe to the CFP95 list. Send to
[email protected] a plain text message consisting of subscribe cfp95.
Program Committee
Sheri Alpert, Internal Revenue Service
Judi Clark, ManyMedia
Kaye Caldwell, Software Industry Coalition
Esther Dyson, EDventure Holdings
Mike Godwin, Electronic Frontier Foundation
Peter Harter, National Public Telecommuting Network
Lance J. Hoffman, George Washington University
Ellen Kirsh, America OnLine
Bruce R. Koball, Motion West
Gary T. Marx, University of Colorado
Mitch Ratcliffe, Digital Week
Marc Rotenberg, Electronic Privacy Information Center
Deborah Runkle, American Association for the Advancement of Science
Barbara Simons, USACM
Ross Stapleton-Gray, Georgetown University
Glenn Tenney, Fantasia Systems
Jeff Ubois, Author and Consultant
J. Kent Walker, Jr., Department of Justice
[Affiliations are listed for identification only.]
------------------------------
Date: 29 Sep 1994 14:47:11 GMT
From:
[email protected] (Jean-Jacques Quisquater)
Subject: CALL for PAPERS: EUROCRYPT '95
EUROCRYPT '95
May 21 - 25, 1995, Saint-Malo, France
FINAL CALL FOR PAPERS
General information
Eurocrypt '95 continues the tradition of European IACR conferences dedicated
to the theory and applications of cryptologic techniques. Original papers
are solicited on all aspects of cryptology.
Topics of interest
The topics of interest include but are not limited to:
Applications
Authentication
Combinatorial aspects
Computational complexity aspects
Computer security aspects
Conventional cryptosystems
Cryptanalysis
Cryptographic hash functions
Digital signatures
Electronic money
Foundation and theory
Implementation aspects
Information theoretical aspects
Key distribution
Number theoretical aspects
Practical aspects
Protocols
Pseudo randomness
Public key
Secret sharing
Standards
Voting systems
Zero knowledge
Instructions for authors
Send a cover letter, one title page and 18 copies of an extended abstract to
be received by November 21, 1994, (or postmarked by November 10, 1994 and
sent via airmail). The title page should contain the title, the name of the
authors, their phone and fax numbers, their postal and e-mail address and the
abstract. The extended abstract should start with the title and the abstract,
but should be anonymous (Please, reserve the acknowledgments for the final
version of the paper). This should be followed by a succinct statement
appropriate for a non-specialist reader specifying the subject addressed,
its background, the main achievements, and their significance to cryptology.
Technical details directed to the specialist should then follow. A limit of
10 single-spaced pages of 12pt type (not counting the bibliography and clearly
marked appendices) is placed on all submissions. Since referees are not
required to read the appendices, the paper should be intelligible without them.
Abstracts that have been or will be submitted in parallel to other conferences
or workshops that have proceedings are not eligible for submission to
Eurocrypt. The authors must state compliance to this rule in their cover
letter. A LaTex style file and an example of a cover letter will be available.
Conference proceedings
Eurocrypt '95 will be the first Eurocrypt conference where proceedings will be
available at the meeting. The proceedings will be published in the
Springer-Verlag's Lecture Notes in Computer Science. Clear instructions
about the final copy will be sent to the authors. The final copies of the
accepted papers will be due on March 6, 1995. Authors of accepted papers
must guarantee that their paper will be presented at the conference.
A limited number of stipends are available to those unable to obtain funding
to attend the conference. Students whose papers are accepted and who will
present themselves are encouraged to apply if such an assistance is needed.
Requests for stipends should be addressed to the general chairperson.
Program Committee
Chaired by Louis Guillou, the following persons are the
Members of the Program Committee:
Mihir Bellare Johannes Buchmann Mike Burmester Paul Camion
Donald W. Davies Amos Fiat Hideki Imai Lars Knudsen
Ueli Maurer Birgit Pfitzmann Jean-Jacques Quisquater Ronald Rivest
Jacques Stern Douglas Stinson Moti Yung Gideon Yuval
Important information
Submission receipt deadline: November 21
(or postmarked airmail: November 10)
Notification sent to authors: January 23
Final copies due: March 6
Send submissions to:
Louis Guillou, Program Chair
CCETT (Eurocrypt '95)
4, rue du Clos Courtel
F-35512 Cesson-Se'vigne' Cedex
FRANCE
Tel: +33 99 12 42 47
Fax: +33 99 84 56 00
Email:
[email protected]
For other information, contact:
Franc,oise Scarabin, General Chair
CCETT (Eurocrypt '95)
4, rue du Clos Courtel
F-35512 Cesson-Se'vigne' Cedex
FRANCE
Tel: +33 99 12 41 98
Fax: +33 99 12 40 98
Email:
[email protected]
------------------------------
Date: 31 May 1994 (LAST-MODIFIED)
From:
[email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <
[email protected]>
(Dennis Rears <
[email protected]>). UK subscribers please contact
<
[email protected]>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<
[email protected]> (which is not automated).
CONTRIBUTIONS: to
[email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password;
[email protected] and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use
http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail
[email protected] .
------------------------------
End of RISKS-FORUM Digest 16.45
************************
