INLS310 Anonymity & Privacy Update for 5 March 1997

To: INLS310-76 listserv <ils310@listserv.oit.unc.edu>
Subject: INLS310 Anonymity & Privacy Update for 5 March 1997
From: "W. John MacMullen" <macmw@ils.unc.edu>
Date: Wed, 5 Mar 1997 10:36:37 -0500 (EST)
Reply-To: macmw@ils.unc.edu
Sender: owner-ils310@listserv.oit.unc.edu
INLS310 Anonymity & Privacy Update for 5 March 1997

CONTENTS:

* Anonymity/Privacy in the News
* Hands-on Help
* Tools
* Policy

|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|::|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|

***
***ISSUE: A/P in the News
***

Date: Mon, 17 Feb 1997 08:21:44 -0500
From: amesr@interlog.com (Robert Ames)
Subject: Forgeries and Dejanews
 
It seems that an effective way to attack an individual is to forge a
Usenet article purportedly from that person, and to include in the article
"admissions" or bigotted statements which would reflect poorly on his
character.  The forged article is then collected by Dejanews and similar
organizations and archived.  It becomes part of the Dejanews "profile" on
the supposed author.
 
I was one of the victims of a series of forgeries in August and September,
1996.  The perpetrator originated at ixc.net in New York, and then
telnetted to news.uu.net and other open news servers to post as the
victim. Although I cancelled the forged article and posted a PGP-signed
repudiation, the article was still archived at Dejanews, and was recently
used by someone to "prove" that I had made statements which put me in a
bad light.
 
Since this is a general problem which can impact on anyone, I feel it
needs to be discussed.  Perhaps news archivers should be under the same
scrutiny as credit reporting agencies.


***
***ISSUE: Hands-on Help
***

Anonymous Remailers

We will be talking about remailers on the Anonymity and Privacy topic
days. Here is a good introduction to what they are and do:

	http://www.well.com/user/abacard/remail.html


***
***ISSUE: Tools
***

Cookies Redux

There are essentially three ways to thwart "cookie" technology:
- Make your cookies.txt file read-only
- Delete cookies.txt on a regular basis
- Use a cookie management program such as CookieJar

The first two methods have serious drawbacks: they either restrict
legitimate uses of cookies, or allow one-time illegitimate use.
Cookie Jar seems to resolve these tradeoffs by enabling you to specify
sites to allow or deny receiving cookies from, as well as filtering out
advertisements, stripping out some identifying http header info (making
surfing somewhat more anonymous), and even deletes those annoying <BLINK>
tags.

The author of Cookie Jar, Eric Murray, writes:
"I originally wrote Cookie Jar out of frustration with Netscape's very
limited way of dealing with cookies- you can either accept all
cookies, or have Netscape pop up a dialog box asking if you want to
accept every cookie.   The problem with that is that many sites send
cookies for _every_ URL on their pages... so you have to click 'no' 20 or
30 times.

"I also wanted to be able to accept cookies from sites that I trusted and
wanted to deal with.  Cookies are usually used for advertising but can
also be used for what I consider good purposes, like customizing a web
site to each user or as a better way of authenticating web site users.
Dealing with a site whos cookies I did want to accept made me want to
write a program that would accept or reject cookies by site."

Details, installation instructions, the program and a sample config file
are all on the web page http://www.lne.com/ericm/cookie_jar/.


***
***ISSUE: Policy
***

New Report Details FBI/European Tapping Agreements

[or, "Who's Watching The Watchers?"]

A report issued on Feb. 24 by Statewatch, a London-based advocacy
organization, shows that the FBI has been working with its counterparts
in the European Union for five years to create a "global tapping
system." The report reveals the existence of a Memorandum of
Understanding to ensure that surveillance of all existing and new
technologies is compatible and coordinated with the FBI's efforts to
advance its "digital telephony" agenda within the United States.

The FBI's plan is to facilitate wiretapping worldwide by pressuring
countries to harmonize national laws on interception; increase
cooperation of telecommunications providers; ensure equipment has
interception standards incorporated; and create de facto global
standards by persuading as many countries as possible to cooperate and
by providing compatible equipment to non-participating countries.

To achieve these goals, the FBI and its EU counterparts wrote a
resolution adopted by the Council of the European Union on "the lawful
interception of telecommunications." The Council issued the resolution
on Jan 17, 1995 (unpublished until November 1996) and a Memorandum of
Understanding on the requirements that need to be adopted into all
laws. The MOU has been signed by the 15 member countries of the EU, and
the US. There have also been "expressions of support" from Australia,
Canada, and Norway. The FBI and EU have also pushed the requirements as
standards before the international telecommunications standards bodies
such as the ITU and pressured other countries to adopt them.

The requirements are almost exactly the same as the FBI demands for
digital telephony. They include "real-time access" to the "entire
telecommunication transmitted" sent to a "law enforcement monitoring
facility", access to all associated call data, geographic location
information for mobile phone users, decrypted information for all
operator-provided encryption, and response times "in urgent cases within
hours or minutes."

The report notes that even countries that do not agree will be
affected:

  The strategy appears to be to first get the "Western world" (EU, US
  plus allies) to agree to "norms" and "procedures" and then to sell
  these products to Third World countries -- who even if they do not
  agree to "interception orders" will find their telecommunications
  monitored ... the minute it hits the airwaves.

The digital telephony proposal has received significant criticism in
the United States since its adoption in 1994.  The FBI originally
claimed that law provided a mandate to simultaneously monitor a
significantly higher percentage of phone lines that is current practice
in the US.  That interpretation was withdrawn after public protect.
The FBI then claimed that the law would require the development of a
global locator system based on the nation's telephone system. That
interpretation was also withdrawn after public protect.  Several
members of Congress have said that they will oppose future funding of
the plan.

A copy of the Statewatch report, the Council of Europe Resolution and
more information is available at:

    http://www.privacy.org/pi/activities/tapping/


>From EPIC Alert 4.03
The Electronic Privacy Information Center
http://www.epic.org/


|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|::|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|:|

Send comments or suggestions to:  macmw@ils.unc.edu
Previous A/P Updates are archived at: http://ils.unc.edu/bitbucks/310
Prev: Re: N&O article & copyright forms
Next: Mbone URL
Index(es):
- Main
- Thread