The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Friday, 12 August 1994 Volume 03 : Issue 15 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PrivacyGuard (Beth Givens) Privacy at risk: Educational Records (CPSR) Leahy on Gore Clipper Letter 7/21/94 (Dave Banisar) Medical Privacy Dilemma ([Name withheld]) Re: Discovery (Geoff Kuenning) More Foolish Use of the SSN (Willis H. Ware) Privacy Book Project (Gini Graham Scott) Health Care Privacy Alert (Dave Banisar) EPIC Seeks Release of FBI Wiretap Data (Dave Banisar) The Privacy Rights Clearinghouse Information Service -- Correction (Privacy Rights Clearinghouse) Privacy Conference (Dave Banisar) International Cryptography Institute (Dorothy Denning) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 03, ISSUE 15 Quote for the day: "We have so much time and so little to do. Strike that! Reverse it." -- Willy Wonka (Gene Wilder) "Willy Wonka & The Chocolate Factory" (1971) ---------------------------------------------------------------------- Date: Mon, 18 Jul 1994 16:38:33 -0700 (PDT) From: "BETH GIVENS, PRIVACY RIGHTS CLEARINGHOUSE, USD" Subject: PrivacyGuard PrivacyGuard is nothing more than a convenience service. It offers the subscriber information that anyone can get for themselves free. However, some people might want the convenience of having someone else go through the [relatively little] effort of obtaining their credit report, Social Security earnings record, driving record and medical record for them. Regarding the medical record that Privacy Guard states that it will obtain for the subscriber: This is simply the record held by the Medical Information Bureau, a life/health insurance company clearinghouse in Boston that keeps information on significant health problems of about 15 million Americans and Canadians. The MIB will send you your record in about a week's time, once you submit an application form. And it's free. Not everyone has a record in the MIB database--just those who have applied for life insurance or who have applied for health insurance as an individual (not a group policy). Here's how to order your MIB record, if indeed there is one. Write: MIB, P.O. Box 105, Essex St., Boston MA 02112. Or call 617-426-3660. In just a few days, you will receive a one-page application form to fill out and mail to MIB. By the way, this information and a lot more can be found on our gopher site [Privacy Rights Clearinghouse, at the University of San Diego]. Gopher to gopher.acusd.edu. Look for our fact sheets under "USD Campuswide Information System." ------------------------------ Date: Mon, 18 Jul 1994 18:03:24 -0700 From: cpsr-seattle@csli.stanford.edu (CPSR) Subject: Privacy at risk: Educational Records Seattle CPSR Policy Fact Sheet K-12 Student Records: Privacy at Risk --------------------------------------------------------------------------- TOPIC The U.S. education system is rapidly building a nationwide network of electronic student records. This computer network will make possible the exchange of information among various agencies and employers, and the continuous tracking of individuals through the social service, education and criminal justice systems, into higher education, the military and the workplace. WHAT IS THE ISSUE? There is no adequate guarantee that the collection and sharing of personal information will be done only with the knowledge and consent of students or their parents. Changes Are Coming to Student Records National proposals being implemented today include: - An electronic "portfolio" to be kept on each student, containing personal essays and other completed work. - Asking enrolling kindergartners for their Social Security Numbers, which will be used to track each student's career after high school. - Sending High school students' transcripts and "teachers' confidential ratings of a student's work-related behavior," to employers via an electronic network called WORKLINK. At the heart of these changes is a national electronic student records network, coordinated by the federal government and adopted by states with federal assistance. Publication 93-03 of the National Education Goals Panel, a federally appointed group recently empowered by the Goals 2000 bill to oversee education restructuring nationally, recommends as "essential" that school districts and/or states collect expanded information on individual students, including: - month and extent of first prenatal care, - birthweight, - name, type, and number of years in a preschool program, - poverty status, - physical, emotional and other development at ages 5 and 6, - date of last routine health and dental care, - extracurricular activities, - type and hours per week of community service, - name of post-secondary institution attended, - post-secondary degree or credential, - employment status, - type of employment and employer name, - whether registered to vote. It also notes other "data elements useful for research and school management purposes": - names of persons living in student household, - relationship of those persons to student, - highest level of education for "primary care-givers," - total family income, - public assistance status and years of benefits, - number of moves in the last five years, - nature and ownership of dwelling. Many of these information categories also were included in the public draft of the 'Student Data Handbook for Elementary and Secondary Schools', developed by the Council of Chief State School Officers to standardize student record terminology across the nation. State and local agencies theoretically design their own information systems, but the handbook encourages them to collect information for policymakers at all levels. Among the data elements are: - evidence verifying date of birth, - social security number, - attitudinal test, - personality test, - military service experience, - description of employment permit (including permit number,) - type of dwelling, - telephone number of employer. WHO CAN ACCESS THIS COMPREHENSIVE INFORMATION? Officers, employees and agents of local, state and federal educational agencies and private education researchers may be given access to individual student records without student or parent consent, according to the federal Family Educational Rights and Privacy Act of 1974 (20 USC 1232g) and related federal regulations (34 CFR 99.3). Washington state law echoes this federal law. WHAT IS COMING NEXT? Recent Washington state legislation (SB 6428, HB 1209, HB 2319) directly links each public school district with a self-governing group of social service and community agencies that will provide services for families. This type of program is described in detail in the book, Together We Can, published jointly by the U.S. Department of Education and the U.S. Department of Health and Human Services. The book speaks of "overcoming the confidentiality barrier," and suggests creating centralized data banks that gather information about individuals from various government agencies - or in other ways ensuring agencies, "ready access to each other's records." The book calls for a federal role in coordinating policies, regulations and data collection. A group in St. Louis, MO, called Wallbridge Caring Communities, is cited as a model for seeking agreements to allow computer linkups with schools and the social service and criminal justice systems to track school progress, referrals and criminal activity. WHAT HAPPENED TO ONE COMMUNITY In Kennewick, WA, over 4,000 kindergarten through fourth graders were rated by their teachers on how often they lie, cheat, sneak, steal, exhibit a negative attitude, act aggressively, and whether they are rejected by their peers. The scores, with names attached, were sent to a private psychiatric center under contract to screen for "at-risk" students who might benefit from its programs. All of this was done without the knowledge and consent of the children or their parents. CPSR's POSITION CPSR Seattle believes that schools other agencies should minimize the collection, distribution and retention of personal data. Students and/or their parents should decide who has access to detailed personal information. CPSR ACTIONS Representatives of CPSR Seattle have gone to Olympia to: - oppose the use of the Social Security Number as the standard student identifier, - urge legislators to set educational goals that can be measured without invading privacy, - oppose turning over individual student records to law enforcement officials apart from a court order or official investigation. Computer Professionals for Social Responsibility - Seattle Chapter P.O. Box 85481, Seattle, WA 98145-1481 (206) 365-4528 cpsr-seattle@csli.stanford.edu ------------------------------ Date: Fri, 22 Jul 1994 16:35:07 +0000 From: Dave Banisar Subject: Leahy on Gore Clipper Letter 7/21/94 U.S. SENATOR PATRICK LEAHY Vermont ________________________________________________________________ STATEMENT OF PATRICK LEAHY ON VICE PRESIDENT GORE'S CLIPPER CHIP LETTER July 21, 1994 I have read the July 20th letter from the Vice President about the Administration's current thinking on Clipper Chip and, to my mind, it represents no change in policy. In fact, when this letter was sent, I would be surprised if the Administration even thought it was news. The letter makes clear to me that the Administration continues to embrace key escrow encryption technology, and stands behind Clipper Chip as a federal standard for telephone communications. The official standard makes clear that this standard applies to any communications over telephone lines. Those communications include not only voice, but also low-speed computer data and facsimile messages. The Administration is working on encryption technologies for higher-speed transmissions, such as for computer networks and video networks. The Vice President says that they want to work with industry to design a key escrow system that could be implemented not just in hardware, but also in software, that would be voluntary, exportable and not rely upon a classified encoding formula. The Administration said all this last February when the federal standard was approved. Yet, when Administration witnesses were questioned about the progress they had made in this effort at my Judiciary subcommittee hearing in early May, I learned they had held only a few meetings. Last week, the Appropriations Committee accepted strong Report language I suggested on Clipper Chip. The Attorney General is directed to report to Congress within four months on ten areas of concern about Clipper Chip. I agree with the Vice President that balancing economic and privacy needs with law enforcement and national security is not always an easy task. But we can do better than Clipper Chip. ------------------------------ Date: Wed, 27 Jul 94 09:49:18 From: [Name withheld] Subject: Medical Privacy Dilemma Here's a hypothetical situation for you. A man phones up a local paper claiming that he has been mistreated by the local hospital and this has resulted in serious damage to his health. The paper phones up the hospital to check out the story. The hospital confirms that the man in question was a patient at the hospital but refuse to say anything else on the grounds of patient confidentiality. The paper decide that they will print the story and, to be polite, inform the hospital. This is where it gets interesting. A senior hospital official contacts the paper and requests that they do not run the story because it would damage the hospital's reputation. The editor refuses to withdraw the story. The official then explains that, to protect the hospital's good name, he is prepared to release some of the patient's medical history as long as it is strictly off the record. He then claims that the patient has a history of psychiatric problems which explain the allegation of mistreatment. Issues: 1. Should the hospital release the information about the patient's psychiatric problems to prevent possible damage to its reputation. 2. How does the paper know that the hospital is telling the truth - obviously it can't check back with the patient because this would reveal that the hospital has disclosed the medical records. The result is, of course, that the paper drops the story. ------------------------------ Date: Sat, 30 Jul 94 13:34:34 -0700 From: desint!geoff@uunet.uu.net (Geoff Kuenning) Subject: Re: discovery N.R. Sterling writes: > every check, which reveals among other things, who the bank customer > pays money to, e.g., credit card companies (with credit card numbers > usually appearing on the memo line, written by the unsuspecting maker of > the check), It doesn't matter whether the check maker writes the account number on the check. The *first* thing that the payee does with the check is to run it through a machine that prints an audit trail, in case something untoward happens later. You guessed it, part of the audit trail contains the complete account number that the check was credited to. There's no disadvantage, other than time to writing the account on the memo line. The slight advantage occurs in the rare case when the check gets separated from the bill stub before it makes it into the processing machine. Me, I figure that my unusual name is enough to straighten things out in this instance, and so I lazily don't write the account number on the check. But failing to write it won't protect your privacy one whit. Geoff Kuenning geoff@itcorp.com uunet!desint!geoff ------------------------------ Date: Mon, 01 Aug 94 09:59:24 PDT From: "Willis H. Ware" Subject: More Foolish Use of the SSN The following is a paraphrase and partial excerpt from a posting on the recent TELECOM Digest, V14 #340. "[To use the Sprint Voice FONCARD], basically you dial the 800 number and "Voice FONCARD Number please" is spoken and then you say your "card" number which is some random digit and YOUR SOCIAL SECURITY NUMBER [Emphasis added] ... and then you get the "Place Call" prompt..... I don't believe that it would work right off the bat in a crowded area from a public payphone unless you set it up that way in the first place. Problems I've had with the card .... in loud areas [it is] almost always required me to re-speak it with rather long pauses between the system going to look up my voice-print with a "Please Wait" prompt....it just takes some time in loud areas." Sprint has thoughtlessly conceived the world's most foolish way to expose one's SSN to illcit acquisition. The well know schemes for stealing conventional telephone credit card numbers is to observe a user key-in his number on the public touch pad, or to listen to the user speak his number. The scam is reported to be particularly threatening at airports, but now it will be directed at acquiring "SSNs for sale" rather than telephone credit card numbers. SPRINT has just made it a lot more convenient for people who want to surreptitiously steal SSNs and in addition, it not only charges the customer for the questionable privilege but also imposes a higher per-use surcharge than for conventional cards. All the miscreant needs to do is occupy the adjacent public fone when a Voice CARD is in use. The thief has two chances by listening: he gets an SSN or he gets a spoken telephone card number. It has been frequently described how, given an SSN, one can easily build a false identity and create all sorts of bad consequences for the true holder of the number; e.g., fraudulent credit card purchases, fraudulent driver licenses followed by crime, derogatory entries in credit data bases, fraudulent health care services. [The SSN plus a letter is the MediCare number.] I thought Holiday Inn was unwise in requesting one's SSN as the personal ID for its Frequent Traveler Program, but Sprint's inept choice for its Voice-Card tops them all for exposure of the SSN. What ever was in the minds of the system designers when they made the decision? And where was the management oversight that should have said "no way"? But then, the threat in this case is against the consumer, not against the telephone company for having to swallow the cost of fraudulent calls. Willis Ware Santa Monica, CA ------------------------------ Date: Thu, 4 Aug 94 01:07:00 UTC From: g.scott3@genie.geis.com Subject: Privacy Book Project PRIVACY BOOK PROJECT: REVIEWERS, QUOTES WANTED I wanted to let all know that I have a book on privacy: THE BATTLE FOR PERSONAL PRIVACY which will be published next year by Insight and Plenum Books in New York, scheduled for the Spring. It is designed to provide a broad overview of the subject for the general reader, and covers a wide range of topics, including search and seizure, press and publicity, government records, employment issues including drug testing and monitoring, high tech privacy topics including BBs, E- mail, and encryption, financial privacy, medical records, privacy in litigation, etc. It includes some history of privacy from the 1800s to the present, and focuses on the results of battles over privacy that have ended up in court in the 1992 and 1993, and recent developments since then. The book has just gone to the typesetter for the first galleys. My publisher has asked me to contact people in the field who might be interested in reviewing the book, and if they like it, providing comments that can be used in the book or in information about it. Besides the people I already plan to contact, this is to let others know about it. If you're interested, please contact me by E-mail, and please include an address where my publisher can send the galleys. You can reach me on E-mail through AOL at GiniS, Genie at G.SCOTT3, and on Prodigy at MBMV32A. Also, please feel free to repost this message on other BBs and newsletters. Gini Graham Scott [ Since the number of reviewers must be fairly limited, Gini Scott would prefer that persons requesting to review the book be working in the privacy field or be experts in the field. -- MODERATOR ] ------------------------------ Date: Mon, 8 Aug 1994 21:21:37 EST From: Dave Banisar Subject: Health Care Privacy Alert FYI, pls respond directly to the address below. Date: Sun, 7 Aug 1994 12:43 EDT From: WOODWARD@BINAH.CC.BRANDEIS.EDU (Beverly Woodward) Subject: Health Care Privacy Alert ALERT The health care legislation proposed by Gephardt in the House and Mitchell in the Senate contains provisions which would establish a national health care data network and override most state medical confidentiality laws. All health care providers, whether paid by insurance or not, will be required to provide the network with data from the patient medical record after every clinical encounter. (The data elements will not be limited to what is necessary for billing purposes.) A very weak "privacy" (or "fair information") code will regulate the redisclosure of such patient-identified information. The law will permit person-identified information to be made available in various circumstances to law enforcement officials, medical and social studies researchers, and government authorities without the knowledge or consent of the patient. These legislative provisions are being promoted as administrative simplification and cost-saving measures, but they will seriously erode patient privacy. Unfortunately the general public has not been informed about these sections of the health care reform bills. Legislation of this kind requires intensive debate and should not be folded into a bill to extend insurance coverage and reform health care financing. Contact your Representative and your Senators to urge that the "Administrative Simplification," "National Health Care Data Network," and so-called "Privacy" and "Fair Information Practices" sections of these bills be deleted. The general telephone number for Capitol offices is 202, 224-3121. Watch for further updates! You may contact us at 617, 433-0114. Coaltion for Patient Rights, Massachusetts ------------------------------ Date: Mon, 9 Aug 1993 13:15:11 +0000 From: Dave Banisar Subject: EPIC Seeks Release of FBI Wiretap Data Electronic Privacy Information Center PRESS RELEASE _____________________________________________________________ For Release: August 9, 1994 2:00 pm Group Seeks Release of FBI Wiretap Data, Calls Proposed Surveillance Legislation Unnecessary Washington, DC: A leading privacy rights group today sued the Federal Bureau of Investigation to force the release of documents the FBI claims support its campaign for new wiretap legislation. The documents were cited by FBI Director Louis Freeh during testimony before Congress and in a speech to an influential legal organization but have never been released to the public. The lawsuit was filed as proposed legislation which would mandate technological changes long sought by the FBI was scheduled to be introduced in Congress. The case was brought in federal district court by the Electronic Privacy Information Center (EPIC), a public interest research organization that has closely monitored the Bureau's efforts to mandate the design of the nation's telecommunications infrastructure to facilitate wiretapping. An earlier EPIC lawsuit revealed that FBI field offices had reported no difficulties conducting wiretaps as a result of new digital communications technology, in apparent contradiction of frequent Bureau claims. At issue are two internal FBI surveys that the FBI Director has cited as evidence that new telephone systems interfere with law enforcement investigations. During Congressional testimony on March 18, Director Freeh described "a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities." According to Freeh, the survey describes the problems such agencies had encountered in executing court orders for electronic surveillance. On May 19 the FBI Director delivered a speech before the American Law Institute in Washington, DC. In his prepared remarks, Freeh stated that "[w]ithin the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent technological problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court [wiretap] orders." According to David L. Sobel, EPIC's Legal Counsel, the FBI has not yet demonstrated a need for the sweeping new legislation that it seeks. "The Bureau has never presented a convincing case that its wiretapping capabilities are threatened. Yet it seeks to redesign the information infrastructure at an astronomical cost to the taxpayers." The nation's telephone companies have consistently stated that there have been no cases in which the needs of law enforcement have not been met. EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. ================================================================ FBI Director Freeh's Recent Conflicting Statements on the Need for Digital Telephony Legislation _______________________________________________________________ Speech before the Executives' Club of Chicago, February 17: Development of technology is moving so rapidly that several hundred court-authorized surveillances already have been prevented by new technological impediments with advanced communications equipment. * * * Testimony before Congress on March 18: SEN. LEAHY: Have you had any -- for example, digital telephony, have you had any instances where you've had a court order for a wiretap that couldn't be executed because of digital telephony? MR. FREEH: We've had problems just short of that. And I was going to continue with my statement, but I won't now because I'd actually rather answer questions than read. We have instances of 91 cases -- this was based on a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities. I can break that down for you. * * * Newsday interview on May 16: We've determined about 81 different instances around the country where we were not able to execute a court-authorized electronic surveillance order because of lack of access to that particular system - a digital switch, a digital loop or some blocking technology which we didn't have to deal with four or five years ago. * Speech before the American Law Institute on May 19: Within the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent techno- logical problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court orders [for electronic surveillance]. ------------------------------ Date: Tue, 9 Aug 1994 23:42:06 -0700 (PDT) From: Privacy Rights Clearinghouse Subject: <> Correction!!! Information on the PRC gopher site is in error. The phone number for the California hotline was incorrectly listed on the factsheets contained on the gopher. The correct number for the PRC Hotline, in California only is, 1-800-773-7748. We are sorry for any inconvince. The Privacy Rights Clearinghouse (PRC) a non-profit consumer education group, now has a gopher site. The gopher site contains State (California) and Federal legislation relating to the issue of privacy and informational fact sheets that are constantly being updated. Some of the topics include; Your Social Security number, junk mail, e-mail in the work place and wiretapping, and many others. Gopher to gopher.acusd.edu. To telnet to the PRC: telnet teetot.acusd.edu, login: privacy. Once in the USD Gopher, Select #4. USD Campus-Wide Information System/. then select #8. Privacy Rights Clearinghouse. The Privacy Rights Clearinghouse is a service for California consumers. It is administered by the University of San Diego's Center for Public Interest Law. It is funded by the telecommunications Education Trust, a program of the California Public Utilities Commission. It has been in operation since October 1992. Voice (619)298-3396. ------------------------------ Date: Thu, 11 Aug 1994 10:27:36 -0700 From: banisar@epic.org (Dave Banisar) Subject: Privacy Conference CONFERENCE ANNOUNCEMENT --------------------------- TECHNOLOGIES OF SURVEILLANCE TECHNOLOGIES OF PROTECTION --------------------------- Sponsored by Privacy International The University of Eindhoven The Electronic Privacy Information Center Friday,September 9, 1994 Nieuws Poort International Press Centre The Hague, The Netherlands The conference will bring together experts in law, privacy, human rights, telecommunications and technology to discuss new technological developments that affect personal privacy. The sessions will be interactive, starting with introductions to the subjects by leading experts, followed by questions and discussion led by the moderators. 8:45 Introduction Simon Davies, Chairman, Privacy International 9:00 Information Infrastructures Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie Perrin, Industry Canada 10:00 Euopean Government Information Sharing Networks Jos Dumatier, professor of law and director of the Interdisciplinary Centre for Law and Information Technology (ICRI) at K.U.Leuven 11:00 Cryptography Policy David Banisar, Electronic Privacy Information Center Jan Smiths, University of Eindhoven 12:00 Lunch 1:00 Smart Cards and Anonymous Digital Transactions David Chaum, Digicash 2:00 Wrap up --------------------------------------------------------------------- Registration Fees [] Standard - 220 guilders ($120 US) [] Non-profit organisations/Educational - 75 guilders ($40 US) Information Name: ____________________________________________________________ Organization: ______________________________________________________ Address:_____________________________________________________________ ________________________________________________________________ Phone/Fax:___________________________________________________________ Electronic Mail: ____________________________________________________ Send registration to: Privacy International Washington Office Attn: Conference Registration 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 Make Check/Money Order in US Dollars out to Privacy International Space is limited, please contact us immediately if you wish to attend! For more information, contact: David Banisar 1+202-544-9240(voice) 1+202-547-5482(fax) banisar@epic.org (email) ------------------------------ Date: Thu, 28 Jul 94 14:20:23 EDT From: denning@chair.cosc.georgetown.edu (Dorothy Denning) Subject: International Cryptography Institute International Cryptography Institute 1994: Global Challenges September 22-23, 1994 Ritz Carlton, Washington, DC Presented by The National Intellectual Property Law Institute The International Cryptography Institute will focus on problems and challenges associated with the use of cryptography within nations and for international communications. The Institute will address such questions as: What are the different national policies and regulations governing cryptography and how might these evolve? What cryptographic technologies are on the market in different countries, what is being used, and what is it being used for? What problems is cryptography causing law enforcement? What are the requirements of businesses and other organizations? What are the new trends in cryptography and what will be their impact on society? What efforts are leading toward an international cryptography framework? The Institute is for government officials, industry leaders, policy makers and analysts, researchers, and users of cryptographic technologies. Program September 22 8:45-9:00 Opening Remarks Dorothy E. Denning, Chair of Program James Chandler, President, National Intellectual Property Law Institute 9:00-9:30 The Challenges of International Crytography Edward J. O'Malley, The OSO Group 9:30-10:00 Cryptography in the European Community Christopher E. Sundt, ICL Secure Systems 10:00-10:30 Cryptography in the German Governmental Area Ansgar Heuser, BSI 10:30-10:45 Break 10:45-11:15 Cryptography in Belgium Els Lemmens, Belgian Office for Scientific, Technical and Cultural Affairs 11:15-11:45 The Use of Cryptography in Singapore Kwok-Yan Lam, National University of Singapore Seow-Hiong Goh, John Yong, National Computer Board 11:45-12:15 An Australian and South-East Asian View of Cryptography William J. Caelli, Queensland University of Technology 12:15-1:45 Lunch with Keynote The Honorable Dan Glickman, U.S. House of Representatives (invited) 1:45-2:15 GSM: Security for World-Wide Mobil Radio Charles B. Brookston, British Telecomm 2:15-2:45 International Exchange of Digital Signatures in a Diversified World Jean-Jacques Quisquater, University of Louvain 2:45-3:15 Creating Global Cryptographic Infrastructures Sead Muftic, Stockholm University 3:15-3:30 Break 3:30-4:00 An International Cryptography Framework Keith S. Klemba and Jim Schindler, Hewlett-Packard Co. 4:00-4:30 Experiments in International Cryptography and Software Key Escrow Stephen T. Walker, Trusted Information Systems, Inc. 4:30-5:00 International Escrowed Encryption Dorothy E. Denning, Georgetown University John Droge, Mykotronx, Inc. 5:00-6:00 Reception September 23 9:00-9:30 U.S. Government Cryptography Policy Michael R. Nelson, Office of Science and Technology Policy 9:30-10:00 Domestic Regulation of the Exportation of Cryptography James Chandler, National Intellectual Property Law Institute 10:00-10:30 Sue E. Eckert, U.S. Department of Commerce 10:30-10:45 Break 10:45-11:30 Rose Biancaniello, U.S. Department of State (invited) 11:30-12:00 World-Wide Availability of Cryptography Products David Balenson, Trusted Information Systems, Inc. 12:00-1:30 Lunch with Keynote Louis J. Freeh, Director, Federal Bureau of Investigation (invited) 1:30-2:45 International Regulation of Cryptography James Chandler, National Intellectual Property Law Institute Mark King, Communications-Electronics Security Group, United Kingdom Alexander Patijn, Ministry of Justice, The Netherlands William Wolfowicz, Fondazione Ugo Bordoni 2:45-3:00 Break 3:00-4:00 Cryptography in the Financial Industry Mr. Mitsuru Iwamura, The Bank of Japan Dr. Victor Panchenko, SignalRox, Russia (invited) others TBA - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hotel and Registration A limited block of rooms has been reserved at The Ritz Carlton Hotel at a special conference rate of $225 per night. Reservations can be made by calling or writing The Ritz Carlton Hotel, 2100 Massachusetts Ave., N.W., Washington, DC 20008, 202-293-2100. Rooms have also been reserved at the Ramada Plaza Hotel at the special rate of $89. Reservations can be made by calling or writing The Ramada Plaza Hotel, 10 Thomas Circle, N.W., Washington, DC 20005, 202-842-1300. Tuition is $595, $300 for government & academic, and $150 for students. Payment includes all course study materials and attendance at all sessions of the course, two lunches, and a cocktail reception. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Registration Form For International Cryptography Institute Name: Firm: Address: Phone: Payment (check one) __ Check payable to The National Intellectual Property Law Institute __ MasterCard __ VISA Card #: Expiration Date: Signature: Registration by Fax: 800-304-MIND Phone: 300-301-MIND Mail Registration with payment to: The National Intellectual Property Law Institute 1350 Eye Street, N.W., Suite 820, Washington, DC 20005 Phone: 202-962-9494 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ------------------------------ End of PRIVACY Forum Digest 03.15 ************************