Re: Perry's Paint Fable comes to mind...
On Thu, Dec 14, 2000 at 03:50:55AM -0800, R. A. Hettinga wrote: Real-To: "R. A. Hettinga" [EMAIL PROTECTED] At 11:35 PM -0600 on 12/13/00, by way of [EMAIL PROTECTED] wrote: FOR ALL TO SEE It's a spray which renders sealed envelopes transparent, making the letters inside as easy to read as postcards. "It leaves an odour for 10 to 15 minutes," says the spray's inventor, but, apart from that, "no evidence at all" that it's been used. While the manufacturer describes "See-Through" as a "non-conductive, non-toxic, environmentally safe liquid", human rights activists believe "it's an ethically questionable product" which could tempt security forces to bend laws. http://www.newscientist.com/news/news.jsp?id=ns226930 Inventor? Shit. You can achieve this result with the "canned air" dusters sold to computer techs and photo people by simply turning the can upside down so the magic stuff emerges in liquid, not gaseous form - drip or spray it on the envelope in question, and the paper becomes (partially) translucent. The human rights activists are just pissed off they can't afford it themselves if they order it from a spy catalog. Everyone can afford it at Fry's - and learn thing about their friends and neighbors that they'll someday wish they hadn't. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: nambla
On Thu, Dec 14, 2000 at 12:03:09PM -0800, gary seven wrote: You are under the Judgement of the LORD GOD OF HOST for the sin of the sea of babies, abortion and infant sacrifice to the devil. You will burn in the presence of the HOLY Angels. The seals are opened. PREPARE FOR YOUR DESTRUCTION CAMAEL ARCHANGEL OF DESTRUCTION Camael called back - apparently there was some sort of screw-up with the lists. The destruction was for our neighbor. We get to sit in heaven on fluffy pillows and eat warm chocolate chip cookies for all eternity. I guess you didn't hear. Also, this sort of thing was predicted in Isaiah 19:9 " .. and they who weave networks shall be confounded." Don't get too wound up about it. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Masks [was: Re: About 5yr. log retention]
On Sat, Dec 09, 2000 at 10:06:03PM +0100, Anonymous wrote: I was unable to locate any other states with statutes addressing "mask wearing" in public (without intent to commit burglary). No doubt the rest of the offending rules are ordinances instead. Also see 18 USC 242 and 42 USC 1985 for criminal and civil penalties, respectively, for "two or more persons" who "go in disguise on the highway, or on the premises of another, with intent to prevent or hinder his free exercise or enjoyment of any right or privilege" secured by the US constitution or the laws of the United States. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Knowing your customer
On Wed, Dec 06, 2000 at 12:07:57PM -0500, Declan McCullagh wrote: A minor clarification: The formal proposal known as "Know Your Customer" was withdrawn (see my back articles on that topic). But other regulations in the same vein require banks to require ID. I'm not a banking law geek, but I believe that there are federal regs in place known as "know your customer" rules which apply to depository institutions like banks, credit unions, etc - the regs which were withdrawn would have required NBFI's (non-bank financial institutions) to comply with similar rules, as they're sometimes used instead of banks to avoid the KYC rules. Or am I thinking of something else? -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Keystroke-monitoring in NJ Mob Case
On Tue, Dec 05, 2000 at 04:12:37PM -0500, David Lesher wrote: re: the keystroke sniffer: http://inq.philly.com/content/inquirer/2000/12/04/front_page/JMOB04.htm The FBI application is at: http://www.epic.org/crypto/breakin/application.pdf The court order is at: http://www.epic.org/crypto/breakin/order.pdf I poked around the EPIC site to see if I could find more about that case - didn't find anything, but I did run across a reference to a 9th Circuit opinion of some interest - it seems that some drug cops in Las Vegas were engaging in illegal wiretaps, by modifying pen register hardware so that it facilitated audiotaping without a warrant. One of the cops mentioned this to a colleague, who talked to a supervsor, who broke into one of the other cops' office, found equipment which appeared to be performing an illegal warrantless audio intercept - so he then installed some illegal warrantless video recording equipment, which recorded the first crooked cops' behavior. The video evidence was excluded by the 9th Circuit as having been recorded outside the boundaries of Title III and the Fourth Amendment. It's online at http://laws.findlaw.com/9th/2/923/665.html if you care to meditate a little on the old "quis custodiet ipsos custodes?" question; or at 923 F.2d 665 for the old-fashioned. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Missed News: US Adopts Euro Cyber Crime Proposal ...
On Tue, Dec 05, 2000 at 10:30:01PM -0500, Bill Stewart wrote: At 12:16 AM 12/5/00 -0500, Tim May wrote: I wonder who the Tim McVeigh of the Left will be? For more recent events, even though there isn't much of a Left left, you could either believe the FBI saying Judi Bari blew up herself and her friend with a pipe bomb a few years back, or believe everybody else who think the cops did it. (The friend was killed; Judy was injured, and she recently died of cancer.) The friend was Daryl Cherney, and he's not dead, and is still making trouble ^H^H^H singing folk songs up near Humboldt, I think. He was mentioned recently in the Contra Costa Times for helping to coordinate a womens' topless protest against clearcuts in coastal northern CA. My guess is that the left's Tim McVeigh (or David Koresh, or Randy Weaver, for variants on that story) will come out of the animal liberation groups - Rodney Coronado has already spent a fair amount of time in jail, and there's whoever set that log-cabin-style ski lodge in Vail on fire. Ted Kaczynski seems like a good candidate - I think he and McVeigh have been talking in prison, they're being held in the same facility IIRC. But most of the left is too superstitious about having a personal relationship with violence for a likely suspect to emerge - they don't really embrace it until they're already in power, and then they're happy to use the existing institutional providers of force. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: IBM Uses Keystroke-monitoring in NJ Mob Case (was Re: BNA'sInternet Law News (ILN) - 12/5/00)
On Tue, Dec 05, 2000 at 05:16:03PM -0800, Tim May wrote: The legal fight over whether the monitor was legal and whether the information so obtained are in fact records of criminal activity is a side-show. It remains practical evidence of how insecure computer equipment / OS's and pass-phrase based identity authentication combine to reduce the effective security of a system. I fully support this comment that the whole issue of "legality" is a "side show." Exactly - not every attacker represents law enforcement, and not every law enforcement attack is performed with the intention of creating admissible evidence. The US' exclusionary rule is the exception, not the rule, worldwide - most courts take more or less whatever evidence they can get. And thugs and goons and spies of many flavors don't give a shit about even pretending to cover their tracks when they're not following the rules. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: identity-as-bits vs. identity-as-meat
On Thu, Nov 16, 2000 at 01:00:48PM -0800, Tim May wrote: And we can expect a spectrum of signing technologies and strengths. For example, the mundane auto-signing which someone may use for their e-mail is substantially less persuasive ("probative," I think the lawyers would say) than an ultra-high-security, backed-with-a-bond key which Boeing's Legal Department uses to digitally sign sensitive papers. I believe Greg Broiles is still working for Signet Assurance, www.sac.net, which is one company tackling parts of this problem. Whether they will be a dominant player is of course unknown to me. Actually, yesterday was my last day on Signet's payroll; there has been some writing (both English and Java) regarding risk transfer, signatures, evidence, etc., at Signet, but the legal and technical people who were gathered at Signet have pretty much dispersed to other, more fruitful projects. I don't know what direction(s) the company will move in the future. I seem to be eternally a few hours away from finishing a paper on the legal aspects of digital signatures - but the really short version is that context and intent are crucial. Software applications and business applications which don't take those aspects of a signature into account are likely to be useless at best and dangerous at worst. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Public Key Infrastructure: An Artifact...
On Thu, Nov 16, 2000 at 03:53:28PM -0800, Ed Gerck wrote: http://www.anu.edu.au/people/Roger.Clarke/II/PKIMisFit.html Public Key Infrastructure: An Artifact Ill-Fitted to the Needs of the Information Society Abstract It has been conventional wisdom that, for e-commerce to fulfill its potential, each party to a transaction must be confident in the identity of the others. This is the law for commerce, except for cash transactions of non-controlled goods. Firearm sales usually require proof of identity (at least) even for a cash transaction. That's a matter of state law - Federal law doesn't (yet) regulate firearm transactions between two residents of the same state where neither is licensed federally as a firearms dealer, so long as the firearms themselves aren't specially controlled (like Class 3 full-auto weapons, or short- barreled rifles/shotguns, etc). Nevertheless, the main point above is wrong, too - commercial law certainly does NOT require parties to be confident about the identity of counterparties. In most circumstances, identity is irrelevant; and even in disputed transactions, it's very rare that identity becomes crucial. Further, the identity of counterparties isn't fixed or decided at the time a contract is formed - one or more of the participants may later want to correct, amend, or restate the contractual listing of the parties, to include or exclude parties who are thought to have greater or fewer assets, or greater or lesser culpability, in order to enhance their chances for successful litigation. There's a persistent superstition among technologists who do ecommerce work that knowing someone's identity is necessary or sufficient to successfully litigate against them - neither side of that assumption is true. It can be the hardest thing in the world to successfully serve a summons and complain on a well-known party - cf. the ligitation against the Scientology head, whose name escapes me at the moment. On the other hand, big companies angry about message-board postings have been filing complaints very successfully against unknown (or pseudonymously named) entities, much to the aggravation of people who believe that their marginally greater understanding of technology makes them somehow unreachable or unaccountable. Even assuming that someone is successfully served with a complaint, that's a long way from winning a lawsuit, which is a long way from collecting on a judgement. Traditional non-legal means of enforcing contracts - like adding the person to a blacklist of "naughty debtors" doesn't depend on any sort of proof of identity or proof that a contract ever existed, or was breached - it's easy (if you're a commercial entity of at least moderate size) to add people you believe owe you money to the credit reporting agencies' databases, whether your target is an individual or a business. The reporting agencies require no proof at all - they'll accept the creditors' representations about the alleged debt, and proceed from there. Identity - and complicated theoretical proofs of identity - are not especially important in commercial law or litigation. It's relatively easy to follow the paths of money and/or goods in commercial transactions - and where it's not, the likelihood of recovery is slim even if the counterparty is well-identified, so litigation is unlikely. Identity does have the advantage of being a very familiar idea, so it's easy to generate and keep certificates about it, which give counterparties a nice warm feeling that they're doing something about the risks they face in a transaction. That feeling is unrelated to what's actually happening, but it does serve to lubricate the wheels of commerce. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Public Key Infrastructure: An Artifact...
On Thu, Nov 16, 2000 at 08:11:25PM -0600, Mac Norton wrote: Of course not. Unilateral offers can be made to a defined class of persons and accepted by action thereon. An old principle, but valid still. MacN On Thu, 16 Nov 2000, Greg Broiles wrote: It has been conventional wisdom that, for e-commerce to fulfill its potential, each party to a transaction must be confident in the identity of the others. The quoted text isn't mine - but, to further expand on Mac's comments, it's not even necessary that the offeror's identity be clear to potential acceptors. It's quite likely that many people and organizations are wrong about the assumptions they make about identity - you may think you've bought fast-food from McTacoKing, but it turns you you purchased food from an out-of-state corporation that's a franchisee of another out-of-a-different-state corporation who licenses out their recipes and trademarks to different people. This ambiguity may go both directions - the local McTacoKing may purchase services (like, say, carpet cleaning, or drain cleaning) from yet another locally-held but distantly-registered corporation who's just a franchisee/licensee of widely-recognized trademarks in those fields. It's easy to be sloppy and say that transaction represents a contract between McTacoKing and DrainSuckers - but that's not true at all. It's rare for people to even bother asking about niceties like business form (corporation vs. LLC vs. partnership vs. whatever), much less actually bother to figure out whether what's represented is really true - nobody bothers to call the Secretary of State and ask if the business called "X, Inc." really is a corporation, really is registered, really does have officers, etc., until people start using the words "million" or "billion". Trillions of dollars in small transactions take place without any attention at all paid to identity, in a legally significant sense - people do pay attention to trademarks, but those have only a slight relationship to the legal entitites involved. Even moderately sized-organizations find it useful to divide their operations into a number of legal entities, which may have common owners or have parent/subsidiary relationships - but invariably they hide that complexity behind a nice shiny trademark, because it's just distracting for people to think that "barnesandnoble.com" isn't really the same company as the people who run the bookstore down the street - or that the UPS who ships the books that the online entity sells you isn't the same UPS who sells the online entity the insurance on the safe delivery of that package. It's distracting to think that the entity which places a taxicab company ad in the yellow pages (which have the same logo as the local phone company, but are actually a separate corporation) isn't paid for by the corporation which owns the taxi which drives customers around, which isn't the same as the person who's driving, and may not even be the same company as the one which holds the taxi medallion. And who wants to think about the (lack of) identity between different banks and insurance companies who operate under the same trademarks and in the same office space? If you've got a savings account in a Bank of America branch in California and a checking account in a Bank of America branch in Oregon and a mutual fund account in a Bank of America branch in Oregon, how many different entities have you opened accounts with? 1? Bzzt! 3, or at least that was true before Congress clobbered the Glass-Stegall Act last year. Does that bother the people who cheerfully issue domain names and X.509 certs to various of these different entities? Nope. Does it bother consumers? Nope. Nobody cares, just like nobody cares that individual identities are pretty fluid, too, given that one name can be reused across many different meat things, and a single meat thing may, perfectly legally, use a number of different identies. The relationship between meat-world entities (including their cousins, the entities created by registration with governments or by mutual agreement of participants) and text strings like "John Smith" or "Bill Clinton" or "Bank of America" is not one-to-one but many-to-many, and that's not going to change. The legal system is accustomed to this ambiguity, and deals with it as necessary. Efforts to "fix" this and force people or corporations to identify in some enforceable way the underlying legal entities involved in a transaction are doomed to failure. The flexibility inherent in the ambiguity is important to getting things done - it's not a bug, it's a feature. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Declan on Bell
On Sat, Nov 11, 2000 at 09:40:34AM -0800, Eric Cordian wrote: What were the chemicals in question? Does Bell, outside of documents the government makes him sign, claim to have made the IRS doormat smell bad? If I remember correctly, the substance in question is "mercaptan", and it is used as an additive to natural gas to make gas leaks distinctive and noticeable. I don't remember whether or not Jim has taken credit for the stink-bombing in a non-coercive environment. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Nader
On Thu, Nov 02, 2000 at 08:51:03AM -0800, Tim May wrote: Nader is getting a late start in the enthusiasm stakes, but it could be that he'll really surge. A lot of folks are mired deeply in what Nietzsche called "resentiment." They just don't like it when other people have done well by investing instead of by drinking beer for the past 20 years, and they want the successful people taken down a notch or two. Ironically, Nader himself is a millionaire, apparently as a result of the investments he's made over the past 20-30 years and his spendthrift lifestyle. Good for him - but it makes me wonder where he'd draw the line between "wealth that's deserved" and "wealth that's not deserved." -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: California bars free speech of those cutting deals on votes
On Wed, Nov 01, 2000 at 06:14:56PM -0500, Harmon Seaver wrote: Actually you can sue a government official (cop, clerk, etc) who violates your rights knowingly, and under 'color of authority'. The trick is convincing a jury that it was suitably malicious and obvious violation. E.g., false arrest because you look like a suspect won't cut it almost always. Actually, you can do better than that. There's a fed statute (don't have the # with me, but do at home if someone needs it) that makes violation of your civil rights by *any* public official a federal felony. A judge in Tenn. got 32 years in the slammer on this charge a few years ago. He took it to the Supremes and lost. For civil suits, see 42 USC 1983 and 1985. For criminal actions, see 18 USC 241 and 242; unfortunately, the criminal sections are only of interest to federal prosecutors. The rest of us need to use civil suits; against federal agents, it's not a 1983 action, but one under federal common law, a la _Bivens v. Six Unknown Agents_, a Supreme court case whose citation eludes me at the moment. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Zero Knowledge changes business model (press release)
s of smaller less well-known examples. This all comes back to the old Benjamin Franklin saw - "Three men can keep a secret, if two of them are dead." Building the kind of trust that's needed to do the sorts of things ZKS proposes to do takes years or decades; and maintaining good security and a good reputation across that long period of time is very difficult, as Sun recently demonstrated in the key compromise mentioned by Lucky. -- Greg Broiles [EMAIL PROTECTED] PO Box 897 Oakland CA 94604
Re: Denver Judge rules Cops can seize bookstore records
nt to investigate crimes. Phillips ruled that the identity of the drug lab operators is "of significant public interest" and that "the purchase of how-to books is a highly important piece of evidence." The judge wrote that there's no other reasonable way, aside from seizing store records, for investigators to obtain the information they're seeking. He lauded the task force for asking only for specific invoices, not "stumbl(ing) through other private records." Phillips deemed the Tattered Cover case "dramatically different" than the Lewinsky case, about which he wrote: "The subpoenas were exploratory in nature, and the government was unable to show any need nor any nexus to a criminal event." And so Phillips denied investigators' broad request for a month's worth of records that might show all titles purchased by the unnamed suspects. Still, he granted police access to the specific invoice whose number appeared on the book mailer. Meskis has 15 days to appeal before the task force seizes her records. Moriarty insists it was never her unit's intent to comb through reading records of the general public. Rather, she said, Phillips' order will give investigators "an important piece of a puzzle" needed to nab their suspect. Critics say one arrest is a high price to pay for allowing a war against drugs to chip away at civil rights. "Key principles of the right to privacy and freedom of speech have ultimately been compromised in the decision," said Sue Armstrong, executive director of the American Civil Liberties Union in Colorado. Judith Krug, director of the Office for Intellectual Freedom at the American Library Association, said she worries that drug investigators unfairly are "making the connection between what people read and what they do." "Just because you read a book on homosexuality, for example, doesn't mean you're gay. And reading a book on the symptoms of cancer doesn't mean you have the disease," Krug said. "Our concern is that what people read, what goes into their heads will no longer remain private." KEY QUESTIONS: Denver District Judge Stephen Phillips posed four key questions as part of a legal balancing test in his ruling: 1. Is there a legitimate and significant government interest in acquiring the information? 2. Is there a strong nexus between the matter being investigated and the material being sought? 3. Is the information available from another source? 4. Is the intrusion limited in scope so as to prevent exposure of other constitutionally protected matters? Copyright 2000 The Denver Post. All rights reserved. Related: Bookstore fights search warrant http://www.denverpost.com/news/news1018d.htm -- Greg Broiles [EMAIL PROTECTED]
Risk and insurance
At 12:33 AM 10/22/00 -0700, Ray Dillinger wrote: On Wed, 18 Oct 2000, Nathan Saper wrote: So these people are entitled to something for nothing? (or in this case, $1500 of treatment for $1000 of premiums)? That's the whole idea of insurance, isn't it? You're trolling, aren't you? Insurance is a good idea for the insured because it takes money to make money. On the topic of risk and insurance, and apropos discussion of reading lists, cypherpunks may find the book "Against the gods: The remarkable story of risk" by Peter Bernstein of interest. -- Greg Broiles [EMAIL PROTECTED]
Re: FBI gets new hacking tools - any ideas?
* "IP number capturing" software * "chat monitoring" software * "image matching" software * "steganography detection" software * a "framework for a program" to enable remotely searching subjects' PCs. Any of these could raise some obvious concerns. I'm curious if anyone might have a clear idea what "image matching software" is, and whether "steganography detection software" is even feasible and what one might do to defeat it. The others are fairly obivious in both intent and viability. Re image matching - see http://www.newsbytes.com/pubNews/00/153556.html for a press release from a private company today who are (trying to decode the PR-speak) using hashing to match files. The problem with using that technology with intercepts is that data over the wire will be packetized; so the surveilling software will need to reassemble streams of data to compare, or else store hashes of common packet sizes (like the max packet size for PPP, which is around 1500 bytes, IIRC). That still won't work well where the first packet is going to have a bunch of crap (err, headers) meant for interpretation by a requesting web browser - would probably work better for FTP's or Napster-like transfers. (Sure, it's possible to do the stream reassembly and header-stripping, but harder to do in realtime for appreciable bandwidth.) For stego detection, seems like it wouldn't be so hard to build a profile for expected entropy as a function of filetype and size, then look for out-of-profile traffic. See above for practical limits. Yesterday's Murky News (I left my copy on the train, alas) said that they got special access to the plea agreement in the Naughton case via a motion before the sentencing judge. -- Greg Broiles [EMAIL PROTECTED]
Re: U.S. Census question
At 08:45 AM 3/14/00, Duncan Frissell wrote: There were no prosecutions for census resistance in 1990 or 1980. Five people were prosecuted in 1970 (mostly libertarians). [...] I don't know what happened to the 5th person who was on the mainland somewhere and was an Objectivist. There's also United States v. Sharrow, 309 F.2 77 (2nd Cir, 1962), wherein Mr. Sharrow raised constitutional objections to his prosecution for failing to answer written and oral requests for census information; his conviction was upheld on appeal. Sharrow apparently intended to serve as a test case. His constitutional claims don't sound well-formed now, but perhaps 40 years ago they sounded more sensible. Also of interest may be 13 USC 223 - "Whoever, being the owner, proprietor, manager, superintendent, or agent of any hotel, apartment house, boarding or lodging house, tenement, or other building, refuses or willfully neglects, when requested by the Secretary or by any other officer or employee of the Department of Commerce or bureau or agency thereof, acting under the instructions of the Secretary, to furnish the names of the occupants of such premises, or to give free ingress thereto and egress therefrom to any duly accredited representative of such Department or bureau or agency thereof, so as to permit the collection of statistics with respect to any census provided for in subchapters I and II of chapter 5 of this title, or any survey authorized by subchapter IV or V of such chapter insofar as such survey relates to any of the subjects for which censuses are provided by such subchapters I and II, including, when relevant to the census or survey being taken or made, the proper and correct enumeration of all persons having their usual place of abode in such premises, shall be fined not more than $500."
3Com 3DES PCI Ethernet card
while on the topic of difficult-to-review security-related things .. has anyone on the list played with one of these? http://www.3com.com/products/dsheets/400517.html http://www.3com.com/products/dsheets/3cr990.html It's a 10/100 PCI Ethernet NIC with an onboard 168-bit 3DES coprocessor; supposedly it can offload IPSEC and TCP segment processing from the main OS/CPU. The data sheets mention support for lots of closed-source OS's, and it was apparently developed with close cooperation from Microsoft. Apparently the card and Windows 2000 communicate across an API which allows the card to handle DES, 3DES, MD5, and SHA-1. I don't know if I trust it and Win 2000 to provide real security .. but even if it's just a $90 3DES coprocessor, that would still be an interesting result for people working on hobbyist brute-force crack boxes. -- Greg Broiles [EMAIL PROTECTED]
Re: Digital Cameras, and Pocket Video Camcorders
At 11:43 AM 3/2/00, Tim May wrote: There are plenty of fine small 35mm cameras. One I liked several years ago was the Yashica with a ground-glass focussing screen which could be viewed for candid shots (camera held at a distance or at waist level) and a fine Zeiss lens. I assume something like it is still being made. This sounds like the Yashica T4; it's weatherproof and has a Zeiss f3.5 lens. UPS just dropped one off for me about 20 minutes ago; I don't have any film through it yet, but I've only heard good things about them. The extra focusing screen is what sold me on it, because it's perfect for taking pictures discreetly. I've had really good luck taking candid shots of people with my relatively primitive digital camera (an HP - it's a C20 or C30, can't remember the model number) which I can compose without holding the camera up to my face and thereby causing the subject to stiffen up and make their "someone's taking my picture" face. Cypherpunks being cypherpunks, I bet there are some Minox fans here, too.
Re: Cypherpunks List Turns to Shit: Film at 11
At 09:30 AM 2/20/00 -0800, Eric Cordian wrote: Since [EMAIL PROTECTED] mysteriously died, without explanation, there seems to be a large increase in the amount of crap, and the various other listservs seem to be carrying random subsets of the total traffic. I resuscrived myself via cyberpass and am receiving traffic again - I suspect perhaps someone deleted the list of subscribers. I get the impression cyberpass is now something of a Flying Dutchman server - I had an account on cyberpass/anonymizer which finally died because I couldn't get a customer service person (on the phone or via email) to talk to me long enough to write down my new credit card number after the old one expired. Why is toad even participating any more? Didn't it get junked after Gilmore's editorial binge? No, it, too, has continued to run in an unsupervised/uncontrolled fashion. What's funny is that the physical meetings in the SF Bay Area have been much better lately - their content is considerably more interesting than most list traffic. -- Greg Broiles [EMAIL PROTECTED]
Health care privacy/HIPAA
At last Saturday's physical meeting in the SF Bay Area, I mentioned HIPAA, recent federal health care legislation which includes a privacy component. In the absence of further Congressional action, the federal Department of Health and Human Services has created draft regulations intended to regulate information practices within the healthcare and health insurance industries. A summary of the draft regulations is available online at http://www.jhita.org/hipprs.htm, for those who would like to read more about these regulations. -- Greg Broiles [EMAIL PROTECTED]