F I D O N E W S -- Vol.10 No.15 (12-Apr-1993) +----------------------------+-----------------------------------------+ | A newsletter of the | | | FidoNet BBS community | Published by: | | _ | | | / \ | "FidoNews" BBS | | /|oo \ | +1-519-570-4176 1:1/23 | | (_| /_) | | | _`@/_ \ _ | Editors: | | | | \ \\ | Sylvia Maxwell 1:221/194 | | | (*) | \ )) | Donald Tees 1:221/192 | | |__U__| / \// | Tim Pozar 1:125/555 | | _//|| _\ / | | | (_/(_|(____/ | | | (jm) | Newspapers should have no friends. | | | -- JOSEPH PULITZER | +----------------------------+-----------------------------------------+ | Submission address: editors 1:1/23 | +----------------------------------------------------------------------+ | Internet addresses: | | | | Sylvia -- max@exlibris.tdkcs.waterloo.on.ca | | Donald -- donald@exlibris.tdkcs.waterloo.on.ca | | Tim -- pozar@kumr.lns.com | | Both Don & Sylvia (submission address) | | editor@exlibris.tdkcs.waterloo.on.ca | +----------------------------------------------------------------------+ | For information, copyrights, article submissions, | | obtaining copies and other boring but important details, | | please refer to the end of this file. | +----------------------------------------------------------------------+ ======================================================================== Table of Contents ======================================================================== 1. Editorial..................................................... 2 2. Articles...................................................... 2 The Cynic's Sandbox, v2.1BetaTestDoNotDistribute............ 2 The SIP_SURVIVOR Echo....................................... 3 LuxCon/EuroCon '93 announcement............................. 4 Ethical approaches to Postmastering"........................ 8 Alert!...................................................... 19 Caller ID Still Isn't Reliable.............................. 19 New VW echo starting!!!..................................... 21 School Music Echo........................................... 22 FREQ PRIME.ZIP from 1:18/98, 1:18/99, or 6:700/26 for networ 22 3. Fidonews Information.......................................... 23 FidoNews 10-15 Page: 2 12 Apr 1993 ======================================================================== Editorial ======================================================================== There is not much of an editorial this week; we have been busy enjoying ourselves . My son and his other have been sleeping on the living room floor en route from Vancouver to Moncton by thumb [maybe 6,000 km]. We have spent lots of hours talking about the road, and I don't think it has changed much since the sixties. We have an extremely interesting article on mail privacy reprinted by permission of the author. It is a bit longish, but fascinating reading. Thank goodness the policy articles seem to have burned themselves out, 'though caller id lingers on with nothing much new being said. I would like to read an article that said "I have caller id because I am a paranoid control freak ... " then another that said "I want to ban it because my users are paranoid, and I want them to be comfortable ...". Anyway, on to the snooze .......................cacti!. ======================================================================== Articles ======================================================================== The Cynic's Sandbox, v2.1BetaTestDoNotDistribute R. Cynic Was it March showers bring April flamewars, or the other way around? Caller*ID: For the man who has nothing to hide. Ol' Bill "Baldy" Shatner had it right... Get a life! Ever since this nifty Caller*ID debate came up, people have gotten *SO* serious. All this talking about MY system and MY privacy and MY right to know... Tch, tch. We're getting Caller*ID soon where I live. It should be kinda funny. I can't wait to be called a fake user 'cause I log on from a friend's house to get something for him. Ahhh... To be dumped from a BBS after seeing a polite banner like... HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! You though you could fool ME, didn't you? You stupid hacker. I hope you burn. I have your phone number, now, and I'll be calling the police 'cause I got the right to protect MY computer. Kiss off and die. HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! HACKER! ...Or, in reverse, to get a message from a user... FidoNews 10-15 Page: 3 12 Apr 1993 From: MAD DEATH 666 To : Sysop Subj: CALLR ID DEAR SYSOOP, I HOP THAT U R NOT U-ZING CALLR ID. I THINK THAT IT A VIOLASION OF MI PRIVASY. DO U HAVE ANY WAREZ? ALSO, CAN I GET ACESS TO ADULT SEXSHUN? Of course, Caller*ID does show hope. It's obvious that computer types are getting serious about security. I think that the alternate validation methods sure to come into play will help a lot. I hear that Hayes is introducing a DNA scanner that plugs right into any Optima modem and allows, for the first time, TOTAL SYSTEM SECURITY. I'll be looking forward to that, but I'll probably buy the announced system from US Robotics which plugs into any dual standard except a Sportster and operates at twice the speed. Pity they'll be incompatible. Rockwell is working on a DNA chipset, which will allow low-end modem vendors to integrate modem, fax, DNA scanning, and manicure capabilities onto one low-cost board. Should be fun. It's good to see some security-minded people out there nowadays. Next week: The policy development kit. Makes FidoNet policy documents and is still sharp enough to slice through an aluminum can! Did I mention, "Fits easily in ANY tacklebox?" ---------------------------------------------------------------------- The SIP_SURVIVOR Echo Rainbow Warrior 1:130/911.911 The SIP_SURVIVOR Echo WaZOO ... another echo. Big deal. What interest could yet another echo hold for me? In this case, plenty. SIP_SURVIVOR is an echomail forum dedicated to the discussion of the issues of survivors of incest and other forms of sexual abuse, and how to recover from the effects of that abuse using the Twelve Step model originally outlined in the book "Alcoholics Anonymous" by Bill W., Dr. Bob, and others. Most people think of Twelve Step programs in terms of addictions: alcohol, (Alcoholics Anonymous), other drugs (Narcotics Anonymous, Cocaine Anonymous, Overeaters Anonymous [food can be a drug]), and the like. But they don't realize that the Steps can be applied to recovery from sexual abuse. And in SIP_SURVIVOR, we discuss how. FidoNews 10-15 Page: 4 12 Apr 1993 SIP_SURVIVOR is an "open meeting." Anyone who wishes to learn how the Steps can be used to overcome the effects of incest or sexual abuse is welcome to participate, even if they are not themselves a survivor. Moderator-generated disucssion generally focuses on three programs: Survivors of Incest Anonymous (SIA), Incest Survivors Anonymous (ISA), and Incest Victims Anonymous (IVA). If there are any others, please send netmail and the moderator will be happy to include 'em. In compliance with the Sixth Tradition, SIP_SURVIVOR is not approved by SIA, ISA, IVA, AA, or any other Twelve Step program. No affiliation or endorsement with any Twelve Step program is implied or should be inferred. In compliance with the Eleventh Tradition, handles are encouraged. You need never use your real name in SIP_SURVIVOR. Feeds are currently private; we're seeking backbone distribution. (Send netmail to your REC asking him to support SIP_SURVIVOR!) If you'd like a feed, contact Barb Murphy at 1:130/911. EVERYONE is welcome to participate. Friends of Bill will receive a special welcome. Keep comin' back ... The Warrior 1:130/911.911 ---------------------------------------------------------------------- LuxCon/EuroCon '93 announcement LUXEMBOURG --- APRIL 5, 1993 We would hereby like to announce LuxCon/EuroCon '93 which will take place in Remich (just on the German border), Luxembourg between Friday the 2nd of July and Sunday the 4th of July 1993. ORGANIZERS Daniel Gulluni, 2:270/16@fidonet Joaquim Homrighausen, 2:270/17@fidonet (2:2/1993@fidonet) Andrew Milner, 2:270/18@fidonet Josy Minnemeister, 2:270/21@fidonet Francois Thunus, 2:270/25@fidonet PLACE OF THE CONFERENCE The four-star Hotel, HOTEL SAINT NICOLAS, situated on the Mosel with a splendid view of the river and the many vineyards surrounding it. SAINT NICOLAS is a Best Western Hotel with every- thing that is to be expected of a four-star Hotel. FidoNews 10-15 Page: 5 12 Apr 1993 LANGUAGE English. PRELIMINARY PROGRAM Friday 2/7/93 --------------- 1700-2000 Arrival and registration 2000-2200 Friday night welcoming dinner Saturday 3/7/93 --------------- 0800-1000 Breakfast 1000-1230 Product presentations and other sessions. We intend to run political and technical tracks comprising 30 to 60 minute sessions. 1230-1400 Lunch 1400-1800 More political and technical sessions. 2000-2200 Saturday evening dinner and raffle ("lottery"). Sunday 4/7/93 --------------- 0800-1000 Breakfast 1000-1200 Checkout from the Hotel 1200-1400 The annual harddisk throwing contest SPEAKERS AND SPONSORS > We are currently looking for speakers (political and technical) > for the sessions and companies to sponsor the prices given away > during the Saturday evening raffle ("lottery") and the harddisk > throwing contest. PROGRAM FOR ACCOMPANYING PERSONS Several activities are available to those who do not wish to take part in the sessions. These include a boat ride on the Mosel river, wine tasting along the Mosel, or simply lying out in the sun providing the weather is nice :-) TRAVEL DIRECTIONS > To be announced as we go along.. watch this space. Plane Train Car PARTICIPATION FEE The participation fee is LUF 5500.-, wich covers the sessions, FidoNews 10-15 Page: 6 12 Apr 1993 conference literature, all meals from Friday evening to Sunday morning (inclusive), an official LuxCon/EuroCon '93 t-shirt, two nights in a double room (double occupancy) at the Hotel. Payment can be made by transferring money to the bank or CCP (postal giro) account listed below. Please make sure that you transfer the correct amount (if your bank does not know what LUF is, tell them to transfer BEF, which is Belgian Francs). You are responsible for covering all transfer charges. Include your name, voice telephone number, and FidoNet network address. Transfers with an insufficient amount or information will not be honored as a valid registration. The rooms will be given on a first come, first serve basis (this is decided upon the arrival of the money transfer should it come to that). If there are no more rooms available, we will attempt to find a room in a Hotel nearby, but cannot guarantee this (in which case your money will, of course, be refunded). For those who wish to take the economy alternative, there is a camping ground in Remich (you must still register for the conference as indicated on the registration form below). The name of the responsible company is CAMPING EUROPE, telephone +352 698 018. REGISTRATION Print and fill out the registration form and mail it to the below address BEFORE the 1st of June 1993 (or include it in a NetMail message to Joaquim Homrighausen on 2:270/17@fidonet). Payment will be expected to arrive shortly after the registration form has been received. Joaquim Homrighausen 389, route d'Arlon L-8011 Strassen Luxembourg Late registration, between June 1st and July 1st 1993, is possible but carries an additional late-registration fee of LUF 750.- as indicated below. PAYMENT CCP (postal giro) ----------------- Cheque Postaux L-1090 Luxembourg Account #: CCP 108637-94 Joaquim Homrighausen Bank ---- Banque Generale du Luxembourg FidoNews 10-15 Page: 7 12 Apr 1993 L-2951 Luxembourg SWIFT bgll lu ll Telex 3401 bgl lu Account #: BGL 30-511818-80-010 Joaquim Homrighausen REGISTRATION FORM ---- cut here ---- cut here ---- cut here ---- Full name: ______________________________________________ Postal address: __________________________________________ __________________________________________ __________________________________________ Voice phone #: ___________________________ Nationality: ___________________________ eMail address: ___________________________ Accompanying: ______________________________________________ ______________________________________________ OPTIONS (check all that apply) COST (LUF) +---------+--------------------------------------------------+ : : : : YES : Complete conference package + 5500.- : : : : +---------+--------------------------------------------------+ : : : : ___ : Sharing the room between 3 people - 500.- : : : : +---------+--------------------------------------------------+ : : : : ___ : Single occupancy of room + 1000.- : : : : +---------+--------------------------------------------------+ : : : : ___ : Conference but no meals or Hotel - 3500.- : : : (includes Saturday lunch) : : : : +---------+--------------------------------------------------+ : : : : ___ : Late registration + 750.- : : : (1/06/93 - 1/07/93) : : : : +---------+--------------------------------------------------+ : : : : TOTAL : LUF .- : : : : +---------+--------------------------------------------------+ FidoNews 10-15 Page: 8 12 Apr 1993 REGISTRATION FORM ---- cut here ---- cut here ---- cut here ---- This file is also file requestable as LUXCON from 2:270/17@fidonet and 2:270/18@fidonet. // end of "luxcon.ann" ---------------------------------------------------------------------- Ethical approaches to Postmastering" Copyright 1990 Pat McGregor all rights reserved. "Averting One's Eyes -- Ethical approaches to Postmastering" Author Profile Pat McGregor Computing Systems Consultant II Network Systems Division of Information Technology Division 5115 IST Bldg. 2200 Bonisteel Blvd. Ann Arbor, MI 48109-2099 (313) 764-9430 Pat_McGregor@um.cc.umich.edu (Internet) UserW02V@umichum (BITNET) Institutional Profile: Name: The University of Michigan Location: Ann Arbor, MI Size: Students: 36,338 (Fall, 1989 enrollment) Faculty: 2,882.33 FTE Staff: 17,573.28 FTE The Information Technology Division supports over 50,000 users. We have no way to know how many academics, administrators, and library users we support, because we have no way to monitor usage at our over 2000 public workstations. In addition, all the offices on campus (staff, faculty, and graduate student) and every dorm room and family housing unit have data ports, of which approximately 60% are turned on. ITD Network Systems employs 198 people, both full and part-time. Abstract Being an electronic postmaster requires diligence, knowledge of mailing systems on many mail networks and host operating systems, and the ability to sit in front of a workstation, trying to decipher bounced mail headers, for long hours every week. It also requires that the postmasters be scrupulously ethical about the confidentiality of the mail that passes in front of them, despite the fact that sometimes in order to clear up a mail problem the text of the message comes up on the screen. FidoNews 10-15 Page: 9 12 Apr 1993 This paper explores some strategies used by campus postmasters on several campuses, and discusses some relevant issues of security, ethics, and responsible behavior. TEXT When the best way to send information to a colleague was to type it up, stick it in an envelope and entrust it to a postal carrier, few people had worries that the contents of that envelope would be seen by anyone but the intended recipient. "Tampering with the mails" was a federal offense, and the FBI would come after an offender with sirens screaming. Now, when electronic messages containing secret research results, resumes, corporate business plans, and love letters are flying around the world, some users have valid concerns about the confidentiality of their messages. Are they really "confidential"? Can anything that passes over a phone line be considered secure? What happens if there is a machine problem, or an incorrect address, or any of a dozen known mail disasters? Who sees the mail? As postmasters at the University of Michigan, my colleagues and I see more than a hundred bounced messages a week. We have no technological mechanism to keep us from reading the text of these messages; only our personal ethical systems and a code of responsibility for postmasters at our site keeps us from reading the text of users' messages. The question of confidentiality, and what responsibility postmasters have to keep the contents of mail confidential, is one that arises in conversation between postmasters, and in inquiries from users, on a regular basis. I decided to poll a group of postmasters to see how they felt about the issue, what guidelines they used, and what responsibility they felt toward the users' text. Methodology Subjects: Sixty-nine people at academic, public, private, and commercial sites responded to a survey sent to 136 postmasters. I sent the survey to a list of postmasteres the University of Michigan postmasters have dealt with in the last year or two, or who were on a list of postmasters in Michigan. I recognize that this is by no means a majority of the available postmasters around the world, but I knew from dealing with most of them on and off through the past years that they were responsive to mail from other postmasters and from users. (This in itself may be anomalous, but I choose to hope not!) I hoped this meant I would get a large return of my surveys, and I am quite pleased with my 51% return. Distribution: The survey instrument was distributed and returned by electronic mail. In one or two instances respondents had questions about the survey, and these clarification conversations were also held electronically. Statistical method: We(1) analyzed the responses to the survey FidoNews 10-15 Page: 10 12 Apr 1993 statistically with the goal of identifying and describing various groups and perspectives among the postmasters who responded. The survey combined closed-ended and open-ended questions; the former were coded for data entry directly from the survey. I grouped the open-ended responses to each question into a smaller number of categories; these categories were then coded as a series of dichotomous variables. This procedure facilitated later analysis by accepting any number of responses to a question from each postmaster who responded. After the data were entered, SPSSx (Statistical Package for the Social Sciences) was used to generate frequency and crosstab distributions. SPSSx also includes a multiple response procedure to facilitate tabulation of responses when each respondent could make any number of responses. From the (voluminous) output of these procedures, I could ascertain which attitudes and behaviors were congruent with a self-description of "confidential" and which were considered a central focus of confidentiality less often; these findings are presented in more detail below. Who responded to this survey? The average postmaster who responded is twenty-nine, has worked as a postmaster for two years, and supports 1500 users. He (only four of my respondents were female) works on a VMS or Unix machine that's devoted primarily to academic work, and has a bachelor's degree. Postmasters from all sorts of systems responded, including several from foreign countries: Canada, Ireland, Australia, and Japan. They ranged in age from twenty-one to fifty-three, and used eighteen different kinds of machines and operating systems. Only one respondent had been dealing with electronic mail for over ten years, while the majority had been in their jobs less than three years. Eighty percent had at least a college degree, but sixteen percent had only a high-school education and further on-the-job training. Some served as few as ten users, while the highest number of users was fifty thousand. The systems represented were overwhelmingly academic: fifty-three academic systems, four commercial, two public access systems, and four which were research or private use only. Defining confidentiality Overwhelmingly, when asked if they had a responsibility to keep users' mail confidential, the postmasters said "Yes". 94% of those who responded considered this a prime responsibility. (The other six percent, who were all on public or commercial systems, indicated that their users were not supposed to be using the mails for private or confidential mail, and therefore the postmasters felt no responsibility to keep the mails confidential.) Some postmasters felt this was a professional responsibility. Said one, "Unprofessionalism is the only reason for not respecting user privacy." Others cited the Electronic Communications Privacy Act of 1986, which requires that system owners keep confidential, under FidoNews 10-15 Page: 11 12 Apr 1993 penalty of law, the mail messages of users on that system. Some felt that responsibility for confidentiality went beyond the message text, and extended to traffic analysis as well. To quote one postmaster: Often traffic analysis is as revealing as actual message contents. One example of this from my own experience came from an affair between a faculty member and a secretary (both are married, not to each other). I was perusing the mail logs and noticed a lot of traffic between these two, and I thought it was a little unusual since these two would not normally have any job-related reasons for such extensive communication. About six months later the affair became common knowledge, and at that point I realized I was probably the first person to know about their affair. I have a medical background, and keeping such matters confidential is second nature to me. Other postmasters without such a background would do well to examine the medical profession for some lessons on how to handle confidential material that strays into their path. To look or not to look -- that is the question When I began this survey, I was working on the assumption that most postmasters work as my colleagues and I do: that the text (2) of the message was not to be read under any circumstances, and that should we happen to see the text, we forget it immediately and do not use any information we might gain from the text of the message. I quickly discovered that we are in the minority. Most of the postmasters who said mail was confidential also said there were legitimate reasons to look at the text of messages (48 out of 69, or 78%). By far the most common reason cited was to help re-direct the message. 53% of the respondents said that they would read the users' message for clues to help send the message back to the original sender or on to the intended recipient.(3) Another common reason was to scan the messages for improper or inappropriate use of the mails -- 29% look for harassing messages, illegal transactions, attempts to break into the system, etc. (Interestingly enough, most of the postmasters who said that they regularly scan the mails say that they use something like an editor scan to do this, rather than reading the contents of all the mail messages themselves. Ten respondents, however, stated categorically that scanning the mail for any reason was improper.) Postmasters in this study leave some of the responsibility on the users, too. "Accidents happen", commented ten in their responses. One respondent put it succinctly: Electronic mail is not a secure medium. It's the senders' responsibility to ensure the privacy of their messages. If they're not sure of the address they're sending to, they shouldn't put anything confidential in the text. Anything they don't want seen, and read, should be encrypted.(4) FidoNews 10-15 Page: 12 12 Apr 1993 When reading through the postmasters' comments, it was clear that most of them strongly believe that they act in a manner consistent with their ethical systems, and that they have given a lot of thought to confidentiality in mail systems. Confidentiality, it seems, consists in not looking unless you have to, and if you have to, treating what you see with respect. Or, as one of our foreign postmasters said, "... a postmaster is in the same position as a doctor -- peeking at personal e-mail is rather akin to viewing inside somebody's underpants -- there MAY be sound reasons for examining the contents but going out of one's way to do so is a bit kinky :-)"(5) Moral Dilemmas Sometimes what a postmaster sees creates ethical problems. If a postmaster sees a message in which personal or secret information is revealed, a postmaster may keep the information confidential but be troubled by it. Some find themselves in possession of information which indicates that an illegal transaction or inappropriate use of the system is going on. Most (65%) of the postmasters said that if they found information indicating a system abuse, they would immediately act on it. Their highest responsibility is to protect the system, and they take that responsibility very seriously. Personal information, like the affair that was mentioned above, is a different matter. Some of the postmasters indicated in their commentary that they tried to forget such information. Some created technological barriers for themselves to prevent the viewing of such information. Most hoped that they never had to make a decision about dealing with personal information that came into their possession.(6) Another dilemma for postmasters comes when they have permission to read the contents of users' mailboxes by virtue of their position. Fifty-three of our postmasters (77%) have privileged access. (It was in asking this question that we discovered how many hats most postmasters wear. Twenty-nine of them mentioned that they are also system administrators, and have unlimited access to any system file by virtue of that position. The others have unlimited access merely to accomplish their postmaster responsibilities.) However, in comparing the folks who believed there were good reasons to look in users' mailboxes against those who had access, only eight postmasters (less than half of those who believe in regularly scanning mail) believed this access should be regularly used. Technical fixes Technical fixes were also not common for general prevention against seeing text. Less than one-quarter of the respondents considered themselves to have a technological barrier to seeing the users' text. Only 25% of those who had a technical fix had a hard fix (that is, one which they had to exert special privileges or change code in order to see the message text): 19% used a filter which kept the text out of reach, and 6% encrypted the message text, FidoNews 10-15 Page: 13 12 Apr 1993 leaving only the headers in the clear. The others who considered themselves to have a technological fix were split half and half on a honor system where they only looked at bounced messages which couldn't get back to the sender or on to the recipient(7), or only read spool or file headers. "I close my eyes" By far the largest number of postmasters did not feel they had a technological barrier to seeing mail. Of those folks (80% of the total respondents), the three most common methods mentioned(8) as ways they avoided looking at text were to look away (45%), adjust the windowing on their screens to exclude the text (or attention out before the text scrolled by) (17%), or to ask the user's permission if it was impossible to fix the problem without reading the text (9%). (Interestingly enough, of those folks who said they wanted the user's permission before they went poking around in a mailbox, only two would use that permission even if they had it.) It was in asking about methods postmasters used to keep themselves from seeing users' text that the strongest statements about confidentiality and ethical behavior came out. As one of postmaster said, when asked the method he used: Self-restraint. The same thing that keeps me from performing most other unethical acts. Given my level of technical expertise, I do not regard "security systems" as any sort of deterrent. It's worth noting here that a large percentage (68%) of the respondents mentioned that they were simply too swamped with work to bother reading other people's mail, even if they were inclined to do so. Harassment, obscenity, and other inappropriate mail Unfortunately, as the telephone companies have discovered, some people want to use this marvelous new medium as a playground, or as a method of inflicting pain on another person. Electronic mail is a perfect opportunity to send harassing, obscene, or otherwise inappropriate messages to another person. While postmasters generally have given a lot of thought to their philosophies concerning what to do about user text, they are less certain about incidences of inappropriate mail. Seventeen of our postmasters (25% of the total) believe that there has never been such an incident at their site. (I confess, I'm inclined to believe that they simply don't know about it. In our experience, users will wait a long time without reporting harassment or obscene mail unless it's widely known that they have a resource for this situation. When we began advertising that there was a special office for handling these problems, reporting went up.) Some of them don't handle cases of inappropriate mail (29%). Of those who don't handle it themselves, four pass cases along to FidoNews 10-15 Page: 14 12 Apr 1993 campus security or the local police, and twenty-two let some other administrator handle it. A clear division of philosophy showed in deciding what to do about abusive or inappropriate mail when it happened. When asked whether they would wait for complaints or pursue a situation if they stumbled across one, 59% said they would wait for complaints, 23% said they would pursue it, and 10% said they would have to make a case-by-case determination. By and large, the largest group were those who would wait for complaints. "One person's harassment is another's amusement" was a frequently expressed sentiment (41%). However, there were some cases where postmasters felt obliged to step in, as in this comment: Material of a libelous nature, for example, is permissible in a private communication... Certain material is not permissible .... Child pornography is a good example of this. The Supreme Court just ruled that private possession of such material is illegal (as opposed to distributing it, which has been illegal for quite some time). Although I have never encountered such material, if I happened to find some in the course of my duties as postmaster I would have to contact the person responsible and ask them to remove it from the system. Failure to do so would make me (and the institution I work for) liable in any subsequent prosecution of the people involved. Other reasons for pursuing a problem that dropped into one's lap were system abuses (such as chain letters, attempts to break into the system or propagate virii or worms) or mail that came from another system. Off-site mail would, generally, be referred back to a postmaster at the originating site. "Mail is mail" Mailing lists(9) and newsgroups constitute a large part of the traffic on the network. Except for the case of usenet news, which is read with a special program, mailing lists are indistinguishable from most other mail messages. Because of mailing lists' public nature, I wondered how postmasters at other site regarded mailing list messages in terms of confidentiality. When asked if they considered mailing list mail in the same class as "regular" electronic mail, 42% said no. Of those folks who gave reasons for this answer, sixteen said that mailing list messages were intended for public distribution and thus not intended to be confidential or private. Twelve folks compared public mailing lists to junk mail or newspapers. The 56% who said "yes" indicated that they considered mailing lists like any other mail in terms of a need for confidentiality and respect for users' privacy. Sixteen felt this way because some FidoNews 10-15 Page: 15 12 Apr 1993 lists have restricted access and fourteen commented on the politically or personally sensitive contents of some mailing list discussions. Eleven postmasters felt that the identities of people who subscribed to mailing lists should be kept confidential, because of the personality or interest profile that could be inferred from a complete compilation of the sorts of lists a user subscribed to. Postmasters were sensitive to this: Although ostensibly anyone can get access to the same info by joining the list, membership itself on some lists may be considered sensitive. For instance, there is a gay-oriented list which one of my faculty members subscribed to, and the messages all began bouncing to the postmaster when he incorrectly set a forwarding address. This person may or may not care who knows about his subscription, but I can see where he might consider it sensitive information. Written ethics guidelines As networking constitutes a greater part of our lives, more and more personal information is loose on the nets. Codes of postmaster behavior, once handed down from guru to guru, may now need to be more formalized. Access to personal material is more prevalent, and mail is particularly susceptible to invisible monitoring. As one postmaster said: No byte of information in any computer system is immune to the knowledgeable systems programmer. The point here is that you can tell if your letter from Grandma has been opened, but you cannot tell if your electronic mail message has. This makes snooping easier and more prevalent by default. 83% of the respondents said they didn't have a written code of ethics for postmasters. Reasons given for why there was no policy varied across the board: 23% felt they didn't need such a thing, either because they wouldn't hire someone as a postmaster/system employee who wouldn't behave ethically or because postmaster ethics were common knowledge. 6% had orientation sessions in which postmaster ethics were discussed. 4% felt written policies of any sort were A Bad Idea. However, 15% of the total respondents wished there was a written policy, to help orient and train new postmasters or to cover gray areas. One quarter of those who had written policies felt that their general systems or employee policies covered postmasters as well as users. Two postmasters (both from religious private schools) indicated that Christian ethics covered the situation, and that they relied upon the Bible as a written policy for all occasions. Several postmasters commented that since the passage of the ECPA (10) in 1986, their sites have modified their systems use policies to include specifically use and misuse of mail. Major exceptions It's worth noting that commercial systems and public access systems had substantially differing views of user privacy with respect to mail than did academic systems. Of those who responded, nearly 10% were commercial or public access. The public access hosts were FidoNews 10-15 Page: 16 12 Apr 1993 extremely sensitive to their liability should illicit activities take place on their hosts. One public access "sysop" explained his approach to confidentiality this way: The mail on [this system] is specifically disclaimed from ECPA privacy in light of the fact that I operate a BBS on the machine and have no wish to have the authorities come seize the machine if some user does something illegal. Even so, I tend to preserve the confidence of information gleaned from mail that has to be seen. I have an automatic process that scans the mail daily for particular keywords and phrases that would indicate that phreaks or crackers are communicating via my system. If there is a suspicious item, a copy is pulled for closer inspection. So far, I have only has to read mail to/from one pair of users and it turned out that they had misrepresented themselves and were kicked off the system Commercial systems were equally cautious. One postmaster who works for a company which reputedly screens its employees tightly for ethical and moral fiber had this to say: Attached you will find your mail survey. Some of the questions are rather interesting. [Our company] doesn't appear to have similar problems with ethics as do some of the universities. It probably has do with the fact that employees are screened before they are hired to ensure that their ethics fall in line with the companies. Unfortunately, universities don't have such luxury. In the questionnaire, I mention that there aren't any formal policies regarding email. I believe that email would be covered under the terms of employment, which also specify acceptable ethics behavior. If somebody was foolish enough to use a corporate asset to harass somebody, or cause harm or interruption of service due to "hacking", then they probably would be terminated. Demographic Differences I asked a number of demographic questions, intended to see if we could distinguish behaviors of philosophies based on age, gender, number of years as a postmaster, systems or software used, or number of users served. No major discrepancies in behavior turned up. It's possible that our statistical "universe" was too small to differentiate such behavior trends. It's also possible that postmasters all tend to behave in an ethically consistent manner, despite the demographic differences. "Satisfaction guaranteed" Processing this survey has been a learning experience, and not just because of learning to handle statistical analysis. My expectations of postmasters have been largely met -- I had hoped to discover that the electronic information transfer medium was watched over by folks who would respect my privacy within the constraints of the technology, and I have not been disappointed. FidoNews 10-15 Page: 17 12 Apr 1993 I was surprised to see that there was no appreciable difference in approaches to ethical behavior among systems: some operating systems, such as Unix (tm), have a reputation for attracting mavericks; and some mail networks, such as BITNET, have extremely tight codes for appropriate behaviors. I was pleased to see that postmasters across the board regarded privacy and confidentiality as important, and would work to protect the system and the users' privacy equally. I would have liked to have seen more women as postmasters. Here at The University of Michigan, 50% of the postmasters and a large minority of the mail programmers are women. I hope that my sample is not representative of the larger whole, and that more than 12% of postmasters are women. (It's possible that many of the people who didn't respond to the question about gender were women. I have no way to tell.) On the whole, I think our users can be generally reassured that the electronic postmasters in their lives are concerned about the integrity of the mail system, both in terms of system security and user privacy. As electronic mail becomes a more prevalent method of communications (for both convenience, economic, and ecological reasons), it's nice to know that the tradition of confidentiality that we have grown to expect from our paper mail postmasters has been carried over into the electronic world. ---------------------------------------------------------- Footnotes (1) Erna-Lynne Bogue, a doctoral candidate in Social Work at the University of Michigan, and a SPSSx consultant, did all the SPSSx programming. She also taught me how to interpret the results, helped me pinpoint places to explore further, and encouraged me to learn a great deal about statistics while doing this project. (2) "Text" in this paper is defined to be the content of the message; the information that the user is transmitting. (3) Postmasters sometimes see messages in which the headers have been so thoroughly mangled that the origins are completely mysterious. For this reason, by the way, it's a good idea to include your name and electronic mail address at the end of your message, so that your recipient will know what you think your address is in case of problems. (4) Or, as another put it, "Users put the most astonishing things in electronic mail, and assume that nobody will ever see it. It never fails to amaze me the things that people say to each other over electronic mail that they probably don't say to each other in the bedroom." (5) For those of you who may be unfamiliar with the "smiley face" in electronic communications, turn the page sideways. The ) is a mouth. (6) One anecdote is particularly telling. To quote the respondent: FidoNews 10-15 Page: 18 12 Apr 1993 [The story starts with a description of a bug in a mailer that left a number of messages in the postmaster's queue. The respondent describes his usual practice of reading only the first 30 lines, since usually those 30 lines are only header material.] One of the dead items originated locally. Hence, it had comparatively few headers, and [the first 30 lines] took care of all the headers and showed me the body as well. It was from one of my co-workers, written to a friend with whom I also work professionally on the side from time to time. Although I didn't intend to read it, certain words caught my eye without really looking deliberately, and it became immediately obvious that my co-worker and this friend were having an affair. To say that this made me uncomfortable is to put the matter most mildly. My co-worker is married and the co-worker's spouse is also an acquaintance of mine. And I have a little (but not much) professional contact with the spouse as well. It was clear that the co-worker had not informed the spouse of the matter. The friend is also married and the friend's spouse was not aware, either. I have to work with my co-worker and frequently I am in a position where I can't really afford not to work with the friend. Now, whether two people want to carry on an affair with one another is mostly their own business. Whether I agree with it or not is almost entirely irrelevant, especially considering that my beliefs do not coincide with my friend's and my co-worker's anyway. But now I was in a position where a co-worker whom I trusted was violating the spouse's trust. And likewise for the friend and the friend's spouse. It became obvious to me in rather short order that it was going to be difficult to work with either of them, knowing the lack of trust being shown to their respective spouses. After some considerable internal warring against myself over what to do, I approached my co-worker, explained what I'd learned and the (innocent) circumstances by which I'd learned it, and said that I thought there were 3 things that could be done. The two of them could break off the relationship; they could tell their spouses about it and (I suppose) get the spouses' approval for them to continue; or I could resign. There wasn't really any way I could see myself continuing to work with people that I had to trust in order to get work done, while knowing this violation of trust was going on. And I don't think I really cared which way the matter went. As it happened, they broke off the relationship. Whether spouses were told about the matter, I can't say. I have since written a small tool which looks at this type of dead letter to show me JUST the headers. (7) One postmaster called these trapped messages "bounce-o-grams". FidoNews 10-15 Page: 19 12 Apr 1993 (8) Not all respondents made comments, of course, which is why sometimes the numbers in these sections dealing with commentary don't always add up. (9) "Mailing lists" are defined for the purposes of this paper to be public or semi-public lists or digests, such as Info-IBMPC, INTER-L, or other such public discussions. Private mailing lists, such as those created by individual users and which are not open for the public to join, are not included. (10) Electronic Communications Privacy Act. ---------------------------------------------------------------------- Alert! By: Stanton McCandlish Dear editor, please publish this little note prominently and save people a lot of money! NOTICE: 1:301/2 is NOT the support board for the Scrabble door, and has not been for years! That guy moved. Stop wasting money sending me netmail about it, eh. Within about a month I WILL have this door abvailble by FREQ, since it is unlikely that people will stop try to FREQ it for a few years. FREQ SCRABBLE.ZIP. Thanks! ---------------------------------------------------------------------- Caller ID Still Isn't Reliable Jack Decker Fidonet 1:154/8 CALLER ID STILL ISN'T RELIABLE After reading the debate over Caller ID that has been raging in the last few issues, I have to wonder if anyone stopped to notice the point that Caller ID is NOT yet reliable. Specifically, it is quite possible for a call to come in indicating that the calling number has been blocked by the caller, when in fact the caller has done no such thing. In my previous article on the subject, I pointed out how ALL calls from certain exchanges in California were being shown as "blocked" on displays in other states (Caller ID isn't being made available in California itself), in what some feel is a blatent attempt by Pac*Bell to get customers to complain to the California Public Utilities Commission (when their calls to other states won't go through), in the hope that the California PUC will drop their insistance that unlisted calling numbers be blocked by default. The speculation here is that the erroneous display is intentional; that is, that Pac*Bell knows that their CUSTOMER never intended to block display of his number, but that Pac*Bell itself chooses to present the "blocked" message in an attempt to gain political leverage with the PUC. FidoNews 10-15 Page: 20 12 Apr 1993 However, there is a saying that one should never attribute to malice what can be adequately explained by stupidity... and thus we bring you this report from New York, courtesy of a reader of the Internet Telecom Digest (also known as the comp.dcom.telecom moderated newsgroup): Date: Sun, 4 Apr 1993 20:48:22 GMT From: gleick@Panix.Com (James Gleick) Newsgroups: comp.dcom.telecom Subject: Re: Block-the-Blocker CallerID Feature Message-ID: Organization: PANIX Public Access Unix, NYC Sender: Telecom@eecs.nwu.edu In dan@quiensabe.az.stratus.com (Dan Danz) writes: > ... this little sucker (when enabled) will say "This party will not > accept blocked calls" and disconnect. It also records the fact that > it received and blocked the call. In New York, where Caller ID is being implemented, slowly, Nynex has provided the following peculiarity. If you get a call from an exchange that will *soon* have Caller ID enabled, but doesn't yet, it shows up as Blocked, not as Out of Area. Explanation? The switching equipment is now capable of passing the CLID information along, but the caller has not yet had the opportunity to select the blocking option. So the phone company has decided to mark *all* calls as blocked. (Their explanation, not mine.) If I had the equipment you describe, I wouldn't be receiving any local calls for a while. [End of forwarded message from the Telecom Digest] By way of explanation, the device originally mentioned in the quoted section of the above message apparently does for voice calls what some Fidonet sysops want to do on data calls, that is, it prevents calls from "blocked" numbers from ever getting through. The point that needs to be emphasized repeatedly is that Caller ID technology IS NOT YET RELIABLE. In some cases calls WILL show up indicating that the caller has blocked transmission of his or her number, when in fact the caller has done no such thing (and may not even be aware of what Caller ID is!). It seems that those who want to argue in favor of using Caller ID exclusively for verification want to completely ignore this point. It reminds me of the folks who will argue that cellular telephone conversations are now secure (in the United States) because the law says that folks can't legally listen to them, completely ignoring the fact that there are still thousands of scanners out there capable of FidoNews 10-15 Page: 21 12 Apr 1993 receiving the cellular frequencies. You would think that folks who work with a technology would want to be aware of the limitations of that technology, but I guess it's more convenient to ignore flaws in the system (at least until they adversely affect you personally). Again, I am not saying that you shouldn't use Caller ID as ONE method of verification. All I am saying is that a call comes in as "blocked", you might want to at least assume that it could be some hapless soul calling who has no idea that the phone company is telling you that he has blocked the display of his phone number, and provide some alternate method of access. Even a one-screen display explaining the situation and inviting the person to call the sysop on a voice line (or to send a letter of explanation) would be nicer than just assuming it's some twit trying to be anonymous, or trying to crash your system. Sometimes sysops (and even programmers) just get too smart for their own good (or at least their callers' good). I recall when the original Opus BBS software rejected any city name with less than four characters, presumably under the theory that any real city name was at least four characters long. Of course, this caused nothing but trouble for callers from Ada, Michigan (suburb of Grand Rapids and home of the Amway Corporation). It's bad enough to be discriminated against by humans for no fault of your own, but when computers start doing it, it can be really maddening. Please use the new technology wisely, and realize that it ain't perfect yet! ---------------------------------------------------------------------- New VW echo starting!!! Andy Heckel Fido 1:203/15 After hooking up to the Fido echo AUTOMOTIVE, I've started to see others like myself interested in a specific manufacturer echo. Since I am a VW nut, I figured I may as well jump on the bandwagon, take the reins, and go for it, (kinda like jumping head first into an empty pool). So, this is to announce the newest, (as of this moment), Fido echo, VOLKS. If you would like to add this echo to your BBS, send me netmail at 1:203/15, and I'll set you up. Hopefully, this may eventually make it on to the backbone, if there is enough demand for it. So help out and if you love your VW as much as I do, areafix it today!!! FidoNews 10-15 Page: 22 12 Apr 1993 School Music Echo by Ian Levstein 1:249/121 Areatag: ORCHESTRA Although there are many FidoNet echoes dealing with music, there is a serious lack of information concerning school music. To that end, several of us have put together an echo specifically dealing with all aspects of school music - concert band, orchestra, choir, marching band, and other such groupings. We also discuss other aspects of music such as: film scores, community and professional orchestras, conductors, and the like. This echo began a number of months ago and at present has about a dozen nodes attached covering Southern Ontario to Texas and points in between. We would like to see this echo grow and hopefully get backboned at some point in the future. If you are interested in receiving this echo, please netmail any of these persons - we deliver at v32b! Ian Levstein 1:249/121 (Kingston, Ontario) John Rappold 1:279/30 (Huntington, WV) Tony White 1:124/5117 (Dallas, TX) As Nietzsche said: Life without music would be a mistake. ---------------------------------------------------------------------- The HOLY_BIBLE Echo and the PRIME Network Steve Winter FidoNet 1:18/98 Please spread this info around. Thanks!! *************************************************************** * __________ __________ ___ ________ * * | | | | | |\ /| | * * | | | | | | \ / | | * * |________| |________| | | \ / | |______ * * | | \ | | \/ | | * * | | \ | | | | * * | | \ | | | | * * | | \ _|_ | | |_______ * * * * 'The sun never sets on the PRIME network' * *************************************************************** * PreRapture(tm) International Message Exchange * *************************************************************** With nodes in USA, CANADA, EUROPE, ASIA, and growing. PRIME is the Only True Christian worldwide network on earth. * Both Religious (Christian) and non-religious conferences. * FidoNews 10-15 Page: 23 12 Apr 1993 A wholesome, family oriented network with a strict policy against profanity, lewdness, obscenity etc.. Features echos on educational and technical topics. * Elaborate Bible Discussion and Debate * False Preachers Exposed * 919-286-3962 * 919-286-3606 * 919-286-3266 * 919-286-2100 Using USRobotics Dual Standard Modems V.32bis-14,400 / HST-16800bps FREQ PRIME.ZIP from 1:18/98, 1:18/99, or 6:700/26 for network kit * -={ HOLY_BIBLE Echo Conference }=- Available through the PRIME Network and on the FidoNet Zone 1 and Zone 2 Backbone * The only true Christian Conference in FidoNet * ******** Acts 2:38 *++++++* John 3:5 *+ ** +* **************+ ** +************* *+++++++++++ ++++++++++* *+ ******* HOLY_BIBLE ****** +* *+++++++++++ ++++++++++* **************+ ** +************* *+ ** +* Gal 1:8 *+ ** +* Mark 12:29 *+ ** +* I Tim 3:16 *+ ** +* Acts 2:4 *+ ** +* Isa 45:21 *+ ** +* Mark 16:16 *+ ** +* Acts 10:46 *++++++* Acts 19:5 ******** Hebrews 5:9 Acts 22:16 James 1:22 HOLY_BIBLE (C)Copyright 1988-93 Steve Winter, All rights reserved worldwide (with contributers retaining all rights to their contributions) A very strict conference designed to expose fakes! ---------------------------------------------------------------------- ======================================================================== Fidonews Information ======================================================================== ------- FIDONEWS MASTHEAD AND CONTACT INFORMATION ---------------- Editors: Sylvia Maxwell, Donald Tees, Tim Pozar Editors Emeritii: Thom Henderson, Dale Lovell, Vince Perriello, Tom Jennings IMPORTANT NOTE: The FidoNet address of the FidoNews BBS has been changed!!! Please make a note of this. "FidoNews" BBS FidoNet 1:1/23 <---- NEW ADDRESS!!!! BBS +1-519-570-4176, 300/1200/2400/14200/V.32bis/HST(DS) FidoNews 10-15 Page: 24 12 Apr 1993 Internet addresses: Don & Sylvia (submission address) editor@exlibris.tdkcs.waterloo.on.ca Sylvia -- max@exlibris.tdkcs.waterloo.on.ca Donald -- donald@exlibris.tdkcs.waterloo.on.ca Tim -- pozar@kumr.lns.com (Postal Service mailing address) (have extreme patience) FidoNews 172 Duke St. E. Kitchener, Ontario Canada N2H 1A7 Published weekly by and for the members of the FidoNet international amateur electronic mail system. It is a compilation of individual articles contributed by their authors or their authorized agents. The contribution of articles to this compilation does not diminish the rights of the authors. Opinions expressed in these articles are those of the authors and not necessarily those of FidoNews. Authors retain copyright on individual works; otherwise FidoNews is copyright 1993 Sylvia Maxwell. All rights reserved. Duplication and/or distribution permitted for noncommercial purposes only. For use in other circumstances, please contact the original authors, or FidoNews (we're easy). OBTAINING COPIES: The-most-recent-issue-ONLY of FidoNews in electronic form may be obtained from the FidoNews BBS via manual download or Wazoo FileRequest, or from various sites in the FidoNet and Internet. PRINTED COPIES may be obtained from Fido Software for $10.00US each PostPaid First Class within North America, or $13.00US elsewhere, mailed Air Mail. (US funds drawn upon a US bank only.) BACK ISSUES: Available from FidoNet nodes 1:102/138, 1:216/21, 1:125/1212, (and probably others), via filerequest or download (consult a recent nodelist for phone numbers). A very nice index to the Tables of Contents to all FidoNews volumes can be filerequested from 1:396/1 or 1:216/21. The name(s) to request are FNEWSxTC.ZIP, where 'x' is the volume number; 1=1984, 2=1985... through 8=1991. INTERNET USERS: FidoNews is available via FTP from ftp.ieee.org, in directory ~ftp/pub/fidonet/fidonews. If you have questions regarding FidoNet, please direct them to deitch@gisatl.fidonet.org, not the FidoNews BBS. (Be kind and patient; David Deitch is generously volunteering to handle FidoNet/Internet questions.) SUBMISSIONS: You are encouraged to submit articles for publication in FidoNews. Article submission requirements are contained in the file ARTSPEC.DOC, available from the FidoNews BBS, or Wazoo filerequestable from 1:1/23 as file "ARTSPEC.DOC". Please read it. FidoNews 10-15 Page: 25 12 Apr 1993 "Fido", "FidoNet" and the dog-with-diskette are U.S. registered trademarks of Tom Jennings, Box 77731, San Francisco CA 94107, USA and are used with permission. Asked what he thought of Western civilization, M.K. Gandhi said, "I think it would be an excellent idea". -- END ----------------------------------------------------------------------