**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.04 (January 28, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto RESIDENT SYSTEM CRASH VICTIM:: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (2) cudarch@chsun1.uchicago.edu E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS THIS ISSUE: File 1: Moderators' Corner File 2: From the Mailbag File 3: BMUG's ECPA Commentary (reprinted with permission from BMUG File 4: The CU in the News ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #3.04, File 1 of 4: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: January 28, 1991 ++++++++++ In this file: 1. LEN ROSE UPDATE 2. FIRST CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY 3. FTP INFO AND WIDENER CRASH ++++++++++ +++++++++++++++++++ Len Rose Update +++++++++++++++++++ Len Rose's trial, originally scheduled for January 28, has been pushed back to April 1 because of a superceding indictment related to the same facts. Len is currently represented by Catterton, Kemp, and Mason of Rockville, Md. The EFF's amicus brief in the case is available from the CuD archives or directly from EFF. +++++++++++++++++++++++ First Conference on Computers, Freedom and Privacy +++++++++++++++++++++++++ Don't forget The First Conference On Computers, Freedom and Privacy coming up on March 25-28. The conference will be held at the Airport SFO Marriott Hotel in Burlingame (that's the San Francisco Airport about 15 minutes south of the city for out-of-towners). All are invited, but participation is limited to the first 600 registering. For more information, contact JWARREN@WELL.SF.CA.US or WELL!JWARREN@APPLE.COM ++++++++++++++++++++++++++++++ FTP Info and Widener Crash +++++++++++++++++++++++++++++++ The Widener ftp site is experiencing some problems and is down for awhile. But, the others are currently working. Back issues of cuds on Compuserve are in: DL0 of the IBMBBS sig. Added to the archives: A dozen more state computer statutes, NIA #69 (which came out last month), Phantasy #4, and a few other things. An anonymous contributor also deposited about a dozen or more university computer policies/regulations in the "legal" directory which are well worth reading. Thanks to the donor! Brian Peretti also send over his "Computer Publication and the First Amendment," which we also recommend. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Assorted Subject: From the Mailbag Date: January 29, 1990 ******************************************************************** *** CuD #3.04, File 2 of 4: From the Mailbag *** ******************************************************************** Subject: New address for ATI. From: Ground Zero <gzero@TRONSBOX.XEI.COM> Date: Tue, 22 Jan 91 18:07:55 EST Dear ATI Readers: Hello!! Those of you who attempted to send mail to us may have noticed that it bounced back or didn't make it here. Due to some changes in our home site, ATI now has a new address. Our new address is: gzero@tronsbox.xei.com As always, do send all correspondence to the above address and NOT the address this message is comeing from (the one beginning with "zero-list"). Due to changes in our home site, the release of ATI54 has been delayed. However, we're working on it, and you should expect to see ATI54 within a few days. See ya then! ++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Nigel Allen <chinacat!uunet!contact!ndallen@CS.UTEXAS.EDU> Subject: Algorithm: A Newsletter for People Who Enjoy Programming Date: Thu, 24 Jan 91 04:23 EST Algorithm: A Newsletter for People Who Enjoy Programming For one year now, A.K. Dewdney (author of Scientific American's popular Computer Recreations column) has been publishing a newsletter (or is it a magazine?) called Algorithm. Appearing bi-monthly, Algorithm features a wide range of topics in each issue, mostly centered around fascinating programming projects of the kind we used to see in Computer Recreations. Besides Dewdney, Clifford Pickover (JBM's graphic genius), Michael Ecker (formerly of Creative Computing) and Dennis Shasta (creator of the Dr. Ecco puzzles) also write columns for Algorithm. Each issue features Algoletters from vendors with projects and ideas to share, the four programming columns just mentioned, stimulating articles and reviews of weird and wonderful programs written by individuals and small companies. The basic vehicle of Algorithm is algorithms. By specifying program ideas in pseudocode, the publication makes them available in a language-independent form. The emphasis in mainly recreational and (dare I say it?) educational. Topics range from fractals and chaos to cellular automata, scientific simulation and computer games. The scope is wide open and engaging. Anyone wishing a free inspection copy of Algorithm should drop a line to Algorithm, P.O. Box 29237, Westmount Postal Outlet, 785 Wonderland Road, London, Ontario, CANADA N6K 1M6. Alternatively, they can send me e-mail (ndallen@contact.uucp) or reply to this message, and I'll forward the request to Algorithm. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: sjackson@TIC.COM(Steve Jackson) Subject: More on What to Say when the Warrant Comes Date: Sun, 2 Dec 90 12:54:28 cst (1) Regarding "Don't Talk To The Police" in CuD 2.14: I question the statement that >He cannot legally place you under arrest or enter your home without a >warrant signed by a judge. If he indicates that he has such a warrant, >ask to see it. A person under arrest, or located on premises to be >searched, generally must be shown a warrant if he requests it and must be >given a chance to read it. It is important to be VERY POLITE AND CAREFUL when refusing to cooperate with police, unless you are locally powerful and have lots of witnesses. And even then, politeness and care are worthwhile. Your "rights" can evaporate instantly if you antagonize an officer, especially if there are no disinterested witnesses. Your friends and family are not disinterested enough to worry a hostile officer; he may arrest them, too. Regarding "place you under arrest" - If, in the process of refusing entry to a police officer, you demonstrate a "bad attitude," the officer may be motivated to FIND a reason to arrest you. Any display of a weapon, any possibly-illegal item or situation visible from where the officer stands, any threat against the officer's person, or (depending on local law) any behavior the officer can characterize as indicative of drunkenness or drug use . . . BANG, you're under arrest. And, in some situations, the officers can now search your home because they arrested you. If, for instance, they observed an illegal weapon, they can now reasonably suspect that there are more. In the process of searching for more weapons, they will naturally keep their eyes open for the original object of the search. Regarding "signed warrant" - The general lay public believes, as I did before March 1, that no search may be conducted if the police cannot show you a signed search warrant. But *this does not appear to be true.* When my office was invaded, the agents did *not* show a signed search warrant; they showed a photocopy with many spaces, including the space for a judge's signature, STILL BLANK. Nevertheless, no resistance was made to their search. And it seems that this is just as well. Later that day, when I asked my attorney what would have happened if we had objected to the lack of a signature, I was told "Everybody who resisted the search would have been handcuffed and taken downtown for obstructing officers in the performance of their duties." It appears - and I have been trying, to no avail, to get an authoritative statement on this - that if officers HAVE a signed search warrant - or if they believe that a judge has signed a copy of their warrant, even if they themselves don't have a signed copy - then they can conduct a legal search. In the latter case, they obviously can't show a signed warrant; they don't have one! My point is that the common belief that "they have to show you a SIGNED warrant" may be a misconception that can get a citizen into serious trouble. We really need to get an authoritative clarification on this. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: "Ofer Inbar" <cos@CHAOS.CS.BRANDEIS.EDU> Date: Wed, 23 Jan 91 13:02:55 est Subject: Discussion of Dark Adept's articles (con't) In CuD #3.03, file 2, David Daniel wrote a critique of Dark Adept's latest essay. Although much of David's essay was well thought out, there are points which I think he should reconsider. >manufacture and/or market it. Mr. Adept expressed his belief that a user >interface was generic. I'm sure we could find many hard working programmers >who would heartily disagree as well as corporate executives who have >overseen the expenditure of many thousands or man-hours and dollars in the >development of a unique software product. Don't they deserve a return on >their investment? Mr. Adept denies the existence of license agreements when It's quite likely that the interface had already been developed by someone else. If it were not protected by some other company's legal department, the corporation in question would never have had to spend thousands of dollars on developing it in the first place. If everyone has to spend money reinventing the wheel, it's only fair to entitle them to some return on their investment. But wouldn't it be nice if the wheel was free to begin with? If someone comes up with some interface that is truly new, they deserve some protection for a limited time. If their invention is really wonderful, they will get back far more than they spent. This is in fact the reasoning behind patents. However, patents have a life of seven years (I think), which in most markets is a limited time but in the computer world translates to eternity, since anything new is bound to be obsolete long before seven years are over. >their investment? Mr. Adept denies the existence of license agreements when >he asserts that an inefficient company can tie up a good interface by tying >it to a bad program. He also denies the idea of a joint marketing venture >by two or more companies which combine their strongest products. Mr. Adept does not deny the existence of these possibilities. Nor, in fact, does he deny the possiblity of the developer putting it's interface in the public domain. His complaint was about giving the developer the power to tie things up. Not every company has such enlightened attitudes. Some, like Adobe, choose to charge exorbitant license fees; PostScript could have been a unifying standard, but instead we are now seeing a rebellion against Adobe which will result in several standards confusing everyone. Others, like Lotus, choose not to allow anyone to use their interface, and sue everyone who tries. Others, like Apple, appropriate someone else's interface, and then take the same attitude as Lotus does. >Mr. Adept wrote about the danger of protecting algorithms since they are >merely mathematical models. Should we consider DOS and BIOS in the same >category? Should these proprietary packages be freely circulated without >compensation? It might be an attractive utopian concept but not workable >within our present system. Why is it not workable? DOS and BIOS are far from just algorithms. On the other hand, shell sort is a clever algorithm, and I'm certainly glad someone didn't try to patent it and charge license fees from every programmer who used it. Remember the scare when it seemed Unisys was going to enforce their perceived rights to LZW compression? Would it be good if Unisys had the right to outright prohibit a programmer from using LZW compression without prior written permission from them? +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= Subject: Dark Adept's Response to posts From: Dark Adept <deleted@thenets.edu> Date: Tue, 22 Jan 91 23:57:25 CST First, I would like to thank everyone who had a comment, criticism, or suggestion about my previous articles. I take all such comments to heart, and try to improve my thinking and writing processes with them. Second, I feel some of the criticisms have been my fault. I will try to briefly clear these areas up: 1) When refering to IBM's "release" of their operating system, I was talking about BIOS, not DOS. DOS is, of course, the property of Microsoft and/or IBM depending on whether it is MS or PC. I apologize for this misunderstanding. BIOS is IBM's own product. I did not mean to misrepresent anyone. 2) My use of the masculine pronouns is intended to be generic. This usage comes from how I was taught English. I stand by it. I have yet to see an English grammar manual that states this is an incorrect usage. I try to write in standard formal English, and this is how I was taught. 3) "his [first] wife's maiden name" is actually a line from the Hacker's Anthem by the Cheshire Catalyst. It was meant as an inside joke. Still, I have not met a female system operator -- yet. I hold no malice toward any women in the computer field, and I apologize. 4) I thank David Daniel for representing the corporate voice re patents and copyrights. However, I never stated DOS and BIOS were algorithms and should be free. Yet the way they interface programs should be in the public domain (DoubleDos and 4DOS come to mind?). Also, certainly, proprietary source and object code should be protected. I was attempting to say the output generated (i.e., the interface) and the algorithm that creates it should not be protected. I do not know whether this changes his position or not, but I feel that my position should be clear. Again, thank all of you for your comments and articles that have responded to mine. The more opinions all of us receive, the more all of us can learn. This was my goal, and it appears that I have succeeded. The Dark Adept ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Reprint from BMUG (Berkeley MacIntosh Users' Group) Subject: BMUG's ECPA Commentary (reprinted with permission from BMUG Date: January, 1991 ******************************************************************** *** CuD #3.04, File 3 of 4: The Politics of the ECPA of 1986 *** ******************************************************************** The Politics of the Electronic Communications Privacy Act of 1986 Copyright (C) 1990, Bernard Aboba. All rights reserved. The Electronic Communications Privacy Act (ECPA) of 1986 was a landmark piece of legislation which is likely to affect online services and hobbyist bulletin boards for many years to come. Since the ECPA is a complex and often arcane piece of legislation, it is very hard to understand without looking at the history of how it came to be. In understanding the politics of ECPA, this article relies heavily on the transcripts of the House Judiciary Committee Hearings on H.R. 3378, which eventually became the Electronic Communications Privacy Act. During the hearings on ECPA in 1985-86 only one member of the online service industry, The Source (subsequently acquired by Compuserve) submitted an opinion. Though endorsing the bill, the assessment hinted at possible long term costs imposed by the lack of preemption of state standards. However, this one page assessment hardly made an impression on the hearings compared with the impressive lineup of spokesmen from the ACLU, cellular communications firms, Regional Bell Operating Companies (RBOC's), broadcasting groups, credit and banking firms, and computer and telecommunications industry associations, all lined up in support of the bill. Only the U.S. Department of Justice, manufacturers of scanning equipment, and amateur radio associations expressed strong reservations about the bill. However, since the passage of ECPA, the long term costs of the legislation and its effects on commercial and hobbyist conferencing systems have become apparent. Ironically, none of these effects were anticipated at the hearings. Outline of ECPA Broadened Protection of Communications The ECPA amended the Omnibus Crime Control and Safe Streets Act of 1968 (which covered wire tapping of common carriers) to prohibit monitoring of all electronic communications systems not designed to be accessible by the public. This includes voice, data, and video on non-public systems, and applies to communications regardless of the mode of transmission. Search and Seizure To obtain access to communications such as electronic mail, the government is required to obtain a warrant on probable cause. Law enforcement must also obtain a court order based on reasonable suspicion before obtaining toll records of telephone calls.or gaining access to records of an electronic communications system which concern specific communications. Criminal Penalties Criminal penalties can result from unauthorized access to computers if messages are obtained or altered. Felony charges can be brought if the violation was commited maliciously or for commercial gain, in which case the act is punishable by up to one year imprisonment and a $250,000 fine. In other cases, a term of imprisonment of six months and a maximum fine of $5,000 is applicable. Civil Penalties Civil damages may be pursued for violation of the rights contained in the act. Disclosure Electronic communications systems operators may not disclose electronic messages without authorization except in special circumstances. The Politics of ECPA The ECPA was supported by the cellular phone, telephone, packet switching, paging, and broadcasting industries; private firms owning large communications networks, miscellaneous computer and communications trade associations, the ACLU and Consumer's Union, and credit bureaus. Law enforcement agencies were supportive, but skeptical. The only vigorous opposition came from amateur radio associations, and manufacturers of scanning equipment which, while protesting loudly, saw few of their recommended modifications enacted into law. Also playing a role were sponsoring legislators, such as Senator Patrick Leahy of Vermont, and Charles Mathias of Maryland, as well as Representatives Robert Kastenmeier and Carlos Moorhead. Senator Leahy, in his opening remarks at the hearings on the bill, set the stage for the legislation: "At this moment phones are ringing, and when they are answered, the message that comes out is a stream of sounds denoting ones and zeros.... What is remarkable is the fact that none of these transmissions are protected from illegal wiretaps, because our primary law, passed back in 1968, failed to cover data communications, of which computer to computer transmission are a good example. When Congress enacted that law,Title III of the Omnibus Crime Control and Safe Streets Act of 1968, it had in mind a particular kind of communication - voice - and a particular way of transmitting that communication - via a common carrier analog telephone network. Congress chose to cover only the "aural acquisition" of the contents of a common carrier wire communication. The Supreme Court has interpreted that language to mean that to be covered by Title III, a communication must be capable of being overheard. The statue simply fails to cover the unauthorized interception of data transmissions." Senator Leahy also had more practical reasons for supporting the bill. The rapidly growing U.S. cellular communications industry had become alarmed by the ease with which cellular communications could be monitored. Television sets built during the period 1966-1982 were capable of picking up cellular conversations on UHF channels 80-83. This was possible because cellular communications used the same frequency modulation techniques utilized in transmitting television sound. In addition, scanning equipment which for several hundred dollars was capable of receiving cellular communications in the 800 Mhz band. During 1985, several incidents threatened to make the vulnerability of cellular communications into front page news. For example, private conversations of state legislators in Austin were intercepted and made available in the public press, with embarrassing consequences. This ease of reception threatened the viability of the cellular industry. In response, according to Richard Colgan of the Association of North American Radio Clubs, "cellular firms resorted to pervasive misrepresentation of the actual interception vulnerability of cellular. " In fairness to the cellular industry, cellular communications does provide certain inherent protections against interception. For example, since each half of the conversation is transmitted on different frequencies, usually it is only possible to listen in on one side of a conversation. In addition, while it is easy to pick up some conversation, it is difficult to pick up a particular conversation of interest. Also, the frequencies will shift during passage from one cell to another. However, given the relatively large cell size, frequencies are likely to be stable over the average life of a call. In his remarks, Senator Leahy stated that the ECPA was needed to help the cellular industry get off the ground, and that the American people and American business wanted the ECPA. A more emotional defense was made by John Stanton, Executive VP of McCaw Communications, who stated "The inhibition of the growth of cellular technology and paging technology, forced by the lack of privacy, is unfair." Law enforcement interests and businesses were also in favor of the bill. In 1986, the nation was just becoming aware of the threat posed by computer crime, and the need for laws allowing prosecution of perpetrators. The ECPA was therefore viewed by elements of law enforcement and business as a vehicle for criminalizing the act of breaking into computers. Businesses such as GTE Telenet, EDS, and Chase Manhattan thus supported the ECPA as a computer crime bill. Telephone companies such as AT&T even attempted to tack on additional computer crime provisions covering breaking into to their switching equipment. In retrospect, the preoccupation with computer crime distorted evaluations of the ECPA. Computer crime was more effectively addressed by state penal code revisions such as California Penal Code Section 502 - Computer Crime, and Section 499c - Trade Secrets. The purpose of ECPA was to insure privacy rather than to define the criminal uses of computers. The cellular industry had no such illusions. Mr. Philip Quigley, CEO of pacTel Mobil Co. described the economic benefits of ECPA by noting that without legislation, "defending the right (to privacy) could take years of litigation." "Individuals can use scanning devices today... (it is our intent) to merely excise out... the capability that exists today to zone in on the channels and the frequencies that are associated with cellular telephony." Without the ECPA, the industry would have faced incorporation of expensive encryption technology into their systems. For example, John Stanton of McCaw testified that "Encryption devices make it difficult to roam from system to system," generated scratchy sound, and required 30% more investment for the base unit, and 100% for the phone. Mr. Colgan's estimated high grade commercial encryption as costing $40 for the encryption chip (quantity one), plus associated circuitry . In either case, the net cost for several million subscribers was estimated in the tens if not hundreds of millions of dollars. Industry associations such as ADAPSO pointed out the trade benefits of the legislation, since Asia had not developed privacy protection, although Europe had done so. John Stanton of McCaw commented that if the U.S. passed the ECPA, then it would enjoy superior communications privacy to that available in Europe. Representatives of the nation's amateur radio enthusiasts were among the staunchest opponents of the bill. Richard Colgan of the Association of North American Radio Clubs represented their position. "While we have no animosity towards cellular, we cannot sit idly by while they use their influence to make dubious changes in public policy, largely to benefit their bottom lines..." In response to the concerns of amateur radio enthusiasts, and scanner manufacturers, the interception standard was changed from "willful" to "intentional," so as to allow for "inadvertent" interceptions. Manufacturers of scanning equipment were vigorously opposed to ECPA since the use of their devices was restricted by the act. Richard Brown of Regency Electronics, a manufacturer of radio band scanners, argued cellular radio licensees have never had any expectation of privacy, that cellular operators, not the public, should bear the burden of securing cellular communications, and that protecting specific radio frequencies was imprudent. This last point deserves elaboration. Under ECPA, monitoring of cordless phone frequencies is not prohibited, although it is hard to argue that the average individual's "expectation of privacy" is any different for a cordless phone than it would be for a cellular phone. In fact, an educated individual might even expect less privacy for a cellular call, argued Richard Colgan, because the range of cellular communications is so much larger than for cordless phones, thus making interception easier. Among the most careful analyst of the ECPA was the U.S. Department of Justice, as represented by James Knapp, deputy assistant attorney general of the criminal division. Knapp concurred with the Amateur Radio enthusiasts that cellular and cordless phone technology, as well as tone and voice pagers, were easily intercepted, and therefore could not presume an "expectation of privacy." Knapp also expressed skepticism about the wisdom of criminalizing hobbyist behavior. Knapp was however in favor of extending coverage to electronic mail. Finally, he argued for extension of the crimes for which wire tapping could be authorized, beyond those enumerated in Title III. This suggested modification to the act was subsequently incorporated. In contrast to the detailed arguments submitted by the parties discussed above, the one page letter submitted by The Source had a minor impact at best, suggesting that the ECPA, by not preempting state statutes, could expose the online service industry to an entangling web of federal and state statutes. Analysis of the Economic Effects of ECPA The parts of ECPA which have ramifications for online services and hobbyist bulletin boards mostly have to do with access to stored messages. While access to services are often offered via a packet switching network, or could even be achieved via use of cellular modems or other radio transmissions, worries about the privacy of such access are not likely to be major concerns of customers. An important aspect of ECPA is the presence of both criminal and civil penalties. This provides an important incentive for aggrieved parties to pursue litigation through contingency fee arrangements. The implications of this for the online service business are serious. For example, the fee for sending an EasyPlex message on Compuserve is on the order of a few dollars, depending on the time spent in composing the message. For that fee, Compuserve takes on the responsibility of not disclosing the message, which could conceivably be worth millions to the sender and intended recipient. Firms Submitting Opinions on H.R. 3378 Phone Companies Southwestern Bell AT&T Ameritech Pacific Telesis Bell South Northwestern Bell United States Telephone Assoc. Radio Association of North American Radio Clubs American Radio Relay League National Association of Business & Educational Radio Cellular PacTel Mobile McCaw Communications Motorola Centel Hobbyists Communications Packet Switching GTE Telenet Misc. Associations Electronic Mail Association ADAPSO National Assoc. of Manufacturers Assoc. of American Railroads IEEE Paging Telocator Network Computers Tandy Law Enforcement U.S. Dept. of Justice Online Services The Source Citizen's Groups ACLU Consumer's Union Firms with Private Networks Chase Manhattan EDS Scanner Manufacturers Dynascan Regency Electronics Uniden Credit Bureaus American Credit Services Broadcasters National Assoc. of Broadcasters Radio-TV News Directors Association Satellite TV Industry Association CBS Source: Hearings, Committee on the Judiciary, House of Representatives, H.R. 3378, ECPA, 99th Congress, No. 50, 1986. Of course, this burden is not theirs alone. Operators of corporate communications systems (who were big supporters of ECPA) are also likely targets. Indeed, several ECPA suits against employers and municipalities have recently been filed. The potential for litigation also exists for hobbyist systems such as computer bulletin boards. Government regulations fit into two categories: economic regulation, and social regulation. In the economic category are price controls on crude oil, and tarriffs. Equal opportunity legislation is a regulation of the social type. The cost of a social regulation can be broken down into two parts. One is the cost of complying with the regulation, either by modification of business practices, or payment of imposed penalties; another is the cost of resolving ambiguities in the legislation through establishment of case law. In the case of ECPA, reflection discloses that the establishment of precedent is likely to be the more expensive than compliance. For example, for a service to modify sysop access privileges, and to introduce encryption of private mail and passwords would probably entail an expenditure on the order of a few million dollars for software development and testing. In contrast, were only 0.01% of Compuserve's subscribers to file an ECPA lawsuit, given 500,000 subscribers, and average legal fees and penalties per case of $100,000, the bill would come to over $10 million. Due to its concentration on cellular industry concerns, the ECPA concentrates more on insuring privacy for users than on limiting the responsibilities of providers. Due to differences between messages in transit and stored messages, cellular firms end up forcing the costs of privacy onto hobbyists and outsiders, while providers of online services are forced to bear these costs themselves. In view of the potentially horrendous litigation burdens, there is a strong incentive to limit the ability of system administrators to read or disclose private mail. The key to complying with the act is the notion of "expectations of privacy." This notion governs both the legal aspects of ECPA, and determinants of end user satisfaction. Under the ECPA, privacy is only enforced for systems in which users were lead to "expect privacy." Thus a sysop has two alternatives: to explicitly address those expectations via an education campaign, or to play a game similar to the cellular industry, in denying that privacy is a significant issue. One of the concerns voiced by the cellular industry in backing ECPA was that their budding industry could ill afford the cost of solidifying the right to privacy via litigation or adoption of encryption technology. Yet that is precisely the course that the ECPA has forced on the online service industry. Nor were the concerns of a budding industry entirely genuine. Within the next two years, the revenues of cellular communication firms will exceed those of all the participants in the information services industry. Bibliography 1. Electronic Communications Privacy Act of 1986, Public Law 99-508, 99th Congress, 2nd session. 2. Hearings of the Committee on the Judiciary, House of Representatives, H.R. 3378, Electronic Communications Privacy Act, 99th Congress, No. 50, 1986. 3. California Penal Code, Section 502, Computer Crime, 502.7 Obtaining telephone or telegraph services by fraud, 499c, trade secrets. 4. Wallace, Jonathan, and Lance Rose, SYSLAW, L.L.M Press, New York City, 1990 ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: The CU in the News Date: January, 1991 ******************************************************************** *** CuD #3.04, File 4 of 4: The CU in the News *** ******************************************************************** Subject: Lotus Drops Suit From: Anonymous Date: Sun, 24 Jan 91 01:21:00 EST From: New York Times, January 24, 1991, p. C3 (By Lawrence M. Fisher) SAN FRANCISCO, Jan. 23 - The Lotus Development Corporation and Equifax Inc. said today that they had canceled plans to sell a database of names, addresses and marketing information on 120 million United States consumers. The companies said their decision came after they had received 30,000 calls and letters from individuals wishing to have their names and personal information deleted from the database. The companies said they believed the public misunderstood the product and that the costs of addressing privacy concerns had made Marketplace:Households no longer viable. Lotus will also discontinue Market-lace:Business, a similar product with information on seven million United States businesses, which began shipment in October. Mr. Manzi said the business product was not viable without the revenues from the consumer version." +++++++++++++++++++++++++++++++++++++++++++++++++++ From: cdp!mrotenberg@labrea.stanford.edu Subject: CPSR FOIA Suits Seeks Gov't Computer Policy Date: Sun, 13 Jan 91 19:20:35 PST PRESS RELEASE Release: Friday, 1/4/91 CPSR Washington Office, 1025 Connecticut Ave., NW, Washington DC 20036 For more information: David Sobel Marc Rotenberg 202/775-1588 LAWSUIT SEEKS BUSH DIRECTIVE ON COMPUTER SECURITY WASHINGTON - Computer Professionals for Social Responsibility ("CPSR") filed a lawsuit in Federal District Court today to obtain a classified government directive on computer security. The document at issue was signed by President Bush on July 5, 1990. It is intended to replace a controversial security policy signed by President Reagan in 1984. The Reagan policy, designated "NSDD 145," put the super-secret National Security Agency ("NSA") in charge of computer security, raising concerns about government secrecy. Congress sought to limit NSA's role through passage of the Computer Security Act of 1987, which transferred responsibility for federal computer security to the National Institute for Standards and Technology, a civilian agency. The administration contends that the revised directive complies with the Computer Security Act, but so far has released to the public only an unclassified summary of the new directive. According to Marc Rotenberg, Director of CPSR's Washington Office, "Computer security policy should not be made behind closed doors or through the issuance of classified directives. At a time when computer technology touches every aspect of our lives, it is essential that the public be fully informed about our government's policy." CPSR first requested a copy of the revised directive from the Defense Department under the Freedom of Information Act last August. The organization also sought a copy from the National Security Council the following month. To date, neither agency has responded to CPSR's requests. The Freedom of Information Act provides a legal right for individuals to obtain records held by government agencies. According to CPSR Legal Counsel David Sobel, "Agencies are required to respond to requests within ten working days. When agencies fail to respond within a reasonable period of time, requesters often begin legal proceedings to obtain the information." CPSR is a national membership organization of computer scientists. Its membership includes a Nobel Laureate and four recipients of the Turing Award, the highest honor in computer science. CPSR has prepared reports and presented testimony on computer technology issues, including NSDD 145, at the request of Congressional committees. The case is CPSR v. National Security Council, et al., Civil Action No. 91-_____, U.S. District Court for the District of Columbia, January 4, 1991. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: well!mercury@APPLE.COM(Michael Edward Marotta) Subject: Thoughts on the Bill of Rights Date: Tue, 22 Jan 91 21:52:34 pst GRID News. vol 2 nu 2. January 23, 1991. World GRID Association, P. O. Box 15061, Lansing, MI 48901 USA -------------------------------------------------------------------- "The Bill of Rights" by Michael E. Marotta. (54 lines) When agents of the US Secret Service raided publishers in 1990 while chasing The Legion of Doom, they demonstrated that the paradigms of cyberspace are not well understood. Therefore, identifiers must be used to show that this activity is protected by the Bill of Rights. Copyright notices are one identifier. A copyright is earned whenever an idea achieves physical expression or "realization". Two copies of the publication (or two photographs of a work of art) are send to the Library of Congress along with a registration fee. Books, sound recordings, and films may be copyrighted. A copyright can be given to the mass production of a work in the public domain, such as the Bible. You could write out by hand an original poem, send two xeroxes to the Library of Congress (along with the registration fee) and earn a copyright on your work. When the United States joined the Berne Convention in December of 1988 (effective March 1, 1989), life became easier --- perhaps too easy. By default, every realization is automatically copyrighted to the creator, whether or not copies are sent to the Library of Congress. A copyright notice on the login screen announces that the BBS contains works of non-fiction, fiction, art or other production that are protected by the First Amendment. The First Amendment also promises that the People have the right to PEACEABLY ASSEMBLE to seek redress of grievances against the government. A BBS is an assembly and can host assemblies. The Supreme Court has often and consistently shown that this right to peaceably assemble is also the right to association. Most BBSes support message bases. Discussions on religion are specially protected by the First Amendment. The Bill of Rights contains two purposely broad articles, the Ninth and Tenth. The Ninth Amendment says that there are more rights than the ones listed in the Bill of Rights. The Tenth Amendment limits the federal government to its enumerated powers and gives all other powers to the States (except where prohibited) or to the People (apparently without special reservation or stipulation). For instance, without stretching the meaning of "religion" or requiring that we photograph blackboards, it is strongly argued that there is a Right to Scientific Inquiry. This strongly assertable right protects experiments with encryption algorithms. There may be a Right to Travel. This would extend to the lawful use of communication systems to "visit" a computer, whether or not you actually "enter" the computer. (Internet syntax tolerates users who chat though not logged in.) To the extent that a computer is a weapon, its ownership is protected under the Second Amendment. Indeed, when Saddam Hussein's storm troopers rolled into Kuwait, "Hack Iraq" messages appeared on some systems. The Bill of Rights is your Best Friend. Sleep with it. ******************************************************************** ------------------------------ **END OF CuD #3.04** ********************************************************************