****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 3, Issue #3.04 (January 28, 1991)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith / Bob Kusumoto
RESIDENT SYSTEM CRASH VICTIM::  Brendan Kehoe

USENET readers can currently receive CuD as alt.society.cu-digest. Back
issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (2) cudarch@chsun1.uchicago.edu
E-mail server: archive-server@chsun1.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles relating to
the Computer Underground.  Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

CONTENTS THIS ISSUE:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: BMUG's ECPA Commentary (reprinted with permission from BMUG
File 4: The CU in the News

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

----------------------------------------------------------------------

********************************************************************
***  CuD #3.04, File 1 of 4: Moderator's corner                  ***
********************************************************************

From: Moderators
Subject: Moderators' Corner
Date: January 28, 1991

++++++++++
In this file:
1. LEN ROSE UPDATE
2. FIRST CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY
3. FTP INFO AND WIDENER CRASH
++++++++++

+++++++++++++++++++
Len Rose Update
+++++++++++++++++++

Len Rose's trial, originally scheduled for January 28, has been pushed back to
April 1 because of a superceding indictment related to the same facts. Len is
currently represented by Catterton, Kemp, and Mason of Rockville, Md.
The EFF's amicus brief in the case is available from the CuD archives or
directly from EFF.

+++++++++++++++++++++++
First Conference on Computers, Freedom and Privacy
+++++++++++++++++++++++++

Don't forget The First Conference On Computers, Freedom and Privacy coming
up on March 25-28. The conference will be held at the Airport SFO Marriott
Hotel in Burlingame (that's the San Francisco Airport about 15 minutes
south of the city for out-of-towners).  All are invited, but participation
is limited to the first 600 registering.  For more information, contact
JWARREN@WELL.SF.CA.US or WELL!JWARREN@APPLE.COM

++++++++++++++++++++++++++++++
FTP Info and Widener Crash
+++++++++++++++++++++++++++++++

The Widener ftp site is experiencing some problems and is down for awhile.
But, the others are currently working.  Back issues of cuds on Compuserve
are in: DL0 of the IBMBBS sig.  Added to the archives: A dozen more state
computer statutes, NIA #69 (which came out last month), Phantasy #4, and a
few other things. An anonymous contributor also deposited about a dozen or
more university computer policies/regulations in the "legal" directory
which are well worth reading. Thanks to the donor!  Brian Peretti also send
over his "Computer Publication and the First Amendment," which we also
recommend.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From:  Assorted
Subject: From the Mailbag
Date: January 29, 1990

********************************************************************
***  CuD #3.04, File 2 of 4: From the Mailbag                    ***
********************************************************************

Subject: New address for ATI.
From: Ground Zero <gzero@TRONSBOX.XEI.COM>
Date: Tue, 22 Jan 91 18:07:55 EST

Dear ATI Readers:

Hello!!  Those of you who attempted to send mail to us may have noticed
that it bounced back or didn't make it here. Due to some changes in our
home site, ATI now has a new address. Our new address is:

       gzero@tronsbox.xei.com

As always, do send all correspondence to the above address and NOT the
address this message is comeing from (the one beginning with "zero-list").

Due to changes in our home site, the release of ATI54 has been delayed.
However, we're working on it, and you should expect to see ATI54
within a few days.
     See ya then!

++++++++++++++++++++++++++++++++++++++++++++++++++++

From: Nigel Allen <chinacat!uunet!contact!ndallen@CS.UTEXAS.EDU>
Subject: Algorithm: A Newsletter for People Who Enjoy Programming
Date: Thu, 24 Jan 91 04:23 EST

Algorithm: A Newsletter for People Who Enjoy Programming

For one year now, A.K. Dewdney (author of Scientific American's popular
Computer Recreations column) has been publishing a newsletter (or is it a
magazine?) called Algorithm. Appearing bi-monthly, Algorithm features a
wide range of topics in each issue, mostly centered around fascinating
programming projects of the kind we used to see in Computer Recreations.
Besides Dewdney, Clifford Pickover (JBM's graphic genius), Michael Ecker
(formerly of Creative Computing) and Dennis Shasta (creator of the Dr. Ecco
puzzles) also write columns for Algorithm. Each issue features Algoletters
from vendors with projects and ideas to share, the four programming columns
just mentioned, stimulating articles and reviews of weird and wonderful
programs written by individuals and small companies.

The basic vehicle of Algorithm is algorithms. By specifying program ideas
in pseudocode, the publication makes them available in a
language-independent form. The emphasis in mainly recreational and (dare I
say it?) educational. Topics range from fractals and chaos to cellular
automata, scientific simulation and computer games. The scope is wide open
and engaging.

Anyone wishing a free inspection copy of Algorithm should drop a line to
Algorithm, P.O. Box 29237, Westmount Postal Outlet, 785 Wonderland Road,
London, Ontario, CANADA N6K 1M6. Alternatively, they can send me e-mail
(ndallen@contact.uucp) or reply to this message, and I'll forward the
request to Algorithm.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: sjackson@TIC.COM(Steve Jackson)
Subject: More on What to Say when the Warrant Comes
Date: Sun, 2 Dec 90 12:54:28 cst

(1) Regarding "Don't Talk To The Police" in CuD 2.14: I question the
statement that

>He cannot legally place you under arrest or enter your home without a
>warrant signed by a judge.  If he indicates that he has such a warrant,
>ask to see it.  A person under arrest, or located on premises to be
>searched, generally must be shown a warrant if he requests it and must be
>given a chance to read it.

It is important to be VERY POLITE AND CAREFUL when refusing to cooperate
with police, unless you are locally powerful and have lots of witnesses.
And even then, politeness and care are worthwhile. Your "rights" can
evaporate instantly if you antagonize an officer, especially if there are
no disinterested witnesses. Your friends and family are not disinterested
enough to worry a hostile officer; he may arrest them, too.

Regarding "place you under arrest" - If, in the process of refusing entry
to a police officer, you demonstrate a "bad attitude," the officer may be
motivated to FIND a reason to arrest you. Any display of a weapon, any
possibly-illegal item or situation visible from where the officer stands,
any threat against the officer's person, or (depending on local law) any
behavior the officer can characterize as indicative of drunkenness or drug
use . . . BANG, you're under arrest. And, in some situations, the officers
can now search your home because they arrested you.  If, for instance, they
observed an illegal weapon, they can now reasonably suspect that there are
more. In the process of searching for more weapons, they will naturally
keep their eyes open for the original object of the search.

Regarding "signed warrant" - The general lay public believes, as I did
before March 1, that no search may be conducted if the police cannot show
you a signed search warrant. But *this does not appear to be true.* When my
office was invaded, the agents did *not* show a signed search warrant; they
showed a photocopy with many spaces, including the space for a judge's
signature, STILL BLANK.

Nevertheless, no resistance was made to their search. And it seems that
this is just as well. Later that day, when I asked my attorney what would
have happened if we had objected to the lack of a signature, I was told
"Everybody who resisted the search would have been handcuffed and taken
downtown for obstructing officers in the performance of their duties."

It appears - and I have been trying, to no avail, to get an authoritative
statement on this - that if officers HAVE a signed search warrant - or if
they believe that a judge has signed a copy of their warrant, even if they
themselves don't have a signed copy - then they can conduct a legal search.
In the latter case, they obviously can't show a signed warrant; they don't
have one!

My point is that the common belief that "they have to show you a SIGNED
warrant" may be a misconception that can get a citizen into serious trouble.
We really need to get an authoritative clarification on this.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: "Ofer Inbar" <cos@CHAOS.CS.BRANDEIS.EDU>
Date: Wed, 23 Jan 91 13:02:55 est
Subject: Discussion of Dark Adept's articles (con't)

In CuD #3.03, file 2, David Daniel wrote a critique of Dark Adept's latest
essay.  Although much of David's essay was well thought out, there are
points which I think he should reconsider.

>manufacture and/or market it.  Mr. Adept expressed his belief that a user
>interface was generic. I'm sure we could find many hard working programmers
>who would heartily disagree as well as corporate executives who have
>overseen the expenditure of many thousands or man-hours and dollars in the
>development of a unique software product. Don't they deserve a return on
>their investment? Mr. Adept denies the existence of license agreements when

It's quite likely that the interface had already been developed by someone
else.  If it were not protected by some other company's legal department,
the corporation in question would never have had to spend thousands of
dollars on developing it in the first place.

If everyone has to spend money reinventing the wheel, it's only fair to
entitle them to some return on their investment.  But wouldn't it be nice
if the wheel was free to begin with?

If someone comes up with some interface that is truly new, they deserve
some protection for a limited time.  If their invention is really
wonderful, they will get back far more than they spent.  This is in fact
the reasoning behind patents.  However, patents have a life of seven years
(I think), which in most markets is a limited time but in the computer
world translates to eternity, since anything new is bound to be obsolete
long before seven years are over.

>their investment? Mr. Adept denies the existence of license agreements when
>he asserts that an inefficient company can tie up a good interface by tying
>it to a bad program. He also denies the idea of a joint marketing venture
>by two or more companies which combine their strongest products.

Mr. Adept does not deny the existence of these possibilities.  Nor, in
fact, does he deny the possiblity of the developer putting it's interface
in the public domain.  His complaint was about giving the developer the
power to tie things up.  Not every company has such enlightened attitudes.
Some, like Adobe, choose to charge exorbitant license fees; PostScript
could have been a unifying standard, but instead we are now seeing a
rebellion against Adobe which will result in several standards confusing
everyone.  Others, like Lotus, choose not to allow anyone to use their
interface, and sue everyone who tries.  Others, like Apple, appropriate
someone else's interface, and then take the same attitude as Lotus does.

>Mr. Adept wrote about the danger of protecting algorithms since they are
>merely mathematical models. Should we consider DOS and BIOS in the same
>category? Should these proprietary packages be freely circulated without
>compensation? It might be an attractive utopian concept but not workable
>within our present system.

Why is it not workable?  DOS and BIOS are far from just algorithms.  On the
other hand, shell sort is a clever algorithm, and I'm certainly glad
someone didn't try to patent it and charge license fees from every
programmer who used it.  Remember the scare when it seemed Unisys was going
to enforce their perceived rights to LZW compression?  Would it be good if
Unisys had the right to outright prohibit a programmer from using LZW
compression without prior written permission from them?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=


Subject: Dark Adept's Response to posts
From: Dark Adept <deleted@thenets.edu>
Date: Tue, 22 Jan 91 23:57:25 CST

First, I would like to thank everyone who had a comment, criticism, or
suggestion about my previous articles. I take all such comments to heart,
and try to improve my thinking and writing processes with them.

Second, I feel some of the criticisms have been my fault. I will try to
briefly clear these areas up:

1) When refering to IBM's "release" of their operating system, I was
talking about BIOS, not DOS.  DOS is, of course, the property of Microsoft
and/or IBM depending on whether it is MS or PC.  I apologize for this
misunderstanding.  BIOS is IBM's own product.  I did not mean to
misrepresent anyone.

2) My use of the masculine pronouns is intended to be generic.  This usage
comes from how I was taught English.  I stand by it.  I have yet to see an
English grammar manual that states this is an incorrect usage.  I try to
write in standard formal English, and this is how I was taught.

3) "his [first] wife's maiden name" is actually a line from the Hacker's
Anthem by the Cheshire Catalyst.  It was meant as an inside joke.  Still, I
have not met a female system operator -- yet.  I hold no malice toward any
women in the computer field, and I apologize.

4) I thank David Daniel for representing the corporate voice re patents and
copyrights.  However, I never stated DOS and BIOS were algorithms and
should be free. Yet the way they interface programs should be in the public
domain (DoubleDos and 4DOS come to mind?). Also, certainly, proprietary
source and object code should be protected.  I was attempting to say the
output generated (i.e., the interface) and the algorithm that creates it
should not be protected.  I do not know whether this changes his position
or not, but I feel that my position should be clear.

Again, thank all of you for your comments and articles that have responded
to mine.  The more opinions all of us receive, the more all of us can
learn.  This was my goal, and it appears that I have succeeded.

The Dark Adept

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Reprint from BMUG (Berkeley MacIntosh Users' Group)
Subject:  BMUG's ECPA Commentary (reprinted with permission from BMUG
Date:     January, 1991

********************************************************************
***  CuD #3.04, File 3 of 4: The Politics of the ECPA of 1986    ***
********************************************************************

The Politics of the Electronic Communications Privacy Act of 1986

Copyright (C) 1990, Bernard Aboba.  All rights reserved.

The Electronic Communications Privacy Act (ECPA) of 1986 was a landmark
piece of legislation which is likely to affect online services and hobbyist
bulletin boards for many years to come.  Since the ECPA is a complex and
often arcane piece of legislation, it is very hard to understand without
looking at the history of how it came to be.   In understanding the
politics of ECPA, this article relies heavily on the transcripts of the
House Judiciary Committee Hearings on H.R. 3378, which eventually became
the Electronic Communications Privacy Act.

During the hearings on ECPA in 1985-86 only one member of the online
service industry, The Source (subsequently acquired by Compuserve)
submitted an opinion.    Though endorsing the bill, the assessment hinted
at possible long term costs imposed by the lack of preemption of state
standards.  However, this one page assessment hardly made an impression on
the hearings compared with the impressive lineup of spokesmen from the
ACLU, cellular communications firms,  Regional Bell Operating Companies
(RBOC's), broadcasting groups, credit and banking firms, and computer and
telecommunications industry associations, all lined up in support of the
bill.

Only the U.S. Department of Justice, manufacturers of scanning equipment,
and amateur radio associations expressed strong reservations about the
bill. However, since the passage of ECPA, the long term costs of the
legislation and its effects on commercial and hobbyist conferencing systems
have become apparent.  Ironically, none of these effects were anticipated
at the hearings.

Outline of ECPA

Broadened Protection of Communications

The ECPA amended the Omnibus Crime Control and Safe Streets Act of 1968
(which covered wire tapping of common carriers) to prohibit monitoring of
all electronic communications systems not  designed to be accessible by the
public.  This includes voice, data, and video on non-public systems, and
applies to communications regardless of the mode of transmission.

Search and Seizure

To obtain access to communications such as electronic mail, the government
is required to obtain a warrant on probable cause.  Law enforcement must
also obtain a court order based on reasonable suspicion before obtaining
toll records of telephone calls.or gaining access to records of an
electronic communications system which concern specific communications.

Criminal Penalties

Criminal penalties can result from unauthorized access to computers if
messages are obtained or altered.  Felony charges can be brought if the
violation was commited maliciously or  for commercial gain, in which case
the act is punishable by up to one year imprisonment and a $250,000 fine.
In other cases, a term of imprisonment of six months and a maximum fine of
$5,000 is applicable.

Civil Penalties

Civil damages may be pursued for violation of the rights contained in the
act.

Disclosure

Electronic communications systems operators may not disclose electronic
messages without authorization except in special circumstances.  The
Politics of ECPA

The ECPA was supported by the cellular phone, telephone, packet switching,
paging, and broadcasting industries;  private firms owning large
communications networks,  miscellaneous computer and communications trade
associations,  the ACLU and Consumer's Union, and credit bureaus. Law
enforcement agencies were supportive, but skeptical. The only vigorous
opposition came from amateur radio associations,  and manufacturers of
scanning equipment which, while protesting loudly, saw few of their
recommended modifications enacted into law.

Also playing a role were sponsoring legislators, such as Senator Patrick
Leahy of Vermont, and Charles Mathias of Maryland, as well as
Representatives Robert Kastenmeier and Carlos Moorhead.  Senator Leahy, in
his opening remarks at the hearings on the bill, set the stage for the
legislation:

"At this moment phones are ringing, and when they are answered, the message
that comes out is a stream of sounds denoting ones and zeros.... What is
remarkable is the fact that none of these transmissions are protected from
illegal wiretaps, because our primary law, passed back in 1968, failed to
cover data communications, of which computer to computer transmission are a
good example.  When Congress enacted that law,Title III of the Omnibus
Crime Control and Safe Streets Act of 1968, it had in mind a particular
kind of communication - voice - and a particular way of transmitting that
communication - via a common carrier analog telephone network.   Congress
chose to cover only the "aural acquisition" of the contents of a common
carrier wire communication.  The Supreme Court has interpreted that
language to mean that to be covered by Title III, a communication must be
capable of being overheard.  The statue simply fails to cover the
unauthorized interception of data transmissions."   Senator Leahy also had
more practical reasons for supporting the bill.   The rapidly growing U.S.
cellular communications industry had become alarmed by the ease with which
cellular communications could be monitored.  Television sets built during
the period 1966-1982 were capable of picking up cellular conversations on
UHF channels 80-83.  This was possible because cellular communications used
the same frequency modulation techniques utilized in transmitting
television sound. In addition, scanning equipment which  for several
hundred dollars was capable of receiving cellular communications in the 800
Mhz band.     During 1985, several incidents threatened to make the
vulnerability of  cellular communications into front page news.  For
example, private conversations of state legislators in Austin were
intercepted and made available in the public press, with embarrassing
consequences.

This ease of reception threatened the viability of the cellular industry.
In response, according to Richard Colgan of the Association of North
American Radio Clubs, "cellular firms resorted to pervasive
misrepresentation of the actual interception vulnerability of cellular. "
In fairness to the cellular industry, cellular communications does provide
certain inherent protections against interception.  For example, since each
half of the conversation is transmitted on different frequencies, usually
it is only possible to listen in on one side of a conversation.  In
addition, while it is easy to pick up some conversation, it is difficult to
pick up a particular conversation of interest.  Also, the frequencies will
shift during passage from one cell to another.  However, given the
relatively large cell size, frequencies are likely to be stable over the
average life of a call.    In his remarks, Senator Leahy stated that the
ECPA was needed to help the cellular industry get off the ground,  and that
the American people and American business wanted the ECPA.   A more
emotional defense was made by John Stanton, Executive VP of McCaw
Communications, who stated "The inhibition of the growth of cellular
technology and paging technology, forced by the lack of privacy, is
unfair."

Law enforcement interests and businesses were also in favor of the bill.
In 1986, the nation was just becoming aware of the threat posed by computer
crime, and the need for laws allowing prosecution of perpetrators.  The
ECPA was therefore viewed by elements of law enforcement and business as a
vehicle for criminalizing the act of breaking into computers.   Businesses
such as GTE Telenet, EDS, and Chase Manhattan thus supported the ECPA as a
computer crime bill.  Telephone companies such as AT&T even attempted to
tack on additional computer crime provisions covering breaking into to
their switching equipment.

In retrospect, the preoccupation with computer crime distorted evaluations
of the ECPA.  Computer crime was more effectively addressed by state penal
code revisions such as California Penal Code Section 502 - Computer Crime,
and Section 499c - Trade Secrets.   The purpose of ECPA was to insure
privacy rather than to define  the criminal uses of computers.

The cellular industry had no such illusions.  Mr.  Philip Quigley, CEO of
pacTel Mobil Co.  described the economic benefits of ECPA by noting that
without legislation, "defending the right (to privacy) could take years of
litigation."  "Individuals can use scanning devices today... (it is our
intent) to merely excise out... the capability that exists today to zone in
on the channels and the frequencies that are associated with cellular
telephony." Without the ECPA, the industry would have faced incorporation
of expensive encryption technology into their systems.   For example, John
Stanton of McCaw testified that "Encryption devices make it difficult to
roam  from system to system," generated scratchy sound, and required 30%
more investment for the base unit, and 100% for the phone.     Mr. Colgan's
estimated high grade commercial encryption as costing $40 for the
encryption chip (quantity one), plus associated circuitry .  In either
case, the net cost for several million subscribers was estimated in the
tens if not hundreds of millions of dollars.

Industry associations such as ADAPSO pointed out the trade benefits of the
legislation, since Asia had not developed privacy protection, although
Europe had done so.   John Stanton of McCaw commented  that if the U.S.
passed the ECPA, then it would enjoy superior communications privacy to
that available in Europe.

Representatives of the nation's amateur radio enthusiasts were among  the
staunchest opponents of the bill.  Richard Colgan  of the Association of
North American Radio Clubs represented their position.  "While we have no
animosity towards cellular, we cannot sit idly by while they use their
influence to make dubious changes in public policy, largely to benefit
their bottom lines..." In response to the concerns of amateur radio
enthusiasts, and scanner manufacturers, the interception standard was
changed from "willful" to "intentional," so as to allow for "inadvertent"
interceptions.

Manufacturers of scanning equipment were vigorously opposed to ECPA since
the use of their devices was restricted by  the act.  Richard Brown of
Regency Electronics, a manufacturer of radio band scanners,  argued
cellular radio licensees have never had any expectation of privacy,  that
cellular operators, not the public, should bear the burden of securing
cellular communications, and that protecting specific radio frequencies was
imprudent.

This last point deserves elaboration.  Under ECPA, monitoring of cordless
phone frequencies is not prohibited, although it is hard to argue that the
average individual's "expectation of privacy" is any different for a
cordless phone than it would be for a cellular phone.   In fact, an
educated individual might even expect less privacy for a cellular call,
argued  Richard Colgan, because the range of cellular communications is so
much larger than for cordless phones, thus making interception easier.

Among the most careful analyst of the ECPA was the U.S. Department of
Justice, as represented by James Knapp, deputy assistant attorney general
of the criminal division. Knapp concurred with the Amateur Radio
enthusiasts that cellular and cordless phone technology, as well as tone
and voice pagers, were easily intercepted, and therefore could not presume
an "expectation of privacy." Knapp also expressed skepticism about the
wisdom of criminalizing hobbyist behavior.   Knapp was however in favor of
extending coverage to electronic mail.  Finally, he argued for extension of
the crimes for which wire tapping could be authorized, beyond those
enumerated in Title III.  This suggested modification to the act was
subsequently incorporated.

In contrast to the detailed arguments submitted by the parties discussed
above, the one page letter submitted by The Source had a minor impact at
best, suggesting that the ECPA, by not preempting state statutes, could
expose the online service industry to an entangling web of federal and
state statutes.

Analysis of the Economic Effects of ECPA

The parts of ECPA which have ramifications for online services and hobbyist
bulletin boards mostly have to do with access to stored messages.  While
access to services are often offered via a packet switching network,  or
could even be achieved via use of cellular modems or other radio
transmissions, worries about the privacy of such access are not likely to
be major concerns of  customers.

An important aspect of ECPA is the presence of both criminal and civil
penalties.   This provides an important incentive for aggrieved parties to
pursue litigation through contingency fee arrangements.  The implications
of this for the online service business are serious.  For example, the fee
for sending an EasyPlex message on Compuserve is on the order of a few
dollars, depending on the time spent in composing the message.  For that
fee, Compuserve takes on the responsibility of not disclosing the message,
which could conceivably be worth millions to the sender and intended
recipient.


Firms Submitting Opinions on H.R. 3378


Phone Companies

Southwestern Bell
AT&T
Ameritech
Pacific Telesis
Bell South
Northwestern Bell
United States
Telephone Assoc.

Radio

Association of North American Radio Clubs
American Radio Relay League
National Association of Business & Educational Radio

Cellular

PacTel Mobile
McCaw Communications
Motorola
Centel

Hobbyists


Communications

Packet Switching

GTE Telenet

Misc. Associations

Electronic Mail Association
ADAPSO
National Assoc. of Manufacturers
Assoc. of American Railroads
IEEE

Paging

Telocator Network

Computers

Tandy

Law Enforcement

U.S. Dept. of Justice

Online Services

The Source

Citizen's Groups

ACLU
Consumer's Union


Firms with Private Networks

Chase Manhattan
EDS

Scanner Manufacturers

Dynascan
Regency Electronics
Uniden

Credit Bureaus

American Credit Services

Broadcasters

National Assoc. of Broadcasters
Radio-TV News Directors Association
Satellite TV Industry Association
CBS


Source:    Hearings, Committee on the Judiciary, House of
Representatives, H.R. 3378, ECPA, 99th Congress, No. 50, 1986.

Of course, this burden is not theirs alone.  Operators of corporate
communications systems (who were big supporters of ECPA) are also
likely targets.   Indeed,  several ECPA suits against employers and
municipalities have recently been filed.  The potential for
litigation  also exists for hobbyist systems such as computer
bulletin boards.

Government regulations fit into two categories:  economic
regulation, and social regulation.  In the economic category are
price controls on crude oil, and tarriffs.  Equal opportunity
legislation is a regulation of the social type. The cost of a
social regulation can be broken down into two parts.  One is the
cost of complying with the regulation, either by modification of
business practices, or payment of imposed penalties;  another is
the cost of resolving ambiguities in the legislation through
establishment of case law. In the case of ECPA, reflection
discloses that the establishment of precedent is likely to be the
more expensive than compliance.  For example,  for a service to
modify sysop access privileges, and to introduce encryption of
private mail and passwords would probably entail an expenditure on
the order of a few million dollars  for software development and
testing.   In contrast, were only 0.01% of  Compuserve's
subscribers to file an ECPA lawsuit, given 500,000 subscribers, and
average legal fees and penalties per case of $100,000, the bill
would come to over $10 million.

Due to its concentration on cellular industry concerns, the ECPA
concentrates more on insuring  privacy for  users than on limiting
the responsibilities of providers. Due to differences between
messages in transit and stored messages, cellular firms end up
forcing the costs of privacy onto hobbyists and outsiders, while
providers of online services are forced to bear these costs
themselves.  In view of the potentially horrendous litigation
burdens,  there is a strong incentive to limit the ability of
system administrators to read or disclose private mail.

The key to complying with the act is the notion of "expectations of
privacy." This notion governs both the legal aspects of ECPA, and
determinants of end user satisfaction.  Under the ECPA, privacy is
only enforced for systems in which users were lead to "expect
privacy."  Thus a sysop has two alternatives: to explicitly address
those expectations via an education campaign, or to play a game
similar to the cellular industry, in denying that privacy is a
significant issue.  One of the concerns voiced by the cellular
industry in backing ECPA was that their budding industry could ill
afford the cost of solidifying the right to privacy via litigation
or adoption of encryption technology.  Yet that is precisely the
course that the ECPA has forced on the online service industry.
Nor were the concerns of a budding industry entirely genuine.
Within the next two years,  the revenues of cellular communication
firms will exceed those of all the participants in the information
services industry.

Bibliography

1.  Electronic Communications Privacy Act of 1986, Public Law
99-508,  99th Congress, 2nd session.

2.  Hearings of the Committee on the Judiciary, House  of
Representatives, H.R. 3378, Electronic Communications Privacy Act,
99th Congress,  No. 50, 1986.

3.  California Penal Code, Section 502, Computer Crime, 502.7
Obtaining telephone or telegraph services by fraud, 499c, trade
secrets.

4.  Wallace, Jonathan, and Lance Rose, SYSLAW, L.L.M Press, New
York City, 1990

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Various
Subject: The CU in the News
Date:  January, 1991

********************************************************************
***  CuD #3.04, File 4 of 4: The CU in the News                  ***
********************************************************************

Subject:  Lotus Drops Suit
From:     Anonymous
Date: Sun, 24 Jan 91 01:21:00 EST

From: New York Times, January 24, 1991, p. C3 (By Lawrence M. Fisher)

SAN FRANCISCO, Jan. 23 - The Lotus Development Corporation and Equifax Inc.
said today that they had canceled plans to sell a database of names,
addresses and marketing information on 120 million United States consumers.

The companies said their decision came after they had received 30,000 calls
and letters from individuals wishing to have their names and personal
information deleted from the database. The companies said they believed the
public misunderstood the product and that the costs of addressing privacy
concerns had made Marketplace:Households no longer viable.

Lotus will also discontinue Market-lace:Business, a similar product with
information on seven million United States businesses, which began shipment
in October. Mr. Manzi said the business product was not viable without the
revenues from the consumer version."

+++++++++++++++++++++++++++++++++++++++++++++++++++

From: cdp!mrotenberg@labrea.stanford.edu
Subject: CPSR FOIA Suits Seeks Gov't Computer Policy
Date: Sun, 13 Jan 91 19:20:35 PST

PRESS RELEASE
Release: Friday, 1/4/91

CPSR Washington Office, 1025 Connecticut Ave., NW, Washington
DC  20036

For more information:

David Sobel
Marc Rotenberg  202/775-1588

LAWSUIT SEEKS BUSH DIRECTIVE ON COMPUTER SECURITY

WASHINGTON - Computer Professionals for Social Responsibility ("CPSR") filed
a lawsuit in Federal District Court today to obtain a classified government
directive on computer security.

The document at issue was signed by President Bush on July 5, 1990.  It is
intended to replace a controversial security policy signed by President
Reagan in 1984.  The Reagan policy, designated  "NSDD 145," put the
super-secret National Security Agency ("NSA") in charge of computer
security, raising concerns about government secrecy.  Congress sought to
limit NSA's role through passage of the Computer Security Act of 1987, which
transferred responsibility for federal computer security to the National
Institute for Standards and Technology, a civilian agency.

The administration contends that the revised directive complies with the
Computer Security Act, but so far has released  to the public only an
unclassified summary of the new directive.  According to Marc Rotenberg,
Director of CPSR's Washington Office, "Computer security policy should not
be made behind closed doors or through the issuance of classified
directives.  At a time when computer technology touches every aspect of our
lives, it is essential that the public be fully informed about our
government's policy."

CPSR first requested a copy of the revised directive from   the Defense
Department under the Freedom of Information Act last August.  The
organization also sought a copy from the National Security Council the
following month.  To date, neither agency has responded to CPSR's requests.

The Freedom of Information Act provides a legal right for individuals to
obtain records held by government agencies.  According to CPSR Legal Counsel
David Sobel, "Agencies are required to respond to requests within ten
working days.  When agencies fail to respond within a reasonable period of
time, requesters often begin legal proceedings to obtain the information."

CPSR is a national membership organization of computer scientists.  Its
membership includes a Nobel Laureate and four recipients of the Turing
Award, the highest honor in computer science.  CPSR has prepared reports and
presented testimony on computer technology issues, including NSDD 145, at
the request of Congressional committees.

The case is CPSR v. National Security Council, et al., Civil Action No.
91-_____, U.S. District Court for the District of Columbia, January 4, 1991.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: well!mercury@APPLE.COM(Michael Edward Marotta)
Subject: Thoughts on the Bill of Rights
Date: Tue, 22 Jan 91 21:52:34 pst

GRID News. vol 2 nu 2. January 23, 1991.
World GRID Association, P. O. Box 15061, Lansing, MI  48901 USA
--------------------------------------------------------------------
"The Bill of Rights" by Michael E. Marotta. (54 lines)

When agents of the US Secret Service raided publishers in 1990 while chasing
The Legion of Doom, they demonstrated that the paradigms of cyberspace are
not well understood.  Therefore, identifiers must be used to show that this
activity is protected by the Bill of Rights.

Copyright notices are one identifier.  A copyright is earned whenever an
idea achieves physical expression or "realization".  Two copies of the
publication (or two photographs of a work of art) are send to the Library of
Congress along with a registration fee.  Books, sound recordings, and films
may be copyrighted.  A copyright can be given to the mass production of a
work in the public domain, such as the Bible.  You could write out by hand
an original poem, send two xeroxes to the Library of Congress (along with
the registration fee) and earn a copyright on your work.

When the United States joined the Berne Convention in December of 1988
(effective March 1, 1989), life became easier --- perhaps too easy.  By
default, every realization is automatically copyrighted to the creator,
whether or not copies are sent to the Library of Congress.  A copyright
notice on the login screen announces that the BBS contains works of
non-fiction, fiction, art or other production that are protected by the
First Amendment.

The First Amendment also promises that the People have the right to
PEACEABLY ASSEMBLE to seek redress of grievances against the government.  A
BBS is an assembly and can host assemblies.  The Supreme Court has often and
consistently shown that this right to peaceably assemble is also the right
to association.

Most BBSes support message bases.   Discussions on religion are specially
protected by the First Amendment.

The Bill of Rights contains two purposely broad articles, the Ninth and
Tenth.  The Ninth Amendment says that there are more rights than the ones
listed in the Bill of Rights.  The Tenth Amendment limits the federal
government to its enumerated powers and gives all other powers to the States
(except where prohibited) or to the People (apparently without special
reservation or stipulation).  For instance, without stretching the meaning
of "religion" or requiring that we photograph blackboards, it is strongly
argued that there is a Right to Scientific Inquiry.  This strongly
assertable right protects experiments with encryption algorithms.

There may be a Right to Travel.  This would extend to the lawful use of
communication systems to "visit" a computer, whether or not you actually
"enter" the computer.  (Internet syntax tolerates users who chat though not
logged in.)

To the extent that a computer is a weapon, its ownership is protected under
the Second Amendment.  Indeed, when Saddam Hussein's storm troopers rolled
into Kuwait, "Hack Iraq" messages appeared on some systems.

The Bill of Rights is your Best Friend.  Sleep with it.

********************************************************************

------------------------------

                           **END OF CuD #3.04**
********************************************************************