Computer underground Digest Sun Jan 10, 1992 Volume 5 : Issue 02 ISSN 1002-022X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Copy Editor: Etaion Shrdlu, Junior CONTENTS, #5.02 (Jan 10, 1992) File 1--DoJ Has NOT "Authorized" Keystroke Monitoring File 2--Re: Dorm Room Raid (CuD #4.67) File 3--Reports on Ames Raid Available File 4--Hysteria from Forbes via NPR File 5--OECD Security Guidelines File 6--CU IN THE NEWS File 7--"Any one Who Owns a Scanner is a Hacker, or..." File 8--FYI: 3rd Computers,Freedom and Privacy Conference Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. European readers can access the ftp site at: nic.funet.fi pub/doc/cud. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Fri, 18 Dec 1992 02:35:52 EDT From: Dorothy Denning <denning@CS.GEORGETOWN.EDU> Subject: DoJ Has NOT "Authorized" Keystroke Monitoring Dave Banisar posted a message a while back with the headline "DOJ Authorizes Keystroke Monitoring." The following article by Dennis Steinauer of NIST clarifies just what exactly the DOJ really said. Dorothy Denning denning@cs.georgetown.edu +++++++ from PRIVACY Forum Digest, Vol. 01:Issue 28 Date--Fri, 11 Dec 92 16:14:09 EST From--dds@csmes.ncsl.nist.gov (Dennis D. Steinauer) Subject--DoJ Has NOT "Authorized" Keystroke Monitoring The Subject line on the recent reposting by David Banisar of the 7 Dec 92 advisory from CERT/CC is highly misleading and inappropriate. As with some newspapers, it is important that people read more than just the headlines. The Department of Justice hasn't "authorized" anything. Rather, they are advising system administrators that certain activities, namely the monitoring or recording of user-to-computer session transmissions (hence "keystroke monitoring") MAY be found illegal in certain circumstances and that notice should be given to users. The CERT advisory was extracted from a letter to the National Institute of Standards and Technology (NIST) from DoJ. Justice asked NIST in its role of providing computer security guidance to Government to circulate the letter and provide appropriate guidance. We have made the letter available, without comment, through several government and other channels (including CERT, I4, etc.). The letter is intended to advise system administrators of an ambiguity in U.S. law that makes it unclear whether session monitoring, often conducted by system administrators who suspect unauthorized activity, is basically the same as an unauthorized telephone wiretap. I repeat, the law is *unclear* -- and the fact that one can argue either way on the issue does not clarify the law as currently written. DoJ advises, therefore, that if system adminstrators are conducting session monitoring or anticipate the need for such monitoring, they should ensure that all system users be notified that such monitoring may be undertaken. The DoJ advice, therefore, is not "authorizing" anything -- even implicitly. They have simply observed the types of activities that diligent system managers often undertake (a la Cliff Stoll in "The Cuckoo's Egg") in an attempt to protect their systems from unauthorized users, and they have rendered some prudent legal advice. Clearly, there are lots of issues here -- technical and otherwise -- that will need to be discussed and sorted out. Indeed, changes in agency/organizational policies and even the law are probably needed. However, none of this changes the fact that system administrators need now to be aware of the potential impact of their activities, and the DoJ advice attempts to do this. We (NIST) are developing additional guidance for system administrators to assist them in implementing the DoJ recommendations. I expect that others will be doing likewise. We also hope to encourage discussion of the related technical and other issues. In the meantime, system adminstrators are well advised to read the basic DoJ advice and examine their systems and agency policies to determine if, where, and how notices should be provided to users. We welcome comments and suggestions, particularly regarding approaches that various organizations take in dealing with this issue. ===== Dennis D. Steinauer National Institute of Standards and Technology A-216 Technology Gaithersburg, MD 20899 USA (301) 975-3359 (301) 948-0279 Facsimile DSteinauer@nist.gov (e-mail) NIST Security BBS: 301-948-5717 (cs-bbs.nist.gov) ------------------------------ Date: Tue, 29 Dec 92 12:32:09 CST From: rio!canary!chris@UUNET.UU.NET(Chris Johnson) Subject: Re: Dorm Room Raid (CuD #4.67) In a recent issue of CuD, an article described a raid on a dorm room to confiscate computer equipment which allegedly contained copies of copyrighted software. The claim was made that the software was obtained via Internet. This reminded me of a conversation I had with my brother over the Christmas holiday. He was recently a student at a university which has Internet access (I do not, or I'd verify the following). He mentioned that the White Sands Missile Range (an obvious DoD installation) had one of the largest collections of ftp accessible computer files. He said they had everything imaginable. Now, it's true I haven't looked myself, nor did I specifically ask him at the time if they had copies of copyrighted images, data or programs as the conversation was about other topics. But I have seen other ftp sites "libraries", and there's next to no doubt in my mind the White Sands site must have megabytes of copyrighted materials. Perhaps someone out there would like to take a look and see just how legal they are. Of course, the federal government seems more interested in busting college students and other individuals than say, cleaning up its own act. ------------------------------ Date: Tue, 22 Dec 1992 13:47:06 EDT From: David Sobel <dsobel@WASHOFC.CPSR.ORG> Subject: Reports on Ames Raid Available Last month I posted a NASA statement concerning the unannounced "security review" conducted at the Ames Research Center this past summer. The CPSR Washington Office recently obtained electronic copies of two NASA reports on the incident, which are now available through the listserver. To obtain these files, send the following message to <listserv@gwuvm.gwu.edu>: GET <filename> <filetype> using the following filenames and filetypes: Filename Filetype Lines Description ++++++++ ++++++++ +++++ +++++++++++ AMES-MR REPORT 861 MANAGEMENT REVIEW OF THE AMES RESEARCH CENTER - August, 1992 AMES-MR ASSESSMT 565 ASSESSMENT PANEL REPORT ON THE NASA AMES MANAGEMENT REVIEW - November 6, 1992 ******************************************************* David Sobel Legal Counsel CPSR Washington Office ------------------------------ Date: Mon, 21 Dec 92 09:08 EST From: "Michael E. Marotta" <MERCURY@LCC.EDU> Subject: Hysteria from Forbes via NPR GRID News. December 22, 1992. ISSN 1054-9315. vol 3 nu 9. ++++++++++++++++++++++++ "Morning Edition and Hackers" by Michael E. Marotta On December 21, NPR's "Morning Edition" repeated the highlights of a cover story in FORBES Magazine about so-called "hackers." These computer criminals siphon money from the EFT networks and they steal telephone time. The NPR piece would have been silly except that it feeds the hysteria directed against people who love to work with computers. Stories like these validate the witch hunts carried out by the Secret Service and FBI against hackers. Instead of HACKERS, substitute AUTOMOBILE DRIVERS. Automobile drivers aid organized crime. The mafia learns to drive cars. Sometimes people rent cars to crime lords. And when there aren't enough cars, the underworld steals them. But isn't this silly? We are talking about DRIVING A CAR... Yes, some CRIMINALS can use a computer. Singing about Pretty Boy Floyd, Woody Guthrie said, "some men will rob you with a six gun, some with a fountain pen." That was the 1930s. This is the 1990s. There is a word for people who canNOT program a computer: the word is ILLITERATE. Perhaps these crooks are doing the electronic equivalent of making incorrect change and pocketing the difference. As the clericals of the multinationals, these workers have the best opportunity to siphon money. The Federal Reserve clearing house alone runs a TRILLION dollars EACH DAY. NPR and Forbes worried about "a quarter of a million" dollars. The ratio of 250,000 to one trillion is like an urchin coming upon two men pushing a skid down the street with $4 million in loose bundles and plucking ONE DOLLAR for herself. There is a wider issue, however. EFT is supposed to be protected by the Data Encryption Algorithm created by IBM for the Department of Commerce. People who steal EFT money may be hacking the DEA. Back in 1984, a paperback novel, The Big Byte, told about just such an event. The entire banking system was shut down by a group of religious terrorists who cracked the DES. Only a small fraction of our money is in cash. Without checking and plastic, the economy would slam shut in a few hours. Fear of these possibilities drives the law enforcement community to dog hackers. However, the cops have a poor track record at technology. Fifty years ago, the Feds harassed J. Robert Oppenheimer because he was a communist. The plans for the atom bomb were stolen by Klaus Fuchs, a Briton working at Los Alamos. In retaliation, Julius and Ethel Rosenberg of New York were executed. Today the Feds harass "hackers" while the crooks like Senator Lloyd Bentsen line up on the Clinton gravy train and con men like Newt Gingrich get rich by complaining about not being there themselves. On December 19, CNN Headline News announced that new rules now require banks to have $2 in capital for every $100 in loans. The new regulations will limit bank failures to "only 23" in 1993. You don't need a computer to put two and two together. (GRID News is FREQable from 1:159/450, the Beam Rider BBS) ------------------------------ Date: Tue, 22 Dec 1992 14:19:51 EDT From: Marc Rotenberg <Marc_Rotenberg@WASHOFC.CPSR.ORG> Subject: OECD Security Guidelines OECD SECURITY GUIDELINES The Organization for Economic Cooperation and Development (OECD) has adopted international Guidelines for the Security of Information Systems. The Guidelines are intended to raise awareness of the risks in the use of information systems and to establish a policy framework to address public concerns. A copy of the press release and an excerpt from the Guidelines follows. For additional information or for a copy of the guidelines, contact Ms. Deborah Hurley, OECD, 2, rue Andre-Pascal, 75775 Paris Cedex 16, 33-1-45-24-93-71 (fax) 33-1-45-24-93-32 (fax). Marc Rotenberg, Director CPSR Washington office and Member, OECD Expert Group on Information System Security rotenberg@washoc.cpsr.org ============================================================= "OECD ADOPTS GUIDELINES FOR THE SECURITY OF INFORMATION SYSTEMS "The 24 OECD Member countries on 26th November 1992 adopted Guidelines for the Security of Information Systems, culminating almost two years' work by an OECD expert group composed of governmental delegates, scholars in the fields of law, mathematics and computer science, and representatives of the private sector, including computer and communication goods and services providers and users. "The term information systems includes computers, communication facilities, computer and communication networks and the information that they process. These systems play an increasingly significant and pervasive role in a multitude of activities, including national economies, international trade, government and business operation, health care, energy, transport, communications and education. "Security of information systems means the protection of the availability, integrity, and confidentiality of information systems. It is an international issue because information systems frequently cross national boundaries. "While growing use of information systems has generated many benefits, it has also shown up a widening gap between the need to protect systems and the degree of protection currently in place. Society has become very dependent on technologies that are not yet sufficiently dependable. All individuals and organizations have a need for proper information system operations (e.g. in hospitals, air traffic control and nuclear power plants). "Users must have confidence that information systems will be available and operate as expected without unanticipated failures or problems. Otherwise, the systems and their underlying technologies may not be used to their full potential and further growth and innovation may be prohibited. "The Guidelines for the Security of Information Systems will provide the required foundation on which to construct a framework for security of information systems. They are addressed to the public and private sectors and apply to all information systems. The framework will include policies, laws, codes of conduct, technical measures, management and user practices, ad public education and awareness activities at both national and international levels. "Several OECD Member countries have been forerunners in the field of security of information systems. Certain laws and organizational and technical rules are already in place. Most other countries are much farther behind in their efforts. The Guidelines will play a normative role and assist governments and the private sector in meeting the challenges of these worldwide systems. The Guidelines bring guidance and a real value-added to work in this area, from a national and international perspective." PRINCIPLES "1. Accountability Principle The responsibilities and accountability of owners, providers and users of information systems and other parties concerned with the security of information systems should be explicit. "2. Awareness Principle "In order to foster confidence in information systems, owners, providers and users of information systems and other parties should readily be able, consistent with maintaining security, to gain appropriate knowledge of and be informed about the existence and general extent of measures, practices and procedures for the security of information systems. "3. Ethics Principle "Information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interests of others are respected. "4. Multidisciplinary Principle "Measures practices and procedures for the security of information systems should take into account of and address all relevant consideration and viewpoints, including technical, administrative, organizational, operational, commercial, educational and legal. "5. Proportionality Principle "Security levels, costs, measures, practices and procedures should be appropriate and proportionate to the value of and degree of reliance on the information systems and to the severity, probability and extent of potential harm, as the requirements for security vary depending upon the particular information systems. "6. Integration Principle "Measures, practices and procedures for the security of information systems should be co-ordinated and integrated with each other and with other measures, practices and procedures of the organization so as to create a coherent system of security. "7. Timeliness Principle "Public and private parties, at both national and international levels, should act in a timely co-ordinated manner to prevent and to respond to breaches of information systems." "8. Reassessment Principle "The security information systems should be reassessed periodically, as information systems and the requirements for their security vary over time. "9. Democracy Principle "The security of information systems should be compatible with the legitimate use and flow of data ad information in a democratic society." [Source: OECD Guidelines for the Security of Information Systems (1992)] ------------------------------ Date: 16 Dec 92 22:41:38 EST From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: CU IN THE NEWS The US Government has filed espionage charges against Kevin Poulsen, age 28, for entering Pacific Bell's computers and allegedly obtaining 'high-level' military secrets. Observers say the charge is overblown since damage to 'national security' has not been established and no secrets were passed to any foreign power. (As reported in Information Week, Dec 14, 1992. pg 10) ++++++ The Business Software Alliance (BSA), an industry coalition against software piracy, has filed 37 lawsuits against firms in 10 European countries, Thirteen of the lawsuits are against BBS' in Germany. The BSA says this is only a preview of how aggressive it will be in 1993. (Information Week, Dec 14, 1992. pg 8) ++++++ The September Inc. magazine Fax Poll shows some interesting numbers regarding business ethics, and a peek at software piracy as well. The results indicate that ethical business practices vary by the age of the businessman and the size and age of the firm. Over half the respondents said they would obey ethical rules, but felt free to bend them to their own advantage when possible. In response to another question, a quarter of the respondents felt the pirating computer software was an acceptable business practice, just a fraction more than those who wouldn't hesitate to violate the privacy rights of a job applicant. The non-scientific poll are conducted monthly. Readers fill out a one-page 'survey' and fax or mail it to Inc. for tabulation. See the December 1992 issue for the details on the September poll on business ethics. (page 16) The results include: Q. Which of the following statements most closely approximates your view of ethics in business? 52% - I play by the rules, but I'll bend them to my company's advantage whenever I can. 46% - I tell the whole truth, all the time. 2% - All's fair in love and business, as long as you don't get caught. When cross-tabulated with the age of the respondent, Inc. reports that 34% of respondents under 35 years old tell the whole truth, compared with 54% of those over 45 years old. When it comes to bending the rules, 62% of under 35s do so, but only 40% of those over 45 indicated that answer. Q. Which of the following would you consider to be an acceptable business practice? 43% - Paying suppliers net 60 days but expecting net 30 on your accounts receivable. 37% - Pretending your company has divisions to make it look bigger to clients and suppliers. 35% - Stealing clients from your current employer when you break off on your own. 25% - Pirating software. 23% - Getting around privacy rights in job interviews. 17% - Using a copier machine on a 30-day trial basis without intending to purchase it. (other responses not included in CuD summary) ------------------------------ Date: Thu, 24 Dec 92 23:46:31 -0500 From: carterm@SPARTAN.AC.BROCKU.CA(Mark Carter) Subject: "Any one Who Owns a Scanner is a Hacker, or..." Canadian Paper Blames BBSes for Porn ((MODERATORS' NOTE: For those not familiar with Canadian geography, we asked a Canadian correspondent to provide some background for the following story. S/he wrote: "St. Catharines is a city of about 125,000 people in southern Ontario, Canada. It is about 1.5 (only 110 kilometers, but traffic slows ya down) hours from Toronto, and about 30 minutes from Niagara Falls. The Standard is "St. Catharines' only local newspaper, with an (unofficially, but optimistically) estimated circulation of about 80,000 subscribers." Although these stories date back to July, the illustrate that Canadian media, like their U.S. counterparts, are prone to exaggerate a "hacker menace.")) ++++++ The following newspaper stories were featured on the front page of the St. Catharines Standard on July 25, 1992, and continued on the third page. They were aimed at a specific "slant" of local bulletin boards, that of pornographic Gifs, and consequently ended up portraying local BBS's as sinister distributors of hard-core pornography that "frightens" both parents and legislators, two groups who it is constantly pointed out do not understand even the most rudimentary basics of operating a computer. Yet these same people are encouraged to form legislation governing bulletin boards. These articles continually emphasized the "frighteningly" rampant availability of pornography through BBSs to young users. However, the young user angle exposes one of the article's greatest fallacies, which is the assumption that there are hordes of nine-year-olds downloading megabytes upon megabytes of extremely hard-core pornographic files. This is simply not the case. I personally know of no user of local boards under the age of 12, and think that such an occurance would be rare at best, since below 12, most kids simply don't know how to use their computers, or think of them along the same lines as dedicated game machines such as Nintendo and Sega. In fact, only a small minority of teenagers will possess the computer know-how to join the online community, and these teenagers are not the little children the Standard is so frightened for. Further, the Standard totally ignores the fact that only a small number of boards carry the hard-core material that they found, and those that carry gifs have the gifs as a small minority compared to the rest of the files they carry. Not to mention that in their portrayal of boards as sinister syndicates, the Standard ignores the existence of the Fidonet message network(in which nearly all local boards take part), which parents would no doubt like their teenagers to take part in. The Standard also ignores the availability of files which are not pornographic, let alone Gifs. It should be noted that all three articles were written by the same authors, presenting the same views. Neither of the authors is known in the local online community. Though five months old, these articles are relevant in relation to the recent Munroe Falls case, where a sysop was arrested for having pornographic material on his board. Below are verbatim transcripts of the three articles. The front page article comes first, and is followed by the two others that were on the third page. KIDS CAN SEE HARD-CORE PORN AT TOUCH OF A BUTTON ++++++++++++++++++++++++++++++++++++++++++++++++ by Paul Forsyth and Andrew Lundy (Standard Staff) Computer wise kids in Canada may be getting an education their parents never dreamed of. At this moment, children are firing up their computers and using telephones to patch into a vast network of files available for free. What's at their fingertips would shock even hardened purveyors of pornography. Computer sex has arrived. Throughout Niagara dozens of public access bulletin boards are thriving. Across Canada there are thousands more. Anyone with a modem and phone line can connect with the boards and access files for their own use. Many of the boards, operated by hobbyists through their home computers, offer explicit photographs and stories ranging from topless women to bondage and bestiality. Most of it is easily accessible to kids who are as comfortable with computers as their parents are uneasy. The phenomenon has lawmakers, police and even Ma Bell feeling helpless. Tony Brandon, who runs Towne Crier-- of of St. Catharines' oldest bulletin boards dating back to 1984-- now bans porn on his system. He decided to restrict what users could send to his board when soft-core images of the mid-1980's became increasingly graphic. He said the number of adult files are "escalating in all the weird areas ... Some of them are pretty hard, heavy-duty stuff." After he banned the porn, the average age of his board users jumped several years, from 12-14 to 19-20. Brandon sees that as proof the main consumers are young teens. Some boards try to screen users accessing adult files, but Brandon found kids simply lied about their ages. Many system operators offer instant access to their programs with few age or identification checks. On a recent weekday, for example, two Standard reporters easily accessed a spate of adult files on local boards-- images ranging from soft-core centrefolds to hard-core images pushing the legal limits of obscenity. Police say it is difficult to lay charges because most of the files--other than bestiality, child porn or dehumanizing, violent or degrading material --- are legal under the Criminal Code. And federal law does not restrict kids' access to porn of any kind. St. Catharines has no bylaw covering availability of pornography, said city clerk Tom Derreck. Even if it did, local bylaws wouldn't apply to bulletin boards because telecommunications is a federal jurisdiction. Police are hesitant to charge the thousands of board operators across the country, despite the fact many carry material clearly obscene under the Criminal Code. That is because it is difficult to nail down where the files-- many originating in the U.S.-- come from, said Inspector Ray Johns, in charge of the vice unit of the Winnipeg police force. The rapid advancement of computer technology has caught police, lawmakers and anti-porn organizations off guard. Some women's groups which have taken hard-line stands against pornography are not even aware bulletin board porn exists. "I wouldn't even understand how this thing operates," St. Catharines, anti-porn crusader Diane Eby said of the bulletin boards. Project P, a joint Ontario Provincial Police/Metro Toronto Police unit which investigates pornography and hate literature, says there is nothing the unit can do about computer porn available to kids. "There's thousands of them, they're all over the place," Detective-Sergeant Bob Matthews, head of the unit, said of the bulletin boards. "You can almost find anything you're looking for." That's what frightens St. Catharines resident Mark Jefferies, who was shocked recently to find a colour photo, depicting two women engaged in bestiality, on a local bulletin board his 15-year-old son connects with. "That's going too far," said Jeffries. "That's where it's got to be stopped. Nine-year-old boys will see that. It sickens me." Fearful parents can forget about complaining to Bell Canada. The phone company has been told by the Canadian Radio-Television and Telecommunications Commision that censorship won't be tolerated. A recent attempt by Bell to axe its 976 service-- after heat from parents over phone sex services-- was shot down by the CRTC. "We're the medium, not the message," said Bell spokeswoman Ruth Foster. "We're not supposed to influence that communication at all or control it in any way." Meantime, kids are using computers in ways their parents never imagined. For example, one St. Catharines board run by a high school student has photos of naked women among those of Goofy, Mickey Mouse and Roger Rabbit. The student, who operates Hogan's Alley, a three-year-old bulletin board, is trying to clear all the adult files from his computer after complaints from female users. But the teen, who didn't want his name used, can't keep pace with users who keep sending pornographic files. Hugh Mitchell, a St. Catharines physician who runs another board, is fed up with the trend to porn files. "There is a big demand(for porn)," he said. "Unfortunately, too much. I just went on my board last night and I couldn't believe what was going on." Problems like that prompt Towne Crier's Brandon to say legislation requiring boards to be licensed might be necessary to stem kids' access to porn. But Matthews of Project P said local computer owners could simply phone Texas or Australia or anywhere else in the world and download porn. "It can come from any place," he said. "This is getting to be a problem throughout North America and the world." It's the global nature of telecommunications which is causing headaches for Canadian universities wrestling with pornography on their computer systems. The University of Manitoba recently yanked offensive files from a computer network it is connected to after word got out about stories and photographs that included child pornography and women hanging from chains. Johns, of the Winnipeg police, said the stories were "how-to" manuals involving incest and torture for sexual gratification. Other universities across the country, including Brock University, still carry the files. "There's a whole lot of legal questions because of the computer. It's a grey area," said Johns, who is waiting for clarification on the issue in the courts. Don Adams, director of computing and information services at Brock, said universities are in a quandary about what to do with offensive files. "You can't really censor the damn network, but on the other hand you don't want to carry all this junk, either." Anti-porn activist and feminist Emilie Fowler, with the Social Justice Committee of Niagara Falls, fears young males have unlimited access to hard-core porn in Niagara. "This is out there, and most people are really not aware of it. Parents go merrily off to work and their young sons are accessing it. What kinds of opinion are they going to form about women?" She had few kind words for those creating the adult computer files. "It's a chilling thought that some of these guys would do this for a hobby. Sit around and think of rape scenes for a hobby? That really frightens me." Jefferies, the concerned father who bought a home computer nearly seven years ago, said his son has assured him he doesn't view the porn on local bulletin boards. Bt he admits that, when he was that age, he probably would have through sheer curiosity. An adult can see whatever they want, as long as it's not hurting anyone. It's the kids I'm worried about." Matthews and Forster at Bell say they've received virtually no complaints about porn on bulletin boards. Matthews figures that is because parents simply don't know it is out there. Kids are "certainly not going to complain." SEEING COMPUTER FILES EASY ++++++++++++++++++++++++++ by Paul Forsyth and Andrew Lundy (Standard Staff) Phone lines aren't just for chatty humans any more. The computer revolution that transformed the world in the '80s has also changed Ma Bell. Today telephones buzz with digital chatter, gibberish to the human ear but the heart and soul of computer lingo. At this moment, probably hundreds of phone lines in St. Catharines are hooked to modems-- small electronic devices that are translators for computers. THey make it possible to transmit not only text, as fax machines do, but also programs like word processing, spreadsheets, games and high-quality graphics. For less than $100, computer owners can buy a modem and unlock the door to a little-known sub-culture of public access bulletin boards that has been growing throughout North America for more than a decade. By running a program which displays text and graphics from other computers on the screen, users can become members of bulletin boards anywhere in the world. The boards are electronic meeting places where users can talk to other computer enthusiasts, play games and exchange messages or files. They are usually set up on home computers by hobbyists who spend hours a day maintaining the boards, updating files and enforcing whatever rules they have established-- like no swearing, or racist jokes. Practically every board-- there are dozens in Niagara alone-- has an area for graphics files, often labelled GIFs. The photos find their way into computers by anonymous hackers using scanners, an electronic device similar to a photocopier. But instead of paper, what's produced is an on-screen image that's often as vivid as the real thing. Accessing these files is as easy as typing a few instructions: telling the board what file you want, the way you want to transmit it-- called downloading-- then simply hitting the return key. Once files are transferred, they can be viewed on-screen or printed out. They can be sent to other computer just as easily as they were received. That's how photo files that violate Canadian obscenity laws have ended up in the Garden City. Passed on from user to user via anonymous phone lines, they've wound their way from the original hacker, through many other bulletin boards, to computer screens of curious children throughout Niagara. IMAGES SHOCK JUSTICE ASSISTANT ++++++++++++++++++++++++++++++ by Paul Forsyth and Andrew Lundy (Standard Staff) Rob Nicholson's face grew grim as the computer image flashed on the screen. Two words escaped from his mouth: "My God." The Niagara Falls MP and assistant to federal Justice Minister Kim Campbell was getting a crash course on computer pornography and its availability to children in Niagara. It scared him. "This is news to me," he admitted in his riding office, as a photo of bestiality appeared. "I have to believe this is news to most Canadians." Two reporters dropped by yesterday to show him a cross-section of hundreds of porn files easily available on local computer bulletin boards-- files even board operators admit are big draws for computer-literate young teens. Nicholson promised to make Campbell aware of the issue, but admitted the wheels of legislative change move slowly. As an example, as recently as two years ago a person would be charged if caught setting fire to someone's garden. But burning a car wasn't considered arson, because cars had not been invented when the Criminal Code was written. Nicholson pointed out that the combination of pornography-- a thorny political issue-- and rapidly changing computer technology makes drafting effective legislation a daunting task. "I don't know what the ... solution is to this. It bothers me that we don't have a magic bullet. This wonderful new technology is being perverted. It scares me as a parent." ------------------------------ Date: Fri, 8 Jan 1993 17:34:58 -0500 From: Gerard Van der Leun <van@EFF.ORG> Subject: FYI: 3rd Computers,Freedom and Privacy Conference CFP'93 The Third Conference on Computers, Freedom and Privacy 9-12 March 1993 San Francisco Airport Marriott Hotel, Burlingame, CA The CFP'93 will assemble experts, advocates and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to address the impact of computer and telecommunications technologies on freedom and privacy in society. Participants will include people from the fields of computer science, law, business, research, information, library science, health, public policy, government, law enforcement, public advocacy and many others. Some of the topics in the wide-ranging CFP'93 program will include: ELECTRONIC DEMOCRACY - looking at how computers and networks are changing democratic institutions and processes. ELECTRONIC VOTING - addressing the security, reliability, practicality and legality of automated vote tallying systems and their increasing use. CENSORSHIP AND FREE SPEECH ON THE NET - discussing the problems of maintaining freedom of electronic speech across communities and cultures. PORTRAIT OF THE ARTIST ON THE NET - probing the problems and potential of new forms of artistic expression enabled by computers and networks. DIGITAL TELEPHONY AND CRYPTOGRAPHY - debating the ability of technology to protect the privacy of personal communications versus the needs of law enforcement and government agencies to tap in. HEALTH RECORDS AND CONFIDENTIALITY - examining the threats to the privacy of medical records as health care reform moves towards increasing automation. THE MANY FACES OF PRIVACY - evaluating the benefits and costs of the use of personal information by business and government. THE DIGITAL INDIVIDUAL - exploring the increasing capabilities of technology to track and profile us. GENDER ISSUES IN COMPUTING AND TELECOMMUNICATIONS - reviewing the issues surrounding gender and online interaction. THE HAND THAT WIELDS THE GAVEL - a moot court dealing with legal liability, responsibility, security and ethics of computer and network use. THE POWER, POLITICS AND PROMISE OF INTERNETWORKING - covering the development of networking infrastructures, domestically and worldwide. INTERNATIONAL DATA FLOW - analyzing the issues in the flow of information over the global matrix of computer networks and attempts to regulate it. The conference will also offer a number of in-depth tutorials on subjects including: * Information use in the private sector * Constitutional law and civil liberties * Investigating telecom fraud * Practical data inferencing * Privacy in the public and private workplace * Legal issues for sysops * Access to government information * Navigating the Internet INFORMATION For more information on the CFP'93 program and advance registration call, write or email to: CFP'93 INFORMATION 2210 SIXTH STREET BERKELEY, CA 94710 (510) 845-1350 cfp93@well.sf.ca.us A complete electronic version of the conference brochure with more detailed descriptions of the sessions, tutorials, and registration information is also available via anonymous ftp from sail.stanford.edu in the file: pub/les/cfp-93