Computer underground Digest    Sun  May 9 1993   Volume 5 : Issue 34
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Copy Editor: Etaoin Shrdlu, Senrio

CONTENTS, #5.34 (May 9 1993)
File 1--Another response to gender issues
File 2-- Response to Wes Morgan
File 3--Cryptography and Mythology
File 4--New NIST/NSA Revelations
File 5--About the Clipper Proposal
File 6--Dvorak criticizes the SPA
File 7--New 'Zine (ORA.COM) by O'Reilly & Associates

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) 203-832-8441 NUP:Conspiracy
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE:   from the ComNet in Luxembourg BBS (++352) 466893;

ANONYMOUS FTP SITES:
  UNITED STATES:  ftp.eff.org (192.88.144.4) in /pub/cud
                  uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
                  halcyon.com( 202.135.191.2) in /pub/mirror/cud
  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
  EUROPE:         nic.funet.fi in pub/doc/cud. (Finland)
                  ftp.warwick.ac.uk in pub/cud (United Kingdom)

Back issues also may be obtained through mailserver at:
server@blackwlf.mese.com

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Sat, 1 May 93 09:25:02 EDT
From: morgan@ENGR.UKY.EDU(Wes Morgan)
Subject: File 1--Another response to gender issues

In CuD 5.32, Sharon Boehlefeld wrote:

   >Women I've talked to (f2f and via cmc) are sometimes intimidated by
   >some males' exercise of their right to free speech.

According to some of the men participating in soc.feminism (the
moderated Usenet group concerned with feminist issues), it goes
both ways.  8)

   >The problem
   >becomes one of a "chilling effect," in which speech is inhibited
   >because some speakers are afraid to voice their ideas and opinions.
   >They are afraid of opening themselves up to harassment, or worse.

Are these same people unafraid to write a letter to the editor (or
guest opinion) for their local newspaper?  Are they afraid to march
in a demonstration?  Are they afraid to sign a petition?  Are these
same people afraid to stand by their beliefs in other forums?  If
so, why does the net deserve special recognition/analysis?  Can you
give an example of a free speech forum that does *NOT* have the po-
tential to cause this fear and/or reticence?

   >Whether intentional or not comments like Landwehr's "feminist dogma"
   >remarks can have that chilling effect. (Not only women are silenced,
   >but also some men by such tactics.)

If there is one phrase with which I have become completely disgusted,
it is the dreaded 'chilling effect.'  Have we become so sensitive that
mere words on a screen can inhibit us?  If so, what is the difference
between a computer screen and _The New York Times_?  Are you 'chilled'
by the editorials you read in the paper?   Are you 'chilled' by the
fact that I disagree with you?  Does the mere exercise of free speech
'chill' you?  I notice that most writers seem to have few problems in
using the traditional media, despite the presence of opposing (and,
sometimes, obnoxious) viewpoints.  Why should computer-mediated com-
munication be different?

Perhaps the immediacy of computer communication is part of the problem.
The notion that a Usenet posting of email message will bring responses
within minutes could conceivably generate a bit of concern, but I don't
understand how it inhibits us.  In fact, I would argue that computer-
mediated communication can actually make the airing of potentially con-
troversial opinions *much* easier.  Pseudonymous servers are becoming
more and more popular; if you aren't comfortable signing your real
name to your postings, send them to anon.penet.fi or charcoal.com,
where they will be posted with a unique, but anonymous, identifier
such as "an83498."  If you're dealing with a moderated newsgroup or
mailing list, almost all moderators will strip your postings and/or
submissions of identification before distributing them.

If you really want to do some interesting research, you should do the
following:
   - Pick 20 Usenet participants at random.
   - Read their postings for 2-3 months.
   - Arrange to meet them face to face.
   - After the meeting, marvel at the inaccuracy of your
     mental depiction of each of them.
   - Write and publish a paper on "Mistaken Impressions, or
     'Don't Try to Read Between the Lines.'"

I've met dozens, if not hundreds, of net participants over the last
few years; *none* of them matched the mental image I had constructed
from their words.  One of the most forceful writers I've ever seen
on the net turned out to be a rather quiet, almost mousy, young man;
another, whose writings had always seemed unobtrusive and mellow, was
a young lady with a dominant physical/intellectual presence.

[ OPTIONAL EXERCISE FOR THE READER:
[ Send me a description of the "mental image of me" that you have
[ constructed from reading my postings.  You can retrieve back
[ issues of CuD for past postings; I also participate in many Use-
[ net discussion groups. (look for a return address of either
[ "morgan@engr.uky.edu" or "morgan@ms.uky.edu")  I'd like to see
[ just how accurate your perceptions can be.  Feel free to speculate
[ on my physical attributes, education, sexuality, events in my past,
[ or any other topic that my words suggest to you.  I'll answer pri-
[ vately and tell you how close you are to the 'real me.'  I may post
[ a summary of responses, but identities will be held confidential.

   >Secondly, in Jim Thomas's response, he notes that he sees "no
   >significant evidence" that the "old boys" network is being recreated
   >in cyberspace. He notes, "The 'old boys' no longer control the
   >terrain..." I'm sure he realizes that the "old boys" have *never*
   >controlled the entire terrain, but the share allotted women has been,
   >and continues to be, small.  Although some men seem consciously
   >willing to share larger portions of that terrain with women, what
   >little evidence we have to date seems to suggest that much of it is
   >still dominated by men. Larry Landwehr is obviously one of the men
   >unwilling to give up an inch of his cyberspace.

Don't you see?  Cyberspace doesn't belong to any one person; none of
us can stake a claim to any part of it.  Anyone who does so is both
uninformed and egotistical.  Take a look at the List of Lists, the
compendium of publicly accessible mailing lists.  *Very* few of them
are managed/controlled by "well-known net personalities"; the vast
majority of list owners are just regular folks.

Some say that the cost of net access are too high for women/minorities
to participate; I cannot agree with that perception any longer.  These
economic arguments against net.participation no longer hold water; if
there is a site within local calling distance, one can establish a
Cyberspace presence for less than $500 (a 286 PC and a modem).  A quick
glance at the UUCP maps shows that the following systems are being used
as net sites:
   IBM PC/AT, PC/XT
   Apple Macintosh Plus
   Amiga 500
   Atari 1040
   Tandy Color Computer, TRS-80
   AT&T 6300, 3B1, 3B2/310
If you can't pick up one of these systems for under $500, you aren't
trying hard enough; I have seen some of these for sale at $200 and
below.  Software exists that simply 'drops in place'; very little
technical expertise is required.

In conclusion, I cannot dispute the fact that there are many obnoxious,
offensive people on the net.  However, I refuse to accept the notion
that computer-mediated communication is significantly different from
any other free speech forum.  I believe that the current rush of gender
issues in CMC -- from 'computer porn' to 'chilling effect' to 'old boy
networks' -- are merely a reflection of the growing expanse of Cyber-
space.  I have yet to see evidence of *any* bias which is unique to
computer-mediated communication.  In fact, I submit that CMC provides
better opportunities to respond to (or ignore) offensive material.  I
readily grant that CMC is far more direct (and timely) than almost any
other form of group communication; however, the problems are neither
based in nor reparable from a computational perspective.

Fix the message, not the medium.

------------------------------

Date: Fri,  7 May 1993 13:59 CDT
From: <BOEHLEFELD@WISCSSC.BITNET>
Subject: File 2-- Response to Wes Morgan

Wes Morgan wrote:

> Can you
>give an example of a free speech forum that does *NOT* have the po-
>tential to cause this fear and/or reticence?

No, I can't, Wes, and maybe that's the point? I think it's obvious
that I'm not one of the women who feels "chilled" by verbal sparring.
Among the points which I was trying to make is that *some* women (and
some men) are.

Just as a quick recap, my main points (apparently ill developed) were
these:

1. There's nothing wrong with using a feminist perspective to conduct
social science studies of computer mediated communication and computer
technology issues. I did not, and do not intend to, suggest other
perspectives should not also be used.

2. Several factors (accessibility and "harassing" posts among them)
may be operating in such a way as to systematically exclude women from
full participation in the net community.

3. I think the existing data are slim. We need more.

I'll stop there, because even though there were some subpoints
embedded in my first comments, I don't think I need to rehash them.

I will say that since the post ran, I've received notes from folks
whose opinions of what I wrote range from thinking I was "too obtuse"
to thanking me for my "thoughtful response."

But, to address Wes Morgan's concerns specifically, let me return to
the line quoted at the top of this post.

I cannot think of any existing "free speech forum" that doesn't
include the potential for some chilling effect. I also believe other
forums may also systematically exclude women from full participation.
(Please note: I said *may* exclude. I have neither done, nor examined
fully, existing research about those forums.) I'm interested, however,
in the development of some kind of data base from which such
hypotheses can be tested in an empirical manner.  And I believe that
is only one such hypothesis that needs testing.

When people like Les Landwehr and others rail about "feminist dogma,"
I worry that the research necessary to come to some sort of reasonable
conclusion about these hypotheses will be shunted aside for other,
"easier" projects. OK, I'll admit that some folks will think this an
imagined fear. Actually, I hope they're right.

I agree with Wes that the problems which may exist in cyberspace are
probably reflective, to a great extent, of problems within the larger
society. I also agree that it's possible to ignore them in this
medium, as it is to ignore them in other media.  But I guess I don't
really believe that ignoring a problem makes it go away.

------------------------------

Date: Fri,  7 May 93 11:43:56 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: File 3--Cryptography and Mythology

In a recent issue of Cud, Mike Godwin presented a series of
interesting arguments concerning the Clipper initiative and the
Constitution.  Before he even got to those arguments, however, he
mentions in passing a few issues that have been brought up repeatedly.
I'd like to deal with one in particular.  Mr. Godwin writes:

    >         2.  Refusal to allow public scrutiny of the chosen
    >encryption algorithm(s), which is the normal procedure
    >for testing a cryptographic scheme, and

I've seen this argument in various guises and in many different
forums, from the most ill-informed flames in Usenet newsgroups to
statements by the EFF and industry groups.  What I find fascinating is
the way that a claim like this can come to be believed, when in fact
it has NO basis in reality.

Until quite recently, almost all cryptography in the world was carried
out by the defense establishments and foreign services of the world's
governments.  The systems they used, and the systems they continue to
use to this day, were NEVER subject to public scrutiny.  The NSA
continues to attempt to keep under tight secrecy all information about
their cryptographic work, including information about systems and
techniques that were used 40 and more years ago.  Despite their
general success in this regard, as far as I can tell more information
has been published about NSA systems and techniques than those of any
other country (with the possible exception of Britain, if you believe
what Peter Wright has to say in Spycatcher) - and some of what has
been published out the techniques of others has probably come through
NSA sources.

What little private cryptography existed was based on modifications of
older military cryptosystems - e.g., the famous Hagelin machines,
based on modifi-cations of World War II technology.  The security of
these machines was never "subject to public scrutiny", and in fact we
now know that they were long ago broken by the cryptoanalytic services
of the world's major powers.

Today, I think it's safe to say that the majority of encrypted
communication is still carried out by the same organizations, using
systems whose inner workings remain secret and definitely not subject
to public scrutiny.

Of the remaining encrypted communication, ignoring the many trivial
algorithms in use, the bulk of significant encrypted traffic is almost
certainly based on DES.  While the DES algorithm is public, the design
choices behind it remain secret to this day.  It took Shamir's
re-discovery of differential cryptography to justify the choice of the
P boxes and the number of rounds in DES.  To the shock of conspiracy
theorists, differential cryptography ended up showing that DES was as
strong with respect to this important class of attacks as any system
of its size could be.  What has gone unmentioned is that we STILL
don't have a definitive statement as to the design principles behind
DES:  It took 15 years to re-discover differential cryptography.
Might there be another, different attack that no one in the outside
world has found yet?  We don't know:  The most widely used public
cryptographic system is subject to only a limited degree of public
scrutiny.

If you watch the appropriate Usenet newsgroups, you'll get the
impression that "everyone" is using PGP.  In fact, not only is the
total message traffic encrypted using PGP or related systems
insignificant outside of this rather rarefied atmosphere, but it's
worth pointing out that the PGP itself is based on IDEA (or is it
FEAL?), a cryptosystem in the same class as DES - a class of
cryptosystems that it is not at all clear is thoroughly understood in
the research community.  (Shamir's work demolished several related
systems that had been seriously proposed.  IDEA IS secure - against
this class of attack.)

Where, then, are we to find a "normal procedure for testing a
cryptographic scheme" that involves "public scrutiny of the chosen
encryption algorithm(s)"?  "Public scrutiny" in the sense the term is
being used here is very much at the center of academic life.  It is
NOT at the center of almost anything else in the world.  It's hard to
find a single product that we use on a day to day basis that has been
subject to "public scrutiny" in this sense.  Important details of
design and manufacture of products are trade secrets.  GM won't tell
you the algorithms used in the chips that control your new car's
engine.  Coca Cola won't tell you what goes into their "secret
formula".

Most of the world is not academia, and does not share academia's value
system.  The "normal procedure for testing cryptographic scheme(s)"
does not exist, and has NEVER existed.  What has existed is the
"normal procedure for testing results presented for academic
publication", which has been applied, quite properly, to academic work
on cryptography.  This is quite a different thing.

------------------------------

Date: Thu, 6 May 1993 13:09:12 EST
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 4--New NIST/NSA Revelations

                       New NIST/NSA Revelations

        Less than three weeks after the White House announced a
controversial initiative to secure the nation's electronic
communications with government-approved cryptography, newly released
documents raise serious questions about the process that gave rise to
the administration's proposal.  The documents, released by the
National Institute of Standards and Technology (NIST) in response to a
Freedom of Information Act lawsuit, suggest that the super-secret
National Security Agency (NSA) dominates the process of establishing
security standards for civilian computer systems in contravention of
the intent of legislation Congress enacted in 1987.

        The released material concerns the development of the Digital
Signature Standard (DSS), a cryptographic method for authenticating
the identity of the sender of an electronic communication and for
authenticating the integrity of the data in that communication.  NIST
publicly proposed the DSS in August 1991 and initially made no mention
of any NSA role in developing the standard, which was intended for use
in unclassified, civilian communications systems.  NIST finally
conceded that NSA had, in fact, developed the technology after
Computer Professionals for Social Responsibility (CPSR) filed suit
against the agency for withholding relevant documents.  The proposed
DSS was widely criticized within the computer industry for its
perceived weak security and inferiority to an existing authentication
technology known as the RSA algorithm.  Many observers have speculated
that the RSA technique was disfavored by NSA because it was, in fact,
more secure than the NSA-proposed algorithm and because the RSA
technique could also be used to encrypt data very securely.

        The newly-disclosed documents -- released in heavily censored
form at the insistence of NSA -- suggest that NSA was not merely
involved in the development process, but dominated it.  NIST and NSA
worked together on the DSS through an intra-agency Technical Working
Group (TWG).  The documents suggest that the NIST-NSA relationship was
contentious, with NSA insisting upon secrecy throughout the
deliberations.  A NIST report dated January 31, 1990, states that

     The members of the TWG acknowledged that the efforts
     expended to date in the determination of a public key
     algorithm which would be publicly known have not been
     successful.  It's increasingly evident that it is
     difficult, if not impossible, to reconcile the concerns
     and requirements of NSA, NIST and the general public
     through using this approach.

        The civilian agency's frustration is also apparent in a July
21, 1990, memo from the NIST members of the TWG to NIST director
John W. Lyons.  The memo suggests that "national security"
concerns hampered efforts to develop a standard:

     THE NIST/NSA Technical Working Group (TWG) has held 18
     meetings over the past 13 months.  A part of every
     meeting has focused on the NIST intent to develop a
     Public Key Standard Algorithm Standard.  We are
     convinced that the TWG process has reached a point where
     continuing discussions of the public key issue will
     yield only marginal results.  Simply stated, we believe
     that over the past 13 months we have explored the
     technical and national security equity issues to the
     point where a decision is required on the future
     direction of digital signature standards.

An October 19, 1990, NIST memo discussing possible patent issues
surrounding DSS noted that those questions would need to be
addressed "if we ever get our NSA problem settled."

        Although much of the material remains classified and withheld
from disclosure, the "NSA problem" was apparently the intelligence
agency's demand that perceived "national security" considerations
take precedence in the development of the DSS.  From the outset,
NSA cloaked the deliberations in secrecy.  For instance, at the
March 22, 1990, meeting of the TWG, NSA representatives presented
NIST with NSA's classified proposal for a DSS algorithm.  NIST's
report of the meeting notes that

     The second document, classified TOP SECRET CODEWORD, was
     a position paper which discussed reasons for the
     selection of the algorithms identified in the first
     document.  This document is available at NSA for review
     by properly cleared senior NIST officials.

In other words, NSA presented highly classified material to NIST
justifying NSA's selection of the proposed algorithm -- an
algorithm intended to protect and authenticate unclassified
information in civilian computer systems.  The material was so
highly classified that "properly cleared senior NIST officials"
were required to view the material at NSA's facilities.

        These disclosures are disturbing for two reasons.  First, the
process as revealed in the documents contravenes the intent of
Congress embodied in the Computer Security Act of 1987.  Through
that legislation, Congress intended to remove NSA from the process
of developing civilian computer security standards and to place
that responsibility with NIST, a civilian agency.  Congress
expressed a particular concern that NSA, a military intelligence
agency, would improperly limit public access to information in a
manner incompatible with civilian standard setting.  The House
Report on the legislation noted that NSA's

     natural tendency to restrict and even deny access to
     information that it deems important would disqualify
     that agency from being put in charge of the protection
     of non-national security information in the view of many
     officials in the civilian agencies and the private
     sector.

While the Computer Security Act contemplated that NSA would
provide NIST with "technical assistance" in the development of
civilian standards, the newly released documents demonstrate that
NSA has crossed that line and dominates the development process.

        The second reason why this material is significant is because
of what it reveals about the process that gave rise to the so-
called "Clipper" chip proposed by the administration earlier this
month.  Once again, NIST was identified as the agency actually
proposing the new encryption technology, with "technical
assistance" from NSA.  Once again, the underlying information
concerning the development process is classified.  DSS was the
first test of the Computer Security Act's division of labor
between NIST and NSA.  Clipper comes out of the same
"collaborative" process.  The newly released documents suggest
that NSA continues to dominate the government's work on computer
security and to cloak the process in secrecy, contrary to the
clear intent of Congress.

        On the day the Clipper initiative was announced, CPSR
submitted FOIA requests to key agencies -- including NIST and NSA
-- for information concerning the proposal.  CPSR will pursue
those requests, as well as the pending litigation concerning NSA
involvement in the development of the Digital Signature Standard.
Before any meaningful debate can occur on the direction of
cryptography policy, essential government information must be made
public -- as Congress intended when it passed the Computer
Security Act.  CPSR is committed to that goal.

***************************************************
David L. Sobel
CPSR Legal Counsel
(202) 544-9240
dsobel@washofc.cpsr.org

------------------------------

Date: Tue, 4 May 1993 10:29:54
From: The Advocate <The.Advocate@ano.nymo.us >
Subject: File 5--About the Clipper Proposal

Gentlemen.

No matter about the clipper proposal.  What the Federal government has
not done in either the digital telephony statutes  or the clipper chip
proposal is prove that a problem  exists  nor that this is the least
intrusive measure  to resolve the problem.

Digital encryption promises  great power to the individual user, but
the government has enormous power.  The CIA and the NSA spend about 70
billion dollars a year,  most of which is on technical signals capture
and decryption.

No-one has demonstrated that the CIA  lacks the technology to still
conduct wiretaps  at points  ahead of the encrypters,  nor has anyone
demonstrated that the NSA lacks the resources to de-crypt
conversations.

If in fact the NSA lacks the resources to de-crypt civilian
 conversations, then what have we been spending all this money for?

Constitutional theory dictates that any government intrusion on a
civil right,  must take the form of the least intrusion.  This
proposal has not been demonstrated to be the least intrusive,  nor has
there been ademonstration that  there is even a need.

------------------------------

From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 6--Dvorak criticizes the SPA
Date: Fri, 7 May 1993 02:20:21 EDT

A recent article by John C. Dvorak from the May 11, 1993 issue of PC
Magazine, commented on the Rusty & Edie's bust (we thank Mike Castle
for drawing our attention to the piece).  Dvorak was especially
critical of the SPA.  Dvorak is the second major columnist in the past
month to begin challenging the SPA's philosophy and tactics. In CuD
5.32, we reported Michael Alexander's (editor of INFOSECURITY NEWS)
criticisms and call for the SPA to change its direction.  Alexander
concluded:

     However, I believe that the SPA's much-publicized raids on
     businesses whose users are allegedly making unauthorized copies
     of software do little to advance the cause of information
     systems security. Any infosecurity practitioner will tell you
     that fear, intimidation and threats do not make for better
     security. What works is education, communication and
     cooperation.

Dvorak's piece, "BBS Easy Target in FBI Bust" begins by summarizing
Rusty and Edie's troubles when the FBI seized their equipment and
other material in February.  Dvorak cites one "intelligence-gathering"
service that estimated that as many as 2,000 BBSes of the 25,000 it
monitors specialize in "pirated" software, and that any of these could
have been busted.  However, he claims that R&E's was particularly
vulnerable:

        But Rusty and Edie had made a lot of enemies in the BBS
    community because they had a reputation for reposting nudie
    .GIFs from other sources, removing the original promotional
    material and inserting their own promotional stuff--a practice
    despised by BBS operators.  Many bulletin board services barely
    eke out a living and would be profitless if it weren't for the
    peculiar demand for downloadable pictures of people in the buff.
    Rusty had also done little to make friends in the BBS community.
    It's one of the few BBSs that do not even post the number of
    other BBSs for the convenience of subscribers.
        So when Rusty was busted, the community did nothing and said
    nothing.  Many operators quietly smirked or applauded.  Yes
    indeed, the SPA picked a convenient target.

Dvorak argues that R&E's was not an outrageous pirate board that
flaunted commercial software or other illicit activities. It was, he
contends, a board that promoted shareware, which he calls a
"legitimate threat to the software companies that sponsor the SPA."
Why, he asks, didn't the SPA call R&E's or conduct an audit as they do
in other cases?  It was, Dvorak reasons, when R&E announced their
intention to expand to 500 lines that "the FBI got serious." He adds
with sarcasm that it's also a coincidence that "a major source of
shareware is obliterated."

Dvorak does not defend piracy, and he is explicit in stating that
commercial software publishers should be compensated for their
efforts.  His column is not a defense of R&E, but a criticism of the
SPA.  Dvorak concludes:

          The SPA should protect the BBS operator from having
     equipment confiscated.  These are computers, not drugs or
     illegal weapons!  The rational means any PC Magazine reader
     suspected of having pirated software may have a PC confiscated.
     As in Stalin's Russia, it only takes a tip from an unfriendly
     neighbor.  The SPA is that neighbor today.  A disgruntled
     employee or jilted lover will be that neighbor tomorrow.

Dvorak makes several good points. First, the current criminalization
trend of even trivial computer delinquency risks unacceptable invasion
by law enforcement. Second, the SPA--counter to it's claim to be a
"good neighbor" may be acting in bad faith to promote its own vested
interests. Finally, he has taken what until now has been an issue of
concern to a small proportion of computer users and suggested how a
continuation of the SPA's policies could lead to an oppressive climate
in cyberspace.

CuD has become increasingly critical of the SPA, and we have severe
reservations with their professed goal of combatting piracy through
education. It is our view that they are not acting in good faith and
that they play rather loose with facts to bolster their raiding
tactics. We will elaborate on this in a special issue in about two
weeks.

------------------------------

From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 7--New 'Zine (ORA.COM) by O'Reilly & Associates
Date: Fri,  7 May 1993 11:40:11 CDT

((MODERATORS' NOTE: CuD  does not advertise, and we receive no
compensation for plugging an occasional product. We run the occasional
blurb announcing a product when it seems of interest to computer
hobbyists, or--which happens periodically--when we come across
something of sufficient quality that we think it's worth checking out,
as is the case here)).

O'Reilly & Associates, the publishers who put out a line of first-rate
Unix books, recently came out with a catalogue/newsletter that's
slick, informative, and--for an inhouse advertising (ORA.COM)
'Zine--fun to read. What especially caught our eye was the sales
figures for THE WHOLE INTERNET. Although it only appeared within the
past year, it's in its fifth printing (125,000 copies in print) and in
some stores has outsold Madonna as the best seller.

We like ORA.COM for a couple of reasons: It's informative and gives a
nice summary of the O'Reilly line (which it's supposed to do); The
layout is not typical of most publishers' catalogues--it more closely
resembles WIRED and similar cyber-age 'Zines; It's FREE!

The premier issue of ORA.COM includes news and features, including an
Internet department, general news and tips of interest to sysops,
sysads, and computer users, and tips and tricks for becoming more
adept at computer use.

It's worth a look. For more information, contact:

Brian W. Erwin
O'Reilly & Associates, Inc.
103 Morris Street, Suite A
Sebastopol, CA  95472
Internet: letters@ora.com / Voice: (800) 998-9938 - (707) 829-0515

------------------------------

End of Computer Underground Digest #5.34
************************************