Computer underground Digest    Wed  Sep 29 1993   Volume 5 : Issue 76
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
    Copie Editor: Etaoin Shrdlu, III

CONTENTS, #5.76 (Sep 29 1993)
File 1--Bruce Sterling on ABC/Australia's Attitude (excerpts)
File 2--the Cyberspatial Copyright
File 3--Forum for Research on Virtual Culture
File 4--Computer-Mediated Comm Volume -- Call for Papers
File 5--Question EFF yielding of crypto authority to NIST
File 6--PGP/Zimmermann News Clippings Needed!
File 7--EFF's Comments to NIST on Encryption/Escrow
File 8--Three Cheers for Legal Action; Re: Mody Crypto
File 9--PumpCon II

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

ANONYMOUS FTP SITES:
  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
  EUROPE:         nic.funet.fi in pub/doc/cud. (Finland)
  UNITED STATES:
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud
                  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/cud
                  ftp.eff.org (192.88.144.4) in /pub/cud
                  halcyon.com( 202.135.191.2) in /pub/mirror/cud
                  ftp.warwick.ac.uk in pub/cud (United Kingdom)

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Mon, 27 Sep 1993 21:59:56 +0800 (WST)
From: Stephen Hardman (Amiga files operator) <hardguy@GARION.IT.COM.AU>
Subject: File 1--Bruce Sterling on ABC/Australia's Attitude (excerpts)

This transcript from Attitude, ABC/Australia September 8 includes the
parts by Bruce Sterling and an Australian federal police officer.

Bruce Sterling (I think you all know who he is)

"Law enforcement officers tell me that if they break into a teenagers
home and he's got a computer and a modem and a copy of William
Gibsons, Neuromancer, they just know he's trouble.

 It uses a new set of topics to think about, I mean, rather than
thinking about rocket ships and robots and so forth, the things of the
'50s and '60s, it thinks about matters like electronic networking and
the impact of high technology media and genetic engineering and that
sort of thing.

 I'm enough of a anarcho-individualist in a funny kind of way to think
that I probably ought to be able to make up my own mind about what I
think is interesting and I really shouldn't have the government spoon
feeding me the kind of information they think is healthy for me to
know.  There are legitimate security interests, but that's not the
same thing as living under general censorship.  You know, my feeling
is... it's my business to find stuff out and think about things, it's
my business to imagine things, it's not my business to control what
other people think.  And I resent it when people try to stop me from
finding things out that I feel I need to know, for whatever reason.

 People are afraid of hackers because they are frightened of
computers.  I mean that's the real basis of the sort of gut-level
superstitious fear.  They're afraid of computers and they're afraid of
the power of computers, that's kind of a legitimate fear, I mean,
power without responsibility is a terrible thing, and, you know, there
are reasons to be upset by people that are computer literate or very
skilled with computers, if they have no sense of social
responsibility, these people can in fact do quite a bit of harm, you
know, subtle ways that are hard to detect and prosecute." [..]
Detective Seargent Ken Day of the Australian Federal Police.:

"We have the capacity if we have sufficient evidence, for example and
we consider it a serious crime to arrest.  We have, for example, the
capacity to obtain a warrant to search someone's house.  But we don't
decide we can go out and do that, we must answer all our actions
before a judicial body such as a court.

  It is not a game, it's a criminal act.  The legislation is not
enacted, not on whim, legislation isn't acted in this country after
extensive and serious consultation and computer crimes were
identified as being criminal activity.  They are anti-social.  They
are morally, and they are now illegally, wrong.  It is not a game.

  The infrastructure that we work in now that we live in is by and
large controlled or monitored by computer technology and examples are
traffic lights, telephone systems, bank. all these that we relly upon
are controlled by computer networks.  Remove those networks from the
loop, you don't have those services.  That's why we must protect it.

  Some people might say, well, federal police don't know about me, I'm
hacking away, they just don't know, they haven't busted my door down.
Well the simple answer to that question is maybe we know about you but
we're investigating more serious crimes."
[..]

There are more comments made by the ex Australian army security man
and talks to hackers <sigh/grin>.

------------------------------

Date: Tue, 28 Sep 93 00:15:07 -0600
From: "L. Detweiler" <ld231782@LONGS.LANCE.COLOSTATE.EDU>
Subject: File 2--the Cyberspatial Copyright

((MODERATORS' NOTE: L. Detweiler is a frequent contributor to
Cypherpunks mailing list, editor & writer of various FAQs, such as
Identity, Privacy, and Anonymity on the Internet, and the Anonymity on
the Internet FAQ Treatise. cryptography FAQ janitor. These can be
obtained at rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or
net-anonymity/ or cryptography-faq/ respectively).

In CuD #5.75 File 3 ("Raising the Issue of Copyright on the Nets")
gray@ANTAIRE.COM (Gray Watson), objecting to the inclusion of a
copyrighted article, writes

>I don't think CUD should have allowed this.  I send out a standard
>message when I see such posts and it is applicable here:
>
>    >For your information, including a significant amount of text
>    >from copyright publications in posts is a breach of
>    >copyright law.  The publishing industry will *never* adopt
>    >digital distribution if the net does not honor the copyright
>    >laws.

I have been tracking the `cyberspatial copyright issue' with a great
deal of interest for some time, and Mr. Watson's complaint is pretty
standard fare in the debate. Since it appears in a journal and my
response might be posted, I'm taking the time to write this.

I think Mr. Watson and everyone else who claims that digital
publications will not arrive until the Net respects copyright law in
its present form are fundamentally mistaken. First of all, what the
heck *does* copyright law say about cyberspace? absolutely nothing
specifically. There are many *interpretations* of copyright law that
attempt to promote one view or another based on the current
classifications of various forms and distributions, but they are all
mostly nebulous. Is an FTP site a library or what? What constitutes
`redistribution'?

It seems to me that the fundamental issues behind a copyright are one
or more of the following: the author desires to (1) control the
distribution of a work exclusively, (2) make money therefrom, (3)
guarantee the writing is not `corrupted', i.e. it does not credit
someone else and is not mixed with other people's material. In
particular, if (1) can be guaranteed than (2) and (3) can be derived
therefrom.

Now, suppose that future cyberspatial authors give up or sacrifice (1)
if (2) and (3) are more closely adhered to. I believe most authors
would prefer this system. I imagine the following scenario. An author
creates the text for unlimited distribution, with an email address that
indicates where `digital cash' can be sent to compensate him, including
a suggested donation or whatever.

Under this scheme, the author gives up `exclusive distribution' to
maximize actual dissemination and thereby exposure and potential
personal profit. Under this system, the reader of the articles are
required to (1) send digital cash when they have benefited from the
article, where appropriate, and (2) not alter the text of an article
when they redistribute it. Note that under this scheme we don't need
the silly taboo that people are to be criticized for redistribution of
articles -- to the contrary, they should be recognized for their
selfless public service, whereby they are causing benefit to the author
of the article by their efforts, with no personal profit therefrom.

I imagine other interesting distributions systems that will arise with
the advent of digital cash. For example, the email addresses of all
intermediate distributors may be appended to the beginning of an
article in reverse order. The original author would be free to specify
the system: send me money and the distribution list that was the header
of the article *you* received, and I will redistribute the money among
the redistributors. We should always recognize that the ultimate author
has the ultimate right to the digital cash, however, because otherwise
the writing would not have existed.

This is what might be called a `shareware copyright' for text, and I
think it is an extremely workable system, and I believe it will evolve
to become the norm. Certainly, some people will object to the system,
but I suspect they are mostly `middlemen' in the current system that
generally derive an undue profit from mere redistribution.

However, there are systems where complete control of redistribution is
desirable. For example, an author might wish to track directly every
place in cyberspace his article has been received. Under this scenario,
we can imagine a sort of `toll gopher' system, wherein the traversal of
a hypertext link in a text system causes an automatic toll to be
applied between receiver and provider. Again, digital cash forms a
fundamental basis for this system. In this system, the `copyright'
implies that anyone that passes on an article passes on the *address*
of the hypertext location, so that the next person does not retrieve a
`dissociated' article but instead accesses the `official' version.
Again, people must agree not to alter digital cash addresses associated
with articles. And in fact a taboo similar to that associated with
redistribution in the current system will arise against `piracy' or
`tampering' of the digital cash addresses.

Finally, I must note that under all these scenarios a vast, ubiquitous,
and instantaneous cyberspatial infrastructure is intrinsic to the
overall system. However, at the current pace, this should not be an
overwhelming difficulty. It is the ultimate goal of everyone currently
inhabiting Cyberspace anyway.

Under the above schemes, I imagine that future cyberspace will become
extremely hospitable to all future writers and editors, who are freed
to focus on the absolute essentials of their craft, unchained from
burdensome and irrelevant constraints associated with costly,
complicated, and imperfect distribution systems. In fact, we will find
that in future cyberspace *everyone* will be seen as acting as writers
and editors. It will become a fundamental aspect of cyberspatial
living, recognized as natural and fundamental as word processing is
today.

------------------------------

Date: Sun, 26 Sep 1993 22:00:32 CDT
From: Ermel Stepp <M034050@MARSHALL.BITNET>
Subject: File 3--Forum for Research on Virtual Culture

The Institute for Research on Virtual culture (IRVC) aims to foster,
encourage, advance, and communicate research and scholarly inquiry on
virtual culture. IRVC-L is a virtual forum of IRVC to conduct
substantive discourse on research and scholarly inquiry to create and
develop knowledge about virtual culture. Substantive discourse is
encouraged on topics such as:

   1. Conceptualization of virtual culture (alternative
      philosophic, metatheoretical, and theoretical paradigms,
      principles, assumptions, propositions, and problems)
   2. Alternative futures orientation, change, transformation,
      reform, and restructuring: conservative, liberal, or
      radical
   3. Review and critique of literature, including articles in
      refereed scholarly journals
   4. Alternative designs and methodologies for research and
      scholarly inquiry on virtual culture
   5. Findings, conclusions and implications for education,
   6. Research in progress on virtual culture
   7. Collaborative research by subscribers
   8. Setting the research agenda on virtual culture
   9. Institute for Research on Virtual Culture
  10. Relevant announcements, events, and issues

<<< Subscription to IRVC-L >>>

Subscription to IRVC-L is open, but the list is private and
subscription is required to post messages to the forum and access
listserv archives.

To subscribe to IRVC-L send a message to
listserv@byrd.mu.wvnet.edu with the line of text:

subscribe IRVC-L Yourfirstname Yourlastname

Example: subscribe IRVC-L Thomas Jefferson

<<< Sending a Message to IRVC-L >>>

Messages sent to the forum will be automatically distributed to all
subscribers. Such messages should be within the scope of the purposes
of the forum: Substantive discourse of virtual culture, related
research issues (e.g., design and/or methodology) relevant
announcements, and other messages pertinent to the forum. To send a
message to the forum, address the message to IRVC-L@byrd.mu.wvnet.edu.
[Do not send a message intended for the forum to the listserv.]

<<< IRVC-L Archive >>>

Messages are automatically archived in monthly digests with filenames
IRVC-L.mmm.yy, where mmm is the first three letters of the month and
yy last two numerals of the year. Other files will be archived as
well. All messages sent to IRVC-L are archived at byrd.mu.wvnet.edu.
To get an index of the archive of files and digests of messages send a
message to listserv@byrd.mu.wvnet.edu with the line of text:

index IRVC-L

<<< UNIX-listserver >>>

IRVC-L is on a unix listserver. To receive a list of commands that may
be used on this listserver send a message to
listserv@byrd.mu.wvnet.edu with the line of text:

help

Other commands may be included on separate lines in the message,
such as:

review IRVC-L (to get a list of unconcealed subscribers to IRVC-L)
get IRVC-L irvc-l.aug.93 (to get the archived messages to IRVC-L
for August 1993)

<<< Anonymous FTP Archive >>>

IRVC maintains archives, including research papers and
reports, dissertations, conference proceedings, journals,
and other information about IRVC and virtual culture.
The archive may be accessed by anonymous FTP to
byrd.mu.wvnet.edu in /pub/estepp/IRVC in various
subdirectories. Research scholars and writers may submit
documents to be archived. Retrieve file archive.submission
from /pub/estepp/IRVC and follow the instructions in it.

The _Electronic Journal on Virtual Culture_  (EJVC) is a
refereed, scholarly journal published by Arachnet, with the
cooperation of the Kent State University and the Institute for
Research on Virtual Culture, Marshall University. The EJVC is
archived at byrd.mu.wvnet.edu in /pub/ejvc, and it is retrievable
via anonymous FTP. Get EJVC.ARCHIVES from the archives via FTP.
Articles published in the EJVC will be discussed on IRVC-L.
To subscribe to the EJVC, send email to listserv@KENTVM.BITNET
or listserv@KENTVM.KENT.EDU with the sole line of text:

subscribe EJVC Firstname Lastname

using your real name, of course.

<<< Listowner >>>

Questions about IRVC, IRVC-L, EJVC and related issues may be
directed to the listowner:

Dr. Ermel Stepp
Executive Director
Institute for Research on Virtual Culture
Marshall University
Huntington WV 25755-2440

Internet  estepp@byrd.mu.wvnet.edu
BITNET    M034050@MARSHALL
finger    M034050@MARSHALL.MU.WVNET.EDU

------------------------------

Date: Sun, 26 Sep 1993 14:15:38 CDT
From: Susan Herring <sherring@WILEY.CSUSB.EDU>
Subject: File 4--Computer-Mediated Comm Volume -- Call for Papers

                        CALL FOR CONTRIBUTORS:
              VOLUME ON COMPUTER-MEDIATED COMMUNICATION

As an outgrowth of a panel presented at the 4th International
Pragmatics Conference in Kobe, Japan on "Cultural and Linguistic
Aspects of Computer-Mediated Communication", a volume is being
prepared for publication in the _Pragmatics goal of the volume is to
bring together the best in current research on CMC as a social,
cultural and linguistic phenomenon.  Contributions should be
empirically-oriented (that is, based on observation of actual CMC) and
focused primarily on language and communication (rather than on
technological aspects or secondary applications of the medium).  A
partial list of suggested topics is included below:

      - the linguistic description of CMC -- spoken-like?
    graphic representation, discourse, register, style

      - CMC genres -- e-mail, bulletin boards (BBS), discussion
    lists, interactive relay chat (IRC), 'talk' modes,
    multi-user dungeons (MUDs), etc.

      - CMC and social interaction -- dynamics of on-line
    communities, politeness/rudeness, humor, harassment,
    computer sex

      - CMC use by dominant and non-dominant groups -- gender,
    ethnicity, status, special interests

      - CMC in countries outside the U.S.; cross-cultural CMC

      - CMC in institutional settings -- business, government,
    education

      - children's CMC

Papers surveying a topic or reporting on a large-scale ongoing
project are also welcome.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
To be considered for inclusion in the volume, prospective authors
should submit to the volume editor the following:

1)  A 300-500 word abstract clearly outlining the problem, data,
methodology, and conclusions of the research to be reported on in the
paper, and

2)  A short biographical statement (no longer than 300 words)
indicating previous CMC research and/or relevant experience.  (An
abridged curriculum vita may be substituted for the biographical
statement.)

Submissions can be sent via e-mail, snail-mail or fax to the volume
editor, Susan Herring, at the address below:

    Susan Herring
    Program in Linguistics
    University of Texas
    Arlington, TX  76019  USA
fax: (817) 273-2731
e-mail: susan@utafll.uta.edu

The deadline for receipt of abstracts and biographical statements is
November 1, 1993.  However, earlier submissions are welcomed.

After the abstracts have been reviewed, the author of each abstract
selected will be issued an invitation to contribute a full-length
article to the volume, along with a set of guidelines for its
preparation.  The tentative deadline for the receipt of completed
camera-ready manuscripts will be February 1, 1994, with an anticipated
publication date early in 1995.

Feel free to address any questions, comments, or suggestions to
Susan Herring (susan@utafll.uta.edu).

------------------------------

Date: Tue, 28 Sep 93 23:53:38 PDT
From: jkreznar@ININX.COM(John E. Kreznar)
Subject: File 5--Question EFF yielding of crypto authority to NIST

> Below is the text of the comments that EFF filed with NIST today.

> ...

>         When the Clinton Administration announced the Clipper Chip, it
> assured the public that this would be a purely voluntary system.  We must
> have legal guarantees that Clipper is not the first step toward prohibition
> against un-escrowed encryption.  Yet the Administration has not offered any
> such guarantees, either in the form of proposed legislation or even agency
> rules.

> ...

Actually, they have issued such legal guarantees.  They're in the form
of the administration's vow to uphold the US Constitution.  That
document's 9th and 10th amendments preclude US Government denial or
disparagement of the people's right to use cryptography (and a whole
lot of others).  The fact that these legal guarantees are being
ignored simply illustrates that their tyranny is unbridled.

By engaging NIST on this subject, the EFF is implicitly yielding to
them authority which is not theirs to begin with.

------------------------------

Date: Wed, 29 Sep 1993 06:50:04 GMT
From: hugh@GARGOYLE.UCHICAGO.EDU(Hugh Miller)
Subject: File 6--PGP/Zimmermann News Clippings Needed!

((MODERATORS' NOTE: Hugh Miller's request for reprints of articles
related to PGP/Phil Zimmermann is one way everybody can help. Peruse
your local papers and if you find anything, you can send him the
pointers and he can take it from there)).

    I am interested in collecting all citations in newspapers,
magazines, etc. of the subpoenas and investigation by Customs of Phil
Zimmermann.  To that end I'd like to ask readers of CUD to help me
out.  If you spot an article would you please take a moment to jot
down the citation (author, title, publication, vol/issue, date, page
numbers)?  You don't need to type in the article, but blessings on
your head if you do.  I will conduct a weekly NEXIS scan anyway, but
I'm sure I'll miss something.  I will collect the stuff and pass it on
to Phil and the legal defense team.

    Thanks, folks.  Send the info to ME, not to Phil, whose bank
account is empty but whose e-mailbox is packed.  You can mail to me
here (Hugh@gargoyle.uchicago.edu) but it will just be automatically
forwarded to my true address, hmiller@orion.it.luc.edu.

    Thanks for your help.  And give to Phil's legal defense fund.

------------------------------

Date: Tue, 28 Sep 1993 16:15:42 -0400
From: ssimpson@EFF.ORG(Sarah L Simpson)
Subject: File 7--EFF's Comments to NIST on Encryption/Escrow

I'm happy to say that there were 225 letters offering comments on the
proposed key escrow system sent to the cryptnow@eff.org address.  They
were printed out and delivered today.

Many thanks to all who responded to the call for action.  I've gotten
really positive responses to the post and our electronic mail
mechanism.  If you think that this sort of notice helped you to be
informed and participate in policy, please drop me a note at
ssimpson@eff.org.  Let me know if you think that this is an important
service that EFF can provide for the online community.

Below is the text of the comments that EFF filed with NIST today.

================================

September 27, 1993

National Institute for Standards and Technology
ATTN:  Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
Gaithersburg, MD  20899

To The Director:

        The Electronic Frontier Foundation (EFF) writes in strong
opposition to the Proposed Federal Information Processing Standard
(FIPS) for an Escrowed Encryption Standard, docket # 930659-3159.  We
believe that NIST's guidance in setting technical standards for
security and privacy protection is a critical part of the growth of
the National Information Infrastructure, but any action on the
proposed escrow technical standards must await the resolution of
several fundamental policy issues.  Thus, at this time, we oppose the
proposed FIPS in all of its parts.  Well over 200 EFF members are also
critical of the Proposed FIPS.  We believe this demonstrates the depth
of public concern about the implementation of key escrow systems.

        EFF is a nonprofit, public interest organization whose public
policy mission is to ensure that the new electronic highways emerging
from the convergence of telephone, cable, broadcast, and other
communications technologies enhance free speech and privacy rights and
are open and accessible to all segments of society.

Introduction

        Widespread, affordable cryptography is vital for the
protection of individual privacy in the Information Age.  As more and
more personal information flows around electronic networks, we all
need strong encryption to safeguard information from unwanted
intrusion.  Personal information, such as health care records, private
communications among friends and families, and personal financial
transactions, will also travel over this information infrastructure.
The business community can only make full use of the infrastructure if
it is assured that the data it transmits is secure from unauthorized
interception.  In short, if communications in the new infrastructure
are vulnerable, all of our lives and businesses would be subject to
both damaging and costly privacy and security losses.

Resolve Policy Issues and Objectives Before Promulgating Technical Standards

        EFF has been in ongoing dialogue with NIST, the White House,
and Congress regarding the very complex public policy choices raised
by cryptography policy.  We are hopeful that this dialogue will result
in a positive, comprehensive set of cryptography and privacy policies.
But until these issues are resolved, we believe any approval of
technical standards is premature.  Among the public policy issues to
be resolved are the following:

1.      Guaranteed Continued Legal Use of All Forms of Encryption

        When the Clinton Administration announced the Clipper Chip, it
assured the public that this would be a purely voluntary system.  We
must have legal guarantees that Clipper is not the first step toward
prohibition against un-escrowed encryption.  Yet the Administration
has not offered any such guarantees, either in the form of proposed
legislation or even agency rules.

2.      Identity of Escrow Agents

        When Clipper was first proposed, some in the Administration
suggested that one of the two escrow agents would be a government
agency and the other a private, non-governmental organization.  Now it
appears that plans for a private escrow agent have been dropped in
favor of NIST and the Department of Treasury, though there is still no
final designation of agents.  We are unable to comment on the security
or reliability of escrow procedures proposed here when we do not know
who will be administering the escrow databases.  We also note that
there is active consideration of having more than two escrow agents.
This option should be explored from a policy perspective before a
technical standard is adopted.

3.      Legal Rights of Escrow Users

        If individuals do choose to deposit their keys with the
government, or any other escrow agent, they must have some legal
recourse in the event that those keys are improperly released.
However, the most recent draft of escrow procedures specifically
states:

"These procedures do not create, and are not intended to create, any
substantive rights for individuals intercepted through electronic
surveillance, and noncompliance with these procedures shall not
provide the basis for any motion to suppress or other objection to the
introduction of electronic surveillance evidence lawfully acquired."

Leaving users with no recourse will discourage use of the system and
provides little disincentive against unscrupulous government behavior.

        In the Proposed FIPS, NIST also suggests an unusual and, we
believe, incorrect notion of what an escrow agent is.  The Proposed
FIPS adopts the incomplete definition of an escrow system found in
Webster's Dictionary.  The Proposed FIPS states:

To escrow something (e.g., a document, an encryption key) means that
it is "delivered to a third person to be given to the grantee only
upon the fulfillment of a condition."  (Webster's Seventh New
Collegiate Dictionary).

This definition omits the very basic notion that an escrow agent has
responsibilities to those who deposit things of value in the escrow
account.  Black's Law Dictionary, which we believe may be a more
appropriate source of information about escrow relationships, states
that an escrow contract is an:

Agreement between buyer, seller, and escrow holder setting forth
rights and responsibilities of each.

It is the general legal rule that one who deposits value with an
escrow agent is entitled to recover damages from the escrow agent in
the event of a breach of the agent's duty of care:

Depositor is entitled to recover damages sustained because of escrow
agent's unwarranted act, and where grantee participates in wrongful
delivery he also may be liable, but recovery is limited to damages
actually attributable to wrongful delivery.  Collier v Smith (Mo App)
308 SW2d 779.  (See ANNOTATION:  Who must bear loss resulting from
defaults or peculations of escrow holder. 15 A.L.R.2d 870.)

The notion of an escrow agent who is insulated from all liability to
the depositor is wholly alien to American law and custom.  The
government may, of course, seek to establish escrow agents free of
legal liability, but this is fundamentally a policy choice, not a
matter of technical standards.
 Until there is some agreement on the real responsibilities of the
escrow agents, NIST is not in a position to set technical and
operating standards.

4.      Open, Trusted Standards:

        A key goal of the Clipper Proposal is to promote widespread
encryption in the marketplace.  Yet people will not use encryption
unless they trust it.  Secret standards such as Clipper cannot be
evaluated by independent experts and do not deserve the public trust.
Other parties, including Whitfield Diffie of Sun Microsystems, have
commented extensively on this issue.  EFF fully subscribes to those
remarks.

Insufficient Technical and Operating Information Available for
Comments

        Even aside from the major policy issues left unanswered, the
Proposed FIPS itself lacks the detail necessary to allow full public
comment.  First, the full operating procedures for the escrow agents
has yet to be issued.  Public comment must be sought on the complete
procedures, not just the outline presented in the draft FIPS.  Even
the government-selected algorithm review group has declared that it
needs more information on the escrow process.  Second, asking for
comments on an algorithm that is classified makes a mockery of citizen
participation in government decision-making.

Action on the Proposed FIPS Must Be Delayed to Allow Completion of
Public-Private Consultation Mandated by Presidential Decision
Directive

        President Clinton's announcement of the Clipper initiative
made very clear that there should be "early and frequent consultations
with affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed" (April
16, 1993 Press Statement).  EFF and other organizations have invested
significant effort in dialogue and policy review with the
Administration.  We have made some progress, but many issues remain
unresolved.  EFF believes that for NIST to rush forward with a FIPS in
advance of resolving the fundamental policy issues cited above would
prematurely curtail the dialogue that the President ordered.

        Finally, NIST will be involved in making many critical
decisions regarding the National Information Infrastructure.  The next
time NIST solicits public comments, it should be ready to accept reply
by electronic mail in addition to paper-based media.  Over 200 of
EFF's members e-mailed comments to our offices, which we then printed
and hand-delivered to NIST.  We hope that in the near future, NIST and
other federal agencies will be prepared to accept comments directly
via the Internet.

Respectfully Submitted,


Jerry J. Berman
            Daniel J. Weitzner
Executive Director
            Senior Staff Counsel
******************************
Sarah L. Simpson
Membership Coordinator
Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC  20001
202/347-5400 tel
202/393-5509 fax

------------------------------

Date: Mon, 27 Sep 93 11:56:57 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: File 8--Three Cheers for Legal Action; Re: Moby Crypto

In all the concern about the grand jury subpoenas to ViaCrypt and
Austin CodeWorks, a very important point is being missed:  This is the
way the law is *supposed* to work!  The law is not supposed to work by
FUD (Fear, Uncertainty and Doubt), by poorly drafted regulations whose
coverage no one can determine, by threats and insinuations from
government spokesmen that some action is illegal (though no one's ever
taken it to court so no one can really say yes or no).  That's exactly
what "casts a chill" over people's actions:  When they can't determine
what the law says or what its limits are, so that they are forced to
stay away from entire areas of activity that may not be illegal and
may even be Constitutionally protected.

Our system of law has many "inconvenient" little features to it.
People who are clearly guilty avoid punishment every day because of
errors by the prosecution or simply because the evidence against them
as it is accepted by the courts is not quite at a high enough level.
We accept that because "it's better that a hundred guilty men go free
than that one innocent man be pun-ished."  Conversely, the law is
what's on the books until the courts say otherwise.  The concurrence of
every single law professor in the United States that some statute is
unconstitutional means nothing until the Supreme Court rules.  The
ITAR regulations are presumptively valid until found otherwise by a
competent court of law.  Since they can only be examined by a court
when the government actually tries to use them, they can remain on the
books indefinitely as a looming threat - constitutional or not, a
prosecution under these regulations is expensive to defend against, so
expensive that most people and all large corporations will simply act
as if they are valid.  This may be as "inconvenient" in some cases as
letting murderers go free, but it's just as essential a part of the
legal system.

While I don't envy Phil Zimmerman or ViaCrypt or Austin CodeWorks the
position they find themselves in, or the legal bills they will be
facing, they went into this with open eyes.  (If they didn't, they are
fools who won't get my sympathy.)  The only way to challenge a law you
think is unconstitutional is to violate it and let the government come
to you.  I wish them luck in their challenge.  One way or another, we
are likely to finally end the silly debates about secret decoder rings
and decide what the law is.

As for Grady Ward's call on everyone to secrete away and widely
distribute copies of PGP and related software:  All I can say is, he'd
better hope that the courts don't decide that the ITAR regulations
aren't constitutional as applied to PGP after all.  Calling on people
to break the law, especially cooperating with them to do it on a large
scale, could open him up to much more severe penalties than Zimmerman,
ViaCrypt, and Austin face.  Those three are testing the law.  Ward is
deliberately flaunting it.  Stupid, dangerous idea.  Being a
revolutionary, putting yourself in direct opposition to the power of
the State, isn't fun and games.  People get hurt that way.

------------------------------

Subject: File 9--PumpCon II
From: pumpcon@PHANTOM.COM(PumpCon)
Date: Wed, 29 Sep 93 13:41:15 EDT

You are hereby cordially invited to attend the Second Annual PumpCon II
conference.  Just mail your name/handle, group (if any), home state to:
                            pumpcon@phantom.com
It is necessary that you do mail this account so we know you are coming!

                   PumpCon FAQs (Frequently Asked Questions)

This file is being written in response to all of the questions that I
have been bombarded with.  Hopefully it will clear up any confusions
that obviously must exist.

1.  When is PumpCon?
PumpCon II will be held Halloween Weekend 1993, October 29, 30, 31.

2.  Where is PumpCon?
PumpCon II will be at the Airport Comfort Inn, in Filadelfia,
Pencilvania.  Get the PumpCon information file for further details.

3.  Can I bring my computer?
Of course you can bring your computer (Computers are not illegal!),
until such time as owning/possessing a computer is illegal.

4.  How much are hotel rooms?
Hotel rooms range from around $50/night to $100/night in the hotels
that have been selected for this years PumpCon. The PumpCon
information file gives further details about the hotels.

5.  Who is going?
This is a question that really can't be answered until PumpCon.

6.  Who is going to speak?
This is also going to remain sekret until the event for security reasons.

7.  Why go to PumpCon?
I don't know, if you asked or even thought of that question, don't
bother to show.  You obviously can't add to the conference.

8.  What should I bring?
Why/How should I know, again to ask such a question shows you
obviously aren't needed.

9.  Is Law Enforcement going to be there?
This answer is not known at this time, but they are welcome, with an
admittance fee double that of civilian attendees.

10. Is there going to be alcohol/drugs?
These substances will not be provided by the conference or any of the
organizers,  does that answer your question?



                                   PumpCon II
                  -- The Woodstock of Computer Conferences --

  WHO: Anyone interested in the Computer Underground except IIRG Members :OHW
  WHAT:    A weekend of Telephony & Computer Seminars, and PARTYING!    :TAHW
  WHEN:  October 29, 30, and 31 (Fri, Sat, Sun) Halloween Weekend 1993  :NEHW
  WHY:  To meet all of those people you have spoken to, but never met.   :YHW
  WHERE:          Airport Comfort Inn, Filadelfia, Pencilvania         :EREHW

                                  DESCRIPTION
A gathering of computer enthusiasts for a weekend of  FUN!  Guest
  speakers will also be present to speak about the latest in computer
  security developments.
              Come join us for our second annual Halloween Party.

                                      COST Your $20.00 admission fee
will cover all of the conference functions and a name badge with your
Handle, Group Affiliation, and home state.  This is a non-profit
conference, any proceeds above the conference costs will be used to
help the
                       victims of last years conference.

                                HOW TO GET THERE
The convention will be located just 3 miles from the Philadelphia
 International Airport at the Airport Comfort Inn.  Two other hotels
 are available within the
                                   same area.
        Knights Inn                Red Roof Inn              Comfort Inn
   43 Industrial Highway      49 Industrial Highway     53 Industrial Highway
    Essington, PA 19029        Essington, PA 19029       Essington, PA 19029
   Phone: (215) 521-6650      Phone: (215) 521-5090     Phone: (215) 521-9800
   Fax  : (215) 521-8846      Fax  :  Ext. 444          Fax  : (215) 521-4847

                              I-95 North or South
   The hotels are located off I-95 exit 9A on Route 291 (Industrial Highway).
  From north or south at the traffic signal turn right and continue for about
            500 yards, the hotels are on the right side of the road.

                                    Airport
            There is a FREE shuttle available to all of the hotels.

                              FOR MORE INFORMATION

                                     Mail:
                                   PumpCon II
                                  P.O. Box 617
                             Plantsville, CT 06479

                                    E-Mail:
                          pumpcon@mindvox.phantom.com

------------------------------

End of Computer Underground Digest #5.76
************************************