Computer underground Digest    Sun  Jan 16 1994   Volume 6 : Issue 07
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe (Improving each day)
       Acting Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Copy Enigmator:    A. Conan Drumme

CONTENTS, #6.07 (Jan 16 1994)
File 1--Brendan Kehoe Update and Medical Fund address
File 2--Robert Thomas BBS Raid Update
File 3--Re- Bay Area BBS bust.
File 4--38 Hours in Hamburg (Report on Chaos Communic Congress)
File 5--The Dangers of File Transfer Addiction (humor)
File 6-- CPSR lives down from my expectations

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

ANONYMOUS FTP SITES:
  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
  EUROPE:         ftp.funet.fi in pub/doc/cud. (Finland)
  UNITED STATES:
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud
                  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/cud
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
                  halcyon.com( 202.135.191.2) in mirror2/cud
                  ftp.warwick.ac.uk in pub/cud (United Kingdom)
  KOREA:          ftp: cair.kaist.ac.kr in /doc/eff/cud

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Sat, 15 Jan 1994 14:58:08 -0800
From: jeffrey@CYGNUS.COM(Jeffrey Osier)
Subject: File--Brendan Kehoe Update and Medical Fund address

((MODERATORS' NOTE: Thanks to Jeff for the following update on Brendan
Kehoe's condition. A reminder:

CuD will accept e-cards and "get well" messages until Tuesday night
(Jan 18). Send a funny story, a joke, or something cheerful to
tk0jut2@mvs.cso.niu.edu with the subject line:  TO BRENDAN. We'll put
them together and send them to him.

Contributions for Brendan's medical expenses can be sent to:

   Brendan's Friends
   c/o Cygnus Support
   One Kendall Square
   Cambridge, MA 02139

=============================================================

Many, many thanks in advance.  All cards and correspondence can be

Sorry about the lag for a few days.. things have been kinda busy.
I'm back in California for a few days, getting some things organized
and taken care of out here, and then headed back Tuesday or Wednesday.

Brendan, as always, keeps improving.  He's in rehab right now at Penn
while we're getting things set up for the move to Boston.  The family
has decided on a rehab center called Spaulding, which is apparently
one of the best places around for this kind of rehabilitation.  It's
on the Harvard campus, I think.

Brendan is much calmer these days.  He's got three physical therapy
sessions per day, along with one or two occupational therapy sessions
and two speech therapy sessions.  When he's not in therapy, most often
he's eating or sleeping; that kind of therapy, especially in the state
that he's in now, can be very tiring.  He's walking at least a short
amount every day, though, and is responding well to nearly everything.
He reads cards as the family brings them to him (too much reading
tires him out too much), and he's very comforted by the wonderful
support he's been getting from everyone everywhere.  He should be
ready to move in a week or so, if all goes well, so cards from here on
out should probably be addressed to the "Brendan's Friends" address in
Cambridge.

His aunts are headed back to Ireland today; they've been very
instrumental in his recovery so far.  Derry is with Brendan through
much of his therapy.  Brendan is very responsive, and still reads
everything he can get his hands on, though the effort is very tiring;
he reads very slowly, but we think he grasps all that he reads and
hears.  There was a big worry that he'd be aphasic with incoming
information as well as speech, but that doesn't seem to be the case,
though it's hard to tell for sure at this point.  His memory keeps
improving, and he's using fewer numbers in his speech now, though how
much of that is due to embarrassment we can't tell.  The doctors at
the rehab center will be able to better tell.  He's got his glasses
back as well, and he himself is able to put them on when he wants or
needs them.  The swelling in his head is nearly gone, and the bones
are set in his pelvis and shoulder (both injuries were from the seat
belt).

Thanks to all who've visited and sent cards and kept good thoughts
through this whole thing!  It's all made a huge difference to Brendan
and his family, and to me as well.  By Wednesday night I'll be
broadcasting again from the hotel room.

Jefro

------------------------------

Date: Sat, 15 Jan 94 14:10:42 PST
From: hkhenson@CUP.PORTAL.COM
Subject: File--Robert Thomas BBS Raid Update

((MODERATORS' NOTE:  After reading Keith Hanson's summary of sysop
Robert Thomas's recent raid by the U.S. postal service regarding BBS
seizure and alleged pornography (see CuD 6.06, file 1), one reader
cancelled his CuD sub, saying that he's "gettng *really* tired of
reading about the latest porn purveyor to get busted." The inaccuracy
of what CuD publishes and the reckless allegations of the current
incident aside, the issues Keith raises extend beyond the content of
adult files.  Robert Thomas's Amateur Action  was first raided by
local (San Jose, Calif.) police in 1992 (see CuDs 4.09 and 4.10) for
making accessible adult gifs on Amateur Action BBS.  The result of the
first raid led only to embarrassment for local law enforcment. CuD has
been told that 1) Thomas's equipment was returned; 2) No charges were
ever filed; 3) He was issued a letter stating that nothing on his BBS
was in violation of the law.

The latest raids raise questions about entrapment, seizure procedures,
and the scope of the ECPA in protecting private e-mail on BBSes.
Below, keith summarizes the latest events following last week's
raid)).

================================

Update Saturday noon.  Back from seeing Robert's sons and friend pick
up his computer equipment and a 10 minute chat with Postal Inspector
Dirmeyer, and a San Jose Police officer by the name of Weidner.  At
least one point is clear, David Dirmeyer and Lance White are the same
person, I simply asked him, and he admitted it. I also found out why
he was willing to talk to me during the search.  He figured that
anybody who starts quoting chapter and section from the Federal Code
is a lawyer. [Dirmeyer reminds me somewhat of one of my cousins when
he was about 18.  My cousin was tall and gangly, and given to putting
on a hick act.]

Dirmeyer/White seemed completely unconcerned with having generated any
liability for the government under the ECPA or the Newspaper Privacy
Protection Act (2000aa).  He backed this up by being very proud of
getting the system (well, most of it anyway) back to the sysop in
under a week.  [The EFF *has* had a positive effect, this is the first
time I ever heard of any LEA's caring how long they take to return a
computer.]  He was very confident that a judge would dismiss any civil
lawsuit brought by the users because of what he perceived as criminal
obscenity activities by the sysop.  How actions, criminal or not, of
one person (the sysop) cancels the rights of others (email customers)
to recover from those who block access to their email is beyond me.  If
that did not get them off the hook, they would get out of civil
liability claims because they interrupted people's email access for
such a short time, as opposed to the lengthy time the Secret Service
kept Steve Jackson's BBS.

I can almost quote the relevant sections of the ECPA, and *I* don't
remember any time limits under which the civil penalties of law do not
apply, "But Judge, I only exceeded the speed limit for a *few* miles!"
I wonder how the Postal Service would react to locking *their* patrons
out of a local office and away from their mail boxes for a week?

I expressed my hope (as a San Jose resident and taxpayer) to Officer
Weidner that the Post Office had agreed to take responsibility for any
civil liability arising out of the case.  He was close to uncivil in
stating that I had no standing in the case, and it was none of my
concern.  He advised me to butt out of being involved in any way.  He
asked if I had ever *seen* the material on that BBS, (my answer was
no) and expressed the opinion that I would be smeared by it and
greatly regret getting involved.

Back to Dirmeyer, I asked him about the warrant.  He said what he did
is ordinary investigation practice, including sending people
unsolicited material and then picking it up under a warrant.  I asked
him if the Judge knew, and he assured me the Judge was fully aware
that the person getting a warrant for "Lance White's" correspondence
was also Lance White.  He also said the Judge was aware of the 2000aa
and ECPA issues, and that they were under orders not to look at
anything labeled email.  For some reason, this did not reassure me.

Robert's sons and a friend got the last pieces of the computer down to
the lobby and we parted company with a few comments on my part about
Postal Service agents legally sending kiddy porn through the mail,
like the Nebraska case recently ruled entrapment by the Supreme Court.

Just one minor thing to add.  Because of a persistent back injury, I
am on crutches most of the time.  I was making my way across the lobby
of the old Post office nearing the doors.  Dirmeyer and Weidner passed
me, opened the doors, went through and let them swing shut in my face.
I guess scum like me is below their notice.

Keith Henson

------------------------------

From: mc/G=Brad/S=Hicks/OU1=0205925@MHS.ATTMAIL.COM
Date: 14 Jan 94 18:16:14 GMT
Subject: File--Re- Bay Area BBS bust.

Date: 1/14/94    11:19 AM
Subj: Re: Bay Area BBS bust.

> Robert said there was a mystery package which came today in the mail
> today (which his son and wife picked up and she opened).  The package
> turned out to be real honest-to-gosh kiddy porn. ...
> The guy who sent it is known as "Lance White," who Robert thinks is one
> of his BBS members. ... Robert thinks the postal folks may be after this
> guy, and his BBS just got caught in the middle.

What charming innocence.  --Bzzzt!--  Sorry, wrong answer, but thank you
for playing and here's a copy of the home game.  Keith, I'd bet you,
dollars to doughnuts, that "Lance White" is a postal employee.

And people think I'm kidding when I say that I do, in fact, read _Playboy_
for the articles.  Folks, this is not the first time that something like
this has happened; it may not even be the first time it's happened to a
BBS.  The US Postal Service has been doing this for =years=, to =anyone=
suspected for =any= reason of being even =slightly= interested in child
pornography;  _Playboy_ averages a news article on it a year, at some
length.  Go to a good library and look it up; the Reader's Guide to
Periodical Literature will help you find them.

What's worse, if (as happened to your friend) you accept one of these
packages and they find it in your house, opened, then most juries will
convict you for possession.  Entrapment defense has not worked terribly
often for the US Postal Service's past victims.

If you think the postal inspectors have =any= reason to suspect you have
=any= interest in child pornography, then based on case histories to date,
there is only one way to keep your @ss out of jail.  If you receive a
package in the mail, and do not recognize the return address, take the
=unopened= package, =immediately=, straight to the counter at your local
post office.  Treat this as a life-or-death emergency; it cannot wait,
because if this =is= a sting package, possession for even a single day may
be enough to convict.

When you get to the post office, inform the clerk at the counter that you
did not order this package, and ask the clerk to open it for you.  If it
turns out to be a mistake on your part and it's legal material, actually
addressed to you, then they'll give it to you.  If it is illegal material
(illegal drugs, child porn or other obscene* materials, smart drug
literature, Canadian anti-acid-rain documenataries**) they will ask you if
you want it.  The correct answer is left as an excercise for the reader.

If you or a family member mistakenly open such a package, the =only= way
to save your @ss (if it can be done at all) is to =immediately= jump in
the car, run it down to the post office, and turn it in.  If the post
office is closed and they catch you before it opens, or if you get pulled
over for speeding en route and the cop finds it, or if (as apparently
happened here) they're waiting for you and bust in a few minutes after
it's delivered, then may all the Gods intervene for you.

> An interesting side point is that while they asked for the package
> which came that day when they came in, ...

Which more-or-less proves that they knew it was there, doesn't it?  That's
why I'm =sure= that "Lance White" is a postal employee, and this is a
sting.

> they did not have a warrant for it, and said they would have drive over
> to SF to get one unless he volunteered to give it up.  Robert signed off
> that they could take it, and they did.

This =may= have saved him.  Had he fought the seizure, they would have
told a jury that this proved that he wanted to keep it.  Good luck in
court!

Entirely personal opinion:  Based on the cases I've seen written up, the
following groups of people have particular reaons to fear child porn
entrapment:  naturists (especially naturist photographers or anyone else
who subscribes to naturist magazines); adult-oriented BBS operators,
especially those distributing non-copyrighted amateur material, and
=triply= especially any photos depicting gay or lesbian sex, BDSM, or
anything that a postal inspector would consider obscene; anyone who uses
commercial film processors who has ever photographed their own child or
someone else's child while the child was unclothed (yes, baby pictures are
dangerous); and especially anyone who fulminates against child porn
entrapment in widely published material.  And then, of course, there's
angry neighbors who think that because of your religion, appearance, or
lifestyle that you =must= be some kind of dangerous pervert.  (Yes, in
fact, I =am= taking such precautions.)

As _Playboy_ has pointed out in each article covering the history of this
sleazy tactic, so far =no= case has resulted in a conviction, or even an
indictment, for professionally producing and distributing child
pornography.  In other words, the =only= professional producer and
distributer of child pornography in the United States is the US Postal
Service; which mails out hundreds of pieces a year, unsolicited, in hopes
that the people who keep it will lead them to another professional
producer.

* Footnote:  So far, US law does not forbid owning obscene materials,
merely producing or selling them.  (Local and state law may, however; if
you challenge such a law, good luck.)  On the other hand, postal
inspectors seem to assume that anyone who they notice ordering lots of
materials that they think are obscene is probably a distributor or a
producer as well.  And of course, BBS operators with "obscene" GIFs and
JPGs are by definition distributors, as far as they're concerned.  But
obscenity busts are tiresome, so if they have any doubt about winning,
isn't it just =so= easy to entrap you for something =really= juicy,
something no civil libertarians will intervene for?

Historically, it seems that the kind of material that immediately attracts
postal inspector and/or police attention is any photograph that depicts
gay sex, BDSM, or animals.  (Interracial sex, lesbian sex, and group sex
used to set off the same alarms, but they don't seem to get the same
immediate attention the other three do.  And in addition, a long-standing
postal regulation bars snail-mailing anything that actually shows
penetration.)

** Footnote 2:  OK, I was being slightly sardonic about the second two
examples.  Those are banned by US Customs Service regulations, not postal
regulations, so they =may= not get you into trouble.  But don't be
surprised if they get seized, either.

What, you thought you were still living in the Land of the Free?  Listen,
the Bill of Rights has its flaws -- but it's better than what we have now.

(Obvious extra disclaimer:  I'm not a lawyer; this is personal, not legal
advice; if you get caught in this mess or think you might, you need the
services of a real lawyer, not crummy email advice from an amateur like
me.)

------------------------------

Date: Tue, 4 Jan 94 18:52:54 +0100
Subject: File--38 Hours in Hamburg (Report on Chaos Communic Congress)
From: efarber@iiic.ethz.ch (Manny E. Farber)

38 Hours in Hamburg:
A visit to the 10th Chaos Communications Congress

by Manny E. Farber

  Armed only with an invitation in English addressed to the "global
community" and a small pile of German Marks, I arrived at the
Eidelstedter Buergerhaus about an hour or so before the beginning of
the 10th Chaos Communication Congress (subtitled "Ten years after
Orwell"), sponsored by the (in)famous Chaos Computer Club.  The
Buergerhaus (literally, "citizen's house") turned out to be a modest
community hall; needless to say, not all invited showed up.  The
Congress took place between the 27th and the 29th of December.  As the
title implies, social as well as technical issues were on the docket.

  After forking over 30 DM (about $20) for a pass for the first two
days of the Congress, I sort of felt like asking for a schedule, but
refrained, thinking that asking for scheduled chaos might seem a bit
odd.  I went to the cafeteria for breakfast.  An organizer started out
announcing, "Anyone who wants to eat breakfast pays 5 Marks, and gets a
stamp, which--no, rather, anyone who wants breakfast pays 5 Marks and
eats breakfast."

  The atmosphere was quite collegial and informal, with little more
order than was absolutely necessary.  The approximately 150 attendees
were predominantly German (a few from Switzerland and Holland, at least
-- and probably only -- one from the United States, namely myself),
male, and technically oriented.  (During an explanation of the
mathematical algorithm underlying electronic cash, a non-techie
objected, "But I don't want to have to think up a 200-digit random
number every time I buy something!"  It was explained to him that this
was done by software in the chip-card ...).

  Although not mentioned in the invitation, not a word of English was to
be heard; all the events were conducted in German.  Some were conducted
in a "talk show" format, with a host asking questions, simplifying
answers, making jokes.  A television network carried the video from the
auditorium to other rooms throughout the building (albeit without
sound) along with up-to-the-minute event schedules.

  The tone of the discussions of how electronic cash could be
embezzled, or chip cards abused, digital signatures forged, etc., was
constructive rather than destructive.  And it was balanced, i.e. not
only "how could a malicious individual embezzle money?" was discussed,
but also "how could the government use chip cards to reduce people's
privacy?"  Here, the "hackers" were hackers in the positive sense of
understanding a technology, not in the negative sense of wreaking
havoc.  It was, however, noted that trying out a potential weakness of
the "EuroScheck" cash cards was quite easy:  it would require buying a
card reader for 1,500 DM and maybe a week of time.

  The question of technical solutions to "big brother" did come up in
the presentations about chip cards.  The danger is that a pile of cards
is eliminated in favor of a card containing someone's driver's license,
driving record (maybe), employee information, credit information, etc.
etc.  A chip card could theoretically be programmed to give out *only*
the information absolutely necessary, e.g. telling a policeman only
that someone is allowed to drive, without disclosing his identity.

  The "Hackzentrum" (Hacking Center) turned out to be a room filled
with networked computers and people hacking on them.  It seemed mostly
harmless.  (I nevertheless did not try a remote login -- I had no
reason to doubt good intentions, but on the other hand, who knows who
wrote or replaced the keyboard driver and what sort of supplemental
functionality it might have?)  The packet radio room had a "Digi"
repeating station and, true to the ham radio tradition, where the
conversation centers on who is talking to whom and how well they hear
each other and on what other frequency they might hear each other
better, the computers attached were mostly displaying maps of the
packet radio network itself.  I didn't delve very deeply into the
"Chaos Archive," but noticed a collection of maintenance sheets for
telephone equipment among CCC newsletters and other paraphenalia.

  Some "signs of the Congress":

    - Bumper sticker:  "I (heart) your computer"
    - Telephone stickers:  "Achtung, Abhoergefahr" ("Attention,
      Eavesdropping danger"; and the German PTT logo transformed into a
      pirate insignia, with the words "Telefun - Mobilpunk" (derived from
      "Telefon - Mobilfunk")
    - T-shirt:  "Watching them (eye-ball) watching us"
    - Post-It Note pad (for sale for DM 1.50):  a pad of about 50,
      pre-printed with a hand-written note:  "Vorsicht, Stoerung.
      Automat macht Karte ungueltig" ("Careful--Defect. Machine makes
      card invalid")
    - Word coinage:  "Gopher-space"
    - Stamp:  "ORIGINALE KOPIE" ("ORIGINAL COPY")

  The press were told not to take pictures of anyone without their
explicit permission.

  Schedules were distributed throughout the Congress.  By the evening
of the 27th, a schedule for the 28th, "Fahrplan 28.12 Version 2.0," was
already available ("Fahrplan" means a bus/train schedule; this is
presumably an "in" joke).  By 17:30 on the 28th, "Fahrplan 28.12
Version 2.7" was being distributed.  (I missed most of the intervening
versions; presumably they were neatly filed away in the Chaos Archive
by then ...)

  The scheduled events (in translation) were as follows; a "*" means
that I have included some comments later in this report:


December 27, 1993

- Welcoming/opening
- How does a computer work?
- ISDN:  Everything over one network
- Internet and multimedia applications:  MIME/Mosaik/Gopher
- Data transport for beginners
- Chip-cards:  Technology
* Media and information structures:  How much truth remains?  Direct
  democracy:  information needs of the citizen
- Encryption for beginners, the practical application of PGP
* Alternative networks:  ZAMIRNET, APS+Hacktic, Green-Net, Knoopunt,
  Z-Netz and CL


December 28, 1993

- Encryption:  Principles, Systems, and Visions
- Modacom "wireless modem"
- Electronic Cash
- Bulletin board protocols: Functional comparison and social form, with the
  example of citizen participation
- Discussion with journalist Eva Weber
- Net groups for students, Jan Ulbrich, DFN
* What's left after the eavesdropping attack?  Forbidding encryption?
  Panel:  Mitglied des Bundestags (Member of Parliament) Peter Paterna,
  Datenschutz Beauftragter Hamburg (Data privacy official) Peter Schar,
  a journalist from Die Zeit, a representative from the German PTT, a
  student writing a book about related issues, and a few members of the
  Chaos Computer Club
- Cyber Bla:  Info-cram
* How does an intelligence service work?  Training videos from the
  "Stasi" Ministrium fuer STAatsSIcherheit (Ministry for National Security)
- System theory and Info-policies with Thomas Barth
- Science Fiction video session:  Krieg der Eispiraten
  ("War of the ice pirates")


December 29, 1993

- Thoughts about orgination ("Urheben")
- Computer recycling
- Dumbness in the nets:  Electronic warfare
- Lockpicking:  About opening locks
- The Arbeitsgemeinschaft freier Mailboxen introduces itself
- In year 10 after Orwell ... Visions of the hacker scene


-------------------------------------------------------------------------------
THE EAVESDROPPING ATTACK

  This has to do with a proposed law making its way through the German
Parliament.  The invitation describes this as "a proposed law reform
allowing state authorities to listen in, even in private rooms, in
order to fight organized crime."  This session was the centerpiece of
the Congress.  Bayerische Rundfunk, the Bavarian sender, sent a
reporter (or at least a big microphone with their logo on it).  The
panel consisted of:

MdB - Mitglied des Bundestags (Member of Parliament) Peter Paterna
DsB - Datenschutz Beauftragter Hamburg (Data privacy official) Peter Schar
Journalist - from Die Zeit
PTT - a representative from the German PTT
Student - writing a book about related issues
CCC - a few members of the Chaos Computer Club

  My notes are significantly less than a word-for-word transcript.  In
the following, I have not only excerpted and translated, but
reorganized comments to make the threads easier to follow.


  IS IT JUSTIFIED?

MdB - There is massive concern ("Beunruhigung") in Germany:  7 million
crimes last year.  Using the US as comparison for effectivity of
eavesdropping, it's only applicable in about 10-20 cases:  this has
nothing to do with the 7 million.  The congress is nevertheless
reacting to the 7 million, not to the specifics.  In principle, I am
opposed and have concerns about opening a Pandora's box.

CCC #1 - The 7 million crimes does not surprise me in the least.  I am
convinced that there is a clear relationship between the number of laws
and the number of crimes.  When you make more laws, you have more
crimes.  Every second action in this country is illegal.

Journalist - Laws/crimes correlation is an over-simplification.  There
are more murders, even though there are no more laws against it.

MdB - There is a conflict between internal security, protecting the
constitution, and civil rights.  How dangerous  is 6 billion Marks of
washed drug money to the nation?  Taking the US as an example, the
corrosion may have gone so far that it's too late to undo it.  I hope
that this point hasn't been reached yet in Germany.

DsB - I am worried about a slippery slope.  There is a tradeoff between
freedom and security, and this is the wrong place to make it; other
more effective measures aren't being taken up.


  EFFECTIVENESS OF CONTROLS ON EAVESDROPPING

MdB - Supposedly federal controls are effective.  Although there are
very few eavesdropping cases, even if you look at those that are
court-approved, it's increasing exponentially.  No proper brakes are
built into the system.  As for controls for eavesdropping by the
intelligence service, there is a committee of  three members of
parliament, to whom all cases must be presented.  They have final say,
and I know one of the three, and have relatively much trust in him.
They are also allowed to go into any PTT facility anytime, unannounced,
to see whether or not something is being tapped or not.

MdB - Policies for eavesdropping:  if no trace of an applicable
conversation is heard within the first "n" minutes, they must terminate
the eavesdropping [...]  The question is, at which point the most
effective brakes and regulations should be applied:  in the
constitution?  in the practice?

PTT - True, but often the actual words spoken is not important, rather
who spoke with whom, and when.

DsB - There is no catalog for crimes, saying what measures can be
applied in investigating which crimes.  It's quite possible to use them
for simple crimes, e.g. speeding.  There is no law saying that the PTT
*has to* store data; they *may*.  They can choose technical and
organizational solutions that don't require it.

MdB - This is a valid point, I don't waive responsibility for such
details.  The PTT could be required to wipe out detailed information as
soon as it is no longer needed, e.g. after the customer has been billed
for a call.


  TECHNICAL TRENDS

Journalist - Digital network techniques make it easy to keep trails,
and there is an electronic trail produced as waste product, which can
be used for billing as well as for other purposes.  Load measurements
are allowable, but it can also be used for tracking movements.

DsB - The PTT claims they need detailed network data to better plan the
network.  The government says they need details in order to be able to
govern us better.

DsB - In the past, the trend has always been to increasingly
identificable phone cards.  There is economic pressure on the customer
to use a billing card instead of a cash card, since a telephone unit
costs less.  With "picocells," your movement profile is getting more
and more visible.

PTT - As for the trend towards less-anonymous billing-cards:  with the
new ISDN networks, this is necessary.  Billing is a major cost, and
this is just a technical priority.

Student - As for techniques to reduce potential for eavesdropping, it
is for example technically possible to address a mobile phone without
the network operator needing to know its position.  Why aren't such
things being pursued?

PTT - UMTS is quite preliminary and not necessarily economically
feasible.  [Comments about debit cards].  We have more interest in
customer trust than anything else. But when something is according to
the law, we have no option other than to carry it out.  But we don't do
it gladly.


  THE BIG CONSPIRACY?

CCC #2 - I don't give a shit about these phone conversations being
overheard.  I want to know why there is such a big controversy.  Who
wants what?  Why is this so important?  Why so much effort?  Why are so
many Mafia films being shown on TV when the eavesdropping law is being
discussed?  What's up?  Why, and who are the people?

Student - I am writing a book about this, and I haven't figured this
out myself.  My best theory:  there are some politicians who have lost
their detailed outlook ("Feinbild"), and they should be done away with
("abgeschaffen").

PTT - We're in a difficult position, with immense investments needed to
be able to overhear phone conversations [in digital networks (?)].  We
have no interest in a cover-up.

MdB - As for the earlier question about what NATO countries may do.
During the occupation of Berlin, they did want they wanted on the
networks.  In western Germany, it has always been debated.  Funny
business has never been proved, nor has suspicion been cleared up.

CCC #2 - After further thought, I have another theory.  American
companies are interested in spying on German companies in order to get
a jump on their product offerings.

MdB - That's clear, but there are more benign explanations.  Government
offices tend towards creating work.  Individuals are promoted if their
offices expand, and they look for new fields to be busy in.  In Bonn,
we've gone from 4,000 people to 24,000 since the 50's.

CCC #1 (to MdB) - Honestly, I don't see why you people in Bonn are
anything other than one of these impenetrable bureaucracies like you
described, inaccessible, out of touch with reality, and interested only
in justifying their own existence.

MdB - Well, *my* federal government isn't that.


  CLIPPER CHIP CONTROVERSY

Student - Observation/concern:  in the US, AT&T's encryption system is
cheap and weak.  If this becomes a de facto standard, it is much harder
to introduce a better one later.

Journalist - In the US, the Clipper chip controversy has centered more
on the lost business opportunities for encryption technology, not on
principles.  There every suggestion for forbidding encryption has
encountered stiff opposition.

Student -  As for the Clipper algorithm, it's quite easy to invite
three experts to cursorily examine an algorithm (they weren't allowed
to take documents home to study it) and then sign-off that they have no
complaints.

Journalist - As for the cursory rubber-stamping by the three experts
who certified the Clipper algorithm, my information is that they had
multiple days of computing days on a supercomputer available.  I don't
see a problem with the algorithm.  The problem lies in the "trust
centers" that manage the keys.  I personally don't see why the whole
question of cryptology is at all open ("zugaenglich") for the
government.


  CONCLUDING REMARKS

DsB - The question is not only whether or not politicans are separated
from what the citizens want, but also of what the citizens want.
Germans have a tendency to valuing security.  Different tradition in
the US, and less eavesdropping.  I can imagine how the basic law
("Grundgesetz") could be eliminated in favor of regulations designed to
reduce eavesdropping, the trade-off you (MdB) mentioned earlier.  The
headlines would look like "fewer cases of eavesdropping", "checks built
in to the system," etc., everyone would be happy, and then once the law
has been abolished, it would creep back up, and then there's no limit.

MdB - (Nods agreement)

CCC #2 - There are things that must be administered centrally (like the
PTT), and the government is the natural choice, but I suggest that we
don't speak of the "government," but rather of "coordination."  This
reduces the perceived "required power" aspect ... As a closing remark,
I would like to suggest that we take a broader perspective, assume that
a person may commit e.g. 5,000 DM more of theft in his lifetime, live
with that, and save e.g. 100,000 DM in taxes trying to prevent this
degree of theft.

-------------------------------------------------------------------------------
MEDIA AND INFORMATION STRUCTURES

  In this session, a lot of time was wasted in pointless philosophical
discussion of what is meant by Truth, although once this topic was
forcefully ignored, some interesting points came up (I don't
necessarily agree or disagree with these):

- In electronic media, the receiver has more responsibility for judging
truth placed on his shoulders.  He can no longer assume that the sender
is accountable.  With "Network Trust," you would know someone who knows
what's worthwhile, rather than filtering the deluge yourself.  A
primitive form of this already exists in the form of Usenet "kill" files.

- A large portion of Usenet blather is due to people who just got their
accounts cross-posting to the entire world.  The actual posting is not
the problem, rather that others follow it up with a few dozen messages
debating whether or not it's really mis-posted, or argue that they
should stop discussing it, etc.  People are beginning to learn however,
and the ripple effect is diminishing.

- Companies such as Microsoft are afraid of the Internet, because its
distributed form of software development means they are no longer the
only ones able to marshal 100 or 1,000 people for a windowing system
like X-Windows or Microsoft Windows.

- If someone is trying to be nasty and knows what he's doing, a Usenet
posting can be made to cost $500,000 in network bandwidth, disk space, etc.

- At a Dutch university, about 50% of the network bandwidth could have
been saved if copies of Playboy were placed in the terminal rooms.
Such technical refinements as Gopher caching daemons pale in comparison.

- All e-mail into or out of China goes through one node.  Suspicious,
isn't it?

-------------------------------------------------------------------------------
ALTERNATIVE NETWORKS

  Several people reported about computer networks they set up and are
operating.  A sampling:

  APS+Hacktic - Rop Gonggrijp reported about networking services for the
masses, namely Unix and Internet for about $15 per month, in Holland.
There are currently 1,000 subscribers, and the funding is sufficient to
break even and to expand to keep up with exponential demand.

  A German reported about efforts to provide e-mail to regions of
ex-Yugoslavia that are severed from one another, either due to
destroyed telephone lines or to phone lines being shut off by the
government.  A foundation provided them with the funds to use London
(later Vienna), which is reachable from both regions, as a common node.

  The original author of the Zerberus mail system used on many private
German networks complained about the degree of meta-discussion and how
his program was being used for people to complain about who is paying
what for networking services and so forth.  He said he did not create
it for such non-substantial blather.  The difference between now and
several years ago is that now there are networks that work,
technically, and the problem is how to use them in a worthwhile manner.

  A German of Turkish origin is trying to allow Turks in Turkey to
participate in relevant discussions going on on German networks (in
German) and is providing translating services (if I heard right, some
of this was being done in Sweden).  This killed the rest of the
session, which degenerated into a discussion of which languages
were/are/should be used on which networks.

-------------------------------------------------------------------------------
HOW AN INTELLIGENCE SERVICE WORKS:  STASI TRAINING VIDEOS

  The person introducing the videos sat on the stage, the room
darkened.  The camera blotted out his upper body and face; all that was
to see on the video, projected behind him, was a pair of hands moving
around.

  It apparently didn't take much to earn a file in the Stasi archives.
And once you were in there, the "10 W's:  Wo/wann/warum/mit wem/..."
("where/when/why/with whom/...") ensured that the file, as well as
those of your acquaintances, grew.

  The videos reported the following "case studies":

  - The tale of "Eva," whose materialistic lifestyle, contacts with
Western capitalists, and "Abenteuerromantik" tendencies made her a
clear danger to the state, as well as a valuable operative.  She swore
allegiance to the Stasi and was recruited.  Eventually the good working
relationship deteriorated, and the Stasi had to prevent her from trying
to escape to the West.  The video showed how the different parts of the
intelligence service worked together.

  - A member of the military made a call to the consulate of West
Germany in Hungary.  The list of 10,000 possible travellers to Hungary
in the relevant time frame was narrowed down to 6,000 on the basis of a
determination of age and accent from the recorded conversation, then
down to 80 by who would have any secrets to sell, then down to three
(by hunch?  I don't remember now).

  One video showed how a subversive was discreetly arrested.  Cameras
throughout the city were used to track his movements.  When he arrived
at his home, a few workers were "fixing" the door, which they claimed
couldn't be opened at the moment.  They walked him over to the next
building to show him the entrance, and arrested him there.  A dinky
little East German car comes up, six people pile into it.  Two
uniformed police stand on the sidewalk pretending nothing is happening.



David Farber; Prof. of CIS and EE, U of Penn, Philadelphia, PA 19104-6389
Join EFF! For information about membership, send mail to eff@eff.org.

------------------------------

Date: Thu, 13 Jan 1994 16:48:53 -0400 (EST)
From: Harlow Snyder <hsnyder@MINERVA.CIS.YALE.EDU>
Subject: File--The Dangers of File Transfer Addiction (humor)

    WHY I'M THE PERFECT COURIER, AND WHY IT'S KILLING ME.

A very serious story about how computers really can kill you.
         by Lord Valgamon (valgamon@cyberspace.com)

     Call this a self-pity file. Call it pointless. Call it
boring. Call it whatever the fuck you want, I couldn't care
less. The only reason I'm writing it is so that other people
who are in the same boat as me will know that they are not
alone. Now that I've peaked your interest, read on.

     I have a sort of disease, which from here on in will be
referred to as Valgitis. The symptoms of Valgitis are as
follows. You're using your computer. You spot a new file. You
download the new file. You feel a compelling urge to spread
this new file to every BBS that you call, and to /XDCC OFFER
it in the #warez channel on IRC. You know that if you don't
spread the new file everywhere, guilt will gnaw at your
innards until you do. You can try to go to sleep at night,
but the twisting, gut-wrenching desire to spread that damn
file forces you to jump out of bed and flip on your computer,
then spend at least half an hour redialing busy boards and
sending the file to whichever BBS's you already haven't
gotten through to, and knowing if you don't, you won't be
able to sleep, or do anything else, until you have uploaded
that fucking file from here to Tokyo. Then, after you have
exhausted all your energy making sure that everyone who wants
(and doesn't want) to download this new file will be able to
do so, you sweep up all the hair that you tore out and the
fingernail fragments you nibbled off while redialing those
busy boards. Then, at about 1:30 AM, knowing full well that
you're not going to be able to wake up for school tomorrow,
you collapse in a heap on your bed, totally and utterly
drained of all energy. This nightmarish, hideous, life-
wrecking disease called Valgitis is what makes me the
ultimate courier, and my distribution sites love me for it.

     Unfortunately, I am developing some serious problems as
a direct result of my affliction. I cannot function properly
in school, I disregard my homework, I've been skipping
Driver's Ed, I quit the ski team, I don't eat, I don't sleep,
I don't hang out anymore with the friends who used to take up
the majority of my time... all in all, Valgitis is destroying
my life, or what little scraps are left of it.

     Maybe if I were a machine myself, and not a biological
organism (which requires sleep, nourishment, etc) interfacing
with a machine, I would be immune to Valgitis. If I were a
robot, an automated courier, I would have no problems at all.
Unfortunately, contrary to popular belief, I AM A HUMAN BEING
and Valgitis is like a cancer, eating away at me until I will
eventually have some sort of breakdown and be carted off to a
hospital, locked in a small, white, square room and
forcefully retained from destroying myself any further.

     I don't really want to finish this file. I am starting
to scare myself. Don't be surprised if you don't hear much
from me in the weeks to come. I'm implementing my own self-
designed, 12-step cure for Valgitis. And it's a doozy.

                                   -Lord Valgamon [RiSC]

------------------------------

Date: Fri, 14 Jan 1994 12:51:35 -0500
From: Bryce Eustace Wilcox <wilcoxb@NAG.CS.COLORADO.EDU>
Subject: File-- CPSR lives down from my expectations

I am writing both to spread information to others, and to gather some
more for myself.  (This is the CuD paradigm isn't it?)  The subject of
my message is the organization known as "Computing Professionals for
Social Responsibility".

  I have seen this organization touted by cyberspace advocates, in CuD
and elsewhere, as an effective political lobby that tries to advance
goals that almost all cyberspace denizens share-- freedom from
censorship, I assumed was meant.  But when I investigated the CPSR
with an eye toward joining I discovered what seemed to me to be a
radical socialist/welfare-state lobby with a thinly veiled and very
active political agenda.  As evidence for this I refer to an article
by James I. Davis, first printed in _The CPSR Newsletter_, Fall, 1993,
and then reprinted in CuD 5.89, entitled:  "Computers and the Poor: a
Brand New Poverty"

       "Short of some radical restructuring of society that work,
       as traditionally conceived, can no longer be the measure
       of how necessities will be distributed, the government's
       ability to respond [to certain social problems] is limited."

  The rest of the article plainly supports the idea that appears as an
implicit assumption in this sentence: that "necessities" are some sort
of collective possession which are not under the control of those that
produce them, but are under the control of some unnamed entity that
will "distribute" them.

  This idea is morally repugnant to me, not to mention personally
threatening, and I quickly lost interest in giving the CPSR my
support.  The reason I am writing CuD is two-fold:

  First, to warn others that CPSR is not simply a cyberspace civil
rights lobby. and

  Second, to ask for some more information.  Is the ideology expressed
by James I. Davis the official stance of the CPSR?  Is it the
prevailing ideology among the membership?  What actions does CPSR take
or intend to take to foster the kind of social change advocated in the
article?

I appreciate any information and constructive discussion that may
ensue.

Bryce Wilcox wilcoxb@cs.colorado.edu

------------------------------

End of Computer Underground Digest #6.07
************************************