Computer underground Digest    Sun  Feb 17, 1994   Volume 6 : Issue 17
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe (Improving each day)
       Acting Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Whacker Editor:    Tonya Harding

CONTENTS, #6.17 (Feb 17, 1994)
File 1--Photography, Computer Underground, and Images
File 2--Update on Canadian BBS "Licensing" (Re: CuD 6.15)
File 3--AP Article on Clipper
File 4--Congress Online
File 5--Public access to *Inaccurate(?)* Public Records?
File 6--Clipper Questions and Answers in a Nutshell

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
To subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

ANONYMOUS FTP SITES:
  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
  EUROPE:         ftp.funet.fi in pub/doc/cud. (Finland)
                  ftp.warwick.ac.uk in pub/cud (United Kingdom)
  UNITED STATES:
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud
                  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
                  ftp.halcyon.com (192.135.191.2) in mirror2/cud
  KOREA:          ftp: cair.kaist.ac.kr in /doc/eff/cud

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Sat, 19 Feb 1994 11:13:52 -0800
From: Rika Kasahara <rika@WELL.SF.CA.US>
Subject: File 1--Photography, Computer Underground, and Images

((MODERATORS' NOTE: In CuD 6.16, we reported a solicitation for
"freaks" for the cover story on computer culture in a Japanese
magazine. A bit of a language barrier resulted in the solicitation
being misunderstood by ourselves and others. We are quite happy to
acknowledge that the intent of the cover is the exact opposite from
what it appeared to be. We apologize to Rika Kasahara, the original
poster, for the misunderstanding.

In a series of private and quasi-public posts, Rika has explained the
differences between the Japanese and U.S. images of the computer
culture. The intent of the story and the proposed cover was, in fact,
an attempt to do precisely what we suggested the media to, which is to
break down stereotypes.  One reader suggested that Rika's proposal
would be identical to the cover on Scientific American a few years ago
depicting four "computer nerds" from Legion of Doom as virile,
well-dressed and exceptionally photogenic businessmen as a way of
challenging stereotypes.  I agree.

Rika's private communications to me in the past week have been
valuable in adding to my own understanding of another culture.  One
reader suggested that CuD itself promotes cultural misunderstanding by
focusing almost exclusively on North America, even though a
substantial portion of readers are from virtually all other continents
and about 40 countries. They're right. We STRONGLY ENCOURAGE READERS
IN OTHER COUNTRIES, especially in South America and Asia, to submit
articles describing their experiences. Another suggested that I was
attempting to distance myself from computer folk who looked different.
Because, depending on mood and season, I would qualify as an
appropriate grunge candidate for the cover, the poster's observation
is off-target. But, his point might be reframed as simply his way of
emphasizing our own position that it's important to appreciate
difference rather than use differences to create damaging stereotypes
that lead to bad laws, bad polices, and bad enforcement.

In her post below, Rika explains how she would challenge stereotypes.
In doing so, she also gives us some insight into her own culture. We
admire her patience and grace in successfully contributing to our own
understanding)).

+++++++++++++++++++++++++++++++

Let me post another note to make my point clearer.  I hope my English is
better in this one.  I got a friend to help me to write it.

I guess I was misunderstood (in the previous post).

In Japan, where there is not a mature computer culture, overground or
underground, the hacker's image is on a par with that of rapists and
murderers - except that the hackers are seen as being a little
smarter.  However, they aren't seen as anything more than common,
lowlife criminals.

The stereotypical hacker in Japan is usually seen as either as a
balding, overweight, myopic individual lurking behind a monitor
throughout his life, with little purpose to his existence other than
using his computer to cause trouble for the society outside his door
-- or -- as an evil, scheming figure, waiting in the darkness, with
secret plans, sharp fangs, and a plot to steal your software.

The hacker's image is that of an overgifted antagonist who runs in the
same circles as the common footpad and heroin junkie. They aren't
viewed as having any redeemable features whatsoever, but their
intelligence makes them a grave threat to legitimate members of
society, so their very existence is feared. The meaning of their lives
is composed of almost nothing more than invading protected systems and
selling data for personal gain. Friendless, angry, and ready to
inflict damage onto the electronic world, this mythical villain hides
just beyond your senses, waiting to strike whenever he sees you are
vulnerable.

For the most part, "hackers," (is there a good encompassing, concise
definition for a hacker?) aren't this way at all. HoHoCon, for some
reason, had a surprising lack of dark, cloaked, shadowy figures in
attendance. Most hackers appear and act like ordinary people except
they are usually intrinsically curious about the machinations of their
reality, and will stop at no end in order to figure out how the world
actually works.

In order to fix this bad image and show that a hacker is indeed a real
person and not a thief or murderer, the magazine has been reporting
real hackers' stories, including mine.  And this time, I wanted to get
some photos of some real hackers or anybody from the computer
underground culture for the story, and for the cover page- to show
that, contrary to popular opinion, hackers aren't all myopic,
overweight bald guys, and shadowy vampires.  I was kind of joking when
I said "don't be an ordinary computer nerd" and the things about long
hair or a nose ring. I was not trying to find computer freaks, but
photogenic, interesting-looking people who wouldn't mind being
photographed and put in a magazine. The magazine cannot pay for people
being in these photographs - they do not have enough of a budget to
model rates, so this is an appeal to get some good pictures of actual
hackers who wouldn't mind having their pictures appear publicly.

Although after this there may not be any people that want to show up,
I still would like to take pictures of actual hackers. I don't want to
get pictures that damage the image of hackers, but pictures that
improve it - pictures that show that hackers are real people that have
interesting lives, not shadowy thieves, like the current hacker image
is in Japan. If anyone wouldn't mind showing up for this, I will be
taking pictures tomorrow ((Feb. 19)) at Buena Vista Park, on the
corner of Buena Vista West, and Haight at  1 pm. If you want to show
up, please do so.

This isn't a cattle call for a freak show, but I just want pictures of
some interesting people to use in the magazine. I'm sorry if what I
said before was understood as something different. I didn't mean to
offend anybody.

------------------------------

Date: Fri, 18 Feb 1994 02:51:13 EST
From: John_Stevenson@MAGIC-BBS.CORP.APPLE.COM
Subject: File 2--Update on Canadian BBS "Licensing" (Re: CuD 6.15)

I wrote this messge in response to many rumours that have been
floating around Onenet and MAGIC recently.

Don't Panic

I've been following the thread started when I forwarded LORD QORTHON's
copied post to the CyberForum. At first I was alarmed, but when I gave
the matter some thought, I realized that it is highly unlikely that
the CRTC has any interest in regulating BBSes right now. It may be
that government policy may effect BBS operation in future, but I just
don't see that happening any time soon.

Before I go on, I want to make it clear that I know the CRTC fairly
well from nearly a decade of work in the community radio sector.

>     The Canadian Radio and Telecommunications Commission (CRTC) is
>currently in the process of setting itself up to regulate Public
>bulletin boards.  They want to make it an offense to run a BBS without a
>CRTC license.  If licensing comes into effect, the BBS scene will quite
>literally shrivel up and die.

Bruce McIntosh telephoned the CRTC in Ottawa last week, and was told that
there are no plans to regulate bullten boards in the works. He spoke with a
public info officer and was told nothing was being worked on. To me, that
makes perfect sense - the CRTC has suffered from budget cuts in the past
few years and is understaffed. They would rather see more self-regulation,
like the cable industry's recent standards council. I am sure that if this
ever became something real, a group of BBSers getting together and drafting
some very basic standards would nip it in the bud.

>     Consider the example of radio in the 40's and 50's.  Before the
>CRTC was formed, anyone could broadcast radio signals legally from their
>home on any bandwidth.  Fearing obscenity and extreme access to
>information, the CRTC was formed to sell licenses to broadcasters.
>Without such a license, you could be prosecuted for broadcasting.  The
>result of this action can be seen today:  the only radio stations we see
>are totally mainstream and are hell-bent on making profit, not pleasing
>listeners or informing the public.

When I see this kind of history thrown out as "reality", it bothers me a
great deal. Government regulation of broadcasting existed from nearly the
beginning of the sector in Canada. The CBC and CRTC were formed not to stop
"obscenity and extreme access to information" but American commercial radio
control of Canadian airwaves. It was not the case that "anyone could
broadcast radio signals legally from their home on any bandwidth (sic)" -
even in the 1920s, the Fisheries Dept. was giving put licences.

>     If licensing comes into affect, we will LOSE this access.  Not only
>will the pirate boards be hunted down and exterminated, but all
>currently LEGAL PUBLIC DOMAIN BBS's will also be made illegal unless
>they can afford a license.  And who do you think will get licenses?
>Only those willing to follow the CRTC guidelines for radio and
>television.  Corporations and rich executives.  The BBS world, our
>underground paradise (if you will) is in great danger of becoming a
>commercial hell like the rest of today's media.

This seems like a likely scenario if (a) the CRTC had some desire to
control BBSes as you describe and (b) they could afford to do it. I am not
sure about the first and doubt the second very much.

>     We don't yet know what the proposed licensing fee will be, but it
>could anywhere in the area of $300-$5,000.  This could also depend on
>the size of the BBS.  However, most BBS's will simply close up shop if
>the government wants a license.  The government will simply weed out all
>the little guys and support the big guys.

Licence fee for a non-profit radio station is $25 dollars a year.
Commercial stations pay a very small percent of their profit as the fee.
I'm not in favour of licencing, but $25? In the US, all DJs (commercial or
non-commercial, it doesn't matter) need an FCC licence to be on the air.
Now that is restrictive.

>     Before I go into my plan of action, I want to tell you that if
>licensing comes into effect, if will be basically impossible to beat the
>system.  All pirate radio stations in North America have been crushed by
>the government in a matter of months.  Imagine how easy it will be to
>crush pirate bulletin board systems (and by that I simply mean BBS's
>without a license) with traceable phone numbers.  Bell Canada would be
>sure to help the CRTC bust those boards.  And the RCMP would have a real
>easy time busting any boards with illegal software, because those boards
>would not have licenses.  The CRTC finds the board through Bell, arrests
>the sysop for running a board without a license, then informs the RCMP
>that this sysop was allowing copyrighted material to be transferred
>through his/her bbs.  That sysop, for the first time in his/her life, is
>suddenly looking at a possible jail term.

It's hard for me to argue that folks running pirate boards shouldn't get
busted. While I don't agree with many aspects of our wonderful econimic
system, I don't think the way to reform it is through establishing pirate
bulliten boards. The software business is tough enough.

Actually, it isn't all that easy to find a pirate radio station, especially
outside Ontario. The Department of Communications has only a couple of
testing vans for the whole of Canada. Fact is, there are unlicenced radio
stations which have been in existance for years which the CRTC either can't
or doesn't want to bust. The last time they went after someone that I can
remember was for pirate television - a group of religious boradcasters out
west wanted to start a Christian TV station, even though that's contrary to
regulation. They ended up allowing them to apply for licences. Isn't the
CRTC mean?

I have never heard of anyone going to jail or receiving fines for breaking
broadcast regulations in Canada. Maybe it happened in the past, but in the
most recent ten years, it hasn't. Sure, broadcasters have been punished,
but it has never involved criminal prosecution. Yes, in the US this happens
a lot - but not in Canada.

Anyway, how easy will it really be to track down an "illegal" BBS? Radio
and television have a limited range of frequencies they can use - in many
parts of Canada, interferance from a new broadcaster will lead to
complaints. But a BBS isn't as noticable. What is the CRTC going to do -
wardial every city and town in Canada? Nope, they'll have to wait for
complaints, or pay someone to hang out in the hacker scene and track down
"pirate" boards.

>She would be willing to confront the CRTC on legal grounds if we have
>enough support from YOU.  I have to hear from you.  In order to force
>the CRTC to at least seriously listen to our argument, we need a lot of
>names, and a lot of letters to your local MP and to the CRTC.

God, I am sick of people thinking of the CRTC as some sort of FCC-style
scary monolith. They've bee watching Pump Up the Volume too many times.
The fact is that the Commission is pretty supportive of non-commercial
radio. Maby people in the CRTC just want to be responsive to what
broadcasters and the public want. They don't fine you and for the most part
there is very little ass-kicking going on.

>OUR GOAL:  To stop the CRTC from requiring the licensing of bulletin
>board systems and get it written into the law books that private, home
>run bbs's are totally legal and should never be regulated, in the
>interests of free information.

I know we've argued about this for awhile, but whether the CRTC or anyone
else regulates BBSes will be determined by a bunch of circumstances. First,
is the public somehow served by this kind of regualtion? Maybe. In the
past, even newspapers have been subject to public policy. However, I don't
see a pressing need for regulation. Second, if there is a desire to
regulate, who is going to pay for it? Regulation means staff, research, and
time. Can the CRTC spare that when they have to deal with such issues as
new cable services and long distance services? I don't think so.

>                   KEEP PRIVATE BBS's LEGAL!
>
>                                             LORD QORTHON

I guess the sourse of this post was a hacker, probably a warezwolf.

As I said at the beginning of this post, don't panic. Even if there is
a desire to regulate (and I am drafting a letter to Keith Spicer, the
chair of the CRTC to find out), we will have plenty of notice and can
deal with it.

------------------------------

Date: Fri, 18 Feb 1994 13:27:36 -0500
From: Dave Banisar <Banisar@WASHOFC.CPSR.ORG>
Subject: File 3--AP Article on Clipper

++++ fwd ++++

Subject--Computer Users Blast Chip Plan
From--The Associated Press, clarinews@clarinet.com
Date--Thu, 17 Feb 94 22:30:07 PST

      Computer enthusiasts worried about electronic privacy are
attacking the Clinton administration's proposed new computer
privacy standard -- and they're putting their feelings on-line.
      "For an administration that's concerned with the information
highway, they really are putting potholes in the highway before it
gets built," said Jerry Berman, executive director of the
Electronic Frontier Foundation in Washington.
      The government's new standard, Key Escrow Encryption, was
announced this month and is supposed to assure privacy during the
current explosion in electronic communications.
      But computer users and the industry have bridled at a provision
that guarantees that law enforcement and national security agencies
would still be able to intercept all messages, including electronic
mail and telephone signals, for lawfully authorized wiretaps.
      "John Q. Public is worried about other things, but when they
learn that the government is proposing to design the locks for your
electronic data messages, business transactions -- and then also
keep the keys in a quote, safe, place of their choosing ... I don't
think the public is going to accept it," Berman said in an
interview.
      The system uses a microcircuit called the clipper chip to
scramble messages on computers and other digital equipment.
Manufacturers would not be forced to use the chips, but would be
forbidden from exporting other encryption technology, to keep it
from terrorists, drug dealers and others.
      The administration has said encryption is a law-and-order issue
because it can be used by criminals to defeat wiretaps and avoid
prosecution. It has strategic value in international affairs as
well, officials say.
      Opponents of the plan, including the Business Software Alliance,
maintain that U.S. companies will lose sales to overseas customers
seeking the best security available, and that criminals will simply
find other sources for the products.
      The Electronic Frontier Foundation and Computer Professionals
for Social Responsibility have begun electronic petition drives on
the Internet, the worldwide on-line network of computers.
      The foundation said this week it has received 3,000 messages
from computer users supporting a bill by Rep. Maria Cantwell,
D-Wash., that would loosen export controls on scrambling
technology, effectively removing the clipper chip's advantage to
manufacturers.
      "Much of this is ordinary, shrink-wrapped software, the kind
millions of people buy every day for their home and business
computers at regular retail outlets," Cantwell said in offering
her bill.
      The computer professionals group has received 13,000 messages
urging President Clinton to withdraw the clipper proposal and will
deliver them to the White House, said Marc Rotenberg, the
organization's Washington director.
      Talk about the proposal spread to computer networks outside the
Internet as well.
      "Like they say, the devil is in the details," one man wrote on
a computer bulletin board in central Indiana. "First, Clipper is
voluntary. Then guess how long it will be until the use of any
`non-approved' encryption is outlawed?"
      Sen. Patrick Leahy, D-Vt., chairman of the Judiciary Committee's
subcommittee on technology, said this week that he strongly opposes
the clipper proposal because of privacy and civil liberties
concerns. Other opponents are expecting him to convene hearings on
the plan.
      The dispute threatened to smudge the administration's image
among the computer literati. Signs of high-tech's increased stature
at the White House have included the presence of then-Apple
Computer chairman John Sculley at Clinton's first address to
Congress and Vice President Al Gore's support for an "information
superhighway." The White House even set up an E-mail address for
Clinton shortly after he took office.
      Jim Thomas, editor of Computer Underground Digest on the
Internet, has watched the anti-clipper campaign building since
Attorney General Janet Reno announced the proposal Feb. 4.
      "It's like fighting a juggernaut," said Thomas, a professor of
sociology and criminology at the University of Northern Illinois.
"Some people think it's a done deal. But I'm highly optimistic
that we'll beat it. I think the momentum is growing."

------------------------------

From: dbatterson@ATTMAIL.COM(David Batterson)
Date: 18 Feb 94 20:12:19 GMT
Subject: File 4--Congress Online

             Congress Is Lagging Behind In Getting Online
                          by David Batterson


     While the White House is now online and able to receive
e-mail from citizens, Congress has languished behind--somewhat unsure
of how fast to implement this new technology.  Meanwhile, those of us
who strongly favor e-mail access to government officials think that
Congress is moving entirely too sluggardly.  Who's right?

     Many would argue that e-mail is unnecessary, since we can already
mail letters to members of Congress, as well as phone or fax them.
However, fax machines were once as rare as sincerity on Capitol Hill,
but now proliferate.  The same is true with cellular phones; their
usage has exploded.  Likewise, it's fast becoming the same situation
with e-mail.  You cannot stop progress; e-mail is the next big wave of
communications.

     While most Senators are not online, one prominent member of the
U.S. Senate is:  Ted Kennedy.  According to staffer Chris Casey, "our
office has been posting info to a small network of Massachusetts
computer BBSs (bulletin board systems) and into two USENET news groups
since early last year." [USENET is part of the huge Internet computer
network that links up millions of computer users.]

     Casey also e-mailed me that "we're in the process now of
implementing direct constituent e-mail access to our office.  More
people up here need to wake up to the importance of this type of
access."  I couldn't agree more.

     In a previously published interview, Kennedy said "constituent e-
mail and electronic distribution of information are likely to become
routine on Capitol Hill in the near future."  He's right.

    The leadership and members of both the House and Senate should
stop oozing along like molasses flowing uphill in Vermont.  The time's
are-a-changin' fast.  If they refuse to provide constituent e-mail and
online access, those elected officials should resign from public
office.

     Oregon Rep. Elizabeth Furse, District 1, totally agrees with
Kennedy, and has implemented constituent e-mail and a USENET news
group for her office.  Mary Fetsch, Furse's press secretary, said it's
important for the representative's constituents to reach her online,
since "it's a high-tech district, including the 'Silicon Forest' where
we have Intel, Nike and other firms that are highly computerized."

     I tested Rep. Furse's system, and here's part of the form letter
reply: "Thank you for contacting me through the House of
Representatives' Constituent Electronic Mail System (CEMS).  I am
pleased to be a part of this effort to offer citizens a quick,
efficient and environmentally sound way to communicate with their
representatives in Congress."

     Online access to Congress is part of the Clinton administration's
overall plans to develop a National Information Infrastructure.  For a
perfect example, the public has responded favorably to having text of
the President's health care plan and NAFTA available online.  When
Ross Perot was running for president, online services, BBBs and e-mail
systems were abuzz with blizzards of messages and information.

     Another strong proponent for public electronic access is
curmudgeon and activist Jim Warren, who lives in the San Francisco Bay
area.  Warren was the organizer of the first Conference on Computers,
Freedom and Privacy, and the founder of InfoWorld, a major computer
industry trade paper.

     Warren not only wants to be able to e-mail members of Congress.
In addition, he's pushing hard to "computerize the filing of and
public access to state and local campaign-finance disclosures,
officials' statements of economic interests, and state lobbyists'
disclosures."

     Warren sees access to public records as one component of a
broader issue, of computerization that allows online feedback to
city/town, county/parish, state and federal officials/agencies,
personal use, nonprofit-organization use, commercial/tax-paying use,
public dissemination, and community discussions (town-sized to Village
Earth)."

     In an e-mail message from Rep. Charlie Rose (D-NC), Chairman,
Committee on House Administration, Rose said that "the results of the
six month public mail pilot have been very encouraging.  The nature
and character of the incoming electronic mail has demonstrated that
this capability will be an invaluable source of information on
constituent opinion.  We are now in the process of expanding the
project to other members of Congress, as technical, budgetary and
staffing constraints allow."

     In other words, it will take a long time for anything significant
to happen.  Unless constituents scream for online access, it will be
slow in coming to their districts.

     In spite of the pressure, at present only eleven members of the
U.S.  House of Representatives have public electronic mailboxes that
may be accessed by their constituents.  The ten are: Sam Coopersmith
(D-AZ), Jay Dickey (R-AR), Sam Gejdenson (D-CT), Newton Gingrich (R-
GA), Dennis Hastert (R-IL), George Miller (D-CA), Karen Shepherd (D-
UT), Fortney "Pete" Stark (D-CA), Mel Watt (D-NC), plus Rose and
Furse.

     There are a few hopeful signs on the Senate side, according to
Casey.  "The Senate recently set up an 'FTP server' that will allow
any Senator or Senate Committee to post information on the Internet."

     Sen. Charles Robb (D-VA) also posts information and receives e-
mail.  Sen. Jeff Bingaman (D-NM) "has or is near to begin posting info
to a network in New Mexico," Casey e-mailed me.

     As Sen. Kennedy has emphasized, e-mail doesn't replace
"traditional means of communication."  That's true, since all replies
to e-mailed letters will be sent by USPS until some distant point in
the future.

     Getting a paper reply to an electronic message really defeats the
purpose of e-mail--giving you only half a loaf.  But for the stodgy
House and Senate to even get that far is practically a miracle, so
it's worth something.

     To e-mail Rep. Elizabeth Furse, use: furseor1@hr.house.gov.  For
more information on the House of Representatives e-mail system, e-mail
congress@hr.house.gov.  Rep. Furse's news releases and other
information can be found in the USENET news group titled OR.POLITICS.

For information on Sen. Kennedy's online developments, e-mail
chris_casey@kennedy.senate.gov.

                                  ###

     David Batterson covers computers & telecommunications for WIRED,
ComputorEdge, Computer Underground Digest, VICTORY! and other
publications.  His e-mail addresses are:  dbatterson@attmail.com,
dbatterson@aol.com, evfw91a@prodigy.com, and
david.batterson@f290.n105.z1.fidonet.org.

------------------------------

Date: Thu, 17 Feb 1994 17:19:15 -0800
From: Jim Warren <jwarren@WELL.SF.CA.US>
Subject: File 5--Public access to *Inaccurate(?)* Public Records?

Feb.17, 1994

"It is error alone which needs the support of government.
 Truth can stand by itself."    --  Thomas Jefferson
  [from John Dilley <jad@nsa.hp.com> ]

%%%%%%%%%%%%%%%

           PUBLIC ACCESS TO *INACCURATE(?)* PUBLIC RECORDS

  I don't know if you followed or are interested in the flap over
"Altered White House documents" but thought I would brazenly bring it to
your attention.

  It is certainly germane to the question of public access to *reliable*
government information. I objected on alt.internet.services on Feb 5 to
having found a version of a story on the ftp site whitehouse.gov which
did not match facts widely reported in the media.

  The Internet flap which ensued finally caught the attention of the
White House and I received a denial from Jock Gill of the Office of
Media Affairs that the WH altered or edited any documents - despite the
fact that I had evidence to the contrary.

  The story hit the AP wires and the on-line community has been extremely
interested - and supportive of the need to protect the accuracy and
reliability of what we receive on-line from the government!

  I prepared an approximately 11k synopsis of the gist of the story,
including the AP version which appeared on-line, if you are interested. I
think much of it is still contained on  alt.internet.services  though it
went everywhere and bits and pieces are scattered all over.

%%%%%%%%%%%%%%%

ABOUT THE NEXT ITEM HEREIN:  EXPLICIT EXAMPLE OF A NET-BASED POLITICAL PUSH
  This GovAccess list began as online support for an effort to mandate that
California's *state*-level legislative information available via the nets.
Because of (1) its public/popular support and (2) the net-ability of
*timely* mass-communications among geographically-disbursed supporters, it
was politically irresistable.
  GovAccess.015 and the following message both concern a net-based *federal*
political push regarding a *national* net-related issue.  GovAccess.015
concerned a national petition addressed to the President - the Executive
Branch.  It has already drawn OVER TEN-THOUSAND CO-SIGNATORS.
  The following item concerns direct advocacy to representatives in the
Legislative Branch - supporting Congressional action to redress the grievance.
  Although I am personally a furious and flaming advocate on this issue, I
am weaseling the information in, here, under the [legitimate] excuse that it
is clearly an example of a net-based populist political push - this time, at
a federal level.

The "just-cause" and "public-interest" aspects are merely icing on the cake:
*  Shall the Clinton/Gore administration continue to supress national and
global adoption of the best possible personal-communications privacy-
protection technology - that can be most-easily deployed and least expensive?
*  Shall the administration continue to force U.S. high-tech companies into
non-competitive positions, by prohibiting their foreign sale of the best
secure-communications technology - even though it is already known world-
wide, published in the open technical literature more than a decade ago,
and gleefully sold by foreign competitors?
*  Shall the administration continue to pretend that this globally-known
security technology is a "dangerous munition," the export of which must be
mostly-prohibited by the Secretary of State, when it is sold on diskettes
throughout the U.S., is readily available throughout the world, and can be
downloaded in a few minutes from many thousands of Internet sites, globally?
*  Shall the administration continue its efforts to deploy and install
costly new communications systems that are exclusively *designed* to aid its
covert surveillance of personal, financial and business communications -
electronic-snooping so-often abused by politicians and officials in the
positions to exercise it?
*  Does the administration *really* think that alleged wrongdoers will
actually use communications systems that are *designed* to facilitate
government eves-dropping - especially when provably-secure technology is
available to everyone, worldwide, at little or no cost?
*  Should the government develop and deploy ever-greater citizen-surveillance
technology for ever-increasingly-convenient, undetectable peeping-anywhere at
the touch of a Washington keyboard, while citizens are offered only a
guaranteed-insecure secret system to protect against corporate and personal
snooping while facilitating government peepers?

Thus - the next item concerns net-based political action by those who have
the technical competency to understand the issues and their ramifications -
to address this bizarre lunacy.  While opposition-action is still permitted.
  --jim

%%%%%%%%%%%%%%%

CONGRESSIONAL ACTION SEEKS NET-WIDE SUPPORT (INCLUDING YOU! :-)
  From ssteele@eff.org Tue Feb 15 12:11:15 1994        * DISTRIBUTE WIDELY *
subject:  EFF Wants You (to add your voice to the crypto fight)
Monday, February 7th, 1994              [reformatted for GovAccess. --jim]
From: Jerry Berman, Executive Director of EFF.   jberman@eff.org
---
Dear Friends on the Electronic Frontier,
  I'm writing a personal letter to you because the time has now come for
action. On Friday, February 4, 1994, the Administration announced that it
plans to proceed on every front to make the Clipper Chip encryption scheme
a national standard, and to discourage the development and sale of
alternative powerful encryption technologies. If the government succeeds
in this effort, the resulting blow to individual freedom and privacy could
be immeasurable.
  As you know, over the last three years, we at EFF have worked to ensure
freedom and privacy on the Net. Now I'm writing to let you know about
something *you* can do to support freedom and privacy. *Please take a
moment to send e-mail to U.S. Rep. Maria Cantwell (cantwell@eff.org) to
show your support of H.R. 3627, her bill to liberalize export controls on
encryption software.* I believe this bill is critical to empowering
ordinary citizens to use strong encryption, as well as to ensuring that
the U.S. software industry remains competitive in world markets.
  Here are some facts about the bill:
  Rep. Cantwell introduced H.R. 3627 in the House of Representatives on
November 22, 1993.  H.R. 3627 would amend the Export Control Act to move
authority over the export of nonmilitary software with encryption
capabilities from the Secretary of State (where the intelligence community
traditionally has stalled such exports) to the Secretary of Commerce. The
bill would also invalidate the current license requirements for
nonmilitary software containing encryption capablities, unless there is
substantial evidence that the software will be diverted, modified or
re-exported to a military or terroristic end-use.
  If this bill is passed, it will greatly increase the availability of
secure software for ordinary citizens. Currently, software developers do
not include strong encryption capabilities in their products, because the
State Department refuses to license for export any encryption technology
that the NSA can't decipher. Developing two products, one with less secure
exportable encryption, would lead to costly duplication of effort, so even
software developed for sale in this country doesn't offer maximum
security. There is also a legitimate concern that software companies will
simply set up branches outside of this country to avoid the export
restrictions, costing American jobs.
  The lack of widespread commercial encryption products means that it will
be very easy for the federal government to set its own standard--the
Clipper Chip standard. As you may know, the government's Clipper Chip
initiative is designed to set an encryption standard where the government
holds the keys to our private conversations. Together with the Digital
Telephony bill, which is aimed at making our telephone and computer
networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort
on the part of the government to prevent us from being able to engage in
truly private conversations.
  We've been fighting Clipper Chip and Digital Telephony in the policy arena
and will continue to do so. But there's another way to fight those
initiatives, and that's to make sure that powerful alternative encryption
technologies are in the hands of any citizen who wants to use them. The
government hopes that, by pushing the Clipper Chip in every way short of
explicitly banning alternative technologies, it can limit your choices for
secure communications.
---
Here's what you can do:
  I urge you to write to Rep. Cantwell today at cantwell@eff.org. In the
Subject header of your message, type "I support HR 3627." In the body of
your message, express your reasons for supporting the bill. EFF will
deliver printouts of all letters to Rep. Cantwell. With a strong showing
of support from the Net community, Rep. Cantwell can tell her colleagues
on Capitol Hill that encryption is not only an industry concern, but also
a grassroots issue. *Again: remember to put "I support HR 3627" in your
Subject header.*
  This is the first step in a larger campaign to counter the efforts of
those who would restrict our ability to speak freely and with privacy.
Please stay tuned--we'll continue to inform you of things you can do to
promote the removal of restrictions on encryption.
  In the meantime, you can make your voice heard--it's as easy as e-mail.
Write to cantwell@eff.org today.
---
If you want additional information about the Cantwell bill, send
e-mail to cantwell-info@eff.org. To join EFF, write membership@eff.org.
The text of the Cantwell bill can be found with the any of the following
URLs (Universal Resource Locaters):
  ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
  http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
  gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill
---
[The Electronic Frontier Foundation is one of the most-effective spokes-
groups for online civil-liberties that I know of in Washingtoontown, and
Berman is one of the most effective DC advocates for such issues.  --jim]

%%%%%%%%%%%%%%%

ONLY IN AMERIKA:  CRYPTOIDS' COMIC RELIEF IN THE FED-SNOOP AND GOV-PEEP GAME
  From washofc!banisar@uu5.psi.com Wed Feb 16 12:08:21 1994
Organization: CPSR Washington Office
From: Dave Banisar <banisar@washofc.cpsr.org>
To: CPSR Civil Liberties Group <cpsr-civilliberties@Pa.dec.com>
  Big Brother Inside Logo
A parody of the Intel's Logo modified for the Clipper Chip is now available
for use for stickers, posters, brochures etc.  The Big Brother Inside
graphic files are now available at the CPSR Internet Archive -
ftp/gopher cpsr.org /cpsr/privacy/crypto/clipper
  big_brother_inside_sticker.ps (postscript-scale to fit your project)
  big_brother_inside_logo.gif (Color GIF - good startup/background screen)
  big_brother_inside_picts_info.txt (Info on the files)
The files have also been uploaded to America Online in the Mac Telecom and
Graphic Arts folders.
  big_brother_inside_sticker.ps is a generic postscript file, created in
CorelDraw. The postscript image lies landscape on the page, and consists
of the intel-logo's ``swoosh'' and crayon-like lettering on the inside.
  This design was originally created for the sticker project: the image was
screened onto transparent stickers 1" square for the purpose of applying
them to future clipper-chip products. (cdodhner@indirect.com was in charge
of that project; as far as I know he's still distributing them for a small
donation to cover printing & mailing costs).
  The design was created by Matt Thomlinson <phantom@u.washington.edu>

------------------------------

Date: 18 Feb 94 15:23:33 EST
From: Mark Lloyd <73670.57@COMPUSERVE.COM>
Subject: File 6--Clipper Questions and Answers in a Nutshell

Clipper Q and A
By W. Mark Lloyd

WHAT IS THE CLIPPER CHIP?

The Clipper chip is an encryption chip using an algorithm called
Skipjack.  The Skipjack algorithm was developed by the National
Security Agency (NSA) for the National Institute of  Standards and
Technology (NIST).  Data encrypted using the Skipjack algorithm can be
decrypted using a secret process that requires two separate keys.
These keys would be escrowed separately by NIST and the Department of
Treasury.  Under the plan, a law enforcement agency  would require a
court order to get the two keys that would have to be combined to
decrypt a transmission generated with  a Clipper chip.

HOW DOES THE SKIPJACK ALGORITHM DO THIS?

Encryption algorithms use numbers called keys that are like
combinations to a lock.  Messages are encrypted and decrypted much the
same as locks are locked and unlocked.  The key to any Clipper encoded
message is itself encrypted using a key derived from two other keys
that are stored separately.  The encrypted  key and a number that
identifies the chip that sent the message are then encrypted with
another key that is common to many other chips.  All of this is sent
along with the encrypted original message. This is done so if a law
enforcement  agency wants to decrypt a message the process can be
reversed: The outer portion of the encrypted key is decrypted to get
the number that identifies the unit  that sent the message. This is
used to obtain the two separate escrowed keys  that are then combined
to decrypt the session key  that allows the original message to be
decrypted.

        Let s look at another way. You have the session key S, the key E
derived from the two escrowed keys,  the family key F, the message M
and the chip identification number C.  It s all  put together  like
this:  (M encrypted with key S)+(((S encrypted with key E) C
)encrypted with F)

IS THE SYSTEM SECURE?

If everything goes right, according to the a panel of five
cryptography experts who have reviewed it.

WHAT ALGORITHM DOES THE ACTUAL ENCRYPTION?

That is classified information.

BUT AREN'T GOOD ENCRYPTION ALGORITHMS SECURE, EVEN WHEN EVERYONE KNOWS
WHAT THEY ARE, LIKE DES?

Yes.

THEN WHY NOT JUST PUBLISH THE ALGORITHM?

The reasons cited are that compromising the algorithm would be
detrimental to national security.  This means that secret techniques
are used in the algorithm.

SO A GOVERNMENT SECRET IS GOING TO BE IN THOUSANDS OF THESE CLIPPER
CHIPS SHIPPED ALL OVER THE WORLD?

That's the plan.

SO IF SOMEONE FIGURES OUT HOW TO GET THE ALGORITHM FROM THE CLIPPER
CHIPS, OUR NATIONAL SECURITY COULD BE COMPROMISED?

If you follow the NSA's logic, yes.

Law enforcement officials are going to be using the algorithm and the
family key many time to get unit identification numbers.  Let s say
that the algorithm is leaked.  Or one of the black boxes that will be
used to decrypt the chips is compromised and the algorithm and family
keys are generally known?  What will happens then?

The algorithm could be subject to tampering. From our explanation in
question two we would go from this:  (M encrypted with key S)+(((S
encrypted with key E) C )encrypted with F)  to this  (M encrypted with
key S)+(S encrypted with key E) C.  This would leave the chip number
open to tampering.  Also in  theory it would allow a steady attack on
the key E, that would compromise the unit.  This attack is
theoretically better than attacking a message without the law
enforment field, but even if the key S is known (by getting someone
with a chip with to send you a message with a key you have negotiated)
it would still be difficult with today s computer power.   In any case
anyone with anything to hide wouldn t use a Clipper chip for
transmissions they wanted to keep secret from law enforcement
authorities.

MOST ENCRYPTION IS DONE WITH SOFTWARE.  CAN THE SKIPJACK ALGORITHM BE
USED IN SOFTWARE ENCRYPTING SYSTEMS?

No.  The nature of the Skipjack algorithm  makes it only useful if it
is  released in a special tamper proof chip.

SO THE ALGORITHM IS ONLY USEFUL FOR APPLICATIONS THAT CAN USE HARDWARE
ENCRYPTION?

Yes.

WHAT IF I WANT TO ENCRYPT A MESSAGE WITH A REALLY SECURE ALGORITHM
BEFORE IT IS ENCRYPTED BY A CLIPPER CHIP?

That would be a simple and obvious way to get around the Clipper chip.

BUT ISN'T MOST ENCRYPTION CURRENTLY DONE USING SOFTWARE ON GENERAL
PURPOSE MICROPROCESSORS?

Yes.

IS CLIPPER GOING TO BE EASIER TO EXPORT THAN DES?

According to the Clinton administration, yes.

IS THERE A FOREIGN MARKET FOR CLIPPER ENCRYPTION DEVICES?

For there to be a market there needs to be a reason for foreign
purchasers to prefer Skipjack or Clipper technology to currently
available algorithms.  This has not been shown to be true.  There a
report in the British press that the NSA has a representative in
London that is  lobbying European governments to adopt the  Clipper
chip.

WHAT IF A FOREIGN GOVERNMENT WANTS TO SPY ON THEIR OWN CITIZENS, WILL
WE GIVE THEM THE KEYS TO DO THIS?

Good question.

What if a foreign government allows the importation of Clipper chips,
but only if they get the keys first?  Would we be responsible for
their abuse?

That question has not been answered yet.

If we only give them the key when they ask, what if we suspect the
keys they want are to spy on a political adversay. What if a foreign
government decides to make an issue of us not giving  them the keys to
a Clipper chip we sold them? How will we deal with this?

We would be in a no win situation.

WILL THE NSA GET THE KEYS TO SKIPJACK UNITS THAT ARE EXPORTED?

Government officials have said to some people that the NSA will not
get these keys. NSA has not yet said this on the record.

HAVE ORGANIZATIONS THAT REPRESENT THE COMPUTER HARDWARE AND SOFTWARE
INDUSTRIES ASKED FOR A NEW ALGORITHM TO EXPORT?

No.  Both the Software Publishing Association and the American
Electronics Association, along with other industry groups, have asked
that the DES algorithm be made available for easy export.  The DES
algorithm is already available all over the world.  DES is classified
as a munition by the US government and cannot be exported easily.

THE ANNOUNCEMENT FROM THE WHITE HOUSE ON FEBRUARY 4 SPOKE ABOUT THE
PROBLEM OF "TERRORISTS, DRUG DEALERS, AND OTHER CRIMINALS" USING
ENCRYPTION.  WILL THE CLIPPER CHIP DO ANYTHING TO PREVENT THESE PEOPLE
FROM USING NON-ESCROWED ENCRYPTION TECHNIQUES?

No. These prople will be able to encrypt with whatever algorithm they
want.

ARE THERE OTHER WAYS OF ESCROWING KEYS VOLUNTARILY, FOR GOVERNMENTAL
AND BANKING NEEDS THAT REQUIRE BOTH CONFIDENTIALITY AND
ACCOUNTABILITY?

Yes.  There is work being done now on techniques that allow much more
flexible ways of voluntarily escrowing keys.

------------------------------

End of Computer Underground Digest #6.17
************************************