Computer underground Digest    Wed  Oct 26, 1994   Volume 6 : Issue 93
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Retiring Shadow Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Mini-biscuit editor:  Guy Demau Passant

CONTENTS, #6.93 (Wed, Oct 26, 1994)

File 1--Government Gopher Sites
File 2--(fwd) South African Consitution and computer privacy (fwd)
File 3--The Online Future (Review)
File 4--OTA Report on Information Security and Privacy released
File 5--Cu Digest Header Information (unchanged since 23 Oct 1994)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

----------------------------------------------------------------------

Date: Wed, 26 Oct 1994 19:32:43 CDT
From: CuD Moderators <jthomas@well.sf.ca.us>
Subject: File 1--Government Gopher Sites

((MODERATORS' NOTE:  We're periodically asked for the location of good
gopher sites for government and other information. Here is a list of
major government gopher sites. University gopher sites can sometimes be
discovered just by typing gopher.(university.address). For example,
gopher gopher.niu.edu gopher niu.edu is a hit-and-miss approach, but
with a few minutes experimentation, you'll likely come across some
fascinating archives.  The header from the following post was eaten
when it arrived. Thanks to the poster for sending over the following
list of government gopher sites.  We should also add a few of our own
favorites:

The American Civil Liberties Union
host=aclu.org

Univ. of Minnesota gopher (the gopher of all gophers)
host=tc.umn.edu

Internet Spies/WIRETAP - crammed full of books and texts
host=wiretap.spies.com

And, we can't forget our own NIU sociology gopher, just constructed
and growing--
At the opening menu, move to Academic depts / Liberal Arts / Sociology

and check out the CRIMINOLOGY area. It's still under construction,
so if you see something that's not there that would be helpful,
let us know. It also hosts the Society for the Study of Symbolic
Interaction gopher site)).

NIU Sociology gopher
host=gopher.corn.cso.niu.edu

                     ============================

NAME AND HOST

name=extension service, usda
host=esusda.gov

name=u.s. dept agriculture food and nutrition information center
host=ra.esusda.gov

name=national trade data bank
host=gopher.stat-usa.gov

name=u.s. dept transportation
host=gopher.dot.gov

name=u.s. dept agriculture extension service
host=esusda.gov

name=national center for research on evaluation, standards
host=gopher.cse.ucla.edu

name=library of congress marvel information system
host=marvel.loc.gov

name=protein data bank - brookhaven national lab
host=pdb.pdb.bnl.gov

name=u.s. dept agriculture national agricultural library plant genome
host=probe.nalusda.gov

name=u.s. dept agriculture ars grin national genetic resources program
host=gopher.ars-grin.gov

name=federal info exchange (fedix)
host=fedix.fie.com

name=lanl physics information service
host=mentor.lanl.gov

name=nasa goddard space flight center
host=gopher.gsfc.nasa.gov


name=nasa  network application and information center (naic)
host=naic.nasa.gov

name=national institute of standards and technology (nist)
host=gopher-server.nist.gov

name=national institutes of health (nih)
host=gopher.nih.gov

name=national science foundation (stis)
host=stis.nsf.gov

name=oak ridge national laboratory esd gopher
host=gopher.esd.ornl.gov

name=national institute of allergy and infectious disease (niaid)
host=gopher.niaid.nih.gov

name=national institute of mental health (nimh) gopher
host=gopher.nimh.nih.gov

name=national science foundation center for biological timing
host=minerva.acc.virginia.edu


name=national cancer institute
host=gopher.nih.gov

name=los alamos national laboratory
host=gopher.lanl.gov

name=lanl advanced computing laboratory
host=gopher.acl.lanl.gov

name=lanl nonlinear science information service
host=xyz.lanl.gov

name=u.s. military academy gopher
host=euler.math.usma.edu

name=national center for atmospheric research (ncar) gopher
host=gopher.ucar.edu

name=national center for biotechnology information (ncbi) gopher
host=ncbi.nlm.nih.gov

name=nasa langley research center
host=gopher.larc.nasa.gov

name=nasa shuttle small payloads information
host=sspp.gsfc.nasa.gov

name=askeric - (educational resources information center)
host=ericir.syr.edu

name=national center for supercomputing applications
host=gopher.ncsa.uiuc.edu

name=u.s. geological survey (usgs)
host=info.er.usgs.gov

name=nasa center for aerospace information
host=gopher.sti.nasa.gov

name=nasa lewis research center (lerc)
host=gopher.lerc.nasa.gov

name=u.s. geological survey atlantic marine geology
host=bramble.er.usgs.gov

name=aves: bird related information
host=vitruvius.cecer.army.mil

name=nist computer security
host=csrc.ncsl.nist.gov

name=naval research laboratory
host=ra.nrl.navy.mil

name=naval research laboratory  central computing facility
host=ccfsun.nrl.navy.mil

name=nasa high energy astrophysics science archive research center
host=heasarc.gsfc.nasa.gov

name=u.s. national information service for earthquake engineering
host=nisee.ce.berkeley.edu


name=lternet (long-term ecological research network)
host=lternet.washington.edu

name=u.s. dept energy  office of nuclear safety
host=gopher.ns.doe.gov

name=national library of medicine
host=gopher.nlm.nih.gov

name=lanl gopher gateway
host=gopher.lanl.gov

name=lanl t-2 nuclear information service gopher
host=t2.lanl.gov

name=u.s. dept education
host=gopher.ed.gov

name=u.s. dept energy
host=vm1.hqadmin.doe.gov

name=national coordination office for high performance computing and
 communications
host=gopher.hpcc.gov

name=environment, safety & health (usde) gopher
host=dewey.tis.inel.gov

name=u.s. dept energy  environment, safety & health gopher
host=dewey.tis.inel.gov

name=naval ocean system center (nrad) gopher
host=gopher.nosc.mil

name=u.s. environmental protection agency great lakes national program office
 gopher
host=glnpogis2.r05.epa.gov

name=environmental protection agency  great lakes national program office gopher
host=glnpogis2.r05.epaa.gov

name=u.s. environmental protection agency  futures group
host=futures.wic.epa.gov

name=environmental protection agency  futures group
host=futures.wic.epa.gov

name=u.s. navy  naval ocean system center nrad gopher
host=gopher.nosc.mil

name=national institute of environmental health sciences (niehs) gopher
host=gopher.niehs.nih.gov


name=arkansas-red river forecast center (noaa)
host=gopherpc.abrfc.noaa.gov

name=national geophysical data center (noaa)
host=gopher.ngdc.noaa.gov

name=nasa office of life and microgravity sciences and applications
host=gopher.olmsa.hq.nasa.gov

name=noaa environmental services gopher
host=esdim1.nodc.noaa.gov

name= federal government information (via library of congress)
host=marvel.loc.gov

name=comprehensive epidemiological data resource (cedr) gopher
host=cedr.lbl.gov

name=lawrence berkeley laboratory (lbl)
host=gopher.lbl.gov


name=national oceanographic data center (nodc) gopher
host=ariel.nodc.noaa.gov

name=esnet information services gopher
host=gopher.es.net

name=cyfernet  usda children youth family education research network
host=cyfer.esusda.gov

name=americans communicating electronically
host=ace.esusda.gov

name=u.s. dept agriculture children youth family education research network
host=cyfer.esusda.gov

name=oak ridge national laboratory center for computational sciences
host=gopher.ccs.ornl.gov

name=nasa k-12 nren gopher
host=quest.arc.nasa.gov

name=national agricultural library genome gopher
host=probe.nalusda.gov

name=eric clearinghouse on assessment and evaluation
host=vmsgopher.cua.edu

name=u.s. dept commerce economic conversion information exchange
host=cher.eda.doc.gov

name=u.s. dept commerce economics and statistics administration
host=gopher.stat-usa.gov

name=national center for education statistics
host=gopher.ed.gov

name=u.s. dept agriculture economics and statistics
host=usda.mannlib.cornell.edu

name=u.s. environmental protection agency
host=gopher.epa.gov

name=environmental protection agency
host=gopher.epa.gov

name=national library of medicine toxnet gopher
host=tox.nlm.nih.gov

name=nasa minority university space interdisciplinary network
host=muspin.gsfc.nasa.gov

name=stis (science and technology information system-nsf)
host=stis.nsf.gov

name=national toxicology program (ntp) niehs-nih
host=gopher.niehs.nih.gov

name=u.s. dept commerce  information infrastructure task force
host=iitf.doc.gov

name=co-operative human linkage center (chlc) gopher
host=gopher.chlc.org

name=smithsonian institution natural history gopher
host=nmnhgoph.si.edu

name=  politics and government
host=peg.cwis.uci.edu

name=voice of america (radio)
host=gopher.voa.gov

name=federal register - sample access
host=gopher.counterpoint.com

name=u.s. senate gopher
host=gopher.senate.gov

name=u.s. bureau of mines gopher
host=gopher.usbm.gov

name=legi-slate gopher service (via umn)/
host=mudhoney.micro.umn.edu

name=nasa laboratory for terrestrial physics gopher
host=ltpsun.gsfc.nasa.gov

name=noaa national oceanographic data center (nodc) gopher
host=ariel.nodc.noaa.gov

name=noaa national geophysical data center (ngdc)
host=gopher.ngdc.noaa.gov

name=u.s. bureau of the census gopher
host=gopher.census.gov

name=eric clearinghouse for science, math, environmental (osu)
host=gopher.ericse.ohio-state.edu

name=\peg, a peripatetic, eclectic gopher
host=peg.cwis.uci.edu

name=u.s. house of representatives gopher
host=gopher.house.gov

name=information infrastructure task force (doc) gopher
host=iitf.doc.gov

name=federal communications commission gopher
host=ftp.fcc.gov

name=defense technical information center public gopher
host=asc.dtic.dla.mil

name=national archives gopher
host=gopher.nara.gov

name=nasa center for computational sciences
host=nccsinfo.gsfc.nasa.gov

name=u.s. agency for international development gopher
host=gopher.info.usaid.gov

name=graingenes (usda) gopher
host=probe.nalusda.gov

name=federal reserve board (via town.hall.org)
host=town.hall.org

name=federal networking council advisory committee
host=fncac.fnc.gov

name=federal deposit insurance corporation gopher (via sura.net)
host=fdic.sura.net

name=national telecommunication and information administration (ntis) gopher
host=gopher.ntia.doc.gov

name=national institute of standards and technology gopher
host=zserve.nist.gov

name=securities and exchange commission "edgar" gopher
host=town.hall.org

name=u.s. securities and exchange commission "edgar" gopher
host=town.hall.org

name=u.s. patent and trademark office information (via town.hall.org)
host=town.hall.org

name=public broadcasting service (pbs) gopher
host=gopher.pbs.org

name=u.s. dept justice gopher
host=gopher.usdoj.gov

name=fedworld (ntis) - 100+ electronic government bulletin boards
host=peg.cwis.uci.edu

name=ntis fedworld - 100+ electronic government bulletin boards
host=peg.cwis.uci.edu

name=national renewable energy laboratory
host=gopher.nrel.gov

name=catalog of federal domestic assistance
host=peg.cwis.uci.edu

name=social security administration
host=oss968.ssa.gov

name=national center for toxicological research
host=gopher.nctr.fda.gov

name=national heart, lung, and blood institute (nhlbi) gopher
host=gopher.nhlbi.nih.gov


name=noaa online data and information systems
host=esdim1.esdim.noaa.gov

name=eric clearinghouses (via syracuse)
host=ericir.syr.edu

name=internic: internet network information center gopher
host=is.internic.net

name=nasa information sources telnet (compiled by msu)
host=burrow.cl.msu.edu

name=nasa space mechanisms information gopher
host=altemird.jsc.nasa.gov

name=financenet (national performance review)
host=gopher.financenet.gov

name=u.s. dept health and human services
host=gopher.os.dhhs.gov

name=u.s. consumer product safety commission gopher
host=cpsc.gov

name=consumer product safety commission gopher
host=cpsc.gov

name=defense nuclear facilities safety board
host=gopher.dnfsb.gov

name=national agricultural library
host=gopher.nalusda.gov

name=small business administration
host=www.sbaonline.sba.gov

name=nasa marshall space flight center  spacelink
host=spacelink.msfc.nasa.gov

name=national information infrastructure task force
host=iitf.doc.gov

name=u.s. dept agriculture aphis gopher
host=gopher.aphis.ag.gov

name=u.s. dept housing and urban development

------------------------------

Date: Mon, 24 Oct 1994 22:58:17 -0500 (CDT)
From: David Smith <bladex@BGA.COM>
Subject: File 2--(fwd) South African Consitution and computer privacy (fwd)

Saw this posted elsewhere, just passing along this lawyers request for
information.

David Smith           |
bladex@bga.com        |
---------- Forwarded message ----------
Date--Mon, 24 Oct 1994 17:18:52 GMT

South Africa has a new Bill of Rights which guarantees the right to
privacy and protects all persons against unreasonable and unjustified
search and seizure of their personal property or the violation of
private communications.

I am currently involved in research into the impact of this
constitutional right on computer law. In particular, I am looking at
whether a state agency can obtain a list of files from a person's
account which they suspect contains illegal material such as pirated
software or pornography (illegal in South Africa). Does the state
agency need to obtain a search warrant or the user's permission before
searching his/her account even if their suspicion is a reasonable one?

The crisp legal issue is this: Does the seizure of computer files or a
list of those files out of an individual's account, without a warrant
or without the user's permission, violate the constitutional right to
procedural due process and the right to privacy?

I would like references to reported judgements on this issue,
especially cases that have dealt with this on a constitutional law
basis. If possible, it would be most useful if I could be e-mailed
actual copies of the judgements. Reported decisions from any
jurisdiction would be useful.

Thank you in advance.

Mr Ron Paschke
Department of Procedural and Clinical Law
University of Natal
Durban
South Africa
email: paschke@law.und.ac.za

------------------------------

Date: Mon, 24 Oct 1994 19:38:49 -0700
From: dbatterson@ATTMAIL.COM(David Batterson)
Subject: File 3--The Online Future (Review)

               Some Brief Glimpses at the Online Future
                         by David Batterson

     Prognosticating the future is always a tricky business.  The
predictions that turn out to be correct usually are matched by the
number of wrong guesses.  [Remember the infamous prediction that by
the 1980s we would all be flying around in helicopters instead of
driving cars?  Or that we would have huge wall-hung flat TVs by now?]

     However, some computer industry people are still willing to
stick their necks out and offer their thoughts on the elusive future.
Their opinions are their own, and do not necessarily represent the
views of their employers.

     Jack Murphy, president of Practical Peripherals, thinks that
being wired is definitely the wave of the future:  "The hottest news
in computing today is online communications, and there's no end in
sight to the impact this will have on virtually every segment of the
American public."  Ironically, Murphy's remarks were faxed to me,
not e-mailed.

     Leslie Schroeder, a high-tech public relations consultant in
Silicon Valley, agrees that the future is electronic mail, but sees a
personal touch:  "E-mail is reincarnating the age of letter writing.
We're keeping in touch the way the Victorians did, building a
personal community connected by a constant stream of letters sharing
news and gossip.  E-mail is reviving the 'letter' as a forum for wit,
style, and personality, as well as serving as an invaluable business
tool."

     Tom Almy, a software engineer with Tektronix in Wilsonville, OR,
offered his thoughts on what we can expect soon.  "PDAs will be as
widespread as TVs by 2000.  With larger, color screens, long battery
life, excellent text recognition, voice and cellular phone
capabilities, these units will replace personal planners, telephones,
fax machines, and video games."

     What about prices/storage capacity?  "Desktop computing will
advance in an evolutionary fashion--more memory and speed as prices
drop.  Floppy drives and disks will vanish, replaced by writable CDs.
Will semiconductor memories replace hard disks?--yes, probably for
portable applications."

     Almy added that "the Information Superhighway will take two
paths due to widely-differing visions "one being an information
sharing network like the current Internet--(and available to homes
using ISDN technology from the phone company--and the other being
information provider and home shopping services over cable TV."

     Charles Jennings, co-founder of the Oregon Multimedia Alliance
and author of the "Pluggers" syndicated newspaper comic, offered this
bit of insight:  "My thoughts about the future of computing are
pretty simple.  Someday soon, online computing will be the sea we all
swim in, and when that happens, it will be the fish--the colorful,
complex organisms we are beginning to call 'content'--that matter
most."

     Jennings said his group has high hopes for the future too:  "to
shorten the implementation period for online, interactive multimedia
products and services.  Open access to online pathways is a key
principle of our organization, as is support for educational and
other socially beneficial uses of multimedia technology."

     Obviously, we can all expect faster and more powerful computers
in the future.  And while Intel's Pentium chips are getting the
lion's share of the CPU business, there are other companies that
trying to "chip" away at that.  An example is International Meta
Systems (IMS) of Torrance, Calif.

     IMS created the 3250 60Mhz RISC microprocessor with
hardware-assisted emulation technology.  This lets the 3250
emulate 486 PCs, as well as Motorola's 68040 chip.  IMS chips also
incorporate special algorithms for speech recognition, image
processing and telecommunications functions.

     IMS President George W. Smith said "I think that speech is the
key that will unlock the potential applications for the hand-held
computer and communications market."

     As for this reporter's thoughts on future computer products, I
predict a new, not-yet-invented technology will result in
high-resolution, laser-quality printers that don't require toner to
perform their hard-copy magic.  And look for a cheap "Dick Tracy"
combo wrist-TV/fax/pager/e-mail device before the year 2000.

     More personal predictions:  within 10 years, cheap and powerful
basic personal computers will cost about $100 list price.  In 20
years, a typical "home computer" will surpass today's most powerful
Cray (and similar) computers in processing power, memory and storage
capacity.  And all monitors will be super-high-resolution flat-screen
type, with images as sharp as a printed color, glossy magazine page.

     Finally, sometime in the near future--thanks to massive
computerization of automobile traffic control--safety on the roads
will match the airline safety of today, with relatively few car
accidents and deaths per year.  It's going to be very exciting,
because as Al Jolson said:  "you ain't seen nothin' yet."

------------------------------

Date: Tue, 27 Sep 1994 13:54:43 CDT
From: mdexter@ops.ota.gov (Dexter, Martha Dir.,Info/Pub)
Subject: File 4--OTA Report on Information Security and Privacy released

September 23, 1994

***********************************************************
INFORMATION SECURITY AND PRIVACY IN NETWORK ENVIRONMENTS
***********************************************************

[The Office of Technology Assessment report "Information
Security and Privacy in Network Environments" is now available.
The report was released on September 23, 1994.
Ordering information and details about electronic access
are at the end of this message.]

As electronic transactions and records become central to
everything from commerce and tax records to health care, new
concerns arise for the security and privacy of networked
information.  These concerns, if not properly resolved,
threaten to limit networking's full potential in terms of
participation and usefulness, says the congressional Office
of Technology Assessment (OTA) in a report released today.

Some 20 to 30 million people worldwide can exchange messages
over the Internet.  Every day U.S. banks transfer about $1
trillion among themselves, and New York markets trade an
average of $2 trillion in securities.  Nearly all of these
transactions pass over information networks.

The report "Information Security and Privacy in Network
Environments" focuses on safeguarding unclassified
information in networks, not on the security or
survivability of networks themselves, or on the reliability
of network services to ensure information access.

Appropriate safeguards must account for--and anticipate--
technical, institutional, and social changes that
increasingly shift responsibility for safeguarding
information to the end users, says OTA.  The laws currently
governing commercial transactions, data privacy, and
intellectual property were largely developed for a time when
telegraphs, typewriters, and mimeographs were the commonly
used office technologies and business was conducted with
paper documents sent by mail.  Technologies and business
practices have dramatically changed, but the law has been
slower to adapt, says OTA.

Information safeguards, especially those based on
cryptography, are achieving new prominence.  OTA emphasizes
that decisions about cryptography policy will affect the
everyday lives of most Americans because cryptography will
help ensure the confidentiality and integrity of health
records and tax returns, speed the way to electronic
commerce, and manage copyrighted material in electronic
form.  Congress has a vital role in formulating national
cryptography policy, says OTA, and more generally in
safeguarding electronic information and commercial
transactions and protecting personal privacy in a networked
society.

A field of applied mathematics/computer science,
cryptography is the technique of concealing the contents of
a message by a code or a cipher.  The message is
unintelligible without special knowledge of some secret
(closely held) information, the key that "unlocks" the
encrypted text and reveals the original text.  Key
management is fundamental to security.  It includes
generation of the encryption key or keys, as well as their
storage, distribution, cataloging, and eventual destruction.

The federal government still has the most expertise in
cryptography, says OTA.  As a developer, user, and regulator
of safeguard technologies, the federal government faces a
fundamental tension between two important policy objectives:
fostering the development and widespread use of cost-
effective safeguards; and--through use of federal standards
and export controls--controlling the proliferation of
commercial safeguard technologies that can impair U.S.
signals-intelligence and law-enforcement capabilities.

The concern is reflected in the ongoing debates over key-
escrow encryption and the government's Escrowed Encryption
Standard (EES).  The Clinton Administration announced the
"escrowed-encryption" initiative, often called the "Clipper
chip," in 1993.  This type of encryption is intended to
allow easy decryption by law enforcement when the equivalent
of a wiretap has been authorized.  The Department of
Commerce issued the EES, developed by the National Security
Agency (NSA), as a federal information processing standard
for encrypting unclassified information in February 1994.

The initiative in general and the EES in particular have
seen intense public criticism and concern, OTA reports.  The
controversy and unpopularity stem in large part from privacy
concerns and the fact that government-designated "escrow
agents" will hold the users' cryptographic keys.

Congress has asked the National Research Council (NRC) to
conduct a major study, expected to be available in 1996,
which would support a broad review of cryptography.  OTA
presents several options for congressional consideration in
the course of such a review.  Because the timing of the NRC
review is out of phase with the government's implementation
of key-escrow encryption, one option would be to place a
hold on further deployment of key-escrow encryption, pending
a congressional policy review.

An important outcome of a broad review of national
cryptography policy, says OTA, would be the development of
more open processes to determine how cryptography will be
deployed throughout society, including the development of
infrastructures to support electronic commerce and network
use of copyrighted materials.   More openness would build
trust and confidence in government operations and leadership
and allow for public consensus-building.

OTA examines and offers policy options for congressional
consideration in three areas: 1) cryptography policy,
including federal information processing standards and
export controls; 2) guidance on safeguarding unclassified
information in federal agencies; and 3) legal issues and
information security, including electronic commerce,
privacy, and intellectual property.

Requesters for the report are the Senate Committee on
Governmental Affairs and the House Subcommittee on
Telecommunications and Finance.

OTA is a nonpartisan analytical agency that serves the U.S.
Congress.  Its purpose is to aid Congress with the complex
and often highly technical issues that increasingly affect
our society.

***************************
*  CONGRESSIONAL COMMENT  *
***************************

Senator John Glenn (D-OH) Chairman, Senate Committee on
Governmental Affairs:

"In the new electronic age, we are relying more and
more on information technology to streamline government,
educate our children, make health care more accessible and
affordable, and make our businesses more productive and
competitive.  This rush to embrace a new age of technology
must not, however, obscure our ongoing responsibility to
protect important information and maintain the personal
privacy of citizens.

"Because we need policies and practices to match the
reality of this new age, I joined with Senator Roth in
asking the Office of Technology Assessment (OTA) to study
security and privacy issues in the network environment.  I
am very happy to say that OTA's report provides an excellent
summary of these issues.  More importantly, OTA spells out
clear steps that Congress and the Executive Branch should
consider if we are to develop policies and practices equal
to the task of providing security and privacy protections in
an increasingly networked world.

"The Senate Committee on Governmental Affairs, which I
chair has already rung warning bells in this area.  Our
oversight of agency operations has uncovered threats to
security and privacy as diverse as foreigners hacking into
Department of Defense computers and IRS employees browsing
through computerized taxpayer records.  We must recognize
that new technologies, particularly the development of
computer networks, are leapfrogging security and privacy
controls designed for a simpler time.  Policies and
practices for managing paper file cabinets simply are no
match for the instantaneous world-wide flow of data through
computer networks.

"Addressing the needs of this new world demands that we
find fair balancing points among often competing imperatives
for personal privacy, law enforcement, national security,
governmental efficiency, and economic competitiveness.
OTA's very insightful report highlights the need for the
development of new security and privacy controls, which
should be done openly, with thorough debate and public
accountability.  Therefore, in the next Congress, this
Committee will continue its oversight of agency operations
and will pursue legislation to ensure that government
agencies handle data from citizens and businesses
responsibly, and that government employees entrusted with
maintaining security are held accountable for breaches or
misuse of their responsibilities.

"I commend the Office of Technology Assessment for its
timely and very insightful contribution to the development
of policies and practices that can match the realities of
the emerging electronic information age."

Senator William V. Roth, Jr. (R-DE), Ranking Republican,
Senate Committee on Governmental Affairs:

"Since 1988, computer network security breaches have
grown dramatically, increasing 50% per year on the Internet
 --today's information highway.  The ability of the
government to protect Americans' most private information is
at stake.  For example, the Internal Revenue Service is
among those agencies who rely increasingly on computer
networks for such things as filing tax returns.  Anyone who
pays federal taxes has to wonder who might be browsing
through their personal financial data.

"We need to recognize the potential danger and act
accordingly.  Last year, I asked the Office of Technology
Assessment to look at such problems and recommend changes.
Its report highlights how today's government institutions
are poorly structured to deal with information security.
Moreover, the report underscores the fact that much more
work must be done.  I intend to pursue hearings on the
report and amendments to the Computer Security Act."
***********************************************************
              HOW TO OBTAIN THIS REPORT
***********************************************************

ORDERING INFORMATION:  For copies of the 252-page report
"Information Security and Privacy in Network Environments"
for congressional use, please call (202) 224-9241.  Copies
for noncongressional use are available from the
Superintendent of Documents for $16.00 each.  To order, call
(202) 512-0132 (GPO's main bookstore) or (202) 512-1800 and
indicate stock number 052-003-01387-8.  Or you can send
your check or your VISA or MasterCard number and expiration
date to Superintendent of Documents, P.O. Box
371954, Pittsburgh, PA 15250-7974 , [FAX (202) 512-2250].
Federal Express service is available for an additional $8.50
per order.  For free 8-page summaries, please call (202) 224-8996
or e-mail pubsrequest@ota.gov.

ELECTRONIC ACCESS:  The full report is available
electronically.  To download via ftp from OTA, use the
following procedures: ftp to otabbs.ota.gov (152.63.20.13)
Login as anonymous.  Password is your e-mail address.  The
files are located in /pub/information.security and the file
names and sizes are:

01README.TXT       (3K)
02ORDER.INFO.TXT   (4K)
FOREWORD.TXT       (3K)
ADVISORY.PANEL.TXT (3K)
STAFF.TXT          (1K)
TOC.TXT            (2K)
CH1.TXT            (93K)
CH2.TXT            (169)
CH3.TXT            (172K)
CH4.TXT            (299K)
APPC.TXT           (36K)
APPD.TXT           (3K)
APPE.TXT           (4K)

Appendix A--Congressional Letters of Request and
Appendix B--Computer Security Act and Related
Documents--are not available electronically.
***********************************************************

Martha Dexter
Director, Information Management
Office of Technology Assessment
mdexter@ota.gov
(202) 228-6233

------------------------------

Date: Thu, 23 Oct 1994 22:51:01 CDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--Cu Digest Header Information (unchanged since 23 Oct 1994)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493
          In BELGIUM: Virtual Access BBS:  +32.69.45.51.77 (ringdown)

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD

The most recent issues of CuD can be obtained from the NIU Sociology gopher
at:  tk0gphr.corn.cso.niu.edu (navigate to the "acad depts;"
"liberal arts;" "sociology" menus, and it'll be in CuDs.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #6.93
************************************