Computer underground Digest    Wed  Jan 26, 1995   Volume 7 : Issue 06
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Retiring Shadow Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       He's baaaack:     E. T. Shrdlu

CONTENTS, #7.06 (Wed, Jan 26, 1995)

File 1--ACM Computers Seized by IIT (fwd)
File 2--www.CliffordChance.com
File 3--GovAccess.088: CapWeb, Civicnetters, disabled, etc
File 4--EFF Open Letter to Church of Scientology
File 5--Writer Seeks On-Line Crime Info (fwd)
File 6--Comment on "NII/Preservation of Information"
File 7--(fwd) Summary of NYC Clipper Seminar 19 JAN 95 (fwd)
File 8--E-Mail Security - New book by Bruce Schneier
File 9--Cu Digest Header Information (unchanged since 25 Nov 1994)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

----------------------------------------------------------------------

Date: Fri, 20 Jan 1995 00:13:29 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 1--ACM Computers Seized by IIT (fwd)

               ---------- Forwarded message ----------

ACM Computers Seized By Illinois Institute of Technology

  "And let it be known throughout the world what was done this day..."

Dateline January 17, 1995

Today sometime before noon today, the Illinois Institute of Technology
seized the computer systems of the Association for Computing Machinery
student chapter at IIT.

700 Student and Faculty users are not happy.

And are now without their Email and other private files. The locations
of the ACM systems is currently unknown, and the security of the
system and the accounts on it is highly questionable, as it was quite
literally riped out of the wall. ( a piece of the modem was found
lying on the table ).

The reasons given by IIT where that members of ACM are suspected of
hacking into the computer of another IIT student group, and pulling
several pranks.  The memo sent to the Dean of Students details the
hacking attempt, but no evidence points to ACM's systems or to any of
their users, but the memo does make several unbacked accusations. And
at this time, we can see no reason ACM would even be tied to the
events. However because ACM members are suspect, the systems where
unlawfully seized by IIT.

IIT has no legal right to seize ACM's systems, nor anyone else, as
they contain private accounts, files, and Email.  Such rights are
protected under the Electronic Communications Privacy Act (ECPA),
which extended most of the protections of the federal Wiretap Act
("Title III") to electronic mail.  Precidence established in the case
Secret Service vs. Steve Jackson Games decided March 12, 1993

Needless to say, ACM members are not too happy about all of this.  And
the other 700 people don't seem happy either.

            ---------------------------------------------

Dateline January 18, 1995

   o Members realize that along with Troll, which is physicaly
     considered IIT's property even tho it was purchased with student
     funds, property of ACM members was also seized includind a
     network card, SIMM modules, and the modem that was broken by IIT
     during the seizure.

   o ACM recieves writen copy of allegations and supposed proof that
     ACM systems where used in the attempt. However the evidence
     clearly shows that other IIT owned systems where used and NOT
     ACM's systems.

   o Electronic Frontier Foundation is called and informed of the
     situation, and begins investigating the situation.

   o ACM HEARS THAT THE COMPUTER SYSTEM IS IN THE PROCESS OF BEING
     SEARCHED BY IIT STAFF, AND ACM MEMBERS NOW CONSIDER THE SYSTEM
     COMPROMISED. STILL NO EVIDENCE SHOWING ACM INVOLVEMENT.

   o Word continues to spread amung the IIT community, many more
     students and faculty are outraged about the seizure of their
     accounts and files.

   o Continued stress to students due to the lack of access to their
     Email, addressbooks, and other files. Email is now being lost in
     mass due to the

   o ACM systems removal, much of which is considered critical by many
     people.  ACM members miss the Chicago ACM meeting due to the fact
     that all the info concerning time/location was stored on the
     seized systems.

   o ACM members miss the Chicago ACM meeting due to the fact that all
     the info concerning time/location was stored on the seized
     systems.

------------------------------

Date: Fri, 20 Jan 95 16:24:54
From: "Carolina, Robert" <Robert.Carolina@CLIFFORDCHANCE.COM>
Subject: File 2--www.CliffordChance.com

   Greetings!

   Below please find a press release we issued today concerning our
   firm's new Web Server. It contains a few articles which may be of
   interest to you.

   Regards,

     /s/Rob
   --
   Robert Carolina, Clifford Chance, 200 Aldersgate Street, London,
   EC1A 4JJ, United Kingdom, Tel: +44 171 600 1000, Fax: +44 171 600 5555,
   Internet: Robert.Carolina@CliffordChance.com
   X.400: G=Robert/S=Carolina/O=Clifford Chance/ADMD=CWMAIL/PRMD=LEGIS/C=GB

                            ==============

            CLIFFORD CHANCE PRESS RELEASE


20 January 1995

        CLIFFORD CHANCE LAUNCHES INTO CYBERSPACE

International law firm Clifford Chance today announced that it
has established an Internet-based information server on the World
Wide Web.  The Internet presence is believed to be a first for
a major international law firm.  In establishing a Web server,
the firm joins a growing list of major companies and government
organisations around the world with similar servers.

"It is a natural step for us to take", said Keith Clark, the
firm's Senior Partner.  "We need to keep abreast of developing
technology and use it to provide a better service to our
clients."

Currently, the Web server contains the full text of articles
written by lawyers within the firm, as well as a list of the
firm's publications and information about the firm's offices and
practice areas.  The server is accessible from any Internet
connection in the world.  Viewers have the option to send
electronic mail to the firm via the Internet with follow-up
requests.

Christopher Millard, a partner in the firm's Media, Computer and
Communications Group stated, "The Internet is rapidly becoming
a vital medium for the global distribution of information.  As
an international firm we believe it makes business sense to
establish ourselves in the growing cyberspace community."

                     - ends -

ABOUT CLIFFORD CHANCE

Clifford Chance is one of the world's largest law firms, with
over 1350 lawyers and a total staff of over 2750 located in 21
jurisdictions around the world.  It provides comprehensive legal
advice to a broad range of clients.

NOTES TO EDITORS:

1  The Clifford Chance Home Page is located on the World Wide Web
at "http://www.CliffordChance.com" (spelling and punctuation are
critical).  It may be accessed using Web browsing software (such
as NCSA Mosaic, or Netscape Navigator) from any computer in the
world which is directly connected to the Internet.

2  The Internet is the world's largest network of computer
networks, and there are estimated to be more than 40 million
people with some type of access to the network.  The Internet is
not owned by any individual, and a number of different service
providers are able to sell access.  Service providers in the UK
include Pipex, EuNet, and Demon Internet Systems.

3  The World Wide Web (also known as "WWW") is the name given to
a certain standard for the retrieval of multimedia information
via the Internet.   WWW "home pages" can contain text, graphics,
sound files, and motion pictures.  The Clifford Chance Home Page
currently contains mostly text with a few graphic files.

4  Prior to establishing a Home Page on the Internet, Clifford
Chance has for some time been using the Internet as a research
resource and as one of a number of gateways for electronic mail.


------------------------------

Date: Tue, 17 Jan 1995 14:26:38 -0800
From: Jim Warren <jwarren@WELL.SF.CA.US>
Subject: File 3--GovAccess.088: CapWeb, Civicnetters, disabled, etc

Seek Occasional Poli-Sci Aid - Professorial Type or Reference Librarian (?)

Having pursued my education in classic nerd style, I carefully avoided
learning much in the few civics courses I was forced to take in high school
and college.

Now that I have finally learned that politics *will* be inflicted on
me and all of us - whether we learn about it or simply suffer the
consequences - and have become involved in it, I have occasional
naive/stupid questions.

It would be *very* helpful if I could find a knowledgable,
reliable=accurate source of basic civics and political-science
information, willing to consider my occasional questions - *before* I
publish or circulate erroneous comments.

E.g., is it accurate to say that the "federal deficit" is how much
more that authorizes to spend in a given year than the feds take in,
whereas the "national debt" is the sum of those un-repaid deficits,
over the years?  (See?  I said they were naive questions.  But I won't
ask you about object-oriented programming or vector algebra. :-)

If yer willin' and competent to help, please send a coupla lines
indicating your expertise.  Many thanks.  --jim-the-nerd


&&&&&&&&&&&&&&&&&&&&


CapWeb: A Guide to Congress on the WWW

Thu, 12 Jan 95 09:16:45 EST
>From Chris_Casey@kennedy.senate.gov

CapWeb is an "unauthorized" hypertext guide to Congress on the World
Wide Web.  Committee assignments, contact information including phone
numbers, fax, e-mail addresses, state delegation lists, and party
rosters are among the information that is available for every member
of the Senate and House of Representatives.

CapWeb will collect and maintain links to information being provided
by individual members of Congress on the Internet; the Library of
Congress and other Congressional agencies; state governments;
political parties and other related resources.

CapWeb is part of Policy.Net, a service of Issue Dynamics, Inc. and
can be found at:  http://policy.net

kennedy.senate.gov                  /''''\
http://www.ai.mit.edu/people/casey/casey.html  /______\
                                              |@@@@@@@@|
202/224-3570                                  ||0||0||0|
Office of Senator Kennedy      _____/\________ " " " " "_______/\_____
Washington, DC  20510         {|| || || || || ____/\_____|| || || || ||}
______________________________{||_||_||_||_||____/__\____||_||_||_||_||}__


[I wouldn't normally include such an baroque "sig-file," but this is so novel
that I tho't I'd inflict it on yer email.  --jim]


&&&&&&&&&&&&&&&&&&&&


Invitation to Join Civic-Networking Collegium (at a fee)

>From d.wiesner@genie.geis.com
>From MUNI-TELECOM-APPROVAL@CIVICNET.ORG
>From The Center for Civic Networking
Fri, 13 Jan 95 06:08:00 UTC

Over the past two years we've helped to develop the Cambridge Civic
Forum - a public dialogue program in Cambridge, MA.  Along the way, we've
come across similar efforts focusing on citizen planning, neighborhood
action, and citizen-government collaboration at the local level.  A member
of the CCN team (Ken Thomson) co-authored a book, The Rebirth of Urban
Democracy, that looked in depth at a number of these programs, including
those in St. Paul, Portland, Dayton, Birmingham, and San Antonio.

One thing we've realized is that there doesn't appear to be a special forum
for those of us in the trenches to compare notes with each other. Ken
convened several conferences from 1978 to 1992 for a broad range of
community-based organizations, and invariably participants urged development
of such a forum on an ongoing basis.  There are a number of national-level
and collaborative efforts working to promote civic renewal in one form
another (e.g. Healthy Cities, National Issues Forum, Alliance for National
Renewal, American Civic Forum), but as yet, no ongoing, day-to-day linkage.

Since we'd like to participate in such a forum, and can't find one, the
obvious thing to do is start one! We'd like to create a forum that brings
together grass roots practitioners, who are currently working on (or
have worked on) locally evolved programs, with the specific goals of:

- providing a vehicle for us to compare notes and otherwise
  provide mutual support and assistance

- engaging in serious examination of issues that we all face

- developing ways to disseminate what we've learned in order to
  help other communities develop their own programs

- providing a vehicle for collaboration on joint projects - such
  as regional forums and joint fund-raising

We'd like to start by recruiting 100-150 participants in an ongoing
"electronic collegium" - essentially a focused electronic mail list open
to anyone with practical experience in community organizing, citizen
participation, and/or civic dialogue activities.

We'd like to assemble an initial group during January, then use February
to exchange introductions, describe the activities each participant is
engaged in, and identify specific topics that we'd all like to explore in
more depth.  Over the rest of the year we'll explore one topic per month
in depth (possibly with one or two academic or other experts invited to
participate in each topic discussion).  Some obvious issues are lessons
learned in how to get started, engaging broad-based participation,
organization and staffing, financial support, the possible role of
technology (a favorite topic of ours), policy impacts, and program models.
We'll provide moderation and facilitation to keep the discussions on
track. Of course, on an ongoing basis, we also see this collegium as a
vehicle for each participant to solicit input and assistance from other
members of the collegium.

By keeping this as a limited admission, focused forum, we hope to create
high value for all participants.

As we develop useful results, we hope to disseminate them via our
respective participation on other Internet lists, by publishing summaries
(electronically and otherwise), by organizing "electronic seminars" for
people getting started in organizing new local efforts, and through all
the normal channels of speaking, writing, teaching, etc.

We would like to ask a modest financial contribution to help support the
effort - $35 for the first 6 months, and $15 per quarter thereafter
(around the price of a limited circulation academic journal).  This will
go to setting up a full set of network capabilities (mailing list,
archive, WAIS server to allow searching the archive, gopher server
containing supporting documents, mail-responder to allow email only
participants to access the archives and documents), to partial support of
staff time for facilitating on-line dialogue and editing transcripts into
distributable summaries (e.g. a periodic report to more public lists), to
partial support of staff time for technical administration of the list and
servers, and possibly to honoraria for invited expert participants. Of
course, collegium participants will get copies of any edited summaries we
put together.

If you're interested, please send email to CCN@civicnet.org - with a brief
description of:

1. who you are

2. what program(s) you're involved in

3. specific areas of interest you'd like the collegium to focus on

If we have sufficient initial interest - say 40 or more people -
we'll come back to you with the details of getting started.

Regards,

John Altobello
Richard Civille
Miles Fidelman
Ken Thomson

for the Center for Civic Networking

The Center for Civic Networking is a non-profit organization dedicated to
applying information infrastructure to the broad public good.  We work to
as informed citizens,
and provide "electronic town halls" which can broaden citizen
participation in governance at every level.


&&&&&&&&&&&&&&&&&&&&


L.A. Conf on Technology and Persons with Disabilities, March 14-18, 1995

The Center on Disabilities at Cal State University - Northridge (18111
Nordhoff St, Northridge CA 91330-8340, 818-885-2578/voice/TDD/msg, 818-885-
4929/fax, ltm@csun.edu) has announced the above-titled conference. Fees range
from $150 to $295 by March 1st, and $200 to $345 thereafter.


&&&&&&&&&&&&&&&&&&&&


San Jose Mercury News Publishes 5-Part "Legislature for Sale" Series

If you're interested in - or infuriated by - California government, check out
this series!  It ran the week of January 8th.  (For those on AOL, it should
be in their Mercury Center.)


&&&&&&&&&&&&&&&&&&&&


Rhode Island:  RI Secretary of State James Langevin Pursuing Online Access

This summarizes msgs of the last few days from Nelson Perras
(ad795@osfn.rhilinet.gov), Coordinator of the Office of Public Information
for Rhode Island Secretary of State James Langevin
(secstate@osfn.rhilinet.gov).

Currently, they are examining ways to put RI govt info on-line as
inexpensively as possible. There are two avenues they think may be
productive.

The first is to use what already exists - the Ocean State Freenet to which
theoretically every RI'er has access thru libraries or at home - and provide
as much govt info as possible. The second is to enter into a public/private
partrnership to provide some info that RI normally could not financially
afford to do, to the public.

Perras' laudible current view is that the private sector would want to make
use of such information commercially, but considering it is public info
already, they could do that anyway. So long as the people maintain ownership
of the work product, he's inclined to allow the free market to do what it
does best - innovate and provide services and products from existing
resources.

He also expressed concern for assuring that there be no monitoring of who
accesses which documents - that the privacy of those seeking information
about their government be fully protected.

Perras is actively soliciting input (ad795@osfn.rhilinet.gov).  --jim


&&&&&&&&&&&&&&&&&&&&


Does Newt *Really* Want to Open Congress to Public Access?  By Phone?

Thu, 12 Jan 1995 13:54:45 -0800
>From Eric.Silber@Eng.Sun.COM (Eric Silber)

>  From jwarren@well.sf.ca.us Wed Jan 11 23:52 PST 1995
>  Date: Wed, 11 Jan 1995 18:00:39 -0800
>  To learn the e-mail addresses of your Senators you will need to contact
>  them directly at 202-224-3121.
                    ^^^^^^^^^^^^
Last year, I couldn't get through to 224-3121, so I called 1-202-555-1212
They say they can't give out Cong. office phone numbers because, 'They
don't have them' !, 'Congress doesn't supply them to Atlantic Bell' !!!!
Why the h*$$ doesn't Congress supply its office phone numbers to Atlantic
Bell for listng with 'information' ?


&&&&&&&&&&&&&&&&&&&&


"Every advance in civilization has been denounced while it was still recent."
- Bertrand Russell  (via mech@eff.org)

------------------------------

From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 4--EFF Open Letter to Church of Scientology
Date: Mon, 23 Jan 1995 18:25:35 -0500 (EST)

*****POST FREELY AS APPROPRIATE*****

An Open Letter to the Church of Scientology (CoS) and the Net
from the Electronic Frontier Foundation (EFF)

Over the past several days, the Electronic Frontier Foundation
has received several reports from system administrators and
others about threats of lawsuits they have received from
attorneys for the Church of Scientology and the closely
associated Religious Technology Center and Bridge Publications,
Inc.  These threats apparently are designed to convince sysadmins
to discontinue the carriage of certain newsgroups that involve
discussions of the Church of Scientology and its teachings, solely
on the ground that some of the messages sent through these
newsgroups allegedly involve infringements of CoS copyrights or
other intellectual property rights.

EFF has also received a letter from CoS stating that it would
not use the threat of lawsuits against sysadmins if there were
any other way to deal with allegedly wrongful messages.

EFF believes there is a better way to deal with allegations of
wrongful messages -- and that using the threat of litigation to
shut down entire newsgroups, or to persuade sysadmins who
have not originated any allegedly wrongful messages to shut down
newsgroups, is itself highly inappropriate.

Electronic communications are in their infancy, and most of the
providers are not big corporations with substantial funds to
spend on expensive litigation, but rather small operators who
cannot afford protracted litigation, even if they are in the
right.  The mere threat of a lawsuit could result in some sysadmins
refusing to carry all sorts of contentious newsgroups simply because
they could not afford to put on a case to show that they should not
be held responsible for another party's alleged wrong.

Rather than attempting through threats of lawsuits to induce
innocent sysadmins to censor speech, Church members are
encouraged to participate in Usenet discussions to make their views
known and refute erroneous posts -- in other words, to answer
allegedly wrongful postings with more speech.  As U.S. Supreme Court
Justice Louis Brandeis articulated in 1927: "If there be time to
expose through discussion the falsehood and the fallacies, to avert
the evil by the processes of education, the remedy to be applied is
more speech, not enforced silence."  If CoS claims that a
copyright violation or other wrong not remediable by speech has
been perpetrated by a particular person, then it should confine
its legal threats to that person -- not direct them at an innocent
sysadmin who did no more than forward a message, and certainly
not at the innocent participants of a newsgroup seeking to exchange
views through the newsgroup channel. Even if CoS cannot determine
the identity of the person perpetrating an alleged wrong against it,
that provides no excuse for cutting off the free flow of information
over the net.

Events like these show us how important it is to search for new
paradigms for handling disputes that arise from time to time.
We think the better way to handle this dispute would be to
submit the claims and counterclaims to arbitration or
mediation, perhaps in a proceeding conducted over the net
among the parties to the newsgroup discussion. EFF offers its
services to help find an appropriate mediator or arbitrator
who would be available online for this purpose. Any party to
this dispute that refused to participate in such a forum would,
of course, have to explain why it had done so if a case were
brought in a more traditional court.

Meanwhile, we urge CoS to leave the innocent sysadmins out of
their fight.  We urge CoS not to take actions designed to cut off
the free flow of information through the net.  Where there are
legitimate disputes about particular messages or the wrongful
actions of particular individuals, those can and should be
addressed -- perhaps most efficiently through the new
communications medium itself.


The Electronic Frontier Foundation
1667 K St. NW, Suite 801
Washington DC 20006-1605 USA
+1 202 861 7700 (voice)
+1 202 861 1258 (fax)
+1 202 861 1223 (BBS - 16.8k ZyXEL)
+1 202 861 1224 (BBS - 14.4k V.32bis)
Internet: ask@eff.org
Internet fax gate: remote-printer.EFF@8.5.2.1.1.6.8.2.0.2.1.tpc.int

------------------------------

Date: Sun, 22 Jan 1995 23:14:15 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 5--Writer Seeks On-Line Crime Info (fwd)

---------- Forwarded message ----------
From--FMGG44A@prodigy.com (Jerome Haden)
Subject--Writer Seeks On-Line Crime Info
Date--22 Jan 1995 23:27:25 GMT

REQUEST FOR INFORMATION

I am currently writing a book length manuscript entitled :

"Crash and Burn:
A Parents Guide To The Dangers On The Information SuperHighway."

I am seeking real events that are "public record" either newspaper
articles or court documents which involve the following criminal
activity:

1.) Sexual predators who have commited sex crimes on minors
     with a connection to a local computer bulletin board or a

     national on-line service such as Prodigy, Compuserve, or
     America On Line.

2.) Teenage computer hackers who have been charged with
    any type of telephone fraud, unauthorized access to another
    computer, or similar crimes.

3.) Any teenagers involved in making explosives with information
    obtained from a computer bulletin board.

 4.) Any selling of illegal drugs involving minors on a computer
     bulletin board.

5.) Any other crimes invloving teenagers as either victims or
    perpetrators with the use of modems or any manner in
    "cyberspace".

Any information must be a public record that can be verified by
my literary agency and my publisher.

Also would be interested in hearing from victims or perpetrators willing

to be interviewed "off the record", and/or willing to appear on national
talk shows.

If you have any such information please contact me as follows:

Jerome Haden
E-Mail: FMGG44A@prodigy.com

------------------------------

Date:         Fri, 20 Jan 95 08:08:21 EST
From:         Frank Tirado <SYSADMIN@ERS.BITNET>
Subject: File 6--Comment on "NII/Preservation of Information"

I would like to add a "tidbit" to Karen Coyle's article on the NII, in
the area of Preservation of information.

 One of the primary reason we have so much information about the past
is that, until now, it has been preserved on paper.  Granted, accurate
glimpses of the more distant past have been preserved on media such as
vellum, papyrus and hardened clay.  A much more detailed and complete
view, however, is available to all interested parties when it has been
recorded on paper.

 For example, core samples from landfills have brought up still
legible pieces of newsprint dating back more than 40 years - the paper
on which it was printed was hardly yellowed.  The Declaration of
Independence has survived its authors by several of their lifetimes.

 What I'm leading up to is that preserving data will be crucial in the
Electronic Age.  We have developed ingenious techniques to
manipulate, collate, store and present information, yet the electronic
media on which it is stored will not meet the test of time.  It is
possible to store the contents of the Bible on a group of diskettes,
whose usable lifetime is about 10 years.  Compare that to the fact
that some Gutenberg Bibles, printed on paper, have survived
centuries.  Even CDROMs have an estimated lifetime of roughly 35
years.

 Unless we see some major advances in electronic storage media,
there's a good chance that our children's children will know less
about us than of our forebears.

------------------------------

Date: Sun, 22 Jan 1995 11:34:41 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 7--(fwd) Summary of NYC Clipper Seminar 19 JAN 95 (fwd)

               ---------- Forwarded message ----------

Last Thursday, January 19, 1995, the Science and Law Committee
and the Computer Law Committee of the Association of the Bar
of the City of New York jointly sponsered a panel discussion
entitled, "THE CLIPPER CHIP: Should the Government Control the
Master Keys to Electronic Commerce?"

The panel included:

Moderator: Albert L. Wells, Debevoise & Plimpton

Speakers:
        Stewart A. Baker, Steptoe & Johnson, former General Counsel, NSA

        Michael R. Nelson, Special Assistant for Information Technology,
                White House Office of Science and Technology Policy

	James V. Kallstrom, Special Agent in charge of the Special
		Operations division of the New York office of the FBI

        Daniel Weitzner, Center for Democracy and Technology, formerly
		Deputy Policy Director, Electronic Frontier Foundation

        William Whitehurst, Director, Data Security Systems, IBM Corporation

The discussion was open the public.  My rough guess is that 120 people were
there, probably 2/3 members of the Association.

For those familiar with this subject, what was most interesting was to be
found not in what was said, but in the differences from what has been said
before.  In particular, Stewart Baker didn't mention child pornography
even once.  Actually, Mr. Baker said remarkably little.  Remember, this is
the man who went on record in "Wired" only last year, while still on the
government payroll as the NSA's top lawyer, with his droll comparison of
those opposing Clipper to would-be revolutionaries in bandoliers and
pocket protectors.  He's told that joke so many times and to so many
audiences, it was conspicuous by its absence.  (Indeed, Baker even spoke
of himself as, "one who has been accused of lowering the tone of the
debate.")

Of more substance, Baker (and one must at least be curious what Steptoe &
Johnson find in their corporate interest in having him continue to be a
spokesman for the government's policy on this issue) continued to defend
the escrowed-key plan, stating that those opposed should exhibit more
faith in our democratic institutions than such opposition suggests.

Daniel Weitzner's unequivocal position was that "Clipper is dead."  He
showed more concern over the general issue of trade regulation and how
limitations on exports of crypto technology are affecting commercial
interests.  Nonetheless, he did criticize the administration's dogged
persistence, to the extent that they are not yet abandoning the core of
the Clipper initiative, which is to enforce use of a crypto system that
has a built-in backdoor for wiretapping purposes.  To this, Weitzner
simply pointed out that, as there have been "mob lawyers," it is no
stretch to imagine "mob cryptographers."  (Personal note: Weitzner is
right.  I have, myself, been approached by persons connected to organized
crime who expressed an interest in just such a thing.  Interestingly, my
"client" was more concerned about internal security than protection from
government eavesdropping.)

Both Baker and Michael Nelson stated that the Clipper initiative was an
attempt to find a balance amongst the conflicting interests of privacy,
scientific inquiry, commerce, and "the ability of law enforcement to do
its job."  My notes, however, do not reflect any remark to the effect
that "the ability of law enforcement to do its job" has been allowed to
suffer by the Clipper compromise.  In fact, Matt Blaise (forgive a
misspelling, if there is one) was present in the audience and asked
Nelson for some indication of what it would take for the administration
to compromise against the interests of law enforcement.  Nelson spoke at
some length in response, but if he actually answered, I missed it.

IBM's William Whitehurst presented the business view: this whole affair
is costing American companies sales.  The prospects for selling crypto
to foreign governments when American intelligence can listen in are not
very good.  (An interesting legal point that was only obliquely addressed
is that the Fourth Amendment would not be much protection in another
country; a wiretap warrant wouldn't be needed for American snooping.)
The administration's view on this was revealed for the head-in-the-sand
policy it is, when Perry Metzger asked Nelson if he really felt that
the Libyan government couldn't just download PGP and start defeating
the value of the Clipper chip right now (Nelson had mentioned Libya
earlier, as an example of a foreign power that could use crypto to the
disadvantage of the United States).  Nelson stated, "they'd still have
to implement it."  Metzger pointed out that this would about as hard as
entering "pgp -f filename," on an IBM PC, but Nelson just ignored him.

James Kallstrom of the FBI was a surprise guest.  It fell to him to
carry the weight of reminding us all that law enforcement is opposed to
things like kidnapping, bombing the World Trade Center, and child
pornography (this litany generated open laughter from the audience).
However strained the connection is between kidnapping and crypto, I
did find Kallstrom refreshingly direct about what he thinks the issue
really is: good versus evil.  Kallstrom feels it would be no more
sensible to unleash strong crypto into a world full of terrorists and
crooks than it would be to buy a house and not have a spare set of
keys; once you're locked out, you can never get back in.  I asked him
if it wasn't my right to decide who gets the key to my house, but he
didn't understand my question.  To Special Agent Kallstrom, we are all
living in one house, and it is our good faith in each other (and in
the FBI, apparently) that will keep the forces of evil locked out.  I
don't agree, but you can't fault him for his clarity of purpose.

No votes were taken, but I did not feel there was much support among
the audience for whatever remains of the Clipper initiative.  But,
Mike Nelson stated without reservation that the initiative would
continue to exist in whatever form best serves the compromise he had
discussed, while continuing to preserve "the ability of law enforcement
to do its job," for as long as the current administration remains in
power.

To which an audience member replied, "two more years!"
--
Stevens R. Miller
Attorney at Law
(212)227-1594
http://www.interport.net/~lex/

------------------------------

Date: Sun, 22 Jan 1995 23:34:32 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 8--E-Mail Security - New book by Bruce Schneier

                E-MAIL SECURITY WITH PGP AND PEM:
          HOW TO KEEP YOUR ELECTRONIC MESSAGES PRIVATE

                 ...a new book by Bruce Schneier

                     John Wiley & Sons, 1995
                       ISBN  0-471-05318-X
                             $24.95

The world of e-mail is the world of postcards.  Between you and
your correspondents may lurk a foreign government, a business
competitor, an overzealous law enforcement agency, or even just a
nosy neighbor.  The problem is, all of these potential
eavesdroppers, given fairly simple access tools, can read your
messages as easy as a postal worker can read your postcards.

E-MAIL SECURITY is about protecting electronic mail fm spies,
interlopers, and spoofs--people who may want to destroy, alter,
or just look at your private communications.  The book shows how
you can protect the financial information, contract negotiations,
or personal correspondence you entrust to public or private
networks--and it shows how this protection is available right
now, with free or inexpensive software.

The book discusses PGP and PEM: how they work, how they are
different, and how to choose which one is right for you.


TABLE OF CONTENTS:

Part I:  Privacy and Electronic Mail
     Chapter 1:     The Problem
     Chapter 2:     Encryption
     Chapter 3:     Key Management
     Chapter 4:     Authentication
     Chapter 5:     Certificates
     Chapter 6:     Keeping Your Private Key Private
     Chapter 7:     Odds and Ends
     Chapter 8:     Patents, Governments, and Export Laws

Part II:  Achieving Electronic-Mail Privacy
     Chapter 9:     Requirements and Features
     Chapter 10:    Privacy Enhanced Mail (PEM)
     Chapter 11:    Pretty Good Privacy (PGP)
     Chapter 12:    Comparing PGP and PEM
     Chapter 13:    Attacks Against PGP and PEM

Appendix A:    Pretty Good Privacy

Appendix B:    Privacy Enhanced Mail

*****************************************************************

If you are interested in a copy of E-MAIL SECURITY, please send a
check for $25 + $5 postage (ask for rates abroad) to:

     Bruce Schneier
     730 Fair Oaks Ave
     Oak Park, IL  60302

The book won't be available until at least the end of the month,
so please be patient.

------------------------------

Date: Thu, 23 Oct 1994 22:51:01 CDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 9--Cu Digest Header Information (unchanged since 25 Nov 1994)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         In ITALY: Bits against the Empire BBS:  +39-461-980493
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD
                  ftp://www.rcac.tdi.co.jp/pub/mirror/CuD

The most recent issues of CuD can be obtained from the NIU
Sociology gopher at:
  URL: gopher://corn.cso.niu.edu:70/00/acad_dept/col_of_las/dept_soci

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #7.06
************************************