Computer underground Digest Wed Jan 26, 1995 Volume 7 : Issue 06 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson He's baaaack: E. T. Shrdlu CONTENTS, #7.06 (Wed, Jan 26, 1995) File 1--ACM Computers Seized by IIT (fwd) File 2--www.CliffordChance.com File 3--GovAccess.088: CapWeb, Civicnetters, disabled, etc File 4--EFF Open Letter to Church of Scientology File 5--Writer Seeks On-Line Crime Info (fwd) File 6--Comment on "NII/Preservation of Information" File 7--(fwd) Summary of NYC Clipper Seminar 19 JAN 95 (fwd) File 8--E-Mail Security - New book by Bruce Schneier File 9--Cu Digest Header Information (unchanged since 25 Nov 1994) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. ---------------------------------------------------------------------- Date: Fri, 20 Jan 1995 00:13:29 -0600 (CST) From: David Smith <bladex@BGA.COM> Subject: File 1--ACM Computers Seized by IIT (fwd) ---------- Forwarded message ---------- ACM Computers Seized By Illinois Institute of Technology "And let it be known throughout the world what was done this day..." Dateline January 17, 1995 Today sometime before noon today, the Illinois Institute of Technology seized the computer systems of the Association for Computing Machinery student chapter at IIT. 700 Student and Faculty users are not happy. And are now without their Email and other private files. The locations of the ACM systems is currently unknown, and the security of the system and the accounts on it is highly questionable, as it was quite literally riped out of the wall. ( a piece of the modem was found lying on the table ). The reasons given by IIT where that members of ACM are suspected of hacking into the computer of another IIT student group, and pulling several pranks. The memo sent to the Dean of Students details the hacking attempt, but no evidence points to ACM's systems or to any of their users, but the memo does make several unbacked accusations. And at this time, we can see no reason ACM would even be tied to the events. However because ACM members are suspect, the systems where unlawfully seized by IIT. IIT has no legal right to seize ACM's systems, nor anyone else, as they contain private accounts, files, and Email. Such rights are protected under the Electronic Communications Privacy Act (ECPA), which extended most of the protections of the federal Wiretap Act ("Title III") to electronic mail. Precidence established in the case Secret Service vs. Steve Jackson Games decided March 12, 1993 Needless to say, ACM members are not too happy about all of this. And the other 700 people don't seem happy either. --------------------------------------------- Dateline January 18, 1995 o Members realize that along with Troll, which is physicaly considered IIT's property even tho it was purchased with student funds, property of ACM members was also seized includind a network card, SIMM modules, and the modem that was broken by IIT during the seizure. o ACM recieves writen copy of allegations and supposed proof that ACM systems where used in the attempt. However the evidence clearly shows that other IIT owned systems where used and NOT ACM's systems. o Electronic Frontier Foundation is called and informed of the situation, and begins investigating the situation. o ACM HEARS THAT THE COMPUTER SYSTEM IS IN THE PROCESS OF BEING SEARCHED BY IIT STAFF, AND ACM MEMBERS NOW CONSIDER THE SYSTEM COMPROMISED. STILL NO EVIDENCE SHOWING ACM INVOLVEMENT. o Word continues to spread amung the IIT community, many more students and faculty are outraged about the seizure of their accounts and files. o Continued stress to students due to the lack of access to their Email, addressbooks, and other files. Email is now being lost in mass due to the o ACM systems removal, much of which is considered critical by many people. ACM members miss the Chicago ACM meeting due to the fact that all the info concerning time/location was stored on the seized systems. o ACM members miss the Chicago ACM meeting due to the fact that all the info concerning time/location was stored on the seized systems. ------------------------------ Date: Fri, 20 Jan 95 16:24:54 From: "Carolina, Robert" <Robert.Carolina@CLIFFORDCHANCE.COM> Subject: File 2--www.CliffordChance.com Greetings! Below please find a press release we issued today concerning our firm's new Web Server. It contains a few articles which may be of interest to you. Regards, /s/Rob -- Robert Carolina, Clifford Chance, 200 Aldersgate Street, London, EC1A 4JJ, United Kingdom, Tel: +44 171 600 1000, Fax: +44 171 600 5555, Internet: Robert.Carolina@CliffordChance.com X.400: G=Robert/S=Carolina/O=Clifford Chance/ADMD=CWMAIL/PRMD=LEGIS/C=GB ============== CLIFFORD CHANCE PRESS RELEASE 20 January 1995 CLIFFORD CHANCE LAUNCHES INTO CYBERSPACE International law firm Clifford Chance today announced that it has established an Internet-based information server on the World Wide Web. The Internet presence is believed to be a first for a major international law firm. In establishing a Web server, the firm joins a growing list of major companies and government organisations around the world with similar servers. "It is a natural step for us to take", said Keith Clark, the firm's Senior Partner. "We need to keep abreast of developing technology and use it to provide a better service to our clients." Currently, the Web server contains the full text of articles written by lawyers within the firm, as well as a list of the firm's publications and information about the firm's offices and practice areas. The server is accessible from any Internet connection in the world. Viewers have the option to send electronic mail to the firm via the Internet with follow-up requests. Christopher Millard, a partner in the firm's Media, Computer and Communications Group stated, "The Internet is rapidly becoming a vital medium for the global distribution of information. As an international firm we believe it makes business sense to establish ourselves in the growing cyberspace community." - ends - ABOUT CLIFFORD CHANCE Clifford Chance is one of the world's largest law firms, with over 1350 lawyers and a total staff of over 2750 located in 21 jurisdictions around the world. It provides comprehensive legal advice to a broad range of clients. NOTES TO EDITORS: 1 The Clifford Chance Home Page is located on the World Wide Web at "http://www.CliffordChance.com" (spelling and punctuation are critical). It may be accessed using Web browsing software (such as NCSA Mosaic, or Netscape Navigator) from any computer in the world which is directly connected to the Internet. 2 The Internet is the world's largest network of computer networks, and there are estimated to be more than 40 million people with some type of access to the network. The Internet is not owned by any individual, and a number of different service providers are able to sell access. Service providers in the UK include Pipex, EuNet, and Demon Internet Systems. 3 The World Wide Web (also known as "WWW") is the name given to a certain standard for the retrieval of multimedia information via the Internet. WWW "home pages" can contain text, graphics, sound files, and motion pictures. The Clifford Chance Home Page currently contains mostly text with a few graphic files. 4 Prior to establishing a Home Page on the Internet, Clifford Chance has for some time been using the Internet as a research resource and as one of a number of gateways for electronic mail. ------------------------------ Date: Tue, 17 Jan 1995 14:26:38 -0800 From: Jim Warren <jwarren@WELL.SF.CA.US> Subject: File 3--GovAccess.088: CapWeb, Civicnetters, disabled, etc Seek Occasional Poli-Sci Aid - Professorial Type or Reference Librarian (?) Having pursued my education in classic nerd style, I carefully avoided learning much in the few civics courses I was forced to take in high school and college. Now that I have finally learned that politics *will* be inflicted on me and all of us - whether we learn about it or simply suffer the consequences - and have become involved in it, I have occasional naive/stupid questions. It would be *very* helpful if I could find a knowledgable, reliable=accurate source of basic civics and political-science information, willing to consider my occasional questions - *before* I publish or circulate erroneous comments. E.g., is it accurate to say that the "federal deficit" is how much more that authorizes to spend in a given year than the feds take in, whereas the "national debt" is the sum of those un-repaid deficits, over the years? (See? I said they were naive questions. But I won't ask you about object-oriented programming or vector algebra. :-) If yer willin' and competent to help, please send a coupla lines indicating your expertise. Many thanks. --jim-the-nerd &&&&&&&&&&&&&&&&&&&& CapWeb: A Guide to Congress on the WWW Thu, 12 Jan 95 09:16:45 EST >From Chris_Casey@kennedy.senate.gov CapWeb is an "unauthorized" hypertext guide to Congress on the World Wide Web. Committee assignments, contact information including phone numbers, fax, e-mail addresses, state delegation lists, and party rosters are among the information that is available for every member of the Senate and House of Representatives. CapWeb will collect and maintain links to information being provided by individual members of Congress on the Internet; the Library of Congress and other Congressional agencies; state governments; political parties and other related resources. CapWeb is part of Policy.Net, a service of Issue Dynamics, Inc. and can be found at: http://policy.net kennedy.senate.gov /''''\ http://www.ai.mit.edu/people/casey/casey.html /______\ |@@@@@@@@| 202/224-3570 ||0||0||0| Office of Senator Kennedy _____/\________ " " " " "_______/\_____ Washington, DC 20510 {|| || || || || ____/\_____|| || || || ||} ______________________________{||_||_||_||_||____/__\____||_||_||_||_||}__ [I wouldn't normally include such an baroque "sig-file," but this is so novel that I tho't I'd inflict it on yer email. --jim] &&&&&&&&&&&&&&&&&&&& Invitation to Join Civic-Networking Collegium (at a fee) >From d.wiesner@genie.geis.com >From MUNI-TELECOM-APPROVAL@CIVICNET.ORG >From The Center for Civic Networking Fri, 13 Jan 95 06:08:00 UTC Over the past two years we've helped to develop the Cambridge Civic Forum - a public dialogue program in Cambridge, MA. Along the way, we've come across similar efforts focusing on citizen planning, neighborhood action, and citizen-government collaboration at the local level. A member of the CCN team (Ken Thomson) co-authored a book, The Rebirth of Urban Democracy, that looked in depth at a number of these programs, including those in St. Paul, Portland, Dayton, Birmingham, and San Antonio. One thing we've realized is that there doesn't appear to be a special forum for those of us in the trenches to compare notes with each other. Ken convened several conferences from 1978 to 1992 for a broad range of community-based organizations, and invariably participants urged development of such a forum on an ongoing basis. There are a number of national-level and collaborative efforts working to promote civic renewal in one form another (e.g. Healthy Cities, National Issues Forum, Alliance for National Renewal, American Civic Forum), but as yet, no ongoing, day-to-day linkage. Since we'd like to participate in such a forum, and can't find one, the obvious thing to do is start one! We'd like to create a forum that brings together grass roots practitioners, who are currently working on (or have worked on) locally evolved programs, with the specific goals of: - providing a vehicle for us to compare notes and otherwise provide mutual support and assistance - engaging in serious examination of issues that we all face - developing ways to disseminate what we've learned in order to help other communities develop their own programs - providing a vehicle for collaboration on joint projects - such as regional forums and joint fund-raising We'd like to start by recruiting 100-150 participants in an ongoing "electronic collegium" - essentially a focused electronic mail list open to anyone with practical experience in community organizing, citizen participation, and/or civic dialogue activities. We'd like to assemble an initial group during January, then use February to exchange introductions, describe the activities each participant is engaged in, and identify specific topics that we'd all like to explore in more depth. Over the rest of the year we'll explore one topic per month in depth (possibly with one or two academic or other experts invited to participate in each topic discussion). Some obvious issues are lessons learned in how to get started, engaging broad-based participation, organization and staffing, financial support, the possible role of technology (a favorite topic of ours), policy impacts, and program models. We'll provide moderation and facilitation to keep the discussions on track. Of course, on an ongoing basis, we also see this collegium as a vehicle for each participant to solicit input and assistance from other members of the collegium. By keeping this as a limited admission, focused forum, we hope to create high value for all participants. As we develop useful results, we hope to disseminate them via our respective participation on other Internet lists, by publishing summaries (electronically and otherwise), by organizing "electronic seminars" for people getting started in organizing new local efforts, and through all the normal channels of speaking, writing, teaching, etc. We would like to ask a modest financial contribution to help support the effort - $35 for the first 6 months, and $15 per quarter thereafter (around the price of a limited circulation academic journal). This will go to setting up a full set of network capabilities (mailing list, archive, WAIS server to allow searching the archive, gopher server containing supporting documents, mail-responder to allow email only participants to access the archives and documents), to partial support of staff time for facilitating on-line dialogue and editing transcripts into distributable summaries (e.g. a periodic report to more public lists), to partial support of staff time for technical administration of the list and servers, and possibly to honoraria for invited expert participants. Of course, collegium participants will get copies of any edited summaries we put together. If you're interested, please send email to CCN@civicnet.org - with a brief description of: 1. who you are 2. what program(s) you're involved in 3. specific areas of interest you'd like the collegium to focus on If we have sufficient initial interest - say 40 or more people - we'll come back to you with the details of getting started. Regards, John Altobello Richard Civille Miles Fidelman Ken Thomson for the Center for Civic Networking The Center for Civic Networking is a non-profit organization dedicated to applying information infrastructure to the broad public good. We work to as informed citizens, and provide "electronic town halls" which can broaden citizen participation in governance at every level. &&&&&&&&&&&&&&&&&&&& L.A. Conf on Technology and Persons with Disabilities, March 14-18, 1995 The Center on Disabilities at Cal State University - Northridge (18111 Nordhoff St, Northridge CA 91330-8340, 818-885-2578/voice/TDD/msg, 818-885- 4929/fax, ltm@csun.edu) has announced the above-titled conference. Fees range from $150 to $295 by March 1st, and $200 to $345 thereafter. &&&&&&&&&&&&&&&&&&&& San Jose Mercury News Publishes 5-Part "Legislature for Sale" Series If you're interested in - or infuriated by - California government, check out this series! It ran the week of January 8th. (For those on AOL, it should be in their Mercury Center.) &&&&&&&&&&&&&&&&&&&& Rhode Island: RI Secretary of State James Langevin Pursuing Online Access This summarizes msgs of the last few days from Nelson Perras (ad795@osfn.rhilinet.gov), Coordinator of the Office of Public Information for Rhode Island Secretary of State James Langevin (secstate@osfn.rhilinet.gov). Currently, they are examining ways to put RI govt info on-line as inexpensively as possible. There are two avenues they think may be productive. The first is to use what already exists - the Ocean State Freenet to which theoretically every RI'er has access thru libraries or at home - and provide as much govt info as possible. The second is to enter into a public/private partrnership to provide some info that RI normally could not financially afford to do, to the public. Perras' laudible current view is that the private sector would want to make use of such information commercially, but considering it is public info already, they could do that anyway. So long as the people maintain ownership of the work product, he's inclined to allow the free market to do what it does best - innovate and provide services and products from existing resources. He also expressed concern for assuring that there be no monitoring of who accesses which documents - that the privacy of those seeking information about their government be fully protected. Perras is actively soliciting input (ad795@osfn.rhilinet.gov). --jim &&&&&&&&&&&&&&&&&&&& Does Newt *Really* Want to Open Congress to Public Access? By Phone? Thu, 12 Jan 1995 13:54:45 -0800 >From Eric.Silber@Eng.Sun.COM (Eric Silber) > From jwarren@well.sf.ca.us Wed Jan 11 23:52 PST 1995 > Date: Wed, 11 Jan 1995 18:00:39 -0800 > To learn the e-mail addresses of your Senators you will need to contact > them directly at 202-224-3121. ^^^^^^^^^^^^ Last year, I couldn't get through to 224-3121, so I called 1-202-555-1212 They say they can't give out Cong. office phone numbers because, 'They don't have them' !, 'Congress doesn't supply them to Atlantic Bell' !!!! Why the h*$$ doesn't Congress supply its office phone numbers to Atlantic Bell for listng with 'information' ? &&&&&&&&&&&&&&&&&&&& "Every advance in civilization has been denounced while it was still recent." - Bertrand Russell (via mech@eff.org) ------------------------------ From: Stanton McCandlish <mech@EFF.ORG> Subject: File 4--EFF Open Letter to Church of Scientology Date: Mon, 23 Jan 1995 18:25:35 -0500 (EST) *****POST FREELY AS APPROPRIATE***** An Open Letter to the Church of Scientology (CoS) and the Net from the Electronic Frontier Foundation (EFF) Over the past several days, the Electronic Frontier Foundation has received several reports from system administrators and others about threats of lawsuits they have received from attorneys for the Church of Scientology and the closely associated Religious Technology Center and Bridge Publications, Inc. These threats apparently are designed to convince sysadmins to discontinue the carriage of certain newsgroups that involve discussions of the Church of Scientology and its teachings, solely on the ground that some of the messages sent through these newsgroups allegedly involve infringements of CoS copyrights or other intellectual property rights. EFF has also received a letter from CoS stating that it would not use the threat of lawsuits against sysadmins if there were any other way to deal with allegedly wrongful messages. EFF believes there is a better way to deal with allegations of wrongful messages -- and that using the threat of litigation to shut down entire newsgroups, or to persuade sysadmins who have not originated any allegedly wrongful messages to shut down newsgroups, is itself highly inappropriate. Electronic communications are in their infancy, and most of the providers are not big corporations with substantial funds to spend on expensive litigation, but rather small operators who cannot afford protracted litigation, even if they are in the right. The mere threat of a lawsuit could result in some sysadmins refusing to carry all sorts of contentious newsgroups simply because they could not afford to put on a case to show that they should not be held responsible for another party's alleged wrong. Rather than attempting through threats of lawsuits to induce innocent sysadmins to censor speech, Church members are encouraged to participate in Usenet discussions to make their views known and refute erroneous posts -- in other words, to answer allegedly wrongful postings with more speech. As U.S. Supreme Court Justice Louis Brandeis articulated in 1927: "If there be time to expose through discussion the falsehood and the fallacies, to avert the evil by the processes of education, the remedy to be applied is more speech, not enforced silence." If CoS claims that a copyright violation or other wrong not remediable by speech has been perpetrated by a particular person, then it should confine its legal threats to that person -- not direct them at an innocent sysadmin who did no more than forward a message, and certainly not at the innocent participants of a newsgroup seeking to exchange views through the newsgroup channel. Even if CoS cannot determine the identity of the person perpetrating an alleged wrong against it, that provides no excuse for cutting off the free flow of information over the net. Events like these show us how important it is to search for new paradigms for handling disputes that arise from time to time. We think the better way to handle this dispute would be to submit the claims and counterclaims to arbitration or mediation, perhaps in a proceeding conducted over the net among the parties to the newsgroup discussion. EFF offers its services to help find an appropriate mediator or arbitrator who would be available online for this purpose. Any party to this dispute that refused to participate in such a forum would, of course, have to explain why it had done so if a case were brought in a more traditional court. Meanwhile, we urge CoS to leave the innocent sysadmins out of their fight. We urge CoS not to take actions designed to cut off the free flow of information through the net. Where there are legitimate disputes about particular messages or the wrongful actions of particular individuals, those can and should be addressed -- perhaps most efficiently through the new communications medium itself. The Electronic Frontier Foundation 1667 K St. NW, Suite 801 Washington DC 20006-1605 USA +1 202 861 7700 (voice) +1 202 861 1258 (fax) +1 202 861 1223 (BBS - 16.8k ZyXEL) +1 202 861 1224 (BBS - 14.4k V.32bis) Internet: ask@eff.org Internet fax gate: remote-printer.EFF@8.5.2.1.1.6.8.2.0.2.1.tpc.int ------------------------------ Date: Sun, 22 Jan 1995 23:14:15 -0600 (CST) From: David Smith <bladex@BGA.COM> Subject: File 5--Writer Seeks On-Line Crime Info (fwd) ---------- Forwarded message ---------- From--FMGG44A@prodigy.com (Jerome Haden) Subject--Writer Seeks On-Line Crime Info Date--22 Jan 1995 23:27:25 GMT REQUEST FOR INFORMATION I am currently writing a book length manuscript entitled : "Crash and Burn: A Parents Guide To The Dangers On The Information SuperHighway." I am seeking real events that are "public record" either newspaper articles or court documents which involve the following criminal activity: 1.) Sexual predators who have commited sex crimes on minors with a connection to a local computer bulletin board or a national on-line service such as Prodigy, Compuserve, or America On Line. 2.) Teenage computer hackers who have been charged with any type of telephone fraud, unauthorized access to another computer, or similar crimes. 3.) Any teenagers involved in making explosives with information obtained from a computer bulletin board. 4.) Any selling of illegal drugs involving minors on a computer bulletin board. 5.) Any other crimes invloving teenagers as either victims or perpetrators with the use of modems or any manner in "cyberspace". Any information must be a public record that can be verified by my literary agency and my publisher. Also would be interested in hearing from victims or perpetrators willing to be interviewed "off the record", and/or willing to appear on national talk shows. If you have any such information please contact me as follows: Jerome Haden E-Mail: FMGG44A@prodigy.com ------------------------------ Date: Fri, 20 Jan 95 08:08:21 EST From: Frank Tirado <SYSADMIN@ERS.BITNET> Subject: File 6--Comment on "NII/Preservation of Information" I would like to add a "tidbit" to Karen Coyle's article on the NII, in the area of Preservation of information. One of the primary reason we have so much information about the past is that, until now, it has been preserved on paper. Granted, accurate glimpses of the more distant past have been preserved on media such as vellum, papyrus and hardened clay. A much more detailed and complete view, however, is available to all interested parties when it has been recorded on paper. For example, core samples from landfills have brought up still legible pieces of newsprint dating back more than 40 years - the paper on which it was printed was hardly yellowed. The Declaration of Independence has survived its authors by several of their lifetimes. What I'm leading up to is that preserving data will be crucial in the Electronic Age. We have developed ingenious techniques to manipulate, collate, store and present information, yet the electronic media on which it is stored will not meet the test of time. It is possible to store the contents of the Bible on a group of diskettes, whose usable lifetime is about 10 years. Compare that to the fact that some Gutenberg Bibles, printed on paper, have survived centuries. Even CDROMs have an estimated lifetime of roughly 35 years. Unless we see some major advances in electronic storage media, there's a good chance that our children's children will know less about us than of our forebears. ------------------------------ Date: Sun, 22 Jan 1995 11:34:41 -0600 (CST) From: David Smith <bladex@BGA.COM> Subject: File 7--(fwd) Summary of NYC Clipper Seminar 19 JAN 95 (fwd) ---------- Forwarded message ---------- Last Thursday, January 19, 1995, the Science and Law Committee and the Computer Law Committee of the Association of the Bar of the City of New York jointly sponsered a panel discussion entitled, "THE CLIPPER CHIP: Should the Government Control the Master Keys to Electronic Commerce?" The panel included: Moderator: Albert L. Wells, Debevoise & Plimpton Speakers: Stewart A. Baker, Steptoe & Johnson, former General Counsel, NSA Michael R. Nelson, Special Assistant for Information Technology, White House Office of Science and Technology Policy James V. Kallstrom, Special Agent in charge of the Special Operations division of the New York office of the FBI Daniel Weitzner, Center for Democracy and Technology, formerly Deputy Policy Director, Electronic Frontier Foundation William Whitehurst, Director, Data Security Systems, IBM Corporation The discussion was open the public. My rough guess is that 120 people were there, probably 2/3 members of the Association. For those familiar with this subject, what was most interesting was to be found not in what was said, but in the differences from what has been said before. In particular, Stewart Baker didn't mention child pornography even once. Actually, Mr. Baker said remarkably little. Remember, this is the man who went on record in "Wired" only last year, while still on the government payroll as the NSA's top lawyer, with his droll comparison of those opposing Clipper to would-be revolutionaries in bandoliers and pocket protectors. He's told that joke so many times and to so many audiences, it was conspicuous by its absence. (Indeed, Baker even spoke of himself as, "one who has been accused of lowering the tone of the debate.") Of more substance, Baker (and one must at least be curious what Steptoe & Johnson find in their corporate interest in having him continue to be a spokesman for the government's policy on this issue) continued to defend the escrowed-key plan, stating that those opposed should exhibit more faith in our democratic institutions than such opposition suggests. Daniel Weitzner's unequivocal position was that "Clipper is dead." He showed more concern over the general issue of trade regulation and how limitations on exports of crypto technology are affecting commercial interests. Nonetheless, he did criticize the administration's dogged persistence, to the extent that they are not yet abandoning the core of the Clipper initiative, which is to enforce use of a crypto system that has a built-in backdoor for wiretapping purposes. To this, Weitzner simply pointed out that, as there have been "mob lawyers," it is no stretch to imagine "mob cryptographers." (Personal note: Weitzner is right. I have, myself, been approached by persons connected to organized crime who expressed an interest in just such a thing. Interestingly, my "client" was more concerned about internal security than protection from government eavesdropping.) Both Baker and Michael Nelson stated that the Clipper initiative was an attempt to find a balance amongst the conflicting interests of privacy, scientific inquiry, commerce, and "the ability of law enforcement to do its job." My notes, however, do not reflect any remark to the effect that "the ability of law enforcement to do its job" has been allowed to suffer by the Clipper compromise. In fact, Matt Blaise (forgive a misspelling, if there is one) was present in the audience and asked Nelson for some indication of what it would take for the administration to compromise against the interests of law enforcement. Nelson spoke at some length in response, but if he actually answered, I missed it. IBM's William Whitehurst presented the business view: this whole affair is costing American companies sales. The prospects for selling crypto to foreign governments when American intelligence can listen in are not very good. (An interesting legal point that was only obliquely addressed is that the Fourth Amendment would not be much protection in another country; a wiretap warrant wouldn't be needed for American snooping.) The administration's view on this was revealed for the head-in-the-sand policy it is, when Perry Metzger asked Nelson if he really felt that the Libyan government couldn't just download PGP and start defeating the value of the Clipper chip right now (Nelson had mentioned Libya earlier, as an example of a foreign power that could use crypto to the disadvantage of the United States). Nelson stated, "they'd still have to implement it." Metzger pointed out that this would about as hard as entering "pgp -f filename," on an IBM PC, but Nelson just ignored him. James Kallstrom of the FBI was a surprise guest. It fell to him to carry the weight of reminding us all that law enforcement is opposed to things like kidnapping, bombing the World Trade Center, and child pornography (this litany generated open laughter from the audience). However strained the connection is between kidnapping and crypto, I did find Kallstrom refreshingly direct about what he thinks the issue really is: good versus evil. Kallstrom feels it would be no more sensible to unleash strong crypto into a world full of terrorists and crooks than it would be to buy a house and not have a spare set of keys; once you're locked out, you can never get back in. I asked him if it wasn't my right to decide who gets the key to my house, but he didn't understand my question. To Special Agent Kallstrom, we are all living in one house, and it is our good faith in each other (and in the FBI, apparently) that will keep the forces of evil locked out. I don't agree, but you can't fault him for his clarity of purpose. No votes were taken, but I did not feel there was much support among the audience for whatever remains of the Clipper initiative. But, Mike Nelson stated without reservation that the initiative would continue to exist in whatever form best serves the compromise he had discussed, while continuing to preserve "the ability of law enforcement to do its job," for as long as the current administration remains in power. To which an audience member replied, "two more years!" -- Stevens R. Miller Attorney at Law (212)227-1594 http://www.interport.net/~lex/ ------------------------------ Date: Sun, 22 Jan 1995 23:34:32 -0600 (CST) From: David Smith <bladex@BGA.COM> Subject: File 8--E-Mail Security - New book by Bruce Schneier E-MAIL SECURITY WITH PGP AND PEM: HOW TO KEEP YOUR ELECTRONIC MESSAGES PRIVATE ...a new book by Bruce Schneier John Wiley & Sons, 1995 ISBN 0-471-05318-X $24.95 The world of e-mail is the world of postcards. Between you and your correspondents may lurk a foreign government, a business competitor, an overzealous law enforcement agency, or even just a nosy neighbor. The problem is, all of these potential eavesdroppers, given fairly simple access tools, can read your messages as easy as a postal worker can read your postcards. E-MAIL SECURITY is about protecting electronic mail fm spies, interlopers, and spoofs--people who may want to destroy, alter, or just look at your private communications. The book shows how you can protect the financial information, contract negotiations, or personal correspondence you entrust to public or private networks--and it shows how this protection is available right now, with free or inexpensive software. The book discusses PGP and PEM: how they work, how they are different, and how to choose which one is right for you. TABLE OF CONTENTS: Part I: Privacy and Electronic Mail Chapter 1: The Problem Chapter 2: Encryption Chapter 3: Key Management Chapter 4: Authentication Chapter 5: Certificates Chapter 6: Keeping Your Private Key Private Chapter 7: Odds and Ends Chapter 8: Patents, Governments, and Export Laws Part II: Achieving Electronic-Mail Privacy Chapter 9: Requirements and Features Chapter 10: Privacy Enhanced Mail (PEM) Chapter 11: Pretty Good Privacy (PGP) Chapter 12: Comparing PGP and PEM Chapter 13: Attacks Against PGP and PEM Appendix A: Pretty Good Privacy Appendix B: Privacy Enhanced Mail ***************************************************************** If you are interested in a copy of E-MAIL SECURITY, please send a check for $25 + $5 postage (ask for rates abroad) to: Bruce Schneier 730 Fair Oaks Ave Oak Park, IL 60302 The book won't be available until at least the end of the month, so please be patient. ------------------------------ Date: Thu, 23 Oct 1994 22:51:01 CDT From: CuD Moderators <tk0jut2@mvs.cso.niu.edu> Subject: File 9--Cu Digest Header Information (unchanged since 25 Nov 1994) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: Bits against the Empire BBS: +39-461-980493 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the NIU Sociology gopher at: URL: gopher://corn.cso.niu.edu:70/00/acad_dept/col_of_las/dept_soci COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.06 ************************************