Computer underground Digest    Sun  Feb 16, 1997   Volume 9 : Issue 09
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Field Agent Extraordinaire:   David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.09 (Sun, Feb 16, 1997)

File 1--Cyber Angels FACES Project
File 2--FYI: "Contributory copyright infringement"
File 3--Re: "Hacking Chinatown"
File 4--Coalition Letter on Privacy and Airline Security
File 5--BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL (fwd)
File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 9 Feb 1997 18:40:06 +0000
From: David Smith <bladex@bga.com>
Subject: Fle 1--Cyber Angels FACES Project

Attached is an excerpt from the December Cyber Angels bulletin
containing the details of their FACES project.


------- Excerpt Begins  -------

          ****************************************************************

USENET TEAM NEWS

USENET "FACE" PROJECT

"FACE" = FREEING ABUSED CHILDREN from EXPLOITATION

WE ARE IN THE PROCESS OF CONSTRUCTING AN ONLINE DATABASE OF THE
FACES OF THE CHILDREN WHO HAVE BEEN ABUSED AND PHOTOGRAPHED TO MAKE
CHILD PORNOGRAPHY


Child pornography as some of you no doubt know is regularly posted to the
Usenet.  Child pornography is also illegal - that is why we are regularly
passing evidence to Federal Authorities that we gather from the Usenet.

Who are the children who are used in the child pornography that is posted
to the Usenet?  Do you know any?  How could you find out?  That is exactly
what our FACE UNIT is all about.  Our volunteers spend time each week
finding child pornography posts on the Usenet, and cropping the picture so
that just the child's face is left.  These faces - the faces of innocent
children who are the victims of abuse crimes by adults - are then passed
with the full header reference to our FACE UNIT Leader.  The images are
then posted up to our website, in the hope that as thousands of people pass
through our website someone somewhere may recognize the face of someone in
our online database and then we can contact law enforcement and perhaps
bring someone to justice and rescue an abused child.

To help on this unit you need to have cropping ability - in other words the
ability to take a jpg image and cut out the child's face and make a new jpg
out of it.

NB For legal reasons the FACE UNIT accepts only volunteers 18 years old and
above.  You may like to know that this work follows guidelines given to us
by Federal Authorities.

This is pioneering work!  YOU can help us!  Contact me if you are inspired
to assist us.

The FACE database will open at our main site at the beginning of January.

          ****************************************************************

---- Excerpt Ends ----

I feel such a database would be a case of "double victimization" --
that someone who was the victim of child pornography would not want
pictures of their faces openly distributed. No one I've spoken to
thinks this is a good idea.

In an exchange of e-mail, Gabriel Hatcher (gabriel@cyberangels.org) politely
disagreed,  suggesting that their project would identify children
who are currently being abused and thus rescue/save them from
suffering. He's heard nothing but positive feedback, and is working
with various law enforcement officials to make sure the project is
done properly.

------------------------------

Date: Mon, 17 Feb 1997 17:48:03 -0600 (CST)
From: Jim Davis <jdav@mcs.com>
Subject: Fle 2--FYI: "Contributory copyright infringement"

-----
Date--Sun, 16 Feb 1997 00:15:27 -0600 (CST)
From--Netiva Caftori <uncaftor@uxa.ecn.bgu.edu>

This is a report David Loundy from CPSR Chicago prepares for a committee
which he chairs.  fyi

Netiva Caftori, DA (CS dept)  e-mail--n-caftori@neiu.edu        /\/\/\/\/\
Northeastern Illinois Univ.   http://www.neiu.edu/users/uncaftor/home.html

Date--Sat, 15 Feb 1997 14:42:14 -0500
From--"David J. Loundy" <David@loundy.com>

                              The Law Office of
                               David J. Loundy
465 Pleasant Avenue                                 Phone:  (847) 926-9744
Highland Park, Illinois                 Electronic Mail:  David@Loundy.com
60035-4909                          World Wide Web: http://www.Loundy.com/


                   ISBA INTELLECTUAL PROPERTY SECTION COUNCIL
                        INTERNET LAW SUBCOMMITTEE REPORT
                                February 13, 1997
                            Compiled by David Loundy

A final decision has been reached in the Sega v. MAPHIA case.  The court
held that a BBS operator who ran a pirate bulletin board for the
distribution of video games was guilty of contributory copyright
infringement (though direct infringement was not proven), federal trademark
infringement, California trade name infringement, and state unfair
competition.

In Sega Enterprises Ltd v. Sabella, in the Northern District of California,
Sega was granted summary judgment on its claim of contributory copyright
infringement by a BBS operator.  The defendant's BBS was used for the
uploading and downloading of pirated games on the BBS. Unlike in the Sega
v. MAPHIA case, the Court denied summary judgment on a trademark
infringement claim based on the system operator's claim that she was not
aware of, and did not authorize, the use of Sega's trademark on the pirated
games.

Hallmark cards received a "cease and desist" letter as a result of its use
of "E-Greetings," as a term for electronic cards marketed off its web site.
Hallmark has filed a challenge with the U.S. Trademark Office over Greet
Street's rights to use E-Greetings claiming  the term "E-Greetings" or
anything else prefaced with "e-" is not suitable for trademark protection.

An Oklahoma court has denied journalism professor Bill Loving's request for
an injunction against the University of Oklahoma.  The University removed
access on its public news server to all of the "alt.sex" hierarchy of
usenet newsgroups after the group "Oklahomans for Children and Families"
complained that the newsgroups contained illegal content.

Legislation has been introduced in Maryland that would make it illegal to
send "annoying" or "embarrassing" e-mail.  It is similar to a bill
currently working its way through the New York legislature.

Another suit was filed against the Communications Decency Act.  The
webmaster of the "annoy.com" web site filed for a preliminary injunction
against Janet Reno on Jan. 30.  The suit specifically targets the "with
intent to annoy" provision of the act, since that is what the web site is
intended to do. The creator's intent is to create an online service that
delivers scathing, anonymous postcards to public figures, as well as
provide controversial commentary on "hot button" issues.  One of the
reasons behind the sites creation and accompanying lawsuit was the
creator's frustration that all of the press surrounding the CDA focused on
its attempts to protect minors, without addressing the impact on adult
speech.

Sen. Patrick Leahy introduced a bill that would repeal amendments to the
Communications Act made by the CDA.  In the mean time, 22 members of
Congress filed an Amici Curiae brief with the Supreme Court in Reno v. ACLU
in support of the Communications Decency Act (the brief is available at
http://www.cdt.org/ciec/SC_appeal/970121_Cong_brief.html).

In New York, U.S. District Judge Kimba Wood has issued a temporary
restraining order against Richard Bucci, an anti-abortion activist who
registered the domain name "plannedparenthood.com."  Mr. Bucci registered
the domain and set up a web site labeled as "Planned Parenthood's Home
Page" from which he sold an anti-abortion book.  Planned Parenthood
Federation of America has sued Bucci alleging his use of the group's name
constitutes trademark infringement.  A Feb. 20 hearing on a motion for a
preliminary injunction is scheduled.

A U.S. District Judge in North Carolina has denied Gateway2000's motion for
a preliminary injunction against gateway.com, Inc. for use of its domain
name.  Gateway2000 claims that use of the domain name gateway.com
constitutes trademark infringement, trademark dilution, and predatory
business practices.

In Cardservice International, Inc. v. McGee, 1997 WL 16795 (E.D. Va. Jan.
17, 1996), Judge Clarke issued a permanent injunction against using
cardservice.com or csimall.com as a domain name-- stating that the use of
at least the cardservice.com name constitutes trademark infringement.  It
is worth noting that csimall.com in no way resembles the plaintiff's
trademark, and was registered by the defendant to use to in "guerilla
warfare" against the plaintiff.  For the first time in a domain name case
the judge also awarded attorneys' fees.

The Internet Ad-Hoc Committee has released its final report on how the
domain name system should be changed (available at http://www.iahc.org/).
The report recommends the creation of seven new top-level domains, plus the
creation of an international trademarks domain.  It also advocates the
creation of a trademark domain under each individual country's top level
domain.  The report also sets forth a plan that top level domain
administration will be shared by multiple registrars, including the .com
top level domain as soon as NSI's contract expires.  The report calls for a
non-mandatory 60 day publication period on all registered domain names.  It
also provides for a dispute resolution policy to be used for trademark
conflicts (which will probably be somewhat ineffectual).

In Heroes, Inc. v. Heroes Foundation, No. 96-1260, Judge Flannery found
that the defendants web page, along with a Washington Post ad, which
solicited charitable contributions from its location in New York
constituted sufficient minimum contacts to allow the court to exercise
jurisdiction in the trademark infringement action.  The judge refused to
hold that the web page alone was enough to confer jurisdiction-- pointing
out some of the conflicting Internet jurisdiction cases.

Suit has been filed in the United States District Court for the Western
District of Pennsylvania by an Internet Service Provider against another
ISP and some of its staff.  The claim is that the service provider spammed
the plaintiff and its users thereby violating Section 227(b)(1)(C) of the
Telephone Consumer Protection Act-- the "junk fax" law.

In Nevada, legislation has been introduced which would prohibit a sending
unsolicited e-mail to solicit a person to purchase real property, goods or
services unless the recipient has a pre-existing business relationship with
the message sender.

On February 3, 1997, Judge James L. Graham of the United States District
Court for the Southern District of Ohio preliminarily enjoined Cyber
Promotions, Inc. and its president, Sanford Wallace from e-mailing ads to
CompuServe subscribers. The Court argued that while making available an
e-mail account provides tacit approval to send e-mail to that account,
Cyber Promo's use of the CompuServe system exceeded any tacit approval and
therefore Cyber Promo's actions constitute a trespass to chattels.

Cyber Promotions, Inc. has settled with America Online, in part because of
having lost its fight against CompuServe.  (In which the judge made some
comments about the applicability of his decision to the AOL case.)
According to a litigation attorney for AOL, Stanford Wallace (president of
Cyber Promo) "agreed to the entry of an injunction restricting him to use
only domains that could be blocked by AOL's Preferred Mail tool and which
requires him to provide a viable remove option for AOL members, he
dismissed all of his claims against AOL with prejudice and dismissed his
appeal of the state action/First Amendment decision which was pending in
the Third Circuit."

America Online has had another 5 class action suits filed against it
(bringing the total to 6) by customers who are unable to log on to the
service due to busy phone lines caused by increased usage after AOL
instituted a flat-rate pricing scheme.  AOL settled with 36 state attorneys
general who became interested in AOL's problems by promising to offer
refunds, reduce advertising, hire more phone staff to handle cancellations,
put a notice on any advertising already in the works that there may be some
delays in logging on, and cap the subscriber base until its network
infrastructure has been improved.

A Florida mother is suing America Online, claiming it allowed a subscriber
to distribute pornographic pictures of her son and two other boys to
pedophiles. The suit alleges that AOL is breeding  "a home shopping network
for pedophiles and child pornographers."  Others claim that the suit is
analogous to suing New York for having pedophiles living in the city.

The Executive Committee of the New York State Bar Association has adopted
the bar association's opinion on the use of e-mail in attorney-client
communications. The opinion states that "merely because a communication
took place over e-mail, or by similar electronic means, it would not lose
its privileged nature."  The opinion (at
http://www.nysba.org/committees/cplr/library/4547.html) does, however,
state that there are some communications that would be too sensitive to
trust to e-mail (such as communicating trade secrets or confessions).

The Consumer Internet Privacy Protection Act of 1997 (H.R. 97) has been
introduced in the House.  The Act, among other things, provides that "an
interactive computer service shall not disclose to a third party any
personally identifiable information provided by a subscriber to such
service without the subscriber's prior informed written consent."

The 6th Circuit affirmed the dismissal of the indictment against Jake Baker
(by a 2-1 vote).  Jake Baker is the former University of Michigan student
who posted a piece of "erotic fiction" on the Internet which described the
sexual torture and murder of a classmate, who was mentioned by name.

Jayne Hitchcock is suing the Woodside Literary Agency in New York federal
court alleging that people at or affiliated with the agency electronically
impersonated, harassed, and defamed her with what she describes as a
scorched-earth slander campaign in retaliation for her attempts to warn
others away from the agency.  She received over 200 e-mail messages from a
forged address.  Her literary agent received forged e-mail, reporting to be
from her, threatening to cancel her contract.  Even a personal add was
forged stating "Female International Author, no limits to imagination and
fantasies, prefers group ma\cho/sadistic interaction including lovebites
and indiscriminate scratches. . . . Will take your calls day or night." was
posted to various places on the Internet-- listing Ms. Hitchcock's name,
address, and phone number.  The suit seeks $10 million in damages.

An Internet scam has cost some Canadian victims up to $1,200 in phone
bills.  Web surfers are offered the opportunity to download free nude
pictures from a web site, however, the people are told that they must
download  a "special image viewer" first.  The "viewing" software,
unbeknownst to most users, hangs up the modem from the user's local service
provider and quietly reconnects the call to a number in Moldavia.  Canadian
police have ordered that all outgoing calls to the number in Moldavia be
blocked.


INTERNATIONAL

The United Arab Emirates state-owned Emirates Telecommunications
Corporation (Etisalat) has put into place national proxy servers which will
route all Internet traffic and censor selected Internet sites which
conflict with local moral values and traditions.

Berlin prosecutors have filed charges against Angela Marquardt, a leader of
Germany's reform communist Party of Democratic Socialism (PDS), for placing
a link on her home page to the outlawed Radikal magazine.  A Berlin
prosecutor's office spokesman is quoted by Reuters as saying that "It is
illegal in Germany to teach others how to commit a felony or to sanction a
felony."

Attorneys for the Australasian Mechanical Copyright Owners Society (AMCOS)
and the Australian Music Publishers Association Limited (AMPAL) forced have
shut down Internet archives of song lyrics and MIDI (Musical Instrument
Digital Interface) files located at two Australian Universities (Monash
University and the University of Western Sydney) to remove the material
from sites at those schools.



MISCELLANEOUS

WebTV and OnCommand, Inc. have teamed up to provide Internet access in
hotel rooms to business travellers.  The companies claim that half of all
business travellers already subscribe to an on-line service.

UPS is making its database of digitized signatures available to anyone with
a computer, modem, and package tracking number.  You can download the
software from the Internet and have your modem reconnect to an 800 number
for access to the database.

------------------------------

Date: Mon, 10 Feb 1997 19:51:22 -0800 (PST)
From: Daniel Brown <bidorn19@idt.net>
Subject: Fle 3--Re: "Hacking Chinatown"

> Re CuD - -"Hacking Chinatown"
>
>                             "Hacking Chinatown"
>                                     by
>                               Richard Thieme

This article agitates the long-abused word 'hack'.  As I call myself a
hacker, I wish to clean up this mess thoughoughly.  I invite you to RTFM
-- try reading the Jargon File (http://www.ccil.org/jargon).

First of all, nothing I do which I call hacking is illegal, or frowned
upon by security people.  Some who read, say, alt.2600, are in another
boat than I am.  What do I call hacking?  Here's an excerpt from the
Unofficial alt.hackers FAQ:

  In short, hacking is about using available technology in a creative
  way to solve a problem.  It can be a stupid problem and an ugly
  solution, as long as it is a new and creative solution.  Hacking
  extends to all forms of technology, not just computers--using the
  thighbone of an antelope to bash in the head of another antelope was
  an excellent hack.

As well, a 'hack' is often an object.  A section of code could be an
example, if you 'hacked it up'.  I have a home-made
headphone-to-"line in" converter (it's a headphone plug I put into my CD
player, and soldered to it are "line in" wires for left and right sound that
goes into my cassette/radio player), and I call that a mini hack.

Do you get the idea?

On a historical note, many crackers think the history of hacking begins
the same as all hackers know it ... that TMRC at MIT (late 1950s) was the
birthplace of curious techies who called themselves 'hackers', who found
the TX-0, and worked on this first of the minicomputers, and their
influence spread to places like the SAIL.  Where the ideas diverge is
that crackers, quite possibly from Levy's book named "Hackers" (1984),
think that that culture died (quite possibly when MIT's ITS machine was
shut down) and now the current "breed" of hackers are those who crack
security.

Wrong.  How that definition arrived was by journalistic misuse of the
work 'hackers', after some hackers who were curious about security got
into the habit of cracking BBSs.  (The first word used to defend against
this misuse was to call people who did this 'worms'; this failed, and a
couple years later, the term 'cracker' got started.)  The original
culture did not die per se; hackers still continued to thrive (there
were other ITS machines, most notably at SAIL; micros were another
interest).  But this small minority of crackers within hackerdom got
media attention, and soon the public's definition of hackers turned and
took on approximately the same definition today.  What do you get?
People who call them hackers but never saw a minicomputer in their life,
beleive IBM invented the PC, and think hacking is all about cracking.

The culture that was spawned in MIT has a direct link to the real hacker
culture of today.  The interests have not really changed.. hackers still
create their own Operating System (Linux comes to mind), still optimize
code for speed, still find solutions to unique problems, .. you get the
idea.  I mean to say that cracking isn't "the current generation of
hacking".  The two are different, and I'm tired of one marring the
validity of the other (cracking on hacking).

Specific responses follow...

>      Hacking means tracking -- and counter-tracking -- and
> covering your tracks -- in the virtual world. Hacking means
> knowing how to follow the flow of electrons to its source and
> understand on every level of abstraction -- from source code to
> switches and routers to high level words and images -- what is
> really happening.

You make understanding the idea of abstraction a wizardly concept, which
is bogus.

>      Hackers are unwilling to do as little as possible. Hackers
> are need-to-know machines driven by a passion to connect
> disparate data into meaningful patterns. Hackers are the online
> detectives of the virtual world.
>      You don't get to be a hacker overnight.

Actually, it's a lifestyle.  You could develop hackish habits/
preoccupations (creating jargon, consuming curiosity, enjoying the
accomplishment of something unheard of, ...), but never know these same
qualities were common in a culture wich mades computers what they are
now.  (I mean that.  The person to invent the PC was a hacker who decided
to make a computer out of the Intel 4004, even though noone thought it
would be possible.  Some Linux hackers look to the Nintendo 64 with a
similar inspiration -- a possible host for a Linux microkernel :)

You *could* "make" yourself into a hacker, though.  If you drive yourself
crazy enough :-).

>      The devil is in the details. Real hackers get good by
> endless trial and error, failing into success again and again.

Wrong.  This is characteristic of crackers, and is primarily useful for
their art.  (Should I dare call it so?  Breaking into computers is *NOT*
beautiful).  Real hackers avoid tedium, and read the manual(s) and devise
their hacks before making them.  "Trial and error" is a facet of lacking
brilliance.

>      Isn't it ironic that curiosity, the defining characteristic
> of an intelligent organism exploring its environment, has been
> prohibited by folk wisdom everywhere?

Cracking does not involve intelligence.  At most, it involves 5%
cleverness spent on finding new exploits (that is, if the perpetrator has
nothing to exploit first), and 95% dogged determination (spent on
activities as garbaging).  The mental capacity used for such skill aught
to be garbage collected for helpful activities.  Graduate high school,
and go to a university where real hackers will teach you.

>      The endless curiosity of hackers is regulated by a higher
> code that may not even have a name but which defines the human
> spirit at its best. The Hacker's Code is an affirmation of life
> itself, life that wants to know, and grow, and extend itself
> throughout the "space" of the universe. The hackers' refusal to
> accept conventional wisdom and boundaries is a way to align his
> energies with the life-giving passion of heretics everywhere. And
> these days, that's what needed to survive.

You mean the Hacker Ethic?  I always freely distribute my software (by
either putting it in the Public Domain or giving it the GNU Copyleft).  What
about you?

>      We know we build on quicksand, but building is too much fun
> to give up. We know we leave tracks, but going is so much more

The Free Software Foundation is a collection of hackers that makes
excellect freeware in alternative to proprietary tools.  Much of their
software is ancient in that it was created a long time ago (in computer
historical terms, at least), but is still around today because it is
always maintained.  If you say "we build on quicksand", I don't doubt you
talk about cracking, and it proves cracking is backwards, hacking is
forwards.

>      To say that when we engage with one another in cyberspace we
> are "Hacking Chinatown" is a way to say that asking questions is
> more important than finding answers. We do not expect to find
> final answers. But the questions must be asked. We refuse to do
> as little as possible because we want to KNOW.

You say that asking questions is more important than the answers.  True,
you can't seek something if you don't wonder about it (this true to
hacking too), but real hacking delights in finding the answers (or the
answers, depending on the purpose of the hack).

I really tell you, cracker ideals are teenagerisms about technology.
Hackers don't say thing in w!3rd w4yz, because there is no joy in that.
It also goes against the logical use of the English language (you can't
really hack if you can't think logically).  Also, doing something in
retaliation is illogical (ie, breaking into the IRS to find the auditing
selection code, because the IRS refuses to release it) -- it isn't the
Right Thing, which would be a) work out the problem, or b) forget it.

There's a gulf of difference between hacking and the ecstatic feeling
that hackers get when they circumvent a limitation or apply something
brand new, and cracking which searches to satisfy a adolescent's
problem (I say this in psychological terms; all stages of life have their
problems to solve).

If you want to be a hacker, read my .sig.  But if you don't, please
distinguish between the words 'hack' and 'crack'.

------------------------------

Date: Wed, 12 Feb 1997 20:41:26 -0500
From: Dave Banisar <banisar@EPIC.ORG>
Subject: Fle 4--Coalition Letter on Privacy and Airline Security

A HTML version of this is available at
http://www.epic.org/privacy/faa/airline_security_letter.html


February 11, 1997

Vice President Albert Gore, Jr.
The White House
1600 Pennsylvanpia Ave, NW
Washington, DC 20500

Dear Mr. Vice President,

We are writing to you to express our views on the serious civil
liberties issues raised by recent government activities in the name of
airline security.  These include recent orders issued by the Federal
Aviation Administration, and also proposals recommended by the White House
Commission on Aviation Safety and Security and the FAA Advisory Aviation
Security Advisory Committee.

Many of these proposals were developed in the highly-charged
atmosphere following the still-unsolved crash of TWA Flight 800 and reflect
a misguided rationale that something had to be done, no matter how marginal
in value or violative of individual rights.

We all feel strongly that air travel must be safe - nobody wants to
feel that to set foot on an airplane or an airport is to take a substantial
safety risk.  However, basic civil liberties protected by the Constitution
should not be sacrificed in the name of improving air safety, especially
where the potential benefits are questionable.  At the airport ticket
counter, passengers check their luggage, not their constitutional rights.


Identification

One area of concern is a secret FAA order issued in August 1995 and
apparently revised in October 1995. The FAA order purportedly requires
airlines to demand government-issued photo identification from all
passengers before they can board an airplane.  It remains unclear whether a
passenger must provide that identification and what discretion an airline
has to allow, or refuse, any passenger to board if they refuse to provide
identification or simply do not have any available.

Americans are not required to carry government-issued
identification documents. Any requirement that passengers show
identification raises substantial constitutional questions about
violations of the rights to privacy, travel, and due process of law.  The
Supreme Court has consistently struck down laws that interfere with the
constitutional right to travel.  The Court has also overturned laws in a
variety of circumstances that require an individual to provide
identification in the absence of any specific suspicion that a crime has
been committed.  In addition, it is unclear that requiring passenger
boarding an aircraft to identify him or herself actually makes the people
with whom they travel any safer. A bomber with a fake ID is just as
effective as a bomber with no ID.

We urge the FAA to withdraw its directive and to notify airlines
that identification should not be requested for security reasons.  At a
minimum, the FAA should require airlines to post notices telling passengers
that they cannot be denied boarding just because they fail or refuse to
identify themselves.


Computer Databases and Profiling

Another major concern involves the proposed increased utilization
of the practice of "profiling" passengers to determine whether they pose a
security risk and should thus be searched. This would require the
collection of personal information on passengers prior to their boarding a
plane.  Information that may be collected includes a picture or other
biometric identifier, address, flying patterns with a particular airline,
bill paying at a particular address, criminal records, and other
information. This, and information gleaned from observing the persons with
whom the passenger was traveling, would be fed into a computer data base
that would be used to decide whether the passenger "fits the profile" and
should be subjected to heightened security measures.  Under this proposal,
the checked luggage of people selected by the computer would be scanned by
new sophisticated scanning devices.

The risks to privacy are enormous and run not only to those who
"fit the profile." For this system to be useful, it must apply to every
person who might take a flight, i.e., to everybody. A new government
dossier on everyone would have to be created, computerized, and made
accessible to airline personnel.

In addition, for the system to be useful, it would have to be
linked to other data bases and constantly updated. Each time a person
changes their address or takes another flight, or does anything related to
the characteristics about them deemed significant by the profiling system,
the government would track it. All of our experience with the creation and
updating of such ever-changing data bases teaches us that the likelihood of
inaccuracy at any given moment is high.  The FBI, for instance, recognizes
that data in its computer system  of criminal records has an inaccuracy
rate of 33 percent. Such inaccuracy would lead to both a breach of safety
and to violations of the rights of innocent people. This proposal is a
quick fix that won't fix anything.

The proposal also violates a central principle of the Code of Fair
Information Practices and the Privacy Act (5 U.S.C =A7 552a): information
given to the government for one purpose ought not be used for other
purposes without the consent of the person to whom it pertains. The use of
criminal records in such a data base, particularly where those records
include arrests that do not result in convictions, is particularly
troubling.

Profiling also frequently leads to discriminatory practices.
Already, we have received numerous reports of discrimination against
individuals and families with children who have been refused entry onto
aircraft because their names appeared to be of Middle-Eastern origin. In
the well publicized example of security guard Richard Jewel, reports
indicated that the FBI profile led the police to unfairly target Mr. Jewel
for the incident, even in the absence of other evidence. This incident
vividly shows the limitations of basing a law enforcement decision on a
profile.

We urge the FAA and airlines to discontinue the use of passenger
profiling.

X-Ray Cameras

We also view with concern proposals to install  in airports new
cameras which can depict highly detailed images of individuals' bodies
under their clothes.  Existing scanners, the development of which was
partially funded by the FAA, already show a revealing and invasive picture
of a naked body in high detail and the technology is likely to improve.
This is clearly a search under the Fourth Amendment and is far more
intrusive than a standard metal screening device.  Passengers should not be
subject to an "electronic strip search" in order to board an aircraft. To
expose travelers' anatomies to the general public or even to selected (not
by the victim of the unreasonably intrusive search) strangers is extremely
embarrassing and shocking to the conscience.

We urge the FAA to reject proposals to use body scanners capable of
projecting an image of a person's naked body.

Secrecy

Much of the key decision-making surrounding these proposals has
been shrouded by secrecy. The FAA has claimed that it is exempt from open
government laws and has refused to release its directives on profiling and
identification. Relevant meetings have been closed to the public or limited
to participants who can afford to pay expensive fees.

We urge the FAA to publish its directives and open all further
decision making open to public scrutiny.

Conclusion

In conclusion, we believe that these proposals raise grave
constitutional issues and are likely to produce only minimally beneficial
results to improve airline safety. We urge the FAA and the advisory
commissions to focus their efforts on improving security in a balanced and
rational manner that is open to public scrutiny and consistent with
constitutional rights.


Sincerely,


Houeida Saad
American-Arab Anti-Discrimination Committee

Greg Nojeim
American Civil Liberties Union

Maher Hanania
American Federation of Palestine

James Lucier, Jr., Director of Economic Research
Americans for Tax Reform

Aki Namioka, President
Computer Professionals for Social Responsibility

Lori Fena, Executive Director
Electronic Frontier Foundation

David Banisar, Staff Counsel
Electronic Privacy Information Center

Ned Stone
Friends Committee on National Legislation

Judy Clarke, President
National Association of Criminal Defense Lawyers

Kit Gage, Washington Representative
National Committee Against Repressive Legislation

Audrie Krause, Executive Director
NetAction

Sharisa Alkhateeb
North American Council of Muslim Womem

Simon Davies, Director General
Privacy International

Robert Ellis Smith, Publisher
Privacy Journal

Evan Hendricks, Chairman
US Privacy Council and Publisher, The Privacy Times

Enver Masud
Executive Director
The Wisdom Fund

John Gilmore
Civil Libertarian and co-founder, The Electronic Frontier Foundation


-------
David Banisar (Banisar@epic.org)                *    202-544-9240 (tel)
Electronic Privacy Information Center           *    202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301             *    HTTP://www.epic.org
Washington, DC 20003    * PGP Key
http://www.epic.org/staff/banisar/key.html            =20



------------------------------

Date: Mon, 3 Feb 1997 16:50:24 -0500 (EST)
From: "noah@enabled.com" <noah@enabled.com>
Subject: Fle 5--BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL (fwd)

From   -Noah

---------- Forwarded message ----------
Date--Mon, 27 Jan 1997 14:35:29 -0500 (EST)
From--BellSouth <press@www.bellsouth.com>

BellSouth ............................................January 24, 1997

BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL

Background:  AT&T told reporters Thursday that they will ask the Federal
Communications Commission to slash the price they pay to local telephone
companies for use of the local lines to deliver calls to businesses and
home customers.

The following response may be attributed to David J. Markey, BellSouth
vice president governmental affairs.

"As usual, AT&T is looking for a federally enforced free ride.

"The Commission should ignore their rhetoric and the Congress should
monitor this process closely.

"At risk is the ability of the local telephone industry to maintain and
improve the public telephone network.

"AT&T wants the FCC to ignore our real costs.  The AT&T analysis of what
they think our costs ought to be is based on the so-called Hatfield model
which has not been accepted by most state commissions. TELRIC prices an
imaginary network and has been discredited by the noted economist, Alfred
Kahn who points out that the TELRIC approach doesn't take into
consideration the costs of maintaining the network or the costs of
universal service.

"Congress was told by the FCC that the so-called trilogy of proceedings
interconnection, universal service and access charges) would result in a
balanced implementation of the Telecommunications Act of 1996.  We're
still looking for that balance.

"First the Commission ordered us to allow companies like AT&T to buy our
service at half price through the "unbundled elements" scheme.  Then they
proposed a universal service regime that requires us to provide more
services, like wiring inside school buildings for which we are not fully
paid and now AT&T thinks we should give them another half-price ride on
our network.

"It's pretty clear that long distance oligopolists, offered the choice of
leasing our service below cost or spending money to build their own local
facilities, are choosing the cheap approach.  At that rate, no one will
build their own networks.  So, the improvements Congress envisioned and
the people were promised won't come.  AT&T won't build it and we won't
have the money to and we may not even have the money to maintain the
network to the same high level customers have come to expect.

Some potential facilities based competitors, like cable companies, have
looked at the new and proposed rules and decided there's no way to pay for
network improvements if AT&T can cream-skim all the business by just
re-selling our service.

"The commission needs to ignore AT&T's posturing and provide the balance
they promised Congress."


(A copy of Dr. Kahn's letter can be found at
http://www.bellsouthcorp.com/headlines/bell_releases/97/jan/kahnltr.html)

####

BellSouth is a $19 billion communications services company.  It provides
telecommunications, wireless communications, directory advertising and
publishing, video and information services to more than 25 million
customers in 17 countries worldwide.


 ##

Internet users: For more information about BellSouth Corporation visit the
BellSouth Webpage http://www.bellsouth.com

BellSouth Corporation news releases dating back one year are available by
fax at no charge by calling 1-800-758-5804, Ext. 095650.


For information:  Bill McCloskey 202-463-4129

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: Fle 6--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.09
************************************