Computer underground Digest Sun Mar 9, 1997 Volume 9 : Issue 17 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.17 (Sun, Mar 9, 1997) File 1--Computer Security Script and Software Database File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill File 3-- Open Internet Policy Principles File 4--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Wed, 5 Mar 1997 11:01:26 -0600 (CST) From: "Scott A. Davis" <sdavis@fc.net> Subject: File 1--Computer Security Script and Software Database On March 13, 1997, The Banzai Institute will make available a Computer Security Script and Software Database. Initially, there will be over 600 scripts and programs available that will allow system admins to test the weakness of the networks and systems that they are responsible for. Any and all information provided in this database is distributed for INFORMATION AND EDUCATIONAL PURPOSES ONLY. You can sign up now and have your account activated on the same day the databse opens by visiting our home page! www.banzai-institute.org/sdavis for PGP Public Key (ALL SECURE MESSAGES) ------------------------------ Date: Thu, 27 Feb 1997 22:22:00 -0800 (PST) From: Stanton McCandlish <mech@EFF.ORG> Subject: File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill EFFector Vol. 10, No. 02 Feb. 27, 1997 editor@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 <snip> * See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more information on current EFF activities and online activism alerts! * ---------------------------------------------------------------------- Subject--Pro-CODE Bill Announced Today: Free Crypto From Cold-War Regs ----------------------------------------------------------------- Below is a joint advisory from CDT, EFF and VTW about the re-introduction of Sen. Conrad Burns's "Pro-CODE" encryption export deregulation bill. EFF commends Burns and co-sponsors for continuing to raise this issue in Congress, and for their opposition to the Administration's obsolete (and unconstitutional) policies. Though EFF does not *endorse* this legislation (principally because it may perpetuate a policy of excluding the public from government decision-making on encryption policy), we do recognize and laud the bill as an improvement over the status quo in almost all respects. Pro-CODE would turn the current export process upside down, permitting export of most encryption, and requiring reportage of an encryption program's capabilities only *after* export. The bill also creates no new or redundant crime categories. PRO-CODE BILL ANNOUNCED TODAY BILL WOULD LIBERATE ENCRYPTION FROM ANTIQUATED COLD-WAR REGULATIONS February 27, 1997 Please widely redistribute this document with this banner intact until March 15, 1997 From the Center for Democracy and Technology (CDT), the Electronic Frontier Foundation (EFF), and the Voters Telecommunication Watch (VTW) ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now Background On Pro-CODE What's At Stake For More Information / Supporting Organizations ________________________________________________________________________ THE LATEST NEWS Today, a bi-partisan group of seventeen United States Senators, led by Conrad Burns (R-MT) and Patrick Leahy (D-VT), introduced the "Promotion of Commerce Online in the Digital Era (Pro-CODE) Act", a bill designed to promote privacy and security on the Internet by relaxing government controls on encryption technologies. Encryption technologies are the locks and keys of the Information age -- enabling individuals and businesses to protect sensitive information as it is transmitted over the Internet. Pro-CODE aims to enable this by removing some of the regulations that currently prevent Americans from using this technology. A short summary of the bill and background on the encryption policy debate are attached below, along with information on what you can do to help ensure that Congress takes action on this important issue. ________________________________________________________________________ WHAT YOU CAN DO NOW 1. CALL THE Pro-CODE SPONSORS AND THANK THEM FOR THEIR EFFORTS Members of Congress tend to hear from their constituents only when they do something constituents don't like. Today however, several Senators have taken a stand on an issue of critical importance to Internet users. It's crucial that we encourage them with phone calls of support. If you live in any of the states listed below, please take a moment to give these Senators a call. Allard (R-CO) Ashcroft (R-MO) Boxer (D-CA) Brownback (R-KS) Burns (R-MT) Craig (R-ID) Dominici (R-NM) Dorgan (D-ND) Faircloth (R-NC) Grahms (R-MN) Hutchison (R-TX) Inhoffe (R-OK) Kempthorne (R-ID) Leahy (D-VT) Lott (R-MS) Murray (D-WA) Nickles (R-OK) Thomas (R-WY) Wyden (D-OR) Please take a moment to give these Senators a call. <Dial 1-202-224-3121> <ring ring!> You:Senator Mojo's office please! Sen:Hello, Senator Mojo's office! You: SAY I heard that the Senator introduced Pro-CODE to add more privacy on THIS-> the Internet. Please thank the Senator for me and I support efforts to fix antiquated encryption export laws. I live in <your state>. Sen: Ok, thanks!<click> 2. ADOPT YOUR LEGISLATOR If you were one of the thousands of people that have adopted their legislator at http://www.crypto.com/, you would have received a personalized letter telling you that your legislator announced his or her sponsorship of Pro-CODE today. These personalized letters contain all the phone numbers you need, and we'll send them to you any time your legislator takes any action that would have a significant impact on the net. The Adopt Your Legislator campaign is the most effective method of mobilizing grass-roots support available today. Since late last year, VTW and CDT have been building a network of thousands of Internet users who are active and engaged in the fight for privacy and security on the Internet. By focusing our efforts on the constituents of specific legislators as well as on the net as a whole, we can ensure that members of Congress know that they have support within their district as well as throughout the Internet community. You can adopt your legislator at http://www.crypto.com/adopt/ ________________________________________________________________________ BACKGROUND ON THE PRO-CODE BILL The Promotion of Commerce Online in the Digital Era (Pro-CODE) Act is similar to a bill introduced by Senators Burns (R-MT) and Leahy (D-VT) last year (then S.1726). Pro-CODE enjoyed broad bi-partisan support in the Senate and was the subject of 3 hearings, including 2 which were cybercast live on the Internet. This year's Pro-CODE bill (no bill number yet available) is designed to encourage the widespread availability of strong, easy-to-use encryption technologies to protect privacy and security on the Internet. Specifically, Pro-CODE would: 1. Encourage the widespread availability of strong privacy and security products by relaxing export controls on encryption technologies that are already available on the mass market or in the public domain. This would include popular programs like Pretty Good Privacy (PGP) and World Wide Web browsers like those made by Netscape and Microsoft. Current US encryption policy restricts export of encryption products with key-lengths of more than 40 bits. A recent study by renowned cryptographers including Whit Diffie (one of the fathers of modern cryptography), Matt Blaze, and others concluded that 40 bits is "woefully inadequate" to protect personal and business communications. Over the last eighteen months, several examples of the weakness of 40-bit encryption have been demonstrated by college students with spare personal computers. 2. Prohibit the federal government from imposing mandatory key-escrow or key-recovery encryption policies on the domestic market and limit the authority of the Secretary of Commerce to set standards for encryption products. 3. Require the Secretary of Commerce to allow the unrestricted export of other encryption technologies if products of similar strength are generally available outside the United States. For more information on the Pro-CODE bill, background information on efforts to pass encryption policy reform legislation last year, and other materials please visit: For more information, see the Encryption Policy Resource Page at http://www.crypto.com/ ________________________________________________________________________ WHAT'S AT STAKE Encryption technologies are the locks and keys of the Information age -- enabling individuals and businesses to protect sensitive information as it is transmitted over the Internet. As more and more individuals and businesses come online, the need for strong, reliable, easy-to-use encryption technologies has become a critical issue to the health and viability of the Net. Current US encryption policy, which limits the strength of encryption products US companies can sell abroad, also limits the availability of strong, easy-to-use encryption technologies in the United States. US hardware and software manufacturers who wish to sell their products on the global market must either conform to US encryption export limits or produce two separate versions of the same product, a costly and complicated alternative. The export controls, which the NSA and FBI argue help to keep strong encryption out of the hands of foreign adversaries, are having the opposite effect. Strong encryption is available abroad, but because of the export limits and the confusion created by nearly four years of debate over US encryption policy, strong, easy-to-use privacy and security technologies are not widely available off the shelf or "on the net" here in the US. Because of this policy problem, US companies are now at a competitive disadvantage in the global marketplace. All of us care about our national security, and no one wants to make it any easier for criminals and terrorists to commit criminal acts. But we must also recognize encryption technologies can also aid law enforcement and protect national security by limiting the threat of industrial espionage and foreign spying. What's at stake in this debate is nothing less than the future of privacy and the fate of the Internet as a secure and trusted medium for commerce, education, and political discourse. ________________________________________________________________________ FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS This alert was brought to you by the Center for Democracy and Technology, the Electronic Frontier Foundation, and the Voters Telecommunications Watch. http://www.cdt.org http://www.eff.org http://www.vtw.org There are many excellent resources online to get up to speed on the crypto issue including the following WWW sites: http://www.crypto.com http://www.privacy.org Please visit them often. Press inquiries should be directed to: Jonah Seiger of CDT at jseiger@cdt.org or +1.202.637.9800 Stanton McCandlish of EFF at mech@eff.org or +1.415.436.9333 Shabbir J. Safdar of VTW at shabbir@vtw.org or +1.917.978.8430 (beeper). ________________________________________________________________________ End alert -------------------------- From--Conrad Burns <Conrad_Burns@burns.senate.gov> Subject--An Open Letter to the Internet Community from Senator Burns --------------------------------------------------------- February 27, 1997 Today I am pleased to announce that I have reintroduced legislation to reform US encryption policy in a way that recognizes the realities of the global information infrastructure and the need for strong privacy and security protections on the Internet. The "Promotion of Commerce Online in the Digital Era (Pro-CODE) Act" would promote the growth of electronic commerce, encourage the widespread availability of strong privacy and security technologies for the Internet, and repeal the cold war-era regulations limiting the export of encryption technologies. The bill enjoys widespread support from both my Republican and Democratic colleagues and was introduced with 20 cosponsors. As a fellow Internet user, I am excited by the vast potential of the Net to facilitate new forms of commerce and communication. In order for the Net to reach its potential as a trusted medium for personal communications and proprietary business transactions however, Internet users must have access to strong privacy and security technologies. Yet for years, the federal government has pursued an encryption policy which has limited the availability of privacy and security products -- leaving Internet users and businesses out in the cold. Last year, the Pro-CODE bill (then S. 1726) received broad bipartisan support in the Senate. Internet users, rallying to the cry of "My Lock, My Key," expressed their support for the bill in meetings members of Congress in live interactive chat sessions. Netizens also participated in the first interactive online Senate hearings and provided valuable testimony for the Committee on this issue. Yet almost a year after Congress entered this critical Internet policy debate, and despite the overwhelming call for encryption policy reform, the Administration remains committed to an outdated and unworkable approach to US Encryption policy. In November of 1996, the Administration announced yet another effort to reform US encryption policy. The proposal, which would allow the export of strong encryption programs only if they include government-approved "key-recovery" mechanisms, has met with uniform criticism from Internet users, privacy experts, and the computer and communications industry. Current export controls are serving only to limit the availability of privacy and security technologies for Internet users inside the US and disadvantage US industry on the competitive global market, while doing nothing to keep strong encryption out of the hands of foreign adversaries. By relaxing encryption export controls, the Pro-CODE bill will reform US encryption policy in a way that recognizes the realities of the information revolution and the competitive global marketplace. The Internet community has been instrumental in helping to educate my colleagues in the Congress about the importance of encryption policy reform. In the coming months I will need your help and support as this bill makes its way through the legislative process. As the bill moves forward, I want to invite you to take advantage of several online resources set up to educate the Congress and the public about the need for encryption policy reform. You can find out more by visiting my web page at http://www.senate.gov/~burns/. Thank you for your support, Conrad Burns United States Senator <Conrad_Burns@burns.senate.gov ------------------------------ Date: Thu, 6 Mar 97 21:58:38 -0800 From: Paul W. Meek, pmeek@phrf.org Subject: File 3-- Open Internet Policy Principles I hope I'm sending this to you correctly, and that you and readers of CU Digest will find this of interest. Please let me know if you need any further information. Paul W. Meek Vice President Parliamentary Human Rights Foundation Voice: (202) 333-1407 Fax: (202) 333-1275 Open Society Institute - Regional Internet Program Parliamentary Human Rights Foundation News Release Contact: H. Juergen Hess, OSI-RIP Public Relations Director tel. (212) 887-0602 FOR IMMEDIATE RELEASE fax (212) 974-0367 jhess@sorosny.org "Open Internet Policy Principles" Adopted by Group of International Experts March 5, 1997 -- New York/Washington, D.C. -- The Open Internet Policy Principles, a set of recommendations to guide the use of the Internet and related technologies, were adopted today by a group of international experts*. These Principles are intended as a framework for government officials, parliamentarians, and nongovernmental organizations as they consider the impact of the Internet in their own and other countries. The experts included European and American parliamentarians, government officials, nongovernmental organizations, and the academic and business communities. In its Preamble, the Principles state [full text attached]: "The Internet is an inherently open, decentralized communications infrastructure which is ideally suited to support the free exchange of ideas, a rich political discourse, and a vibrant economy." With regard to policymaking and the Internet, the Principles point out that policymaking ought to be undertaken "by policymakers who are well informed about the unique nature of the net and have direct experience with its use; and, with substantial input and comment from the user community." Other Principles address the following subject matters: * Access to Infrastructure: "Access to the global Internet and other interactive communications infrastructures is essential for all citizens of the world to enable full participation in the global society and developing digital economy;" * Freedom of Expression: "There should be no regulation of Internet content by government;" * Communications Privacy: "Users of the Internet should have the right to be free of unlawful government interception of or access to communication and information online;" * Right of Anonymity: "Users should have the right to communicate without disclosing their identity;" * Unfettered Right to Use Encryption: "Users should have the right to use any form of cryptographic technology they choose to protect the privacy of their communications;" * General Legal Framework: "The Internet does not exist in a legal vacuum. For the most part, existing laws can and should regulate conduct on the Internet to the same degree as other forms of conduct. Such laws may differ from country to country, but should conform with the applicable binding human rights obligations contained in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and the European Convention on Human Rights;" * Objectionable Content: "To enable Internet users to shield themselves and their families from objectionable or unwanted content, priority should be given to 'downstream filtering' by users;" * Civil and Criminal Law Enforcement: "(...) combating online crime, while protecting civil liberties, can best be accomplished with additional resources and training of law enforcement agencies, not by enactment of new laws;" * Access to Government Information: "Governments should enable citizens access to legislative, judicial and executive branch information through the Internet;" * Overseas Development Assistance: "Overseas development assistance programs should strive to promote full access to the Internet;" * Market Structure: "There should be no a priori limitation to market entry by Internet service providers (...)." The Principles are based upon the results of a conference organized by the Parliamentary Human Rights Foundation (PHRF), Parliamentary Human Rights Foundation/Europe (PHRF/Europe) and the Regional Internet Program of the Open Society Institute (OSI-RIP) held in Brussels, Belgium on November 23, 1996. (An Annex with diverging opinions is attached to the Principles.) "The Open Internet Policy Principles are the first phase of a larger project. As a next step, a case study will be undertaken of the telecommunications framework in Estonia, Latvia, and Lithuania, to apply the principles developed in Brussels to the particular circumstances of these emerging democracies," explained Don Bonker, Chairman and President of the Parliamentary Human Rights Foundation and a former Member of Congress. Representatives from these nations participated in the drafting of the Principles and the Brussels deliberations. "We hope that the Open Internet Policy Principles will lead to the development of model legislative and regulatory frameworks with global application," added Maartje van Putten, PHRF/Europe's Chair and Member of the European Parliament from the Netherlands. Jonathan Peizer, Chief Information Officer of the Open Society Institute clarified why the Baltic countries were chosen: "They are the most progressive countries with regard to use of the Internet in Central and Eastern Europe. OSI-RIP has been funding Internet-related activities in those nations since 1994. This, however, is our first major policy initiative for the Internet." The Parliamentary Human Rights Foundation (PHRF) is a worldwide, voluntary, non-partisan, not-for-profit organization committed to the promotion of human rights. PHRF works directly with parliamentarians to: enhance understanding of the meaning and importance of human rights; strengthen institutions for the protection of human rights; improve access to information about human rights conditions; foster international cooperation in the promotion of human rights; offer training and technical assistance to human rights advocates, especially parliamentarians; call attention to human rights abuses that violate internationally recognized standards; and nurture constitutional democracy, the rule of law, and other protections of human rights. PHRF can be found on the World Wide Web at <http://www.phrf.org>. The Open Society Institute--New York is a private operating and grantmaking foundation that promotes the development of open societies around the world, both by running its own programs and by awarding grants to others. The Open Society Institute--New York develops and implements a variety of U.S.-based and international programs in the areas of educational, social, and legal reform, and encourages public debate and policy alternatives in complex and often controversial fields. The Open Society Institute--New York is part of an informal network of more than 24 autonomous nonprofit foundations and other organizations created and funded by philanthropist George Soros. The Open Society Institute can be found on the World Wide Web at <http://www.soros.org>. # # # *Experts included representatives from: European Commission, European Parliament, Netscape Communications Corp., Oracle Corp., Ministry of Education and Science (Latvia), Ministry of Transportation and Communications (Estonia), Ministry of Transportation and Communications (Latvia), Electronic Frontier Foundation, American Civil Liberties Union, Voters Telecommunications Watch, Electronic Privacy Information Center, Computer Professionals for Social Responsibility, Center for Democracy and Technology, Riga Information and Technology Institute (Latvia), PT Finland, Baltic Institute of Finland, University of Leuven (Belgium), University of Groningen (Netherlands), Villanova School of Law (USA), Ghent University (Belgium), Levicom Ltd. (Estonia), Xs4all Internet BV (Netherlands), National Criminal Intelligence Service (Netherlands), Open Society Institute/Soros foundations network, Parliamentary Human Rights Foundation, and Parliamentary Human Rights Foundation/Europe. PHRF CONFERENCE Brussels, Belgium 23 November 1996 OPEN INTERNET POLICY PRINCIPLES A broad consensus was reached on the following points: Preamble The Internet is an inherently open, decentralized communications infrastructure which is ideally suited to support the free exchange of ideas, a rich political discourse, and a vibrant economy. The decentralized architecture of the Internet provides an abundance of communication opportunities, and gives users an unprecedented degree of control over the information that they receive. As organizations devoted to basic human rights, the growth of the Internet, and the flourishing of democratic culture, we believe that the foregoing principles will ensure that the Internet remains open and continues to support basic democratic values. I. Policymaking and the Internet In recognition of the novel and rapidly changing nature of the Internet, policymaking ought to be undertaken: * by policymakers who are well informed about the unique nature of the Internet and have direct experience with its use; and, * with substantial input and comment from the Internet user community. II. Internet Access and Market Structures A. Access to infrastructure 1) Access to the global Internet and other interactive communications infrastructures is essential for all citizens of the world to enable full participation in the global society and developing digital economy. 2) Government and the industry have a shared responsibility in building the Global Information Infrastructure ("GII"), and in ensuring as wide an access as possible to its services. 3) Competition, open systems and interoperability are the best way to enlarge access. 4) In particular, access to the Internet by schools, libraries and other public institutions should be viewed as a policy goal, subsidized as necessary. B. Access to Government Information: 1) Governments should enable citizens access to legislative, judicial and executive branch information through the Internet. Such access should be backed up by a legal right to public information, without any showing of need or intended use. Such information should be available in standard formats to promote broad and effective access. C. Market structures 1) There should be no a priori limitation to market entry for Internet service providers (ISPs), and ISPs should not be prevented from using or establishing their own terrestrial or wireless infrastructure. 2) In particular, licensing should not be used as a method of restricting market entry. 3) ISPs and other intermediaries have responsibilities, but those responsibilities should be enforced other than through licensing mechanisms. D. Overseas Development Assistance 1) Overseas development assistance programs should strive to promote full access to the Internet. Such programs should include support for the development of public policy environments consistent with these Open Internet Policy Principles, and adequate resources for training and ongoing support. III. The Rights and Responsibilities of Internet Users Internet users have rights and responsibilities which should shape the way the law addresses the Internet. A. General Legal Framework 1) The Internet does not exist in a legal vacuum. For the most part, existing laws can and should regulate conduct on the Internet to the same degree as other forms of conduct. Such laws may differ from country to country, but should conform with the applicable binding human rights obligations contained in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and the European Convention on Human Rights. 2) The legality of publishing activity on the Internet should be judged according to the law in the country in which the publisher originally acts to publish the material. While this "law of the place of origin" is consistent with the "Television Without Borders" policy of the European Commission, strong public policies in places of reception may necessitate negotiation of an international convention on this choice-of-law question. B. Objectionable Content 1) To enable users to shield themselves and their families from objectionable or unwanted content, priority should be given to "downstream filtering" by users. There should be no government censorship of Internet content. 2) Filtering should empower users to be responsible for the content they access. 3) Filtering can promote freedom of choice through a variety of rating systems. 4) Filtering systems should make clear what sites they block (or select) and what criteria they use to block (or select) sites. 5) Access to multiple 3rd party content labeling systems, as opposed to government censorship, can support the great diversity of cultural and moral values of Internet users around the world. IV. Law, Human Rights and the Internet Legal regulation of the Internet should implement the foregoing principles relating to rights and responsibilities of Internet users, while also recognizing international human rights law and legitimate national law enforcement interests. A. Freedom of Expression There should be no regulation of Internet content by government. We understand the fundamental rights of freedom of expression, as embodied in Art. 19 of the Universal Declaration of Human Rights ("Everybody has the right ... to seek, receive and impart information and ideas through any media and regardless of frontiers" ) and in Art. 19(2) of the International Covenant on Civil and Political Rights ("Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form or art or through any other media of his choice") -- to apply with full force to Internet communication. B. Civil and Criminal Law Enforcement Enforcing existing laws in the international Internet environment raises specific challenges. In general,combating online crime, while protecting civil liberties, can best be accomplished with additional resources and training for law enforcement agencies, not by enactment of new laws. In carrying out their duties, law enforcement agencies should: *be fully aware of the unique characteristics of the Internet; *adhere to internationally recognized principles of human rights; *have the resources necessary to adopt appropriate technologies; and *co-ordinate with other law enforcement agencies across international boundaries. Law enforcement activity should be guided by the following principles: 1) Law enforcement agents should only conduct investigations or surveillance in public online fora pursuant to public and officially approved investigative guidelines, which provide adequate protection for individual freedom of association and political activity. 2) Governments should not monitor individual Internet users for civil or criminal investigatory purposes nor collect information on the way they use the Internet, except pursuant to a judicial process that is consistent with internationally recognized principles of privacy. 3) Governmental searches or seizure of electronic communications should not be conducted, except pursuant to legally authorized procedures, that require that there is sufficient evidence that the user is engaged in illegal activity to justify the search. Any such search should be supervised by an appropriate detached and neutral judicial officer. Any search should be narrow in its scope and effect. C. Communications Privacy Users of the Internet should have the right to be free of unlawful governmental interception of or access to communication and information online. Protection of this right entails: 1) Right of Anonymity: Users should have the right to communicate without disclosing their identity. Anonymous communication is critical to assure basic rights of freedom of association and to protect an open political process. By the same token, anonymous communication is not traceable by law enforcement. Thus, we recognize that some criminal investigations may be made more difficult. As the Internet develops, we believe that some services will develop that support anonymous speech, while others will require identification. Choice among various levels of identification should be made by the users involved, not dictated by law. 2) Unfettered Right to Use Encryption: Users should have the right to use any form of cryptographic technology they choose to protect the privacy of their communications. Users should not be compelled to guarantee in advance law enforcement access to communications through key escrow, key recovery or other mechanisms. 3) Freedom from Unlawful Access to Information in Storage or Transmission: No user should be subjected to governmental search or seizure of electronic communications except pursuant to legally authorized procedures, supervised by an appropriate detached and neutral judicial officer. 4) Users should have better notice and choice over the use of personal information by others. User empowerment approaches can also address these information privacy issues in interactive system environments. (end of Final Open Internet Policy Principles Document) Annex to the Final Open Internet Policy Principles Document When there was a difference of opinion among conference participants as to a particular Principle, a vote was taken, with the majority view prevailing. All conference participants agreed that views not prevailing would be included in an Annex to the Final Document. There was a majority vote by conference participants in favor of removing the following draft Principle from the Final Document: Responsibility for content on the Internet should rest with the author of the content. It is crucial to identify accurately the chain of responsibilities. Originators of content should be responsible for the content they put on the Internet - not access providers, network operators, storage facilities or other intermediaries. When anonymity makes it impossible to fix responsibility on the author or originator, responsibility should rest with the last first identifiable individual or entity in the chain of distribution, closest to the author or originator, who had an opportunity to accept or decline anonymous material. Professor Hank Perritt of Villanova University Law School has provided the following opinion in support of the draft Principle above that was removed from the Final Document: There is a tension between protecting anonymity and protecting intermediaries from liability. The best rule would be to protect intermediaries from liability as long as it is possible to identify the originator or author of a communication. If an intermediary handles anonymous communications, however, the only choice is to let a victim of a harmful communication bear the loss or to shift the loss to the intermediary. As between the innocent victim, who has no choice, and the intermediary who has a choice whether to accept anonymous communication, it would be preferable to hold the intermediary liable. Accordingly, I would favor an immunity for intermediaries but only as to non-anonymous messages or other items of information content. Two conference participants,Christopher Kuner, Attorney-at-Law, Gleiss & Partners, Germany (on behalf of Netscape Communications Corporation) and Professor Hank Perritt of Villanova University Law School, have expressed reservations about Principle III(A)2 in the Final Document: Christopher Kuner: Principle III(A)(2) is unclear, legally questionable, and does not reflect our discussion at the conference. In particular, I would like to point out the following: (1) The wording of this principle is unclear; just what is "the country in which the publisher originally acts to publish the material" when, for instance, an Internet user transmits material he has authored to a server in another country, from which it can be accessed over the net? (2) The principle is inconsistent with the rest of the draft. Under this language, the conduct of someone sitting at a computer in Iran who publishes a web page saying "Khomeini was a liar and a crook" should be judged based on Iranian law, whereas in Article III(A)(1) we talk about "binding human rights obligations" and in Article IV about "international human rights law", both of which would likely be violated by the sanctions which Iranian law would impose on such a person. (3) Why does it matter whether or not a document concerned with the Internet is consistent with EU television policy? (4) The law of most countries and international law provide for the possibility of law being applied to conduct outside the borders of the jurisdiction which enacted it when such conduct produces a harmful effect in the jurisdiction. I may not always agree with this approach, but find that Article III(A)(2) simply glosses over this principle without explaining why it should not apply in the case of the Internet. (5) The choice of law provision embodied in Article III(A)(2) was mentioned in the closing minutes of the conference as an afterthought, and we never had a chance to discuss it. The subject of choice of law in the Internet is extremely complex, and I object to taking a position on it when we never had a chance to consider it properly. Professor Hank Perritt: Choice of law is tricky in Cyberspace. International law arguably permits both the country of origin (under the principle of subjective territoriality) and the country of receipt (under the principle of objective territoriality) to regulate content on the Internet. There is precedent for both approaches. The "Television Without Borders" document from the EC adopts the country-of-origin approach, making content legal anywhere if it is legal in the country of origin and presumably illegal anywhere if it is illegal in the country of origin. The UN General Assembly resolution on direct broadcast television adopts the country of receipt approach, making the content legal if it is legal in the country of receipt, and presumably illegal according to the local law of the place of receipt as well. Neither of these approaches is perfect. In the long run, it would be better to harmonize content rules, and efforts should begin now to narrow differences on content regulation, recognizing a general preference in favor of freedom of expression, as noted in the principles. (end of Annex to the Final Open Internet Policy Principles Document) ------------------------------ ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: File 4--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.17 ************************************