Computer underground Digest    Sun  Mar 9, 1997   Volume 9 : Issue 17
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.17 (Sun, Mar 9, 1997)

File 1--Computer Security Script and Software Database
File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill
File 3--    Open Internet Policy Principles
File 4--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Wed, 5 Mar 1997 11:01:26 -0600 (CST)
From: "Scott A. Davis" <sdavis@fc.net>
Subject: File 1--Computer Security Script and Software Database

On March 13, 1997, The Banzai Institute will make available a
Computer Security Script and Software Database.  Initially, there
will be over 600 scripts and programs available that will allow
system admins to test the weakness of the networks and systems
that they are responsible for.  Any and all information provided
in this database is distributed for INFORMATION AND EDUCATIONAL
PURPOSES ONLY.  You can sign up now and have your account
activated on the same day the databse opens by visiting our home
page!


  www.banzai-institute.org/sdavis for PGP Public Key (ALL SECURE
MESSAGES)

------------------------------

Date: Thu, 27 Feb 1997 22:22:00 -0800 (PST)
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill

EFFector        Vol. 10, No. 02        Feb. 27, 1997       editor@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

<snip>

 * See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more
 information on current EFF activities and online activism alerts! *

  ----------------------------------------------------------------------


Subject--Pro-CODE Bill Announced Today:  Free Crypto From Cold-War Regs
  -----------------------------------------------------------------

Below is a joint advisory from CDT, EFF and VTW about the re-introduction
of Sen. Conrad Burns's "Pro-CODE" encryption export deregulation bill. EFF
commends Burns and co-sponsors for continuing to raise this issue in
Congress, and for their opposition to the Administration's obsolete (and
unconstitutional) policies.

Though EFF does not *endorse* this legislation (principally because it
may perpetuate a policy of excluding the public from government
decision-making on encryption policy), we do recognize and laud the
bill as an improvement over the status quo in almost all respects.
Pro-CODE would turn the current export process upside down, permitting
export of most encryption, and requiring reportage of an encryption
program's capabilities only *after* export. The bill also creates no new
or redundant crime categories.



                     PRO-CODE BILL ANNOUNCED TODAY
    BILL WOULD LIBERATE ENCRYPTION FROM ANTIQUATED COLD-WAR REGULATIONS

                          February 27, 1997

      Please widely redistribute this document with this banner
                    intact until March 15, 1997

            From the Center for Democracy and Technology (CDT),
              the Electronic Frontier Foundation (EFF), and
                 the Voters Telecommunication Watch (VTW)

________________________________________________________________________
CONTENTS
        The Latest News
        What You Can Do Now
        Background On Pro-CODE
        What's At Stake
        For More Information / Supporting Organizations

________________________________________________________________________
THE LATEST NEWS

Today, a bi-partisan group of seventeen United States Senators, led by
Conrad Burns (R-MT) and Patrick Leahy (D-VT), introduced the "Promotion
of Commerce Online in the Digital Era (Pro-CODE) Act", a bill designed
to promote privacy and security on the Internet by relaxing government
controls on encryption technologies.

Encryption technologies are the locks and keys of the Information age
-- enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. Pro-CODE aims to enable this by
removing some of the regulations that currently prevent Americans from
using this technology.

A short summary of the bill and background on the encryption policy
debate are attached below, along with information on what you can do to
help ensure that Congress takes action on this important issue.

________________________________________________________________________
WHAT YOU CAN DO NOW

1. CALL THE Pro-CODE SPONSORS AND THANK THEM FOR THEIR EFFORTS

   Members of Congress tend to hear from their constituents only when
   they do something constituents don't like.  Today however, several
   Senators have taken a stand on an issue of critical importance to
   Internet users.  It's crucial that we encourage them with phone
   calls of support.

   If you live in any of the states listed below, please take a moment
   to give these Senators a call.

   Allard (R-CO)     Ashcroft (R-MO)     Boxer (D-CA)     Brownback (R-KS)
   Burns (R-MT)      Craig (R-ID)        Dominici (R-NM)  Dorgan (D-ND)
   Faircloth (R-NC)  Grahms (R-MN)       Hutchison (R-TX) Inhoffe (R-OK)
   Kempthorne (R-ID) Leahy (D-VT)        Lott (R-MS)      Murray (D-WA)
   Nickles (R-OK)    Thomas (R-WY)       Wyden (D-OR)

   Please take a moment to give these Senators a call.

        <Dial 1-202-224-3121>
        <ring ring!>
        You:Senator Mojo's office please!
        Sen:Hello, Senator Mojo's office!

        You:

SAY     I heard that the Senator introduced Pro-CODE to add more privacy
on
THIS->  the Internet.  Please thank the Senator for me and I support
        efforts to fix antiquated encryption export laws.  I live in <your
        state>.

        Sen: Ok, thanks!<click>

2. ADOPT YOUR LEGISLATOR

   If you were one of the thousands of people that have adopted their
   legislator at http://www.crypto.com/, you would have received a
   personalized letter telling you that your legislator announced his
   or her sponsorship of Pro-CODE today.

   These personalized letters contain all the phone numbers you need,
   and we'll send them to you any time your legislator takes any action
   that would have a significant impact on the net.

   The Adopt Your Legislator campaign is the most effective method of
   mobilizing grass-roots support available today.  Since late last
   year, VTW and CDT have been building a network of thousands of
   Internet users who are active and engaged in the fight for privacy
   and security on the Internet.

   By focusing our efforts on the constituents of specific legislators
   as well as on the net as a whole, we can ensure that members of
   Congress know that they have support within their district as well
   as throughout the Internet community.

   You can adopt your legislator at http://www.crypto.com/adopt/

________________________________________________________________________
BACKGROUND ON THE PRO-CODE BILL

The Promotion of Commerce Online in the Digital Era (Pro-CODE) Act is
similar to a bill introduced by Senators Burns (R-MT) and Leahy (D-VT)
last year (then S.1726).  Pro-CODE enjoyed broad bi-partisan support in
the Senate and was the subject of 3 hearings, including 2 which were
cybercast live on the Internet.

This year's Pro-CODE bill (no bill number yet available) is designed to
encourage the widespread availability of strong, easy-to-use encryption
technologies to protect privacy and security on the Internet.
Specifically, Pro-CODE would:

1. Encourage the widespread availability of strong privacy and security
   products by relaxing export controls on encryption technologies that
   are already available on the mass market or in the public domain.
   This would include popular programs like Pretty Good Privacy (PGP)
   and World Wide Web browsers like those made by Netscape and Microsoft.

   Current US encryption policy restricts export of encryption products
   with key-lengths of more than 40 bits.  A recent study by renowned
   cryptographers including Whit Diffie (one of the fathers of modern
   cryptography), Matt Blaze, and others concluded that 40 bits is
   "woefully inadequate" to protect personal and business communications.
   Over the last eighteen months, several examples of the weakness of
   40-bit encryption have been demonstrated by college students with
   spare personal computers.

2. Prohibit the federal government from imposing mandatory key-escrow or
   key-recovery encryption policies on the domestic market and limit the
   authority of the Secretary of Commerce to set standards for
   encryption products.

3. Require the Secretary of Commerce to allow the unrestricted export of
   other encryption technologies if products of similar strength are
   generally available outside the United States.

For more information on the Pro-CODE bill, background information on
efforts to pass encryption policy reform legislation last year, and
other materials please visit:

For more information, see the Encryption Policy Resource Page at
http://www.crypto.com/

________________________________________________________________________
WHAT'S AT STAKE

Encryption technologies are the locks and keys of the Information age
-- enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. As more and more individuals
and businesses come online, the need for strong, reliable, easy-to-use
encryption technologies has become a critical issue to the health and
viability of the Net.

Current US encryption policy, which limits the strength of encryption
products US companies can sell abroad, also limits the availability of
strong, easy-to-use encryption technologies in the United States. US
hardware and software manufacturers who wish to sell their products on
the global market must either conform to US encryption export limits or
produce two separate versions of the same product, a costly and
complicated alternative.

The export controls, which the NSA and FBI argue help to keep strong
encryption out of the hands of foreign adversaries, are having the
opposite effect. Strong encryption is available abroad, but because of
the export limits and the confusion created by nearly four years of
debate over US encryption policy, strong, easy-to-use privacy and
security technologies are not widely available off the shelf or "on the
net" here in the US. Because of this policy problem, US companies are
now at a competitive disadvantage in the global marketplace.

All of us care about our national security, and no one wants to make it
any easier for criminals and terrorists to commit criminal acts. But we
must also recognize encryption technologies can also aid law
enforcement and protect national security by limiting the threat of
industrial espionage and foreign spying.

What's at stake in this debate is nothing less than the future of
privacy and the fate of the Internet as a secure and trusted medium for
commerce, education, and political discourse.

________________________________________________________________________
FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS

This alert was brought to you by the Center for Democracy and
Technology, the Electronic Frontier Foundation, and the Voters
Telecommunications Watch.

http://www.cdt.org           http://www.eff.org       http://www.vtw.org

There are many excellent resources online to get up to speed on the
crypto issue including the following WWW sites:

           http://www.crypto.com       http://www.privacy.org

Please visit them often.    Press inquiries should be directed to:

 Jonah Seiger of CDT at jseiger@cdt.org or +1.202.637.9800
 Stanton McCandlish of EFF at mech@eff.org or  +1.415.436.9333
 Shabbir J. Safdar of VTW at shabbir@vtw.org or +1.917.978.8430 (beeper).

________________________________________________________________________
End alert

  --------------------------


From--Conrad Burns <Conrad_Burns@burns.senate.gov>
Subject--An Open Letter to the Internet Community from Senator Burns
 ---------------------------------------------------------

February 27, 1997

Today I am pleased to announce that I have reintroduced legislation to
reform US encryption policy in a way that recognizes the realities of
the global information infrastructure and the need for strong privacy
and security protections on the Internet.   The "Promotion of Commerce
Online in the Digital Era (Pro-CODE) Act" would promote the growth of
electronic commerce, encourage the widespread availability of strong
privacy and security technologies for the Internet, and repeal the
cold war-era regulations limiting the export of encryption
technologies. The bill enjoys widespread support from both my
Republican and Democratic colleagues and was introduced with 20
cosponsors.

As a fellow Internet user, I am excited by the vast potential of the
Net to facilitate new forms of commerce and communication.  In order
for the Net to reach its potential as a trusted medium for personal
communications and proprietary business transactions however,
Internet users must have access to strong privacy and security
technologies.  Yet for years, the federal government has pursued an
encryption policy which has limited the availability of privacy and
security products -- leaving Internet users and businesses out in the
cold.

Last year, the Pro-CODE bill (then S. 1726) received broad bipartisan
support in the Senate.  Internet users, rallying to the cry of "My
Lock, My Key," expressed their support for the bill in meetings
members of Congress in live interactive chat sessions.  Netizens also
participated in the first interactive online Senate hearings and
provided valuable testimony for the Committee on this issue.

Yet almost a year after Congress entered this critical Internet policy
debate, and despite the overwhelming call for encryption policy
reform, the Administration remains committed to an outdated and
unworkable approach to US Encryption policy.  In November of 1996, the
Administration announced yet another effort to reform US encryption
policy.  The proposal, which would allow the export of strong
encryption programs only if they include government-approved
"key-recovery" mechanisms, has met with uniform criticism from
Internet users, privacy experts, and the computer and communications
industry.

Current export controls are serving only to limit the availability of
privacy and security technologies for Internet users inside the US and
disadvantage US industry on the competitive global market, while doing
nothing to keep strong encryption out of the hands of foreign
adversaries.

By relaxing encryption export controls, the Pro-CODE bill will reform
US encryption policy in a way that recognizes the realities of the
information revolution and the competitive global marketplace.

The Internet community has been instrumental in helping to educate my
colleagues in the Congress about the importance of encryption policy
reform.  In the coming months I will need your help and support as
this bill makes its way through the legislative process.

As the bill moves forward, I want to invite you to take advantage of
several online resources set up to educate the Congress and the public
about the need for encryption policy reform.  You can find out more by
visiting my web page at http://www.senate.gov/~burns/.

Thank you for your support,

Conrad Burns
United States Senator
<Conrad_Burns@burns.senate.gov

------------------------------

Date: Thu, 6 Mar 97 21:58:38 -0800
From:        Paul W. Meek, pmeek@phrf.org
Subject: File 3--    Open Internet Policy Principles

I hope I'm sending this to you correctly, and that you and readers of CU
Digest will find this of interest.

Please let me know if you need any further information.

Paul W. Meek
Vice President
Parliamentary Human Rights Foundation

Voice: (202) 333-1407
Fax: (202) 333-1275



 Open Society Institute - Regional Internet Program
     Parliamentary Human Rights Foundation

     News Release            Contact:   H. Juergen Hess, OSI-RIP
                                        Public Relations Director
                                        tel. (212) 887-0602
     FOR IMMEDIATE RELEASE              fax (212) 974-0367
                                        jhess@sorosny.org

     "Open Internet Policy Principles"
     Adopted by Group of International Experts

     March 5, 1997 -- New York/Washington, D.C. --  The Open Internet
Policy
     Principles, a set of recommendations to guide the use of the Internet
     and related technologies, were adopted today by a group of
     international experts*.  These Principles are intended as a framework
     for government officials, parliamentarians, and nongovernmental
     organizations as they consider the impact of the Internet in their
own
     and other countries.  The experts included European and American
     parliamentarians, government officials, nongovernmental
organizations,
     and the academic and business communities.

     In its Preamble, the Principles state [full text attached]: "The
     Internet is an inherently open, decentralized communications
     infrastructure which is ideally suited to support the free exchange
of
     ideas, a rich political discourse, and a vibrant economy."

     With regard to policymaking and the Internet, the Principles point
out
     that policymaking ought to be undertaken "by policymakers who are
well
     informed about the unique nature of the net and have direct
experience
     with its use; and, with substantial input and comment from the user
     community."

     Other Principles address the following subject matters:

     * Access to Infrastructure: "Access to the global Internet and other
     interactive communications infrastructures is essential for all
     citizens of the world to enable full participation in the global
     society and developing digital economy;"

     * Freedom of Expression: "There should be no regulation of Internet
     content by government;"

     * Communications Privacy: "Users of the Internet should have the
right
     to be free of unlawful government interception of or access to
     communication and information online;"

     * Right of Anonymity: "Users should have the right to communicate
     without disclosing their identity;"

     * Unfettered Right to Use Encryption: "Users should have the right to
     use any form of cryptographic technology they choose to protect the
     privacy of their communications;"

     * General Legal Framework: "The Internet does not exist in a legal
     vacuum.  For the most part, existing laws can and should regulate
     conduct on the Internet to the same degree as other forms of conduct.
     Such laws may differ from country to country, but should conform with
     the applicable binding human rights obligations contained in the
     Universal Declaration of Human Rights, the International Covenant on
     Civil and Political Rights and the European Convention on Human
     Rights;"

     * Objectionable Content: "To enable Internet users to shield
     themselves and their families from objectionable or unwanted content,
     priority should be given to 'downstream filtering' by users;"

     * Civil and Criminal Law Enforcement: "(...) combating online crime,
     while protecting civil liberties, can best be accomplished with
     additional resources and training of law enforcement agencies, not by
     enactment of new laws;"

     * Access to Government Information: "Governments should enable
     citizens access to legislative, judicial and executive branch
     information through the Internet;"

     * Overseas Development Assistance: "Overseas development assistance
     programs should strive to promote full access to the Internet;"

     * Market Structure: "There should be no a priori limitation to market
     entry by Internet service providers (...)."

     The Principles are based upon the results of a conference organized
by
     the Parliamentary Human Rights Foundation (PHRF), Parliamentary Human
     Rights Foundation/Europe (PHRF/Europe) and the Regional Internet
     Program of the Open Society Institute (OSI-RIP) held in Brussels,
     Belgium on November 23, 1996. (An Annex with diverging opinions is
     attached to the Principles.)

     "The Open Internet Policy Principles are the first phase of a larger
     project.  As a next step, a case study will be undertaken of the
     telecommunications framework in Estonia, Latvia, and Lithuania, to
     apply the principles developed in Brussels to the particular
     circumstances of these emerging democracies," explained Don Bonker,
     Chairman and President of the Parliamentary Human Rights Foundation
     and a former Member of Congress.  Representatives from these nations
     participated in the drafting of the Principles and the Brussels
     deliberations.

     "We hope that the Open Internet Policy Principles will lead to the
     development of model legislative and regulatory frameworks with
global
     application," added Maartje van Putten, PHRF/Europe's Chair and
Member
     of the European Parliament from the Netherlands.

     Jonathan Peizer, Chief Information Officer of the Open Society
     Institute clarified why the Baltic countries were chosen: "They are
     the most progressive countries with regard to use of the Internet in
     Central and Eastern Europe.  OSI-RIP has been funding
Internet-related
     activities in those nations since 1994.  This, however, is our first
     major policy initiative for the Internet."

     The Parliamentary Human Rights Foundation (PHRF) is a worldwide,
     voluntary, non-partisan, not-for-profit organization committed to the
     promotion of human rights.  PHRF works directly with parliamentarians
     to: enhance understanding of the meaning and importance of human
     rights; strengthen institutions for the protection of human rights;
     improve access to information about human rights conditions; foster
     international cooperation in the promotion of human rights; offer
     training and technical assistance to human rights advocates,
     especially parliamentarians; call attention to human rights abuses
     that violate internationally recognized standards; and nurture
     constitutional democracy, the rule of law, and other protections of
     human rights. PHRF can be found on the World Wide Web at
     <http://www.phrf.org>.

     The Open Society Institute--New York is a private operating and
     grantmaking foundation that promotes the development of open
societies
     around the world, both by running its own programs and by awarding
     grants to others. The Open Society Institute--New York develops and
     implements a variety of U.S.-based and international programs in the
     areas of educational, social, and legal reform, and encourages public
     debate and policy alternatives in complex and often controversial
     fields. The Open Society Institute--New York is part of an informal
     network of more than 24 autonomous nonprofit foundations and other
     organizations created and funded by philanthropist George Soros. The
     Open Society Institute can be found on the World Wide Web at
     <http://www.soros.org>.


     #  #  #




     *Experts included representatives from: European Commission, European
     Parliament, Netscape Communications Corp., Oracle Corp., Ministry of
     Education and Science (Latvia), Ministry of Transportation and
     Communications (Estonia), Ministry of Transportation and
     Communications (Latvia), Electronic Frontier Foundation, American
     Civil Liberties Union, Voters Telecommunications Watch, Electronic
     Privacy Information Center, Computer Professionals for Social
     Responsibility, Center for Democracy and Technology, Riga Information
     and Technology Institute (Latvia), PT Finland, Baltic Institute of
     Finland, University of Leuven (Belgium), University of Groningen
     (Netherlands), Villanova School of Law (USA), Ghent University
     (Belgium), Levicom Ltd. (Estonia), Xs4all Internet BV (Netherlands),
     National Criminal Intelligence Service (Netherlands), Open Society
     Institute/Soros foundations network, Parliamentary Human Rights
     Foundation, and Parliamentary Human Rights Foundation/Europe.

PHRF CONFERENCE
Brussels, Belgium 23 November 1996


OPEN INTERNET POLICY PRINCIPLES


A broad consensus was reached on the following points:

Preamble

The Internet is an inherently open, decentralized communications
infrastructure which is ideally suited to support the free exchange of
ideas, a rich political discourse, and a vibrant economy.  The
decentralized architecture of the Internet provides an abundance of
communication opportunities, and gives users an unprecedented degree of
control over the information that they receive.  As organizations devoted
to basic human rights, the growth of the Internet, and the flourishing of
democratic culture, we believe that the foregoing principles will ensure
that the Internet remains open and continues to support basic democratic
values.


I. Policymaking and the Internet

In recognition of the novel and rapidly changing nature of the Internet,
policymaking ought to be undertaken:

* by policymakers who are well informed about the unique nature of the
Internet and have direct experience with its use; and,

* with substantial input and comment from the Internet user community.

II. Internet Access and Market Structures

A. Access to infrastructure

1) Access to the global Internet and other interactive communications
infrastructures is essential for all citizens of the world to enable full
participation in the global society and developing digital economy.

2) Government and the industry have a shared responsibility in building
the
Global Information Infrastructure ("GII"), and in ensuring as wide an
access as possible to its services.

3) Competition, open systems and interoperability are the best way to
enlarge access.

4) In particular, access to the Internet by schools, libraries and other
public
institutions should be viewed as a policy goal, subsidized as necessary.

B. Access to Government Information:

1) Governments should enable citizens access to legislative, judicial and
executive branch information through the Internet. Such access should be
backed up by a legal right to public information, without any showing of
need or intended use. Such information should be available in standard
formats to promote broad and effective access.

C. Market structures

1) There should be no a priori limitation to market entry for Internet
service providers (ISPs), and ISPs should not be prevented from using or
establishing their own terrestrial or wireless infrastructure.

2) In particular, licensing should not be used as a method of restricting
market entry.

3) ISPs and other intermediaries have responsibilities, but those
responsibilities should be enforced other than through licensing
mechanisms.

D. Overseas Development Assistance

1) Overseas development assistance programs should strive to promote full
access to the Internet. Such programs should include support for the
development of public policy environments consistent with these Open
Internet Policy Principles, and adequate resources for training and
ongoing
support.

III. The Rights and Responsibilities of Internet Users

Internet users have rights and responsibilities which should shape the way
the law addresses the Internet.

A. General Legal Framework

1) The Internet does not exist in a legal vacuum.  For the most part,
existing laws can and should regulate conduct on the Internet to the same
degree as other forms of conduct.  Such laws may differ from  country to
country, but should conform with the applicable binding human rights
obligations contained in the Universal Declaration of Human Rights, the
International Covenant on Civil and Political Rights and the European
Convention on Human Rights.

2) The legality of publishing activity on the Internet should be judged
according to the law in the country in which the publisher originally acts
to publish the material. While this "law of the place of origin" is
consistent with the "Television Without Borders" policy of the European
Commission, strong public policies in places of reception may necessitate
negotiation of an international convention on this choice-of-law question.

B. Objectionable Content

1) To enable users to shield themselves and their families from
objectionable or unwanted content, priority should be given to "downstream
filtering" by users. There should be no government censorship of Internet
content.

2) Filtering should empower users to be responsible for the content they
access.

3) Filtering can promote freedom of choice through a variety of rating
systems.

4) Filtering systems should make clear what sites they block (or select)
and what criteria they use to block (or select) sites.

5) Access to multiple 3rd party content labeling systems, as opposed to
government censorship, can support the great diversity of cultural and
moral values of Internet users around the world.

IV. Law, Human Rights and the Internet

Legal regulation of the Internet should implement the foregoing principles
relating to rights and responsibilities of Internet users, while also
recognizing international human rights law and legitimate national law
enforcement interests.

A. Freedom of Expression

There should be no regulation of Internet content by government. We
understand the fundamental rights of freedom of expression, as embodied in
Art. 19 of the Universal Declaration of Human Rights ("Everybody has the
right ... to seek, receive and impart information and ideas through any
media and regardless of frontiers" ) and in Art. 19(2) of the
International
Covenant on Civil and Political Rights ("Everyone shall have the right to
freedom of expression; this right shall include freedom to seek, receive
and impart information and ideas of all kinds, regardless of frontiers,
either orally, in writing or in print, in the form or art or through any
other media of his choice") -- to apply with
full force to Internet communication.

B. Civil and Criminal Law Enforcement

Enforcing existing laws in the international Internet environment raises
specific challenges. In general,combating online crime, while protecting
civil liberties, can best be accomplished with additional resources and
training for law enforcement agencies, not by enactment of new laws.

In carrying out their duties, law enforcement agencies should:

*be fully aware of the unique characteristics of the Internet;

*adhere to internationally recognized principles of human rights;

*have the resources necessary to adopt appropriate technologies; and

*co-ordinate with other law enforcement agencies across international
boundaries.

Law enforcement activity should be guided by the following principles:

1) Law enforcement agents should only conduct investigations or
surveillance in public online fora pursuant to public and officially
approved investigative guidelines, which provide adequate protection for
individual freedom of association and political activity.

2) Governments should not monitor individual Internet users for civil or
criminal investigatory purposes nor collect information on the way they
use
the Internet, except pursuant to a judicial process that is consistent
with
internationally recognized principles of privacy.

3) Governmental searches or seizure of electronic communications should
not
be conducted, except pursuant to legally authorized procedures, that
require that there is sufficient evidence that the user is engaged in
illegal activity to justify the search. Any such search should be
supervised by an appropriate detached and neutral judicial officer.

Any search should be narrow in its scope and effect.

C. Communications Privacy

Users of the Internet should have the right to be free of unlawful
governmental interception of or access to communication and information
online. Protection of this right entails:

1) Right of Anonymity: Users should have the right to communicate without
disclosing their identity. Anonymous communication is critical to assure
basic rights of freedom of association and to protect an open political
process. By the same token, anonymous communication is not traceable by
law
enforcement. Thus, we recognize that some criminal investigations may be
made more difficult. As the Internet develops, we believe that some
services will develop that support anonymous speech, while others will
require identification. Choice among various levels of identification
should be made by the users involved, not dictated by law.

2) Unfettered Right to Use Encryption: Users should have the right to use
any form of cryptographic technology they choose to protect the privacy of
their communications. Users should not be compelled to guarantee in
advance
law enforcement access to communications through key escrow, key recovery
or other mechanisms.

3) Freedom from Unlawful Access to Information in Storage or Transmission:
No user should be subjected to governmental search or seizure of
electronic
communications except pursuant to legally authorized procedures,
supervised
by an appropriate detached and neutral judicial officer.

4) Users should have better notice and choice over the use of personal
information by others. User empowerment approaches can also address these
information privacy issues in interactive system environments.

(end of Final Open Internet Policy Principles Document)

Annex to the Final Open Internet Policy Principles Document

When there was a difference of opinion among conference participants as to
a particular Principle, a vote was taken, with the majority view
prevailing. All conference participants agreed that views not prevailing
would be included in an Annex to the Final Document.

There was a majority vote by conference participants in favor of removing
the following draft Principle from the Final Document:

Responsibility for content on the Internet should rest with the author of
the content. It is crucial to identify accurately the chain of
responsibilities. Originators of content should be responsible for the
content they put on the Internet - not access providers, network
operators,
storage facilities or other intermediaries. When anonymity makes it
impossible to fix responsibility on the author or originator,
responsibility should rest with the last first identifiable individual or
entity in the chain of distribution, closest to the author or originator,
who had an opportunity to accept or decline anonymous material.

Professor Hank Perritt of Villanova University Law School has provided the
following opinion in support of the draft Principle above that was removed
from the Final Document:

There is a tension between protecting anonymity and protecting
intermediaries from liability. The best rule would be to protect
intermediaries from liability as long as it is possible to identify the
originator or author of a communication. If an intermediary handles
anonymous communications, however, the only choice is to let a victim of a
harmful communication bear the loss or to shift the loss to the
intermediary. As between the innocent victim, who has no choice, and the
intermediary who has a choice whether to accept anonymous communication,
it
would be preferable to hold the intermediary liable.  Accordingly, I would
favor an immunity for intermediaries but only as to non-anonymous messages
or other items of information content.

Two conference participants,Christopher Kuner, Attorney-at-Law, Gleiss &
Partners, Germany (on behalf of Netscape Communications Corporation)  and
Professor Hank Perritt of Villanova University Law School, have expressed
reservations about Principle III(A)2 in the Final Document:

Christopher Kuner: Principle III(A)(2) is unclear, legally questionable,
and does not reflect our discussion at the conference. In particular, I
would like to point out the following:

(1) The wording of this principle is unclear; just what is "the country in
which the publisher originally acts to publish the material" when, for
instance, an Internet user transmits material he has authored to a server
in another country, from which it can be accessed over the net?

(2) The principle is inconsistent with the rest of the draft. Under this
language, the conduct of someone sitting at a computer in Iran who
publishes a web page saying "Khomeini was a liar and a crook" should be
judged based on Iranian law, whereas in Article III(A)(1) we talk about
"binding human rights obligations" and in Article IV about "international
human rights law", both of which would likely be violated by the sanctions
which Iranian law would impose on such a person.

(3) Why does it matter whether or not a document concerned with the
Internet is consistent with EU television policy?

(4) The law of most countries and international law provide for the
possibility of law being applied to conduct outside the borders of the
jurisdiction which enacted it when such conduct produces a harmful effect
in the jurisdiction. I may not always agree with this approach, but find
that Article III(A)(2) simply glosses over this principle without
explaining why it should not apply in the case of the Internet.

(5) The choice of law provision embodied in Article III(A)(2) was
mentioned
in the closing minutes of the conference as an afterthought, and we never
had a chance to discuss it. The subject of choice of law in the Internet
is
extremely complex, and I object to taking a position on it when we never
had a chance to consider it properly.

Professor Hank Perritt: Choice of law is tricky in Cyberspace.
International law arguably permits both the country of origin (under the
principle of subjective territoriality) and the country of receipt (under
the principle of objective territoriality) to regulate content on the
Internet. There is precedent for both approaches. The "Television Without
Borders" document from the EC adopts the country-of-origin approach,
making
content legal anywhere if it is legal in the country of origin and
presumably illegal anywhere if it is illegal in the country of origin. The
UN General Assembly resolution on direct broadcast television adopts the
country of receipt approach, making the content legal if it is legal in
the
country of receipt, and presumably illegal according to the local law of
the place of receipt as well.

Neither of these approaches is perfect. In the long run, it would be
better
to harmonize content rules, and efforts should begin now to narrow
differences on content regulation, recognizing a general preference in
favor of freedom of expression, as noted in the principles.

(end of Annex to the Final Open Internet Policy Principles Document)

------------------------------


------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 4--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.17
************************************