Computer underground Digest    Sun  July 20, 1997   Volume 9 : Issue 57
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.57 (Sun, July 20, 1997)

File 1--USACM & IEEE-USA Letter on S. 909 (fwd)
File 2--CFP '98 Request for Proposals
File 3--Some Legal Advice for beyondHOPE Conferees
File 4--Some humor on media hacks and hackers
File 5--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date:    Sat, 19 Jul 97 14:27 CDT
From: Cu Digest <TK0JUT2@MVS.CSO.NIU.EDU>
Subject: File 1--USACM & IEEE-USA Letter on S. 909 (fwd)

 ============

Date--Tue, 08 Jul 1997 06:17:52 -0400
From--ACM US Public Policy Office <usacm_dc@acm.org>

**************************************

The Institute of Electrical and Electronics Engineers-
United States Activities
1828 L Street, NW, Suite 1202
Washington, DC 20036
T: (202) 785-0017; F: (202) 785-0835

The Association for Computing
U.S. Public Policy Office
666 Pennsylvania Ave., SE
Suite 302 B
Washington, DC  20003
T: (202) 544-4859
F: (202) 547-5482


July 3, 1997

The Honorable John McCain
Chairman
Senate Commerce, Science & Transportation Committee
241 Russell Senate Office Bldg.
Washington, DC 20510

Dear Mr. Chairman:

The U.S. Public Policy Office for the Association for Computing (USACM) and
The Institute of Electrical and Electronics Engineers-United States
Activities (IEEE-USA) note with considerable dismay the Senate Commerce,
Science and Transportation Committee's recent approval of S. 909, the
"Secure Public Networks Act."

We share many of the concerns of the Committee members regarding problems
of national security and law enforcement.   However, we believe that the
"Secure Public Networks Act," as approved by the Committee, leads U.S.
encryption policy in the wrong direction.   The proposed bill stands in
opposition to the scientific and professional opinions of many experts who
believe that national security and public safety will be weakened by the
mandated introduction of constrained or recoverable-key encryption.  We
also believe that such action will hinder U.S. competitiveness in
international markets, establish a dangerous precedent for the future, and
endanger cherished civil liberties in the U.S. and elsewhere in the world.

Since no hearings were held on the bill, the Committee may not have had
full information on its implications.
We believe the bill will have a serious, negative and long-term impact on
society in general and on our organizations and their members.  We are
keenly interested in supporting significant consideration of the important
issues involved, and we would very much like to provide technical and
scientific input on this issue.  Many of our members are
internationally-recognized experts in the area of information security and
encryption, and several have significant experience with law enforcement
and national security issues.  We would be happy to put you in contact with
some of these experts should you desire more information on the points we
outline in this letter.

In what follows, we  briefly outline some of the reasons why so many
experts believe such a bill is harmful if it became law.





        - 2 -

First, the bill is economically harmful.  Voting to restrict strong
cryptography would damage America's dominance in information technologies.
Secure software and hardware is available overseas.  Mathematical acumen
exists around the world; the U.S. can neither control nor contain it.
Software companies will continue to be forced to seek talent elsewhere.
The widely-used, strong cryptographic algorithm IDEA, for example, was
developed in Europe.  U.S. software and hardware suppliers can incorporate
IDEA into their products, but only if those products are confined to use in
the U.S.   Export controls have obviously not hindered the worldwide spread
of encryption products based on IDEA and produced outside the U.S.  These
controls have merely prevented U.S. providers from participating in that
global market.  Customers throughout the world have the sophistication to
understand the need for strong cryptographic products and they will
continue to seek to buy them wherever they are sold.  The result will be an
increasing loss of jobs and revenues in an area where the U.S. once held
the dominant position.  It is conceivable that our own industry and
civilian sector might eventually become dependent on foreign cryptography
products should U.S.  firms continue to be prohibited from open competition
in this arena.

Second, this bill threatens cherished civil freedoms.  Information
technologies make data surveillance possible and increasingly affordable.
The best technical protections available to the individual depend upon
cryptography.  There is also an unfortunate history of a few law
enforcement agents and government officials using their positions and
access to violate the law and the rights of citizens.  Strong encryption is
the only practical means available to law-abiding citizens to defend
themselves against these infrequent, but all-too-real abuses.

The wording in the proposed bill for organizations with Federal funding to
rely on a mandated form of encryption will be burdensome and may lead to
severe invasions of privacy.  For instance, if a library or university were
forced to implement such encryption, how could the organization ensure that
its users were actually employing the system?  The only sure method would
be to "snoop" on the messages to see if they were breakable under the
mandated scheme.  Otherwise, users would be able to substitute their own
encryption instead of, or in addition to, the mandated form, thus rendering
this bill meaningless but still costly to implement.  This raises serious
questions about privacy -- and more importantly -- First Amendment
considerations.

Third, the criminal element will not be hindered by any legislation similar
to the one proposed.  The referenced bill provides no provisions that would
actually deter criminals from employing strong encryption obtained from
other sources.    Drug cartels, terrorists, pornographers and others who
might use encryption in criminal enterprises are already violating laws
with penalties much more severe than any that might be imposed for using
unauthorized encryption technologies.  Meanwhile, law-abiding citizens
would be forced to rely on technologies that might not protect their
private information against "crackers" and potential blackmailers.  As in
the physical world, the best public safety results from crime prevented
through good practices, rather than crimes solved.  Without strong
cryptography Americans cannot lock their electronic doors, but must instead
remain vulnerable.  Thus, constraining cryptography might help law
enforcement solve a small number of crimes, but it will do nothing to
prevent opportunities for even more crimes, thereby reducing overall public
safety.

Fourth, constraints on strong cryptography will jeopardize national
security.  Requiring or encouraging weakened technology leaves the United
States vulnerable to information warfare from other nation-states,
techno-anarchists and terrorists, and from organized criminal elements.  It
is vital that telephone systems, medical health care systems, utility
systems, and other control mechanisms affecting every sector of the economy
be made more secure and not restrained from using improved security.  Our
national security depends on the reliability of our




        - 3 -

national infrastructures and critical systems, particularly those based on
computer and communications technology.  To legislate the use of untested
mechanisms that present weakened protection, or that have a single point of
failure and attack, will unnecessarily endanger those critical institutions
and the people who depend on them.  Those same forces arrayed against our
national interests will be freely able to obtain stronger cryptography
technology from the many other countries that do not place restrictions on
its development and sale.

Fifth, information technologies change quickly.  We don't want to require
enabling legislation whenever advances in technology increase the
vulnerability of current key lengths.  The recent cracking of 56-bit DES in
the RSA challenge shows that distributed computing power is now available
to break this key length, thus identifying a need for larger keys.  A
breakthrough in mathematics, such as increasing the speed of factoring
numbers, would require a prompt response, such as increasing key lengths or
changing algorithms.  The proposed legislation would severely discourage
such changes.  Additionally, by preventing the initial acquisition of
strong encryption technology, the need for near-term upgrades to defeat
improved cracking techniques is almost assured,  as are the extra financial
burdens.

As a last point, consider the implicit message sent by passage of this act
or any like it.  The U.S. has long been a vocal proponent of freedom of
speech and other civil rights for citizens around the world.  Why should
any other nation's leaders heed further such rhetoric if the U.S. adopts
the proposed bill?  If some foreign nation with a history of oppression
were to pass the same legislation so as to eavesdrop on their citizens'
communications for purposes of  identifying human rights activities, we
would register strong disapproval.  With passage of legislation such as the
"Secure Public Networks Act" the U.S. loses the moral high ground in any
future such scenario.

In summary, our professional position is that  passage of the "Secure
Public Networks Act" or similar legislation is ill-advised; we urge you to
defeat this bill.   Instead, we encourage passage of legislation such as
Senator Conrad Burns' Pro-CODE bill, or Representative Bob Goodlatte's SAFE
bill as a better, more effective aid to national security, law enforcement
and civil rights.

IEEE is the world's largest technical professional association with 320,000
members worldwide.   IEEE-USA promotes the career and technology policy
interests of the more than 220,000 electrical, electronics and computer
engineers who are U.S. members of the Institute.  The Association for
Computing (ACM) is an international non-profit educational and scientific
society with 76,000 members worldwide, 60,000 of whom reside in the U.S.
USACM strives to promote dialog on technology policy issues among U.S.
policy makers, the general public, and the technology community.

If you need additional information, please contact Deborah Rudolph in the
IEEE-USA Washington office at (202) 785-0017 or Lauren Gelman in the USACM
Public Policy office at (202) 544-4859 or (202) 298-0842.

Sincerely,




Barbara Simons, Ph.D.           Paul J. Kostek
Chair, U.S. Public Policy       Vice Chair
Committee of ACM                United States Activities Board

------------------------------

Date: Wed, 16 Jul 1997 15:47:28 -0500
From: ecavazos <ecavazos@interliant.com>
Subject: File 2--CFP '98 Request for Proposals

REQUEST FOR PROPOSALS: CFP98

(proposals must be received by August 15,1997 to be considered)


COMPUTERS,  FREEDOM,  AND PRIVACY CONFERENCE
February 18-20, 1998 * Hyatt Regency Austin at Town Lake * Austin, TX

The Eighth Annual Conference on Computers, Freedom, and Privacy (CFP98) is
scheduled for Wednesday February 18 to Friday February 20, 1998 in Austin,
Texas, at the Hyatt Regency Austin Hotel on Town Lake.

The Computers, Freedom, and Privacy Conferences serve as an internationally
recognized forum and gathering place for the key members of the technical,
government, hacker, legal, security and journalistic communities to address
cutting edge technical, business, legal and cultural issues.

Topics and speakers from prior years' CFP conferences can be found at the
CFP web site,  http://www.cfp.org.

For the 1998 CFP conference, The 1998 Program Committee (members listed
below) is particularly interested in receiving proposals that deal with:

1) emerging issues relating to privacy and data ownership, such as the use
of infrared tracking of supermarket shopping carts to monitor search and
purchasing patterns of customers; developments with medical databases,
library filtering, GPS tracking systems, etc.

2) controversial issues;

3) conflict,  e.g., debates where presenters have sharply defined and
differing points of view, technolibertarian vs. anti-tech "humanist; " or
have different training/disciplines, e.g., cyberactivists on virtual
communities vs. sociologist/philosopher/writer discussing nature of the
"physical world."

4) innovative and alterantive formats such as moot courts, case studies,
reverse role playing, etc., to enliven some of CFP's recurring topics that
are increasingly found at other conferences.

The 1998 Program Committee strongly encourages proposals that involve one
or two speakers, as well as panel presentations. A single or two person
presentation is often better focused than a panel and it is the goal of The
1998 Program Committee to provide a mix of panels and single/dual speaker
presentations during the General Session.  Ideally, panels will be limited
to no more than four persons whose views are not duplicative of each other.

In addition to the two and one-half days of General Session, which starts
the afternoon of Wednesday February 18, CFP98 will offer tutorials. Five or
six three hour tutorial sessions will be offered on the morning of
Wednesday February 18. CFP98 will also continue the practice of breakout
topic presentations during the Thursday and Friday luncheons.  The Program
Committee is seeing proposals for both tutorials and the luncheon sessions.

It is the goal of the CFP98 Program Committee to be able to offer some
travel money to speakers; however the amount or allocation of travel funds
depends heavily on success in obtaining sponsors, which will not be known
until early September.

The CFP98 Program Committee will meet the week of August 18 to finalize
selection of proposals; consequently all proposals must be received * by
August 15, 1997  * to assure consideration by the Program Committee.
Please follow the submission guidelines below.


 * CFP98 PROPOSAL SUBMISSION GUIDELINES *


CFP98 is being organized and hosted this February under the auspices of The
University of Texas School of Law.  Mark Lemley, Professor at The Law
School, serves as Chair of the Program Committee.  He may be reached by
e-mail at:  mlemley@mail.law.utexas.edu

Proposals should include the following information.

1) Presentation Topic Title:

2) Presentation Type:

     [    ]  General Session       [     ]  Luncheon       [     ] Tutorial

3) Proposed Length of Presentation*

* Presentations during the General Session can range from .5 to 1.5 hours.
Breakout luncheon presentations are 1.0 hr.  Tutorial presentations run 3.0
hrs.

4) Name(s) of Speaker(s), plus BRIEF background description about each
speaker. For presentations with more than one speaker, please indicate and
provide contact information for the primary panel
coordinator/moderator/chair.

5) A one to two paragraph description of the Topic and Format, suitable for
conference brochure and press release.

6) Additional information regarding topic, format (including special
presentation or A/V needs), possible but not yet confirmed speakers, or
speaker substitutes -- or any other information that you think would be
useful to The Program Committee in evaluating your proposal.

For more information on the Computers, Freedom, and Privacy Conferences,
please visit our Web page at: http://www.cfp.org.

Proposals should be sent as soon as possible to CFP98 Program Chair
Mark Lemley at: mlemley@mail.law.utexas.edu

or by mail to:

Mark Lemley
The University of Texas School of Law
727 East 26th Street
Austin, TX 78705

*Proposals must be received no later than August 15, 1997 *

-------------------------------------------------------------

CFP98 PROGRAM COMMITTEE

Mark A. Lemley, CHAIR
Assistant Professor of Law
The University of Texas School of Law

Matt Blaze
Senior Research Scientist
AT&T Bell Research

Edward A. Cavazos
Senior Vice President, General Counsel
Interliant, Inc.

Gary B. Chapman
Director, The 21st Century Project
LBJ School of Public Affairs
The University of Texas at Austin

David Chaum
DigiCash bv
Amsterdam, The Netherlands

Dave Del Torto
Pretty Good Privacy, Inc.

Michael Esposito
The University of Texas School of Law

A. Michael Froomkin
Associate Professor of Law
University of Miami School of Law

Katie Hafner
Newsweek Technology Correspondent
Newsweek Magazine

Donna L. Hoffman
Owen Graduate School of Management
Vanderbilt University

Deborah Hurley
Director, Information Infrastructure Project
John F. Kennedy School of Government
Harvard University

Bruce R. Koball
Technical Consultant

Jon Lebkowsky
President, EFF-Austin

Teresa Peters
Organisation for Economic Co-Operation and Development
Paris, France

Ned Ramage
The Freedom Forum First Amendment Center

Shabbir J. Safdar
The Voters Telecommunications Watch

Jonah Seiger
Communications Director
Center for Democracy and Technology

Sharon Strover
Director, Texas Telecommunications Policy Institute
The University of Texas at Austin

Peter Toren
United States Department of Justice

------------------------------

Date: Fri, 18 Jul 1997 22:55:19 -0400
From: Paul Kneisel <tallpaul@nyct.net>
Subject: File 3--Some Legal Advice for beyondHOPE Conferees

Introduction

The article below was prepared by the attorneys from the Mass Defense
Committee of the National Lawyers Guild after conferring with security
representatives for the upcoming beyondHOPE hackers conference.

The conference will be held in New York City on August 8, 9, and 10.

People who plan on attending the conference may wish to decide what to
bring to the con and what to leave home based on information below.

-- tallpaul (Paul Kneisel)


Some Legal Advice for beyondHOPE Conferees

Welcome to the conference.  Enjoy yourself but keep in mind that
there will be law enforcement persons present.

Here are some basic police-encounter rules of law and procedure
that you should remember:

1.  A police officer is entitled to briefly ask you questions for
almost any reason.  However, you are not required to answer the
questions and the police cannot stop you without evidence of
wrongdoing (see below).

2.  A police officer is entitled to briefly stop you if he or she
has a "reasonable suspicion" that you are involved in criminal
activity.  You may be frisked for a weapon if there is a
reasonable suspicion (such as the bulge of a gun) that you are
carrying one.  You are not required to answer questions.  You are
free to leave (after the frisk, if there is one) unless the
officer has more evidence of a crime than "reasonable suspicion"
(see below).  The officer may not legally conduct a more
extensive search on the basis of "reasonable suspicion".

3.  A police officer may arrest and search you (and any bags or
other containers you may be carrying) if he or she has probable
cause to believe you have committed a crime (or an "offense",
such as disorderly conduct).  Probable cause means facts that
make it more probable than not that you are committing a crime or
offense.

4.  If you are arrested the police will take you to a police
precinct.  If the arrest was for a minor offense such as
disorderly conduct or possession of alcohol, you will probably
receive a summons and be released in several hours.  (You will
need reliable identification to be released.)  If you do not have
reliable identification and the police do not believe you will
come to court, they will not release you and will take you to
court, a process that takes between 24-48 hours.  If you are
arrested for a serious offense, you will certainly not be
released.

5.  If you are under 16 and are arrested, the police will attempt
to contact your parents while you are at the precinct.  If your
parents cannot be located, the police may transport you to a
juvenile detention facility and/or Family Court (depending on the
time of day) where your release will be decided.

In short, if a police officer has sufficient evidence that you
are committing a crime he may legally stop and search you and any
containers you may be carrying.

Even if a police officer does not have sufficient evidence that
you are committing a crime he might well stop and search you
anyway.  If the officer finds drugs, alcohol, illegal weapons or
devices or any other illegal property, he will usually arrest you
and confiscate the property.  If the search was illegal you will
have a basis to challenge it in court but you will not get any
illegal property back.

Therefore, you would be wise to not carry anything illegal at
this conference.

If you have any questions about your rights contact:

The Mass Defense Committee of the National Lawyers Guild, (212)
255-4181

------------------------------

Date: Fri, 18 Jul 1997 12:08:12 -0500 (CDT)
From: Crypt Newsletter <crypt@sun.soci.niu.edu>
Subject: File 4--Some humor on media hacks and hackers

In as fine a collection of stereotypes as can be found, the
Associated Press furnished a story on July 14 covering the annual
DefCon hacker get together in Las Vegas. It compressed at least
one hoary cliche into each paragraph.

Here is a summary of them.

The lead sentence: "They're self-described nerds . . . "

Then, in the next sentence, "These mostly gawky, mostly male
teen-agers . . . also are the country's smartest and slyest computer
hackers."

After another fifty words, "These are the guys that got beat up in
high school and this is their chance to get back . . . "

Add a sprinkling of the obvious: "This is a subculture of
computer technology . . ."

Stir in a paraphrased hacker slogan: "Hacking comes from an
intellectual desire to figure out how things work . . ."

A whiff of crime and the outlaw weirdo: "Few of these wizards will
identify themselves because they fear criminal prosecution . . .  a
25-year-old security analyst who sports a dog collar and nose ring, is
cautious about personal information."

Close with two bromides that reintroduce the stereotype:

"Hackers are not evil people. Hackers are kids."

As a simple satirical exercise, Crypt News rewrote the Associated
Press story as media coverage of a convention of newspaper editors.

It looked like this:

LAS VEGAS -- They're self-described nerds, dressing in starched
white shirts and ties.

These mostly overweight, mostly male thirty, forty and
fiftysomethings are the country's best known political pundits,
gossip columnists and managing editors. On Friday, more than 1,500 of
them gathered in a stuffy convention hall to swap news and network.

"These are the guys who ate goldfish and dog biscuits at frat parties
in college and this is their time to strut," said Drew Williams,
whose company, Hill & Knowlton, wants to enlist the best editors
and writers to do corporate p.r.

"This is a subculture of corporate communicators," said Williams.

Journalism comes from an intellectual desire to be the town crier
and a desire to show off how much you know, convention-goers said.
Circulation numbers and ad revenue count for more than elegant prose
and an expose on the President's peccadillos gains more esteem from
ones' peers than klutzy jeremiads about corporate welfare and
white-collar crime.

One group of paunchy editors and TV pundits were overheard
joking about breaking into the lecture circuit, where one
well-placed talk to a group of influential CEOs or military
leaders could earn more than many Americans make in a year.

Few of these editors would talk on the record for fear of
professional retribution. Even E.J., a normally voluble
45-year-old Washington, D.C., editorial writer, was reticent.

"Columnists aren't just people who write about the political
scandal of the day," E.J. said cautiously. "I like to think of
columnists as people who take something apart that, perhaps,
didn't need taking apart."

"We are not evil people. We're middle-aged, professional
entertainers in gray flannel suits."

Crypt Newsletter

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 5--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

         In ITALY: ZERO! BBS: +39-11-6507540

  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.57
************************************