Computer underground Digest Sun Aug 10, 1997 Volume 9 : Issue 61 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.61 (Sun, Aug 10, 1997) File 1--CuD took a Break while Weber went down for Maintenance File 2--Samsung's Cease And Desist Flaming (fwd) File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column File 4--Re: The irony of the Tin Drum File 5--Computers and the Law IV Symposium File 6--Hacking Considered Constructive File 7--Letter to AOL on "proposed censorship summit with rad-right" File 8--Review - "A Gift of Fire" by Baase File 9--Janet Reno's comments on Encryption File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt) File 11--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sat, 09 Aug 97 16:32 CDT From: Cu Digest <tk0jut2@mvs.cso.niu.edu> Subject: File 1--CuD took a Break while Weber went down for Maintenance CuD took a week off while the server at weber.ucsd.edu took some time for maintenance. If you tried to unsub, sub, or otherwise contact the mailing list server, your post likely bounced. Wait another day or two and try again. If you can't live without CuD, you can always visit the archives at: http://www.soci.niu.edu/~cudigest ------------------------------ Date: Fri, 8 Aug 1997 17:11:44 -0400 (EDT) From: Charles Platt <cp@panix.com> Subject: File 2--Samsung's Cease And Desist Flaming (fwd) ((MODERATORS' NOTE: The following note, alleged to be from Samsung, was send to numerous people on the Net. However, the letter is a HOAX. Voice mail at the KHS&K law offices indicate that they are attempting to track down the source for prosecution. Platt is the author of ANARCHY ONLINE, which some reviewers have described as one of the best books every on the "Computer Underground." Ask your library to order a copy)). ------- I received the following email today. Note that the attorney has no evidence (is accusing me of something based entirely on hearsay) and has an understanding of the law that is sketchy at best. As it is, I've never sent email to Samsung and have not received email from them, either. --C ---------- Forwarded message ---------- Date--Fri, 08 Aug 97 12:11:32 EST From--webmaster@sailahead.com To--suspected_flamer@somewhereincyberspace.com Subject--Cease And Desist Flaming On behalf of our client, Samsung America Inc., ("Samsung") we hereby request that you cease and desist all inflammatory internet hacking, telephone hacking, flaming, jamming, and other illegal activities. If you have responded aversely to a recent bulk email message from our client, Samsung America, Inc., or from any of its subsidiary companies, then you may be one of the people who has performed fraudulent and actionable transgressions, thereby causing severe harm to our client. Your email name was provided as being suspected of connection to various acts of internet terrorism. Your acts are illegal. Several messages have suggested that Samsung and/or its subsidiaries, including but not limited to Sailahead Global Emporium, www.sailahead.com, and Samsung Electronics, www.sosimple.com, violated US Federal Laws through activities commonly called "spamming." This allegation is unfounded in the law, as spamming is a protected activity under the laws of free speech. Our client has asked us to inform you that all of your future correspondences should be directed to their counsel: Russell L. Allyn, Attorney at Law California Sate Bar Number (SBN) 143531 Katz, Hoyt, Seigel & Kapor LLP Los Angeles, CA khskllp@aol.com 310-473-1300 310-473-7138 (fax) All incidents of internet terrorism will be prosecuted where possible, and reported to appropriate law enforcement authorities as warranted. Please consider this as your notice to cease all attempts to harm multi-national corporations who conduct legitimate commerce on the internet. Russell L. Allyn, Attorney at Law ------------------------------ Date: Sunday, June 1, 1997 From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column ((MODERATORS' COMMENT: About a week ago, we began receiving posts purporting to be a commencement speech at MIT by novelist Kurt Vonnegut. The material WAS NOT written by Vonnegut. The material originally appeared in Mary Schmich's 1 June column in the Chicago Tribune. Probably like others, we continue to receive one or two of the hoax-posts each day. Some people either remain clueless about the hoax, or--worse--believe that "Mary Schmich" is a character from a new Vonnegut novel. There's no doubt that Mary Schmich is a character (she does, after all, also write the story lines for Brenda Starr), but she is real. Those of us in the Chicago area (who read the Tribune) also appreciate her as an exceptionally gifted writer with wit, incisive insights, and warmth. (In fact, she another Tribune columnist, Eric Zorn, easily rank among the best newspaper columnists in the U.S.). Because the "hoax" just won't die, and because there seems to be an astonishing number of folks who doubt the existence of "Mary Schmich" or her authorship of her column, we are taking the liberty of reproducing the original as it appeared on 1 June in the Tribune's America Online version (identical to the hardcopy version). For those wondering how "Schmich" is pronounced, it rhymes with "speak." =================== Copyright CHICAGO TRIBUNE ADVICE, LIKE YOUTH, PROBABLY JUST WASTED ON THE YOUNG Inside every adult lurks a graduation speaker dying to get out, some world-weary pundit eager to pontificate on life to young people who'd rather be Rollerblading. Most of us, alas, will never be invited to sow our words of wisdom among an audience of caps and gowns, but there's no reason we can't entertain ourselves by composing a Guide to Life for Graduates. I encourage anyone over 26 to try this and thank you for indulging my attempt. Ladies and gentlemen of the class of '97: Wear sunscreen. If I could offer you only one tip for the future, sunscreen would be it. The long-term benefits of sunscreen have been proved by scientists, whereas the rest of my advice has no basis more reliable than my own meandering experience. I will dispense this advice now. Enjoy the power and beauty of your youth. Oh, never mind. You will not understand the power and beauty of your youth until they've faded. But trust me, in 20 years, you'll look back at photos of yourself and recall in a way you can't grasp now how much possibility lay before you and how fabulous you really looked. You are not as fat as you imagine. Don't worry about the future. Or worry, but know that worrying is as effective as trying to solve an algebra equation by chewing bubble gum. The real troubles in your life are apt to be things that never crossed your worried mind, the kind that blindside you at 4 p.m. on some idle Tuesday. Do one thing every day that scares you. Sing. Don't be reckless with other people's hearts. Don't put up with people who are reckless with yours. Floss. Don't waste your time on jealousy. Sometimes you're ahead, sometimes you're behind. The race is long and, in the end, it's only with yourself. Remember compliments you receive. Forget the insults. If you succeed in doing this, tell me how. Keep your old love letters. Throw away your old bank statements. Stretch. Don't feel guilty if you don't know what you want to do with your life. The most interesting people I know didn't know at 22 what they wanted to do with their lives. Some of the most interesting 40-year-olds I know still don't. Get plenty of calcium. Be kind to your knees. You'll miss them when they're gone. Maybe you'll marry, maybe you won't. Maybe you'll have children, maybe you won't. Maybe you'll divorce at 40, maybe you'll dance the funky chicken on your 75th wedding anniversary. Whatever you do, don't congratulate yourself too much, or berate yourself either. Your choices are half chance. So are everybody else's. Enjoy your body. Use it every way you can. Don't be afraid of it or of what other people think of it. It's the greatest instrument you'll ever own. Dance, even if you have nowhere to do it but your living room. Read the directions, even if you don't follow them. Do not read beauty magazines. They will only make you feel ugly. Get to know your parents. You never know when they'll be gone for good. Be nice to your siblings. They're your best link to your past and the people most likely to stick with you in the future. Understand that friends come and go, but with a precious few you should hold on. Work hard to bridge the gaps in geography and lifestyle, because the older you get, the more you need the people who knew you when you were young. Live in New York City once, but leave before it makes you hard. Live in Northern California once, but leave before it makes you soft. Travel. Accept certain inalienable truths: Prices will rise. Politicians will philander. You, too, will get old. And when you do, you'll fantasize that when you were young, prices were reasonable, politicians were noble and children respected their elders. Respect your elders. Don't expect anyone else to support you. Maybe you have a trust fund. Maybe you'll have a wealthy spouse. But you never know when either one might run out. Don't mess too much with your hair or by the time you're 40 it will look 85. Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia. Dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than it's worth. ------------------------------ Date: Fri, 8 Aug 1997 14:42:47 -0500 From: Marc Rotenberg <rotenberg@epic.org> Subject: File 4--Re: The irony of the Tin Drum Because of the battle over the Tin Drum in Oklahoma City, we decided last month to offer the book for sale at the EPIC bookstore. Details below. Marc Rotenberg. <snip> ======================================================================= [7] New at the EPIC Bookstore ======================================================================= The EPIC Bookstore includes a wide range of books on privacy, cryptography and free speech that can be ordered online. Many of the books are available at up to 40 percent off list price. New titles include: "Protect Your Privacy on the Internet" by Bryan Pfaffenberger "Digital Cash" by Peter Wayner "Contested Commodities" by Margaret Jane Radin Other popular titles: "The Right to Privacy" by Ellen Alderman & Caroline Kennedy "Who Knows: Safeguarding Your Privacy in a Networked World" by Ann Cavoukian & Don Tapscott "Applied Cryptography, 2nd Edition" by Bruce Schneier We are also now featuring _The Tin Drum_ by Gunther Grass. The novel, a bizarre but extraordinary diary of a young boy who refuses to grow up during the rise and fall of Nazi Germany, is considered by some the greatest German novel written since WWII. In 1979, the film version of the Tin Drum received an Academy Award for Best Foreign Film. However, in recent months, groups that oppose "pornography" have persuaded the Oklahoma City Library to remove copies of the film from the public library. For this reason, we are now making the book available at the EPIC Bookstore. Support the Freedom to Read. Check out the EPIC Bookstore at: http://www.epic.org/bookstore/ ------------------------------ Date: Thu, 24 Jul 1997 15:46:28 -0500 From: ecavazos <ecavazos@interliant.com> Subject: File 5--Computers and the Law IV Symposium Computers & The Law IV Symposium October 6-9, Boston Computers & The Law IV is the only event to bring together corporate decision-makers, computer professionals and legal experts to discuss Internet and Web technology in the eyes of the law. This conference provides a forum and educational opportunities for all those interested in keeping their system investment safe and within the law. Topics will include: * Corporate liablity on the Internet * Internet risk management in the enterprise * Hiring a SysAdmin you can trust * Legal risks of Internet commerce * Establishing a fair-use policy * Prosecuting system intruders * Communicating with your SysAdmin * Understanding copyright law * Assessing your exposure to hackers * Employee privacy vs. owner rights ... and much more! FOR MORE INFORMATION CONTACT The Sun User Group * 14 Harvard Ave, 2nd Floor * Allston, MA 02134 (617)787-2301 * conference@sug.org * http://www.sug.org/CL4 ------------------------------ Date: Fri, 01 Aug 1997 14:40:09 +0200 From: Gisle Hannemyr <gisle@hannemyr.no> Subject: File 6--Hacking Considered Constructive I have just completed an essay: "Hacking Considered Constructive", which I hope will be of interest to the readers of CU Digest. The essay is accessible on the web: http://home.sn.no/home/gisle/oks97.html Comments from the readers of CU Digest will be most welcome. My e-mail address is <gisle@hannemyr.no>. === Abstract -------- The premise for the paper is that "hackers" as an identifiable group of computer workers arose as a reaction to Taylorist influences on system development which instigated the deliberate destruction of programming as a craft. It then explores the rise of the hacker community, and the explicit and implicit ideologies expressed through hacking. Finally, by deconstructing computer artifacts of origin both inside and outside the hacker community, it attempts to contrast the two approaches to design, and to infer the embedded properties of the resulting artifacts. ------------------------------ Date: Fri, 1 Aug 1997 07:16:14 -0700 (PDT) From: Declan McCullagh <declan@well.com> Subject: File 7--Letter to AOL on "proposed censorship summit with rad-right" Source - fight-censorship@vorlon.mit.edu Date-- 97-07-31 11:43:06 EDT From-- WildcatPrs To-- Steve Case Dear Steve Case, As one of the plaintiffs in the ACLU/ALA case on the CDA, who saw it through all the way to the Supreme Court, I am shocked and dismayed that you would dignify the demands of the Christian Coalition et al by sitting down with them in such a summit. You know and I know that America Online will leave that negotiating table having made major concessions on the subject of Internet censorship -- not only for content on gay and lesbian and AIDS, but also women's issues and many other subjects. The religious right have a very long list of subjects that they would like to censor out of U.S. libraries, schools and media...which you will discover if you take the trouble to read BANNED BOOKS, published each year by the ALA. Get a clue, Mr. Case This battle over "content" is not really about "child pornography." It is a thinly veiled disguise for the radical right's efforts to impose its total belief and its proposed penal system on the people of the United States. It wants to have the United States be like the Colony of Massachusetts before the Revolution. I suggest you read some history, and ponder whether you would have liked living under the religious dictatorship that ran the colony. Between 1962 and 1972, I lived in Spain as a working journalist for the Reader's Digest, working out of its office in Madrid, and I saw in operation just the kind of right-wing censorship system that the Christian Coalition et al would like to impose on this country. Part of its success involved just the kind of "self-censorship" that you are now proposing to slap on your own company. You are no different than the Spanish book publishers who sat down with the Catholic Church and agreed on what could be published. As a result, Spanish culture languished. The Spanish people reached the point where they had lots of jokes about self-censorship and didn't take their own media or culture seriously. It all came to an end in 1975, when Franco died, and the Spanish people were so sick of church and censors that the new government moved to end the hegemony of the Spanish Catholic Church and put an end to censorship. So shame on you for moving to introduce this kind of censorship to the United States of America. I have been a loyal customer of AOL since I got onto the Internet two years ago, and I will take my business elsewhere if you go through with this summit. Sincerely, Patricia Nell Warren Wildcat Press 8306 Wilshire Blvd. Box 8306 Beverly Hills, CA 90211 213/966-2466 213/966-2467 fax ------------------------------ Date: Thu, 24 Jul 1997 10:46:51 EST From: "Rob Slade, doting grandpa of Ryan & Trevor" Subject: File 8--Review - "A Gift of Fire" by Baase BKGFTFIR.RVW 970222 "A Gift of Fire", Sara Baase, 1997, 0-13-458779-0 %A Sara Baase giftoffire@sdsu.edu %C One Lake St., Upper Saddle River, NJ 07458 %D 1997 %G 0-13-458779-0 %I Prentice Hall %O +1-201-236-7139 fax: +1-201-236-7131 beth_hespe@prenhall.com %P 382 %T "A Gift of Fire: Social, Legal, and Ethical Issues in Computing" I found this book very surprising. As a look at computer ethics, it covers privacy, encryption, reliability, intellectual property, crime, work, and social issues. Each chapter comes with review exercises, general exercises, and assignments that are reasonably well chosen and formulated. There are extensive endnotes and references for further study. There are, however, two major flaws. One concerns the technical level of the material. Most of the cases presented are not inaccurate, but they are often oversimplified. A lack either of technical understanding or of research seems evident in places. Internet-pornography-blocking software is mentioned, but not the more disturbing addition of political restrictions to that software. The initial use of "hacker" as a positive term is mentioned--and then completely ignored, as crackers, phreaks, and virus writers are all lumped together as hackers. True, a discussion of computer ethics and social issues does not always require a detailed understanding of the technology, but a debate proceeding on the basis of a flawed understanding is more likely to come to a flawed conclusion. The other problem is that ethics are left completely out of the picture until the final chapter of the book. This is extremely odd, and suggests that the first ninety percent of the book will be used in a "pooling of ignorance" exercise before any common ground has been discussed. With its breadth of topics (rather like a less thorough version of "Computer Related Risks" [cf. BKCMRLRS.RVW]), it would make a reasonable adjunct text for an ethics/social issues course. But it is no replacement for Johnson's "Computer Ethics" [cf. BKCMPETH.RVW]. copyright Robert M. Slade, 1997 BKGFTFIR.RVW 970222 ====================== roberts@decus.ca rslade@vcn.bc.ca rslade@vanisl.decus.ca "The only thing necessary for the triumph of evil is for good men to do nothing." - Edmund Burke http://www2.gdi.net/~padgett/trial.htm ------------------------------ Date: Sat, 9 Aug 1997 13:38:30 -0500 From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 9--Janet Reno's comments on Encryption ((MODERATORS' NOTE: The following was provided by Mike Godwin on the Well)). -------- 26 July 1997 Source: Hardcopy from Declan McCullagh http://www.netlynews.com See parallel 21 July 1997 declassified transcript of congressional hearing on encryption. ----------------------------------------------------------- Office of the Attorney General Washington, D.C. 20530 July 18, 1997 Dear Member of Congress: Congress is considering a variety of legislative proposals concerning encryption. Some of these proposals would, in effect, make it impossible for the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Secret Service, Customs Service, Bureau of Alcohol, Tobacco and Firearms, and other federal, state, and local law enforcement agencies to lawfully gain access to criminal telephone conversations or electronically stored evidence possessed by terrorists, child pornographers, drug kingpins, spies and other criminals. Since the impact of these proposals would seriously jeopardize public safety and national security, we collectively urge you to support a different, balanced approach that strongly supports commercial and privacy interests but maintains our ability to investigate and prosecute serious crimes. We fully recognize that encryption is critical to communications security and privacy, and that substantial commercial interests are at stake. Perhaps in recognition of these facts, all the bills being considered allow market forces to shape the development of encryption products. We, too, place substantial reliance on market forces to promote electronic security and privacy, but believe that we cannot rely solely on market forces to protect the public safety and national security. Obviously, the government cannot abdicate its solemn responsibility to protect public safety and national security. Currently, of course, encryption is not widely used, and most data is stored, and transmitted, in the clear. As we move from a plaintext world to an encrypted one, we have a critical choice to make: We can either (1) choose robust, unbreakable encryption that protects commerce and privacy but gives criminals a powerful new weapon, or (2) choose robust, unbreakable encryption that protects commerce and privacy and gives law enforcement the ability to protect public safety. The choice should be obvious and it would be a mistake of historic proportions to do nothing about the dangers to public safety posed by encryption without adequate safeguards for law enforcement. Let there be no doubt: without encryption safeguards, all Americans will be endangered. No one disputes this fact; not ----------------------------------------------------------- industry, not encryption users, no one. We need to take definitive actions to protect the safety of the public and security of the nation. That is why law enforcement at all levels of government -- including the Justice Department, Treasury Department, the National Association of Attorneys General, International Association of Chiefs of Police, the Major City Chiefs, the National Sheriffs' Association, and the National District Attorneys Association -- are so concerned about this issue. We all agree that without adequate legislation, law enforcement in the United States will be severely limited in its ability to combat the worst criminals and terrorists. Further, law enforcement agrees that the widespread use of robust non-key recovery encryption ultimately will devastate our ability to fight crime and prevent terrorism. Simply stated, technology is rapidly-developing to the point where powerful encryption will become commonplace both for routine telephone communications and for stored computer data. Without legislation that accommodates public safety and national security concerns, society's most dangerous criminal will be able to communicate safely and electronically store data without fear of discovery. Court orders to conduct electronic surveillance and court-authorized search warrants will be ineffectual, and the Fourth Amendment's carefully-struck balance between ensuring privacy and protecting public safety well be forever altered by technology. Technology should not dictate public policy, and it should promote, rather than defeat, public safety. We are not suggesting the balance of the Fourth Amendment be tipped toward law enforcement either. To the contrary, we only seek the status quo, not the lessening of any legal standard or the expansion of any law enforcement authority. The Fourth Amendment protects the privacy and liberties of our citizens but permits las enforcement to use tightly controlled investigative techniques to obtain evidence of crimes. The result has been the freest country in the world with the strongest economy. Law enforcement has already confronted encryption in high- profile espionage, terrorist, and criminal cases. For example: * An international terrorist was plotting to blow up 11 U.S.-owned commercial airliners in the Far East. His laptop computer, which was seized in Manila, contained encrypted files concerning this terrorist plot. * A subject in a child pornography case used encryption in transmitting obscene and pornographic images of children over the Internet. 2 ----------------------------------------------------------- * A major international drug trafficking subject recently used a telephone encryption device to frustrate court-approved electronic surveillance. And this is just the tip of the iceberg. Convicted spy Aldrich Ames, for example, was told by the Russian Intelligence Service to encrypt computer file information that was to be passed to them. Further, today's international drug trafficking organizations are the most powerful, ruthless and affluent criminal enterprises we have ever faced. We know from numerous past investigations that they have utilized their virtually unlimited wealth to purchase sophisticated electronic equipment to facilitate their illegal activities. This has included state of the art communication and encryption devices. They have used this equipment as a part of their command and control process for their international criminal operations. We believe you share our concern that criminals will increasingly take advantage of developing technology to further insulate their violent and destructive activities. Requests for cryptographic support pertaining to electronic surveillance interceptions from FBI Field Offices and other law enforcement agencies have steadily risen over the past several years. There has been an increase in the number of instances where the FBI's and DEA's court-authorized electronic efforts were frustrated by the use of encryption that did not allow for law enforcement access. There have also been numerous other cases where law enforcement, through the use of electronic surveillance, has not only solved and successfully prosecuted serious crimes but has also been able to prevent life-threatening criminal acts. For example, terrorists in New York were plotting to bomb the united Nations building, the Lincoln and Holland Tunnels, and 26 federal Plaza as well as conduct assassinations of political figures. Court-authorized electronic surveillance enable the FBI to disrupt the plot as explosives were being mixed. Ultimately, the evidence obtained was used to convict the conspirators. In another example, electronic surveillance was used to stop and then convict two men who intended to kidnap, molest, and kill a child. In all these cases, the use of encryption might have seriously jeopardized public safety and resulted in the loss of life. To preserve law enforcement's abilities, and to preserve the balance so carefully established by the Constitution, we believe any encryption legislation must accomplish three goals in addition to promoting the widespread use of strong encryption. It must establish: 3 ---------------------------------------------------------- * A viable key management infrastructure that promotes electronic commerce and enjoys the confidence of encryption users. * A key management infrastructure that supports a key recovery scheme that will allow encryption users access to their own data should the need arise, and that will permit law enforcement to obtain lawful access to the plain text of encrypted communications and data. * An enforcement mechanism that criminalizes both improper use of encryption key recovery information and the use of encryption for criminal purposes. Only one bill, S.909 (the McCain/Kerrey/Hollings bill), comes close to meeting these core public safety, law enforcement, and national security needs. The other bills being considered by Congress, as currently written, risk great harm to our ability to enforce the laws and protect our citizens. We look forward to working to improve the McCain~Kerrey/Hollings bill. In sum, while encryption is certainly a commercial interest of great importance to the Nation, it is not solely a commercial or business issue. Those of us charged with the protection of public safety and national security, believe that the misuse of encryption technology will become a matter of life and death in many instances. That is why we urge you to adopt a balanced approach that accomplishes the goals mentioned above. Only this approach will allow police departments, attorneys general, district attorneys, sheriffs, and federal authorities to continue to use their most effective investigative techniques, with court approval, to fight crime and espionage and prevent terrorism. Sincerely yours, [Signature] Janet Reno Attorney General 4 ------------------------------------------------------- [Signatures with each of the following] Louis Freeh Barry McCaffrey Director Director Federal Bureau of Investigation Office of National Drug Control Policy Thomas A. Constantine Lewis C. Merletti Director Director Drug Enforcement Administration United States Secret Service Raymond W. Kelly George J. Weise Undersecretary for Enforcement Commissioner U.S. Department of Treasury United States Customs Service John W. Magaw Director Bureau of Alcohol, Tobacco and Firearms ------------------------------ Date: Sat, 9 Aug 1997 16:38:41 -0500 From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt) From Wired, at: http://www.wired.com/news/news/politics/story/5840.html by Wired News Staff Crime and Crypto: A Report Shaded Gray 5:02am 7.Aug.97.PDT The reports sound ominous: In Italy, the Mafia is downloading PGP to help ward off investigators. In Colombia, the Cali cocaine cartel maintains encrypted personnel files - complete with lists of relatives to be leaned on when necessary - and has scrambled some of its telecommunications. In Japan, the Aum Shinri Kyo cult kept RSA-encrypted plans for launching a chemical and nuclear campaign of mass murder both at home and in the United States. A study by two authorities on the US encryption debate lists many more incidents in which cops have faced down criminals armed with the cryptographic means to hide what they're doing. But amid the discussion of all that these developments imply, the doom scenario one might be tempted to cut to in a report by government-friendly crypto experts is remarkably missing. Instead, the authors - Georgetown University computer scientist Dorothy Denning and William Baugh, vice president of Science Applications International Corp. and former assistant director of the FBI - conclude that strict export controls and key-management systems are unlikely to stop criminals. "No approach to encryption will be foolproof. Whereas export controls clearly have an impact on product lines, they do not keep unbreakable encryption out of the hands of criminals entirely," says the report, which Denning and Baugh developed over the past six months and began circulating late this spring. It was published last week. The report is part of a series by the National Strategy Information Center's US Working Group on Organized Crime, a group that includes academics, congressional staffers, and officials from the Defense Department, FBI, Drug Enforcement Administration, and Federal Reserve. Sifting through accounts of criminal cases involving encryption - some from law officers or security professionals, some from academic or government studies, some from journalists' accounts - Denning and Baugh estimate the total number of criminal cases involving encryption worldwide is at least 500, with an annual growth rate of 50 percent to 100 percent. But the report's collected anecdotes suggest that so far, though, encrypted files have sometimes slowed investigations and made them more expensive, and that law officers have found ways to crack ciphers or used other evidence to complete prosecutions. <snip> ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: File 11--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.61 ************************************