Computer underground Digest    Sun  Aug 10, 1997   Volume 9 : Issue 61
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.61 (Sun, Aug 10, 1997)

File 1--CuD took a Break while Weber went down for Maintenance
File 2--Samsung's Cease And Desist Flaming (fwd)
File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column
File 4--Re: The irony of the Tin Drum
File 5--Computers and the Law IV Symposium
File 6--Hacking Considered Constructive
File 7--Letter to AOL on "proposed censorship summit with rad-right"
File 8--Review - "A Gift of Fire" by Baase
File 9--Janet Reno's comments on Encryption
File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt)
File 11--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date:    Sat, 09 Aug 97 16:32 CDT
From:    Cu Digest <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--CuD took a Break while Weber went down for Maintenance

CuD took a week off while the server at weber.ucsd.edu
took some time for maintenance.

If you tried to unsub, sub, or otherwise contact the mailing
list server, your post likely bounced. Wait another day or two
and try again.
If you can't live without CuD, you can always visit the
archives at:  http://www.soci.niu.edu/~cudigest

------------------------------

Date: Fri, 8 Aug 1997 17:11:44 -0400 (EDT)
From: Charles Platt <cp@panix.com>
Subject: File 2--Samsung's Cease And Desist Flaming (fwd)

((MODERATORS' NOTE:  The following note, alleged to be from
Samsung, was send to numerous people on the Net. However,
the letter is a HOAX. Voice mail at the KHS&K law offices
indicate that they are attempting to track down the source
for prosecution.

Platt is the author of ANARCHY ONLINE, which some reviewers
have described as one of the best books every on the "Computer
Underground." Ask your library to order a copy)).

  -------

I received the following email today. Note that the attorney has no
evidence (is accusing me of something based entirely on hearsay) and has
an understanding of the law that is sketchy at best. As it is, I've never
sent email to Samsung and have not received email from them, either.

--C

---------- Forwarded message ----------
Date--Fri, 08 Aug 97 12:11:32 EST
From--webmaster@sailahead.com
To--suspected_flamer@somewhereincyberspace.com
Subject--Cease And Desist Flaming

On behalf of our client, Samsung America Inc., ("Samsung")
we hereby request that you cease and desist all
inflammatory internet hacking, telephone hacking, flaming,
jamming, and other illegal activities.

If you have responded aversely to a recent bulk email
message from our client, Samsung America, Inc., or from any
of its subsidiary companies, then you may be one of the
people who has performed fraudulent and actionable
transgressions, thereby causing severe harm to our client.

Your email name was provided as being suspected of
connection to various acts of internet terrorism.  Your acts
are illegal.

Several messages have suggested that Samsung and/or its
subsidiaries, including but not limited to Sailahead Global
Emporium, www.sailahead.com, and Samsung Electronics,
www.sosimple.com, violated US Federal Laws through
activities commonly called "spamming."  This allegation is
unfounded in the law, as spamming is a protected activity
under the laws of free speech.

Our client has asked us to inform you that all of your
future correspondences should be directed to their counsel:

Russell L. Allyn, Attorney at Law
California Sate Bar Number (SBN) 143531
Katz, Hoyt, Seigel & Kapor LLP
Los Angeles, CA
khskllp@aol.com
310-473-1300
310-473-7138 (fax)

All incidents of internet terrorism will be prosecuted
where possible, and reported to appropriate law enforcement
authorities as warranted.

Please consider this as your notice to cease all attempts
to harm multi-national corporations who conduct legitimate
commerce on the internet.

Russell L. Allyn, Attorney at Law

------------------------------

Date: Sunday, June 1, 1997
From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column

((MODERATORS' COMMENT: About a week ago, we began receiving posts
purporting to be a commencement speech at MIT by novelist Kurt
Vonnegut.  The material WAS NOT written by Vonnegut. The material
originally appeared in Mary Schmich's 1 June column in the
Chicago Tribune.  Probably like others, we continue to receive
one or two of the hoax-posts each day.

Some people either remain clueless about the hoax,
or--worse--believe that "Mary Schmich" is a character from a new
Vonnegut novel.  There's no doubt that Mary Schmich is a
character (she does, after all, also write the story lines for
Brenda Starr), but she is real. Those of us in the Chicago area
(who read the Tribune) also appreciate her as an exceptionally
gifted writer with wit, incisive insights, and warmth.  (In fact,
she another Tribune columnist, Eric Zorn, easily rank among the
best newspaper columnists in the U.S.).

Because the "hoax" just won't die, and because there seems to
be an astonishing number of folks who doubt the existence of
"Mary Schmich" or her authorship of her column, we are taking the
liberty of reproducing the original as it appeared on 1 June
in the Tribune's America Online version (identical to the
hardcopy version).

For those wondering how "Schmich" is pronounced, it
rhymes with "speak."

    ===================


Copyright CHICAGO TRIBUNE

ADVICE, LIKE YOUTH, PROBABLY JUST WASTED ON THE YOUNG

   Inside every adult lurks a graduation speaker dying to get out, some
world-weary pundit eager to pontificate on life to young people who'd rather
be Rollerblading. Most of us, alas, will never be invited to sow our words of
wisdom among an audience of caps and gowns, but there's no reason we can't
entertain ourselves by composing a Guide to Life for Graduates.
   I encourage anyone over 26 to try this and thank you for indulging my
attempt.
   Ladies and gentlemen of the class of '97:
   Wear sunscreen.
   If I could offer you only one tip for the future, sunscreen would be it.
The long-term benefits  of sunscreen have been proved by scientists, whereas
the rest of my advice has no basis more reliable than my own meandering
experience. I will dispense this advice now.
   Enjoy the power and beauty of your youth. Oh, never mind. You will not
understand the power and beauty of your youth until they've faded. But trust
me, in 20 years, you'll look back at photos of yourself and recall in a way
you can't grasp now how much possibility lay before you and how fabulous you
really looked. You are not as fat as you imagine.
   Don't worry about the future. Or worry, but know that worrying is as
effective as trying to solve an algebra equation by chewing bubble gum. The
real troubles in your life are apt to be things that never crossed your
worried mind, the kind that blindside you at 4 p.m. on some idle Tuesday.
   Do one thing every day that scares you.
   Sing.
   Don't be reckless with other people's hearts. Don't put up with people who
are reckless with yours.
   Floss.
   Don't waste your time on jealousy. Sometimes you're ahead, sometimes
you're behind. The race is long and, in the end, it's only with yourself.
   Remember compliments you receive. Forget the insults. If you succeed in
doing this, tell me how.
   Keep your old love letters. Throw away your old bank statements.
   Stretch.
   Don't feel guilty if you don't know what you want to do with your life.
The most interesting people I know didn't know at 22 what they wanted to do
with their lives. Some of the most interesting 40-year-olds I know still
don't.
   Get plenty of calcium. Be kind to your knees. You'll miss them when
they're gone.
   Maybe you'll marry, maybe you won't. Maybe you'll have children, maybe you
won't. Maybe you'll divorce at 40, maybe you'll dance the funky chicken on
your 75th wedding anniversary. Whatever you do, don't congratulate yourself
too much, or berate yourself either. Your choices are half chance. So are
everybody else's.
   Enjoy your body. Use it every way you can. Don't be afraid of it or of
what other people think of it. It's the greatest instrument you'll ever own.
   Dance, even if you have nowhere to do it but your living room.
   Read the directions, even if you don't follow them.
   Do not read beauty magazines. They will only make you feel ugly.
   Get to know your parents. You never know when they'll be gone for good. Be
nice to your siblings. They're your best link to your past and the people
most likely to stick with you in the future.
   Understand that friends come and go, but with a precious few you should
hold on. Work hard to bridge the gaps in geography and lifestyle, because the
older you get, the more you need the people who knew you when you were young.
   Live in New York City once, but leave before it makes you hard. Live in
Northern California once, but leave before it makes you soft. Travel.
   Accept certain inalienable truths: Prices will rise. Politicians will
philander. You, too, will get old. And when you do, you'll fantasize that
when you were young, prices were reasonable, politicians were noble and
children respected their elders.
   Respect your elders.
   Don't expect anyone else to support you. Maybe you have a trust fund.
Maybe you'll have a wealthy spouse. But you never know when either one might
run out.
   Don't mess too much with your hair or by the time you're 40 it will look
85.
   Be careful whose advice you buy, but be patient with those who supply it.
Advice is a form of nostalgia. Dispensing it is a way of fishing the past
from the disposal, wiping it off, painting over the ugly parts  and recycling
it for more than it's worth.

------------------------------

Date: Fri, 8 Aug 1997 14:42:47 -0500
From: Marc Rotenberg <rotenberg@epic.org>
Subject: File 4--Re: The irony of the Tin Drum

Because of the battle over the Tin Drum in Oklahoma
City, we decided last month to offer the book for
sale at the EPIC bookstore. Details below.

Marc Rotenberg.

<snip>


=======================================================================
[7] New at the EPIC Bookstore
=======================================================================

The EPIC Bookstore includes a wide range of books on privacy,
cryptography and free speech that can be ordered online.  Many of the
books are available at up to 40 percent off list price.

New titles include:

  "Protect Your Privacy on the Internet" by Bryan Pfaffenberger

  "Digital Cash" by Peter Wayner

  "Contested Commodities" by Margaret Jane Radin

Other popular titles:

  "The Right to Privacy" by Ellen Alderman & Caroline Kennedy

  "Who Knows: Safeguarding Your Privacy in a Networked World"
   by Ann Cavoukian & Don Tapscott

  "Applied Cryptography, 2nd Edition" by Bruce Schneier

We are also now featuring _The Tin Drum_ by Gunther Grass.  The novel, a
bizarre but extraordinary diary of a young boy who refuses to grow up
during the rise and fall of Nazi Germany, is considered by some the
greatest German novel written since WWII.  In 1979, the film version of
the Tin Drum received an Academy Award for Best Foreign Film.  However,
in recent months, groups that oppose "pornography" have persuaded the
Oklahoma City Library to remove copies of the film from the public
library.  For this reason, we are now making the book available at the
EPIC Bookstore.

Support the Freedom to Read.

Check out the EPIC Bookstore at:

     http://www.epic.org/bookstore/

------------------------------

Date: Thu, 24 Jul 1997 15:46:28 -0500
From: ecavazos <ecavazos@interliant.com>
Subject: File 5--Computers and the Law IV Symposium

           Computers & The Law IV Symposium
                October 6-9, Boston

Computers & The Law IV is the only event to bring together corporate
decision-makers, computer professionals and legal experts to discuss
Internet
and Web technology in the eyes of the law.  This conference provides a
forum and educational opportunities for all those interested in
keeping their system investment safe and within the law.
Topics will include:
* Corporate liablity on the Internet
* Internet risk management in the enterprise
* Hiring a SysAdmin you can trust
* Legal risks of Internet commerce
* Establishing a fair-use policy
* Prosecuting system intruders
* Communicating with your SysAdmin
* Understanding copyright law
* Assessing your exposure to hackers
* Employee privacy vs. owner rights
... and much more!

               FOR MORE INFORMATION CONTACT
 The Sun User Group  * 14 Harvard Ave, 2nd Floor * Allston, MA 02134
     (617)787-2301 * conference@sug.org * http://www.sug.org/CL4

------------------------------

Date: Fri, 01 Aug 1997 14:40:09 +0200
From: Gisle Hannemyr <gisle@hannemyr.no>
Subject: File 6--Hacking Considered Constructive

I have just completed an essay: "Hacking Considered Constructive",
which I hope will be of interest to the readers of CU Digest.
The essay is accessible on the web:

   http://home.sn.no/home/gisle/oks97.html

Comments from the readers of CU Digest will be most welcome.
My e-mail address is <gisle@hannemyr.no>.

===

                             Abstract
                             --------

The premise for the paper is that "hackers" as an identifiable
group of computer workers arose as a reaction to Taylorist
influences on system development which instigated the deliberate
destruction of programming as a craft. It then explores the rise
of the hacker community, and the explicit and implicit ideologies
expressed through hacking. Finally, by deconstructing computer
artifacts of origin both inside and outside the hacker community,
it attempts to contrast the two approaches to design, and to
infer the embedded properties of the resulting artifacts.

------------------------------

Date: Fri, 1 Aug 1997 07:16:14 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
Subject: File 7--Letter to AOL on "proposed censorship summit with rad-right"

Source -  fight-censorship@vorlon.mit.edu

Date--   97-07-31 11:43:06 EDT
From--   WildcatPrs
To--     Steve Case

Dear Steve Case,

As one of the plaintiffs in the ACLU/ALA case on the CDA, who saw
it through all the way to the Supreme Court, I am shocked and
dismayed that you would dignify the demands of the Christian
Coalition et al by sitting down with them in such a summit.

You know and I know that America Online will leave that
negotiating table having made major concessions on the subject of
Internet censorship -- not only for content on gay and lesbian
and AIDS, but also women's issues and many other subjects.   The
religious right have a very long list of subjects that they would
like to censor out of U.S. libraries, schools and media...which
you will discover if you take the trouble to read BANNED BOOKS,
published each year by the ALA.

Get a clue, Mr. Case  This battle over "content" is not really
about "child pornography."  It is a thinly veiled disguise for
the radical right's efforts to impose its total belief and its
proposed penal system on the people of the United States.  It
wants to have the United States be like the Colony of
Massachusetts before the Revolution.  I suggest you read some
history, and ponder whether you would have liked living under the
religious dictatorship that ran the colony.

Between 1962 and 1972, I lived in Spain as a working journalist
for the Reader's Digest, working out of its office in Madrid, and
I saw in operation just the kind of right-wing censorship system
that the Christian Coalition et al would like to impose on this
country.  Part of its success involved just the kind of
"self-censorship" that you are now proposing to slap on your own
company.  You are no different than the Spanish book publishers
who sat down with the Catholic Church and agreed on what could be
published.   As a result, Spanish culture languished.  The
Spanish people reached the point where they had lots of jokes
about self-censorship and didn't take their own media or culture
seriously.   It all came to an end in 1975, when Franco died, and
the Spanish people were so sick of church and censors that the
new government moved to end the hegemony of the Spanish Catholic
Church and put an end to censorship.

So shame on you for moving to introduce this kind of censorship
to the United States of America.   I have been a loyal customer
of AOL since I got onto the Internet two years ago, and I will
take my business elsewhere if you go through with this summit.

Sincerely,
Patricia Nell Warren

Wildcat Press
8306 Wilshire Blvd. Box 8306
Beverly Hills, CA 90211
213/966-2466
213/966-2467 fax

------------------------------

Date: Thu, 24 Jul 1997 10:46:51 EST
From: "Rob Slade, doting grandpa of Ryan & Trevor"
Subject: File 8--Review - "A Gift of Fire" by Baase

BKGFTFIR.RVW   970222

"A Gift of Fire", Sara Baase, 1997, 0-13-458779-0
%A   Sara Baase giftoffire@sdsu.edu
%C   One Lake St., Upper Saddle River, NJ   07458
%D   1997
%G   0-13-458779-0
%I   Prentice Hall
%O   +1-201-236-7139 fax: +1-201-236-7131 beth_hespe@prenhall.com
%P   382
%T   "A Gift of Fire: Social, Legal, and Ethical Issues in Computing"

I found this book very surprising.  As a look at computer ethics,
it covers privacy, encryption, reliability, intellectual
property, crime, work, and social issues.  Each chapter comes
with review exercises, general exercises, and assignments that
are reasonably well chosen and formulated.  There are extensive
endnotes and references for further study.

There are, however, two major flaws.

One concerns the technical level of the material.  Most of the
cases presented are not inaccurate, but they are often
oversimplified.  A lack either of technical understanding or of
research seems evident in places.  Internet-pornography-blocking
software is mentioned, but not the more disturbing addition of
political restrictions to that software.  The initial use of
"hacker" as a positive term is mentioned--and then completely
ignored, as crackers, phreaks, and virus writers are all lumped
together as hackers.  True, a discussion of computer ethics and
social issues does not always require a detailed understanding of
the technology, but a debate proceeding on the basis of a flawed
understanding is more likely to come to a flawed conclusion.

The other problem is that ethics are left completely out of the
picture until the final chapter of the book.  This is extremely
odd, and suggests that the first ninety percent of the book will
be used in a "pooling of ignorance" exercise before any common
ground has been discussed.

With its breadth of topics (rather like a less thorough version
of "Computer Related Risks" [cf. BKCMRLRS.RVW]), it would make a
reasonable adjunct text for an ethics/social issues course.  But
it is no replacement for Johnson's "Computer Ethics" [cf.
BKCMPETH.RVW].

copyright Robert M. Slade, 1997   BKGFTFIR.RVW   970222

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
  "The only thing necessary for the triumph of evil is for good men to do
   nothing."  - Edmund Burke       http://www2.gdi.net/~padgett/trial.htm

------------------------------

Date: Sat, 9 Aug 1997 13:38:30 -0500
From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 9--Janet Reno's comments on Encryption

((MODERATORS' NOTE: The following was provided by Mike Godwin
on the Well)).

   --------

                                 26 July 1997
       Source: Hardcopy from Declan McCullagh http://www.netlynews.com

  See parallel 21 July 1997 declassified transcript of congressional hearing
                                on encryption.

  -----------------------------------------------------------

                        Office of the Attorney General

                            Washington, D.C. 20530

                           July 18, 1997

 Dear Member of Congress:

       Congress is considering a variety of legislative proposals
 concerning encryption.  Some of these proposals would, in effect,
 make it impossible for the Federal Bureau of Investigation (FBI),
 Drug Enforcement Administration (DEA), Secret Service, Customs
 Service, Bureau of Alcohol, Tobacco and Firearms, and other
 federal, state, and local law enforcement agencies to lawfully
 gain access to criminal telephone conversations or electronically
 stored evidence possessed by terrorists, child pornographers,
 drug kingpins, spies and other criminals.  Since the impact of
 these proposals would seriously jeopardize public safety and
 national security, we collectively urge you to support a
 different, balanced approach that strongly supports commercial
 and privacy interests but maintains our ability to investigate
 and prosecute serious crimes.

       We fully recognize that encryption is critical to
 communications security and privacy, and that substantial
 commercial interests are at stake.  Perhaps in recognition of
 these facts, all the bills being considered allow market forces
 to shape the development of encryption products.  We, too, place
 substantial reliance on market forces to promote electronic
 security and privacy, but believe that we cannot rely solely on
 market forces to protect the public safety and national security.
 Obviously, the government cannot abdicate its solemn
 responsibility to protect public safety and national security.

       Currently, of course, encryption is not widely used, and
 most data is stored, and transmitted, in the clear.  As we move
 from a plaintext world to an encrypted one, we have a critical
 choice to make:  We can either (1) choose robust, unbreakable
 encryption that protects commerce and privacy but gives criminals
 a powerful new weapon, or (2) choose robust, unbreakable
 encryption that protects commerce and privacy and gives law
 enforcement the ability to protect public safety.  The choice
 should be obvious and it would be a mistake of historic
 proportions to do nothing about the dangers to public safety
 posed by encryption without adequate safeguards for law
 enforcement.

       Let there be no doubt:  without encryption safeguards, all
 Americans will be endangered.  No one disputes this fact; not

  -----------------------------------------------------------

 industry, not encryption users, no one.  We need to take
 definitive actions to protect the safety of the public and
 security of the nation.  That is why law enforcement at all
 levels of government -- including the Justice Department,
 Treasury Department, the National Association of Attorneys
 General,  International Association of Chiefs of Police, the
 Major City Chiefs, the National Sheriffs' Association, and the
 National District Attorneys Association -- are so concerned about
 this issue.

      We all agree that without adequate legislation, law
 enforcement in the United States will be severely limited in its
 ability to combat the worst criminals and terrorists.  Further,
 law enforcement agrees that the widespread use of robust non-key
 recovery encryption ultimately will devastate our ability to
 fight crime and prevent terrorism.

      Simply stated, technology is rapidly-developing to the point
 where powerful encryption will become commonplace both for
 routine telephone communications and for stored computer data.
 Without legislation that accommodates public safety and national
 security concerns, society's most dangerous criminal will be
 able to communicate safely and electronically store data without
 fear of discovery.  Court orders to conduct electronic
 surveillance and court-authorized search warrants will be
 ineffectual, and the Fourth Amendment's carefully-struck balance
 between ensuring privacy and protecting public safety well be
 forever altered by technology.  Technology should not dictate
 public policy, and it should promote, rather than defeat, public
 safety.

      We are not suggesting the balance of the Fourth Amendment be
 tipped toward law enforcement either.  To the contrary, we only
 seek the status quo, not the lessening of any legal standard or
 the expansion of any law enforcement authority.  The Fourth
 Amendment protects the privacy and liberties of our citizens but
 permits las enforcement to use tightly controlled investigative
 techniques to obtain evidence of crimes.  The result has been the
 freest country in the world with the strongest economy.

      Law enforcement has already confronted encryption in high-
 profile espionage, terrorist, and criminal cases.  For example:

           *    An international terrorist was plotting to blow up
                11 U.S.-owned commercial airliners in the Far
                East.  His laptop computer, which was seized in
                Manila, contained encrypted files concerning this
                terrorist plot.

           *    A subject in a child pornography case used
                encryption in transmitting obscene and
                pornographic images of children over the Internet.

                                 2

  -----------------------------------------------------------

           *    A major international drug trafficking subject
                recently used a telephone encryption device to
                frustrate court-approved electronic surveillance.

 And this is just the tip of the iceberg. Convicted spy Aldrich
 Ames, for example, was told by the Russian Intelligence Service
 to encrypt computer file information that was to be passed to
 them.

      Further, today's international drug trafficking
 organizations are the most powerful, ruthless and affluent
 criminal enterprises we have ever faced. We know from numerous
 past investigations that they have utilized their virtually
 unlimited wealth to purchase sophisticated electronic equipment
 to facilitate their illegal activities. This has included state
 of the art communication and encryption devices. They have used
 this equipment as a part of their command and control process for
 their international criminal operations. We believe you share
 our concern that criminals will increasingly take advantage of
 developing technology to further insulate their violent and
 destructive activities.

      Requests for cryptographic support pertaining to electronic
 surveillance interceptions from FBI Field Offices and other law
 enforcement agencies have steadily risen over the past several
 years.  There has been an increase in the number of instances
 where the FBI's and DEA's court-authorized electronic efforts
 were frustrated by the use of encryption that did not allow for
 law enforcement access.

      There have also been numerous other cases where law
 enforcement, through the use of electronic surveillance, has not
 only solved and successfully prosecuted serious crimes but has
 also been able to prevent life-threatening criminal acts. For
 example, terrorists in New York were plotting to bomb the united
 Nations building, the Lincoln and Holland Tunnels, and 26 federal
 Plaza as well as conduct assassinations of political figures.
 Court-authorized electronic surveillance enable the FBI to
 disrupt the plot as explosives were being mixed. Ultimately, the
 evidence obtained was used to convict the conspirators. In
 another example, electronic surveillance was used to stop and
 then convict two men who intended to kidnap, molest, and kill a
 child. In all these cases, the use of encryption might have
 seriously jeopardized public safety and resulted in the loss of
 life.

      To preserve law enforcement's abilities, and to preserve the
 balance so carefully established by the Constitution, we believe
 any encryption legislation must accomplish three goals in
 addition to promoting the widespread use of strong encryption.
 It must establish:

                                 3

  ----------------------------------------------------------

           *    A viable key management infrastructure that
                promotes electronic commerce and enjoys the
                confidence of encryption users.

           *    A key management infrastructure that supports a
                key recovery scheme that will allow encryption
                users access to their own data should the need
                arise, and that will permit law enforcement to
                obtain lawful access to the plain text of
                encrypted communications and data.

           *    An enforcement mechanism that criminalizes both
                improper use of encryption key recovery
                information and the use of encryption for criminal
                purposes.

      Only one bill, S.909 (the McCain/Kerrey/Hollings bill),
 comes close to meeting these core public safety, law enforcement,
 and national security needs.  The other bills being considered by
 Congress, as currently written, risk great harm to our ability to
 enforce the laws and protect our citizens.  We look forward to
 working to improve the McCain~Kerrey/Hollings bill.

      In sum, while encryption is certainly a commercial interest
 of great importance to the Nation, it is not solely a commercial
 or business issue. Those of us charged with the protection of
 public safety and national security, believe that the misuse of
 encryption technology will become a matter of life and death in
 many instances.  That is why we urge you to adopt a balanced
 approach that accomplishes the goals mentioned above.  Only this
 approach will allow police departments, attorneys general,
 district attorneys, sheriffs, and federal authorities to continue
 to use their most effective investigative techniques, with court
 approval, to fight crime and espionage and prevent terrorism.

                               Sincerely yours,

                               [Signature]

                               Janet Reno
                               Attorney General

                                  4

  -------------------------------------------------------

 [Signatures with each of the following]

 Louis Freeh                        Barry McCaffrey
 Director                           Director
 Federal Bureau of Investigation    Office of National Drug
                                      Control Policy

 Thomas A. Constantine              Lewis C. Merletti
 Director                           Director
 Drug Enforcement Administration    United States Secret Service

 Raymond W. Kelly                   George J. Weise
 Undersecretary for Enforcement     Commissioner
 U.S. Department of Treasury        United States Customs Service

 John W. Magaw
 Director
 Bureau of Alcohol, Tobacco
   and Firearms

------------------------------

Date: Sat, 9 Aug 1997 16:38:41 -0500
From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt)

From Wired, at: http://www.wired.com/news/news/politics/story/5840.html

by Wired News Staff
Crime and Crypto: A Report Shaded Gray

5:02am  7.Aug.97.PDT The reports sound ominous:

    In Italy, the Mafia is downloading PGP to help ward off
investigators.

    In Colombia, the Cali cocaine cartel maintains encrypted personnel
files - complete with lists of relatives to be leaned on when
necessary - and has scrambled some of its telecommunications.

    In Japan, the Aum Shinri Kyo cult kept RSA-encrypted plans for
launching a chemical and nuclear campaign of mass murder both at home
and in the United States.

A study by two authorities on the US encryption debate lists many more
incidents in which cops have faced down criminals armed with the
cryptographic means to hide what they're doing. But amid the
discussion of all that these developments imply, the doom scenario one
might be tempted to cut to in a report by government-friendly crypto
experts is remarkably missing.

Instead, the authors - Georgetown University computer scientist
Dorothy Denning and William Baugh, vice president of Science
Applications International Corp. and former assistant director of the
FBI - conclude that strict export controls and key-management systems
are unlikely to stop criminals.

"No approach to encryption will be foolproof. Whereas export controls
clearly have an impact on product lines, they do not keep unbreakable
encryption out of the hands of criminals entirely," says the report,
which Denning and Baugh developed over the past six months and began
circulating late this spring. It was published last week.

The report is part of a series by the National Strategy Information
Center's US Working Group on Organized Crime, a group that includes
academics, congressional staffers, and officials from the Defense
Department, FBI, Drug Enforcement Administration, and Federal Reserve.

Sifting through accounts of criminal cases involving encryption - some
from law officers or security professionals, some from academic or
government studies, some from journalists' accounts - Denning and
Baugh estimate the total number of criminal cases involving encryption
worldwide is at least 500, with an annual growth rate of 50 percent to
100 percent. But the report's collected anecdotes suggest that so far,
though, encrypted files have sometimes slowed investigations and made
them more expensive, and that law officers have found ways to crack
ciphers or used other evidence to complete prosecutions.

<snip>

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 11--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

         In ITALY: ZERO! BBS: +39-11-6507540

  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.61
************************************