Computer underground Digest    Wed  Oct 29, 1997   Volume 9 : Issue 78
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.78 (Wed, Oct 29, 1997)

File 1--Sen. Lott's comments on Encryption (Cong. Record)
File 2--NPR Reporter Indicted For Trading Porn on the Net
File 3--Hack into Yale
File 4--Mitnick Might Get Computer Use
File 5--IRISS'98 Internet Research and Information for Social (fwd)
File 6--Re: In "Web things to do when you're dead" (CuD 9.73)
File 7--Electronic Frontier Canada opposes Internet content control
File 8--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sat, 25 Oct 1997 09:19:53 -0700 (PDT)
From: Mike Godwin <mnemonic@well.com>
Subject: File 1--Sen. Lott's comments on Encryption (Cong. Record)

((MODERATORS' COMMENT: The following is taken from The Well's
EFF conference. Information about The Well can be obtained
at:  http://www.well.com))

 From the Congressional Record
  ----------------------------------------------------------
 ENCRYPTION (Senate - October 21, 1997)
  ----------------------------------------------------------

 [Page: S10879]

 Mr. LOTT. Mr. President, I would like to report to my colleagues on the
 activities in the House to establish a new export policy on encryption.
 This is an issue that is still at the top of my list of legislation I
 hope this Congress can resolve within the next 2 months. The House's
 actions last month turned a spotlight on how this issue should
 ultimately be resolved.

 Let me briefly review the issue. Encryption is a mathematical way to
 scramble and unscramble digital computer information during transmission
 and storage. The strength of encryption is a function of its size, as
 measured in computer bits. The more bits an encryption system has, the
 more difficult it is for someone else to illegally unscramble or hack
 into that information.

 Today's computer encryption systems commonly used by businesses range
 from 40 bits in key length to 128 bits. A good hacker, let's say a
 criminal or a business competitor, can readily break into a computer
 system safeguarded by a lower-technology 40-bit encryption system. On
 the other hand, the 128-bit encryption systems are much more complex and
 pose a significant challenge to any would-be hacker.

 Obviously, all of us would prefer to have the 128-bit systems. And
 equally as important, we would like to buy such systems from American
 companies. Firms we can routinely and safely do business with. Foreign
 companies and individuals also want to buy such systems from American
 companies. They admire and respect our technological expertise, and
 trust our business practices. The United States remains the envy of the
 world in terms of producing top-notch encryption and information
 security products.

 However, current regulations prohibit U.S. companies from exporting
 encryption systems stronger than the low-end, 40-bit systems. A few
 exceptions have been made for 56-bit systems. Until recently, it has
 been the administration's view that stronger encryption products are so
 inherently dangerous they should be classified at a level equal to
 munitions, and that the export of strong encryption must be heavily
 restricted.

 While we are restricting our own international commerce, foreign
 companies are now manufacturing and selling stronger, more desirable
 encryption systems, including the top-end 128-bit systems, anywhere in
 the world they want. Clearly, our policy doesn't make sense. Just as
 clearly, our export policies on encryption have not kept up to speed
 with either the ongoing changes in encryption technology or the needs
 and desires of foreign markets for U.S. encryption products.

 My intention is neither to jeopardize our national security nor harm law
 enforcement efforts. I believe we must give due and proper regard to the
 national security and law enforcement implications of any changes in our
 policy regarding export of encryption technology. But it is painfully
 obvious we must modernize our export policies on encryption technology,
 so that U.S. companies can participate in the world's encryption
 marketplace. The legislative initiative on this issue has always been
 about exports, but this summer that changed.

 During the past month, the FBI has attempted to change the debate by
 proposing a series of new mandatory controls on the domestic sale and
 use of encryption products. Let me be clear. There are currently no
 restrictions on the rights of Americans to use encryption to protect
 their personal financial or medical records or their private e-mail
 messages. There have never been domestic limitations, and similarly,
 American businesses have always been free to buy and use the strongest
 possible encryption to protect sensitive information from being stolen
 or changed. But now, the FBI proposes to change all that.

 The FBI wants to require that any company that produces or offers
 encryption security products or services guarantee immediate access to
 plain text information without the knowledge of the user. Their proposal
 would subject software companies and telecommunications providers to
 prison sentences for failure to guarantee immediate access to all
 information on the desktop computers of all Americans. That would move
 us into an entirely new world of surveillance, a very intrusive
 surveillance, where every communication by every individual can be
 accessed by the FBI.

 Where is probable cause? Why has the FBI assumed that all Americans are
 going to be involved in criminal activities? Where is the Constitution?

 And how would this proposal possibly help the FBI? According to a
 forthcoming book by the M.I.T. Press, of the tens of thousands of cases
 handled annually by the FBI, only a handful have involved encryption of
 any type, and even fewer involved encryption of computer data. Let's
 face it--despite the movies, the FBI solves its cases with good
 old-fashioned police work, questioning potential witnesses, gathering
 material evidence, and using electronic bugging or putting microphones
 on informants. Restricting encryption technology in the U.S. would not
 be very helpful to the FBI.

 The FBI proposal won't work. I have talked with experts in the world of
 software and cryptography, who have explained that the technology which
 would provide compliance with the FBI standard simply does not exist.
 The FBI proposal would force a large unfunded mandate on our high
 technology firms, at a time when there is no practical way to accomplish
 that mandate.

 Rather than solve problems in our export policy, this FBI proposal would
 create a whole new body of law and regulations restricting our domestic
 market.

 This and similar proposals would also have a serious impact on our
 foreign market. Overseas businesses and governments believe that the
 U.S. might use its keys to computer encryption systems to spy on their
 businesses and politicians. Most U.S. software and hardware
 manufacturers believe this is bad for business and that nobody will
 trust the security of U.S. encryption products if this current policy
 continues. In fact, this proposal appears to violate the European
 Union's data-privacy laws, and the European Commission is expected to
 reject it this week.

 So, the FBI proposal would: Invade our privacy; be of minimal use to the
 FBI; would require nonexistent technology; would create new
 administrative burdens; and would seriously damage our foreign markets.

 This is quite a list.

 Mr. President, the FBI proposal is simply wrong. I have learned that
 even the administration does not support this new FBI proposal. So why
 does the FBI believe it must now subject all Americans to more and more
 surveillance?

 This independent action by the FBI has created confusion and mixed
 signals which are troublesome for the Senate as it works on this
 legislation. Perhaps the FBI and the Justice Department need to focus
 immediately on a coordinated encryption position.

 Mr. President, I congratulate the members of the House Commerce
 Committee for rejecting this FBI approach by a vote margin of more than
 2 to 1.

 I am sure all of my colleagues are sympathetic to the fact that emerging
 technologies create new problems for the FBI.

 But we must acknowledge several truths as Congress goes forward to find
 this new policy solution. People increasingly need strong information
 security through encryption and other means to protect their personal
 and business information. This demand will grow, and somebody will meet
 it. In the long term, it is clearly in our national interest that U.S.
 companies meet the market demand. Individuals and businesses will either
 obtain that protection from U.S. firms or from foreign firms. I firmly
 believe that all of our colleagues want American firms to successfully
 compete for this business. Today there are hundreds of suppliers of
 strong encryption in the world marketplace. Strong encryption can be
 easily downloaded off the Internet. Even if Congress wanted to police or
 eliminate encryption altogether, I am not sure that is doable.

 So, let's deal with reality. Clamping down on the constitutional rights
 of American citizens, in an attempt to limit the use of a technology, is
 the wrong solution. The wrong solution. This is especially true with
 encryption technology because it has so many beneficial purposes. It
 prevents hackers and espionage agents from stealing valuable
 information, or worse, from breaking into our own computer networks. It
 prevents them from disrupting our power supply, our financial markets,
 and our air traffic control system. This is scary--and precisely why we
 want this technology to be more available.

 Only a balanced solution is acceptable. Ultimately, Congress must
 empower Americans to protect their own information. Americans should not
 be forced to only communicate in ways that simply make it more
 convenient for law enforcement officials. This is not our national
 tradition. It is not consistent with our heritage. It should not become
 a new trend.

 Mr. President, I would like to establish a framework to resolve this
 difficult issue. I hope to discuss it with the chairmen and ranking
 members of the key committees. I especially look forward to working with
 the chairman of the Commerce, Science and Transportation Subcommittee on
 Communications, Senator Burns. He was the first to identify this issue
 and try to solve it legislatively. His approach on this issue has always
 been fair and equitable, attempting to balance industry wants with law
 enforcement requirements.

 I believe there are other possible ideas which could lead to a consensus
 resolution of the encryption issue. It is my hope that industry and law
 enforcement can come together to address these issues, not add more
 complexity and problems. The bill passed by the House Commerce Committee
 included a provision establishing a National Encryption Technology
 Center. It would be funded by in-kind contributions of hardware,
 software, and technological expertise. The National Encryption
 Technology Center would help the FBI stay on top of encryption and other
 emerging computer technologies. This is a big step. This is a big step
 in the right direction.

 It is time to build on that positive news to resolve encryption policy.

 Mr. President, there is an op-ed piece which appeared in the Wall Street
 Journal on Friday, September 26. It is well written and informative,
 despite the fact that its author is a good friend of mine. Mr. Jim
 Barksdale is the president and CEO of Netscape Communications and is
 well-versed in encryption technology. Mr. Barksdale's company does not
 make encryption products; they license such products from others. They
 sell Internet and business software and, as Jim has told me many times,
 his customers require strong encryption features and will buy those
 products either from us or foreign companies.

 Again, let's deal with reality. The credit union manager in
 Massachusetts, the real estate agent in Mississippi, the father writing
 an e-mail letter to his daughter attending a California university, each
 want privacy and security when using the computer. They will buy the
 best systems available to ensure that privacy and security. And, in just
 the same way, the banker in Brussels, Belgium, the rancher in Argentina,
 and the mother writing e-mail to her daughter in a university in
 Calcutta, India, each of these people also want privacy and security.
 They also will buy the best systems available to ensure that privacy and
 security. And they want encryption systems they trust--American systems.
 That's what this debate is about.

 Mr. President, if Congress does not modernize our export controls, we
 run the real risk of destroying the American encryption industry. And we
 risk giving a significant and unfair advantage to our foreign business
 competitors.

   [Page: S10881]

------------------------------

Date: Fri, 17 Oct 1997 18:19:13 GMT
From: owner-cyber-liberties@aclu.org
Subject: File 2--NPR Reporter Indicted For Trading Porn on the Net

Cyber-liberties Update


NPR Reporter Indicted For Trading Porn on the Net While
Researching Story

A veteran reporter for National Public Radio, who says he was
engaged in lawful newsgathering activities, was indicted in late
August by a federal grand jury for allegedly receiving and
sending child pornography through the Internet, Jane Kirtley,
Executive Director of the Reporters Committee for Freedom of the
Press (RCFP) said.

Larry Matthews pleaded not guilty to nine felony counts of
possession of child pornography and six counts of distribution of
such material in federal District Court in Maryland, saying that
he was using the material as research for a freelance story on
child pornography on the Internet.

Matthews had reported three stories on the issue prior to his
indictment, Kirtley said.

"This is exactly the type of action we predicted would happen
when Senator Hatch moved to pass the Child Pornography Prevention
Act (CPPA) which amended the Privacy Protection Act of 1980.  The
new law removes exemptions that protected journalists from
federal search and seizures and creates an overbroad definition
of pornography," she said.

"The amendment was unnecessary since child pornography is already
illegal and the amendment leads to the overzealous persecution of
journalists engaged in protected newsgathering activities,"
Kirtley said.

The ACLU along with other week free-speech advocates recently
filed an appeal before the Court of Appeals in the Ninth Circuit
to another decision which upheld the CPPA as constitutional.

The suit is a pre-enforcement challenge to the law and claims it
is unconstitutional because it criminalizes the publication or
transmission of non-obscene images that "appear" to portray
children involved in sexual acts.  The law applies to
computer-generated images, morphed images, films and drawings,
and bans any depiction that "is, or appears to be, of a minor
engaged in sexually explicit conduct."

 +++++++++++++++++

About Cyber-Liberties Update:

ACLU Cyber-Liberties Update Editor:
Cassidy Sehgal (Cassidy_Sehgal@aclu.org)
American Civil Liberties Union
National Office 125 Broad Street,
New York, New York 10004

To subscribe to the ACLU Cyber-Liberties Update, send a message to
majordomo@aclu.org with "subscribe Cyber-Liberties" in the body of your
message. To terminate your subscription, send a message to
majordomo@aclu.org with "unsubscribe Cyber-Liberties" in the body.

------------------------------

Date: Sun, 19 Oct 1997 21:16:13 -0500 (CDT)
From: Avi Bass <te0azb1@corn.cso.niu.edu>
Subject: File 3--Hack into Yale

Hacker breaks into Yale e-mail

By Jeff Herzog, The Yale Daily News, Oct. 16, 1997

Although no students realized it, Yale's computers were under attack
Tuesday.

A computer hacker "attacked" one of Yale's main e-mail account servers
under the nose of Information and Technology Service officials.

ITS staff detected a breach of the Pantheon login server as the
attacker aimed to capture passwords and login names, ITS officials
said.

"The primary purpose of the attack was to use Yale as an attack point
for other sites," Director of Academic Computing Services Philip Long
said. As a result of the security breech, ITS required all pantheon
users to change their account passwords.

"We don't have evidence of damage or tampering with accounts, but we
think it's important for students to change their security passwords
as a precaution," Long said.

ITS administrators said they believe that the hacker used a "sniffer,"
a rogue program designed to capture undetected all login names and
passwords.

As to the extent of damage the hacker caused, Long added, "We don't
have evidence of small or wide spread compromise of accounts."

<snip>

------------------------------

Date: Sun, 12 Oct 1997 16:14:45 -0400
From: "Evian S. Sim" <evian@escape.com>
Subject: File 4--Mitnick Might Get Computer Use

Valley Focus North Hills Alleged Hacker May Get Use of Computer
Los Angeles Times (LT)
FRIDAY October 10, 1997
By: ASSOCIATED PRESS
Edition: Valley Edition
Section: Metro
Page: 3  Pt. B
Story Type: Column; Brief;
Wire Word Count: 312

A federal judge may allow Kevin Mitnick use of a computer to help
him defend himself against computer and wire fraud charges.

U.S. District Judge Mariana Pfaelzer earlier had vowed to keep
Mitnick away from computers, but she seemed to back away from
that edict after listening to lawyers' arguments Wednesday.

Mitnick, who grew up in the Valley and began his electronic
obsession by breaking into Los Angeles Unified School District
computers while a student at Monroe High School in North Hills,
was on parole for other computer-related convictions when he
allegedly went on a three-year hacking spree in 1992. He has been
in prison since he was arrested in 1995.

Pfaelzer set an April 14 trial on 25 counts of computer and wire
fraud, possessing unlawful access devices, damaging computers and
intercepting electronic messages.

Mitnick has pleaded not guilty to those charges. If convicted, he
could face another five to 10 years in prison.

<snip>

Assistant U.S. Attorney David Schindler said that if all the
documents were printed it would fill up a space larger than the
courtroom.

Pfaelzer seemed to warm to the notion that Mitnick have access to
a laptop computer, and she told both sides to confer on how
Mitnick could best view the evidence against him.

Mitnick has been in jail since he was arrested in February 1995
in Raleigh, N.C., after an investigation and cross-country
manhunt ended in a trap sprung by Tsutomo Shimomura, an expert in
computer security.

Copyright (c) 1997, Times Mirror Company

------------------------------

Date: 97-10-19 14:59:13 EDT
From: John.Kirriemuir@bristol.ac.uk (John Kirriemuir)
Subject: File 5--IRISS'98 Internet Research and Information for Social (fwd)

1st call for delegates for IRISS and
2nd call for abstracts for IRISS

IRISS'98 Internet Research and Information for Social
Scientists
25-27 March 1998
University of Bristol, UK
http://www.sosig.ac.uk/iriss/
email: iriss-info@bris.ac.uk

A three day conference hosted by the Institute for Learning
and Research Technology at the University of Bristol.

The first international IRISS conference aims to bring
together social scentists who are interested in the
Internet, either as a means of supporting and
enhancing their work, or as a focus for their research.

***CONFERENCE THEMES***

The themes of this year's conference are Internet skills, sites and
social effects.  The conference aims to reflect the practical and
theoretical questions raised by the increasing role of networked
information in the social sciences and society. Topics for debate
include:

* how can social scientists make effective use of the
Internet in their work?
* where and how are social scientists using the Internet
to enhance their work and what effect is it having on
traditional roles and working methods?
* what high quality information can the Internet supply to
social scientists?
* what impact does the Internet have on individuals and
society and what visions do we have for the future?

***ATTENDING IRISS AS A DELEGATE***

This is the first call for delegates for IRISS. Confirmed, to date,
for the conference are:

* several high-profile keynote speakers
* a large variety of papers and presentations, covering all of the
conference themes, and presented by speakers from a combination of
academic, commercial, public and social/voluntary organisations
* pre and during conference hands-on workshops, in fully networked
rooms and conducted by experienced Internet for Social Scientist
trainers
* the main conference dinner, held in the prestigious Harveys
Restaurant and Museum - see:
http://www.sosig.ac.uk/iriss/harveys.html

Bristol is a city in the west of England; it is served by an
international airport, located 11 miles south of the city. The city has
two major train stations, with frequent train services to London (in
under 2 hours) and other cities. South Wales is a few minutes away by
train or car, and the scenic areas of the Cotswolds, Cornwall and Devon
are all easily accessible, as are attractions such as the city of Bath,
Stonehenge and Avebury.

Bristol itself is a thriving cosmopolitan city, with a very lively
social and cultural scene. The city has many famous sites of
interest, such as the Clifton suspension bridge and the S.S. Great
Britain, which are within a short distance of the conference location
and accomodation. Various on-line guides to Bristol include:

http://www.epost.co.uk/standards/bestofbris.html
http://www.bristol.digitalcity.org/org/council/about-bristol.html

A reduction is available to all delegates registering before 19
December 1997. Further details on booking can be found on the IRISS Web
site.

***CALL FOR PAPERS***

We invite papers and participation from:

* practitioners in the field who use the Internet to
support their day to day work
* researchers using Internet information and communication
in their research
* librarians developing their Internet knowledge and skills
to serve a social science user group
* educators interested in using the Internet for teaching
and learning
* information providers who publish on the Internet and
wish to reach the social science community

In addition to concurrent paper and workshop sessions the
conference will feature an ongoing poster session and a
dedicated Internet Gallery in a fully networked environment
enabling contributors to display high quality Internet
resources.

***HOW TO CONTRIBUTE***

If you are interested in submitting a paper, joining the
Internet Gallery or ongoing poster session, visit our Web
site at:

http://www.sosig.ac.uk/iriss/

for conference information together with online booking and
submission forms. The Web site will be updated frequently
as information becomes available and will include full
programme details and abstracts. The deadline for the
submission of abstracts is 7 November 1997.

***CONFERENCE FEE***

Delegates presenting papers will pay a reduced conference
fee. A reduction will also be available to all delegates
registering before 19 December 1997. Full details are
available from the Web site.

***HOST A MEETING AT IRISS***

Would your organisation or professional association like to
host a meeting at IRISS? We can provide free meeting
rooms and refreshments for groups booking to attend the
conference. Special discounts are available to groups of
10 or more. For further information contact the Conference
Secretary at:

iriss-info@bris.ac.uk

General conference enquiries should be directed to:

IRISS Conference Secretariat
Institute for Learning and Research Technology
University of Bristol
8 Woodland Road
BRISTOL
BS8 1TN, UK
Tel: +44 (0)117 928 8474
Fax: +44 (0)117 928 8473
Email: iriss-info@bris.ac.uk

IRISS Web site:  http://www.sosig.ac.uk/iriss/

------------------------------

Date: Mon, 13 Oct 97 11:01:45 MDT
From: Dave++ Ljung <dxl@HPESDXL.FC.HP.COM>
Subject: File 6--Re: In "Web things to do when you're dead" (CuD 9.73)

I couldn't help but comment on this:

|Things to Do on the Web When You're Dead
|  by David Blatner <david@afterlife.org>
|
|  ... But I wonder how many people's sites are simply being "turned off"
|  when they no longer have a voice (or a checkbook) to sustain them?

I like how you sneaked in that bit about the checkbook.
That comment seems to imply that a web presence should be free.
I fear a society where people not only don't have to work to supply
themselves with food and shelter, but they have a 'right' to a home
page?  Frightening.  Who exactly would pay for such a society?

--------------------------------------------------

|From--The Old Bear <oldbear@arctos.com>
|Subject--Spam Analysis
|
|   3. the apparent evolution of a subset of standard English
|      punctuation which might be called 'spammese'.

Excellent catch on the exclamation point.  I've been filtering my
mailbox for spam as well - and I've found that the To, From and Subject
fields can often give away spam - part of my filter searches for:

From:.*(success|money|mailbot)
To:.*(free@|you@|success|nobody@|friend@|money|askme|prices)
Subject:.*(18\+|Pix|Hot.*Website|Adult.*Video)

I only hit normal email (normail? ;) once with these regexps, and
only because I screwed up and used 18+ instead of 18\+.

I find that false positives aren't a problem because procmail saves off
guessed SPAM and sends a reply explaining that the message was recognized
as spam and gives contact instructions if this is a mistake.  Not once
has a spammer used my contact instructions to get spam to me.

--------------------------------------------------

|From--Jonathan Wallace <jw@bway.net>
|Subject--File 9--THE X-STOP FILES: The Truth Isn't Out There
|
|        So another censorware product has been found to secretly been
|blacklisting gay and lesbian material, anti-censorship sites, feminist...

I fully agree with your analysis that censorware doesn't work and will
probably never work well.  I am however concerned that we are pointing
out the impracticalities of one of the concepts we used to our defense
against censorship of the entire net.

So - to play Devil's Advocate for a moment, let's say you have children
that you want to use the computer, but you really don't want them to
access pornography when you're not looking.  Sure - you could tell
them to be a better parent, but my parents were great and I would've
been up until two in the morning finding out what the female body
looks like if we had the net when I was a kid  :)

Disregarding the discussion over whether or not we should allow our
kids to look at such material, let's just assume:

1)  Parents have the right to decide their kids shouldn't view such material
2)  Kids will try to view such material regardless of what they are taught
3)  Just keeping these kids off the net isn't necessarily fair.

Whether or not it's true isn't as important, because a huge amount of
the population believes that it's true and will fight for it strongly.

So what solution do we give these people?  Right now they have none, except
to watch their children every moment they are on the computer.  Can we
find a solution?  One possibility I came up with was creating a 'safeweb'.

Safeweb would be similar to self-rating, but instead of deciding what
category a page would fit into (a difficult thing to do), there would
only be one 'rating' - that a page was deemed 'safe' - or at least
innocuous.  What would determine 'safe'?  Well - it's not as big
of an issue anymore, because it's not really an issue of censorship -
you could have a democratic majority decision on an easy to follow
set of standards for safe.  You wouldn't have to worry about whether or
not different levels of nudity or 'language' would be included, you could
just not include any of it.  I know there can be nitpicking here, i.e.,
are greek statues considered nudity, and so forth, but I don't think
that flaws the idea.

So the beauty of it is the end result, not the idea itself.  You end up
having a web with a small percentage of which is deemed safe (in the
Barney sense :).  Then parents can set the browser to view safe material
only, much like censorware.  The beauty is that suddenly the parents
see what they are limiting their children to by trying to censor any
material that might have nudity or 'dirty words' in it, for golly's sake  ;)

Then it's up to the parents to decide if they want their children to
be limited by their own decisions.  One could argue that point #1 above
is illegitimate, that we should stop these parents from limiting their
children's growth, but then again, I don't think there's much you can
do to help children whose parents will only let them on BarneyWeb.

But finally we'd have an answer for the fundamentalists.

Any thoughts?

Dave Ljung

------------------------------

Date: Fri, 17 Oct 1997 13:42:16 -0400
From: Paul Kneisel <tallpaul@nyct.net>
Subject: File 7--Electronic Frontier Canada opposes Internet content control

Electronic Frontier Canada says the Canadian Human Rights Commission should
not attempt to control Internet content

ELECTRONIC FRONTIER CANADA (EFC) --- PRESS RELEASE

(For immediate release --- Thursday, October 16, 1997)
<http://insight.mcmaster.ca/org/efc/pages/pr/efc-pr.16oct97.html>

Electronic Frontier Canada (EFC), Canada's premier organization devoted to
the protection of freedom of expression in cyberspace, is opposed to the
Canadian Human Rights Commission's current attempt to control the flow of
information on the Internet.

In a series of hearings that began in Toronto on October 14th, a Human
Rights Tribunal will attempt to decide if a California web site spreading
Ernst Zundel's hateful messages is a discriminatory practice that falls
under the jurisdiction and within the scope of the Canadian Human Rights Act.

EFC's opposition to the Commission's agenda should not be interpreted as
support for Zundel. Like the vast majority of Canadians, EFC finds Zundel's
anti-Semitic views ludicrous, grotesque, and offensive. However, in the
words of Oliver Wendell Holmes, EFC believes that free speech means
"freedom for the thought that we hate."

EFC believes the expression of controversial opinions, no matter how
erroneous or repugnant, should be protected from government censorship by
the Charter of Rights and Freedoms.

"Of course, this doesn't mean that all speech is protected," says David
Jones, EFC's president and a professor of computer science at McMaster
University. "The Charter does not, for example, protect fraud, libel, or
death threats, whether over the Internet or not."

"Expressions of opinion, and even claiming that the Holocaust is a hoax,"
adds EFC vice-president Jeffrey Shallit, "should be protected." EFC favours
the repeal of all Canadian laws restricting hate speech.

"Laws intended to restrict 'bad' speech are often too broadly written, and
have the potential to restrict genuine debate," explains Shallit, who is a
computer science professor at the University of Waterloo. "Let's not forget
that the Communications Decency Act was recently found to be
unconstitutional by the U.S. Supreme Court," he says, "in part because it
did not distinguish between 'obscene' speech and speech that was merely
'indecent'."

"I'm sure if the Commission thought it could prove that the Zundelsite fell
within the legal definition of 'hate propaganda', as defined in sections
319 and 320 of the Criminal Code," says Jones, "then this would be a
criminal proceedings."

"Instead," continues Jones, "the worst this Tribunal can decide is that
publishing the web site is a 'discriminatory practice' under the Canadian
Human Rights Act, that 'exposes people to hatred or contempt'." "It's a
broader and more flexible legal concept, and the standard of proof is not
as rigourous because the penalty that can be imposed is less severe."

"But on the other hand," says Jones, "if the Tribunal issues a
cease-and-desist order and the web pages do not go away, Zundel might be
jailed for contempt."

"I question whether it is a distortion of the judicial process, considering
the eventual outcome may be the same, to allow the Commission to attempt to
do through the back door what they could not possibly hope to achieve
through the front door," says Jones.

This is not about technology, not about jurisdiction, not about regulating
the Internet, and not about setting legal precedents," asserted Bernie
Farber of the Canadian Jewish Congress during a recently televised debate
on CBC Newsworld. "This is about punishing Ernst Zundel," he said.

"I'm sure some people would like to skip the hearing and go straight to the
punishment," says Jones, "but the details really do matter in this case.
This hearing is all about whether a government department can re-interpret
an old law to give itself sweeping new regulatory powers over the Internet."

Section 13(1) of the Canadian Human Rights Act was introduced by Parliament
to control hateful messages on telephone answering machines. "It is too
crude an analogy to suggest that a collection of Internet web pages is the
same thing as an answering machine," says Jones. "The whole context and
inter-connectedness of the web and the way people interact with and
navigate through the medium are different in important and significant ways."

"If Canadians want content on the Internet to be controlled by the
government, then what we need is a broad national debate to decide where we
want to draw the line," suggests Shallit. "Dusting off old pieces of
legislation and misapplying them to this new communication medium is not
the way for Canadians to step into the 21st century."

EFC acknowledges that Canadians need effective strategies for dealing with
controversial or hateful speech, but EFC's position is that the proper
remedy for racist speech is not less speech, but more speech.

EFC gives high praise to hard-working community organizations like Ken
McVay's Nizkor Project, which maintains a huge electronic archive of
material devoted to preserving the history of the Holocaust and dedicated
to the memory of all who died at the hands of the Nazis.

"Instead of banishing the hatemongers to the shadows, or making them
martyrs by giving them an expensive show trial," says Shallit, "the Nizkor
Project shines the intense light of public scrutiny on people like Zundel
and exposes their deceptive messages for what they are - warts and all. It
is an approach that really works."

Another notable web site, run by the McGill Hillel student organization to
support the Jewish student community, provides one of the most extensive
lists of hyperlinks to hate web sites ever compiled. There purpose, of
course, is not to promote hatred, but to educate people about its enduring
presence in society.

"Electronic Frontier Canada is pleased to announce donations to both the
Nizkor Project and McGill Hillel Student Centre," said EFC president David
Jones, "to encourage them to continue their efforts in dealing with hateful
content on the Internet. In our view, theirs is the only approach that has
had any significant success."

"At the end of the day," says Jones, "no matter what the Tribunal decides,
the Canadian government cannot possibly hope to control the flow of
information on the Net."

"Sure, they can go ahead and lock Zundel behind bars, if they decide the
law allows it," concedes Jones, "but once the information is on the Net,
it's not going to disappear."

  ----------------------------------------------------

EFC Contact Information:
Electronic Frontier Canada

Dr. David Jones, djones@efc.ca
phone: (905) 525-9140 ext. 24689, fax: (905) 546-9995

Dr. Jeffrey Shallit, shallit@efc.ca
phone: (519) 888-4804, fax: (519) 885-1208

Dr. Richard Rosenberg, rosen@efc.ca
phone: (604) 822-4142, fax: (604) 822-5485

Electronic Frontier Canada's, online archives:
URL: http://www.efc.ca

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 8--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

         In ITALY: ZERO! BBS: +39-11-6507540

  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.78
************************************