Computer underground Digest Wed June 02 1993 Volume 5 : Issue 40 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Editor: Etaoin Shrdlu, Senrio CONTENTS, #5.40 (June 02 1993) File 1--Bridges of Understanding File 2--MTV News, Nets, Feedback from Users File 3--CPSR NIST Crypto Statement File 4--AB 1624/Online Info Bill PASSES MAJOR HURDLE! File 5--UPDATE #8-AB1624--Press Freedom for Paper Pubs Only? File 6--Virus News INTERNATIONAL CONFERENCE 93 Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailserver at: server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: 25 May 93 15:50:56 EDT From: Ken Citarella <70700.3504@COMPUSERVE.COM> Subject: File 1--Bridges of Understanding I would like to respond to the posting by Larry Landwehr in CUD 5.38. He denied that law enforcement would be interested in any genuine dialogue with anyone sympathetic to the underground, because cops are "pragmatic" and only interested in "more arrests" from any associations with other people. These sentiments completely miss half of law enforcement's mission: the effort to deter crime before it occurs. If there is someone who may learn from law enforcement that some acts are prohibited, and rightly so, and therefore avoid criminal conduct he might otherwise have engaged in, then law enforcement has done better work than if it has made an arrest. I personally have learned from contacts with people on all sides of computer related issues, and have heard from several that they have learned from me. I have deterred people from potentially criminal conduct by alerting them to what the law is and why it is that way. I have learned from them how to be a better prosecutor. I have been complemented by people I have prosecuted, thanking me for steering them away from more serious computer abuse while disposing of their case in a way they believe is just and proper. Law enforcement is not perfect nor are all law enforcement personnel. But, quite frankly, they are one heck of a lot better than Mr. Landwehr's posting claims. As a prosecutor involved in tech crimes I am committed to exactly the sort of dialogue existing on Kim's board. Ken Citarella (kcit) CompuServe:70700,3504 kcit@mindvox.phantom.com ------------------------------ Date: Fri, 28 May 1993 12:44:13 -0700 From: Chris Bell Subject: File 2--MTV News, Nets, Feedback from Users An upcoming MTV News piece in the "Free Your Mind" series may feature 1st amendment issues as they apply to online communication, hate online, BBS-ing, Prodigy policies, fringe groups, a rebuttal from a small BBS SYSOP, etc. MTV News is gearing up to cover technology in a big way, ideally at the same level and standard as was seen during the '92 election coverage ("Choose or Lose"). They want to reach the real users of technology and not just re-package press releases and tow the corporate line. ++++++++++++++++++++++++++++++++++++ To: online communities and lurkers of all kinds RE: MTV News on technology *** call (212) 258-8700 #7 *** Register support for the online community at large and suggest technology-oriented topics which might be enlightening for MTV audiences. Be sure to call in your interest in MTV News' new alternative coverage of "CyberStuff," featured this week on "The Week In Rock." Help propel it forward into new hackerish, political, and cyberesque areas, ideally with your direct input. 212-258-8700 is the number. Press #1 to give a viewer comment. Press #7 for more info about MTV News. There are live people to talk to on this line during regular business hours EST. Computer Buzzwords on MTV Daily News ++++++++++++++++++++++++++++++++++++ Wednesday 5/26 10:50 p.m. Thursday 5/27 4:50 a.m., 7:50 a.m., 10:50 a.m., and 1:50 p.m. Computer Buzzwords on MTV's "The Week In Rock" ++++++++++++++++++++++++++++++++++++++++++++ Saturday 5/29 11:30 & 6:30 Sunday 5/30 12:30 & 6:30 Note: Times listed feature the same introductory "Buzzwords" segment. The question is, what should be next? ------------------------------ Date: Wed, 2 Jun 1993 17:08:40 EST From: David Sobel Subject: File 3--CPSR NIST Crypto Statement CPSR NIST Crypto Statement ============================================== Department of Commerce National Institute of Standards and Technology Computer System Security and Privacy Advisory Board Review of Cryptography Policy June 1993 Statement of CPSR Washington office Marc Rotenberg, director (rotenberg@washofc.cpsr.org) with David Sobel, legal counsel, Dave Banisar, policy analyst Mr. Chairman, members of the Advisory Panel, thank you for the opportunity to speak today about emerging issues on cryptography policy. My name is Marc Rotenberg and I am director of the CPSR Washington office. Although CPSR does not represent any computer firm or industry trade association, we speak for many in the computer profession who value privacy and are concerned about the government's Clipper proposal. During the last several years CPSR has organized several meetings to promote public discussion of cryptography issues. We have also obtained important government documents through the Freedom of Information Act. We believe that good policies will only result if the public, the profession, and the policy makers are fully informed about the significance of these recent proposals. We are pleased that the Advisory Board has organized hearings. This review of cryptography policy will help determine if the Clipper proposal is in the best interests of the country. We believe that a careful review of the relevant laws and policies shows that the key escrow arrangement is at odds with the public interest, and that therefore the Clipper proposal should not go forward. Today I will address issues 1 through 3 identified in the NIST announcement, specifically the policy requirements of the Computer Security Act, the legal issues surrounding the key escrow arrangement, and the importance of privacy for network development. 1. CRYPTOGRAPHY POLICY The first issue concerns the 1987 statute enacted to improve computer security in the federal government, to clarify the responsibilities of NIST and NSA, and to ensure that technical standards would serve civilian and commercial needs. The Computer Security Act, which also established this Advisory Panel, is the true cornerstone of cryptography policy in the United States. That law made clear that in the area of unclassified computing systems, the Department of Commerce and not the Department of Defense, would be responsible for the development of technical standards. It emphasized public accountability and stressed open decision-making. The Computer Security Act grew out of a concern that classified standards and secret meetings would not serve the interests of the general public. As the practical applications for cryptography have moved from the military and intelligence arenas to the commercial sphere, this point has become clear. There is also clearly a conflict of interest when an agency tasked with signal interception is also given authority to develop standards for network security. In the spirit of the Computer Security Act, NIST set out in 1989 to develop a public key standard FIPS. In a memo dated May 5, 1989 and obtained by CPSR through the Freedom of Information Act, NIST said that it planned: to develop the necessary public-key based security standards. We require a public-key algorithm for calculating digital signatures and we also require a public-key algorithm for distributing secret keys. NIST then went on to define the requirements of the standard: The algorithms that we use must be public, unclassified, implementable in both hardware or software, usable by federal Agencies and U.S. based multi-national corporation, and must provide a level of security sufficient for the protection of unclassified, sensitive information and commercial propriety and/or valuable information. The Clipper proposal and the full-blown Capstone configuration, which incorporates the key management function NIST set out to develop in 1989, is very different from the one originally conceived by NIST. % The Clipper algorithm, Skipjack, is classified, % Public access to the reasons underlying the proposal is restricted, % Skipjack can be implemented only in tamper-proof hardware, % It is unlikely to be used by multi-national corporations, and % Its security remains unproven. The Clipper proposal undermines the central purpose of the Computer Security Act. Although intended for broad use in commercial networks, it was not developed at the request of either U.S. business or the general public. It does not reflect public goals. Rather it reflects the interests of one secret agency with the authority to conduct foreign signal intelligence and another government agency responsible for law enforcement investigations. It is our belief that the Clipper proposal clearly violates the intent of the Computer Security Act of 1987. What is the significance of this? It is conceivable that an expert panel of cryptographers will review the Skipjack algorithm and find that it lives up its billing, that there is no "trap door" and no easy way to reverse-engineer. In fact, the White House has proposed just such a review process But is this process adequate? Is this the procedure the Advisory Board would endorse for the development of widespread technical standards? The expert participants will probably not be permitted to publish their assessments of the proposal in scientific journals, further review of the standard will be restricted, and those who are skeptical will remain in the dark about the actual design of the chip. This may be an appropriate process for certain military systems, but it is clearly inappropriate for a technical standard that the government believes should be widely incorporated into the communications infrastructure. Good government policy requires that certain process goals be satisfied. Decisions should be made in the open. The interests of the participating agencies should be clear. Agencies should be accountable for their actions and recommendations. Black boxes and government oversight are not compatible. There is an even greater obligation to promote open decisions where technical and scientific issues are at stake. Innovation depends on openness. The scientific method depends on the ability of researchers to "kick the tires" and "test drive" the product. And, then, even if it is a fairly good design, additional testing encourages the development of new features, improved performance and reduced cost. Government secrecy is incompatible which such a development process. Many of these principles are incorporated into the Computer Security Act and the Freedom of Information Act. The current government policy on the development of unclassified technical standards, as set out in the Computer Security Act, is a very good policy. It emphasizes public applications, stresses open review, and ensures public accountability. It is not the policy that is flawed. It is the Clipper proposal. To accept the Clipper proposal would be to endorse a process that ran contrary to the law, that discourages innovation, and that undermines openness. 2. LEGAL AND CONSTITUTIONAL ISSUES There are several legal and constitutional issues raised by the government's key escrow proposal. The premise of the Clipper key escrow arrangement is that the government must have the ability to intercept electronic communications, regardless of the economic or societal costs. The FBI's Digital Telephony proposal, and the earlier Senate bill 266, was based on the same assumption. There are a number of arguments made in defense of this position: that privacy rights and law enforcement needs must be balanced, or that the government will be unable to conduct criminal investigations without this capability. Regardless of how one views these various claims, there is one point about the law that should be made very clear: currently there is no legal basis -- in statute, the Constitution or anywhere else -- that supports the premise which underlies the Clipper proposal. As the law currently stands, surveillance is not a design goal. General Motors would have a stronger legal basis for building cars that could not go faster than 65 miles per hour than AT&T does in marketing a commercial telephone that has a built-in wiretap capability. In law there is simply nothing about the use of a telephone that is inherently illegal or suspect. The federal wiretap statute says only that communication service providers must assist law enforcement in the execution of a lawful warrant. It does not say that anyone is obligated to design systems to facilitate future wire surveillance. That distinction is the difference between countries that restrict wire surveillance to narrow circumstances defined in law and those that treat all users of the telephone network as potential criminals. U.S. law takes the first approach. Countries such as the former East Germany took the second approach. The use of the phone system by citizens was considered inherently suspect and for that reason more than 10,000 people were employed by the East German government to listen in on telephone calls. It is precisely because the wiretap statute does not contain the obligation to incorporate surveillance capability -- the design premise of the Clipper proposal -- that the Federal Bureau of Investigation introduced the Digital Telephony legislation. But that legislation has not moved forward on Capitol Hill and the law has remained unchanged. The Clipper proposal attempts to accomplish through the standard-setting and procurement process what the Congress has been unwilling to do through the legislative process. On legal grounds, adopting the Clipper would be a mistake. There is an important policy goal underlying the wiretap law. The Fourth Amendment and the federal wiretap statute do not so much balance competing interests as they erect barriers against government excess and define the proper scope of criminal investigation. The purpose of the federal wiretap law is to restrict the government, it is not to coerce the public. Therefore, if the government endorses the Clipper proposal, it will undermine the basic philosophy of the federal wiretap law and the fundamental values embodied in the Constitution. It will establish a technical mechanism for signal interception based on a premise that has no legal foundation. I am not speaking rhetorically about "Big Brother." My point is simply that the assumption underlying the Clipper proposal is more compatible with the practice of telephone surveillance in the former East Germany than it is with the narrowly limited circumstances that wire surveillance has been allowed in the United States. There are a number of other legal issues that have not been adequately considered by the proponents of the key escrow arrangement that the Advisory Board should examine. First, not all lawful wiretaps follow a normal warrant process. It is critical that the proponents of Clipper make very clear how emergency wiretaps will be conducted before the proposal goes forward. Second, there may be civil liability issues for the escrow agents if there is abuse or compromise of the keys. Escrow agents may be liable for any harm that results. Third, there is a Fifth Amendment dimension to the proposed escrow key arrangement if a network user is compelled to disclose his or her key to the government in order to access a communications network. Each one of these issues should be examined. There is also one legislative change that we would like the Advisory Board to consider. During our FOIA litigation, the NSA cited a 1951 law to withhold certain documents that were critical to understand the development of the Digital Signature Standard. The law, passed grants the government the right restrict the disclosure of any classified information pertaining to cryptography. While the government may properly withhold classified information in FOIA cases, the practical impact of this particular provision is to provide another means to insulate cryptographic policy from public review. Given the importance of public review of cryptography policy, the requirement of the Computer Security Act, and the Advisory Board's own commitment to an open, public process, we ask the Advisory Board to recommend to the President and to the Congress that section 798 be repealed or substantially revised to reflect current circumstances. This is the one area of national cryptography policy where we believe a change is necessary. 3. INDIVIDUAL PRIVACY Communications privacy remains a critical test for network development. Networks that do not provide a high degree of privacy are clearly less useful to network users. Given the choice between a cryptography product without a key escrow and one with a key escrow, it would be difficult to find a user who would prefer the key escrow requirement. If this proposal does go forward, it will not be because network users or commercial service providers favored it. Many governments are now facing questions about restrictions on cryptography similar to the question now being raised in this country. It is clear that governments may choose to favor the interests of consumers and businesses over law enforcement. Less than a month ago, the government of Australia over-rode the objections of law enforcement and intelligence agencies and allowed the Australian telephone companies to go forward with new digital mobile phone networks, GSM, using the A5 robust algorithm. Other countries will soon face similar decisions. We hope that they will follow a similar path To briefly summarize, the problem here is not the existing law on computer security or policies on cryptography and wire surveillance. The Computer Security Act stresses public standards, open review, and commercial applications. The federal wiretap statute is one of the best privacy laws in the world. With the exception of one provision in the criminal code left over from the Cold War, our current cryptography policy is very good. It reflects many of the values -- individual liberty, openness, government accountability -- that are crucial for democratic societies to function. The problem is the Clipper proposal. It is an end-run around policies intended to restrict government surveillance and to ensure agency accountability. It is an effort to put in place a technical configuration that is at odds with the federal wiretap law and the protection of individual privacy. It is for these reasons that we ask the Advisory Board to recommend to the Secretary of Commerce, the White House, and the Congress that the current Clipper proposal not go forward. I thank you for the opportunity to speak with you about these issues. I wish to invite the members of the Advisory Committee to the third annual CPSR Privacy and Cryptography conference that will be held Monday, June 7 in Washington, DC at the Carnegie Endowment for International Peace. That meeting will provide an opportunity for further discussion about cryptography policy. ATTACHMENTS "TWG Issue Number: NIST - May 5, 1989," document obtained by CPSR as a result of litigation under the Freedom of Information Act. "U.S. as Big Brother of Computer Age," The New York Times, May 6, 1993, at D1. "Keeping Fewer Secrets," Issues in Science and Technology, vol. IX, no. 1 (Fall 1992) "The Only Locksmith in Town," The Index on Censorship (January 1990) [The republication of these articles for the non-commercial purpose of informing the government about public policy is protected by section 107 of the Copyright Act of 1976] ------------------------------ Date: Thu, 3 Jun 1993 03:58:45 GMT From: kiddyr@GALLANT.APPLE.COM(Ray Kiddy) Subject: File 4--AB 1624/Online Info Bill PASSES MAJOR HURDLE! June 2nd, 1993 AB1624, Debra Bowen's bill to bring the State legislature onto the Internet and "into the 21st century" (her words) was heard by the Assembly Ways & Means committee this morning. It was over quickly. The bill was passed with the text added to it in the Rules committee by John Burton. Burton's addition allows the Legislature to require that people reselling this information should pay a fee that would go to the Legislative Data Center. I am appending the text as it is now at the end of this post. When you read it, keep in mind Bowen's office does not like some of this language. It is a compromise, tho. John Burton wanted some acknowledgement of the fact that this data was "his", in the sense that he is head of Rules, is responsible for the Legislative Data Center and is not giving up on the idea that the LDC may fund itself with this data. This would not be without precedent. Mary Winkley pointed out to me that most states that make this data available in electronic form charge for it, however nominally. If California gives this stuff away, it would be a first. As I told her, tho, that is what California is here for :-> We would also be a good place to start the policy of giving it away because of the size of the state and the fact that we have approximately one million (!!!) people in this state with some connectivity to the Internet. This is probably the bill that is going to be passed, if it makes it out of the Senate. Someone in Vasconcellos' office explained it to me this way. Debra Bowen has a choice of leaving the "state fee" language in the bill and raising the ire of the Republicans, or taking it out and getting John Burton mad at her. If the bill was changed in the Senate, it would have to go back to the Assembly for review, where it would go back to John Burton's Rules committee. The bill would be killed quickly. Also, the bill could be passed over the Republican's objections. They do not dominate the Legislature. Bowen, being a first-year member, would be better off alienating the Republicans than the head of a major committee with a lot of pull. Also, it was pointed out that the language of the bill does not require a fee, it merely authorizes one. Also, there is no fee if you are not selling the data. Most interest groups on the Internet are not selling their archives. John Burton would also have to hold public hearings to set a fee, and there are members of the committee sympathetic to Bowen who would respond to public opinions. Also, the newspapers might oppose this, as they could be charged. Of course, Burton may have already figured out a way to keep them quiet. Did you know that the commercial vendors of this data, the data we pay for, see this data before our own legislators do? Bowen had an example of this, a bill that was retrievable on State-Net, yet was not updated to the member's system yet. hmmmm. Makes you wonder what the LDC's priorities are. Well, if anybody wants more info on this, please mail me at ray@ganymede.apple.com. Mary Winkley says she really appreciates all the calls and the interest in their bill, but it would be a lot easier on her if everybody checked on-line to see what's going on. If you just want to know status of the bill, call your Assembly member. They are there to serve you, and will answer questions, even if it is not their bill. There is still much to do, of course! if you live in Burton's district in SF, their office needs to be evangelized about this issue. if you use legislative data in a not-for-profit way, and would benefit from having this stuff available, testimonials with specifics to Burton and Bowen's office would be much appreciated. I am going to start leaving leaflets at computer stores in SF. Somebody could hop on the BBSes up there, too. Keep in mind, this data is all yours. The flow of important info and the "old-boy" network look very similiar right now. In an information economy, these battles we fight now will help a lot of people later on. thanx - ray "Information is not Knowledge" - Frank Zappa "but it sure helps..." - yours truly AB1624 LEGISLATIVE COUNSEL'S DIGEST (sorry about this, when Mary faxed me the bill, i lost some of the text. The digest came through whole, tho. - rk) AB1624, as amended, Bowen. Legislature: legislative information: access by computer modem. Under existing law, all meetings of a house of the Legislature or a committee thereof are required to be open and public, unless specifically exempted, and any meeting that is required to be open and public, including specified closed sessions, may only be held after full and timely notice to the public as provided by the Joint Rules of the Assembly and Senate. This bill would make legislative findings and declarations that the public should be informed to the fullest extent possible as to the time, place, and agendfa for each meeting. This bill would require the Legislative Counsel, with the advice of the Joint Rules Committee of the Senate and Assembly, to make available to the public by any means of access by way of computer modem specified information concerning bills, the proceedings of the houses and committees of the Legislature, statutory enactments, and the California Constitution. This bill would authorize an imposition of a fee or other charge for any republication or duplication of information accessed pursuant to the bill under specified circumstances, and would appropriate any amounts received from this fee or charge in augmentation of any other amounts that are appropriated for the support of the Legislative Counsel Bureau. Vote: 2/3. Appropriation: yes. Fiscal committee: yes. State- mandated local program: no. ------------------------------ Date: Sat, 29 May 1993 17:49:34 -0700 From: Jim Warren Subject: File 5--UPDATE #8-AB1624--Press Freedom for Paper Pubs Only? Friday, May 28, 1993 We [constitutionally] protect the rights of *print* newspapers and publishers to obtain, publish and distribute government public records. We do essentially the same for radio and television broadcasters. In both cases, there is a filter - reporter or news announcer - between us and the complete public information. Do we want the government to control, restrict or suppress the rights of *electronic* publishers to obtain, publish and distribute public records? Should those who wish to publish or distribute part or all of government public records be required to first obtain permission - which, by definition, could be refused - or perhaps [probably] pay much more than the incremental cost of copying, in order to obtain copies of the public's records in their most useful forms? Do we want to establish the precedent that the *print* media have strong protections for freedom of access, publication and distribution, and traditional broadcast media have similarly strong protections, but computer media can be licensed, controlled, restricted, charged and possibly even prohibited from electronically publishing public government information? AB1624, as amended at the *insistence* of several legislators, requires exactly that [below] - the *only* rationale being that the legislature wants to profit from any *electronic* publisher or distributor charging for providing their *electronic* publications or services. Illustrating the attitude: Monday, 5/24/93, Assembly Rules Committee public hearing on AB1624: [brief excerpts; all-caps-titles and bracketed notes are mine. -jim] SHOULD NEWSPAPERS & PUBLISHERS FIRST OBTAIN GOVERNMENT'S PERMISSION BEFORE BEING PERMITTED TO PUBLISH/DISTRIBUTE GOVERNMENT PUBLIC RECORDS? [Jud Clark from State Net legislative-information distributor, testifying] ... John Burton, Rules Committee Chair: "You buy a service from us, right Jud?" Jud Clark, State Net: "Right. ..." [State Net buys legislature's public records in computerized form, as opposed to paper form, on magnetic tape] Burton: "And then if you sell that, I guess that's part of the deal. I would have an aversion to giving you something for nothing and then have you making a profit off of, quote, 'our labor'." Clark: "First of all, we don't sell the data. We sell a service that we derive from the data. ... " SHOULD SOME DISTRIBUTORS BE ABLE TO PURCHASE PUBLIC RECORDS "IN ADVANCE OF PUBLIC ACCESS"? Clark: "What we would like is assurance that we could continue to purchase the data, and we feel if we are purchasing it in advance of public access, we are willing to continue to pay ... SHOULD [FOR-PROFIT] NEWSPAPERS OR PUBLISHERS BE TREATED DIFFERENTLY THAN MEMBERS OF THE PUBLIC? Clark: "If we access on a public access system, we would like the public access system to be on the same basis as [everyone else; tape was unintelligible] ... problem in trying to enforce a provision that discriminates on the basis of whether we are going to try and do something for profit [unintelligible]." "SUBDIVISION (d)" MANDATES DISCRIMINATION BASED ON MONEY Note: The powerful, unelected Chief Legislative Counsel controls the Legislative Data Center from which all public records flow. Currently, AB1624 includes the following, called "subdivision (d)": "(d) No individual or entity obtaining access to information under the system established [by AB1624] shall republish or otherwise duplicate that information for a fee or any other consideration except with the a authorization of the Legislative Counsel and the approval of the Joint Rules Committee pursuant to a written agreement between the individual or entity and the Legislative Counsel that may provide for payment of a fee or charge for this purpose." ... "Any amounts received by the Legislative Counsel [go to] the Legislative Counsel Bureau." WHAT PRECEDENTS DO *YOU* WANT FOR THE ONLINE PRESS? Subdivision (d) *may* be deleted from AB1624 - *IF* enough of the public demand it. Better let your elected representative know what precedents you want established for online publishers of our public information. You can simply say, "Delete subdivision (d) from AB1624," and briefly state some of your reasons. ( Please copy, post and circulate. ) ------------------------------ Date: Mon, 31 May 93 13:45:56 GMT From: wachtel@CANON.CO.UK(Tom Wachtel) Subject: File 6--Virus News INTERNATIONAL CONFERENCE 93 (Forwarded from Sara Gordon) +++++++ Hello! Can you please post this to appropriate newsgroups asap; it is regarding a conference scheduled for June 23rd in London. I am scheduled to speak there regarding Virus Writers, and will probably discuss the Dark Avenger, since I recently interviewed him. Actually this is the first time I am planning to take public questions regarding the interview and related matters, so if you are still interested, maybe better get your ticket now :) Speakers scheduled are listed in this announcement. Thanks!! Sara Gordon SGordon@Dockmaster.ncsc.mil vfr@netcom.com =================== virus news INTERNATIONAL CONFERENCE 93 23rd June 1993 Sheraton Skyline Heathrow Virus News International is widely recognised for its excellent coverage of security issues. VNI contributors gather information from around the world and are in constant contact with police forces and law enforcement agencies. Nowhere near all of this information has been published in VNI - yet. As the virus field comes of age, so your need for information becomes more and more specialised. Because you now have a much better understanding of viruses, you are now asking more focused questions. You will be given answers on which to build your defences against potential security breaches. What you will get at the VNI Conference is a concise intelligence briefing. When you return to your organisation, you will be in a position to update your company's policies and procedures with the advantage of having a clear idea of what is to come. * Why do virus authors do it? * What new approaches are virus authors likely to take? * How to prepare for the next attack * Up to the minute news of activities in the virus world What the conference will give you One of the most frequently asked questions is "Why do they do it?" At the VNI Conference, you will hear from people who have contacted virus authors and who have hacked into closed computer systems. Their insights will help you understand your enemy better. Knowing what new angles virus authors are likely to take is one of the questions many technical people would like to know. Vesselin Bontchev of the Virus Test Center at the University of Hamburg is one of the world's leading virus researchers and is better placed than most to be able to provide at least some of the answers. Most people assume that all anti-virus software operates in the same way. Dr. Simon Shepherd of the United Kingdom Computer Virus Certification Centre, University of Bradford knows better. He will explain how a full evaluation is carried out and what you should look for when deciding which products to use. Dr Alan Solomon, Chairman of S & S International, will give you a briefing on the activities of virus authors and others involved in the dissemination of viruses. With contacts right around the globe, Dr Solomon has an unrivalled understanding of what virus authors and distributors are doing. Speakers Sara Gordon is an independent researcher and consultant in computer security. Her insight into the minds, motives and methods of hackers and virus writers provides a unique perspective, with a wealth of expertise and information. She recently interviewed the Dark Avenger. Robert Schifreen is the man the House of Lords cleared of all charges of hacking into Prince Philip's Prestel mailbox. Now one of the world's most respected consultants in the field of protection from hacking, he will be giving you an insight into the motives of hackers. Vesselin Bontchev is a Research Associate at the University of Hamburg, while continuing his research at the Virus Test Center there. Dr Simon Shepherd is Senior Lecturer in Cryptography and Computer Security at the University of Bradford, and Director of the UK Computer Virus Certification Centre. He has extensive experience in the design of secure communications and computing systems. Dr Alan Solomon, one of the leading figures in the anti-virus research community, is co-founder and technical director of the European Institute for Computer Anti-Virus Research. He is also Chairman of S & S International and of the IBM PC User Group. An International Event Virus News International has frequently shown that the appearance of a virus in one part of the world is usually the prelude to its appearance in other countries, probably including yours. VNI has a truly international following and the conference provides and opportunity to discuss experienced with delegates from around the globe. For the benefit of international delegates, The Sheraton Skyline at Heathrow has been selected as the venue for the conference. VNI is conscious that delegates must justify fees and expenses so we have packed this conference into one day. The location makes it perfectly possible for delegates to fly in from Europe or other parts of the UK, spend a full and fruitful day at the conference, and return home without incurring any overnight expense. Who should attend? Senior IT staff, network managers, Information Centre managers and technical staff involved in data security procedures and development Date 23rd June 1993 Venue The Sheraton Skyline, Heathrow Fee L295.00 + VAT per delegate Delegates' fees may be paid by Access or Visa or by cheque. Company purchase orders accepted. Since the conference is scheduled for less than one month from now, interested persons should contact Paul Robinson on +44-792-324-000 asap. Alternatively, his email address is 70007.5406@COMPUSERVE.COM. ++++++++++++++++++++++ virus news INTERNATIONAL, William Knox House, Llandarcy, Swansea. West Glamorgan, SA10 6NL, United Kingdom Tel No. +44 792 324000 Fax No. +44 792 324001 ------------------------------ End of Computer Underground Digest #5.40 ************************************