Computer underground Digest Sun Feb 17, 1994 Volume 6 : Issue 17 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe (Improving each day) Acting Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Whacker Editor: Tonya Harding CONTENTS, #6.17 (Feb 17, 1994) File 1--Photography, Computer Underground, and Images File 2--Update on Canadian BBS "Licensing" (Re: CuD 6.15) File 3--AP Article on Clipper File 4--Congress Online File 5--Public access to *Inaccurate(?)* Public Records? File 6--Clipper Questions and Answers in a Nutshell Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. To subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: ftp.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD ftp.halcyon.com (192.135.191.2) in mirror2/cud KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 19 Feb 1994 11:13:52 -0800 From: Rika Kasahara Subject: File 1--Photography, Computer Underground, and Images ((MODERATORS' NOTE: In CuD 6.16, we reported a solicitation for "freaks" for the cover story on computer culture in a Japanese magazine. A bit of a language barrier resulted in the solicitation being misunderstood by ourselves and others. We are quite happy to acknowledge that the intent of the cover is the exact opposite from what it appeared to be. We apologize to Rika Kasahara, the original poster, for the misunderstanding. In a series of private and quasi-public posts, Rika has explained the differences between the Japanese and U.S. images of the computer culture. The intent of the story and the proposed cover was, in fact, an attempt to do precisely what we suggested the media to, which is to break down stereotypes. One reader suggested that Rika's proposal would be identical to the cover on Scientific American a few years ago depicting four "computer nerds" from Legion of Doom as virile, well-dressed and exceptionally photogenic businessmen as a way of challenging stereotypes. I agree. Rika's private communications to me in the past week have been valuable in adding to my own understanding of another culture. One reader suggested that CuD itself promotes cultural misunderstanding by focusing almost exclusively on North America, even though a substantial portion of readers are from virtually all other continents and about 40 countries. They're right. We STRONGLY ENCOURAGE READERS IN OTHER COUNTRIES, especially in South America and Asia, to submit articles describing their experiences. Another suggested that I was attempting to distance myself from computer folk who looked different. Because, depending on mood and season, I would qualify as an appropriate grunge candidate for the cover, the poster's observation is off-target. But, his point might be reframed as simply his way of emphasizing our own position that it's important to appreciate difference rather than use differences to create damaging stereotypes that lead to bad laws, bad polices, and bad enforcement. In her post below, Rika explains how she would challenge stereotypes. In doing so, she also gives us some insight into her own culture. We admire her patience and grace in successfully contributing to our own understanding)). +++++++++++++++++++++++++++++++ Let me post another note to make my point clearer. I hope my English is better in this one. I got a friend to help me to write it. I guess I was misunderstood (in the previous post). In Japan, where there is not a mature computer culture, overground or underground, the hacker's image is on a par with that of rapists and murderers - except that the hackers are seen as being a little smarter. However, they aren't seen as anything more than common, lowlife criminals. The stereotypical hacker in Japan is usually seen as either as a balding, overweight, myopic individual lurking behind a monitor throughout his life, with little purpose to his existence other than using his computer to cause trouble for the society outside his door -- or -- as an evil, scheming figure, waiting in the darkness, with secret plans, sharp fangs, and a plot to steal your software. The hacker's image is that of an overgifted antagonist who runs in the same circles as the common footpad and heroin junkie. They aren't viewed as having any redeemable features whatsoever, but their intelligence makes them a grave threat to legitimate members of society, so their very existence is feared. The meaning of their lives is composed of almost nothing more than invading protected systems and selling data for personal gain. Friendless, angry, and ready to inflict damage onto the electronic world, this mythical villain hides just beyond your senses, waiting to strike whenever he sees you are vulnerable. For the most part, "hackers," (is there a good encompassing, concise definition for a hacker?) aren't this way at all. HoHoCon, for some reason, had a surprising lack of dark, cloaked, shadowy figures in attendance. Most hackers appear and act like ordinary people except they are usually intrinsically curious about the machinations of their reality, and will stop at no end in order to figure out how the world actually works. In order to fix this bad image and show that a hacker is indeed a real person and not a thief or murderer, the magazine has been reporting real hackers' stories, including mine. And this time, I wanted to get some photos of some real hackers or anybody from the computer underground culture for the story, and for the cover page- to show that, contrary to popular opinion, hackers aren't all myopic, overweight bald guys, and shadowy vampires. I was kind of joking when I said "don't be an ordinary computer nerd" and the things about long hair or a nose ring. I was not trying to find computer freaks, but photogenic, interesting-looking people who wouldn't mind being photographed and put in a magazine. The magazine cannot pay for people being in these photographs - they do not have enough of a budget to model rates, so this is an appeal to get some good pictures of actual hackers who wouldn't mind having their pictures appear publicly. Although after this there may not be any people that want to show up, I still would like to take pictures of actual hackers. I don't want to get pictures that damage the image of hackers, but pictures that improve it - pictures that show that hackers are real people that have interesting lives, not shadowy thieves, like the current hacker image is in Japan. If anyone wouldn't mind showing up for this, I will be taking pictures tomorrow ((Feb. 19)) at Buena Vista Park, on the corner of Buena Vista West, and Haight at 1 pm. If you want to show up, please do so. This isn't a cattle call for a freak show, but I just want pictures of some interesting people to use in the magazine. I'm sorry if what I said before was understood as something different. I didn't mean to offend anybody. ------------------------------ Date: Fri, 18 Feb 1994 02:51:13 EST From: John_Stevenson@MAGIC-BBS.CORP.APPLE.COM Subject: File 2--Update on Canadian BBS "Licensing" (Re: CuD 6.15) I wrote this messge in response to many rumours that have been floating around Onenet and MAGIC recently. Don't Panic I've been following the thread started when I forwarded LORD QORTHON's copied post to the CyberForum. At first I was alarmed, but when I gave the matter some thought, I realized that it is highly unlikely that the CRTC has any interest in regulating BBSes right now. It may be that government policy may effect BBS operation in future, but I just don't see that happening any time soon. Before I go on, I want to make it clear that I know the CRTC fairly well from nearly a decade of work in the community radio sector. > The Canadian Radio and Telecommunications Commission (CRTC) is >currently in the process of setting itself up to regulate Public >bulletin boards. They want to make it an offense to run a BBS without a >CRTC license. If licensing comes into effect, the BBS scene will quite >literally shrivel up and die. Bruce McIntosh telephoned the CRTC in Ottawa last week, and was told that there are no plans to regulate bullten boards in the works. He spoke with a public info officer and was told nothing was being worked on. To me, that makes perfect sense - the CRTC has suffered from budget cuts in the past few years and is understaffed. They would rather see more self-regulation, like the cable industry's recent standards council. I am sure that if this ever became something real, a group of BBSers getting together and drafting some very basic standards would nip it in the bud. > Consider the example of radio in the 40's and 50's. Before the >CRTC was formed, anyone could broadcast radio signals legally from their >home on any bandwidth. Fearing obscenity and extreme access to >information, the CRTC was formed to sell licenses to broadcasters. >Without such a license, you could be prosecuted for broadcasting. The >result of this action can be seen today: the only radio stations we see >are totally mainstream and are hell-bent on making profit, not pleasing >listeners or informing the public. When I see this kind of history thrown out as "reality", it bothers me a great deal. Government regulation of broadcasting existed from nearly the beginning of the sector in Canada. The CBC and CRTC were formed not to stop "obscenity and extreme access to information" but American commercial radio control of Canadian airwaves. It was not the case that "anyone could broadcast radio signals legally from their home on any bandwidth (sic)" - even in the 1920s, the Fisheries Dept. was giving put licences. > If licensing comes into affect, we will LOSE this access. Not only >will the pirate boards be hunted down and exterminated, but all >currently LEGAL PUBLIC DOMAIN BBS's will also be made illegal unless >they can afford a license. And who do you think will get licenses? >Only those willing to follow the CRTC guidelines for radio and >television. Corporations and rich executives. The BBS world, our >underground paradise (if you will) is in great danger of becoming a >commercial hell like the rest of today's media. This seems like a likely scenario if (a) the CRTC had some desire to control BBSes as you describe and (b) they could afford to do it. I am not sure about the first and doubt the second very much. > We don't yet know what the proposed licensing fee will be, but it >could anywhere in the area of $300-$5,000. This could also depend on >the size of the BBS. However, most BBS's will simply close up shop if >the government wants a license. The government will simply weed out all >the little guys and support the big guys. Licence fee for a non-profit radio station is $25 dollars a year. Commercial stations pay a very small percent of their profit as the fee. I'm not in favour of licencing, but $25? In the US, all DJs (commercial or non-commercial, it doesn't matter) need an FCC licence to be on the air. Now that is restrictive. > Before I go into my plan of action, I want to tell you that if >licensing comes into effect, if will be basically impossible to beat the >system. All pirate radio stations in North America have been crushed by >the government in a matter of months. Imagine how easy it will be to >crush pirate bulletin board systems (and by that I simply mean BBS's >without a license) with traceable phone numbers. Bell Canada would be >sure to help the CRTC bust those boards. And the RCMP would have a real >easy time busting any boards with illegal software, because those boards >would not have licenses. The CRTC finds the board through Bell, arrests >the sysop for running a board without a license, then informs the RCMP >that this sysop was allowing copyrighted material to be transferred >through his/her bbs. That sysop, for the first time in his/her life, is >suddenly looking at a possible jail term. It's hard for me to argue that folks running pirate boards shouldn't get busted. While I don't agree with many aspects of our wonderful econimic system, I don't think the way to reform it is through establishing pirate bulliten boards. The software business is tough enough. Actually, it isn't all that easy to find a pirate radio station, especially outside Ontario. The Department of Communications has only a couple of testing vans for the whole of Canada. Fact is, there are unlicenced radio stations which have been in existance for years which the CRTC either can't or doesn't want to bust. The last time they went after someone that I can remember was for pirate television - a group of religious boradcasters out west wanted to start a Christian TV station, even though that's contrary to regulation. They ended up allowing them to apply for licences. Isn't the CRTC mean? I have never heard of anyone going to jail or receiving fines for breaking broadcast regulations in Canada. Maybe it happened in the past, but in the most recent ten years, it hasn't. Sure, broadcasters have been punished, but it has never involved criminal prosecution. Yes, in the US this happens a lot - but not in Canada. Anyway, how easy will it really be to track down an "illegal" BBS? Radio and television have a limited range of frequencies they can use - in many parts of Canada, interferance from a new broadcaster will lead to complaints. But a BBS isn't as noticable. What is the CRTC going to do - wardial every city and town in Canada? Nope, they'll have to wait for complaints, or pay someone to hang out in the hacker scene and track down "pirate" boards. >She would be willing to confront the CRTC on legal grounds if we have >enough support from YOU. I have to hear from you. In order to force >the CRTC to at least seriously listen to our argument, we need a lot of >names, and a lot of letters to your local MP and to the CRTC. God, I am sick of people thinking of the CRTC as some sort of FCC-style scary monolith. They've bee watching Pump Up the Volume too many times. The fact is that the Commission is pretty supportive of non-commercial radio. Maby people in the CRTC just want to be responsive to what broadcasters and the public want. They don't fine you and for the most part there is very little ass-kicking going on. >OUR GOAL: To stop the CRTC from requiring the licensing of bulletin >board systems and get it written into the law books that private, home >run bbs's are totally legal and should never be regulated, in the >interests of free information. I know we've argued about this for awhile, but whether the CRTC or anyone else regulates BBSes will be determined by a bunch of circumstances. First, is the public somehow served by this kind of regualtion? Maybe. In the past, even newspapers have been subject to public policy. However, I don't see a pressing need for regulation. Second, if there is a desire to regulate, who is going to pay for it? Regulation means staff, research, and time. Can the CRTC spare that when they have to deal with such issues as new cable services and long distance services? I don't think so. > KEEP PRIVATE BBS's LEGAL! > > LORD QORTHON I guess the sourse of this post was a hacker, probably a warezwolf. As I said at the beginning of this post, don't panic. Even if there is a desire to regulate (and I am drafting a letter to Keith Spicer, the chair of the CRTC to find out), we will have plenty of notice and can deal with it. ------------------------------ Date: Fri, 18 Feb 1994 13:27:36 -0500 From: Dave Banisar Subject: File 3--AP Article on Clipper ++++ fwd ++++ Subject--Computer Users Blast Chip Plan From--The Associated Press, clarinews@clarinet.com Date--Thu, 17 Feb 94 22:30:07 PST Computer enthusiasts worried about electronic privacy are attacking the Clinton administration's proposed new computer privacy standard -- and they're putting their feelings on-line. "For an administration that's concerned with the information highway, they really are putting potholes in the highway before it gets built," said Jerry Berman, executive director of the Electronic Frontier Foundation in Washington. The government's new standard, Key Escrow Encryption, was announced this month and is supposed to assure privacy during the current explosion in electronic communications. But computer users and the industry have bridled at a provision that guarantees that law enforcement and national security agencies would still be able to intercept all messages, including electronic mail and telephone signals, for lawfully authorized wiretaps. "John Q. Public is worried about other things, but when they learn that the government is proposing to design the locks for your electronic data messages, business transactions -- and then also keep the keys in a quote, safe, place of their choosing ... I don't think the public is going to accept it," Berman said in an interview. The system uses a microcircuit called the clipper chip to scramble messages on computers and other digital equipment. Manufacturers would not be forced to use the chips, but would be forbidden from exporting other encryption technology, to keep it from terrorists, drug dealers and others. The administration has said encryption is a law-and-order issue because it can be used by criminals to defeat wiretaps and avoid prosecution. It has strategic value in international affairs as well, officials say. Opponents of the plan, including the Business Software Alliance, maintain that U.S. companies will lose sales to overseas customers seeking the best security available, and that criminals will simply find other sources for the products. The Electronic Frontier Foundation and Computer Professionals for Social Responsibility have begun electronic petition drives on the Internet, the worldwide on-line network of computers. The foundation said this week it has received 3,000 messages from computer users supporting a bill by Rep. Maria Cantwell, D-Wash., that would loosen export controls on scrambling technology, effectively removing the clipper chip's advantage to manufacturers. "Much of this is ordinary, shrink-wrapped software, the kind millions of people buy every day for their home and business computers at regular retail outlets," Cantwell said in offering her bill. The computer professionals group has received 13,000 messages urging President Clinton to withdraw the clipper proposal and will deliver them to the White House, said Marc Rotenberg, the organization's Washington director. Talk about the proposal spread to computer networks outside the Internet as well. "Like they say, the devil is in the details," one man wrote on a computer bulletin board in central Indiana. "First, Clipper is voluntary. Then guess how long it will be until the use of any `non-approved' encryption is outlawed?" Sen. Patrick Leahy, D-Vt., chairman of the Judiciary Committee's subcommittee on technology, said this week that he strongly opposes the clipper proposal because of privacy and civil liberties concerns. Other opponents are expecting him to convene hearings on the plan. The dispute threatened to smudge the administration's image among the computer literati. Signs of high-tech's increased stature at the White House have included the presence of then-Apple Computer chairman John Sculley at Clinton's first address to Congress and Vice President Al Gore's support for an "information superhighway." The White House even set up an E-mail address for Clinton shortly after he took office. Jim Thomas, editor of Computer Underground Digest on the Internet, has watched the anti-clipper campaign building since Attorney General Janet Reno announced the proposal Feb. 4. "It's like fighting a juggernaut," said Thomas, a professor of sociology and criminology at the University of Northern Illinois. "Some people think it's a done deal. But I'm highly optimistic that we'll beat it. I think the momentum is growing." ------------------------------ From: dbatterson@ATTMAIL.COM(David Batterson) Date: 18 Feb 94 20:12:19 GMT Subject: File 4--Congress Online Congress Is Lagging Behind In Getting Online by David Batterson While the White House is now online and able to receive e-mail from citizens, Congress has languished behind--somewhat unsure of how fast to implement this new technology. Meanwhile, those of us who strongly favor e-mail access to government officials think that Congress is moving entirely too sluggardly. Who's right? Many would argue that e-mail is unnecessary, since we can already mail letters to members of Congress, as well as phone or fax them. However, fax machines were once as rare as sincerity on Capitol Hill, but now proliferate. The same is true with cellular phones; their usage has exploded. Likewise, it's fast becoming the same situation with e-mail. You cannot stop progress; e-mail is the next big wave of communications. While most Senators are not online, one prominent member of the U.S. Senate is: Ted Kennedy. According to staffer Chris Casey, "our office has been posting info to a small network of Massachusetts computer BBSs (bulletin board systems) and into two USENET news groups since early last year." [USENET is part of the huge Internet computer network that links up millions of computer users.] Casey also e-mailed me that "we're in the process now of implementing direct constituent e-mail access to our office. More people up here need to wake up to the importance of this type of access." I couldn't agree more. In a previously published interview, Kennedy said "constituent e- mail and electronic distribution of information are likely to become routine on Capitol Hill in the near future." He's right. The leadership and members of both the House and Senate should stop oozing along like molasses flowing uphill in Vermont. The time's are-a-changin' fast. If they refuse to provide constituent e-mail and online access, those elected officials should resign from public office. Oregon Rep. Elizabeth Furse, District 1, totally agrees with Kennedy, and has implemented constituent e-mail and a USENET news group for her office. Mary Fetsch, Furse's press secretary, said it's important for the representative's constituents to reach her online, since "it's a high-tech district, including the 'Silicon Forest' where we have Intel, Nike and other firms that are highly computerized." I tested Rep. Furse's system, and here's part of the form letter reply: "Thank you for contacting me through the House of Representatives' Constituent Electronic Mail System (CEMS). I am pleased to be a part of this effort to offer citizens a quick, efficient and environmentally sound way to communicate with their representatives in Congress." Online access to Congress is part of the Clinton administration's overall plans to develop a National Information Infrastructure. For a perfect example, the public has responded favorably to having text of the President's health care plan and NAFTA available online. When Ross Perot was running for president, online services, BBBs and e-mail systems were abuzz with blizzards of messages and information. Another strong proponent for public electronic access is curmudgeon and activist Jim Warren, who lives in the San Francisco Bay area. Warren was the organizer of the first Conference on Computers, Freedom and Privacy, and the founder of InfoWorld, a major computer industry trade paper. Warren not only wants to be able to e-mail members of Congress. In addition, he's pushing hard to "computerize the filing of and public access to state and local campaign-finance disclosures, officials' statements of economic interests, and state lobbyists' disclosures." Warren sees access to public records as one component of a broader issue, of computerization that allows online feedback to city/town, county/parish, state and federal officials/agencies, personal use, nonprofit-organization use, commercial/tax-paying use, public dissemination, and community discussions (town-sized to Village Earth)." In an e-mail message from Rep. Charlie Rose (D-NC), Chairman, Committee on House Administration, Rose said that "the results of the six month public mail pilot have been very encouraging. The nature and character of the incoming electronic mail has demonstrated that this capability will be an invaluable source of information on constituent opinion. We are now in the process of expanding the project to other members of Congress, as technical, budgetary and staffing constraints allow." In other words, it will take a long time for anything significant to happen. Unless constituents scream for online access, it will be slow in coming to their districts. In spite of the pressure, at present only eleven members of the U.S. House of Representatives have public electronic mailboxes that may be accessed by their constituents. The ten are: Sam Coopersmith (D-AZ), Jay Dickey (R-AR), Sam Gejdenson (D-CT), Newton Gingrich (R- GA), Dennis Hastert (R-IL), George Miller (D-CA), Karen Shepherd (D- UT), Fortney "Pete" Stark (D-CA), Mel Watt (D-NC), plus Rose and Furse. There are a few hopeful signs on the Senate side, according to Casey. "The Senate recently set up an 'FTP server' that will allow any Senator or Senate Committee to post information on the Internet." Sen. Charles Robb (D-VA) also posts information and receives e- mail. Sen. Jeff Bingaman (D-NM) "has or is near to begin posting info to a network in New Mexico," Casey e-mailed me. As Sen. Kennedy has emphasized, e-mail doesn't replace "traditional means of communication." That's true, since all replies to e-mailed letters will be sent by USPS until some distant point in the future. Getting a paper reply to an electronic message really defeats the purpose of e-mail--giving you only half a loaf. But for the stodgy House and Senate to even get that far is practically a miracle, so it's worth something. To e-mail Rep. Elizabeth Furse, use: furseor1@hr.house.gov. For more information on the House of Representatives e-mail system, e-mail congress@hr.house.gov. Rep. Furse's news releases and other information can be found in the USENET news group titled OR.POLITICS. For information on Sen. Kennedy's online developments, e-mail chris_casey@kennedy.senate.gov. ### David Batterson covers computers & telecommunications for WIRED, ComputorEdge, Computer Underground Digest, VICTORY! and other publications. His e-mail addresses are: dbatterson@attmail.com, dbatterson@aol.com, evfw91a@prodigy.com, and david.batterson@f290.n105.z1.fidonet.org. ------------------------------ Date: Thu, 17 Feb 1994 17:19:15 -0800 From: Jim Warren Subject: File 5--Public access to *Inaccurate(?)* Public Records? Feb.17, 1994 "It is error alone which needs the support of government. Truth can stand by itself." -- Thomas Jefferson [from John Dilley ] %%%%%%%%%%%%%%% PUBLIC ACCESS TO *INACCURATE(?)* PUBLIC RECORDS I don't know if you followed or are interested in the flap over "Altered White House documents" but thought I would brazenly bring it to your attention. It is certainly germane to the question of public access to *reliable* government information. I objected on alt.internet.services on Feb 5 to having found a version of a story on the ftp site whitehouse.gov which did not match facts widely reported in the media. The Internet flap which ensued finally caught the attention of the White House and I received a denial from Jock Gill of the Office of Media Affairs that the WH altered or edited any documents - despite the fact that I had evidence to the contrary. The story hit the AP wires and the on-line community has been extremely interested - and supportive of the need to protect the accuracy and reliability of what we receive on-line from the government! I prepared an approximately 11k synopsis of the gist of the story, including the AP version which appeared on-line, if you are interested. I think much of it is still contained on alt.internet.services though it went everywhere and bits and pieces are scattered all over. %%%%%%%%%%%%%%% ABOUT THE NEXT ITEM HEREIN: EXPLICIT EXAMPLE OF A NET-BASED POLITICAL PUSH This GovAccess list began as online support for an effort to mandate that California's *state*-level legislative information available via the nets. Because of (1) its public/popular support and (2) the net-ability of *timely* mass-communications among geographically-disbursed supporters, it was politically irresistable. GovAccess.015 and the following message both concern a net-based *federal* political push regarding a *national* net-related issue. GovAccess.015 concerned a national petition addressed to the President - the Executive Branch. It has already drawn OVER TEN-THOUSAND CO-SIGNATORS. The following item concerns direct advocacy to representatives in the Legislative Branch - supporting Congressional action to redress the grievance. Although I am personally a furious and flaming advocate on this issue, I am weaseling the information in, here, under the [legitimate] excuse that it is clearly an example of a net-based populist political push - this time, at a federal level. The "just-cause" and "public-interest" aspects are merely icing on the cake: * Shall the Clinton/Gore administration continue to supress national and global adoption of the best possible personal-communications privacy- protection technology - that can be most-easily deployed and least expensive? * Shall the administration continue to force U.S. high-tech companies into non-competitive positions, by prohibiting their foreign sale of the best secure-communications technology - even though it is already known world- wide, published in the open technical literature more than a decade ago, and gleefully sold by foreign competitors? * Shall the administration continue to pretend that this globally-known security technology is a "dangerous munition," the export of which must be mostly-prohibited by the Secretary of State, when it is sold on diskettes throughout the U.S., is readily available throughout the world, and can be downloaded in a few minutes from many thousands of Internet sites, globally? * Shall the administration continue its efforts to deploy and install costly new communications systems that are exclusively *designed* to aid its covert surveillance of personal, financial and business communications - electronic-snooping so-often abused by politicians and officials in the positions to exercise it? * Does the administration *really* think that alleged wrongdoers will actually use communications systems that are *designed* to facilitate government eves-dropping - especially when provably-secure technology is available to everyone, worldwide, at little or no cost? * Should the government develop and deploy ever-greater citizen-surveillance technology for ever-increasingly-convenient, undetectable peeping-anywhere at the touch of a Washington keyboard, while citizens are offered only a guaranteed-insecure secret system to protect against corporate and personal snooping while facilitating government peepers? Thus - the next item concerns net-based political action by those who have the technical competency to understand the issues and their ramifications - to address this bizarre lunacy. While opposition-action is still permitted. --jim %%%%%%%%%%%%%%% CONGRESSIONAL ACTION SEEKS NET-WIDE SUPPORT (INCLUDING YOU! :-) From ssteele@eff.org Tue Feb 15 12:11:15 1994 * DISTRIBUTE WIDELY * subject: EFF Wants You (to add your voice to the crypto fight) Monday, February 7th, 1994 [reformatted for GovAccess. --jim] From: Jerry Berman, Executive Director of EFF. jberman@eff.org --- Dear Friends on the Electronic Frontier, I'm writing a personal letter to you because the time has now come for action. On Friday, February 4, 1994, the Administration announced that it plans to proceed on every front to make the Clipper Chip encryption scheme a national standard, and to discourage the development and sale of alternative powerful encryption technologies. If the government succeeds in this effort, the resulting blow to individual freedom and privacy could be immeasurable. As you know, over the last three years, we at EFF have worked to ensure freedom and privacy on the Net. Now I'm writing to let you know about something *you* can do to support freedom and privacy. *Please take a moment to send e-mail to U.S. Rep. Maria Cantwell (cantwell@eff.org) to show your support of H.R. 3627, her bill to liberalize export controls on encryption software.* I believe this bill is critical to empowering ordinary citizens to use strong encryption, as well as to ensuring that the U.S. software industry remains competitive in world markets. Here are some facts about the bill: Rep. Cantwell introduced H.R. 3627 in the House of Representatives on November 22, 1993. H.R. 3627 would amend the Export Control Act to move authority over the export of nonmilitary software with encryption capabilities from the Secretary of State (where the intelligence community traditionally has stalled such exports) to the Secretary of Commerce. The bill would also invalidate the current license requirements for nonmilitary software containing encryption capablities, unless there is substantial evidence that the software will be diverted, modified or re-exported to a military or terroristic end-use. If this bill is passed, it will greatly increase the availability of secure software for ordinary citizens. Currently, software developers do not include strong encryption capabilities in their products, because the State Department refuses to license for export any encryption technology that the NSA can't decipher. Developing two products, one with less secure exportable encryption, would lead to costly duplication of effort, so even software developed for sale in this country doesn't offer maximum security. There is also a legitimate concern that software companies will simply set up branches outside of this country to avoid the export restrictions, costing American jobs. The lack of widespread commercial encryption products means that it will be very easy for the federal government to set its own standard--the Clipper Chip standard. As you may know, the government's Clipper Chip initiative is designed to set an encryption standard where the government holds the keys to our private conversations. Together with the Digital Telephony bill, which is aimed at making our telephone and computer networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort on the part of the government to prevent us from being able to engage in truly private conversations. We've been fighting Clipper Chip and Digital Telephony in the policy arena and will continue to do so. But there's another way to fight those initiatives, and that's to make sure that powerful alternative encryption technologies are in the hands of any citizen who wants to use them. The government hopes that, by pushing the Clipper Chip in every way short of explicitly banning alternative technologies, it can limit your choices for secure communications. --- Here's what you can do: I urge you to write to Rep. Cantwell today at cantwell@eff.org. In the Subject header of your message, type "I support HR 3627." In the body of your message, express your reasons for supporting the bill. EFF will deliver printouts of all letters to Rep. Cantwell. With a strong showing of support from the Net community, Rep. Cantwell can tell her colleagues on Capitol Hill that encryption is not only an industry concern, but also a grassroots issue. *Again: remember to put "I support HR 3627" in your Subject header.* This is the first step in a larger campaign to counter the efforts of those who would restrict our ability to speak freely and with privacy. Please stay tuned--we'll continue to inform you of things you can do to promote the removal of restrictions on encryption. In the meantime, you can make your voice heard--it's as easy as e-mail. Write to cantwell@eff.org today. --- If you want additional information about the Cantwell bill, send e-mail to cantwell-info@eff.org. To join EFF, write membership@eff.org. The text of the Cantwell bill can be found with the any of the following URLs (Universal Resource Locaters): ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill --- [The Electronic Frontier Foundation is one of the most-effective spokes- groups for online civil-liberties that I know of in Washingtoontown, and Berman is one of the most effective DC advocates for such issues. --jim] %%%%%%%%%%%%%%% ONLY IN AMERIKA: CRYPTOIDS' COMIC RELIEF IN THE FED-SNOOP AND GOV-PEEP GAME From washofc!banisar@uu5.psi.com Wed Feb 16 12:08:21 1994 Organization: CPSR Washington Office From: Dave Banisar To: CPSR Civil Liberties Group Big Brother Inside Logo A parody of the Intel's Logo modified for the Clipper Chip is now available for use for stickers, posters, brochures etc. The Big Brother Inside graphic files are now available at the CPSR Internet Archive - ftp/gopher cpsr.org /cpsr/privacy/crypto/clipper big_brother_inside_sticker.ps (postscript-scale to fit your project) big_brother_inside_logo.gif (Color GIF - good startup/background screen) big_brother_inside_picts_info.txt (Info on the files) The files have also been uploaded to America Online in the Mac Telecom and Graphic Arts folders. big_brother_inside_sticker.ps is a generic postscript file, created in CorelDraw. The postscript image lies landscape on the page, and consists of the intel-logo's ``swoosh'' and crayon-like lettering on the inside. This design was originally created for the sticker project: the image was screened onto transparent stickers 1" square for the purpose of applying them to future clipper-chip products. (cdodhner@indirect.com was in charge of that project; as far as I know he's still distributing them for a small donation to cover printing & mailing costs). The design was created by Matt Thomlinson ------------------------------ Date: 18 Feb 94 15:23:33 EST From: Mark Lloyd <73670.57@COMPUSERVE.COM> Subject: File 6--Clipper Questions and Answers in a Nutshell Clipper Q and A By W. Mark Lloyd WHAT IS THE CLIPPER CHIP? The Clipper chip is an encryption chip using an algorithm called Skipjack. The Skipjack algorithm was developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST). Data encrypted using the Skipjack algorithm can be decrypted using a secret process that requires two separate keys. These keys would be escrowed separately by NIST and the Department of Treasury. Under the plan, a law enforcement agency would require a court order to get the two keys that would have to be combined to decrypt a transmission generated with a Clipper chip. HOW DOES THE SKIPJACK ALGORITHM DO THIS? Encryption algorithms use numbers called keys that are like combinations to a lock. Messages are encrypted and decrypted much the same as locks are locked and unlocked. The key to any Clipper encoded message is itself encrypted using a key derived from two other keys that are stored separately. The encrypted key and a number that identifies the chip that sent the message are then encrypted with another key that is common to many other chips. All of this is sent along with the encrypted original message. This is done so if a law enforcement agency wants to decrypt a message the process can be reversed: The outer portion of the encrypted key is decrypted to get the number that identifies the unit that sent the message. This is used to obtain the two separate escrowed keys that are then combined to decrypt the session key that allows the original message to be decrypted. Let s look at another way. You have the session key S, the key E derived from the two escrowed keys, the family key F, the message M and the chip identification number C. It s all put together like this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) IS THE SYSTEM SECURE? If everything goes right, according to the a panel of five cryptography experts who have reviewed it. WHAT ALGORITHM DOES THE ACTUAL ENCRYPTION? That is classified information. BUT AREN'T GOOD ENCRYPTION ALGORITHMS SECURE, EVEN WHEN EVERYONE KNOWS WHAT THEY ARE, LIKE DES? Yes. THEN WHY NOT JUST PUBLISH THE ALGORITHM? The reasons cited are that compromising the algorithm would be detrimental to national security. This means that secret techniques are used in the algorithm. SO A GOVERNMENT SECRET IS GOING TO BE IN THOUSANDS OF THESE CLIPPER CHIPS SHIPPED ALL OVER THE WORLD? That's the plan. SO IF SOMEONE FIGURES OUT HOW TO GET THE ALGORITHM FROM THE CLIPPER CHIPS, OUR NATIONAL SECURITY COULD BE COMPROMISED? If you follow the NSA's logic, yes. Law enforcement officials are going to be using the algorithm and the family key many time to get unit identification numbers. Let s say that the algorithm is leaked. Or one of the black boxes that will be used to decrypt the chips is compromised and the algorithm and family keys are generally known? What will happens then? The algorithm could be subject to tampering. From our explanation in question two we would go from this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) to this (M encrypted with key S)+(S encrypted with key E) C. This would leave the chip number open to tampering. Also in theory it would allow a steady attack on the key E, that would compromise the unit. This attack is theoretically better than attacking a message without the law enforment field, but even if the key S is known (by getting someone with a chip with to send you a message with a key you have negotiated) it would still be difficult with today s computer power. In any case anyone with anything to hide wouldn t use a Clipper chip for transmissions they wanted to keep secret from law enforcement authorities. MOST ENCRYPTION IS DONE WITH SOFTWARE. CAN THE SKIPJACK ALGORITHM BE USED IN SOFTWARE ENCRYPTING SYSTEMS? No. The nature of the Skipjack algorithm makes it only useful if it is released in a special tamper proof chip. SO THE ALGORITHM IS ONLY USEFUL FOR APPLICATIONS THAT CAN USE HARDWARE ENCRYPTION? Yes. WHAT IF I WANT TO ENCRYPT A MESSAGE WITH A REALLY SECURE ALGORITHM BEFORE IT IS ENCRYPTED BY A CLIPPER CHIP? That would be a simple and obvious way to get around the Clipper chip. BUT ISN'T MOST ENCRYPTION CURRENTLY DONE USING SOFTWARE ON GENERAL PURPOSE MICROPROCESSORS? Yes. IS CLIPPER GOING TO BE EASIER TO EXPORT THAN DES? According to the Clinton administration, yes. IS THERE A FOREIGN MARKET FOR CLIPPER ENCRYPTION DEVICES? For there to be a market there needs to be a reason for foreign purchasers to prefer Skipjack or Clipper technology to currently available algorithms. This has not been shown to be true. There a report in the British press that the NSA has a representative in London that is lobbying European governments to adopt the Clipper chip. WHAT IF A FOREIGN GOVERNMENT WANTS TO SPY ON THEIR OWN CITIZENS, WILL WE GIVE THEM THE KEYS TO DO THIS? Good question. What if a foreign government allows the importation of Clipper chips, but only if they get the keys first? Would we be responsible for their abuse? That question has not been answered yet. If we only give them the key when they ask, what if we suspect the keys they want are to spy on a political adversay. What if a foreign government decides to make an issue of us not giving them the keys to a Clipper chip we sold them? How will we deal with this? We would be in a no win situation. WILL THE NSA GET THE KEYS TO SKIPJACK UNITS THAT ARE EXPORTED? Government officials have said to some people that the NSA will not get these keys. NSA has not yet said this on the record. HAVE ORGANIZATIONS THAT REPRESENT THE COMPUTER HARDWARE AND SOFTWARE INDUSTRIES ASKED FOR A NEW ALGORITHM TO EXPORT? No. Both the Software Publishing Association and the American Electronics Association, along with other industry groups, have asked that the DES algorithm be made available for easy export. The DES algorithm is already available all over the world. DES is classified as a munition by the US government and cannot be exported easily. THE ANNOUNCEMENT FROM THE WHITE HOUSE ON FEBRUARY 4 SPOKE ABOUT THE PROBLEM OF "TERRORISTS, DRUG DEALERS, AND OTHER CRIMINALS" USING ENCRYPTION. WILL THE CLIPPER CHIP DO ANYTHING TO PREVENT THESE PEOPLE FROM USING NON-ESCROWED ENCRYPTION TECHNIQUES? No. These prople will be able to encrypt with whatever algorithm they want. ARE THERE OTHER WAYS OF ESCROWING KEYS VOLUNTARILY, FOR GOVERNMENTAL AND BANKING NEEDS THAT REQUIRE BOTH CONFIDENTIALITY AND ACCOUNTABILITY? Yes. There is work being done now on techniques that allow much more flexible ways of voluntarily escrowing keys. ------------------------------ End of Computer Underground Digest #6.17 ************************************