|
FOIA Releases 10- 4- 93, CPSR Key Escrow Comments,
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
zcat cud5.79.gz
Computer underground Digest Sun Oct 10 1993 Volume 5 : Issue 79
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copie Editor: Etaoin Shrdlu, III
CONTENTS, #5.79 (Oct 10 1993)
File 1--FOIA Releases 10-4-93
File 2--CPSR Key Escrow Comments
File 3--Sea Joins the Encryption Game
File 4--Re: ITAR and export regulations
File 5--Sexual harassment via computers (newspaper article).
File 6--The Net and Netizens (Paper)
File 7--E-mail Announcements From O'Reilly & Associates
File 8--A Few More CuD-Carrying BBSes
File 9--Survey: what harassment _is_ there on the Net?
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from [email protected]. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
UNITED STATES:
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
ftp.eff.org (192.88.144.4) in /pub/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 5 Oct 1993 15:58-0400
From: The White House <[email protected]>
Subject: File 1--FOIA Releases 10-4-93
Clinton Memorandum on Administration of Freedom of Information Act
Contact: The White House, Office of the Press Secretary,
202-456-2100
Oct. 4, 1993
MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES
SUBJECT: The Freedom of Information Act
I am writing to call your attention to a subject that is of great
importance to the American public and to all Federal departments and
agencies -- the administration of the Freedom of Information Act, as
amended (the "Act"). The Act is a vital part of the participatory
system of government. I am committed to enhancing its effectiveness
in my Administration.
For more than a quarter century now, the Freedom of Information
Act has played a unique role in strengthening our democratic form of
government. The statute was enacted based upon the fundamental
principle that an informed citizenry is essential to the democratic
process and that the more the American people know about their
government the better they will be governed. Openness in government
is essential to accountability and the Act has become an integral
part of that process.
The Freedom of Information Act, moreover, has been one of the
primary means by which members of the public inform themselves about
their government. As Vice President Gore made clear in the National
Performance Review, the American people are the Federal Government's
customers. Federal departments and agencies should handle requests
for information in a customer-friendly manner. The use of the Act by
ordinary citizens is not complicated, nor should it be. The
existence of unnecessary bureaucratic hurdles has no place in its
implementation.
I therefore call upon all Federal departments and agencies to
renew their commitment to the Freedom of Information Act, to its
underlying principles of government openness, and to its sound
administration. This is an appropriate time for all agencies to take
a fresh look at their administration of the Act, to reduce backlogs
of Freedom of Information Act requests, and to conform agency
practice to the new litigation guidance issued by the Attorney
General, which is attached.
Further, I remind agencies that our commitment to openness
requires more than merely responding to requests from the public.
Each agency has a responsibility to distribute information on its own
initiative, and to enhance public access through the use of
electronic information systems. Taking these steps will ensure
compliance with both the letter and spirit of the Act.
(s) William J. Clinton
------
Oct. 4, 1993
MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES
Subject--The Freedom of Information Act
President Clinton has asked each Federal department and agency to
take steps to ensure it is in compliance with both the letter and the
spirit of the Freedom of Information Act (FOIA), 5 U.S.C. 552. The
Department of Justice is fully committed to this directive and stands
ready to assist all agencies as we implement this new policy.
First and foremost, we must ensure that the principle of openness
in government is applied in each and every disclosure and
nondisclosure decision that is required under the Act. Therefore, I
hereby rescind the Department of Justice's 1981 guidelines for the
defense of agency action in Freedom of Information Act litigation.
The Department will no longer defend an agency's withholding of
information merely because there is a "substantial legal basis" for
doing so. Rather, in determining whether or not to defend a
nondisclosure decision, we will apply a presumption of disclosure.
To be sure, the Act accommodates, through its exemption structure,
the countervailing interests that can exist in both disclosure and
nondisclosure of government information. Yet while the Act's
exceptions are designed to guard against harm to governmental and
private interests, I firmly believe that these exemptions are best
applied with specific reference to such harm, and only after
consideration of the reasonably expected consequences of disclosure
in each particular case.
In short, it shall be the policy of the U.S. Department of Justice
to defend the assertion of a FOIA exemption only in those cases where
the agency reasonably foresees that disclosure would be harmful to an
interest protected by that exemption. Where an item of information
might technically or arguably fall within an exemption, it ought not
to be withheld from a FOIA requester unless it need be.
It is my belief that this change in policy serves the public
interest by achieving the Act's primary objective -- maximum
responsible disclosure of government information -- while preserving
essential confidentiality. Accordingly, I strongly encourage your
FOIA officers to make "discretionary disclosures" whenever possible
under the Act. Such disclosures are possible under a number of FOIA
exemptions, especially when only a governmental interest would be
affected. The exemptions and opportunities for "discretionary
disclosures" are discussed in the Discretionary Disclosure and Waiver
section of the "Justice Department Guide to the Freedom of
Information Act." As that discussion points out, agencies can make
discretionary FOIA disclosures as a matter of good public policy
without concern for future "waiver consequences" for similar
information. Such disclosures can also readily satisfy an agency's
"reasonable segregation" obligation under the Act in connection with
marginally exempt information, see 5 U.S.C. 552(b), and can lessen an
agency's administrative burden at all levels of the administrative
process and in litigation. I note that this policy is not intended
to create any substantive or procedural rights enforceable at law.
In connection with the repeal of the 1981 guidelines, I am
requesting that the Assistant Attorneys General for the Department's
Civil and Tax Divisions, as well as the United States Attorneys,
undertake a review of the merits of all pending FOIA cases handled by
them, according to the standards set forth above. The Department's
litigating attorneys will strive to work closely with your general
counsels and their litigation staffs to implement this new policy on
a case-by-case basis. The Department's office of Information and
Privacy can also be called upon for assistance in this process, as
well as for policy guidance to agency FOIA officers.
In addition, at the Department of Justice we are undertaking a
complete review and revision of our regulations implementing the
FOIA, all related regulations pertaining to the Privacy Act of 1974,
5 U.S.C. 552a, as well as the Department's disclosure policies
generally. We are also planning to conduct a Department-wide "FOIA
Form Review." Envisioned is a comprehensive review of all standard
FOIA forms and correspondence utilized by the Justice Department's
various components. These items will be reviewed for their
correctness, completeness, consistency and particularly for their use
of clear language. As we conduct this review, we will be especially
mindful that FOIA requesters are users of a government service,
participants in an administrative process, and constituents of our
democratic society. I encourage you to do likewise at your
departments and agencies.
Finally, I would like to take this opportunity to raise with you
the longstanding problem of administrative backlogs under the Freedom
of Information Act. Many Federal departments and agencies are often
unable to meet the Act's ten-day time limit for processing FOIA
requests, and some agencies -- especially those dealing with
high-volume demands for particularly sensitive records -- maintain
large FOIA backlogs greatly exceeding the mandated time period. The
reasons for this may vary, but principally it appears to be a problem
of too few resources in the face of too heavy a workload. This is a
serious problem -- one of growing concern and frustration to both
FOIA requesters and Congress, and to agency FOIA officers as well.
It is my hope that we can work constructively together, with
Congress and the FOIA-requester community, to reduce backlogs during
the coming year. To ensure that we have a clear and current
understanding of the situation, I am requesting that each of you send
to the Department's Office of Information and Privacy a copy of your
agency's Annual FOIA Report to Congress for 1992. Please include
with this report a letter describing the extent of any present FOIA
backlog, FOIA staffing difficulties and any other observations in
this regard that you believe would be helpful.
In closing, I want to reemphasize the importance of our
cooperative efforts in this area. The American public's
understanding of the workings of its government is a cornerstone of
our democracy. The Department of Justice stands prepared to assist
all federal agencies as we make government throughout the executive
branch more open, more responsive, and more accountable.
/s/ Janet Reno
------------------------------
From: David Sobel <[email protected]>
Date: Tue, 5 Oct 1993 16:51:12 EST
Subject: File 2--CPSR Key Escrow Comments
CPSR Key Escrow Comments
September 27, 1993
Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899
Re: Request for Comments; Docket No. 930659-3159
This letter constitutes the formal comments of Computer
Professionals for Social Responsibility (CPSR) on the proposed
Federal Information Processing Standard for an Escrowed Encryption
Standard (EES), as described in the Federal Register on July 30,
1993 (58 FR 40791). CPSR, a national organization of
professionals in the computing field, has a long-standing interest
in government policies concerning cryptography and computer
security. During the past several years we have pursued an
extensive study of cryptography policy in the United States. We
have organized several public conferences, conducted litigation
under the Freedom of Information Act, and appeared on a number of
panels to discuss the importance of cryptography for privacy
protection and the need to scrutinize carefully government
proposals designed to limit the use of this technology. While we
do not represent any particular computer company or trade
association, we do speak for a great many people in the computer
profession who value privacy and are concerned about the
government's key escrow initiative.
To properly evaluate the key escrow proposal, it is necessary
to consider the Computer Security Act of 1987, which made clear
Congress' intent that in the area of unclassified computing
systems NIST -- and not the National Security Agency (NSA) --
would be responsible for the development of technical standards.
The Act emphasizes public accountability and stresses open
decision-making.
In the spirit of the Act, NIST set out in 1989 to develop a
public key cryptography standard. According to documents obtained
by CPSR through the Freedom of Information Act (FOIA), NIST
recommended that the algorithm be "public, unclassified,
implementable in both hardware or software, usable by federal
Agencies and U.S. based multi-national corporations." However,
the key escrow proposal and the proposed Clipper and Capstone
configurations are quite different: the underlying Skipjack
algorithm is classified; public access to the reasons behind the
proposal is restricted; Skipjack can be implemented only in
tamper-proof hardware; the key escrow system is unlikely to be
used by multi-national corporations; and the security of the
algorithm remains unproved.
The key escrow proposal undermines the central purpose of the
Computer Security Act and conflicts with the goals NIST itself
articulated in 1989. The most significant deficiencies of the
proposal are set forth below.
* The potential risks of the proposal have not been assessed
and many questions about the implementation remain unanswered.
The Federal Register notice states that the current proposal "does
not include identification of key escrow agents who will hold the
keys for the key escrow microcircuits or the procedures for access
to the keys." In a recent briefing for Congressional staffers,
however, Justice Department representatives indicated that NIST
and a "non-law enforcement" component of the Treasury Department
will be designated as the escrow agents. Such an arrangement
would be cause for serious concern and would not constitute a true
"escrow" system. As described in the Federal Register notice,
To escrow something (e.g., a document, an encryption
key) means that it is "delivered to a third person to be
given to the grantee only upon the fulfillment of a
condition" (Webster's Seventh New Collegiate
Dictionary). A key escrow system is one that entrusts
components of a key used to encrypt telecommunications
to third persons, called key component escrow agents.
It is, we submit, disingenuous to apply the word "escrow" to
an arrangement whereby two components of the Executive branch
(NIST and Treasury) would be providing cryptographic keys to
another component of the Executive branch (a law enforcement
agency). By any stretch of the imagination, such a system would
lack the "third party" that is an integral part of any true escrow
system.
Notwithstanding the identity of the escrow agents, the
proposed key escrow configuration may also create a dangerous
vulnerability in the nation's communications networks. The risks
of misuse of this feature greatly outweigh any perceived benefit.
* The Federal Register notice states that the escrow agents
will provide the key components to a government agency that
"properly demonstrates legal authorization to conduct electronic
surveillance of communications which are encrypted." The crucial
term "legal authorization" has not been defined. The vagueness of
the term leaves open the possibility that court-issued warrants
may not be required in some circumstances. Indeed, in NIST's
letter of invitation to the five experts who were selected to
evaluate the Skipjack algorithm (recently released to CPSR under
the FOIA), the agency describes the escrow system and states that
the key components will be made available "only to authorized
government officials under proper legal authorizations, usually a
court order." Network users cannot be expected to embrace a
communications security system that -- in the words of the agency
proposing the system -- will "usually" require a court order
before the privacy of a communication is compromised. Those
circumstances in which judicial warrants will not be required must
be precisely and unambiguously described before any meaningful
public debate of the proposal can proceed.
* The classification of the Skipjack algorithm as a "national
security" matter is inappropriate for technology that will be used
primarily in civilian and commercial applications. Classification
of such technical information limits the computing community's
ability to evaluate fully the proposal and the general public's
right to know about the activities of government in this vitally
important area. CPSR has initiated litigation in federal district
court challenging NSA's failure to disclose information relevant
to the key escrow system. CPSR v. NSA, et al., Civil Action No.
93-1074 (D.D.C.). NSA recently requested a one-year delay in
those judicial proceedings. We submit that complete and
meaningful public comment on the key escrow proposal is impossible
until all relevant documentation has been made available for
public review.
* The key escrow proposal was not developed in response to a
public concern or a request from industry. It was put forward by
the National Security Agency and the Federal Bureau of
Investigation so that those two agencies could more easily conduct
surveillance of electronic communications. It has not been
established that such surveillance is necessary for crime
prevention. The number of arrests resulting from wiretaps has
remained essentially unchanged since the federal wiretap law was
enacted in 1968. Likewise, it has not been demonstrated that the
use of encryption technology has in any way hampered the ability
of law enforcement agencies to execute court-ordered electronic
surveillance warrants.
* Adoption of the proposed key escrow standard would have an
adverse impact upon the ability of U.S. manufacturers to market
cryptographic products abroad. It is unlikely that non-U.S. users
would purchase communication security products to which the U.S.
government holds keys. The key escrow proposal is the most recent
manifestation of the government's outdated and unrealistic attempt
to "control" the dissemination of emerging information
technologies, often to the detriment of American developers and
innovators. In a recent letter to the President, a bi-partisan
group of Congressmen (including Majority Leader Gephardt and
Minority Whip Gingrich) noted the folly of this course:
Encrypted mass market software has been subject
to ... outdated controls. Mass market software is
available from foreign manufacturers and distributors
and is easily transmitted using only a long distance
telephone line and a modem. Yet, the United States
continues to control this computer software as a
Munitions List item.
It is difficult to understand the utility of
controlling such equipment and technology when it is
so easily available to those from whom we are trying to
keep it. Yet, by imposing controls, we are limiting the
ability of American businesses to export some of their
most marketable items. As a result, we are losing our
competitive edge in these areas.
* * *
In summary, we believe the key escrow proposal is an ill-
conceived and futile attempt to control the development and wide
dissemination of effective, privacy-enhancing encryption
technology. The proposal was spawned by highly dubious and
unproven "law enforcement" assertions and, if adopted, would
create unacceptable vulnerabilities in our information infra-
structure. Network users have a right to secure and effective
means of communication, uninhibited by law enforcement and
intelligence agency attempts to monitor and control telecommuni-
cations systems. NIST should abandon the key escrow proposal and,
pursuant to its mandate under the Computer Security Act and the
Omnibus Trade and Competitiveness Act, encourage the development
and use of the strongest possible communications security
technologies.
Sincerely,
Marc Rotenberg David L. Sobel
Director, CPSR Washington Office CPSR Legal Counsel
------------------------------
From: [email protected]
Subject: File 3--Sea Joins the Encryption Game
Date: Sun, 3 Oct 1993 05:34:33 -0800 (PDT)
To: September 28, 1993
Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899
~From:
The Society for Electronic Access
P.O. Box 3131
Church Street Station
New York, New York 10008-3131
Voice telephone: (212) 592-3801
Internet e-mail: [email protected]
The Society for Electronic Access's response to the call for Public
Comment contained in:
FEDERAL REGISTER
VOL. 58, No. 145
DEPARTMENT OF COMMERCE (DOC)
National Institute of Standards and Technology (NIST)
Docket No. 930659-3159
RIN 0693-AB19
A Proposed Federal Information Processing Standard
for an Escrowed Encryption Standard (EES) 58 FR 40791
The Society for Electronic Access would like to register its concern
with the proposed implementation of the Clipper Chip/Skipjack
Algorithm key escrow scheme. These related protocols will be referred
to as a group as "Clipper" in the body of this letter. While we do not
object to classification of Federal Information Processing Standards
(FIPS) for encrypting information vital to national security, we
believe that a system for transferring sensitive but unclassified
information used by civilian Government offices, corporations and
private citizens should be open to public review.
NIST, by calling for public comment, would seem to be inviting just
such a review. However, NIST will not let the public examine either
the Clipper Chip or the Skipjack algorithm, has not commissioned
studies concerning either the cost or impact of the Clipper plan, and
will not let the public examine studies undertaken by the NSA on the
issue of escrow agency security. Furthermore, since an escrow scheme
requires a trusted third party while in the proposed scheme NIST
itself is one of the key holders, we feel that NIST will not be able
to review public comment as a disinterested party. Under these
circumstances we feel a call for public comment is hampered.
Our concerns with Clipper fall into four broad categories: it is
unnecessary; the present Administration has promoted its "voluntary"
use by the public without abjuring the possibility of outlawing
competing systems; the key escrow scheme is not a true escrow; and
attempts to gather information necessary for a public assessment of
Clipper have met obstacles raised by the Government. These concerns
are enumerated below.
1) Clipper is unnecessary.
Clipper is not a response to any public need. In a reply to questions
about Clipper from RSA, NIST states that "[the decisions made about
Clipper] offer a balance among the various needs of corporations and
citizens for improved security and privacy and of the law enforcement
community for continued legal access to the communications of
criminals."
Corporations and citizens can already obtain "improved security and
privacy" from a wide variety of sources, as there are several
commercially available encryption standards currently on the market.
Since the public already has what NIST says it needs, it follows that
the only reason for Clipper to exist is the addition of the Law
Enforcement Access Field (LEAF), which allows the government to
decrypt all messages encrypted by Clipper. Furthermore, the phrase
"legal access to the communications of criminals" is particularly
chilling, as it demonstrates a lack of sensitivity to the rule of law.
Neither the FBI nor any other agency entrusted with surveillance
activities can determine in advance of a trial whether a citizen is a
criminal or not. We believe NIST's attitude belies a misunderstanding
of the rights of American citizens.
2) The Administration has promoted its "voluntary" use by the public
without abjuring the possibility of outlawing competing systems.
NIST has consistently maintained that outside Federal use, adoption of
Clipper by citizens and individuals will be strictly voluntary. When
pressed on this point by RSA, NIST responded "There are no current
plans to legislate the use of Clipper. Clipper will be a government
standard, which can be - and likely will be - used voluntarily by the
private sector. The option for legislation may be examined during the
policy review ordered by the President." We are concerned that asking
for public approval of Clipper as one of several encryption
possibilities open to the public while the possibility of outlawing
all other options still exists will prevent legitimate assessment of
Clipper's ultimate impact.
Furthermore, many organizations from small companies to multi-national
corporations have invested in alternative encryption schemes like RSA,
Diffie-Hellman and IDEA, many of them based solely on software and
therefore incompatible with Clipper even as a retro-fit. To outlaw
these schemes would cause them an enormous fiscal burden, as well as
mandating a US-only standard incompatible with the protocols chosen by
many international standard-setting organizations, thereby reducing
the competitiveness of US companies doing business in the
international arena.
We feel that unless the present administration publicly abjures the
possibility of banning alternate methods of encryption, no true
analysis of Clipper is possible.
3) The escrow scheme does not use true escrow agencies.
This scheme has been publicly promoted as an escrow scheme, but the
core of any functioning escrow scheme is the presence of a trusted
third party (or in this case two trusted third parties.) We are
concerned with the idea that Governmental agencies will hold these
positions, as they are not truly third parties. In addition, we are
particularly concerned that the same agency is responsible for
reviewing Public Comment on the proposed encryption scheme and
occupying the position of one of the two key holders. We are not
convinced that NIST can fulfill both roles without conflict of
interest.
4) Attempts to gain information necessary for public review of Clipper
have met obstacles raised by the Government.
The National Security Agency has asked for an increased period of time
to respond to FOIA requests for information about Clipper, from 10
business days to one year. Ten business days falls within the Public
Comment period. One year does not. We feel that if NSA requires this
period of time to comply with requests for information that the period
for public analysis and comment should also be extended for an equal
period of time.
Based on these concerns, the Society for Electronic Access feels that
NIST should not implement the Clipper plan without commissioning
studies on the cost and impact of implementing Clipper, without
providing real assurances that Clipper is not a prelude to outlawing
other encryption schemes, without an implementation of an escrow
scheme in which NIST does not both review and participate in the proposal,
and without NSA complying with FOIA requests outstanding from before
September 28, 1993.
Respectfully submitted,
Clay Shirky
Board Member,
Society for Electronic Access
------------------------------
Date: Mon, 4 Oct 93 04:29:19 PDT
From: Fredrick B. Cohen <[email protected]>
Subject: File 4--Re: ITAR and export regulations
Your discussion seems very strange to me. I seem to think I have
heard it all before - about 3 years ago - when I got permission from
the government to export an RSA cryptosystem with no restriction on
key length or anything else.
It took a few weeks (6-8 as I recall), but all I did was submit the
software to the government (in 12 copies or so), and request a ruling.
After a few call-backs, I got permission.
I'm not an authorized arms dealer, and of course I can't reimport what
I have exported, but then I rarely have a reason to do so.
By the way, my understanding is that it is not the concept of modular
exponentiation that is covered by the RSA, but rather their particular
algorithm for key generation. Am I mistaken? I do key generation
with a slightly different algorithm - more efficient at some things,
less efficient at others.
All of this is not to say that I think it is reasonable to prevent us
from doing as we please in this area, and I certainly wish I didn't
have to wait so long before distributing new versions overseas, but
why not just apply for export and see what happens? Maybe you'll get
permission and it will all be no problem.
IBM has been exporting DES for quite a few years according to sources
I have in EC who have seen IBM chips with DES on them in EC computers.
I believe they simply asked for permission and got it.
I applaud the EFF for helping defend people in this area, but maybe if
they tried to work within the law in the first place, they would have
found it was easier to obey the law than break it. Maybe if they
apply now, they will end up with a no-case (assuming they get
permission). The court is generally pretty lenient under these
circumstances, and who would want to prosecute you once they find out
that there was no damage caused?
------------------------------
Date: Fri, 8 Oct 1993 05:43:44 GMT
From: [email protected](Elizabeth Reid)
Subject: File 5--Sexual harassment via computers (newspaper article).
This article appeared on Page 8 of the Australian newspaper _The Age_
on Tuesday 5 October 1993. Permission has been granted by the author
and the newspaper for the article's reproduction in the Computer
Underground Digest and the Computers and Academic Freedom electronic
digests and Usenet newsgroups.
UNI TO LOOK INTO SEXUAL HARASSMENT VIA COMPUTER
By JOANNE PAINTER
Education reporter
Computers have been blamed for many social ills but sexual misconduct
was never one of them. Now, however, the University of Melbourne is
investigating the link between computers and sexual harassment on
campus.
A five-member group was formed last month to investigate the extent of
sexual harassment occurring via the university's computer networks and
electronic mail systems. It follows several cases in which people
received sexually explicit and harassing letters. Some of the
instances occurred after hackers got into the system.
The existence of sexually explicit material in networks and personal
attacks carried out through the networks are also believed to have
offended people.
The university's sexual harassment adviser, Dr Murray Seiffert, said
that the university was aware of such sexual harassment. But he said
the group was formed to "nip the problem in the bud" rather than
respond to an existing pattern of harassment. "We know there has been
the odd case come up and in a place like ours that does take place,"
he said. "We have said we have a problem and (we) want to find out
how big it is."
The director of the Advanced Computer Graphics Centre at the Royal
Melbourne Institute of Technology, Mr Mike Gigante, said the exchange
of sexually explicit and harassing material was common on electronic
mail systems. He said it was difficult to monitor and police the
exchange of such material.
"People tend to be far more abusive on bulletin boards or EMAIL than
they would face to face.. Some of the exchanges I have seen on these
news groups have been outrageous. If they said it face to face, the
person saying it would be in court with libel and slander suits."
Dr Seiffert said electronic-based sexual harassment was almost
inevitable in an organisation with 25,000 staff and students,
thousands of computers that was [sic] linked into the global Internet
information network.
He acknowledged the difficulty of preventing harassment but he said
offenders would face disciplinary proceedings, including expulsion.
"Potentially it's a fairly big problem here because of the place
having a large number of computers," he said. The group will report
back to the university's equal opportunity committee next month.
------------------------------
Date: Sun, Oct 4 1993 21:32:32 CDT
From: Michael Hauben <[email protected]>
Subject: File 6--The Net and Netizens (Paper)
((Moderators' Note: The following excerpt is from Michael Hauben's
substantial and useful paper: "The Net and Netizen's: The Impact the
Net has on People's Lives." The full text, about 80 K, can be obtained
from the CuD ftp sites)).
++++
II. INTRODUCTION
The world of the Netizen was envisioned some twenty five years ago by
J.C.R. Licklider and Robert Taylor in "The Computer as a Communication
Device" (Science and Technology, April 1968). Licklider brought to his
leadership of the Department of Defense's ARPANET a vision of "the
intergalatic computer network." Whenever he would speak of ARPANET, he
would mention this vision. J.C.R. Licklider was a prophet of the Net. In
his paper, "The Computer as a Communication Device", Licklider establishes
several helpful principles as to make the computer play a helpful role in
human communication. Licklider clarified his definition of communication as
a creative process by writing:
"But to communicate is more than to send and to receive. Do two
tape recorders communicate when they play to each other and record from
each other? Not really - not in our sense. We believe that
communicators have to do something nontrivial with the information they
send and receive. And to interact with the richness of living
information -- not merely in the passive way that we have become
accustomed to using books and libraries, but as active participants in
an ongoing process, bringing something to it through our interaction
with it, and not simply receiving from it by our connection to it...We
want to emphasize something beyond its one-way transfer: the increasing
significance of the jointly constructive, the mutually reinforcing
aspect of communication - the part that transcends 'now we both know a
fact that only one of us knew before.' When minds interact, new ideas
emerge. We want to talk about the creative aspect of communication."
Licklider defines four principles for computers to make a
contribution towards human communication. They are:
1) Communication is defined as an interactive creative process.
2) Response times needs to be short to make the "conversation"
free and easy.
3) The larger network would form out of smaller regional networks.
4) Communities would form out of affinity and common interests.
In this paper I will explore the uses Netizens have discovered for
the Net. Licklider's understandings from his 1968 paper have stood the test
of time, and do represent the Net today. In a later paper he co-wrote with
Albert Vezza, "Applications of Information Networks" (Proceedings of
IEEE, Vol 66, No 11, Nov 1978) Licklider explores possible business
applications of information networks. Licklider's survey of business
applications in 1978 come short of the possibilities he outlaid in his
earlier paper, and represent but a tiny fraction of the resources the Net
currently embodies.
------------------------------
Date: Fri, 20 Aug 1993 13:19:32 -0700
From: Richard Budrevich <[email protected]>
Subject: File 7--E-mail Announcements From O'Reilly & Associates
SUBSCRIBING TO ORA-NEWS
If you would like to receive this service, we now have an easy
automated way for you to subscribe to our "ora-news" mailing list.
To subscribe, address an e-mail message to:
listproc@online.ora.com
Put the following information on the first line of your message
(not in the Subject:, because commands there are ignored):
subscribe ora-news "Your Name" of "Your Company"
for example:
subscribe ora-news Jane Doe of Bland University
Within the next day or so (usually much sooner), you should get a
reply message welcoming you to the list. If you don't get a reply,
or you have other problems or questions, please send mail to:
listown@online.ora.com -- tell us when you sent your message
and include your telephone number.
(If you have more than one computer account or read e-mail on several
different services, be sure to send your subscription request from the
place where you want to read "ora-news." Our system automatically
reads your e-mail address from your message and registers you at that
particular address.)
------------------------------
Date: Sun, 10 Oct 1993 16:35:06 CDT
From: CuD Moderators <[email protected]>
Subject: File 8--A Few More CuD-Carrying BBSes
Here are a few more BBSes carrying CuDs, PHRACKs, and other
'Zines. One of these days, perhaps an ambitious reader could
compile a substantial BBS directory, organized by area code, of
BSSes specializing in text files.
From--aphelps%vicstoy%[email protected](Austin Phelps)
Subject--CuD BBS
Date--Mon, 13 Sep 1993 23:14:43 -0400 (EDT)
LIGHTNING STRIKE BBS carries CuDs as well.
Lightning Strikes Here 14.4 down to 1200.
I have all CuD with the Index. Packed up with PKZIP 2 format.
More Info is in the Sig.
Thanks.
--
\ Austin C. Phelps \ Internet:[email protected]
/ Lightning Strikes Here / UUCP: ucf-cs!vicstoy!aphelps
\ FutureNet #44 (407) 297-7288 FutureNet: #1@#44 or #2@#10 or #59@#1
/ Apple II Forever / \ FidoNet: Austin Phelps@1:363/18
=================================================================
Date--Thu, 09 Sep 93 20:54:35 EDT
From--System Operator <system%decode%[email protected]>
The Decode BBS in Columbia, Maryland, carries both
comp.society.cu-digest and back issues under /public/cud-arch.
It also offers a complete set of Phrack issues in
/public/phrack. There are also various computer underground
documents and programs in the files section.
Decode BBS is reachable at +1 410 730 6734. I am available
at uunet!anagld!decode!system.
system@decode.UUCP (System Operator)
Cryptography, Security, Privacy +1 410 730 6734 Data/FAX
====================================================================
[email protected](Conal .)
RABBS is officially going to be open 5 October 1993. The number is
612.251.8596 and will (crossing fingers%) be online Internet within a
month (er two). RABBS has changed names to "the Alliance BBS"...but
will hopefully use RABBS.whatever for mailing.
------------------------------
Date: 10 Oct 1993 17:51:14 +0100
From: [email protected](Mike C Holderness)
Subject: File 9--Survey: what harassment _is_ there on the Net?
((MODERATORS' NOTE: Mike Holderness's past writings, including some
some published in CuD, the Times Higher Education Supplement, and
elsewhere, demonstrate that he is competent, non-sensationalistic, and
incisive. We trust that he will share some of his findings with CuD
readers when the story is finished. The following is reprinted from
Carl Kadie's alt.comp.acad-freedom.talk, a Usenet group devoted to
issues of net policy and events related to academic freedom)).
The Times Higher Education Supplement wants me to do a piece on
harassment on the Net. No, I am not about to go all sensationalist.
Neither am I about to abstain from the phone system, let alone call
for it to be monitored or shut down; in my lifetime I have received
one nearly-obscene call, one bomb threat and dozens of silent
harassers through that technology, but I find it, like the Net, rather
useful. Neither am I at all interested right now in pictures, except
for specific reports of their being used to harass an individual.
I want to look at this phenomenon as a form of harassment, not as a
nasty mysterious technological thang. And I want to look at the
_debate_ around it. I hope readers will see this attempt to communicte
calmly with largely non-Net-connected academics as a useful use of
bandwidth.
I'm hoping for answers to the following. I don't expect any one person
to answer them all.
* How would you say that email harassment is different from other
forms of harassment -- by mail, by phone, in person?
* Would you comment on a _guess_ I make about the phenomenon,
which is this:
To senders, a harassing message takes place in the
"privacy" of their computer environment and/or may seem
impersonal; whereas to recipients the harassing message is as
deeply personal as a phone call, is addressed to them
individually, and is harder to "put down" than a phone.
* Have you experienced any form of harassment on the Net? Are you
prepared to (can you bear to?) describe the incident?
Do you personally know anyone else who has/can?
* Do you know of any statistics and where I can get them?
* What do you think is the best way of dealing with harassment?
With Net harassment specifically? Is there an appropriate
institutional response (e.g. from a harasser's system
administrator?)
* Why do you think the issue generates such excitement on the Net?
* Ironically, in dealing with the some of the preconceptions
which I know many Net users to have about journalists dealing
with this and similar issues, I have had to set out a pretty
thorough pre-agenda for the piece rather than asking open
questions. Do you have a comment on this?
Please indicate how you would prefer your comments to be used.
[ ] With full attribution including where you work
[ ] With name and occupation/post only
[ ] Anonymously
[ ] This is background. It never happened.
(Please check one in response and give any relevant info).
I look forward to hearing from you! Please reply by email. I will
summarise. Replies before Wednesday October 13 are more likely to be used.
---
The THES is _the_ weekly publication for people working in higher
education in the UK. I also write for New Scientist and (right to
left) the Daily Telegraph, the Independent and the Guardian.
---
I tried to post this on Monday Oct 5, but it never got back to
my site. Apologies for any multiple-posting to individual groups.
Mike Holderness
[email protected]
[email protected]
------------------------------
End of Computer Underground Digest #5.79
************************************
crl31% X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
|
|
