💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0832.txt captured on 2022-06-12 at 11:01:43.
-=-=-=-=-=-=-
Computer underground Digest Sun Apr 21, 1996 Volume 8 : Issue 32
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #8.32 (Sun, Apr 21, 1996)
File 1--Golden Key Campaign
File 2--(Fwd) Congress puts bomb-making material on internet
File 3--Canadian "criminalization of technology"
File 4--Re: Cu Digest, #8.29, Apr 11, 1996
File 5--Re: The Day the Sites Went Out in Georgia?
File 6--Proposed Swedish law about computer-mediated communication
File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: 23 Apr 1996 21:47:56 -0500
From: "David Sobel" <sobel@EPIC.ORG>
Subject: File 1--Golden Key Campaign
PRESS RELEASE
Wednesday, April 24, 1996
URL: http://www.privacy.org/ipc/
Contact: Marc Rotenberg, EPIC, 202/544-9240
Lori Fena, EFF, 415/436-9333
Barbara Simons, USACM 408/463-5661
Kurt Stammberger, RSA 415/595-8782
------------------------------------------
INTERNET PRIVACY COALITION FORMED
Golden Key Campaign Launched
Groups Urge Good Technology for Privacy and Security
Senator Burns to Introduce Legislation
------------------------------------------
WASHINGTON, DC -- A new coalition today urged support for strong
technologies to protect privacy and security on the rapidly
growing Internet. The Internet Privacy Coalition said that new
technologies were critical to protect private communications and
on-line commerce, and recommended relaxation of export controls
that limit the ability of US firms to incorporate encryption in
commercial products.
Phil Zimmermann, author of the popular encryption program Pretty
Good Privacy, expressed support for the effort of the new
coalition. "It is time to change crypto policy in the United
States. I urge those who favor good tools for privacy to back the
efforts of the Internet Privacy Coalition."
GOLDEN KEY CAMPAIGN LAUNCHED
The Coalition has asked companies and Internet users to display a
golden key and envelope to show support for strong encryption
technology. Copies of the logo are available at the group's web
page on the Internet.
According to Lori Fena, director of the Electronic Frontier
Foundation, the purpose of the campaign is to educate the public
about new techniques for privacy protection. "Society's feelings
about privacy have not changed, only the medium has," said Ms.
Fena.
US industry has pressed the US government to relax export controls
on encryption as consumer demand for software products has
increased. They cite the fact that foreign companies have been
able to sell strong products in overseas markets that are now
restricted for US firms.
Jim Bidzos, President and CEO of RSA Data Security, said that US
firms continue to face excessive burdens. "Encryption is the key
to on-line commerce. Government regulations are simply keeping US
firms out of important markets."
The Internet Privacy Coalition is the first net-based effort to
bring together a broad base of companies, cryptographers and
public interest organizations around the central goal of promoting
privacy and security on the Internet andurging relaxation of
export controls.
Dr. Barbara Simons, chair of the public policy committee of the
Association for Computing said, "The broad support for the Golden
Key campaign shows that the reform of encryption policy is a
shared goal for companies, users, and professional associations."
SENATOR BURNS TO INTRODUCE LEGISLATION
The Internet Privacy Coalition is being established as Congress
considers new legislation to relax export controls on encryption.
Senator Conrad Burns (R-MT) today introduced legislation that
would relax export controls on commercial products containing
technologies for privacy such as encryption.
Marc Rotenberg, director of the Electronic Privacy Information
Center, said "We believe that Senator Burns has put forward a
constructive proposal. We look forward to working with him to
ensure that good tools for privacy and security are widely
available to Internet users."
Hearings on Senator Burns bill are expected to take place in early
June. The proposal has already gathered support from a bipartisan
coalition in Congress.
For Internet users who are interested in following the debate
about encryption policy, the IPC has set up a Web page with
information about encryption regulations, court challenges,
legislative developments, and organizations and companies involved
in the campaign.
The Internet Privacy Coalition was established by more than a
dozen of the nation's leading cryptographers, and thirty
associations, companies, and civil liberties organizations
committed to strong privacy and security technology for all users
of the Internet.
URL: http://www.privacy.org/ipc/
----------------------------------------------
A KEY, AN ENVELOPE -- Both are historic means for communicating
privately and protecting personal information. Today, encryption
tools provide this privacy in the electronic world.
The Golden Key Campaign is being launched to raise awareness and
support for the preservation of the right to communicate privately
and the availability of new techniques which make it possible.
Privacy, a fundamental human right, has been affirmed by the US
Supreme Court, the constitutions and laws of many countries, and
the United Nations Universal Declaration of Human Rights.
Privacy must be preserved as we move from paper to electronic
communications.
The Internet Privacy Coalition is urging members of the net
community to display a Golden Key & Envelope symbol on their Web
pages to show support for the right of privacy and the freedom to
use good tools of privacy without government restraints.
------------------------------
Date: Sun, 21 Apr 1996 00:46:55 -0400
From: tallpaul <tallpaul@pipeline.com>
Subject: File 2--(Fwd) Congress puts bomb-making material on internet
Ah, the things one thinks about late at night. The post below is
self-explanatory and might make a wonderful short piece for _CuD_. I
personally checked the URL and instructions and Rochkind is correct. The
good folks in Congress really did post to the internet how to make
"babyfood bombs" and a nasty detanator for them as well!
As "Mr. Roger's Capital Hill Neighborhood" might put it: "the word for
today Congressmen and Congresswomen is 'clueless.' Can you spell
C-L-U-E-L-E-S-S?"
>----- Forwarded message (jrochkin@cs.oberlin.edu (Jonathan Rochkind))
At 11:45 PM 04/19/96, Rich Graves wrote:
>Oh yeah, and Biden read the full text of the "Attention All Unabomber
>Wannabes" and "Babyfood Bombs" documents into the Congressional Record,
>supposedly to underscore the point that those nasty Republicans are
>endorsing such nasty nasty stuff. Sort of like Exon's little blue book.
>
>So if you want to know how to build a baby-food bomb, simply write your
>congresscritter.
Or access the congressional record on thomas, as Rich gives earlier gives
us a URL to. Go to http://thomas.loc.gov/r104/r104s17ap6.html, choose the
second TERRORISM PREVENTION ACT--CONFERENCE REPORT link, choose the first
BIDEN link.
Congress is putting information on how to build babyfood bombs on the
internet! Clearly, the first thing the FBI would do under the law Biden
wants is wiretap congress to see who is accessing the congressional record.
Wonder what the congressional librarians who run thomas think of that.
((MODERATORS' NOTE: For this without access to the original,
here is the text))
++++++++++++++++++++++++++++++++
TERRORISM PREVENTION ACT--CONFERENCE REPORT (Senate - April 17, 1996)
Mr. BIDEN. Mr. President, I yield myself such time as I may use within
the limit of the time I have.
This provision is very straightforward and simple. It is beyond me why
it was taken out of the Senate version of the language that was sent
to the House.
I have heard many colleagues stand up on the floor here and rail
against pornography on the Internet, and for good reason. Even when we
thought we had corrected the language that Senator Exon introduced to
comport with the first amendment, I still hear in my State, and I hear
of people writing about how so and so is promoting pornography on the
Internet because they will not ban pornography on the Internet.
Yet, in the bill, we came along--all of us here--and the genesis of
this came from Senator Feinstein, when it was initially offered. The
majority leader, Senator Hatch, and I had some concerns with this, and
we thought the language to ban teaching people how to make bombs on
the Internet or engage in terrorist activities on the Internet might
violate the first amendment. Senators Dole, Hatch, and I worked to
tighten the language and came up with language that was tough and true
to civil liberties. It was accepted by unanimous consent.
We have all heard about the bone-chilling information making its way
over the Internet, about explicit instructions about how to detonate
pipe bombs and even, if you can believe it, baby food bombs. Senator
Feinstein quoted an Internet posting that detailed how to build and
explode one of these things, which concludes that `If the explosion
don't get'em, the glass will. If the glass don't get'em, the nails
will.'
I would like to give you a couple of illustrations of the kinds of
things that come across the Internet. This is one I have in my hand
which was downloaded. It said, `Baby food bombs by War Master.' And
this is actually downloaded off the Internet. It says:
These simple, powerful bombs are not very well known, even though all
of the materials can be obtained by anyone (including minors). These
things are so--
I will delete a word because it is an obscenity.
powerful that they can destroy a CAR. The explosion can actually twist
and mangle the frame. They are extremely deadly and can very easily
kill you and blow the side of a house out if you mess up while
building it. Here is how they work.
This is on the Internet now. It says:
Go to Sports Authority or Herman's Sport Shop and buy
shotgun shells. It is by the hunting section. At the Sports Authority
that I go to you can actually buy shotgun shells without a parent or
an adult. They don't keep it behind the glass counter, or anything
like that. It is $2.96 for 25 shells.
And then it says:
Now for the hard part. You must cut open the plastic housing of the
bullet to get to the sweet nectar that is the gun powder. The place
where you can cut is CRUCIAL. It means a difference between it blowing
up in your face or not.
Then there is a diagram, which is shown as to how to do that on the
Internet. Then it says:
You must not make the cut directly where the gun powder is, or it will
explode. You cut it where the pellets are.
And then it goes through this in detail. And then it gets to the end,
and it says:
Did I mention that this is also highly illegal? Unimportant stuff that
is cool to know.
And then it rates shotgun shells by two numbers, gauge, pellet size,
and goes into great detail. It is like building an erector set. It
does it in detail.
So what Senators Dole and Hatch and I did, we said you should not be
able to do this, but we have a first amendment problem, possibly. So
we added a provision that says that you have to have the intent, when
you are teaching people how to do this, that the person using it is
using it for the purpose of doing harm.
So it seems to me that this is pretty straightforward. Granted, I want
to stop pornography on the Internet. I think pornography does harm to
the minds of the people who observe it, particularly young people. But
if that does harm, how much harm is done by teaching a 15-year-old
kid, a 12-year-old kid, or a 20-year-old person, with great detail,
how to build a baby food bomb, or how to build an automatic particle
explosion provision, or how to build light bulb bombs.
------------------------------
Date: Mon, 8 Apr 1996 10:50:41 -0700 (PDT)
From: Doc_Holliday@AWWWSOME.COM(M. Steven McClanahan)
Subject: File 3--Canadian "criminalization of technology"
Regarding the following letter reprinted in CuD:
>
> "An Act to amend the Criminal Code and to amend certain other Acts"The
>new subsection 487(2.1)(a) would provide that a person authorized to
>search a computer system for data may use any computer system in the
>building "to search any data contained in or available to the computer
>system." The quoted language does not distinguish between the two
>sources of data. However, there is good reason to treat data available to the
>computer system differently from data contained within it. Data available
>to the system may be physically located outside of the jurisdiction of
>the issuer of the warrant, potentially bringing the persons authorizing and
>conducting the search into conflict with foreign law. A similar concern
>is identified and addressed in the existing subsection 487(2), which
>provides for modified search warrants in circumstances where the subject of the
>search "is believed to be in any other territorial division" within
>Canada. In the context of the search of a computer system, it is quite probable
>that the data available to the computer system includes data located in
>jurisdictions outside of Canada. The international nature of the
>difficulty calls for a solution beyond that offered by subsection 487(2).
>It is necessary to have two distinct sets of provisions, one of which
>governs
>the search of data "contained in" a computer system and another specifically
>designed to address the difficulty of searching data "available to" a
>computer system. The words "or available to" should be removed from the
>proposed amendment to both subsections 487(2.1)(a) and 487(2.2)(a).
This sets dangerous precedent, as it seeks to make criminal the possession
of hardware, software and/or knowledge to configure systems so as to access
information the ruling junta may find objectionable. If you've configured
your system to automatically log onto another system that is connected to
something the government has defined as "criminal," then you are subject
criminal liability for information gained in a broad search as authorized
by this law. If you are a "newbie," even though your system might be
capable of accessing such information, because you could not configure it
to do so, then you are not subject to criminal liability. This would make
the same hardware, software and Internet connections criminal in one
situation and not in another, based solely on the level of expertise of the
user!
>Finally, we are concerned about the potential for self-incriminatory
>activity by the person whose property is the subject of a search.
>Subsection 487(2.1) would authorize the person conducting the search to
>use the computer system in order to search, reproduce, and seize data.
>Subsection 487(2.2), while similar, would add that the person whose
>property is being searched "shall, on presentation of the warrant, permit the
>person carrying out the search" to use the computer system. It is unclear from
>this language whether the person whose property is being searched is
>required to take positive steps to assist the person carrying out the
>search. Our concern is that the inherent vagueness of the proposed
>provision allows for such an interpretation. If the computer system is
>accessible only by first supplying a password, the person may have to
>supply it. If the data being searched is encrypted, the person may have to
>provide the decryption key. This would amount to being compelled to assist in
>the discovery of evidence against oneself, which is inconsistent with the
>most fundamental principles of criminal law. The proposed amendment should
>be rewritten to remedy its potentially dangerous vagueness.
The obvious solution to the above is to suffer "cyber-amnesia" when the
cops come busting down your door. Possession of encryption software should
not be illegal in any jurisdiction, however, realistically, most cops
assume, if it's encrypted it must be illegal - why else would you encrypt
it? It's a catch 22 situation and one in which you lose either way.
Speaking as one who had a Power Macintosh with a 2 gigabyte hard disk drive
and all my backups subpeonaed in a civil case, I can tell you that the
other side is not likely to want or accept your help in determining what is
on your mass storage devices and/or in learning how your systems work. I
had to stand by while the attorney corrupted all the data on my hard drive
trying to beat my PGP encryption. Then he did the same thing to my back
ups. Despite my protests I would have GIVEN them the key to decrypt the
data - he didn't trust me. This is in a CIVIL case, imagine how they would
feel in a CRIMINAL matter.
They spent days trying to get past PGP and could not. Even if they had, all
they would have gotten was copies of email between my wife and I. The
downside was it took me two weeks to reconstruct my hard drive, time which
the courts refused to order the attorney that started all this to pay me
for. (They did sanction him after he threatened to punch me during a
deposition for refusing to reveal my sources - which were protected by
attorney-client privilege - which I thought was interesting; apparently he
could waste all my time, but he couldn't hit me.) The court decided my data
had no value and that having to rebuild my hard drive was a "minor
inconveneince" compared to the "interests of justice."
Since it is a no win situation, extending cooperation is problematic. It
probably won't do any good. My experience told me most people in law
enforcement have not advanced, technologically, past the level of an Atari
2600 and are completely baffled by complex systems. Based on what they did
with a Mac system, I doubt they would even be able to access anything now
that I use a SPARCstation 4.
An attitude seems to have developed in the prosecution of computer crime
that "the ends justifies the means." As the voters have gone along like
sheep and surrendered many civil rights in the prosecution of drug related
crimes, they are similarly doing in the prosecution of computer crimes
having to do with the Internet and claims of "child porn." This is
extremely dangerous as. If you look long and hard enough on any system,and
systems accessible to it, you can, eventually, find something that will
offend someone. Therefore, applying the rule that "the ends justifies the
means," everyone who connects to a computer network is thereby
"criminalized."
The frigthening part is that, whether or not the innocent victim is doing
anything illegal, the reams of good press such actions bring for
prosecutors and police just encourages them. After it is all through and
nothing illegal is found, law enforcement still looks good in the press,
(because the public has been whipped up into such a frenzy they preceive
any action as "good"). The victims of such harassment are always "guilty"
in the eyes of the public, simply because the government took any action.
------------------------------
From: Dave++ Ljung <dxl@HPESDXL.FC.HP.COM>
Subject: File 4--Re: Cu Digest, #8.29, Apr 11, 1996
Date: Mon, 15 Apr 96 13:01:07 MDT
|Olsen concocted this scheme that he calls L18, for "Less than 18."
|Under it, every net-user must label every USENET post, email message,
|FTP site file, web page, chat room, IRC channel...
Wow. That's quite a bit.
Well, here's a thought. They can't possibly fine people for *NOT*
labeling non-offensive material as being L18 (non-offensive). Even
if they did, you could always add some four-letter exon somewhere in
the post to make sure that it was no longer L18.
So what's the point?
Well - the point is that most of the content on the net is provided
by us 'adults.' So it would be amazingly easy to boycott the L18 label.
What will be the effect? Well - one unfortunate effect is that anyone
who is pegged as under 18 will (for a hopefully short time) be unable
to access much of anything the net. In the long run this would make
the L18 plan so infeasible that it would become valueless, and hopefully
would be dropped.
One way to protect the kids from the nasty adult's ideas is by censoring
any such ideas. Another way is to keep the kids out. I don't prefer
either, but the latter is better than censorship.
------------------------------
Date: Fri, 19 Apr 1996 07:16:20 -0700 (PDT)
From: Declan McCullagh <declan@EFF.ORG>
Subject: File 5--Re: The Day the Sites Went Out in Georgia?
---------- Forwarded message ----------
Date--Fri, 19 Apr 1996 03:59:06 -0400
From--Mike Godwin <mnemonic@well.com>
Georgia Legislative Information
HB 1630 Computer or telephone network; transmitting misleading
data (3.7K)