💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0917.txt captured on 2022-06-12 at 11:04:30.
-=-=-=-=-=-=-
Computer underground Digest Sun Mar 9, 1997 Volume 9 : Issue 17
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #9.17 (Sun, Mar 9, 1997)
File 1--Computer Security Script and Software Database
File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill
File 3-- Open Internet Policy Principles
File 4--Cu Digest Header Info (unchanged since 13 Dec, 1996)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Wed, 5 Mar 1997 11:01:26 -0600 (CST)
From: "Scott A. Davis" <sdavis@fc.net>
Subject: File 1--Computer Security Script and Software Database
On March 13, 1997, The Banzai Institute will make available a
Computer Security Script and Software Database. Initially, there
will be over 600 scripts and programs available that will allow
system admins to test the weakness of the networks and systems
that they are responsible for. Any and all information provided
in this database is distributed for INFORMATION AND EDUCATIONAL
PURPOSES ONLY. You can sign up now and have your account
activated on the same day the databse opens by visiting our home
page!
www.banzai-institute.org/sdavis for PGP Public Key (ALL SECURE
MESSAGES)
------------------------------
Date: Thu, 27 Feb 1997 22:22:00 -0800 (PST)
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 2--EFF-Online 10.02-Burns introduces new Pro-CODE Crypto Bill
EFFector Vol. 10, No. 02 Feb. 27, 1997 editor@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
<snip>
* See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more
information on current EFF activities and online activism alerts! *
----------------------------------------------------------------------
Subject--Pro-CODE Bill Announced Today: Free Crypto From Cold-War Regs
-----------------------------------------------------------------
Below is a joint advisory from CDT, EFF and VTW about the re-introduction
of Sen. Conrad Burns's "Pro-CODE" encryption export deregulation bill. EFF
commends Burns and co-sponsors for continuing to raise this issue in
Congress, and for their opposition to the Administration's obsolete (and
unconstitutional) policies.
Though EFF does not *endorse* this legislation (principally because it
may perpetuate a policy of excluding the public from government
decision-making on encryption policy), we do recognize and laud the
bill as an improvement over the status quo in almost all respects.
Pro-CODE would turn the current export process upside down, permitting
export of most encryption, and requiring reportage of an encryption
program's capabilities only *after* export. The bill also creates no new
or redundant crime categories.
PRO-CODE BILL ANNOUNCED TODAY
BILL WOULD LIBERATE ENCRYPTION FROM ANTIQUATED COLD-WAR REGULATIONS
February 27, 1997
Please widely redistribute this document with this banner
intact until March 15, 1997
From the Center for Democracy and Technology (CDT),
the Electronic Frontier Foundation (EFF), and
the Voters Telecommunication Watch (VTW)
________________________________________________________________________
CONTENTS
The Latest News
What You Can Do Now
Background On Pro-CODE
What's At Stake
For More Information / Supporting Organizations
________________________________________________________________________
THE LATEST NEWS
Today, a bi-partisan group of seventeen United States Senators, led by
Conrad Burns (R-MT) and Patrick Leahy (D-VT), introduced the "Promotion
of Commerce Online in the Digital Era (Pro-CODE) Act", a bill designed
to promote privacy and security on the Internet by relaxing government
controls on encryption technologies.
Encryption technologies are the locks and keys of the Information age
-- enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. Pro-CODE aims to enable this by
removing some of the regulations that currently prevent Americans from
using this technology.
A short summary of the bill and background on the encryption policy
debate are attached below, along with information on what you can do to
help ensure that Congress takes action on this important issue.
________________________________________________________________________
WHAT YOU CAN DO NOW
1. CALL THE Pro-CODE SPONSORS AND THANK THEM FOR THEIR EFFORTS
Members of Congress tend to hear from their constituents only when
they do something constituents don't like. Today however, several
Senators have taken a stand on an issue of critical importance to
Internet users. It's crucial that we encourage them with phone
calls of support.
If you live in any of the states listed below, please take a moment
to give these Senators a call.
Allard (R-CO) Ashcroft (R-MO) Boxer (D-CA) Brownback (R-KS)
Burns (R-MT) Craig (R-ID) Dominici (R-NM) Dorgan (D-ND)
Faircloth (R-NC) Grahms (R-MN) Hutchison (R-TX) Inhoffe (R-OK)
Kempthorne (R-ID) Leahy (D-VT) Lott (R-MS) Murray (D-WA)
Nickles (R-OK) Thomas (R-WY) Wyden (D-OR)
Please take a moment to give these Senators a call.
<Dial 1-202-224-3121>
<ring ring!>
You:Senator Mojo's office please!
Sen:Hello, Senator Mojo's office!
You:
SAY I heard that the Senator introduced Pro-CODE to add more privacy
on
THIS-> the Internet. Please thank the Senator for me and I support
efforts to fix antiquated encryption export laws. I live in <your
state>.
Sen: Ok, thanks!<click>
2. ADOPT YOUR LEGISLATOR
If you were one of the thousands of people that have adopted their
legislator at http://www.crypto.com/, you would have received a
personalized letter telling you that your legislator announced his
or her sponsorship of Pro-CODE today.
These personalized letters contain all the phone numbers you need,
and we'll send them to you any time your legislator takes any action
that would have a significant impact on the net.
The Adopt Your Legislator campaign is the most effective method of
mobilizing grass-roots support available today. Since late last
year, VTW and CDT have been building a network of thousands of
Internet users who are active and engaged in the fight for privacy
and security on the Internet.
By focusing our efforts on the constituents of specific legislators
as well as on the net as a whole, we can ensure that members of
Congress know that they have support within their district as well
as throughout the Internet community.
You can adopt your legislator at http://www.crypto.com/adopt/
________________________________________________________________________
BACKGROUND ON THE PRO-CODE BILL
The Promotion of Commerce Online in the Digital Era (Pro-CODE) Act is
similar to a bill introduced by Senators Burns (R-MT) and Leahy (D-VT)
last year (then S.1726). Pro-CODE enjoyed broad bi-partisan support in
the Senate and was the subject of 3 hearings, including 2 which were
cybercast live on the Internet.
This year's Pro-CODE bill (no bill number yet available) is designed to
encourage the widespread availability of strong, easy-to-use encryption
technologies to protect privacy and security on the Internet.
Specifically, Pro-CODE would:
1. Encourage the widespread availability of strong privacy and security
products by relaxing export controls on encryption technologies that
are already available on the mass market or in the public domain.
This would include popular programs like Pretty Good Privacy (PGP)
and World Wide Web browsers like those made by Netscape and Microsoft.
Current US encryption policy restricts export of encryption products
with key-lengths of more than 40 bits. A recent study by renowned
cryptographers including Whit Diffie (one of the fathers of modern
cryptography), Matt Blaze, and others concluded that 40 bits is
"woefully inadequate" to protect personal and business communications.
Over the last eighteen months, several examples of the weakness of
40-bit encryption have been demonstrated by college students with
spare personal computers.
2. Prohibit the federal government from imposing mandatory key-escrow or
key-recovery encryption policies on the domestic market and limit the
authority of the Secretary of Commerce to set standards for
encryption products.
3. Require the Secretary of Commerce to allow the unrestricted export of
other encryption technologies if products of similar strength are
generally available outside the United States.
For more information on the Pro-CODE bill, background information on
efforts to pass encryption policy reform legislation last year, and
other materials please visit:
For more information, see the Encryption Policy Resource Page at
http://www.crypto.com/
________________________________________________________________________
WHAT'S AT STAKE
Encryption technologies are the locks and keys of the Information age
-- enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. As more and more individuals
and businesses come online, the need for strong, reliable, easy-to-use
encryption technologies has become a critical issue to the health and
viability of the Net.
Current US encryption policy, which limits the strength of encryption
products US companies can sell abroad, also limits the availability of
strong, easy-to-use encryption technologies in the United States. US
hardware and software manufacturers who wish to sell their products on
the global market must either conform to US encryption export limits or
produce two separate versions of the same product, a costly and
complicated alternative.
The export controls, which the NSA and FBI argue help to keep strong
encryption out of the hands of foreign adversaries, are having the
opposite effect. Strong encryption is available abroad, but because of
the export limits and the confusion created by nearly four years of
debate over US encryption policy, strong, easy-to-use privacy and
security technologies are not widely available off the shelf or "on the
net" here in the US. Because of this policy problem, US companies are
now at a competitive disadvantage in the global marketplace.
All of us care about our national security, and no one wants to make it
any easier for criminals and terrorists to commit criminal acts. But we
must also recognize encryption technologies can also aid law
enforcement and protect national security by limiting the threat of
industrial espionage and foreign spying.
What's at stake in this debate is nothing less than the future of
privacy and the fate of the Internet as a secure and trusted medium for
commerce, education, and political discourse.
________________________________________________________________________
FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS
This alert was brought to you by the Center for Democracy and
Technology, the Electronic Frontier Foundation, and the Voters
Telecommunications Watch.
http://www.cdt.org http://www.eff.org http://www.vtw.org
There are many excellent resources online to get up to speed on the
crypto issue including the following WWW sites:
http://www.crypto.com http://www.privacy.org
Please visit them often. Press inquiries should be directed to:
Jonah Seiger of CDT at jseiger@cdt.org or +1.202.637.9800
Stanton McCandlish of EFF at mech@eff.org or +1.415.436.9333
Shabbir J. Safdar of VTW at shabbir@vtw.org or +1.917.978.8430 (beeper).
________________________________________________________________________
End alert
--------------------------
From--Conrad Burns <Conrad_Burns@burns.senate.gov>
Subject--An Open Letter to the Internet Community from Senator Burns
---------------------------------------------------------
February 27, 1997
Today I am pleased to announce that I have reintroduced legislation to
reform US encryption policy in a way that recognizes the realities of
the global information infrastructure and the need for strong privacy
and security protections on the Internet. The "Promotion of Commerce
Online in the Digital Era (Pro-CODE) Act" would promote the growth of
electronic commerce, encourage the widespread availability of strong
privacy and security technologies for the Internet, and repeal the
cold war-era regulations limiting the export of encryption
technologies. The bill enjoys widespread support from both my
Republican and Democratic colleagues and was introduced with 20
cosponsors.
As a fellow Internet user, I am excited by the vast potential of the
Net to facilitate new forms of commerce and communication. In order
for the Net to reach its potential as a trusted medium for personal
communications and proprietary business transactions however,
Internet users must have access to strong privacy and security
technologies. Yet for years, the federal government has pursued an
encryption policy which has limited the availability of privacy and
security products -- leaving Internet users and businesses out in the
cold.
Last year, the Pro-CODE bill (then S. 1726) received broad bipartisan
support in the Senate. Internet users, rallying to the cry of "My
Lock, My Key," expressed their support for the bill in meetings
members of Congress in live interactive chat sessions. Netizens also
participated in the first interactive online Senate hearings and
provided valuable testimony for the Committee on this issue.
Yet almost a year after Congress entered this critical Internet policy
debate, and despite the overwhelming call for encryption policy
reform, the Administration remains committed to an outdated and
unworkable approach to US Encryption policy. In November of 1996, the
Administration announced yet another effort to reform US encryption
policy. The proposal, which would allow the export of strong
encryption programs only if they include government-approved
"key-recovery" mechanisms, has met with uniform criticism from
Internet users, privacy experts, and the computer and communications
industry.
Current export controls are serving only to limit the availability of
privacy and security technologies for Internet users inside the US and
disadvantage US industry on the competitive global market, while doing
nothing to keep strong encryption out of the hands of foreign
adversaries.
By relaxing encryption export controls, the Pro-CODE bill will reform
US encryption policy in a way that recognizes the realities of the
information revolution and the competitive global marketplace.
The Internet community has been instrumental in helping to educate my
colleagues in the Congress about the importance of encryption policy
reform. In the coming months I will need your help and support as
this bill makes its way through the legislative process.
As the bill moves forward, I want to invite you to take advantage of
several online resources set up to educate the Congress and the public
about the need for encryption policy reform. You can find out more by
visiting my web page at http://www.senate.gov/~burns/.
Thank you for your support,
Conrad Burns
United States Senator
<Conrad_Burns@burns.senate.gov
------------------------------
Date: Thu, 6 Mar 97 21:58:38 -0800
From: Paul W. Meek, pmeek@phrf.org
Subject: File 3-- Open Internet Policy Principles
I hope I'm sending this to you correctly, and that you and readers of CU
Digest will find this of interest.
Please let me know if you need any further information.
Paul W. Meek
Vice President
Parliamentary Human Rights Foundation
Voice: (202) 333-1407
Fax: (202) 333-1275
Open Society Institute - Regional Internet Program
Parliamentary Human Rights Foundation
News Release Contact: H. Juergen Hess, OSI-RIP
Public Relations Director
tel. (212) 887-0602
FOR IMMEDIATE RELEASE fax (212) 974-0367
jhess@sorosny.org
"Open Internet Policy Principles"
Adopted by Group of International Experts
March 5, 1997 -- New York/Washington, D.C. -- The Open Internet
Policy
Principles, a set of recommendations to guide the use of the Internet
and related technologies, were adopted today by a group of
international experts*. These Principles are intended as a framework
for government officials, parliamentarians, and nongovernmental
organizations as they consider the impact of the Internet in their
own
and other countries. The experts included European and American
parliamentarians, government officials, nongovernmental
organizations,
and the academic and business communities.
In its Preamble, the Principles state [full text attached]: "The
Internet is an inherently open, decentralized communications
infrastructure which is ideally suited to support the free exchange
of
ideas, a rich political discourse, and a vibrant economy."
With regard to policymaking and the Internet, the Principles point
out
that policymaking ought to be undertaken "by policymakers who are
well
informed about the unique nature of the net and have direct
experience
with its use; and, with substantial input and comment from the user
community."
Other Principles address the following subject matters:
* Access to Infrastructure: "Access to the global Internet and other
interactive communications infrastructures is essential for all
citizens of the world to enable full participation in the global
society and developing digital economy;"
* Freedom of Expression: "There should be no regulation of Internet
content by government;"
* Communications Privacy: "Users of the Internet should have the
right
to be free of unlawful government interception of or access to
communication and information online;"
* Right of Anonymity: "Users should have the right to communicate
without disclosing their identity;"
* Unfettered Right to Use Encryption: "Users should have the right to
use any form of cryptographic technology they choose to protect the
privacy of their communications;"
* General Legal Framework: "The Internet does not exist in a legal
vacuum. For the most part, existing laws can and should regulate
conduct on the Internet to the same degree as other forms of conduct.
Such laws may differ from country to country, but should conform with
the applicable binding human rights obligations contained in the
Universal Declaration of Human Rights, the International Covenant on
Civil and Political Rights and the European Convention on Human
Rights;"
* Objectionable Content: "To enable Internet users to shield
themselves and their families from objectionable or unwanted content,
priority should be given to 'downstream filtering' by users;"
* Civil and Criminal Law Enforcement: "(...) combating online crime,
while protecting civil liberties, can best be accomplished with
additional resources and training of law enforcement agencies, not by
enactment of new laws;"
* Access to Government Information: "Governments should enable
citizens access to legislative, judicial and executive branch
information through the Internet;"
* Overseas Development Assistance: "Overseas development assistance
programs should strive to promote full access to the Internet;"
* Market Structure: "There should be no a priori limitation to market
entry by Internet service providers (...)."
The Principles are based upon the results of a conference organized
by
the Parliamentary Human Rights Foundation (PHRF), Parliamentary Human
Rights Foundation/Europe (PHRF/Europe) and the Regional Internet
Program of the Open Society Institute (OSI-RIP) held in Brussels,
Belgium on November 23, 1996. (An Annex with diverging opinions is
attached to the Principles.)
"The Open Internet Policy Principles are the first phase of a larger
project. As a next step, a case study will be undertaken of the
telecommunications framework in Estonia, Latvia, and Lithuania, to
apply the principles developed in Brussels to the particular
circumstances of these emerging democracies," explained Don Bonker,
Chairman and President of the Parliamentary Human Rights Foundation
and a former Member of Congress. Representatives from these nations
participated in the drafting of the Principles and the Brussels
deliberations.
"We hope that the Open Internet Policy Principles will lead to the
development of model legislative and regulatory frameworks with
global
application," added Maartje van Putten, PHRF/Europe's Chair and
Member
of the European Parliament from the Netherlands.
Jonathan Peizer, Chief Information Officer of the Open Society
Institute clarified why the Baltic countries were chosen: "They are
the most progressive countries with regard to use of the Internet in
Central and Eastern Europe. OSI-RIP has been funding
Internet-related
activities in those nations since 1994. This, however, is our first
major policy initiative for the Internet."
The Parliamentary Human Rights Foundation (PHRF) is a worldwide,
voluntary, non-partisan, not-for-profit organization committed to the
promotion of human rights. PHRF works directly with parliamentarians
to: enhance understanding of the meaning and importance of human
rights; strengthen institutions for the protection of human rights;
improve access to information about human rights conditions; foster
international cooperation in the promotion of human rights; offer
training and technical assistance to human rights advocates,
especially parliamentarians; call attention to human rights abuses
that violate internationally recognized standards; and nurture
constitutional democracy, the rule of law, and other protections of
human rights. PHRF can be found on the World Wide Web at
<http://www.phrf.org>.
The Open Society Institute--New York is a private operating and
grantmaking foundation that promotes the development of open
societies
around the world, both by running its own programs and by awarding
grants to others. The Open Society Institute--New York develops and
implements a variety of U.S.-based and international programs in the
areas of educational, social, and legal reform, and encourages public
debate and policy alternatives in complex and often controversial
fields. The Open Society Institute--New York is part of an informal
network of more than 24 autonomous nonprofit foundations and other
organizations created and funded by philanthropist George Soros. The
Open Society Institute can be found on the World Wide Web at
<http://www.soros.org>.
# # #
*Experts included representatives from: European Commission, European
Parliament, Netscape Communications Corp., Oracle Corp., Ministry of
Education and Science (Latvia), Ministry of Transportation and
Communications (Estonia), Ministry of Transportation and
Communications (Latvia), Electronic Frontier Foundation, American
Civil Liberties Union, Voters Telecommunications Watch, Electronic
Privacy Information Center, Computer Professionals for Social
Responsibility, Center for Democracy and Technology, Riga Information
and Technology Institute (Latvia), PT Finland, Baltic Institute of
Finland, University of Leuven (Belgium), University of Groningen
(Netherlands), Villanova School of Law (USA), Ghent University
(Belgium), Levicom Ltd. (Estonia), Xs4all Internet BV (Netherlands),
National Criminal Intelligence Service (Netherlands), Open Society
Institute/Soros foundations network, Parliamentary Human Rights
Foundation, and Parliamentary Human Rights Foundation/Europe.
PHRF CONFERENCE
Brussels, Belgium 23 November 1996
OPEN INTERNET POLICY PRINCIPLES
A broad consensus was reached on the following points:
Preamble
The Internet is an inherently open, decentralized communications
infrastructure which is ideally suited to support the free exchange of
ideas, a rich political discourse, and a vibrant economy. The
decentralized architecture of the Internet provides an abundance of
communication opportunities, and gives users an unprecedented degree of
control over the information that they receive. As organizations devoted
to basic human rights, the growth of the Internet, and the flourishing of
democratic culture, we believe that the foregoing principles will ensure
that the Internet remains open and continues to support basic democratic
values.
I. Policymaking and the Internet
In recognition of the novel and rapidly changing nature of the Internet,
policymaking ought to be undertaken: