Computer underground Digest Wed Oct 6 1993 Volume 5 : Issue 78 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copie Editor: Etaoin Shrdlu, III CONTENTS, #5.78 (Oct 6 1993) File 1--The Elansky Case (A Response to CuD's Editors) File 2--CuD and the Elansky Case (Response to L. Detweiler) File 3--CA state Legislative Info Bill File 4--U. Minn. Campus Police Investigate Software Theft Ring File 5--Computers & Writing Call for Proposals File 6--ACTIVIST ALERT-CPSR Solicits CLIPPER/SKIPJACK comments Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 28 Sep 93 02:23:12 -0600 From: "L. Detweiler" Subject: File 1--The Elansky Case (A Response to CuD's Editors) Editor: your theories on the "hacker culture" among adolescents, including the ideas of unique vocabulary and initiation ceremonies etc. in the line of sophisticated and evolved social customs, are interesting, and certainly have some degree of validity in general and apropos application to the Elansky case in particular. Nevertheless, your agenda in painting Elansky as a clear cut "victim" is very obvious. Now, I agree that the Elansky case shows some rather outrageous excesses of the legal system and the rooted paranoias therein. In particular, I find the latest news that Elansky is languishing" and that the extraordinary bail of $500K has not been challenged or revised quite shocking. However, I'm writing because you note in a previous newsletter that Elansky supposedly had a record of breaking into a high school science supply room to steal chemicals. Now this is an extremely incriminating action that you wholly failed to address. In fact, you skipped right over this piece of information almost without comment. It really rather significantly damages your argument and portrayal of Elansky as nothing but a victimized BBS operator with nothing but an academic interest in explosives recipes. To the contrary, your own academic bias is revealed. Very rarely are we ever afforded an opportunity to have such clear cut villains and heroes as in, say, the Steve Jackson Games case. Polarized accounts condemning law enforcement for various overreaction that selectively present various data are not a service to *any* community. If you wish to continue to adhere to high academic standards in your own published analyses and opinions, please exercise the utmost impartiality. In burying the information about Elansky's possible breaking-and-entering crime, and failing to follow it up as diligently as all the other claims that tend to extenuate his guilt, this standard has been compromised to the detriment of your own journalistic, editorial, and academic integrity. I'm hopeful you will rectify this partiality in future editorials. Sincerely, L. Detweiler ------------------------------ Date: Wed, 6 Oct, 1993 21:18:20 CDT From: CuD Moderators Subject: File 2--CuD and the Elansky Case (Response to L. Detweiler) In criticizing CuD comments on the Elansky/Hartford case, in which which Michael Elansky, a BBS sysop was arrested for two having to "anarchist" text files on his board (see CuD #5.69, 5.71), "L. Detweiler" (previous file) writes: >However, I'm writing because you note in a previous >newsletter that Elansky supposedly had a record of breaking >into a high school science supply room to steal chemicals. >Now this is an extremely incriminating action that you >wholly failed to address. In fact, you skipped right over >this piece of information almost without comment. It really >rather significantly damages your argument and portrayal of >Elansky as nothing but a victimized BBS operator with >nothing but an academic interest in explosives recipes. To >the contrary, your own academic bias is revealed. His above post perceives some unspecified "obvious agenda" that we presumably hide, challenges our integrity, and objects to an "academic bias," whatever that might mean. We thank him for sharing his opinion. However, we're less charitable toward his beliefs that more should have been mentioned of Elansky's previous legal troubles and that the lack of primacy of previous charges, unrelated to the BBS anarchist files, somehow subverts CuD commentary on the case and weakens any First Amendment issues the case raises. The basic facts in the Elansky case: 1) Elansky was arrested in early August, '93, for making to common anarchy files available; 2) According to existing public information, the arrest was solely for the two anarchy files, written four years ago by a 15 year old teenager; 3) Elansky's bond for this offense was set at half a million dollars; 4) Elansky remains in jail as of October 6, awaiting his next hearing on October 10. In CuD 5.72, we reprinted the Connecticut laws under which Elansky was charged. Although both are felonies, neither justifies the excessive bond. CuD explicitly summarized Elansky's previous legal problems. Despite current evidence that those offenses may have been far less serious than the language of the charges indicates, they are not the issue. Cud was careful to qualify comments by acknowledging that, because the relevant court documents are sealed, it is always possible that the prosecutor possesses evidence of more serious behavior. We think we were sufficiently clear: THE ISSUE IS NOT ELANSKY, BUT THE CRIMINALIZATION OF TEXT FILES THAT ONLY THE HARTFORD PROSECUTOR DEEMS ILLEGAL. This is a First Amendment issue, pure and simple, and whether Elansky is a serial murder or a squeaky-clean choirboy is irrelevant. Elansky, we repeat for those who skipped the first 50 lines, was arrested and remains in jail for posting two anarchist files on his BBS. CuDs 5.69, 5.71 and 5.72 summarized the case, reprinted the anarchy files, and reprinted what apparently was an investigation report justifying the arrest. The files do not support the charges. The two "anarchy" files in question are not only legal, and therefore protected by the First Amendment, but they are, by "anarchy" standards, considered mild, even "lame." As any highschool graduate should know, the files contain little that cannot be constructed from a highschool chemistry course. They contain absolutely nothing that cannot be found in over-the-counter literature and television. The _Anarchists' Cookbook_, in it's 29th printing since 1971, contains hundreds of recipes for home-made weapons, pyrotechnics, and psychedelics. It is legal. We note with amusement that the latest catalogue from Delta Press, Ltd (PO Box 1625 Dept 93W; 215 S. Washington St., El Dorado, AR 71731; fax (501) 862-9671; voice: (501) 862-4984) is available, along with its contents, without obvious restrictions to anybody with the purchase price for publications. Delta Press's inventory includes: CIA Explosives for Sabotage ($9.00) Improvised Munitions from Ammonium Nitrate ($7.50) Death by Deception: Advanced Improvised Booby Traps ($14.00) Terrorist Explosives Handbook ($6.95) Counterbomb ("assassination by explosives") ($14.00) Improvised Land Mines ($12.00) Improvised Explosives ($12.00) Boobytraps ($8.00) The list is extensive. It includes manuals on full-auto conversion and silencer construction for weapons; military manuals; poaching manuals; killing manuals; survival manuals; blowing-people-away manuals; poisoning manuals. They are legal. They appear easily accessible. Yet, Elansky posts two juvenile files demonstrably written by others, both of which are "lame," and he's arrested and slapped with a $500,000 bond. This is the issue. Is CuD off-base in the assessment of the case? Perhaps. If so, though, we're in excellent company. Lance Rose, perhaps the most knowledgeable legal guru on BBS law, and columnist for BOARDWATCH MAGAZINE, calls the case "ridiculous." He summarizes the facts of the case in his October, '93, column, and alludes to Elansky's cat-and-mouse game with local police. He concludes: Regardless of their motivations, however, the police made a big mistake in jailing Elansky for a text file on his BBS. The 1ST AMENDMENT prohibits government officials from acting against anyone for distributing material containing political content. If, as Elansky's parents claim, he did not even know the file was on his BBS until after he was arrested, then he is entitled to even greater legal protection from prosecution, such as accorded to book stores and magazine distributors. Distributors are not responsible for materials like obscene or infringing publications, unless they are specifically aware of the material in question. This rule is necessary to assure the smooth flow of 1st Amendment materials through mass distribution systems for both printed and electronic materials. ...... Even if Elansky made bombs all those years as the police believe, this gives no support to jailing him based on the BBS file. The police acted criminally in penalizing him for speech on his BBS. The Harford Courant, on September 17 (pp A1, A3: "Free Speech and Computers Central to Bomb-Recipe Case," by John M. Moran), was equally adamant. The reporter, John Moran, is an experienced user of the Net and of BBSes, and it shows in a thoughtful and incisive commentary. Moran, too, distinguishes between Elansky's run-ins with the police and the issues underlying his arrest. His well-researched article alludes to the availability of _The Anarchists' Cookbook_ in local bookstores and libraries, and concludes by raising what appears to be the double standard between Constitutional protections granted to print and electronic media: This apparent double standard between printed text and The Deth Vegetable's ((the author of the disputed files)) computer text files is precisely what makes the Ionizer ((Elansky's BBS handle)) so important, say public interest groups familiar with the Elansky case. "It's pretty clear that the First Amendment's been trampled on the way to the riot in this case," said David Banisar, a policy analyst for Computer Professionals for Social Responsibility. "It appears that the prosecutor doesn't realize that electronic publications have the same protection as printed publications." Ralph G. Elliot, a Hartford lawyer who has represented The Courant on First Amendment issues, agreed that the Elansky case does raise free-speech questions. He likened it to a well-known case in which The Progressive, a Wisconsin magazine, was found to have the right to publish publicly available information about how to construct a nuclear bomb. Mike Godwin, legal counsel for the Electronic Frontier Foundation, another advocacy group, said Connecticut's "inciting injury to persons or property" charge is unconstitutional. "Traditionally, we've understood the First Amendment to apply to all forms of expression," Godwin said. "I think the prosecutor in this case has shown monstrous disregard for the Constitution that he has sworn to uphold." "There are very few law-enforcement actions that qualify as genuinely evil, but I think this is one of them," he said. The relevance of this case for cyberspace lies in the danger of any local prosecutor to define Constitutionally protected electronic forms of expression as illegal. If Elansky is guilty of crimes, then it is those crimes for which he should be charged. However, on no account ought prosecutors be allowed to subvert the Constitution in order to develop a case against any U.S. citizen, regardless of what other offenses they might be *suspects*. To compound the error with an excessive bond while the suspect languishes in jail strikes us as a gross abuse of prosecutorial power. Perhaps the wrong people are in jail. ------------------------------ Date: Thu, 30 Sep 1993 20:00:09 GMT From: kiddyr@GALLANT.APPLE.COM(Ray Kiddy) Subject: File 3--CA state Legislative Info Bill Here is the text of the bill that is waiting on Gov Pete Wilson's desk. i hope other states begin to use this as a model. thanx - ray kiddy, ray@ganymede.apple.com AMENDED IN SENATE AUGUST 30, 1993 AMENDED IN SENATE AUGUST 25, 1993 AMENDED IN SENATE AUGUST 16, 1993 AMENDED IN SENATE JUNE 17, 1993 AMENDED IN ASSEMBLY MAY 18, 1993 CALIFORNIA LEGISLATURE--1993-94 REGULAR SESSION ASSEMBLY BILL No. 1624 Introduced by Assembly Member Bowen (Principal coauthor: Senator Torres) (Coauthors: Assembly Members Areias, Bornstein, Goldsmith, Isenberg, Johnson, Karnette, Katz Mountjoy, Nolan, Polanco, Speier, and Vasconcellos) (Coauthors: Senators Dills, Hayden, Killea, Morgan, and Rosenthal) March 4, 1993 An act to add Section 10248 to the Government Code, relating to the Legislature; LEGISLATIVE COUNSELUS DIGEST AB 1624, as amended, Bowen. Legislature: legislative information: access by computer network. Under existing law, all meetings of a house of the Legislature or a committee thereof are required to be open and public, unless specifically exempted, and any meeting that is required to be open and public, including specified closed sessions, may be held only after full and timely notice to the public as provided by the Joint Rules of the Assembly and Senate. This bill would make a legislative finding that it is desirable to make information regarding matters pending before the Legislature and its proceedings available to the citizens of this state, irrespective of where they reside, in a timely manner and for the least possible cost. This bill would require the Legislative Counsel, with the advice of the Assembly Committee on Rules and the Senate Committee on Rules, to make available to the public, by means of access by way of the largest nonproprietary, nonprofit cooperative public computer network, specified information concerning bills, the proceedings of the houses and committees of the Legislature, statutory enactments, and the California Constitution. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. The people of the State of California do enact as follows: 1 SECTION 1. The Legislature finds and declares that 2 it is now possible and feasible in this electronic age to 3 more widely distribute legislative information by way of 4 electronic communication in order to better inform the 5 public of the matters pending before the Legislature and 6 its proceedings. The Legislature further finds that it is 7 desirable to make information regarding these matters 8 and proceedings available to the citizens of this state, 9 irrespective of where they reside, in a timely manner and 10 for the least possible cost. 11 Sec. 2. Section 10248 is added to the Government 12 Code, to read: 22 (a) The Legislative Counsel shall, with the advice of 1 the Assembly Committee on Rules and the Senate 2 Committee on Rules, make all of the following 3 information available to the public in electronic form: 4 (1) The 5 legislative calendar, the 6 schedule of legislative committee hearings, a list of 7 matters pending on the floors of both houses of the 8 Legislature, and a list of the committees of the 9 Legislative and their members. 10 (2) The text of each bill introduced in each current 11 legislative session, including each amended, enrolled, 12 and chaptered form of each bill. 13 (3) The bill history of each bill introduced and 14 amended in each current legislative session. 15 (4) The bill status of each bill introduced and 16 amended in each current legislative session. 17 (5) All bill analyses prepared by legislative 18 committees in connection with each bill in each current 19 legislative session. 20 (6) All vote information concerning each bill in each 21 current legislative session. 22 (7) Any veto messages concerning a bill in each 23 current legislative session. 24 (8) The California Codes. 25 (9) The California Constitution. 26 (10) All statutes enacted on or after 27 January 1, 1993. 34 (b) The 36 information identified in 37 subdivision (a) shall be made available to the public by 38 means of access by way of the largest nonproprietary, 39 nonprofit cooperative public computer network. 40 The 1 information shall be made available in one or more 2 formats and by one or more means in order to provide the 3 greatest feasible access to the general public in this state. 4 Any person who accesses the information may access all 5 or any part of the information. The information may also 6 be made available by any other means of access that 7 would facilitate public access to the information. 11 The information that is maintained in the 12 legislative information center that is operated and 13 maintained by the Legislative Counsel shall be made 14 available 15 in the shortest feasible after 16 the information is available in the information system. 17 The information that is not maintained in the information 18 system shall be made available in the shortest feasible 19 time after it is available to the Legislative Counsel. 26 (c) Any documentation that describes the electronic 27 digital formats of the information identified in 28 subdivision (a) and is available to the public shall be 29 made available by means of access by way of the 30 computer network specified in subdivision (b). 2 Personal information 3 concerning a person who accesses the information may 4 be maintained only for the purpose of providing service 5 to the person. 6 (e) No fee or other charge may be imposed by 7 the Legislative Counsel as a condition 8 of accessing the information that is accessible by way of 9 the computer network specified in subdivision (b). 10 (f) The electronic public access provided by 11 way of the computer network specified in 12 subdivision (b) shall be in addition to other electronic or 13 print distribution of the information. 14 (g) No action taken pursuant to this section shall be 15 deemed to alter or relinquish any copyright or other 16 proprietary interest or entitlement of the State of 17 California relating to any of the information made 18 available pursuant to this section. ------------------------------ Date: Sat, 02 Oct 93 04:15:34 EDT From: jackmcnac@AOL.COM Subject: File 4--U. Minn. Campus Police Investigate Software Theft Ring Minnesota Campus Police Investigating Software Theft Ring By Nancy Livingston Saint Paul Pioneer Press Sep. 30--Call it a hijacking on the nation's information superhighway - a crime of the 90s. University of Minnesota police are investigating allegations that a group of university students have copied computer software games and other programs protected by copyright and sold them via Internet, the international computer network. Internet is a global network of 1.7 million computers used by 15 million to 30 million people. Growing by one million users a month, Internet has been dubbed the information superhighway. It is heavily used in academia for research, electronic mail, software transfer and other purposes, and many faculty members and students have accounts to use the Internet. Last May, a supervisor in the Institute of Technology computer lab became concerned when he noticed that the amount of disk space on the lab's Sun Microsystems computer system was running low. A search for users who had taken up unusual amounts of disk space revealed that three users had a large amount of commercial software in their files that cannot be used on the Sun computer. It was stored in a format for transmission over the Internet. The university supervisor surmised that the students were selling the software in violation of Minnesota law, and he locked the accounts. More extensive checking turned up six more users with what appeared to be a large amount of commercial software in their directories along with a large amount of mail. Their accounts were also locked and police were contacted. University police Capt. Francis Gernandt obtained a search warrant in June to gain access to the computer files in question, but he did not receive the information he needed until this week. The delay was due to a change in personnel at the computer lab. Gernandt said Wednesday that he will be asking university computer experts to help him analyze the computer files. Meanwhile, Gernandt is checking on the whereabouts of nine students who had the commercial software in their files. He is also looking into how much the software is worth and how the students came to possess it. ------------------------------ Date: Sat, 11 Sep 1993 16:04:37 CDT From: Eric Crump Subject: File 5--Computers & Writing Call for Proposals +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Please forward this announcement to appropriate mailing lists, newsgroups, bbs, and individuals. ***Heartfelt apologies to those poor souls who see this announcement several million times*** +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ==================================== Call for Proposals The Tenth COMPUTERS AND WRITING CONFERENCE ==================================== Hosted by the University of Missouri Columbia, MO May 20-23, 1994 THEME: The Global Web of Writing Technologies THE CONFERENCE This conference serves a growing and diverse community of writing teachers, students, and scholars who are interested in the convergence of computer technology and writing education. Many schools are now poised for their first leap into computer writing instruction, while in other places writing teachers and their students are making forays into new domains such as the wide world of the Internet. This conference brings together people from those extremes and from all points on the intervening continuum to share their ideas, research, and experiences. ************************ ---------------- * Tight travel budget? * ************************| ELECTRONIC ACCESS | The program for this year's conference will emphasize the role of | the wide-area academic networks in writing education. And | electronic access will, we hope, make attending the event possible| to people who for some reason cannot travel to Columbia. It seems | only appropriate that conferences--especially those that are | concerned with computers and computer networks--should employ | the reach of the Internet in order to give more people access | to the conversation. ******************** <--| ---------------- * Attend C&W94 via * * the Internet (at * * a reduced fee) * ******************** PROPOSALS We invite proposals that pertain in some way to the use of computers at any level of writing education, K-12 to community colleges to colleges and large universities, from technologically rich environments to places where instruction with computers is just getting started. Hands-on sessions, demonstrations, or any other format that encourages audience participation and interaction are particularly welcome. Here is a short list from among innumerable possible topics: --The latest reports from teachers and students--K-12 through college level--who are exploring the possibilities of networked classrooms --Tales of adventure from teachers and students who are venturing from the classroom into the wider network world --Help taking the first steps toward incorporating computers into writing instruction and research --Possibilities for using computers to forge better connections between K-12 and college educators --Hypertext theory, its classroom applications and cultural implications --Hypermedia applications and their impact on how we view "text," "rhetoric," and "writing" --Writing in distance education programs --Computers and networks in writing across the curriculum programs --The legal, economic, and cultural impact of computer technology --The latest studies of and experiences with word processing and computer-assisted instruction programs --The impact of computer technology on writing and editing in journalism --How global information networks may affect the nature of journalism --Hypertext and network collaboration and new shapes in creative writing --The changing relationship between writers and information sources: libraries and librarians of the future SPECIAL FOCUS --The history and future of the computers and writing field The tenth Computers and Writing Conference seems like an appropriate place and time in which to indulge in some retrospection, introspection, and prognostication. We hope veterans and novices in the field will suggest opportunities for exploring the State of the Field, whether via special forums or by weaving the subject into regular sessions. VIRTUAL SESSIONS? We hope to have adequate access to a multiple user environment (MediaMOO, probably, or Internet Relay Chat) for conference activities. Presenters who are interested in trying something rather new might want to consider proposing sessions that include realtime conferencing over the Internet using these systems. CW94:FORUM The electronic forum offered this year by the University of Michigan was a great success, and we plan to continue the practice. Although the technical details have not yet been nailed down, we expect to make available a similar bulletin- board-type conferencing system that will allow participants to read presentation summaries and discuss the issues they raise well in advance of the May 20-23 gathering in Columbia. Presenters whose proposals are accepted will be asked to submit longer versions for use in conjunction with the electronic conference. Details will be included in acceptance notices. -------------------------------------------------- Proposals for sessions on any subject related to computers and writing will be accepted from August 1 to November 1, 1993. We encourage electronic submission, but acceptance is not in any way contingent upon it. Submissions can also be made in print or on 3.5 inch computer disks, initialized either in Macintosh or IBM format, as long as the text is saved in ASCII (text) format. Notification will be made in January 1994. Please submit a 200- to 300-word abstract plus title for individual presentations, for poster sessions, and for each portion of panel presentations. For roundtables, think tanks, and readings (creative writing, for example), please submit a single 300-word abstract with names and addresses of each participant along with descriptions of the contribution each participant will make. For workshops, please include, in addition to a single 300-word abstract, an estimated timetable of activities. We also invite alternative session formats to the ones listed here. Past conference-goers have expressed interest in more of the hands-on and demo-type sessions, but presenters should also feel free to suggest presentation formats that best fit their work (although in the interest of the organizers' sanity, it might be good to also suggest standard options in case the preferred version simply can't be made to fit the program). Include name, institutional affiliation, postal address, and electronic mail address for each presenter. Each submission should include a description, as precise as possible, of equipment needs, if any. We do not guarantee absolutely that equipment requests will be fulfillable, but we will do our best to provide excellent technical support and will work with presenters to make the best arrangements we can. Computer classrooms and labs sporting IBM 55s with OS/2 2.1 or DOS 6.0 and Macintosh Centris computers with System 7.1 will be available. Any additional hardware or software requirements will need to be arranged on a case-by-case basis. Send electronic submissions (and any other correspondence) to: Eric Crump at LCERIC@mizzou1.bitnet or LCERIC@mizzou1.missouri.edu. Please include somewhere in the subject line: CWC94. Send disks and print submissions to: Eric Crump, 231 Arts & Science, University of Missouri. Columbia, MO 65211. ------------------------------ Date: Fri, 24 Sep 1993 17:35:54 -0400 From: ssimpson@EFF.ORG(Sarah L Simpson) Subject: File 6--ACTIVIST ALERT-CPSR Solicits CLIPPER/SKIPJACK comments ACTIVIST ALERT - The Government Is Messin' With Your Privacy! Computer Professionals for Social Responsibility (CPSR) posted the following call for comments to the Net. As the deadline for comments on the proposed Escrow Encryption Standard (CLIPPER/SKIPJACK) looms near, EFF wholeheartedly supports CPSR's work to bring attention to the proposal and encourages everyone who reads this to respond with comments. We have added a sample letter and additional information at the end of the CPSR post. ==================== text of CPSR post ==================== Call for Clipper Comments The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack" key-escrow system as a Federal Information Processing Standard (FIPS). The deadline for the submission of comments is September 28, 1993. The full text of the NIST notice follows. CPSR is urging all interested individuals and organizations to express their views on the proposal and to submit comments directly to NIST. Comments need not be lengthy or very detailed; all thoughtful statements addressing a particular concern will likely contribute to NIST's evaluation of the key-escrow proposal. The following points could be raised about the NIST proposal (additional materials on Clipper and the key escrow proposal may be found at the CPSR ftp site, cpsr.org): * The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The NIST notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." The key escrow configuration may also create a dangerous vulnerability in a communications network. The risks of misuse of this feature should be weighed against any perceived benefit. * The classification of the Skipjack algorithm as a "national security" matter is inappropriate for technology that will be used primarily in civilian and commercial applications. Classification of technical information also limits the computing community's ability to evaluate fully the proposal and the general public's right to know about the activities of government. * The proposal was not developed in response to a public concern or a business request. It was put forward by the National Security Agency and the Federal Bureau of Investigation so that these two agencies could continue surveillance of electronic communications. It has not been established that is necessary for crime prevention. The number of arrests resulting from wiretaps has remained essentially unchanged since the federal wiretap law was enacted in 1968. * The NIST proposal states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term "legal authorization" leaves open the possibility that court- issued warrants may not be required in some circumstances. This issue must be squarely addressed and clarified. * Adoption of the proposed key escrow standard may have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys. Comments on the NIST proposal should be sent to: Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Submissions must be received by September 28, 1993. CPSR has asked NIST that provisions be made to allow for electronic submission of comments. Please also send copies of your comments on the key escrow proposal to CPSR for inclusion in the CPSR Internet Library, our ftp site. Copies should be sent to . =================== end of CPSR post =================== EFF joins with CPSR in urging you to send your comments to NIST as soon as possible. To help get your creative juices flowing, we're attaching a sample letter. You will probably want to personalize any letter you actually send. And because time is so tight, EFF has set up an Internet address where you can send your electronic comments in lieu of mailing them through the U.S. Postal Service. Send your letters to: cryptnow@eff.org We will be printing out all letters and hand-delivering them before the deadline, so please make sure to send us any letter you want included no later than 8pm on Monday, September 27. If you would like additional background materials, you can browse the pub/EFF/crypto area of our anonymous ftp site (ftp.eff.org). The original solicitation of comments can be found there and is called NIST-escrow-proposal. DO NOT WAIT TO WRITE YOUR COMMENTS! TIME IS SHORT! ====================== <> <> <> <> <> National Institute for Standards and Technology (NIST) ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Mr. Director: I am writing to oppose the Proposed Federal Information Processing Standard (FIPS) for and Escrowed Encryption Standard, docket # 930659-3159. Encryption is vital for the protection of individual privacy in the Information Age. As more and more personal information flows around electronic networks, we all need strong encryption to safeguard information from unwanted intrusion NIST should not be moving forward with technical standards specification until critical policy decisions are made. These policy issues include: o Continued Legal Use of All Forms of Encryption: When the Clinton Administration announced the Clipper Chip, it assured the public that this would be a purely voluntary system. We must have legal guarantees that Clipper isn't the first step toward prohibition against un-escrowed encryption. o Legal Rights of Escrow Users: If people choose to deposit their keys with the government or any other escrow agent, they must have some legal recourse in the event that those keys are improperly released. The most recent draft of the escrow procedures specifically states, however: "These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired." Leaving users with no recourse will discourage use of the system and is a tacit acceptance of unscrupulous government behavior. o Open Standards: People won't use encryption unless they trust it. Secret standards such as Clipper cannot be evaluated by independent experts and do not deserve the public trust. In addition, the current proposed technical standard is incomplete. It should not be approved until further comment on the complete proposal is possible o Operating Procedures Unclear: The full operating procedures for the escrow agents has yet to be issued. Public comment must be sought on the complete procedures, not just the outline presented in the draft FIPS. Even the government-selected algorithm review group has declared that it needs more information on the escrow process. o Identity of Escrow Agents: The identity of one or both of the escrow agents has not been firmly established. o Algorithm Classified: Asking for comments on an algorithm that is classified makes a mockery of citizen participation in government decision-making. NIST will be involved in making many critical decisions regarding the National Information Infrastructure. The next time NIST solicits public comments, it should be ready to accept reply by electronic mail in addition to paper-based media. Sincerely, <> <> ****************************** Sarah L. Simpson Membership Coordinator Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 202/347-5400 tel 202/393-5509 fax ------------------------------ End of Computer Underground Digest #5.78 ************************************