Computer underground Digest Wed July 6, 1994 Volume 6 : Issue 61 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copper Ionizer: Ephram Shrustleau CONTENTS, #6.61 (Wed, July 6, 1994) File 1--USACM Calls for Clipper Withdrawal File 2--Standards File 3--Re: Ghost in the Modem File 4--Closure on "Ghost in the Modem" Discussion File 5--"Repetitive Strain Injury" by Pascarelli File 6--Response to "Egalitarianism as Irrational" (CuD 5.51) File 7--Proposed New Zealand legislation File 8--nonviolent action against Clipper File 9--Some thoughts on the AA BBS Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 30 Jun 1994 16:35:37 +0000 From: "US ACM, DC Office" Subject: File 1--USACM Calls for Clipper Withdrawal U S A C M Association for Computing Machinery, U.S. Public Policy Committee * PRESS RELEASE * Thursday, June 30, 1994 Contact: Barbara Simons (408) 463-5661, simons@acm.org (e-mail) Jim Horning (415) 853-2216, horning@src.dec.com (e-mail) Rob Kling (714) 856-5955, kling@ics.uci.edu (e-mail) COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR SECRET DECISION-MAKING WASHINGTON, DC - The public policy arm of the oldest and largest international computing society today urged the White House to withdraw the controversial "Clipper Chip" encryption proposal. Noting that the "security and privacy of electronic communications are vital to the development of national and international information infrastructures," the Association for Computing Machinery's U.S. Public Policy Committee (USACM) added its voice to the growing debate over encryption and privacy policy. In a position statement released at a press conference on Capitol Hill, the USACM said that "communications security is too important to be left to secret processes and classified algorithms." The Clipper technology was developed by the National Security Agency, which classified the cryptographic algorithm that underlies the encryption device. The USACM believes that Clipper "will put U.S. manufacturers at a disadvantage in the global market and will adversely affect technological development within the United States." The technology has been championed by the Federal Bureau of Investigation and the NSA, which claim that "non-escrowed" encryption technology threatens law enforcement and national security. "As a body concerned with the development of government technology policy, USACM is troubled by the process that gave rise to the Clipper initiative," said Dr. Barbara Simons, a computer scientist with IBM who chairs the USACM. "It is vitally important that privacy protections for our communications networks be developed openly and with full public participation." The USACM position statement was issued after completion of a comprehensive study of cryptography policy sponsored by the ACM (see companion release). The study, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," was prepared by a panel of experts representing various constituencies involved in the debate over encryption. The ACM, founded in 1947, is a 85,000 member non-profit educational and scientific society dedicated to the development and use of information technology, and to addressing the impact of that technology on the world's major social challenges. USACM was created by ACM to provide a means for presenting and discussing technological issues to and with U.S. policymakers and the general public. For further information on USACM, please call (202) 298- 0842. ============================================================= USACM Position on the Escrowed Encryption Standard The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto Policy" sets forth the complex technical and social issues underlying the current debate over widespread use of encryption. The importance of encryption, and the need for appropriate policies, will increase as networked communication grows. Security and privacy of electronic communications are vital to the development of national and international information infrastructures. The Clipper Chip, or "Escrowed Encryption Standard" (EES) Initiative, raises fundamental policy issues that must be fully addressed and publicly debated. After reviewing the ACM study, which provides a balanced discussion of the issues, the U.S. Public Policy Committee of ACM (USACM) makes the following recommendations. 1. The USACM supports the development of public policies and technical standards for communications security in open forums in which all stakeholders -- government, industry, and the public -- participate. Because we are moving rapidly to open networks, a prerequisite for the success of those networks must be standards for which there is widespread consensus, including international acceptance. The USACM believes that communications security is too important to be left to secret processes and classified algorithms. We support the principles underlying the Computer Security Act of 1987, in which Congress expressed its preference for the development of open and unclassified security standards. 2. The USACM recommends that any encryption standard adopted by the U.S. government not place U.S. manufacturers at a disadvantage in the global market or adversely affect technological development within the United States. Few other nations are likely to adopt a standard that includes a classified algorithm and keys escrowed with the U.S. government. 3. The USACM supports changes in the process of developing Federal Information Processing Standards (FIPS) employed by the National Institute of Standards and Technology. This process is currently predicated on the use of such standards solely to support Federal procurement. Increasingly, the standards set through the FIPS process directly affect non-federal organizations and the public at large. In the case of the EES, the vast majority of comments solicited by NIST opposed the standard, but were openly ignored. The USACM recommends that the standards process be placed under the Administrative Procedures Act so that citizens may have the same opportunity to challenge government actions in the area of information processing standards as they do in other important aspects of Federal agency policy making. 4. The USACM urges the Administration at this point to withdraw the Clipper Chip proposal and to begin an open and public review of encryption policy. The escrowed encryption initiative raises vital issues of privacy, law enforcement, competitiveness and scientific innovation that must be openly discussed. 5. The USACM reaffirms its support for privacy protection and urges the administration to encourage the development of technologies and institutional practices that will provide real privacy for future users of the National Information Infrastructure. ------------------------------ Date: Mon, 4 Jul 94 11:15:16 EDT From: Jerry Leichter Subject: File 2--Standards Thousands of years ago, King Canute is said to have ordered that the tides stop coming in; he wanted a standard shoreline. The tides continue to come in and out as before. In the early 1980's, the US government, tired of "incompatible" input/output devices whose cost was much higher than they would have been had the market not be segmented by connector type, proposed to establish a standard I/O connection interface for all devices henceforth to be purchased by government agencies. They chose a well-defined, widely used industrial standard: The IBM channel connection architecture. Even IBM opposed the establishment of this standard, on the grounds that it was already on its way to obsolesence. Starting some time in the late 1970's or early 1980's, the International Standards Organization, representing many of the worlds governments, began the development of a series of networking standards intended to define a future truly open network architecture. Many governments subscribed to this vision of a soon-to-arrive new world, and established policies that would require their agencies to purchase only OSI-compatible networking systems once they became available. The US government was among these. The standards, however, took many years to arrive - and the implementations, for the most part, have still not arrived. It's hard to find anyone who believes that OSI networking will ever play a significant role in the real world. A few months ago, the US government, tired of granting exceptions to its OSI requirements so that government agencies could buy equipment actually available on the market, canceled its OSI mandates. Undeterred by a history of failures, Wade Riddick, "graduate student ... in the Department of Government at the University of Texas.... B.A. in English from Louisiana State University", a computer expert as a result of his reading of such publications as Byte magazine, proposes in an open letter to Vice President Gore published in a recent CuD, that the US government establish a standard for computers, operating systems, user interfaces, compilers, and who can tell what else. Mr. Riddick, unsatisfied with existing system architectures, doesn't even propose selecting one of those as the basis for this standard. No, based on his years of experience in, ahem, English and government and the reading of Byte magazine, Mr. Riddick even sketches out a new design of his own. Well aware of the importance of acronyms in his adopted field, he has gone so far as to choose one: DNA. But let's ignore Mr. Riddick's credentials, or lack thereof. Let's look at some of the "facts" he bases his proposals on: - John Udell, a the senior technical editor of *BYTE*, is quoted from the January, 1994, issue as saying that "the battle is no longer about whether to layer object-oriented services and emulation systems . . . on a small kernel . . . nor whether to build an operating system in this style but how to do the job right." Mr. Riddick might want to look at a more recent Byte - the June issue, I think - whose cover-page leadin to a story starts out "With the death of object-oriented programming..." The fact of the matter is that "object-oriented services ... build on a small kernel" describes a completely insignificant portion of systems in use today. The two operating systems *actually available now* that are closest to fitting this description are Mach - by design, an academic experiment - and NextStep, a much-admired commercial failure. Whether they will play a significant role in the systems of tomorrow remains to be seen. The very question of what "object- oriented" and "microkernel" *mean*, much less how useful they are as design and implementation approaches, remain the subject of debate among serious system designers, both in academia and in industry. Mr. Riddick, like most non-specialists (and all-too-many specialists who should know better) is mislead into believing that buzzwords represent significant advances. "Microkernel" and "object-oriented" are the buzzwords of today. What ever happened to "(artificially) intelligent machines"? "User friendliness?" "Closing the semantic gap?" "Fourth-genera- tion languages"? "*Fifth* generation systems"? "Pure rela- tional models?" Somewhere there must be a warehouse full of the dust-covered, mouldering remains of yesterday's computer industry buzz-concepts. - Mr. Riddick says that "...proprietary standards have acted as unfair exchange standards, making it unnecessarily expensive for consumers to move their investments in data-and particularly software-around from one platform (operating system) to another. This deters investment, just as the asset-trapping nature of a command economy or non-convertible currency was for many years a substantial deterrent to foreign investment in Eastern Europe." A remarkable stream of words with little attempt at justification - but a great deal of emotional content. "Unfair exchange standards." "Unnecessarily expen- sive". Has Mr. Riddick been learning his economics from Marxist textbooks? Or perhaps very old Catholic writings on "fair" business practices? In free market economics, the market-clearing price is the only relevent measure of price; there's no room for appeals to emotion. Ah, but Mr. Riddick isn't a Marxist - like all good buzz-word followers, he, too, knows that contrasting a proposal to the "command economies" of Eastern Europe - which we all know failed miserably, though go back 15, 20 years and see how those who attacked such economies were derided as short- sighted - is the best way of strengthening a proposal. Any proposal. Of course, he seems not to notice that the problem with command economies is not *what* they commanded, but *that* they commanded. What is Mr. Riddick's proposal but an attempt to have the government dictate to an industry that forms a large and growing portion of our economy just how they should do things? If industry fails to go along with the standards he'd like to see, will his next step be to order them to build the machines he likes? If consumers fail to buy them, what then? If Mr. Riddick had actually ever tried to start a high-tech company, he'd know that the first thing investors want to hear about is what the company will have that is *unique* and not readily copied by the competition. Besides, he himself talks elsewhere about what happened to IBM, which invested R&D dollars in developing the PC standard only to watch as others made money by cloning IBM products. Ah, but of course, the standard Mr. Riddick wants developed will be developed by the *government*. That makes it *different*. (Besides, we all know that getting stuff done by the government doesn't cost any money.) Mr. Riddick also believes that the non-standardized nature of the computer business has "deterred investment". Given the many, many billions of dollars spent on computer equipment over the last two decades, I'd really love to see the analysis that justifies that claim. Perhaps if Mr. Riddick had had his way, by now we'd be fulfilling the old dream of "a PC on every desk, a Newton in every hand". Really, I can't go on with a point-by-point analysis. There's just too much verbiage, too much half-digested industry self-praise (the Macintosh is successful because it relies on interpretation?), too many quotes from people who don't deserved to be believed (John Scully comments that decisions about computers can no longer be left to the technologists - an arguable claim, but it rings false coming from someone whose basic failure to understand the technology on which his company was built led to the failure of the Newton, which Scully saw as the future of Apple). Mr. Riddick actually gives examples (Japanese HDTV) of the dangers of imposing a standard too early - but, like all those who live by the buzzword, he is somehow convinced that *now* things have finally reached a point where we can safely put down roots. I will give Mr. Riddick credit for one thing: At least he looks at the near-future buzzwords (multiple-personality OS's, for example - though really only the name is new; systems like this have existed for at least 20 years); he doesn't make the mistake of believing that what he can buy in the store today is going to be *it* for the next 20 years. Of course, in doing so he ignores the lessons of the OSI experience: Standardizing what *is* sometimes works; standardizing what *may later be* is a recipe for disaster. Then, of course, there's the long section in which Mr. Riddick sketches out his view of how his proposed standards would work on a technical level. What Mr. Riddick makes clear in this section is that (a) he knows nothing about the history of computer science; many of the idea he presents have been proposed, and tried without notable success, repeatedly since the 1950's; (b) he's never actually designed or built a system, and has no idea where the difficulties and tradeoffs actually lie. Since I've attacked Mr. Riddick's credentials, I suppose I should quote my own: Jerrold Leichter (Phd, Computer Science, Yale University) is an assistant professor of computer science at Rutgers University, specializing in parallel processing, programming languages, and operating systems. He was an employee of Digital Equipment Corporation for 12 years, working on diverse projects ranging from the automation of Digital's in-house manufacturing operations to the design of Digital's terminals. He holds three patents, assigned to Digital. Dr. Leichter is also the founder and president of LRW Systems, a supplier of software for the development of distributed peer-to-peer applications. ------------------------------ Date: Sun, 3 Jul 94 18:39:21 PDT From: mvp@LSIL.COM(Mike Van Pelt) Subject: File 3--Re: Ghost in the Modem >I'm certain other people will make this point to you also - >> And *definitely* don't turn it into some kind of welfare-statist >> entitlement where making a profit is forbidden. That will turn it >> into the information equivalent of Cabrini-Green. > >Excuse me, but the .com sites are the newcomers. It was built as an >environment where making a profit was forbidden. The jury is still out >on whether letting the moneygrubbers in was a good idea. > >(My own views aren't quite a strident as that, but I do want to take >issue with your understanding of history. All commercial traffic is >a new thing on the internet, new within the last several years.) True, to some extent. But before the commercial traffic appeared, the net was not the information equivalent of Cabrini-Green. It was, for better or worse, the information equivalent of the Government funded research project of your choice. It *was* a government-funded research project. The companies of the ever-popular Military-Industrial Complex doing Government research using the ARPAnet were making a profit, or trying to, and the free flow of information fostered by ARPAnet, including the presence of the educational institutions on ARPAnet, helped them to do so. It was a mix of good features and bad features. The current net is a mix of different good and bad features. Obviously, as the net continues to grow, it will have to keep changing. But like any other good thing, there are a lot more ways to screw it up than to improve it. What I really want to see is a lot of diverse approaches, and what I fear most is the whole thing turned into One Big Government Public Works Project, which must all be done The One Government Way. That One Way will almost certainly be unusable. With a lot of diverse ad-hoc approaches to the problem, the bad ones will die, and the better ones will flourish. (Hmmm... this reminds me of something...) ------------------------------ Date: Fri, 1 Jul 1994 08:22:02 -0600 From: Bryce Subject: File 4--Closure on "Ghost in the Modem" Discussion In CuD 6.58 David Gersic, "a02dag1@noc.niu.edu" wrote: > [...] I agree with you on the second to > last paragraph, that policies and programs that are, or could be, > destructive should be opposed, but I don't understand the connection > between the ideal that every citizen that cares to connect up and > start surfing the net should be allowed to and a policy that's > destructive to either the "cyberspace" that we keep hearing about or > the real society in which we live. > > Maybe I'm misunderstanding your position, but you seem to favour a > "status quo" position that only the technologically knowledgable > should be allowed to use the networks. A sort of nerd-priesthood, if > you will, paying homage to the net.gods. If this is, in fact, your > position, how would one go about joining this priesthood? What sort > of controls will have to be implemented to keep out the > non-initiated? (Note: David Gersic sent a copy of this message to me privately before it was published in CuD, and I have already responded to him. In the interests of the public dialogue, however, I will respond publicly here.) This certainly is a misunderstanding of my position and I'm sorry I wasn't more clear! I, too, envision a future where billions of individuals frequent the net for uses ranging from the casual to the sublime. The difference is that in *my* daydream each of these users has *earned* and *paid for* their access. The fact is that net access doesn't grow on trees. The money, technology, and effort that is going in to creating this future cyberspace is staggering. *Someone* has to pay for it. Currently corporations that are developing the future-net are paying for it with the intention of making money off of it from paying subscribers when it is up-and-running. This is the way that it should be. There is only one alternative to having each user pay his or her own way. That alternative is to take money from other people (including from people who can't afford or who don't care about net access) through taxes and pay for those users who can't or won't pay for themselves. It is this approach which I call "immoral", and which I believe poses a great threat to the cyberspace that we all want to inhabit. There are many dangers associated with this egalitarian ideal of cyberspace. One danger that is perhaps especially interesting to CuD readers is the fact that asking for government subsidy for net access is tantamount to asking for control and censorship! If one expects the tax-payers of America to pay for one's access, then one gives them the right, via majority vote and representative government, to control what information one has access *to*. The Loka Institute's implicit assumptions about the proper funding of and access to cyberspace are contradictory to the ideals of privacy and freedom of speech which CuD rightly champions. I hope this makes my concerns more understandable. "Thank you" to Jim Thomas and Gordon Meyer for encouraging this important public dialogue. ------------------------------ Date: Sat, 02 Jul 1994 23:41:05 -0600 (MDT) From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067" Subject: File 5--"Repetitive Strain Injury" by Pascarelli ((MODERATORS' NOTE: The follow review of "repetitive strain injury" may seem to some a bit beyond CuD's normal interests. But, over the past few years we've encountered an increasing number of active computer users who've developed apparent typing-related injuries ranging from tolerable soreness to incapacitating symptoms. We are convinced that RSI is both real, serious, and growing. So, we find the following both relevant and helpful)). BKRSI.RVW 940401 Wiley 5353 Dundas Street West, 4th Floor Etobicoke, ON M9B 6H8 416-236-4433 fax: 416-236-4448 or 22 Worchester Road Rexdale, Ontario M9W 9Z9 800-263-1590 800-567-4797 fax: 800-565-6802 or 605 Third Avenue New York, NY 10158-0012 USA 800-263-1590 800-CALL-WILEY 212-850-6630 Fax: 212-850-6799 jdemarra@wiley.com aponnamm@jwiley.com "Repetitive Strain Injury", Pascarelli, 1994, 0-471-59533-0, U$18.50 My first actual case of repetitive strain injury (or RSI), as a first aid attendant, was not in the logging camps, railway gangs or spacing crews, but with a young student athlete at an outdoor school. He had, literally, outdone himself the day before on a steep downhill hike. He was one of the best jocks in the school and had no problems with stairs and hill climbs--none of which had prepared him for the repeated extension of his foot which downhill walking required. Work-related repetitive strain injury has been known for a long time now. Writer's cramp shows up in an Italian treatise almost three hundred years old. Research and treatment, however, has lagged. For one thing, RSI generally involves soft tissue damage which does not show up on x-rays (or, indeed, on anything much besides microscopic examination of the tissue). For another, few jobs up until this century have required the kind of environment where actions had to be repeated so often without variation. Until very recently, the most common repetitive strain situations involved gross motor activities, where strains showed up early and responded well to exercise. With the advent of the computer keyboard and data entry as major factors in job situations, RSI has become a serious issue in the workforce. This is a comprehensive, factual and practical guide to RSI. It is directed primarily to the computer user or repetitive strain injury sufferer, covering facts about RSI, symptoms and warning signs, diagnosis, choosing a physician, recovery, legal aspects, maintenance and prevention. A major emphasis is to put users/sufferers in charge of, and responsible for, their own health. The book continually counsels patience. My student athlete, when asked if he could walk out with the rest of the group, visibly tried to calculate how much better he could be in the three days before they had to leave. I had to ask him if he could do it right then, since I knew it wasn't going to heal very fast, and he had to admit he couldn't. His case was actually extremely mild, after only a few hours, and would have faded within a week or so of reduced activity. Most RSI cases, however, traumatize the area for months or even years, and the healing process is correspondingly lengthy. Although the book is written for users, I would strongly recommend that every manager get a copy. Averaged over all employees, RSI accounts for about $200 expense per year and per person. If you have four people working for you, using computers, it is almost certain that at least one will develop RSI at some point. RSI is almost entirely preventable, and is almost entirely caused by ignorance. Most of you reading this are probably nodding your heads and muttering something about carpal tunnel syndrome--unaware that this over-diagnosed syndrome actually accounts for only one percent of RSI, according to one study cited in the book. Highly recommended. A very minor investment in keeping free of an ailment which could severely affect your job--not to mention everything else you do with your hands and body. copyright Robert M. Slade, 1994 BKRSI.RVW 940401 ------------------------------ Date: Sun, 3 Jul 1994 00:49:59 -0700 From: jonpugh@NETCOM.COM(Jon Pugh) Subject: File 6--Response to "Egalitarianism as Irrational" (CuD 5.51) > The statement is: "And the risk of inequity in contriving and > distributing electronic services [...] is clear." > > This statement seems to assume that access to information technology > should be equally distributed among individuals. The reason that I > find this assumption disturbing enough to write about is because I > often see variations on such a theme echoed in Computer underground > Digest, but I rarely if ever see a contradictory opinion stated. I think the reason contradictory opinions do not appear is that most people understand the issues. It's not about giving every person a modem and a computer and making them use the net or even about paying them so that they can. It's simply allowing them to use it if they want to and can afford it. Some people also mean "cheap" so that more people can use it, but there will always be people who cannot afford to. It appears to me that some people believe that "equal access" means funding. While there are phone company programs, for example, which reduce the cost of basic phone service for the low income contingent, I do not think that anyone is trying to build that notion into the coming network laws. Equal Access just means that you cannot be denied access. Unfortunately, I think it implies that spammers like Canter & Siegel cannot be denied access though. Even if we allow individual service providers like Netcom to refuse them service, I think this will promote the ever popular blacklist, which is already in use by many sysops. I think spamming them back is much more effective. ;) ------------------------------ Date: Tue, 5 Jul 1994 14:03:06 +1200 From: Nathan Torkington Subject: File 7--Proposed New Zealand legislation In response to problems with foolhardy minors injuring themselves with recipes found on bulletin board systems, one of New Zealand's more right-wing politicians drafted a piece of legislation called the "Technology and Crimes Reform Bill" which was intended to provide a means for prosecution of BBS operators. Unfortunately, the legislation was hijacked along the way and it was extended to cover live sex shows (!) and raunchy 0900 telephone services. These sidetracks make the fundamental problems of the bill harder to identify, but make no mistake: there are problems. The bill expects New Zealand telecommunications companies to prevent NZ citizens accessing foreign telecommunications services (eg, pornography BBS, hot sex numbers, etc) which is impossible. Furthermore, the bill piggybacks onto old (1989) legislation that makes no allowance for services provided over telephone lines (eg, BBS, CompuServe, ...). These problems, and others, make the bill unfeasable. Possibly the biggest problem is that because of the failure to acknowledge multilayered network services like CompuServe or bulletin boards, the bill makes the service provider liable for the actions of their users. This is obviously unreasonable, and stands to jeopardise everyone from CompuServe to universities and other Internet providers. I have been informally speaking to people about this, and several large telecommunications companies are preparing their own submissions on the bill, and various government departments as well. The bill has to be approved by a committee, who will hear the submissions, before it becomes law. From the number and size of the groups making submissions, I don't believe it will become law (thank goodness). The text of the bill is available on the World Wide Web as http://www.vuw.ac.nz/~gnat/law/tech-crime/ and the text of my (draft) submission is available as http://www.vuw.ac.nz/~gnat/law/tech-crime/commentary.html ------------------------------ Date: 5 Jul 1994 14:06:20 +1100 From: "Brian Martin" Subject: File 8--nonviolent action against Clipper Methods of nonviolent action provide a way to challenge government-sponsored encryption. It's important to make a careful assessment of these methods and to develop a sound strategy. The Clipper chip symbolises the National Security Agency's agenda for ensuring that encryption of digital communications does not undermine the power of government police and spy organisations. Because of its origins and for a number of practical reasons, many people are strongly opposed to Clipper, Skipjack, Digital Telephony, key escrow, etc., and favour systems of encryption designed to be impossible for anyone to break. There is also strong support for free communication about and dissemination of encryption systems. So far, enormous effort has been devoted to developing arguments against Clipper and to applying pressure to government to prevent its introduction. These efforts are useful, but direct action is worth considering too. Nonviolent action includes techniques such as petitions, rallies, wearing symbols of resistance, boycotts, strikes, sit-ins, fasts, and setting up alternative institutions. But nonviolent action as an approach to social change involves more than a collection of methods. It is an integrated approach designed to build popular support and undermine systems of oppression. There are numerous examples of nonviolent action, both successful and unsuccessful. These include blockades of forest logging and shipments of nuclear weapons; women's marches against sexual violence; resistance to the Nazis in many parts of occupied Europe during World War II; resistance within Soviet prison camps during the 1950s; the toppling of many Central American dictatorships by nonviolent insurrection; the collapse of East European regimes in 1989; the US civil rights movement led by Martin Luther King, Jr.; and the struggle for independence of India led by Gandhi. Nonviolent action works by the withdrawal of consent from individuals and groups in positions of power. Even the most ruthless dictator cannot rule without acquiescence or support from most of the population, including the army. Violence against oppression tends to unify the oppressors and to alienate bystanders. Nonviolent methods, by contrast, have the potential to undermine the will of the oppressors and to win support from third parties. The aim of nonviolent action should be to open up dialogue, to encourage discussion of solutions that serve the interests of all parties. In the case of Clipper, the government has a great deal of power. It does not need to convince critics, since it can use economic pressures, the legal system and ultimately its police powers to impose its preferred option. Opponents, by refusing to cooperate, are essentially insisting that no action be taken until the issue is fully discussed and a mutually agreeable solution is found. There are many examples and many writings about nonviolent action, but not much of this material deals with struggles in cyberspace. Here are a few suggestions. * Symbolic actions. A number of methods are already being pursued, such as petitions. It might be worth developing a symbol or brief slogan (e.g. "Free encryption") that could be used routinely in communications. An important thing here is to take the message to other media besides computer networks, such as newspapers, magazines and public meetings. This is a challenge. In cyberspace anyone can speak, and the role of editors and publishers is minimised. Elsewhere this is not so. * Boycotts. These are difficult to carry off, but can be effective if prepared for properly. Possible targets need to be researched and justified. Notice should be given to the potential target of a boycott, giving it a chance to change. The boycott should be one that allows many people to participate and which highlights the principles involved. * Noncooperation by workers. The key "production" workers are in the NSA, other relevant government agencies and factories where Clipper is produced. Any dissent or noncooperation within these areas is important, including strikes, go-slows or an open statement of protest. System administrators and technicians could refuse to install Clipper. * Civil disobedience. An obvious possibility here is to export encryption openly. It would be worthwhile designing the campaign so that large groups of people challenge laws or procedures collectively. For example, one hundred or one thousand people could simultaneously export encryption while circulating widely a well-written account of why they are doing it. Another approach is to provide alternative solutions to problems raised by advocates of Clipper. For example, how can securely encrypted communication systems be used to challenge organised crime? Whatever methods are used, it is vital to use them coherently as part of a well-thought out and agreed-upon set of campaigns. The ultimate goals of the actions need always to be kept in mind. Short-term successes are less important than building support and commitment for unfettered participatory communication and undermining the will of Clipper advocates. The issue seems urgent now but, if it is like most other social issues, the struggle will require years of effort and commitment. Hence, it is crucial to take a principled stand and aim always to build long-term support. Expedient compromises are likely to undermine the commitment of supporters. A crucial part of the struggle is to make cyberspace a people's space. At the moment, most people in the world know little about it. Struggles over encryption mainly involve an "information elite", namely those individuals with the greatest access to and involvement with computer networks. Improving access and user-friendliness is vital. Another important mode of action is to use computer networks to serve the interests of oppressed people elsewhere: the poor, persecuted minorities, people under dictatorships, etc. This already happens to a considerable extent. The more that computer networks serve those who are oppressed, the more the general population will support arguments of network activists against threats such as Clipper. Before collective action is begun, it is essential that there be extensive discussion of possible campaigns, including what types of public education should be undertaken, what groups need to be influenced, what the goals of campaigns should be, and what methods of nonviolent action should be used. The most effective campaigns are ones for which there is a high degree of support achieved by extensive discussion before beginning formal action. Fortunately, cyberspace is an ideal place for such discussion to occur. Brian Martin, Department of Science and Technology Studies, University of Wollongong, NSW 2522, Australia, phone: +61-42-287860 home, +61-42-213763 work, fax: +61-42-213452, e-mail: b.martin@uow.edu.au. FURTHER READING Virginia Coover, Ellen Deacon, Charles Esser and Christopher Moore, Resource Manual for a Living Revolution (Philadelphia: New Society Publishers, 1981). Per Herngren, Path of Resistance: The Practice of Civil Disobedience (Philadelphia: New Society Publishers, 1993). Brian Martin, Social Defence, Social Change (London: Freedom Press, 1993). Michael Randle, Civil Resistance (London: Fontana, 1994). Gene Sharp, The Politics of Nonviolent Action (Boston: Porter Sargent, 1973). ------------------------------ Date: Tue, 5 Jul 1994 19:17:55 -0400 (ADT) From: The Advocate Subject: File 9--Some thoughts on the AA BBS Stuff about the AABBS case. This case is essentially a war of ideas. Can a backwards, pigheaded state like tennessee set the moral and cultural standard of a sophisticated state like california? I say not, and like minded individuals agree with us. These "Reagan-Jungen" need to be beaten back. The best light is that of the First Amendment. Bring the press in, point out the vital issues. The judge will be embarassed if the AP or Court TV is televising what this action is about. Has anyone tried contacting the Playboy Foundation or the Guccione Foundation. Contact people like Spider Robinson or WIlliam Gibson. Publicity can only help. Especially given the candy ass tricks the prosecutors are trying out. Bring heat to Reno and Clinton. If this case is to be tried, it should be in california. The Advocate. ------------------------------ End of Computer Underground Digest #6.61 ************************************