Computer underground Digest Sun Apr 26, 1998 Volume 10 : Issue 26 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.26 (Sun, Apr 26, 1998) File 1--EFF challenge to New Mexico Net Censorship Law File 2--FAQ Using the Law to Harrass The Cult v. the ARSCC File 3--"Understanding Digital Signatures", Gail L. Grant File 4--Court Finds AOL Immune from Libel Suit File 5--Re: Cu Digest, #10.25, Weds 22 Apr 98 File 6--Federal Courts use Censorware (Spectacle Press Release) File 7--Cu Digest Header Info (unchanged since 12 April, 1998) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 26 Apr 1998 16:57:09 -0500 From: jthomas@VENUS.SOCI.NIU.EDU(Jim Thomas) Subject: File 1--EFF challenge to New Mexico Net Censorship Law Source: http://www.eff.org April 22, 1998 Statement of Barry Steinhardt, President of the Electronic Frontier Foundation (EFF) on the Legal Challenge to the New Mexico Net Censorship Law. The Electronic Frontier Foundation (EFF) believes that SB 127, New Mexico's recently passed law banning the dissemination of material deemed "harmful to minors" on the Internet, is patently unconstitutional. This law represents a threat to freedom of expression, not only in New Mexico, but across the country. The EFF, as a content provider, and its members, would be compelled to either refrain from communicating constitutionally protected speech or face potential criminal prosecution. Because of this threat, we join today as a plaintiff in the challenge filed today by the American Civil Liberties Union (ACLU). The EFF was the first national non-profit group established to protect free expression, privacy and open access to information in the electronic age and has used the Internet to educate the public about civil liberties and legal issues as they arise in cyberspace. The EFF was a party to the successful challenge to the Federal Communications Decency Act (CDA) in Reno v. ACLU, decided by the US Supreme Court only last June. We believe the New Mexico law is equally defective. The EFF's public education efforts that would be affected include the extensive online resources on its web site. These resources include articles, court cases, legal papers, news releases, newsletters, and excerpts from public discussions related to the EFF's legal, legislative, educational, and advocacy work. Section A in SB 127, as it affects the EFF, is even broader and more censorial that the CDA. The term "harmful to a minor" is defined as any communication "which in whole, or in part, depicts actual or simulated nudity, sexual intercourse or any other sexual conduct." The Legislature did not even attempt to qualify this term by requiring that the speech be viewed in its overall context or that its value to minors or adults be taken into account. Because the definitions used in SB 127 are so broad and so unqualified, it would include everything from a web site's representation of Michalangelo's David, to the publication of the Biblical Song of Solomon on a newsgroup. It would certainly encompass information in many of the archives that the EFF maintains on its web site. Language purporting to limit the application of the law to those who "knowingly and intentionally initiate or engage in communication" with a minor cannot save the law. For most speakers on the Internet, it is not possible to limit speech to an audience that is known to be adults only. Laws like SB 127, such as the even narrower CDA, will inevitably and unconstitutionally restrict the speech available to adults, who will be reduced to receiving only that speech which is deemed suitable for children. As the Supreme Court said in _Reno v. ACLU_: "Given the size of the potential audience for most messages, in the absence of a viable age verification process, the sender must be charged with knowing that one or more minor will likely view it. Knowledge that, for instance, one or more members of a 100-person chat group will be minors and therefore that it would be a crime to send the group and indecent message and would surely burden communication among adults." In addition to the restricting Constitutionally protected speech, SB 127 would also violate the Interstate Commerce Clause of the US Constitution. SB 127 is not limited to purely intrastate New Mexico communications. It seeks to broadly regulate an inherently "interstate", even international medium. A recent decision from New York, American Library Ass'n v. Pataki, 969 F.Supp. 160, 164 (S.D.N.Y. 1997) dealt with the interstate commerce issue. The ALA case dealt with a New York State statute that, like SB 127, sought to restrict speech on the Internet that was "harmful to minors", without limiting the geographic reach of its prohibition. In that decision, which the State of New York did not appeal, the judge held that the law was invalid because it was an "unconstitutional projection of New York law into conduct that occurs wholly outside New York; that the burdens on interstate commerce [by enforcement of this law] ... could paralyze development of the Internet altogether; and finally, that the Commerce Clause ordains that only Congress can legislate in this area, subject, of course, to whatever limitations other provisions of the Constitution (such as the First Amendment) may require." Given the fatal constitutional defects in the new law and its potential to damage free speech on the Internet, the EFF believes that it has no recourse other than to join in this case. ------------------------------ Date: Sun, 19 Apr 1998 20:42:25 -0700 (PDT) From: Jim Thomas Subject: File 2--FAQ Using the Law to Harrass The Cult v. the ARSCC ((Those who keep up with the Church of Scientology's "War on the Net" will find the following interesting, reproduced from The Well with permission)). eff.661.705: Scientology, the Net, and Free Speech From--beckyjo@umich.edu (Rebecca Jo McLaughlin) Subject--Litigation FAQ Newsgroups--alt.religion.scientology Date--Thu, 16 Apr 1998 14:45:00 GMT FAQ USING THE LAW TO HARASS THE CULT VS. THE ARSCC* On alt.religion.scientology you can get flamed. You can also get harassed, investigated, fair gamed, raided, arrested or sued. The people below know, first-hand, how seriously the cult takes their dead leader's commands: "The law can be used very easily to harass..." Coming up: 22 April 1998: [Ward, Henson] The parties are ordered to appear for a pre-trail conference. The parties should be prepared to discuss the following issues: (1) Whether this case should be consolidated with the related case RTC v. Ward, Case No. C-96-20207, for trial; (2) The trial schedule; (3) Estimated length of the proceedings; and (4) Available trial dates in April, May , and June. *** DENNIS ERLICH. Dennis is accused of violating the cult's copyrights by posting some of the "Operating Thetan" (OT) materials. The cult raided Dennis, going through his home and confiscating personal belongings. He is being defended pro bono by the mighty MoFo; donations are gratefully accepted. Send your checks or money orders to: Morrison & Foerster, 425 Market St., San Francisco, CA 94105 Attn: Carla Oakley - Dennis Erlich Defense Fund Telephone: (415) 677-7000 Facsimile: (415) 677-7522 International funds can be accepted. You can also wire donations to them. Call for instructions. **Make sure you label your check "Dennis Erlich Defense Fund".** Also - "seekon" maintains a "Friends of Dennis Erlich Page" www.netcom.com/~seekon/friends.html Dennis also faces attack on another front: the cult has provided his ex-wife (the Venomous Rosa) with a lawyer so that she and the cult can drag Dennis through court on a variety of child-support related cases. For more info: http://www.snafu.de/~tilman/mystory/#10 http://www.snafu.de/~tilman/mystory/denseize.txt ****** KEITH HENSON. Having read the New Operating Thetan (NOTs) levels, Keith Henson believes that Scientology is practicing medicine without a license. He was sued for posting the relevant sections - NOTS 34 - that describe these practices. Recently, Judge Whyte ruled against Henson in summary judgment and planned to conduct a "bench trial" to determine wilfulness. Sadly for the judge, the Supreme Court determined that people like Keith are entitled to a jury trial. The Honorable Whyte is now attempting to lump Keith and Grady's cases together. On a related front, the cult takes offense at Keith picketing their various organizations. The judge, at a recent hearing to strike Henson's trial brief, denied their ex parte application in no uncertain terms: "There is a lot of silliness going on here, and this court is not going to entertain it! The statements of counsel in their briefs are just that, and not evidence." For more info: http://www.cs.cmu.edu/~dst/NOTs/ http://www2.thecia.net/users/rnewman/scientology/home.html#HENSON http://homepages.skylink.net/~teddy/picketpage/picket.html Keith is accepting donations to offset the increasing costs of litigation: H. Keith Henson P.O. Box 60012 Palo Alto, CA 94306 **** FACTnet is a bulletin-board system containing a huge library of information about Scientology and other cults. On 22 August 1995, FACTnet directors, Bob Penny and Larry Wollersheim were raided. FACTnet is being sued for (surprise!) copyright infringement. For more info:. http://www.factnet.org/battle.htm http://www2.thecia.net/users/rnewman/scientology/home.html#FACTNET http://www2.dgsys.com/~alerma/ FACTNET is accepting donations toward their operations and their legal defense. Send to FACTNET Inc., PO Box 3135, Boulder, CO 80307-3135. You may also charge your donation (see http://www.factnet.org for details). **** ZENON PANOUSSIS. Zenon posted the widely-read Secret Scriptures materials to a.r.s. and was promptly sued. It is unlikely that the cult lawyers expected that their own actions would result in Sweden becoming the only country in the world where the Secret Scriptures may be legally obtained. For more info: http://scncases.simplenet.com (webbed documents of most NOTs-connected cases in Sweden) http://www.dtek.chalmers.se/~d1dd/cos/ ***** RAY RANDOLPH. Ray has a domain name, scientology_kills.net, that offends the cult. They claim it infringes upon their trademarks and are suing. Ray is represented by the ACLU and EFF in this skirmish. For more info: http://www.ezlink.com/~rayr/scieno.htm **** KARIN SPAINK. Karin and 12 Dutch internet providers are being sued by the cult for having the Fishman Affidavit (containing parts of OT1 through OT7) on homepages. The cult lost the February 1996 trial, was ordered to pay costs and has appealed. The appeal was scheduled for June 1996, but to date, the cult has not moved on it. The defendants believe the reason for this is that Co$ is afraid it will lose. >From Karin: "The full-fledged case - which they started on the day the short-term lawsuit served in court - is still on its way. We hope to have a verdict this year. For more info: http://www.xs4all.nl/~kspaink http://www2.thecia.net/users/rnewman/scientology/dutch/home.html **** GRADY WARD On 21 March 1996, RTC filed a lawsuit against Grady accusing him of being the elusive net entity, Scamizdat, who posted the Upper Level Materials Scientology cannot seem to keep under wraps. Grady is defending himself in forma pauperis. At a recent summary judgment hearing, Judge Whyte ruled against RTC, clearing the way for a trial. At the recent pretrial hearing, the judge stunned the cult by remarking that the cult had to prove at three things at trial: (1) that the proffered evidence were authentic Usenet posts or IRC chat logs (FRE Rule 901); (2) that Grady Ward somehow was associated with any authenticated posts that had been adjudged to be infringing; and (3) if (1) and (2) were met, that Grady Ward's acts were "wilful" for purposes of copyright law. Currently, Judge Whyte is attempting to get cases of Ward and Henson combined into one. Grady accepts donations to defray mounting legal expenses. Send donations to Grady Ward, 3449 Martha Ct., Arcata, CA 95521 For more info: http://www2.thecia.net/users/rnewman/scientology/home.html#GRADY http://superlink.net/user/mgarde/new.htm **** Corrections, additions, deletions? Mail beckyjo@umich.edu. * And, of course, we do not exist. ------------------------------ Date: Mon, 20 Apr 1998 08:54:03 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 3--"Understanding Digital Signatures", Gail L. Grant BKUNDISI.RVW 980221 "Understanding Digital Signatures", Gail L. Grant, 1998, 0-07-012554-6, U$34.95 %A Gail L. Grant %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 1998 %G 0-07-012554-6 %I McGraw-Hill Ryerson/Osborne %O U$34.95 905-430-5000 fax: 905-430-5020 louisea@McGrawHill.ca %P 298 p. %T "Understanding Digital Signatures" Part one is general background. Chapter one is a brief and rough background of the Internet. Some of the statements are questionable, as are a number of the figures, but it is probably reasonable for the target business audience. The title "Security and the Internet," for chapter two, is only half right. Some general topics that security needs to address are raised, but the Internet isn't mentioned. (The figures convey even less information than in the first chapter, and the situation is not helped by the fact that the figure numbers are not used in the text, so the reader has no idea what passage they are supposed to support.) Again, "Securing the Internet," in chapter three, is a reasonable basic primer on cryptography for the non- technical, but doesn't talk about the Internet yet. The most important point made is the difference between encryption and authentication. Chapter four, on the public key infrastructure, is the weakest, in that it only deals with hierarchical certificate authority systems. It is interesting that the term "network of trust," seemingly used for a group of certificate authorities, is so similar to the term "web of trust" which PGP (Pretty Good Privacy) uses for such a radically different concept. Part two is entitled "Case Studies," and it does have them, but not in the usual style. "Uses of Public Key Systems," in chapter five, still seems to belong to the background section. Chapters six, seven, and eight, on identification and authentication, securing communication, and application integration, say *that* certificates are being used, but give almost no information on how. Chapter nine lists the operational steps in a SET (Secure Electronic Transaction protocol) transaction. Part three looks at technical, legal, and business issues, and at the development of requirements specifications for digital signatures. Chapter ten is only technical by the broadest possible definition of the term, and does not provide enough detail or background for readers to begin to make the decisions that might be necessary. The legal issues chapter eleven raises are at least clear enough to have legal counsel begin to consider, and are not as US-centric as is normally the case. Chapter twelve's review of business issues is a decent discussion starter. The requirements planning tools in chapter thirteen are probably too generic to be of use without further background. Part four is a listing of vendors. Each vendor entry provides contact information, company background, and a description of products or services. Many also list distinctives of the companies, future intentions, and a list of major customers. Chapters cover vendors of certificate authority products and application toolkits. A final chapter looks at the future. copyright Robert M. Slade, 1998 BKUNDISI.RVW 980221 ------------------------------ Date: Thu, 23 Apr 1998 17:16:07 -0400 From: "EPIC-News List" Subject: File 4--Court Finds AOL Immune from Libel Suit Source: EPIC Volume 5.05 April 23, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ *** 1998 EPIC Cryptography and Privacy Conference *** http://www.epic.org/events/crypto98/ ======================================================================= [2] Court Finds AOL Immune From Libel Suit ======================================================================= A federal judge in Washington has ruled that America Online cannot be sued for posting an allegedly defamatory item by gossip columnist Matt Drudge. The ruling came in a lawsuit filed by White House official Sidney Blumenthal after Drudge reported that Blumenthal had "a spousal abuse past that has been effectively covered up." The suit named as defendants both Drudge and AOL, which carried "The Drudge Report" under a license agreement with the columnist. In an opinion issued on April 22, U.S. District Judge Paul L. Friedman held that AOL enjoys broad immunity from suit under a surviving provision of the Communications Decency Act (most of which was struck down by the Supreme Court last summer). That provision, which was intended to encourage online providers to "self-police" their systems for "offensive" content, states: No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. The judge noted that, under the terms of its agreement with Drudge, AOL retained "certain editorial rights ... including the right to require changes in content and to remove it." While finding that the CDA provision relieves the online service of any potential liability, Judge Friedman noted an anomaly in the result: Because it has the right to exercise editorial control over those with whom it contracts and whose words it disseminates, it would seem only fair to hold AOL to the liability standards applied to a publisher or, at least, like a book store owner or library, to the liability standards applied to a distributor. But Congress has made a different policy choice by providing immunity even where the interactive service provider has an active, even aggressive role in making available content prepared by others. The suit against Drudge will proceed, and attorneys for Blumenthal have indicated that they will appeal the dismissal of AOL as a defendant. ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ------------------------------ Date: Thu, 23 Apr 1998 10:24:51 -0400 (EDT) From: "John S. Cronin" Subject: File 5--Re: Cu Digest, #10.25, Weds 22 Apr 98 In article you wrote: > From--"Frank Knobbe" > Date--Fri, 17 Apr 1998 23:07:17 -0600 > Subject--File 6--Re--"tagging color printers" (CuD 10.22) > > > Date--06 Apr 1998 15:29:44 -0400 > > From--Mark Atwood > > Subject--File 3--US Govt wants to "tag" color printers > > [...] > > > "In addition, Castle said, practical and realistic measures to tag > > scanners and printers must be considered, in order to identify the > > source of the counterfeit notes." > > > > In other words, he wants every color printer to embed some sort of > > signature into its output, so that the "authorities" can determine > > where it came from. > > > > I remember, back in high school civics, one of the bits of patriotic > > propaganda that was dispenced to us, was that the USSR required all > > photocopiers to embed a machine id and page number into its output, > > so that the "authorites" could control their use as publishing > > tools. > > > > Now the USA wants to do the same thing. > > [...] > > Great! I'm so curious to see how they are gonna tackle this issue. Put > an ID on top of the page? Sure, go right ahead, I have to use my > scissors anyway to cut out the Lincoln's. > > The only way this would work, would be to overlay the copy with a fine > barcode type output, where the lines stretch across the whole page. > Which means the ID changes when the fuser gets old'n'dirty. Plus, > imagine how many people would return that copier because "it's broke > and procudes crappy output". > > How about mandatory copier paper with a watermark? All you need to do > is equip the copier's paper cassette with a padlock. > > Of course, alternatively you could try to improve security with newer > dollar bills that have additional security features such as holograms, > etc. but that would be too easy.... > > The world is going crazy, and it's not gonna get better... I wish I had been paying better attention. Recently, I was watching one of the major news programs (ABC, CBS or NBC - I don't remember which one because my room mate had control of the remote). They had a segment on counterfeiting and the new $20 bill. They spent quite a bit of time talking about counterfeiting US currency using ordinary color printers, and how over 50% of all counterfeit bills are now coming from color printers. The part that really floored me was when they mentioned that Treasury was going to ask printer makers to begin making printers that will refuse to print currency. ?! Now I wonder if the news folks misunderstood this tagging concept, or if Treasury is really that clueless about the state of computing and what is possible? I have not been able to find any more info on this. I really do wonder though - does Treasury really believe this is possible, especially in the price range of $200 printers? I really wonder how they expect this to be implemented, if this is true. Not that I think it will happen anytime soon, if at all. Has anybody else heard about this? ------------------------------ Date: Sun, 26 Apr 1998 14:06:21 -0500 From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 6--Federal Courts use Censorware (Spectacle Press Release) Source: http://www.spectacle.org/cwp/courtcen.html The Censorware Project Federal Courts Use Censorware; Free Speech Advocates Object By the Censorware Project April 22, 1998 FOR IMMEDIATE RELEASE Contact: Jonathan Wallace daytime: 212-513-7777 evening: 718-797-9808 email: jw@bway.net New York, April 22, 1998 -- The Censorware Project, an organization which battles the use of blocking software by public institutions including schools and libraries, announced today that it has learned that federal courts are using the WebSENSE censorware product, at least in the Eighth, Ninth and Tenth judicial circuits (covering twenty-two states and Guam). WebSENSE was installed by the Administrative Office of the Courts, apparently without the knowledge or consent of the judges themselves. "I am really disturbed that the federal court administrators have installed censorware, especially in light of federal judge Leonie Brinkema's recent decision in the Loudoun County, Virginia case," said James Tyre, a First Amendment attorney who is a founding member of the Censorware Project. "In that decision, available at http://www.venable.com/ORACLE/opinion.htm, the judge suggested that blocking a web site in a library is like pulling a book from the shelves. It is particularly shocking that the Administrative Office of the Courts thinks that federal judges need to be protected against the Internet -- and that our tax money is being spent to buy censorware for this purpose. It would be ironic indeed if Judge Brinkema is prevented by WebSENSE from visiting the very sites at issue in the Loudoun County case, blocked by X-Stop, a competitor of WebSENSE." One site erroneously blocked by the WebSENSE product under its "Hacking" category is http://www.digicrime.com/ -- a humorous site created by security experts to educate the public about computer crime. "WebSENSE apparently took the site for a real computer crime site," Tyre said. "DigiCrime is not just one bad block out of 200,000: it is one of 54 hand-picked sites by the makers of WebSENSE itself included in the downloadable demo versions of the product. Although The Censorware Project has not done a full analysis of WebSENSE, one must seriously question its claims to accuracy if it cannot even get its demo blocks right." WebSENSE also reportedly blocks A Different Light Bookstore, http://www.adlbooks.com/, specializing in gay or lesbian literature. The company claims that the product blocks 200,000 sites. ________________________________________________________________ The Censorware Project is a group of Internet activists opposed to blocking software and ratings systems for the Web on the grounds that both approaches promote government censorship of the Net. For more information, please contact Jonathan Wallace at jw@bway.net. ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 12 April, 1998) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.26 ************************************