Computer underground Digest Sun 4 July, 1999 Volume 11 : Issue 29
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Canape Editor: Etaion Shrdlu, III
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #11.29 (Sun, 4 July, 1999)
File 1--Congress, NSA butt heads over Echelon (Fed Computer Week excerpt)
File 2--SANS Newsbites Vol. 1 Num. 11 (News and Links)
File 3--Blurbs on Encryption Legislation (EPIC Reprints)
File 4--CDT's Report on Library Filtering and Encryption Bills
File 5--Censorware Project Corrects Gross Distortion
File 6--Court's ruling on cable praised for doing what county wouldn't
File 7--Cu Digest Header Info (unchanged since 10 Jan, 1999)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
TO UNSUB OR CHANGE ADDRESS, SEE ADMINISTRAVIA IN CONCLUDING FILE
---------------------------------------------------------------------
Date: Wed, 9 Jun 99 07:35:27 -0400
From: Brandon J.M. Cotton
Subject: File 1--Congress, NSA butt heads over Echelon (Fed Computer Week excerpt)
>From http://www.fcw.com/pubs/fcw/1999/0531/web-nsa-6-3-99.html (Federal
Computer Week):
Congress, NSA butt heads over Echelon
BY DANIEL VERTON (dan_verton@fcw.com)
Congress has squared off with the National Security Agency over a
top-secret U.S. global electronic surveillance program, requesting top
intelligence officials to report on the legal standards used to prevent
privacy abuses against U.S. citizens.
According to an amendment to the fiscal 2000 Intelligence Authorization
Act proposed last month by Rep. Bob Barr (R-Ga.), the director of Central
Intelligence, the director of NSA and the attorney general must submit a
report within 60 days of the bill becoming law that outlines the legal
standards being employed to safeguard the privacy of American citizens
against Project Echelon.
Echelon is NSA's Cold War-vintage global spying system, which consists of
a worldwide network of clandestine listening posts capable of
intercepting electronic communications such as e-mail, telephone
conversations, faxes, satellite transmissions, microwave links and
fiber-optic communications traffic. However, the European Union last year
raised concerns that the system may be regularly violating the privacy of
law-abiding citizens [FCW, Nov. 17, 1998].
However, NSA, the supersecret spy agency known best for its worldwide
eavesdropping capabilities, for the first time in the history of the
House Permanent Select Committee on Intelligence refused to hand over
documents on the Echelon program, claiming attorney/client privilege.
Congress is "concerned about the privacy rights of American citizens and
whether or not there are constitutional safeguards being circumvented by
the manner in which the intelligence agencies are intercepting and/or
receiving international communications...from foreign nations that would
otherwise be prohibited by...the limitations on the collection of
domestic intelligence," Barr said. "This very straightforward
amendment...will help guarantee the privacy rights of American citizens
[and] will protect the oversight responsibilities of the Congress which
are now under assault" by the intelligence community.
Calling NSA's argument of attorney/client privilege "unpersuasive and
dubious," committee chairman Rep. Peter J. Goss (R-Fla.) said the ability
of the intelligence community to deny access to documents on intelligence
programs could "seriously hobble the legislative oversight process"
provided for by the Constitution and would "result in the envelopment of
the executive branch in a cloak of secrecy."
------------------------------
Date: Wed, 9 Jun 1999 23:22:01 -0600 (MDT)
From: The SANS Institute
Subject: File 2--SANS Newsbites Vol. 1 Num. 11 (News and Links)
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 1, Number 11 June 10, 1999
Editorial Team:
Kathy Bradford, Bill Murray, Alan Paller, Howard Schmidt, Eugene Schultz
*************************************************************************
7 June 1999 OMB Tells Feds to Post Privacy Policies
7 June 1999 AntiOnline Editor Accused of Paying for Attacks; also Claims
To Have Repelled Denial of Service Attack
7 June 1999 Commerce Committee to Hold Privacy Hearing
7 June 1999 International E-Commerce Concerns Regulators
6 June 1999 Federal Web Security Honed
5 June 1999 MS Software Pirates Arrested
4 June 1999 Department of Justice Says Attacks Serious
4 June 1999 Digital Watermarking
4 June 1999 Conflicting Privacy Wording on United's Site Confuses Users.
3 June 1999 Recent Attacks Distract FBI from Real Threats, Some Say
3 June 1999 Attacks Will Not Stop, says FOrpaxe
3 June 1999 Germany Favors Strong Cryptography
3 June 1999 DOD Background Checks Backlogged
3 June 1999 ISPs Express Skepticism About UK Government's Crypto Policy
3 June 1999 Black Boxes for Automobiles
2 June 1999 Cracker Moonlighting
2 June 1999 FBI Cybercrime Unit Angers Crackers
2 June 1999 Federal Cyberattack Policy Warranted
1 June 1999 EU Members Could Halt Data Flow to US
1 June 1999 E-mail Privacy in Japan
31 May 1999 Federal Network Monitoring Tools
31 May 1999 Oracle Database Security Hole
More stories about attacks on federal sites:
2 June 1999 Department of Defense
1 June 1999 Interior Department
1 June 1999 Interior department and Idaho National Engineering and
Environmental Laboratory
Valuable New Resources
Model Security Policies (today)
Intrusion Detection FAQ (updated)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 June 1999: OMB Tells Feds to Post Privacy Policies
The Office of Management and Budget is requiring federal sites to post
clear privacy policies on their home pages and on any other pages which
collect personal data. While the 1974 Privacy Act requires federal
agencies to tell people when they've collected personal information
about them, 1974 law did not anticipate the web. The OMB wants the
federal sites to comply with the directive by September first of this
year. http://www.fcw.com/pubs/fcw/1999/0607/fcw-newsprivacy-6-7-99.html
7 June 1999: AntiOnline Editor Accused of Paying for Attacks
Computer attackers have accused AntiOnline editor John Vranesevich of
paying people to break into web servers so that he could scoop the
stories. Vranesevich categorically denies the charges. In a related
story, Vranesevich claims to have successfully weathered the same sort
of attack that took the FBI's site offline for a week.
http://www.wired.com/news/news/culture/story/20062.html
http://www.computerworld.com/home/print.nsf/all/990607AD22#TOP
7 June 1999: Commerce Committee to Hold Privacy Hearing
Senator John McCain says senate Commerce Committee hearings to be held
this summer will focus on the question of federal regulation of online
privacy. McCain hopes to avoid such legislation. (Also, see the June
4 United story.)
http://dailynews.yahoo.com/headlines/technology/zdnet/story.html?s=v/zd/19990607
/tc/19990607008
7 June 1999: International E-Commerce Concerns Regulators
As electronic commerce spreads worldwide, so do questions about
authentication, product safety regulations, and taxes, to name but a
few of the surfacing issues. While some groups believe worldwide
regulations must be reached for international e-commerce to succeed,
others are unsure.
http://www.techweb.com/wire/story/reuters/REU19990607S0012
6 June 1999: Federal Web Security Honed
In the wake of attacks on federal websites in the last few weeks, the
respective agencies are upgrading their security systems, though some
of the agencies are reluctant to discuss the measures they've taken for
fear of providing information that would help attackers. Others
acknowledge the fact that no system is entirely secure, and that increased
vigilance is as valuable a tool as any firewall.
http://www.fcw.com/pubs/fcw/1999/0607/fcw-newsbatten-6-7-99.html
5 June 1999: MS Software Pirates Arrested
Eight people were arrested in connection with a piracy ring that has
produced 15,000 copies of Microsoft programs, including Windows 98.
The pirated software was sold overseas.
http://www.mercurycenter.com/svtech/news/breaking/ap/docs/514350l.htm
4 June 1999: Digital Watermarking
A group of computer companies and record companies will decide on digital
watermarking technology to resist DVD-Audio copyright infringement.
http://www.techweb.com/wire/story/TWB19990604S0009
4 June 1999: Conflicting Privacy Wording on United's Site Confuses Users.
While United Airlines reservations site posts a standard privacy policy,
the "terms and conditions" agreement on the site basically waives those
same rights. http://www.news.com/News/Item/0,4,37413,00.html
4 June 1999: Department of Justice Says Attacks Serious
The Department of Justice (DOJ) has rejected the comparison of recent
federal computer attacks to graffiti, instead calling them serious
infringements of the agencies' ability to transmit information to the
public. The DOJ has promised vigorous prosecution of those responsible.
http://www.newspage.com/cgi-bin/NA.GetStory?story=c0603134.401&date=19990604&lev
el1=46510&level2=46515&level3=821
3 June 1999: Recent Attacks Distract FBI from Real Threats, Some Say
Some security pundits believe that the attention the FBI is giving those
responsible for the slew of attacks of federal computer sites in the
last week takes the focus off more "serious digital crimes."
http://dailynews.yahoo.com/headlines/technology/zdnet/story.html?s=v/zd/19990603
/tc/19990603003
3 June 1999: Attacks Will Not Stop, says FOrpaxe
A group of Portuguese teenage computer attackers calling itself FOrpaxe
claims responsibility for over 60 site exploits and vows to continue
its "crusade." Members say that there has been talk of attackers
worldwide formulating a unified attack on US government computers.
http://www.msnbc.com/news/276459.asp#BODY
3 June 1999: DOD Background Checks Backlogged
The Defense Department has an enormous backlog of employee background
security investigations; over half a million checks need to be performed.
Private investigative firms will be hired to help. In AOL News, from
AP.
3 June 1999: Germany Favors Strong Cryptography
The German Government has issued a policy statement in favor of strong
cryptography. The statement is an apparent response to allegations of
industrial espionage conducted with the aid of electronic surveillance
devices. The policy also states that protecting electronic commerce
and people's privacy supersedes concerns about the possibility of the
criminal use of cryptography.
http://www.wired.com/news/news/politics/story/20023.html
3 June 1999: ISPs Express Skepticism About UK Government's Crypto Policy
The UK's new encryption policy could put Internet users in a position
where their e-mail is easily accessible by law enforcement officials.
http://www.techweb.com/wire/story/TWB19990603S0001
3 June 1999: Black Boxes for Automobiles
Devices already installed in many GM cars record data about crashes.
Although GM says that "information recorded is the property of the
vehicle owner," Barry Steinhardt of the ACLU asserts that the devices
were placed in the cars without the owners' consent, and that the data
could be subpoenaed.
http://www.wired.com/news/news/technology/story/20010.html
2 June 1999 : Cracker Moonlighting
Many computer exploiters are also extremely talented code writers employed
by major software companies, but a recent raid on the home of a now
former Microsoft employee has brought to light the problems associated
with the "dual identities" of such people.
http://www.msnbc.com/news/275876.asp#BODY
2 June 1999: FBI Cybercrime Unit Angers Crackers
The FBI's Cybercrime Unit conducted several raids in recent weeks against
people suspected of the theft and misuse of credit card numbers and
computer passwords. Cracker groups angry about the raids launched
widespread retaliatory attacks of US federal websites.
http://www.nytimes.com/library/tech/99/06/biztech/articles/02hack.html
2 June 1999: Federal Cyberattack Policy Warranted
Since cyberattacks can now be part of international warfare, as evidenced
by attacks in protest of NATO actions on Kosovo, the US needs to "develop
a coordinated national response" to protect its infrastructure.
http://www.fcw.com/pubs/fcw/1999/0531/web-cip-6-2-99.html
1 June 1999: EU Members Could Halt Data Flow to US
The EU (European Union) wants the US to speed up the schedule for its
compliance with EU data privacy laws, and to tighten up language about
consumer access to data and enforcement policies in the "safe harbor"
agreement. If the two entities cannot reach an accord, individuals and
member countries could stop sending their personal data to US companies
online, a significant blow to e-commerce.
http://www.news.com/News/Item/0,4,37236,00.html
1 June 1999: E-mail Privacy in Japan
The Tokyo Manager's Union has received a number of reports of employees
being censured or fired for their alleged misuse of e-mail. An attorney
calls bosses' screening employees' e-mail an invasion of privacy.
http://www.yomiuri.co.jp/newse/0603so09.htm
31 May 1999: Federal Network Monitoring Tools
Some federal agencies would like to see a single product that would
cover all their monitoring needs, while others are happy using a
combination of tools.
http://www.fcw.com/pubs/fcw/1999/0531/fcw-techbrief-05-31-99.html
31 May 1999: Oracle Database Security Hole
A security flaw in Oracle databases enables malicious individuals root
access to the system. While the company is offering a patch, only those
clients who have maintenance contracts with the company were informed
of the hole. Oracle is providing a patch to fix the problem.
http://www.zdnet.com/intweek/stories/prtfriendly/0,4557,2267512,00.html
== Federal Web Site Attacks ===========================================
If you haven't read enough stories about attacks on federal web sites,
here are three more:
2 June 1999 Dept of Defense
http://www.computerworld.com/home/news.nsf/all/9906023defense
1 June 1999: Interior Department
http://www.computerworld.com/home/news.nsf/all/9906012hack
1 June 1999: Interior Department and Idaho National Engineering
and Environmental Lab
http://www.nytimes.com/library/tech/99/mo/biztech/articles/01hack.html
== Valuable New Resources =============================================
Model Security Policies (today)
The most sought-after sections in any SANS course books are Michele
Crabb-Guel's collection of model security policies (from her classic
course on Building Effective Security Infrastructures). She graciously
provided the slide show that describes the policies along with the
policies and templates. Posting these policies is the first step in a
new Joint Consensus Research project (with the CIO Institute) to develop
a consensus on model security policies for organizations connected to
the Internet. Comments and contributions are welcome. If you have
something to offer please do. Those who provide the most useful
information will be invited to participate in the consensus research
project. Email the research office (sansro@clark.net)
http://www.sans.org/newlook/resources/policies/policies.htm
Intrusion Detection FAQ (last week)
Stephen Northcutt and a team of intrusion detection experts have created
a new version of the new Intrusion Detection FAQ.
http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
If you would like to contribute new questions and answers, send your
proposal to info@sans.org with the subject `ID FAQ Proposal'.
== End ==
Please feel free to share this with interested parties. For a free
subscription, e-mail with the subject:
Subscribe NewsBites
New easy subscription modification, just use the web:
http://www.sans.org/sansaddr?hashid=SD144920Ej,s2QCxS8H
Or you can email with instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, or with
any other comments.
------------------------------
Date: Wed, 30 Jun 1999 16:16:22 -0400
From: "EPIC-News List" epic-news@epic.org
Subject: File 3--Blurbs on Encryption Legislation (EPIC Reprints)
Source - Volume 6.10 June 30, 1999
http://www.epic.org
[1] Senate Committee Approves Mandatory Filtering Bill
Congress' move toward mandatory Internet filtering for schools and
libraries gained momentum on June 23, when the Senate Commerce
Committee approved the Children's Internet Protection Act (S.97). The
legislation would mandate that public schools and libraries receiving
"E-Rate" universal service funds purchase and use Internet filtering
software to regulate access by minors. The House of Representatives
added a similar provision to the juvenile justice bill on June 17.
The Committee action came over the objections of leading education,
library and civil liberties groups, which argued that the legislation
would impose a costly unfunded requirement and ignores a variety of
alternative approaches being taken in localities around the country.
Commerce Committee Chairman John McCain (R-AZ) rejected the criticism,
stating that filtering software is inexpensive and necessary to protect
children. "No issue is more important to America than protecting our
children," he said. Under the language approved by the Senate
committee approach, the thousands of schools that participate in the
federal Internet subsidy program would be required to install software
preventing access to obscene material and child pornography. Libraries
in the E-Rate program with more than one computer would face a similar
requirement; those with only one computer would have to ensure that
children could not access such material.
Prior to the vote, the Internet Free Expression Alliance (IFEA) sent a
joint letter to the Commerce Committee urging rejection of mandatory
filtering. The coalition members told the committee, "We believe that
the majority of Americans share our conviction that parents and
teachers -- not the federal government -- should provide children with
guidance about accessing information on the Internet." They urged the
Senators to consider alternative approaches, including training classes
to help children bring critical skills to the Internet; adult
supervision of Internet use by minors; highlighting recommended sites
to assist parents in navigating the Internet; and establishment of
limited time periods for supervised use of the Internet by young
children. The groups noted that, "Clumsy and ineffective blocking
programs are nothing more than a 'quick fix' solution to parental
concerns, often providing a false sense of security that children will
not be exposed to material which parents may find inappropriate."
The text of the coalition letter is available at the website of the
Internet Free Expression Alliance:
http://www.ifea.net/s97_letter.html
=======================================================================
[2] Congress Acts on Encryption Legislation
=======================================================================
On June 23, the House Commerce Committee approved the Security and
Freedom Through Encryption (SAFE) bill (H.R. 850), which would relax
export controls on encryption, with several amendments. One of the
amendments would make it a crime to fail to decrypt encrypted
information when ordered to do so, raising serious privacy and
constitutional concerns. The new provision would impose criminal
penalties (including up to ten years in prison) on anyone who
is required by an order of any court to provide to
the court or any other party any information in such
person's possession which has been encrypted and who,
having possession of the key or such other capability
to decrypt such information into the readable or
comprehensible format of such information prior to
its encryption, fails to provide such information in
accordance with the order in such readable or
comprehensible form.
House consideration of the SAFE bill will continue for at least
another month; the International Relations Committee has until July 16
to act on the legislation and Intelligence and Armed Services have
until July 23. The House Armed Services Committee has scheduled a
hearing on the bill for June 30.
Also on June 23, the Senate Commerce Committee approved the PROTECT
encryption bill (S. 798). The legislation would allow U.S. companies
immediately to export medium-strength encryption products (64-bit) and
much more powerful products (up to 128-bit) beginning in 2002. Current
U.S. policy generally limits exports to 56-bit encryption with some
exceptions such as for subsidiaries of U.S. firms and foreign companies
in banking, insurance, health-care and electronic commerce. The bill
would also establish a committee of government and private sector
officials that could vote to allow export of stronger products if
similar products are available outside the United States. The
committee's decisions could be overturned by the President. Unlike the
SAFE bill in the House, the PROTECT Act does not include criminal
penalties for the use of encryption in furtherance of a crime.
Additional information on encryption policy is available at the
Internet Privacy Coalition website:
http://www.privacy.org/ipc/
=======================================================================
[3] Government Seeks Review of Bernstein Crypto Decision
=======================================================================
While Congress continues to debate encryption policy, the federal
courts are also grappling with the issue. On June 21, the Department
of Justice filed a petition for rehearing in the Bernstein case,
seeking to overturn the Ninth Circuit Court of Appeal's recent opinion
holding that encryption source code is scientific expression protected
by the First Amendment.
The federal appeals court in San Francisco ruled on May 6 that federal
regulations that prohibit the dissemination of encryption source code
violate the First Amendment. The court found that the regulations are
an unconstitutional prior restraint on speech because they "grant
boundless discretion to government officials" and have "effectively
chilled [cryptographers] from engaging in valuable scientific
expression." The case was initiated by researcher Daniel Bernstein,
who sought government permission to export source code he had written.
EPIC was both co-counsel and coordinator of a "friend-of-the-court"
(amicus) brief in the case, arguing against the government controls on
privacy-enhancing technology. Civil liberties and privacy
organizations have consistently opposed restrictions on the
dissemination of encryption technology, and welcomed the Bernstein
decision as a major breakthrough. The opinion was notably for its
recognition of the threats to privacy that citizens face today and the
role of encryption in protecting information.
In seeking the Ninth Circuit's reconsideration of the case, the Justice
Department argues that the May 6 decision
rests on fundamental errors regarding First Amendment
and severability law. As a result of those errors,
the panel has placed the entire encryption export
regime in jeopardy. The potential consequences of
repudiating the President's decisions regarding
encryption export controls are grave and far-reaching.
Before the views of the panel majority become the law
of this Circuit, and unrestricted export of encryption
products receives this Court's imprimatur, further
review is imperative.
Information on encryption export controls, including the text of the
Bernstein decision and the EPIC amicus brief, is available at the EPIC
Cryptography Archive:
http://www.epic.org/crypto/
=======================================================================
Subscription Information
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. A Web-based form is available for subscribing or
unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
------------------------------
Date: Thu, 24 Jun 1999 17:32:26 -0400
From: Ari Schwartz
Subject: File 4--CDT's Report on Library Filtering and Encryption Bills
C D T P O L I C Y P O S T
A BRIEFING ON PUBLIC POLICY ISSUES
AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
***********************************************************************
Volume 5, Number 12 June 24, 1999
=============================================================
CONTENTS:
(1) Mandatory Filtering for Schools & Libraries Approved by Senate Committee
(2) Encryption Bills Clear Hurdles in House, Some Privacy Concerns Remain
(3) Senate Committee Passes Its Version Of Encryption Reform
(4) Subscription Information
(5) About the Center for Democracy and Technology
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of ari@cdt.org
This document is also available at:
http://www.cdt.org/publications/pp_5.12.html
____________________________________________________
(1) MANDATORY FILTERING FOR SCHOOLS & LIBRARIES APPROVED BY SENATE COMMITTEE
The Senate Commerce, Science, and Transportation Committee held a markup
today to discuss the Childrens' Internet Protection Act (S.97) introduced
by its chairman, John McCain (R-AZ), and ranking Democrat, Ernest Hollings
(D-SC). The bill mandates that all schools and libraries receiving federal
e-rate assistance select a technology for computers with Internet access
that:
* blocks or filters obscene material,
* blocks or filters child pornography, and
* may be -- but are not required to be -- used by local authorities to
block or filter materials deemed "inappropriate for minors."
The schools and libraries must then enforce a policy that ensures that all
minors use such technologies while on the Internet.
This language is different from previous drafts of this bill in several
respects:
* It requires filtering or blocking only when minors are using the computer.
* It narrows the federal filtering requirement from material deemed
"harmful to minors" to obscene material or child pornography,
* It broadens the optional filtering category to include a great deal of
speech that is protected by the First Amendment.
Senator McCain made it clear that such material determined to be
"inappropriate for minors" may include sites promoting hate groups or other
controversial material, although such material in each of these categories
is protected speech under the First Amendment. The bill's only other
amendment refined the time period available to schools and libraries to
come into compliance with new law, if passed.
Senator John Kerry (D-MA) voiced concerns about the bill, drawing attention
to the way in which it infringes on the rights of communities to
self-determination regarding their own access to the Internet and that of
their children. However, the Committee as a whole approved the bill by
voice vote. A floor vote has not yet been scheduled.
For more information regarding S.97 and the debate surrounding free speech
on the net, visit CDT's Free Speech page at http://www.cdt.org/speech/
_______________________________________________________
(2) ENCRYPTION BILL CLEARS ANOTHER HURDLE IN THE HOUSE, SOME PRIVACY
CONCERNS REMAIN
Significant movement towards encryption reform continued on Capitol Hill
yesterday as committees in both the House and Senate approved export relief
bills. The Security and Freedom through Encryption (SAFE) Act (H.R.850)
cleared a major hurdle with passage by the House Commerce Committee. The
committee did pass several amendments to the bill including a troubling new
federal crime, proposed by Rep. Stearns (R-FL), requiring the production of
decryption keys or other forms of decryption assistance when presented with
a court order. This amendment raised signficant privacy and fifth amendment
concerns by leaving encryption users open to prosecution without clear
guidelines for compliance.
Rep. Oxley proposed an amendment that would have allowed government
agencies to require non-government contractors to use key recovery systems.
This amendment was withdrawn after substantial opposition from other
members of the Committee. Three minor amendments sponsored by Reps. Oxley
and Wilson were adopted, all relating to national security.
The SAFE Act, as approved by the House Commerce Committee, would:
* Affirm the right to user and sell encryption and will allow stronger
encryption software than the existing 56 bits to be distributed without
export licensing requirements.
* Prohibit the government from requiring a backdoor into peoples' email and
computer files ("mandatory key recovery").
* Modernize U.S. export controls to permit the export of generally
available software and hardware if a product with comparable security is
commercially available from foreign suppliers.
* Create criminal penalties for the knowing and willful use of encryption
to conceal evidence of a crime, BUT specifies that the use of encryption
does not constitute probable cause of a crime.
* Require the production of decryption keys or other forms of decryption
assistance when presented with a court order
* Prohibit export of encryption products to the PLA and companies owned by
the Chinese military
* Call upon the Attorney General to compile examples in which encryption
has interfered with law enforcement.
* Call upon the President to convene an international conference to draft
encryption policy agreement
* Allows allows the Secretary of Commerce to deny the export of encryption
products to specific groups and organizations if it would be used to harm
national security, used to sexually exploit children or used for illegal
activities by organized crime.
Although the export relief provisions of the original bill stayed intact,
as the bill proceeds to the House floor, CDT will continue to look out for
and oppose amendments that raise these privacy concerns.
Background information on the SAFE bill is available at:
http://www.cdt.org/crypto/legis_106/SAFE/
CDT encourages encryption activists to call members of the House Committees
that still must look at SAFE before it gets to the floor. Please see our
Digital Democracy page to see if your member is on one of these important
committees: http://www.cdt.org/action/
_________________________________________________________________
(3) SENATE COMMITTEE PASSES ITS VERSION OF ENCRYPTION REFORM
The Senate PROTECT Act (S.798) passed the full Senate Commerce Committee by
voice vote Wednesday. While falling short of the immediate access to
products needed to protect privacy online, the bill represents a major
shift in position for key Senators once opposed to encryption reform.
Although the PROTECT Act takes an important step forward for encryption
reform, CDT believes that more comprehensive export relief is needed to
protect individual privacy.
The PROTECT Act, as approved by the Senate Commerce Committee, would:
* Allow the immediate export of 64-bit encryption products
* Require the National Institute for Standards and Technology (NIST) to
complete development of the Advanced Encryption Standard (AES) and
decontrols export of AES and equivalent products by 2002
* Allow export of strong encryption products to certain trusted end-users,
export of recoverable products, and export of "crypto-ready" products
*Allow export of generally available products over 64-bits after a one-time
review
* Create an Encryption Export Advisory Board to make recommendations to the
Secretary of Commerce about the general availability of encryption products
(The Secretary's decision is subject to judicial review, and the President
may override the Board's determinations for purposes of national security
without review.)
* Prohibits domestic controls and mandatory plaintext access
* Permit the immediate exportation of non-military encryption (above 64
bits) to "responsible" entities and governments of North Atlantic Treaty
Organization (NATO), Association of Southeast Asian Nations (ASEAN), and
Organization for Economic Cooperation and Development (OECD).
The bill will next be considered by the Intelligence Committee, with two
other committees also receiving subsequent referrals. As the bill proceeds
through the Senate, CDT will continue to advocate for greater export
relief. CDT's letter to the Senate Commerce Committee on PROTECT is
available online at
http://www.cdt.org/crypto/legis_106/PROTECT/McCainletter062299.html
Background information on the PROTECT bills is available at:
http://www.cdt.org/crypto/legis_106/PROTECT/
__________________________________________________________
(4) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list. CDT Policy Posts, the regular news
publication of the Center for Democracy and Technology, are received by
Internet users, industry leaders, policymakers, the news media and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.
To subscribe to CDT's Policy Post list, send mail to
majordomo@cdt.org
In the BODY of the message (leave the SUBJECT LINE BLANK), type
subscribe policy-posts
If you ever wish to remove yourself from the list, send mail to the above
address with NOTHING IN THE SUBJECT LINE and a BODY TEXT of:
unsubscribe policy-posts
_________________________________________________________
(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: http://www.cdt.org/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
------------------------------
Date: Thu, 24 Jun 1999 03:22:12 GMT
From: jw@bway.net
Subject: File 5--Censorware Project Corrects Gross Distortion
CENSORWARE PROJECT CORRECTS GROSS DISTORTION OF ITS REPORT
For Immediate Release
Contact: Jamie McCarthy
Day: (616) 381-9889
Evening: (616) 375-7637
Email: jamie@mccarthy.org
New York, June 23, 1999 - Last Friday, Senator John McCain (R-Ariz.)
toured Secure Computing Corporation, makers of "SmartFilter," and was
told that a three-month old report by the Censorware Project proves
that product's accuracy. The Censorware Project is an activist
organization opposing the use of content-blocking software in
libraries and universities, and its report clearly shows the opposite.
The Project strongly protests the misuse of its name to support
pro-censorship legislation.
Today, the Senate Commerce Committee approved Sen. McCain's filtering
bill (S.97), which subsidizes censorware by mandating its installation
in every school and library which receives E-Rate funds.
"Apples and oranges," said Project member Jamie McCarthy. "Secure
Computing's phony math compares two numbers from different categories
to claim their product has only 0.0006% error. Our real-world analysis
shows that errors occur eight thousand times more often. Every twenty
times their software blocks a library patron from reading, say,
hustler.com, it blocks another from reading Mark Twain, William
Shakespeare, or the Declaration of Independence. Secure Computing's
software can't tell the difference -- and its PR spin is an
illustration of Twain's classic adage about lies, damn lies, and
statistics."
Added McCarthy, "The Bill of Rights doesn't allow our government to
burn Shakespeare, even if they try burning twenty Hustlers to make up
for it."
Though the raw data from the Censorware Project's report was made
available, Secure Computing never obtained this data - which was drawn
from 31 days of logs, not the "two-week period" that Secure Computing
claims. In a followup report released today, the Censorware Project
exposes the statistical sleight-of-hand, sheds light on last year's
censored sites still censored to this day, and reveals new blocks
which were not listed in the original report.
"One is 'Responses to the Holocaust,'" said Project member Michael
Sims. "SmartFilter blocked it from Utah students in September and they
still block it today. Only because its blacklist is put together by a
computer, with no effective human oversight, can documentation of Nazi
genocide be called 'hate speech.'"
Another wrongly-blocked site not mentioned in the March report is that
of the Censorware Project itself. Secure Computing's first reaction to
the same criticism that it now praises as an "exhaustive and thorough
review" was to ban it under all 27 blacklist categories. Censorship of
critics is common with this type of software.
The Censorware Project also found accessing inappropriate material to
be easy, using the latest version of the software. "With the trial
proxy installed, I found hardcore porn within three minutes, and
instructions for making drugs and bombs were just a few clicks away,"
said McCarthy.
The Censorware Project has written to the president of Secure
Computing, demanding that he withdraw the false information in the
company's press release.
------------------------------
Date: Sat, 19 Jun 1999 12:58:42 -0700
From: Jim Galasyn
To: "cudigest@sun.soci.niu.edu (E-mail)"
Subject: File 6--Court's ruling on cable praised for doing what county wouldn't
Court's ruling on cable praised for doing what county wouldn't
by Kery Murakami
Seattle Times staff reporter
When a federal judge ruled last week that Portland and other
municipalities could require AT&T and TCI to open Internet
access to competitors, Metropolitan King County Council members
were quick to applaud.
Within hours, council members Jane Hague and Greg Nickels issued
a press release saying the ruling upholds the county's position
that no communications giant should hold a monopoly over
high-speed access to the Internet.
What they were not so quick to point out, however, was that the
council had earlier backed away from requiring open access for
fear of being sued. In February, the council rejected a proposal
by County Executive Ron Sims to deny approval of the merger
between the two companies unless competitors such as America
Online were allowed to hook up to cable lines at minimal extra
cost to their customers.
Instead, the council decided to form an expert study panel -
which it got around to doing just this week. The council members'
press release rankled Sims, who said the court ruling did uphold
a position - his.
Sims said the council should have held firm with TCI and AT&T
last spring.
((snip))
------------------------------
Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators
Subject: File 7--Cu Digest Header Info (unchanged since 10 Jan, 1999)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
The mailing list is automated, so no human lies at the other end.
CuD is readily accessible from the Net:
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
Readers wishing to auto-set their browsers to receive the
latest issue of CuD can point to:
http://www.soci.niu.edu/~cudigest/latest.txt
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #11.29
************************************
<--">Return to the Cu Digest homepage
Page maintained by: Jim Thomas - cudigest@sun.soci.niu.edu