Computer underground Digest Thu Mar 10, 1994 Volume 6 : Issue 23 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe (He's Baaaack) Acting Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copita Editor: Sheri O'Nothera CONTENTS, #6.23 (Mar 10, 1994) File 1--Time Magazine on Clipper File 2--Some Thoughts on Clipper (by Jim Bidzos) File 3--Dennings' Newsday piece is Convincing (Re CuD #6.20) File 4--Re: Newsday Clipper Story (CuD 6.19) File 5--Newsday's Encryption and Law Enforcement (Re: CuD 6.19) File 6--DOS is not dead yet. . . . File 7--Response to Frisk (Re CuD 6.19) File 8--Re: "Hackers" Whack Harding (CuD 6.19) File 9--"Porn Press Release" from EFF is a Hoax Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 FTP: UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) nic.funet.fi ftp.warwick.ac.uk in pub/cud/ (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sun, 6 Mar 1994 14:13:18 -0500 From: Dave Banisar Subject: File 1--Time Magazine on Clipper Time Magazine, March 14, 1994 TECHNOLOGY WHO SHOULD KEEP THE KEYS? The U.S. government wants the power to tap into every phone, fax and computer transmission BY PHILIP ELMER-DEWITT ... (general background) ... (general info on techo advances) Thus the stage was set for one of the most bizarre technology-policy battles ever waged: the Clipper Chip war. Lined up on one side are the three- letter cloak-and-dagger agencies -- the NSA, the CIA and the FBI -- and key policymakers in the Clinton Administration (who are taking a surprisingly hard line on the encryption issue). Opposing them is an equally unlikely coalition of computer firms, civil libertarians, conservative columnists and a strange breed of cryptoanarchists who call themselves the cypherpunks. At the center is the Clipper Chip, a semiconductor device that the NSA developed and wants installed in every telephone, computer modem and fax machine. The chip combines a powerful encryption algorithm with a ''back door'' -- the cryptographic equivalent of the master key that opens schoolchildren's padlocks when they forget their combinations. A ''secure'' phone equipped with the chip could, with proper authorization, be cracked by the government. Law-enforcement agencies say they need this capability to keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper -- and a bill before Congress that would require phone companies to make it easy to tap the new digital phones -- as Big Brotherly tools that will strip citizens of whatever privacy they still have in the computer age. In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it. The battle lines were first drawn last April, when the Administration unveiled the Clipper plan and invited public comment. For nine months opponents railed against the scheme's many flaws: criminals wouldn't use phones equipped with the government's chip; foreign customers wouldn't buy communications gear for which the U.S. held the keys; the system for giving investigators access to the back-door master codes was open to abuse; there was no guarantee that some clever hacker wouldn't steal the keys. But in the end the Administration ignored the advice. In early February, after computer- industry leaders had made it clear that they wanted to adopt their own encryption standard, the Administration announced that it was putting the NSA plan into effect. Government agencies will phase in use of Clipper technology for all unclassified communications. Commercial use of the chip will be voluntary -- for now. It was tantamount to a declaration of war, not just to a small group of crypto-activists but to all citizens who value their privacy, as well as to telecommunications firms that sell their products abroad. Foreign customers won't want equipment that U.S. spies can tap into, particularly since powerful, uncompromised encryption is available overseas. ''Industry is unanimous on this,'' says Jim Burger, a lobbyist for Apple Computer, one of two dozen companies and trade groups opposing the Clipper. A petition circulated on the Internet electronic network by Computer Professionals for Social Responsibility gathered 45,000 signatures, and some activists are planning to boycott companies that use the chips and thus, in effect, hand over their encryption keys to the government. ''You can have my encryption algorithm,'' said John Perry Barlow, co-founder of the Electronic Frontier Foundation, ''when you pry my cold dead fingers from my private key.'' ... (history of Public Key encryption). ... (history of PGP) Rather than outlaw PGP and other such programs, a policy that would probably be unconstitutional, the Administration is taking a marketing approach. By using its purchasing power to lower the cost of Clipper technology, and by vigilantly enforcing restrictions against overseas sales of competing encryption systems, the government is trying to make it difficult for any alternative schemes to become widespread. If Clipper manages to establish itself as a market standard -- if, for example, it is built into almost every telephone, modem and fax machine sold -- people who buy a nonstandard system might find themselves with an untappable phone but no one to call. That's still a big if. Zimmermann is already working on a version of PGP for voice communications that could compete directly with Clipper, and if it finds a market, similar products are sure to follow. ''The crypto genie is out of the bottle,'' says Steven Levy, who is writing a book about encryption. If that's true, even the nsa may not have the power to put it back. Reported by David S. Jackson/San Francisco and Suneel Ratan/Washington ------------------------------ Date: Tue Mar 8 12:07:47 1994 >From jim@RSA.COM Subject: File 2--Some Thoughts on Clipper (by Jim Bidzos) SOME THOUGHTS ON CLIPPER, NSA, AND ONE KEY ESCROW ALTERNATIVE In a recent editorial, Dr. Dorothy Denning of Georgtown University argued in support of the U.S. government's proposed Clipper Chip, a security device that would allow law enforcement to decipher the communications of users of such devices. Dr. Denning attempts to argue that Clipper is necessary for law enforcement agencies to be able to do their job. I'm not going to argue that one; there are plenty of people who can argue that compromising privacy for all citizens in order to aid law enforcement is a bad idea more effectively than I, particularly in the Clipper case, where the arguments from law enforcement are dubious at best. (The current justification is inadequate; there may be better reasons, from a law enforcement perspective, but we haven't heard them yet.) Without doubt, law enforcement and intelligence are huge stakeholders in the debate over encryption. But every individual and corporation in the U.S. must be included as well. Are NSA's actions really in the best interests of all the stakeholders? Are there alternatives to the current key escrow program? If one steps back and looks at what has happened over the last few years, one might well question the government's approach with Clipper, if not its motivation, for dealing with this problem. (I believe it may even be possible to conclude that Clipper is the visible portion of a large-scale covert operation on U.S. soil by NSA, the National Security Agency.) Over a number of years, through their subversion of the Commerce Department (who should be championing the causes of U.S. industry, not the intelligence agencies), NSA has managed to put many U.S. government resources normally beyond their control, both legally and practically, to work on their program of making U.S. and international communications accessible. The first step was the MOU (Memorandum of Understanding) between the Commerce Department's National Institute of Standards and Technology (NIST) and the Defense Department's NSA. This document appears to contravene the provisions of the Computer Security Act of 1987, the intent of which was to give NIST control over crypto standards-making for the unclassified government and commercial sectors. The MOU essentially gave NSA a veto over any proposals for crypto standards by NIST. By using the standards making authority of NIST, NSA is attempting to force the entire U.S. government to purchase Clipper equipment since only NIST-standard equipment may be purchased by government agencies. This purchasing power can then be used to force U.S. manufacturers to build Clipper products or risk losing government business. (GSA is currently questioning NSA's authority to control government-wide procurement, and should continue to do so.) This of course not only subsidizes Clipper products, but could make Clipper a de facto standard if the costs associated with alternatives are too high. These costs to industry, of ignoring Clipper, come in the form of lost government market share, costly support for multiple versions of incompatible products, and non-exportability of non-Clipper products. It also appears that NSA is desperately seeking a digital signature standard that would force users to take that signature capability wrapped up with a Clipper chip. If this is the case, as it appears to be, then NSA has is trying to use what is probably the most powerful business tool of the information age as a means to deny us its benefits unless we subsidize and accept Clipper in the process. This would, if true, be an unprecedented abuse of government power to influence U.S. industry and control individual privacy. (Clipper is part of a chip called Capstone, which is where their proposed digital signature standard would be used.) The overall cost of these policies is unknown. We only know that NSA has spent a considerable amount of money on the program directly. Other costs are not so obvious. They are: - A burdened U.S. industry, which will have to build multiple products or more expensive products that support multiple techniques; - A low-intensity "trade war" with the rest of the world over encryption; - Lost sales to U.S. companies, since international buyers will surely go to non-U.S. suppliers for non- Clipper encryption, as may buyers in the U.S.; - Potential abuses by government and loss of privacy for all citizens. Does NSA truly believe they can displace other methods with Clipper? With over three million licensed, documented RSA products, the technology they feel threatened by, in use in the U.S. today? Not likely; therefore, they have already decided that these costs are acceptable even if they only delay the inevitable, and that U.S. industry and U.S. taxpayers should bear these costs, whatever they are. This policy was apparently developed by unelected people who operate without oversight or accountability. Does the White House really support this policy? It has been reported that NSA is attempting to gain support from foreign governments for escrow technology, especially if "local control" is provided. Even if NSA can convince their sister organizations around the world to support key escrow (by offering Clipper technology with a do-your-own-escrow option), will these other organizations succeed in selling it to their government, industry and citizens? Most countries around the world have much stronger privacy laws and a longer history of individual privacy than the U.S. WHY AGAIN WHEN IT DIDN'T WORK THE FIRST TIME? Many seem to have forgotten or are not aware that the Clipper program is not new, and it's also not the first time NSA has attempted to force communications security on U.S. industry that it could compromise. In the mid-80's, NSA introduced a program called the Commercial COMSEC Endorsement Program, or CCEP. CCEP was essentially Clipper in a black box, since the technology was not sufficiently advanced to build lower-cost chips. Vendors would join CCEP (with the proper security clearances) and be authorized to incorporate classified algorithms into communications systems. NSA had proposed that they themselves would actually provide the keys to end-users of such systems. The new twist is access by key escrow. To see how little things have changed, consider this quote: "...RSA Data Security, Inc. asserts that since CCEP-2 is not published and therefore cannot be inspected by third parties, the NSA could put a 'trap door' in the algorithm that would enable the agency to inspect information transmitted by the private sector. When contacted, NSA representative Cynthia Beck said that it was the agency's policy not to comment on such matters." That was in 1987. ("The Federal Snags in Encryption Technology," Computer and Communications Decisions, July 1987, pp. 58-60.) To understand NSA's thinking, and the danger of their policies, consider the reply of a senior NSA official when he was asked by a reporter for the Wall Street Journal if NSA, through the CCEP program, could read anyone's communications: "Technically, if someone bought our device and we made the keys and made a copy, sure we could listen in. But we have better things to do with our time." (The Wall Street Journal, March 28, 1988, page 1, column 1, "A Supersecret Agency Finds Selling Secrecy to Others Isn't Easy," by Bob Davis.) Another NSA official, in the same Journal story, said "The American Public has no problem with relying on us to provide the technology that prevents the unauthorized launch of nuclear weapons. If you trust us to protect against that, you can trust us to protect private records." Remember that the Cold War was still on at that time. Law enforcement and intelligence gathering are certainly impeded by the use of cryptography. There are certainly legitimate concerns that these interests have. But is the current approach really the way to gain support from industry and the public? People with a strong military and intelligence bias are making all the decisions. There seem to be better ways to strike a balance. AN ALTERNATIVE PROPOSAL One approach would be to have NIST develop a standard with three levels. The first level could specify the use of public-key for key management and signatures without any key escrow. There could be a "Level II" compliance that adds government key escrow to message preparation. "Level III" could be key escrow controlled by the user, typically a corporation. Would this work? The first level, meeting the standard by itself, would back up the government's claim that key escrow is voluntary; if I want privacy and authentication without key escrow, then I can have it, as the government has claimed I can. Actions speak louder than words. Why would any vendors support Level II? There would be several reasons. They would find a market in the government, since the government should purchase only Level II products. (I would certainly like our public servants to use key escrow, just as I want work product paid for by my corporation to be accessible. Of course, anyone can buy Level I products for home and personal use.) So the government can still influence the private sector by buying only products that include Level II compliance. Also, Level II products would be decontrolled for export. This way the market can decide; vendors will do what their customers tell them to. This satisifies the obvious desire on the part of the government to influence what happens with their purchasing power. Level III would allow any user to insert escrow keys they control into the process. (Level II would not be a prerequisite to Level III.) My company may want key escrow; I, as an individual, may want to escrow my keys with my attorney or family members; a standard supporting these funtions would be useful. I don't necessarily want or need the government involved. NIST already knows how to write a FIPS that describes software and hardware implementations, and to certify that implementations are correct. This approach cetainly isn't perfect, but if the administration really believes what it says and means it, then I submit that this is an improvement over a single key escrow FIPS foisted on everyone by NSA, and would stand a much better chance of striking a workable balance between the needs of the government and the right of individuals to privacy. Therefore, it RISKS much less than the current plan. The real problem with the way NSA works is that we don't find out what they're really doing and planning for decades, even when they're wrong. What if they are? In the 60's and 70's, the CIA was out of control, and the Congress, after extensive hearings that detailed some of the abuses of power by the CIA, finally moved to force more accountability and oversight. In the 80's and 90's, NSA's activities should be equally scrutinized by a concerned Congress. ------------------------------ Date: Thu, 3 Mar 1994 11:59:00 GMT From: chris.hind@MAVERICKBBS.COM(Chris Hind) Subject: File 3--Dennings' Newsday piece is Convincing (Re CuD #6.20) I dunno, but I think the Encryption and Law Enforcement letter by Dorothy Denning has convinced me that the Clipper Chip is safe. Multiple people hold the keys to tapping the line and it has the strongest encryption method created so far. I believed CUD earlier that it was bad for the US, but now I see its advantages as long as they don't outlaw other forms of encryption its okay with me. I mean, its not like Big Brother can't tap into our line right now with us knowing it! This technology isn't really new, its just a bit more sophisticated and thats what scares us. Please tell me if I'm wrong! As well as encryption, the clipper chip should also be modified to give superior compression so more information can be sent over the lines and during disaster they wouldn't be down. And as for the Digital Telephony Bill, simple PGP encryption will scramble data beyond recognition since it uses powerful public-key encryption. Sure, this security might catch some, but some criminals they'll never be able to catch anyways since they'll have the money to pay for even more powerful encryption. I usually don't change my opinions easily so it makes me wonder how many other people on the net have changed their opinions also. ------------------------------ Date: Mon, 28 Feb 1994 13:25:25 -0500 (EST) From: The Advocate Subject: File 4--Re: Newsday Clipper Story (CuD 6.19) > Newsday, Tuesday, February 22, 1994, Viewpoints > The Clipper Chip Will Block Crime > By Dorothy E. Denning Before We go any further, let your old friend the Advocate join the greek chorus, of people singing their personal respect and admiration for Dr Denning. Her work in the Neidorf case was without par and her commitment to issues in Cyberspace are intellectually rigorous and passionate. It thus doubly pains me when such an old and respected friend seems to have gone astray. > Hidden among the discussions of the information highway is a fierce > debate, with huge implications for everyone. It centers on a tiny > computer chip called the Clipper, which uses sophisticated coding to > scramble electronic communications transmitted through the phone > system. Just like other systems already in use for military and government or commercial transactions. > > The Clinton administration has adopted the chip, which would allow > law enforcement agencies with court warrants to read the Clipper codes > and eavesdrop on terrorists and criminals. But opponents say that, if or agencies with corrupt motives to spy on virtually every transaction telephonic or datic that moves on the information highway. future expansion of network systems will allow easy access to virtually all data, without regard, and with intrusion, without detection. > this happens, the privacy of law-abiding individuals will be a risk. individuals and corporations. > They want people to be able to use their own scramblers, which the > government would not be able to decode. WOuld not be able to decode? no, would not be able to decode without spending some money. Dr Denning forgets that we spend an estimated $27 Billion dollars per year on the NSA, an agency devoted entirely to signals interception, decryption and analysis. THis same agency has been involved in the Clipper developement and has refused to make any of it's files available and has instead crowded the field with classified segments. > If the opponents get their way, however, all communications on the > information highway would be immune from lawful interception. In a Hardly. It merely means that interception would require either more detailed de-crpyption efforts or attack at sources of transmission or reception. These same complaints are repackaged complaints about miranda rights, the exclusionary rule and every other legal reform of this century. > world threatened by international organized crime, terrorism, and rogue > governments, this would be folly. In testimony before Congress, Donald International organised crime? you mean like the Mafia, whom the CIA helped set up? and who work routinely as government agents? Terrorism? in this country of 250 million people less the 15 people per year die on average from terrorist activities. considering 50,000 americans die every year on the roads, someone needs to get their priorities re-aligned. Rogue governments? like the libyans, or Iraq and iran? how will clipper harm a foreign government? not to mention these countries are all paper tigers. the last time we dealt with traq, i seem to recall we waxed their army without breaking a sweat. i am not worried. > Delaney, senior investigator with the New York State Police, warned > that if we adopted an encoding standard that did not permit lawful > intercepts, we would have havoc in the United States. But don forgets that his standard allows un-lawful intercepts. lets look at this word havoc. that means a state of chaos or confusion. If i go to anacostia on a friday night, i would say havoc exists. if i go into a DC school by day, i could say havoc exists. when LA burned last year havoc ran rampant, and certainly this had little to do with the lack of a proper data encryption standard. The operation of the polis has little to do with the effectiveness of our secret police. > > Moreover, the Clipper coding offers safeguards against casual > government intrusion. It requires that one of the two components of Not neccesarily. Although Dr denning and a team of independent scientists reviewed the clipper standard, they are not specialists in code breaking. I do not know how immune clipper is to corruption once partial knowledge is attained. knowledge of header blocks, and access to partial keys and key fragments may make closure of the cryptic circle a simpler proposition then her analysis indicated. > a key embedded in the chip be kept with the Treasury Department and the The dept that brought us the Secret service and the ATF? i don't think so. > other component with the Commerce Department's National Institute of > Standards and Technology. Any law enforcement official wanting to who work hand in glove with the NSA? she forgets a single compromised official may be able to subvert the entire system as mr Ames so easily demonstrated last week. > wiretap would need to obtain not only a warrant but the separate > components from the two agencies. This, plus the superstrong code and > key system would make it virtually impossible for anyone, even corrupt > government officials, to spy illegally. I think this is optimism in action. > But would terrorists use Clipper? The Justice Department has would Clipper stop terrorism? Seriously can anyone guarantee that this technology will end terrorism? will clipper end drug trafficking? > their calls with their own code systems. But then who would have > thought that the World Trade Center bombers would have been stupid > enough to return a truck that they had rented? Considering the people who bomber the world trade center were keystone terrorists, i would hardly hold them up as examples. I would look at people like Carlos the Jackal, THe Red Army, Black September, Islamic Jihad, etc... These are highly sophisticated, well trained killers, and far more effective and dangerous. > Court-authorized interception of communications has been essential > for preventing and solving many serious and often violent crimes, for all the crime and violence in our society, i doubt law enforcement is doing a good job. what we see is another band-aid on serious social problems. > including terrorism, organized crime, drugs, kidnaping, and political > corruption. The FBI alone has had many spectacular successes that > depended on wiretaps. In a Chicago case code-named RUKBOM, they > prevented the El Rukn street gang, which was acting on behalf of the > Libyan government, from shooting down a commercial airliner using a > stolen military weapons system. Dr Dennings faith is touching here. The El Rukns were done in in part because the government compromised their lawyer. And also had several agents inside the organization. Please a better example must be out there. > To protect against abuse of electronic surveillance, federal > statutes impose stringent requirements on the approval and execution > of wiretaps. Wiretaps are used judiciously (only 846 installed > wiretaps in 1992) and are targeted at major criminals. and how many wiretaps are installed il-legally? considering during the gulf war the FBI was wire-tapping the homes of arab-americans i wonder how well they use the legal process. also if we are talking 846 wiretaps, and say, 200 hours of tape from each, we are talking about 200,000 hours of conversation. i am certain that the NSA has the facility to de-crypt this number of calls. And if they don't why don't they? they must listen to foreign conversations, and i am sure the russians are not so accomodating as to use clear voice signaling. > Now, the thought of the FBI wiretapping my communications appeals to > me about as much as its searching my home and seizing my papers. > But the Constitution does not give us absolute privacy from > court-ordered searches and seizures, and for good reason. Lawlessness > would prevail. But the constitution does not forbid me from keeping safes, or cryptic records or speaking in navajo, either. Dr Denning must have far less faith in the body politic then I do. besides if you want to see lawlessness, look at the beltway on friday afternoon. > Encoding technologies, which offer privacy, are on a collision > course with a major crime-fighting tool: wiretapping. Now the wiretapping is a minor crime fighting tool. for all the law enforcement personnell we have, and all the cases brought each year, less then 1% involve wiretapping to start with. these same complaints have been made about facsimile transmission, computer data, cell phones and cars. technology changes and law enforcement adapts. this is the first time, i have ever seen law enforcement try to cripple a technology befoe it becomes prevalent. ASk yourself a question Dr Denning. Cars are used in crime, criminals often escape from the police. why shouldn't all cars be restricted to 35MPH, by design so the police can always capture and pursue? fast cars, like the ferrari have not brought chaos to our society. why should cryptography? > Clipper chip shows that strong encoding can be made available in a way > that protects private communications but does not harm society if it > gets into the wrong hands. Clipper is a good idea, and it needs how will clipper prevent the wrong hands from getting strong encoding? will only outlaws have strong crypto? > support from people who recognize the need for both privacy and > effective law enforcement on the information highway. sure we need law enforcement on the info highway, but i don't need a trooper in the back seat to listen to me talk to my girlfirend as we drive. i just need a trooper to watch for speeders and drunk drivers. Dr Denning was part of the clipper review team, and as such may be psychologically and emotionally committed to the project. I hope her earlier effort shave not clouded her ability to conduct a dispassionate social and policy analysis. Also Louis Freeh was interviewed by John Markoff in an article in todays NYT about the return of the Digital Telephony Standard. Freeh said "If we are to have a peaceful and orderly society, people will have to sacrifice a little privacy". I couldn't believe this. Didn't jefferson say something on the lines of those who sacrifice liberty for a little peace deserve neither? or was that heinlein? The other interesting factoid to counter all the discussion on Terrorism, Nuclear death threats and Drug Dealing, is that Aldrich Ames was arrested last week in the biggest spy scandal this century since the Rosenbergs. Ames who was the CIA chief of CounterIntelligence/Soviet-Eastern Division was as well trained in tradecraft as one can be. He never used any telephonic encryption, despite total access to all these devices. Sorry if the spys aren't using them, then why do we need a way to break them? Your friend The Advocate. PS Advocate prediction #13. That to push the clipper chip, supporters will claim that Child pornographers are distributing Snuff films in unbreakable crypto-form so that they can't be detected. ------------------------------ Date: 3 Mar 1994 12:12:08 -0500 From: hovaness@PANIX.COM(Haig Hovaness) Subject: File 5--Newsday's Encryption and Law Enforcement (Re: CuD 6.19) With all due respect to Professor Denning, I offer the following observations in response to the material in her recent posting. 1. Professor Denning's views are representative of a small minority in the US academic community. However, through her energetic campaign to promote pro-Clipper arguments, a casual observer of the debate would conclude that her position is representative of a substantial segment of academic opinion. This was especially evident in the ACM Communications "dialogue" on Clipper, in which Professor Denning's comments occupied almost half of the editorial space. 2. Professor Denning's efforts to advance her views are not limited to journalistic advocacy and Usenet postings. Her presence on the ACM committee studying Clipper has contributed to the success of the pro-Clipper faction in deadlocking the committee, and thus preventing the largest computing professional society from taking an anti-Clipper position, a position that would reflect the sentiments of the majority of the membership. 3. Professor Denning consistently makes generous assumptions about the proper and lawful actions of government officials - assumptions that anyone familiar with recent American history knows to be naive. For example, the political manipulation of information gathered by J. Edgar Hoover, former Director of the F.B.I. is common knowledge. 4. Professor Denning relies heavily on anecdotal evidence of crimes "prevented" through communications intercepts without presenting accurate data on the (very small) number of crimes in which the intercept was essential to the success of law enforcement. Others have posted the figures, and they suggest that the practical value of such intercepts is greatly overstated. 5. Professor Denning maintains that secure encryption is a difficult technology to master and is not readily available to the general public. In view of the existence of PGP, and the likely availability of its voice-scrambling successor, this is a ludicrous claim. 6. Professor Denning offers no explanation for how a US national standard restricting encryption can be viable in the context of worldwide voice and data communications. How can the US government possibly assert control of information packets crossing US "cyberspace?" 7. Professor Denning omits to mention that polls reveal that the majority of the US public are opposed to telephone wiretaps. All available evidence suggests that Clipper would never survive a public referendum. 8. Professor Denning neglects to mention that the entire commercial sector of the US computing industry is united in opposition to Clipper. Moreover, much of the business community is also hostile to the concept of Government interception of business communications. 9. Professor Denning's arguments are ultimately authoritarian. She believes that the judgement of government officials must carry greater weight than the will of the people. This is a profoundly anti-democratic position. Haig Hovaness Pelham Manor, NY hovaness@panix.com ------------------------------ Date: 8 Mar 94 16:23:23 GMT From: dbatterson@ATTMAIL.COM(David Batterson) Subject: File 6--DOS is not dead yet. . . . Is DOS dead? Definitely not, says SPC While millions of PC users own and use Windows regularly, many of us grouse about its idiosyncrasies. Meanwhile, innumerable users continue to use DOS applications, especially word processing programs. The DOS flavors of WordPerfect (versions 5.0 and later) have their legions of fans, along with Microsoft Word, WordStar and Professional Write. Although I use Ami Pro for Windows, I also occasionally use Professional Write (Ver. 2.2) which has been around for several years. Although WordPerfect users often turn up their noses at Professional Write, I have always preferred ProWrite to Word(not-so)Perfect. In fact, I never could understand why Software Publishing Corp. (SPC) didn't update the program. They did come out with a Windows version (Professional Write PLUS), but it didn't sell very well. Professional Write 3.0 is finally here, and should be in software stores soon. "This new version was primarily driven by the large number of customers who requested it," said Chris Randles, SPC's vice president of marketing. It seems a bit overpriced (at $249 list) for a program that has had only a modest facelift/update, though. Randles said that "DOS word processing is one of the most widely used applications in rapidly-growing niche markets such as small business and the home office." In that market, PC users don't want to mess around with memory problems, Windows GPFs (General Protection Faults), or word processing programs that have become monster applications akin to desktop publishing software. Professional Write 3.0 is pretty much the same program, so the learning curve is nil. There are some improvements that reflect the changing PC arena. Now you can use a mouse; I missed having that feature in Ver. 2.2. And SPC realizes that LANs are routine now, so made it network-ready. The program supports Novell, IBM, Banyan, Artisoft's LANtastic and Microsoft LAN Manager. Marlise Parker of Ad Hoc Associates, a Denver-based computer training and consulting firm, noted that "people are going back to the belief that the finest things in life are the most simple, and for many of us, that also applies to the software we use. Professional Write is one of those rare software gems that keeps getting better, without losing its simplicity," Parker added. Want to import .PCX graphics into a document? Sorry, you can't do it. You CAN include graphs produced with the DOS versions of Harvard Graphics (2.0 or higher). Want to make fancy newsletters and DTP documents? Forget it! SPC wisely decided to forego the "bells and whistles," says Parker, because most users don't want or need them. Software Publishers Association (SPA) reported recently that DOS word processing software sales increased a bit in 1993 over 1992. This occurred while sales of other DOS applications declined, as the Windows Juggernaut continued. So as far as word processing is concerned, rumors about the death of DOS are greatly exaggerated. Remember, the most popular offline mail readers are Blue Wave, Silver Xpress and OLX--all DOS programs. Professional Write 3.0 should do well, I think. I would have liked to have seen it at a $150 list price, however. ------------------------------ Date: Sat, 5 Mar 1994 13:57:23 -0500 From: "USENET News System" Subject: File 7--Response to Frisk (Re CuD 6.19) frisk@COMPLEX.IS(Fridrik Skulason) wrote: > A poster in CuD #6.19 wrote: > >I even created a virus or two in my years of computing, but never with > >the purpose of trying to harm another user's system! I create them only > >for testing purposes, and when I find one that fails a scanned test, I > >forward it to the company that created the anti-virus software. > > Do you really think you are doing anybody a favour by doing that ? > Anti-virus companies already receive on the average 7 new viruses per > day right now...we really don't need any more. Fridrik: It seems to me that one of the purposes of creating anti-virus software is to combat viruses. *ahem* What better way to do so than to receive virus programs from a "tester" and then write code to prevent similar programs from proliferating from a less honest individual? I don't see any validity in the argument against writing viruses to be sent into anti-virus software companies. If these people don't write test viruses, someone else will come up with similar ones and use them unscrupulously. If anti-virus companies are receiving "too many" new viruses every day, then perhaps they need to deal with the backlog. A representative such as yourself (I take it from your statementd that you work with such a company) certainly shouldn't be ranting and raving at people who are using their valuable time trying to help. ------------------------------ Date: Mon, 28 Feb 1994 09:34:40 GMT-0600 From: "Jeff Miller" Subject: File 8--Re: "Hackers" Whack Harding (CuD 6.19) Re: Media "Hackers" Whack Harding's E-Mail, CuD #6.19: > LILLEHAMMER, Norway--In what was described as a "stupid, > foolish mistake," perhaps as many as 100 American > journalists peeked into figure skater Tonya Harding's > private electronic mailbox at the Olympics. ++++++++++++++++ This story was mentioned on alt.2600 (an Internet news group dedicated to the magazine "2600"). It annoys me now as much as when I first read it. Here is the follow up I posted: Well, I personally know many hackers who have entered systems with someone elses password, looked around, and logged out. Did nothing more. They all lost *all* their computer equipment, and many non-computer related items, not to mention the thousands of dollars in lawyer and court costs, just to get the felony and misd charges slapped on them lowered to a misd. These reporters have just admitted to committing the exact same crime. Will they have all their equipment confiscated? Will they be raided by the secret service with guns pointed at their mothers at 5am? I think not. What a bunch of shit. Even if Norway's computer crime laws do not apply here, and the Olympic committee does not wish to take action against these reporters, it really makes me sick that THESE hackers are given the image of some responsible adults just having fun at 2AM while eating pizza, while the other hackers you read about are juvenile delinquents bent on moving satellites out of orbit and abusing the E911 system. Just a hypothetical thought: What would have happened if a US hacker was the one who broke into Harding's account instead of one of these journalists? ------------------------------ Date: 10 Mar 1994 10:46:04 -0500 From: mnemonic@eff.org (Mike Godwin) Subject: File 9--"Porn Press Release" from EFF is a Hoax At EFF, we have been receiving a number of queries about an alleged EFF "press release" or "statement" announcing the following: "Senator Jess Helms (R-NC) requested that the FBI become more involved in the fight to stop adult images from being distributed on electronic bulletin boards and the Internet." Typically, the "press release" has included the following: : "The EFF has issued a warning to sysops that the following files : which depict any of the following acts are illegal in all 50 : states, and can subject the sysop to prosecution regardless of : whether the sysop knows about the files or not. : : "--Depiction of actual sex acts in progress" : : "--Depiction of an erect penis" *There is no such press release.* *The press release is a hoax.* Several people seem to have been fooled by the false press release, including the new publication SYSOP NEWS, which reprinted it uncritically in its first issue. I urge you to spread this announcement to every BBS of which you a member. Thank you for helping us stop the unethical people who spread this misinformation. --Mike Mike Godwin, (202) 347-5400 |"And walk among long dappled grass, mnemonic@eff.org | And pluck till time and times are done Electronic Frontier | The silver apples of the moon, Foundation | The golden apples of the sun." ------------------------------ End of Computer Underground Digest #6.23 ************************************