Computer underground Digest Sun Mar 13, 1994 Volume 6 : Issue 24 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe (He's Baaaack) Acting Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copita Editor: Sheri O'Nothera CONTENTS, #6.24 (Mar 13, 1994) File 1--Clipping the Wings of Freedom (Reprint, by J.P. Barlow) File 2--Leahy to hold hearings on Clipper Chip! File 3--Survey: communication ethics on the net File 4--Starring Tom Cruise as Kevin Poulsen? Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 FTP: UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) nic.funet.fi ftp.warwick.ac.uk in pub/cud/ (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sun, 13 Mar 1994 11:30:17 -0500 From: John Perry Barlow Subject: File 1--Clipping the Wings of Freedom (Reprint, by J.P. Barlow) Clipping the Wings of Freedom page 1 Jackboots on the Infobahn by John Perry Barlow [Note: I wish to reserve to Wired Magazine first paper publication of the following piece. However, given the fairly immediate nature of this issue, I am net-casting it now. Feel free to pass it on electronically as you see fit, but please do not turn it into any sort of hard copy until Wired has done so. I also encourage you to buy the April issue of Wired in which it will appear.] On January 11, I managed to schmooze myself aboard Air Force 2. It was flying out of LA, where its principal passenger had just outlined his vision of the Information Superhighway to a suited mob of television, show biz, and cable types who fervently hoped to own it one day...if they could ever figure out what the hell it was. >From the standpoint of the Electronic Frontier Foundation, the speech had been wildly encouraging. The Vice President's announced program incorporated many of the concepts of open competition, universal access, and deregulated common carriage which we'd been pushing for the previous year. But he had said nothing about future of privacy, except to cite among the bounties of the NII its ability to "help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes." On the plane I asked him what this had meant regarding Administration policy on cryptography. He became non-committal as a cigar store indian. "We'll be making some announcements... I can't tell you anything more." He hurried back to the front of the plane, leaving me to troubled speculation. Despite its fundamental role in assuring privacy, transaction security, and reliable identity within the NII, the Clinton/Gore Administration policies regarding cryptography have not demonstrated an enlightenment to match the rest of their digital visions. The Clipper Chip...which bodes to be either the goofiest waste of federal dollars since Gerald Ford's great Swine Flu program or, if actually deployed, a surveillance technology of profound malignancy...seemed at first an ugly legacy of Reagan/Bush. "This is going to be our Bay of Pigs," one White House official told me at the time Clipper was introduced, referring to the distastrous Cuban invasion plan Kennedy inherited from Eisenhower. (Clipper, in case you're just tuning in, is an encryption chip which the NSA and FBI hope will someday be in every phone and computer in America. It scrambles your communications, making them unintelligible to all but their intended recipient. All, that is, but the government, which would hold the "key" to your chip. The key would separated into two pieces, held in escrow, and joined with the appropriate "legal authority.") Of course, trusting the government with your privacy is trusting a peeping tom to install your window blinds. And, since the folks I've met in this White House seem extremely smart, conscious, and freedom-loving...hell, a lot of them are Deadheads...I was sure that after they felt fully moved in, they'd face down the NSA and FBI, let Clipper die a natural death, and lower the export embargo on reliable encryption products. Furthermore, NIST and the National Security Council have been studying both Clipper and export embargoes since April. Given that the volumes of expert testimony they collected opposed them both almost unanimously , I expected the final report to give the Administration all the support it needed to do the right thing. I was wrong about this. Instead, there would be no report. Apparently, they couldn't draft one which supported, on the evidence, what they had decided to do instead. THE OTHER SHOE DROPS On Friday, February 4, the other jack-boot dropped. A series of announcements from the Administration made it clear that cryptography would become their very own "Bosnia of telecommunications" (as one staffer put it). It wasn't just that the old Serbs in the NSA and the FBI were still making the calls. The alarming new reality was that the invertebrates in the White House were only too happy to abide by them. Anything to avoid appearing soft on drugs or terrorism. So, rather than ditching Clipper, they declared it a Federal Data Processing Standard, backing that up with an immediate government order for 50,000 Clipper devices. They appointed NIST and the Department of Treasury as the "trusted" third parties that would hold the Clipper key pairs. (Treasury, by the way, is also home to such trustworthy agencies as the Secret Service and the Bureau of Alcohol, Tobacco, and Firearms.) They re-affirmed the export embargo on robust encryption products, admitting for the first time that its purpose was to stifle competition to Clipper. And they outlined a very porous set of requirements under which the cops might get the keys to your chip. (They would not go into the procedure by which the NSA would get them, though they assured us it was sufficient.) They even signaled the impending return of the dread Digital Telephony, an FBI legislative initiative which would require fundamentally re-engineering the information infrastructure to make provision of wiretapping ability the paramount design priority. INVASION OF THE BODY SNATCHERS Actually, by the time the announcements thudded down, I wan't surprised by them. I had spent several days the previous week in and around the White House. I felt like I was in another re-make of The Invasion of the Body Snatchers. My friends in the Administration had been transformed. They'd been subsumed by the vast mind-field on the other side of the security clearance membrane, where dwell the monstrous bureaucratic organisms which feed themselves on fear. They'd adopted the institutionally paranoid National Security Weltanschauung. They used all the tell-tale phrases. Mike Nelson, the White House point man on NII, told me, "If only I could tell you what I know, you'd feel the same way I do." I told him I'd been inoculated against that argument during Vietnam. (And it does seem to me that if you're going to initiate a process which might end freedom in America, you probably need an argument that isn't classified.) Besides, how does he know what he knows? Where does he get his information? Why the NSA, of course. Which, given its strong interest in the outcome, seems hardly an unimpeachable source. However they reached it, Clinton and Gore have an astonishingly simple bottom line, against which even the future of American liberty and prosperity is secondary: They believe that it is their responsibility to eliminate, by whatever means, the possibility that some terrorist might get a nuke and use it on, say, the World Trade Center. They have been convinced that such plots are more likely to ripen to their hideous fruition behind a shield of encryption. The staffers I talked to were unmoved by the argument that anyone smart enough to steal and detonate a nuclear device is probably smart enough to use PGP or some other uncompromised crypto standard. And never mind that the last people who popped a hooter in the World Trade Center were able to put it there without using any cryptography and while under FBI surveillance. We are dealing with religion here. Though only 10 American lives were lost to terrorism in the last two years, the primacy of this threat has become as much an article of faith with these guys as the Catholic conviction that human life begins at conception or the Mormon belief that the Lost Tribe of Israel crossed the Atlantic in submarines. In the spirit of openness and compromise, they invited EFF to submit other solutions to the "problem" of the nuclear-enabled terrorist besides key escrow devices, but they would not admit into discussion the argument that such a threat might, in fact, be some kind of phantasm created by the spooks to ensure their lavish budgets into the Post-Cold War era. As to the possibility that good old-fashioned investigative techniques might be more valuable in preventing their show-case catastrophe (as it was after the fact in finding the alleged perpetrators of the last attack on the World Trade Center),they just hunkered down and said that when wire-taps were necessary, they were damned well necessary. When I asked about the business that American companies lose to their inability to export good encryption products, one staffer essentially dismissed the market, saying that total world trade in crypto goods was still less than a billion dollars. (Well, right. Thanks more to the diligent efforts of the NSA than lack of sales potential.) I suggested that a more immediate and costly real-world effect of their policies would be reducing national security by isolating American commerce, owing to a lack of international confidence in the security of our data lines. I said that Bruce Sterling's fictional data-enclaves in places like the Turks and Caicos Islands were starting to look real world inevitable. They had a couple of answers to this, one unsatisfying and the other scary. Their first answer was that the international banking community could just go on using DES, which still seemed robust enough to them. [DES is the old federal Data Encryption Standard, thought by most cryptologists to be nearing the end of its credibility.] More troubling was their willingness to counter the data-enclave future with one in which no data channels anywhere would be secure from examination by some government or another. They pointed to unnamed other countries which were developing their own mandatory standards and restrictions regarding cryptography and have said to me on several occasions words to the effect that, "Hey, it's not like you can't outlaw the stuff. Look at France." Of course, they have also said repeatedly...and for now I believe them...that they have absolutely no plans to outlaw non-Clipper crypto in the U.S. But that doesn't mean that such plans couldn't develop in the presence of some pending "emergency." Then there is that White House briefing document, issued at the time Clipper was first announced, which asserts that no U.S. citizen "as a matter of right, is entitled to an unbreakable commercial encryption product." Now why, if it's an ability they have no intention of contesting, do they feel compelled to declare that it's not a right? Could it be that they are preparing us for the laws they'll pass after some bearded fanatic has gotten himself a surplus nuke and used something besides Clipper to conceal his plans for it? If they are thinking about such an eventuality, we should be doing so as well. How will we respond? I believe there is a strong, though currently untested, argument that outlawing unregulated crypto would violate the First Amendment, which surely protects the manner of our speech as clearly as it protects the content. But of course the First Amendment is, like the rest of the Constitution, only as good as the government's willingness of the to uphold it. And they are, as I say, in a mood to protect our safety over our liberty. This is not a mind-frame against which any argument is going to be very effective. And it appeared that they had already heard and rejected every argument I could possibly offer. In fact, when I drew what I thought was an original comparison between their stand against naturally proliferating crypto and the folly of King Canute (who placed his throne on the beach and commanded the tide to leave him dry), my opposition looked pained and said he had heard that one almost as often as jokes about road-kill on the Information Superhighway. I hate to go to war with them. War is always nastier among friends. Furthermore, unless they've decided to let the NSA design the rest of the National Information Infrastructure as well, we need to go on working closely with them on the whole range of issues like access, competition, workplace privacy, common carriage, intellectual property, and such. Besides, the proliferation of strong crypto will probably happen eventually no matter what they do. But then again, it might not. In which case we could shortly find ourselves under a government that would have the automated ability to log the time, origin and recipient of everycall we made, could track our physical whereabouts continuously, could keep better account of our financial transactions than we do, and all without a warrant. Talk about crime prevention! Worse, under some vaguely defined and surely mutable "legal authority," they also would be able to listen to our calls and read our e-mail without having to do any backyard rewiring. (And wouldn't even need that to monitor our overseas calls.) If there's going to be a fight, I'd far rather it be with this government than the one we'd likely face on that hard day. Hey, I've never been a paranoid before. It's always seemed to me that most governments are too incompetent to keep a good plot strung together all the way from coffee break to quitting time. But I am now very nervous about the government of the United States of America. Because Bill 'n' Al, whatever their other new paradigm virtues, have allowed the very old paradigm trogs of the Guardian Class to the define as their highest duty the defense of America against an enemy that exists primarily in the imagination and is therefore capable of anything. To assure absolute safety against such an enemy, there is no limit to the liberties we will eventually be asked to sacrifice. And, with a Clipper chip in every phone, there will certainly be no technical limit on their ability to enforce those sacrifices. WHAT YOU CAN DO GET CONGRESS TO LIFT THE CRYPTO EMBARGO The Administration is trying to impose Clipper on us by manipulating market forces. Purchasing massive numbers of Clipper devices, they intend to produce an economy of scale which will make them cheap while their export embargo renders all competition either expensive or non-existent. We have to use the market to fight back. While it's unlikely that they'll back down on Clipper deployment, the Electronic Frontier Foundation believes that with sufficient public involvement, we can get Congress to eliminate the export embargo. Rep. Maria Cantwell (D-WA) has a bill (H.R. 3627) before the Economic Policy, Trade, and Environment Science Subcommittee of the House Foreign Affairs Committee which would do exactly that. She will need a lot of help from the public. They may not care much about your privacy in DC, but they still care about your vote. Please signal your support of H.R. 3627, either by writing her directly or e-mailing her at cantwell@eff.org. Messages sent to that address will be printed out and delivered to her office. In the Subject header of your message, please include the words "support HR 3627." In the body of your message, express your reasons for supporting the bill. You may also express your sentiments to Rep. Lee Hamilton, the Foreign Relations Committee chairman, by e-mailing hamilton@eff.org. Furthermore, since there is nothing quite as powerful as a letter from a constituent, you should check the following list of subcommittee and committee members to see if your congressperson is among them. If so, please copy them your letter to Ms. Cantwell. Economic Policy, Trade, and Environment Science Subcommittee: Democrats: Sam Gejdenson (Chairman), James Oberstar, Cynthia McKinney, Maria Cantwell, Eric Fingerhut, Albert R. Wynn, Harry Johnston, Eliot Engel, Charles Schumer. Republicans: Toby Roth (ranking), Donald Manzullo, Doug Bereuter, Jan Meyers, Cass Ballenger, Dana Rohrabacher. Foreign Affairs Committee: Democrats: Lee Hamilton (Chairman), Tom Lantos, Robert Torricelli, Howard Berman, Gary Ackerman, Eni Faleomavaega, Matthew Martinez, Robert Borski, Donal Payne, Robert Andrews, Robert Menendez, Sherrod Brown, Alcee Hastings, Peter Deutsch, Don Edwards, Frank McCloskey, Thomas Sawyer, Luis Gutierrez. Republicans: Benjamin Gilman (ranking), William Goodling, Jim Leach, Olympia Snowe, Henry Hyde, Christopher Smith, Dan Burton, Elton Gallegly, Ileana Ros-Lehtinen, David Levy, Lincoln Diaz-Balart, Ed Royce. BOYCOTT CLIPPER DEVICES AND THE COMPANIES WHICH MAKE THEM. Don't buy anything with a Clipper chip in it. Don't buy any product from a company which manufactures devices with "Big Brother Inside." It is likely that the government will ask you to use Clipper for communications with the IRS or when doing business with Federal agencies. They cannot, as yet, require you to do so. Just say no. LEARN ABOUT ENCRYPTION AND EXPLAIN THE ISSUES TO YOUR UNWIRED FRIENDS The administration is banking on the likelihood that this stuff too technically obscure to agitate anyone but nerds like us. You prove them wrong by patiently explaining what's going on to all the people you know who have never touched a computer and glaze over at the mention of words like "cryptography." Maybe you glaze over yourself. Don't. It's not that hard. For some hands-on experience, download a copy of PGP, a shareware encryption engine which uses the robust RSA encryption algorithm. and learn to use it. GET YOUR COMPANY TO THINK ABOUT EMBEDDING REAL CRYPTOGRAPHY IN ITS PRODUCTS If you work for a company which makes software, computer hardware, or any kind of communications device, work from within to get them to incorporate RSA or some other strong encryption scheme into their products. If they say that they are afraid to violate the export embargo, ask them to consider manufacturing such products overseas and importing them back into the United States. There appears to be no law against that. As yet. You might also lobby your company to join the Digital Privacy and Security Working Group, a coalition of companies and public interest groups that includes IBM, Apple, Sun, Microsoft (and, interestingly, Clipper phone manufacturer AT&T) that is working to get the embargo lifted. JOIN EFF, CPSR, OR BOTH Self-serving as it sounds coming from me, I think you can do a lot to help by becoming a member of one of these organizations. In addition to giving you access to the latest information on this subject, every additional member strengthens our credibility with Congress. Join the Electronic Frontier Foundation by writing membership@eff.org. Join Computer Professionals for Social Responsibility by writing [provide e-mail address here.] In his LA speech, Gore called the development of the NII "a revolution." And it is a revolutionary war we are engaged in here. Clipper is a last ditch attempt by the United States, the last great power from the Industrial Era, to establish imperial control over Cyberspace. If they win, the most liberating development in the history of humankind could become, instead, the surveillance system which will monitor our grandchildren's morality. We can be better ancestors than that. John Perry Barlow is co-founder and Vice-Chairman of the Electronic Frontier Foundation, a group which defends liberty, both in Cyberspace and the Physical World. He has three daughters. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=