Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Eidtor: Etaoin Shrdlu, III
CONTENTS, #5.80 (Oct 13 1993)
File 1--CALIF AB1624 signed into law - PUBLIC INFO ACCESS!
File 2--Thanks to The folks who made AB1624 possible
File 3--Response to Cohen in re ITAR & Export Regs
File 4--Space computer hacker gets bond.
File 5--all eff.org machines moving 10/15-10/18
File 6--IGC Wins Public Interest Aw
File 7--Response to PGP Encryption Flap (RE:CuD 574)
File 8--RSAREF VERS NUMBER
File 9--Elansky/Hartford bbs Hearings - Case Continues
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from [email protected]. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
UNITED STATES:
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
ftp.eff.org (192.88.144.4) in /pub/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
From: Jim Warren <[email protected]>
Subject: File 1--CALIF AB1624 signed into law - PUBLIC INFO ACCESS!
Date: Tue, 12 Oct 1993 14:26:21 -0700
Shortly before 8 a.m. this morning, Assembly Member Debra Bowen's
legislative aide who has been honchaing AB1624, Mary Winkley, sent the
following hand-written fax:
"The Governor signed 1624 last night! [Oct 11th, Monday, Columbus
Day] Yes. You read this correctly. This is not a joke!
Congratulations & thank you! Mary"
AB1624 will take effect Jan.1, 1994 (as is true of most of the 1,100+
bills, passed by the Legislature in 1993, that Gov. Pete Wilson signed
into law).
To my knowledge*, this is the first time that comprehensive
information about state legislation-in-process and state laws have
been made available by a state via the nonproprietary public computer
networks, especially without any fees charged by the state. (Hawaii
makes such information available, but only via an expensive private
state network, so far.)
This will permit *timely* access to legislative details -- crucial to
effective citizen participation in the process of their/our
governance; participation that is simply not practical via snailmailed
copies of quickly-obsolete printed legislative information (useful
only for after-the-fact fury).
It makes the information available in *useful* form. Whereas printed
legislative information can only be read <sneer>, the same information
arriving in computerized form can be:
Automatically monitored for *all* words and phrases that are
"interesting," Quickly searched for *all* specified topics and
subjects, Indexed, hyperlinked and cross-referenced to other related
information, Extracted, excerpted and forwarded to others, quickly
and accurately, and, oh yes, recipients can also read it.
Using the public global networks will provide other state legislative
staff, legislators and federal legislators with fast, easy access to
California legislation and statutes -- often used as models for other
states.
And, AB1624 can be used as a model -- by citizen-activists and
legislators -- for other states willing to encourage open democratic
processes.
Finally, as far as I know*, this is the first time online advocacy and
network-assisted citizen action was *instrumental* in structuring and
obtaining the passage of legislation. (There have, however, been
several instances where net-based action has *halted* undesired
legislation or regulations -- re crypto prohibitions, modem taxes,
etc.)
It won't be the last!
* - Please let me know if you know of other instances. (But, please phone;
I'm backlogged over a thousand messages in my email <cringe, blush>.)
ITS THE LAW!
The final version of the bill states [hand-typed for the last time!;
typos and bracketed notes are mine]:
"(a) The Legislative Counsel shall, with the advice of the Assembly
Committee on Rules and the Senate Committee on Rules, make all of the
following information available to the public in electronic form:
" (1) The legislative calendar, the schedule of legislative committee
hearings, a list of matters pending on the floors of both houses of the
Legislature, and a list of the committee of the Legislature and their
members.
" (2) The test of each bill introduced in each current legislative
session, including each amended, enrolled [passed by the Legislature] and
chaptered [signed or passed into law] form of each bill.
" (3) The bill history of each bill introduced and amended in each
current legislative session.
" (4) The bill status of each bill introduced and amended in each
current legislative session.
" (5) All bill analyses prepared by legislative committees in connection
with each bill in each current legislative session. [Bill analyses by the
party caucuses are *not* included.]
" (6) All vote information concerning each bill in each current %
legislative session.
" (7) Any veto message concerning a bill in each current legislative
session.
" (8) The California Codes. [the state's laws or statutes]
" (9) The California Constitution [including enacted ballot initiatives]
" (10) All statutes enacted on or after January 1, 1993.
"(b) The information identified in subdivision (a) shall be made available
to the public by means of access by way of the largest nonproprietary,
nonprofit cooperative public computer network ... in one or more formats.
.. Any person who accesses the information may access all or any part of
the information. The information that is maintained in the legislative
information system ... shall be made available in the shortest feasible
time after the information is available in the [Legislature's internal]
information system. The information that is not maintained in the
information system shall be made available in the shortest feasible time
after it is available to the Legislative Counsel.
"... [public documentation of digital formats will be available, online]
"(d) Personal information concerning a person who accesses the information
may be maintained only for the purpose of providing service to that person.
"(e) No fee or other charge may be imposed by the Legislative Counsel as
a condition of accessing the information ... . ..."
------------------------------
Date: Tue, 12 Oct 1993 14:28:59 -0700
From: Jim Warren <[email protected]>
Subject: File 2--Thanks to The folks who made AB1624 possible
((MODERATORS' NOTE: Jim Warren graciously thanks all those who
assisted in the enactment of California's AB1624, which expands the
public's access to state government documents. But, Jim Warren was the
primary force behind the legislation. Both the language of the law and
the energy to push the Bill through are a credit to Jim's efforts.
THANKS, JIM!!))
++++
There are *lots* of folks who greatly assisted AB1624 to become law,
but these are the crucial ones:
Assembly Member Debra Bowen introduced the concepts embodied in this
law. And, she did so on her own -- unlike most legislation, which is
brought to legislators by outside special interests (i.e., no
"sponsors").
Bowen's Legislative Aide Mary Winkley road herd on this bill, provided
Bowen with massive, *essential* input and guidance regarding the
details of the bill as it whip-sawed its way through the contorted
amendment and committee processes. Her assistance was especially
crucial given that Bowen had never held elective office before this
year.
Mary is the one who fielded several thousand phone calls and about
1,500 faxes and letters, concerning this bill alone (on top of a
dozen-or-so others for which she had key responsibility).
She was there days, evenings, nights, dawns, weekends and holidays
(I know; I often called her -- or she, me -- at night and on
weekends!).
Without Mary Winkley's *consumptive* efforts, AB1624 would not be
law.
The 1,500-or-so people who sent the faxes and letters to Bowen and to
crucial committee members as the bill went through the legislative
process.
YOUR *ACTION* WAS ESSENTIAL.
(When I first heard about the bill and talked to Winkley, she said
it was dead -- they had not found any public support for it,.amd the
Legislative Counsel's staff had said it would cost millions of dollars
to implement.)
[ And maybe me: "How I Spent My Summer Vacation." :-) <can't
think of a much better way!>
Most of all, I broadcast 32+ updates to you hundreds of folks who
so-politely tolerated my un-terse-osity, and YOU made it happen via
your support when and where it counted. (Also processed several
thousand email messages.)
I also showed 'em how they could do it for little or no cost via the
Internet and a cheap file-server (detailed it in a 16-page
implementation report), and detailed how the printed bills and their
semantically-meaningful italics, underscoring and strike-thrus might
be easily represented in ASCII text for dumb terminals. ]
PLEASE THANK MARY AND DEBRA -- WELL-EARNED APPLAUSE, WORTH BOTH HANDS
CLAPPING I have one final request of you: Please take the time to
at least call, or possibly fax or write, and personally thank Mary
Winkley and Debra Bowen for what they have done. They *deserve* to
know we noticed; we care; we appreciate their consumptive efforts.
Both are at: State Capitol, Room 3126, Sacramento CA 95814
voice/916-445-8528, fax/916-327-2201
Please, do it now. They deserve it!
And, thank you all -- *so much* -- for your interest and efforts. It
*is* possible for citizens to significantly impact government -- all
it takes is time and effort. :-)
ON TO THE NEXT PROJECT
The next thing to do is get the Secretary of State to make
already-required public campaign-contributor and financial-disclosure
information from "serious" candidates available in the same way as
AB1624 makes public legislative data and public laws available. Then
we can cross-reference vote records to contributor information --
making reform of the legislative process possible via a
better-informed electorate.
Like AB1624, this could be done at little or no cost to the
tax-payers or the candidates. There is already movement on this
project. More in a later message.
(Who knows -- maybe we won't need incumbency guarantees such as
campaign-spending limits, or tax-suckin' public campaign-funding to
pay for candidates' teevee ads and massive junk-mail.)
------------------------------
Date: Sun, 10 Oct 1993 17:42:00 -0700
From: [email protected](Bruce Jones)
Subject: File 3--Response to Cohen in re ITAR & Export Regs
Let's unpack a bit of what Mr. Cohen has to say about ITAR
export regulations and his experiences.
>Your discussion seems very strange to me. I seem to think I have
>heard it all before - about 3 years ago - when I got permission from
>the government to export an RSA cryptosystem with no restriction on
>key length or anything else.
>
>It took a few weeks (6-8 as I recall), but all I did was submit the
>software to the government (in 12 copies or so), and request a ruling.
>After a few call-backs, I got permission.
Please note that the posting site for Mr. Cohen's message is
the Science Applications International Corporation, a La Jolla
California based think tank that has deep ties to the U.S. Gov't and
does lots of work for the DoD. Given his ties to the DoD, it comes
as small surprise that he was able to get export permission for his RSA
cryptosystem.
[Discussion of key generation deleted because it's not germane to
my critique]
>All of this is not to say that I think it is reasonable to prevent us
>from doing as we please in this area, and I certainly wish I didn't
>have to wait so long before distributing new versions overseas, but
>why not just apply for export and see what happens? Maybe you'll get
>permission and it will all be no problem.
Why should a software manufacturer or a private citizen have to ask
permission in the first place, from the DoD (operating under the
guise of the Dept of Commerce) to export software that uses
encryption algorithms freely available in the country to which the
product is being exported?
>IBM has been exporting DES for quite a few years according to sources
>I have in EC who have seen IBM chips with DES on them in EC computers.
>I believe they simply asked for permission and got it.
Again, it's likely quite simple for someone who does business with
the DoD and the U.S. Gov't to get permission to export.
>I applaud the EFF for helping defend people in this area, but maybe if
>they tried to work within the law in the first place, they would have
>found it was easier to obey the law than break it.
Serious charges without foundation. Whom within the EFF has been
accused of breaking the law?
>Maybe if they apply now, they will end up with a no-case (assuming
>they get permission).
A dodge of the issue, which is not about whether or not one can get
permission to do something specific, but whether or not the
government has a right to require permission in the first place.
One of the founding tenets of the Unites States of America is the
idea that its citizens may do whatever they like, so long as their
chosen activity is not proscribed by law and doesn't violate the
rights of their neighbors. The opposite is ostensibly true for
the government, which may only do what has been permitted it under
the law. We live in a society where those distinctions apparently
collapsed some time ago.
Bruce Jones Department of Communication
[email protected]/bitnet University of California, San Diego
(619) 534-0417/4410 9500 Gilman Drive
FAX (619) 534-7315 La Jolla, Ca. 92093-0503
------------------------------
Date: Thu, 7 Oct 1993 17:49:40 +0800 (WST)
From: Stephen Hardman <[email protected]>
Subject: File 4--Space computer hacker gets bond.
Thursday: Space computer hacker gets bond.
MELBOURNE: A computer hacker who forced a 24-hour shutdown at US
National Aeronautics and Space Administration base was sentenced
yesterday to a year's jail but freed on a good behaviour bond and
ordered to do 500 hours' unpaid community work.
Nashon Even-Chaim, 22, of Caulfield, pleaded guilty to 15 charges of
unlawful interference with computer data in 1990, including using the
password "friend" to penetrate a NASA computer in Virginia.
Even-Chaim also admitted interfering with a CSIRO computer in
Melbourne, a private computer manufacturer's system in Texas and a US
government computer laboratory in California.
------------------------------
Date: Wed, 13 Oct 1993 17:31:14 -0400
From: Christopher Davis <[email protected]>
Subject: File 5--all eff.org machines moving 10/15-10/18
All eff.org machines will be disconnected and unavailable (due to
moving from Cambridge, MA to Washington, DC) from approximately noon
(EDT) Friday 15 October 1993 to approximately noon (EDT) Monday 18
October 1993.
This includes email to [email protected], access to the archives on
ftp.eff.org and gopher.eff.org, and mail-news gateways for
comp.org.eff.* and alt.comp.acad-freedom.*.
Mirrors of the archives should be available during the weekend.
We apologize for any inconvenience.
------------------------------
From: David Sobel <[email protected]>
Date: Tue, 12 Oct 1993 16:05:07 EST
Subject: File 6--IGC Wins Public Interest Aw
IGC Wins Public Interest Award
Palo Alto, Calif., October 12, 1993 - Computer Professionals for
Social Responsibility (CPSR), the national public interest
organization based in Palo Alto, announced today that the Institute
for Global Communications (IGC) has been named the winner of the 1993
Norbert Wiener Award for Social and Professional Responsibility.
Beginning in 1986, CPSR has presented this award each year to a
distinguished individual who, through personal example, demonstrated a
deep commitment to the socially responsible use of computing
technology. In 1992, the CPSR Board expanded the nominations to
include organizations. IGC is the first organizational recipient of
this prestigious award.
"The award is particularly appropriate this year because of the
enormous interest in computer networks generated by the debate over
the proposed National Information Infrastructure (NII)," said Stanford
professor and CPSR Board president Eric Roberts. "IGC has worked
diligently to use network technology to empower previously
disenfranchised individuals and groups working for progressive change.
CPSR has a strong commitment to making sure that everyone has access
to the resources and empowerment that networks provide. IGC has been
providing such access ever since it was founded in 1986."
"We're honored to be recognized by CPSR and to be the Norbert Wiener
Award recipient," says Geoff Sears, IGC's Executive Director. "Of
course, this award honors not just IGC, but the efforts and
accomplishments of all our network members, our entire network
community."
Sears will accept the Wiener award at CPSR's annual meeting banquet in
Seattle, Washington, on Saturday, October 16th.
This year's annual meeting is a two-day conference entitled
"Envisioning the Future: A National Forum on the National Information
Infrastructure (NII)" that will bring together local, regional, and
national decision makers to take a critical look at the social
implications of the NII. The keynote speaker will be Bruce McConnell,
Chief of Information Policy at the Office of Information and
Regulatory Affairs in the Office of Management and Budget (OMB), who
will present his views on the major NII issues now facing the
administration. Other highlights of the meeting include Kit Galloway
of Electronic Cafe International in Santa Monica, California, as the
featured speaker at the banquet. Using videotapes and a live
demonstration with CPSR chapters, Kit will present an innovative
approach to electronic communication and discuss how the Electronic
Cafe concept has been used.
The Institute for Global Communications is a nonprofit computer
networking organization dedicated to providing low-cost worldwide
communication and information exchange pertaining to environmental
preservation, human rights, sustainable development, peace, and social
justice issues. IGC operates the PeaceNet, EcoNet, ConflictNet, and
LaborNet computer networks. With a combined membership of 10,000
individuals and organizations ranging in size and scope from United
Nations Commissions to local elementary schools, IGC members
contribute to more than 1200 conferences covering virtually every
environmental and human rights topic.
The Wiener Award was established in 1987 in memory of Norbert Wiener,
the originator of the field of cybernetics and a pioneer in looking at
the social and political consequences of computing. Author of the
book, The Human Use of Human Beings, Wiener began pointing out the
dangers of nuclear war and the role of scientists in developing more
powerful weapons shortly after Hiroshima.
Past recipients of the Wiener Award have been: Dave Parnas, 1987, in
recognition of his courageous actions opposing the Strategic Defense
Initiative; Joe Weizenbaum, 1988, for his pioneering work emphasizing
the social context of computer science; Daniel McCracken, 1989, for
his work organizing computer scientists against the Anti Ballistic
Missiles deployment during the 1960s; Kristen Nygaard of Norway, 1990,
for his work in participatory design; Severo Ornstein and Laura Gould,
1991, in recognition of their tireless energy guiding CPSR through
its early years; and Barbara Simons, 1992, for her work on human
rights, military funding, and the U.C. Berkeley reentry program for
women and minorities.
Founded in 1981, CPSR is a national, nonprofit, public-interest
organization of computer scientists and other professionals concerned
with the impact of computer technology on society. With offices in
Palo Alto, California, and Washington, D.C., CPSR challenges the
assumption that technology alone can solve political and social
problems.
For more information about CPSR, the annual meeting, or the awards
banquet, call 415-322-3778 or send email to <[email protected]>.
For more information about IGC, contact Sarah Hutchison, 415-442-0220
x117, or send email to <[email protected]>.
------------------------------
Date: Mon, 11 Oct 93 12:07:01
From: [email protected]
Subject: File 7--Response to PGP Encryption Flap (RE:CuD 574)
In Re CuD574: File 1--Phil Zimmerman Comments on Encryption Flap
I'm posting this rather long message (sorry about the length,
but I wanted it to be complete [as the copyright states that it must
be for permitted redistribution]) with a couple of question in mind
that I would like answered:
1) Why is one branch of the government trying to kill off PGP
specifically, and possibly public key encryption in general. While an
other branch (DARPA) is helping to promote its use (See below)?
2) Since DARPA is promoting the use of the PEM public key
implementation, does this mean that it has a back door for "THEM"?
3) If you can get this public key program via anonymous FTP,
that IS export controlled, whats the governments beef with Austin Code
Works, and PGP's author? [Better get your copy now be for one side
finds out what the other is doing! %Maybe some one could point this
out to PGP's authors defence lawyer, humm?%]
============================================================================
Received: from RSA.COM (CHIRALITY.RSA.COM)
!RSA.COM!rsaref-administrator
!RSA.COM!coni
Subject--RSAREF VERS NUMBER
The current version of RSAREF is v1.01. To receive RSAREF read below.
RSAREF(TM):
A Cryptographic Toolkit for Privacy-Enhanced Mail
RSA Laboratories
(A division of RSA Data Security, Inc.)
October 4, 1993
This document copyright (C) 1993 RSA Laboratories, a division of RSA
Data Security, Inc. License is granted to reproduce, copy, post, or
distribute in any manner, provided this document is kept intact and
no modifications, deletions, or additions are made.
WHAT IS IT?
RSAREF is a cryptographic toolkit designed to facilitate rapid
deployment of Internet Privacy-Enhanced Mail (PEM) implementations.
RSAREF represents the fruits of RSA Data Security's commitment to the
U.S. Department of Defense's Advanced Research Projects Agency
(DARPA) to provide free cryptographic source code in support of a PEM
standard. Just recently, PEM became an Internet proposed standard.
Part of RSA's commitment to DARPA was to authorize Trusted
Information Systems of Glenwood, MD, to distribute a full PEM
implementation based on RSAREF. That implementation is now available
via anonymous FTP to 'ftp.tis.com'.
RSAREF supports the following PEM-specified algorithms:
o RSA encryption and key generation, as defined by RSA
Laboratories' Public-Key Cryptography Standards (PKCS)
o MD2 and MD5 message digests
o DES (Data Encryption Standard) in cipher-block chaining mode
RSAREF is written in the C programming language as a library that can
be called from an application program. A simple PEM implementation
can be built directly on top of RSAREF, together with message parsing
and formatting routines and certificate-management routines. RSAREF
is distributed with a demonstration program that shows how one might
build such an implementation.
The name "RSAREF" means "RSA reference." RSA Laboratories intends
RSAREF to serve as a portable, educational, reference implementation
of cryptography.
WHAT YOU CAN (AND CANNOT) DO WITH RSAREF
The RSAREF license agreement gives legal terms and conditions. Here's
the layman's interpretation, for information only and with no legal
weight:
1. You can use RSAREF in personal, non-commercial applications,
as long as you follow the interface described in the RSAREF
documentation. You can't use RSAREF in any commercial
(moneymaking) manner of any type, nor can you use it to
provide services of any kind to any other party. For
information on commercial licenses of RSAREF-compatible
products, please contact RSA Data Security. (Special
arrangements are available for educational institutions and
non-profit organizations.)
2. You can give others RSAREF and programs that interface to
RSAREF, under the same terms and conditions as your RSAREF
license.
3. You can modify RSAREF as required to port it to other
operating systems and compilers, or to improve its
performance, as long as you give a copy of the results to
RSA Laboratories. Other changes require written consent.
4. You can't send RSAREF outside the United States or Canada, or
give it to anyone who is not a U.S. or Canadian citizen and
doesn't have a U.S. "green card." (These are U.S. State and
Commerce Department requirements, because RSA and DES are
export-controlled technologies.)
HOW TO GET IT
To obtain RSAREF, read the RSAREF license agreement and return a copy
of the following paragraph by electronic mail to
<[email protected]>. If your electronic mail address is
located in Canada, please send your full name and mailing address;
we'll need it to complete a Department of State export declaration.
I acknowledge that I have read the RSAREF Program License
Agreement and understand and agree to be bound by its terms and
conditions, including without limitation its restrictions on
foreign reshipment of the Program and information related to the
Program. The electronic mail address to which I am requesting
that the program be transmitted is located in the United States
of America or Canada and I am a United States citizen, a Canadian
citizen, or a permanent resident of the United States. The RSAREF
Program License Agreement is the complete and exclusive agreement
between RSA Laboratories and me relating to the Program, and
supersedes any proposal or prior agreement, oral or written, and
any other communications between RSA Laboratories and me relating
to the Program.
RSAREF is distributed by electronic mail in UNIX(TM) "uuencoded" TAR
format. When you receive it, store the contents of the message in a
file, and run your operating system's "uudecode" and TAR programs.
For example, suppose you store the contents of your message in the
file 'contents'. You would run the commands:
uudecode contents # produces rsaref.tar
tar xvf rsaref.tar
You can also get a "uuencoded" PKZIP(TM) version of RSAREF. Just ask
for the ZIP file when you return the acknowledgement.
RSAREF includes about 60 files organized into the following
subdirectories:
doc documentation on RSAREF and RDEMO
install makefiles for various operating systems
rdemo RDEMO demonstration program
source RSAREF source code and include files
test test scripts for RDEMO
RSAREF is also available via anonymous FTP to 'rsa.com'. Along with
RSAREF you can get RIPEM, Mark Riordan's RSAREF-based privacy-enhanced
mail application, and an Emacs command interface to RIPEM. See the
file 'README' in the FTP directory 'rsaref' for more information.
USERS' GROUP
RSA Laboratories maintains the electronic-mail users' group
<[email protected]> for discussion of RSAREF applications, bug
fixes, etc. To join the users' group, send electronic mail to
<[email protected]>.
REGISTRATION
RSAREF users who register with RSA Laboratories are entitled to free
RSAREF upgrades and bug fixes as soon as they become available and a
50% discount on selected RSA Data Security products. To register,
send your name, address, and telephone number to
<[email protected]>.
INNOVATION PRIZES
RSA Laboratories will award cash prizes for the best applications
built on RSAREF. If you'd like to submit an application, want to be
on the review panel, or would like more details, please send
electronic mail to <[email protected]>. Applications are due
December 31, 1993, and awards will be announced March 31, 1994. First
prize is $5000, second prize is $2000, and there are five prizes of
$1000. First prize in 1992's content went to Mark Riordan for RIPEM.
PUBLIC-KEY CERTIFICATION
RSA Data Security offers public-key certification services conforming
to forthcoming PEM standards. For more information, please send
electronic mail to <[email protected]>.
PKCS: PUBLIC-KEY CRYPTOGRAPHY STANDARDS
To obtain copies of RSA Laboratories' Public-Key Cryptography
Standards (PKCS), send electronic mail to <[email protected]>.
OTHER QUESTIONS
If you have questions on RSAREF software, licenses, export
restrictions, or other RSA Laboratories offerings, send electronic
mail to <[email protected]>.
AUTHORS
RSAREF was written by the staff of RSA Laboratories with assistance
from RSA Data Security's software engineers. The DES code is based on
an implementation that Justin Reyneri did at Stanford University. Jim
Hwang of Stanford wrote parts of the arithmetic code under contract
to RSA Laboratories.
ABOUT RSA LABORATORIES
RSA Laboratories is the research and development division of RSA Data
Security, Inc., the company founded by the inventors of the RSA
public-key cryptosystem. RSA Laboratories reviews, designs and
implements secure and efficient cryptosystems of all kinds. Its
clients include government agencies, telecommunications companies,
computer manufacturers, software developers, cable TV broadcasters,
interactive video manufacturers, and satellite broadcast companies,
among others.
RSA Laboratories draws upon the talents of the following people:
Len Adleman, distinguished associate - Ph.D., University of
California, Berkeley; Henry Salvatori professor of computer
science at University of Southern California; co-inventor of
RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.
Martin Hellman, distinguished associate - Ph.D., Stanford University;
professor of electrical engineering at Stanford University;
co-inventor of public-key cryptography, exponential key exchange;
IEEE fellow; IEEE Centennial Medal recipient
Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant
professor at Rochester Institute of Technology; author of Public-Key
Cryptography Standards; general chair of CRYPTO '91
Cetin Koc, associate - Ph.D., University of California, Santa
Barbara; assistant professor at Oregon State University
Ron Rivest, distinguished associate - Ph.D., Stanford University;
professor of computer science at MIT; co-inventor of RSA public-key
cryptosystem; co-founder of RSA Data Security, Inc.; member of
National Academy of Engineering; director of International
Association for Cryptologic Research; program co-chair of ASIACRYPT
'91
Matt Robshaw, research scientist - Ph.D., University of London
RSA Laboratories seeks the talents of other people as well. If you're
interested, please write or call.
ADDRESSES
RSA Laboratories RSA Data Security, Inc.
100 Marine Parkway 100 Marine Parkway
Redwood City, CA 94065 Redwood City, CA 94065
PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data
Security, Inc. All other company names and trademarks are not.
+----------------------------------------------------------------------
RSA LABORATORIES
PROGRAM LICENSE AGREEMENT
Version 1.02
January 21, 1993
RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA")
GRANTS YOU A LICENSE AS FOLLOWS TO THE "RSAREF" PROGRAM:
1. LICENSE. RSA grants you a non-exclusive, non-transferable,
perpetual (subject to the conditions of Section 8) license for
the "RSAREF" program (the "Program") and its associated
documentation, subject to all of the following terms and
conditions:
a. to use the Program on any computer;
b. to make copies of the Program for back-up purposes;
c. to modify the Program in any manner for porting or
performance improvement purposes (subject to Section 2)
or to incorporate the Program into other computer programs
for your own personal or internal use, provided that you
provide RSA with a copy of any such modification or
Application Program by electronic mail, and grant RSA a
perpetual, royalty-free license to use and distribute such
modifications and Application Programs on the terms set
forth in this Agreement.
d. to copy and distribute the Program and Application Programs
in accordance with the limitations set forth in Section 2.
"Application Programs" are programs which incorporate all or any
portion of the Program in any form. The restrictions imposed on
Application Programs in this Agreement shall not apply to any
software which, through the mere aggregation on distribution media,
is co-located or stored with the Program.
2. LIMITATIONS ON LICENSE.
a. RSA owns the Program and its associated documentation and
all copyrights therein. You may only use, copy, modify and
distribute the Program as expressly provided for in this
Agreement. You must reproduce and include this Agreement,
RSA's copyright notices and disclaimer of warranty on any
copy and its associated documentation.
b. The Program and all Application Programs are to be used only
for non-commercial purposes. However, media costs associated
with the distribution of the Program or Application Programs
may be recovered.
c. The Program, if modified, must carry prominent notices
stating that changes have been made, and the dates of any
such changes.
d. Prior permission from RSA in writing is required for any
modifications that access the Program through ways other
than the published Program interface or for modifications
to the Program interface. RSA will grant all reasonable
requests for permission to make such modifications.
3. NO RSA OBLIGATION. You are solely responsible for all of your
costs and expenses incurred in connection with the distribution
of the Program or any Application Program hereunder, and RSA
shall have no liability, obligation or responsibility therefor.
RSA shall have no obligation to provide maintenance, support,
upgrades or new releases to you or to any distributee of the
Program or any Application Program.
4. NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED
DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR
PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF
THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA)
ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
5. LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN
SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS
BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE
PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY
DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF RSA HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
6. PATENT INFRINGEMENT OBLIGATION. Subject to the limitations set
forth below, RSA, at its own expense, shall: (i) defend, or at
its option settle, any claim, suit or proceeding against you on
the basis of infringement of any United States patent in the
field of cryptography by the unmodified Program; and (ii) pay any
final judgment or settlement entered against you on such issue in
any such suit or proceeding defended by RSA. The obligations of
RSA under this Section 6 are subject to: (i) RSA's having sole
control of the defense of any such claim, suit or proceeding;
(ii) your notifying RSA promptly in writing of each such clai proceeding
against you on
the basis of infringement of any United States patent in the
field of cryptography by the unmodified Program; and (ii) pay any
final judgment or settlement entered against you on such issue in
any such suit or proceeding defended by RSA. The obligations of
RSA under this Section 6 are subject to: (i) RSA's having sole
control of the defense of any such claim, suit or proceeding;
(ii) your notifying RSA promptly in writing of each such clai proceeding
against you on
the basis of infringement of any United States patent in the
field of cryptography by the unmodified Program; and (ii) pay any
final judgment or settlement entered against you on such issue in
any such suit or proceeding defended by RSA. The obligations of
RSA under this Section 6 are subject to: (i) RSA's having sole
control of the defense of any such claim, suit or proceeding;
(ii) your notifying RSA promptly in writing of each such claim,
suit or proceeding and giving RSA authority to proceed y United States
patent in the
field of cryptography by the unmodified Program; and (ii) pay any
final judgment or settlement entered against you on such issue in
any such suit or proceeding defended by RSA. The obligations of
RSA under this Section 6 are subject to: (i) RSA's having sole
control of the defense of any such claim, suit or proceeding;
(ii) your notifying RSA promptly in writing of each such claim,
suit or proceeding and giving RSA authority to proceed as stated
in this Section 6; and (iii) your giving RSA all information
known to you relating to such claim, suit or proceeding and
cooperating with RSA to defend any such claim, suit or
proceeding. RSA shall have no obligation under this Section 6
with respect to any claim to the extent it is based upon (a) use
of the Program as modified by any person other than RSA or use of
any Application Program, where use of the unmodified Program
would not constitute an infringement, or (b) use of the Program
in a manner other than that permitted by this Agreement. THIS
SECTION 6 SETS FORTH RSA'S ENTIRE OBLIGATION AND YOUR EXCLUSIVE
REMEDIES CONCERNING CLAIMS FOR PROPRIETARY RIGHTS INFRINGEMENT.
NOTE: Portions of the Program practice methods described in and
subject to U.S. Patents Nos. 4,200,770, 4,218,582 and 4,405,829,
and all foreign counterparts and equivalents, issued to Leland
Stanford Jr. University and to Massachusetts Institute of
Technology. Such patents are licensed to RSA by Public Key
Partners of Sunnyvale, California, the holder of exclusive
licensing rights. This Agreement does not grant or convey any
interest whatsoever in such patents.
7. RSAREF is a non-commercial publication of cryptographic
techniques. Portions of RSAREF have been published in the
International Security Handbook and the August 1992 issue of Dr.
Dobb's Journal. Privacy applications developed with RSAREF may be
subject to export controls. If you are located in the United States
and develop such applications, you are advised to consult with the
State Department's Office of Defense Trade Controls.
8. TERM. The license granted hereunder is effective until
terminated. You may terminate it at any time by destroying the
Program and its associated documentation. The termination of your
license will not result in the termination of the licenses of any
distributees who have received rights to the Program through you
so long as they are in compliance with the provisions of this
license.
9. GENERAL
a. This Agreement shall be governed by the laws of the State of
California.
b. Address all correspondence regarding this license to RSA's
electronic mail address <[email protected]>, or
to
RSA Laboratories
ATTN: RSAREF Administrator
100 Marine Parkway, Suite 500
Redwood City, CA 94065
------------------------------
Date: Wed, 13 Oct 1993 18:22:13 CDT
From: CuD Moderators <[email protected]>
Subject: File 9--Elansky/Hartford bbs Hearings - Case Continues
HEARINGS CONTINUE IN BOMB-RECIPES CASE
Oct. 13, Page B-11, The Hartford Courant
Michael Elansky, a 22-year-old West Hartford man accused of
possessing bomb recipes on his computer bulletin board, will remain in
jail pending further hearings on his case.
A 90-minute pretrial hearing in closed chambers Tuesday in Hartford
Superior Court produced no resolution in the case. Another hearing is
scheduled next Tuesday.
((remainder, summarizing the case, deleted))
------------------------------
End of Computer Underground Digest #5.80
************************************
