Computer underground Digest    Sun  Apr 03, 1994   Volume 6 : Issue 29
                          ISSN  1004-042X

      Editors: Jim Thomas and Gordon Meyer ([email protected])
      Archivist: Brendan Kehoe (He's Baaaack)
      Acting Archivist: Stanton McCandlish
      Shadow-Archivists: Dan Carosone / Paul Southworth
                         Ralph Sims / Jyrki Kuoppala
                         Ian Dickinson
       Suspercollater:       Shrdlu Nooseman

CONTENTS, #6.29 (Apr 03, 1994)
File 1--Bill Gates' Gov't Appointment (Apr 1 Press Release)
File 2--Response to Edwards and GrimJim
File 3--Cyberspace Forum - April 2nd, 1994
File 4--Piracy & Phreakers
File 5--Response to D.S. Weyker on software piracy
File 6--Computers, Freedom, and Privacy '94 Conference Report

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to [email protected] or [email protected]
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
         In ITALY: Bits against the Empire BBS: +39-461-980493

FTP:   UNITED STATES:  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/
                      aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
 EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                 nic.funet.fi
                 ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
           the views of the moderators. Digest contributors assume all
           responsibility for ensuring that articles submitted do not
           violate copyright protections.

----------------------------------------------------------------------

Date: 01 Apr 94 16:13:22 EST
From: Urnst Couch  <[email protected]>
Subject: File 1--Bill Gates' Gov't Appointment (Apr 1 Press Release)

                   "GOVERNMENT TO INTELLECTUALIZE
            INFORMATION HIGHWAY THROUGH MENTUFACTURING"

(AP)-In an unexpected White House press conference on April 1,
Vice-President Albert Gore announced Microsoft's Bill Gates would be
named director of a new agency designed to regulate and stimulate the
development of the Information Superhighway.

"If you have a personal computer, chances are that Mr. Gates and
Microsoft Corp. are already a part of your life," said Gore during the
conference.  "In many cases, the personal computer is the on-ramp to
the information highway, the conduit through which much of the
national intellectual product of the future will flow.  This
intellectual product, or property, is manufactured, but not - in the
conventional sense - through machinery.  Rather, the commerce of the
information highway is the harvest of the mind, our mental facilities.
'Mentufacturing' is the word the PR backroom guys -<laughter>- have
coined.  Mr. Gates's excellence in the field make him the logical
candidate for a new project to guide and accelerate the nation's
transition to a mentufacturing industrial base."

Gore went on to explain how Gates, along with a core consulting group
consisting of telecommunications guru John Malone and cellular phone
titan Craig McCaw, would make up the industry-government interface for
the agency, tentatively named the Ministry of Mentufacturing,
Organization, Networking and Electronic Exchange (MO*MONEE).

The ministry is to be located at 2001 L Street NW, Washington, D.C.,
alongside offices of the Business Software Alliance.

The initial mandate of the ministry, said Gore, would be to work up a
plan for the issuing of Licenses of Mentufactury, which would become
necessary - just as the motor vehicle operator's license is a must for
drivers - for the operation of on-line services or the production of
intellectual "soft goods."  Gore said that he, along with Congress,
would move briskly toward legislation requiring Licenses of
Mentufactury for all computer industry and information highway
entrepeneurs by late 1995.

Roger Thrush, an administrative lieutenant speaking for the absent
Gates, who was vacationing in Hawaii, explained how licensing would
work.

"It really is simpler than it sounds," said Thrush.  "We envision
several classes of mentufacturing, the primary of which constitutes
existing on-line services and retail software developers in the
Fortune 500. For the most part, this group has already been granted
provisionary licenses with permanent approval contingent only upon
minor structural and operational changes which we think will be no
inconvenience to implement.  For example, most of the captains of the
information industry already have the capability to suborn their
telecommunications feeds to something we call the Microserve and
Mentufacturing Market Organizational Network - or MAMMON - backbone, a
super-net which will make the registration of Licenses of Mentufactury
electronic, instantaneous and economical.

"For the small businessman - or millions of home hobbyists - there
will be a different class of license.  This should make it easier for
the government to distinguish legitimate mentufacturing needs from
socially heretical activity.  For example, we would consider the
bulletin board system application for a Licence of Mentufactury from a
member of the North American Man-Boy Love Association frivolous.  And
this has an added benefit, because it allows for interactive,
non-intrusive patrol of the information highway, thus hindering those
who would use it for soliciting, piracy, or the dissemination of
private, sensitive or proprietary information.  Of course, the small
businessman with a 5-6 line service will find the legislation
transparent, which should make the cyber civil libertarians happy,"
Thrush laughed.

Licenses of Mentufactury will be assigned tariffs based on a sliding
scale beginning at $500, said Thrush.  Fees would go to a government
superfund, controlled by MO*MONEE. The superfund would be used for
federal employee reimbursement and seed cash for promising
breakthroughs in mentufacturing.

Silicon Valley venture capitalist and ex-Gates paramour Ann Winblad
said in interview, "Bill has wanted to adopt the mindset of a true
visionary, to take even greater risks, for a long time. No one can
doubt the scope of his ambition and his great admiration for Henry
Ford is likewise well known.  Like that entrepeneur, Bill wants to
move Americans forward a quantum jump.  Mentufacturing could be the
answer for him, as well as the nation."

"Mentufacturing mania will probably pique everyone's fancy in the next
few months," said computer magazine writer John Dvorak. "It's a great
concept, but making it concrete may take a little longer."

"I believe everyone from education to industry will rush to go
'mental' on the Information Superhighway, now that the Vice President
has put this welcome proposal onto the playing field," said
Congressman Edward Markey (Dem.), also in attendance at the press
meeting.

Gore concluded the press conference by paraphrasing the Grolier
dictionary's definition of "mentufacture."  "To mentufacture is to
engage in the _manufacture_ of the God which resides in every man: the
fruit of the soul, our minds, ourselves.  Thank you ladies and
gentlemen."

------------------------------

Date: Mon, 28 Mar 94 15:27:38 GMT
From: [email protected](Mr. Badger #88 @8315)
Subject: File 2--Response to Edwards and GrimJim

Bruce Edwards' response to my review of Dibbell's article states:
"After reading his post several times, it seems only an exercise
to excoriate the idea of fantasy play and belittle Dibbell's
concepts."

Half right.  It is as an experienced fantasy role player (D&D,
Fantasy Trip, Warhammer, and GuRPS within the last year, alone)
that I find Dibbell's concepts ridiculous.

I also find it ridiculous that Edwards believes experience in
role playing would help a jury decide on whether or not a child
molester ought to be punished or not.  Any weakening of the
fundamental difference between fantasy/reality or words/actions
is exactly what leads to the vagaries of the modern justice system.
A person can fantasize about whatever they wish, but those who
commit rape and child abuse deserve to be punished.  To attempt
to impart special significance to fantasies on-line does nothing
but debase the truth concerning actual acts of aggression.
True, the use of words can be potent. Witness libel.  But Edwards
should realize that libel has also been difficult to prosecute,
precisely because the claimant must prove actual damages.

Do I think he MUDers took things too seriously?  Of course!
Boot the offender off the system and have done with it.  If
push comes to shove, grab your marbles and go play elsewhere.
Heck, for all I care, argue about it on-line until your phone
line melts.  Just don't try and draw shoddy parallels to real
life that only serve to weaken judgment in both realms.

------------------------------

Date: Sat, 2 Apr 94 23:37:14 MST
From: [email protected](Alan Dunkin)
Subject: File 3--Cyberspace Forum - April 2nd, 1994

((MODERATORS' NOTE: Alan Dunkin is the guy resposnible for the CuD
cummulative subject/topic index that readers have found helpful. His
notion of an occasional forum seems like a good idea, and we're hoping
he can be talked into doing an occasional profile of computer culture
personalities. Contrary to what he says below, we don't think he's
"stupid" for taking on a massive project. Quite the contrary!!
Masochistic, maybe, but in a noble sort of way.  We hope readers can
give him some useful suggestions)).


THE CYBERSPACE FORUM  (Intro and Ideas)

Most of you probably do not know me.  I have been posted in the
Computer underground Digest only a few times, starting from the
summer of last year.  Back then I once told Jim Thomas that I'd
try to contribute in any way I could to CuD and it's readership,
and he gave me an affectionate pat on the back and told me to
get lost.  Actually, he didn't say much of anything, but several
months later I finally came up with an idea that was actually
meaningful, the CuD Cumulative Index.  Sure, the volume indices
are nice in their own right, but the subject headings of articles
is not particularly useful because they fail to provide the "meat"
of a CuD file.  I showed Jim a preliminary copy, and he was totally
amazed on how stupid I was for doing such a seemingly colossal project.
However, he urged me on, and I managed to fully complete the first
four volumes and it was published in the last issue of CuD for 1993.
Pretty soon now you should be seeing the new version, updated for
volume five, on the electronic newsstands across the nation.

Early this year, however, I started thinking about other ideas for
CuD, and I remember seeing once that Jim had posted some thoughts
on improving the digest.  Immediately one of my own pet peeves hit
me, how about a regular feature about the cyberworld, and it's impact
on pretty much everything?  A re-vamping of "CU in da Newz" with a
bit of the twist.  A new technologies forum for those who relish in
new toys.  New net happenings you never heard of.  A place where ideas
are welcome, posts are posted (maybe not fully, but you get the picture),
and debate on some of the big issues facing us today.  Or tomorrow.  And,
a valuable pointer to the past.


Unfortunately I don't remember much of what Jim thought of the idea,
other than "great" or something to that effect.  So is this the
beginning?

Sort of.  Right now I'm looking for ideas.  Sure, I have some of my
own I'd like to explore, but your input would mean a lot to me.  What
would you like to see?  Hopefully nothing long and overdrawn, there is
a kind of space limitation.  The "column", if you will, should be in
every third or fourth issue of CuD.  So send your ideas along today,
and we'll see what we can do it fulfill them.

Next time -- ground rules for posting, copyrights, and other
miscellaneous legal stuff that you'd rather not see but I'd like to
get into the open.

And remember, send your ideas a' comin', and we can get this thang
a'rollin'.

 --- Alan Dunkin, Angelo State University [[email protected]]
     "Standing erect, he was two feet wide"  --  Peter Shickele's
     Bach Portrait.

------------------------------

Date: Sun, 27 Mar 1994 07:29:00 GMT
From: [email protected](Chris Hind)
Subject: File 4--Piracy & Phreakers

>And what is the Hacker community's record with regard to malicious
>hackers who trash companies systems? Do they actively try to find out
>these guys and inform on them? I doubt it, although I'd be happy to
>learn otherwise. If non-malicious hackers' real purpose is to help
>companies to defend themselves against malicious hackers, then they
>probably should as a rule inform on malicious hackers.

They should give a reward of lets say $50 per person who can find a
flaw in the system first. Also in regards to piracy, CDROMS are a good
and effective method to stop piracy because the audio in programs on a
CDROM isn't contained inside a file, its written on the disc itself
like anyy Compact Disc would. Also, nobody is gonna be stupid enough
to pirate a 600MB program! I keep in touch with the hackers &
phreakers and I know exactly what they do. I've only seen once where
someone was stupid enough to put a CDROM on their BBS for people to
download. The minimum size for a file was 19MB!! Software companies
should put counters in their software to see how often its been used.
The program should auto-recognize the computer's peripherals
(moniter,mouse,speed,etc.) and encrypt a file within the executible
that contains this information. If you change a device on your system,
it resets the counter back to zero.  So if a pirate copies software
off someone else's computer and installs it on his, the software will
automatically reset the counter to show how often he uses the
software. If he uses the software often and the cops catch him, he
should be fined. This is a simple method to defeat or lower piracy
effectively. In regards to the article you were talking about that
phreakers have the potential to change people's minds over which
equipment, companies should buy for fear of getting hacked. You gave
an example about if phreakers printed and article in Phrack about how
to hack such-and-such equipment then that might change a telco's mind
about which brand of equipment they should buy. Now that this
information is released, there's a whole new ball game! Now phreakers
will use this as power over the market. They could use reverse
psychology to screw up the telco's and then that would open up a huge
window for phreakers to hack into a telco and pick it's bones clean.
Before this information was released, phreakers probably didn't know
they had that power.

------------------------------

Date: Wed, 30 Mar 94 10:53 EST
From: "AMERICAN EAGLE PUBLICATION INC." <[email protected]>
Subject: File 5--Response to D.S. Weyker on software piracy

I've personally had to deal with both sides of the piracy issue, so
I'd like to make some comments on Mr. Weyker's comments in CUD 6.27
regarding software piracy, which perhaps also relate to hacking in
general.

First a little background: as one of the generation who pulled himself
up by the bootstraps into the micro-computer profession in the late
70's and early 80's, I must confess that I simply couldn't have done
it without a modicum of copying. As a graduate student in a different
field, I could BARELY justify the investment in a cheap computer, and
most software was simply out of the question. It simply would not have
been practical to learn enough about computers to sell my services
were I to obey the letter of the law. What were my real options? (A)
Buy a FORTRAN compiler for $700 up on a research assistant's salary
(e.g. about $350/month),
(B) Write my own from scratch in BASIC (which I did legally own),
(C) "Borrow" a copy from the University?

Again, I've worked for major hardware manufacturers. Anyone who's
tried to develop PC hardware knows compatibility is the name of the
game. With 3 million different applications and versions of
applications out there, how do you make your hardware compatible with
every single one? Sure, 99.9% of them are no problem at all, but the
0.1% that are can be a real bear.  What can you do when a customer
calls up and says "I'm having a problem with your product and
Borland's Turbo Linker 1.27b, but your competitor's product works just
fine."?? Just try to call Borland and get Turbo Linker 1.27b
legitimately. I've done it, and it's a joke. They're on version 2.1
now and 1.27b is dead. I mean DEAD. Nobody even knows it exists. The
guys who wrote that are at Microsoft now. Then ask this question "If
you can't supply it to me, would you mind if I got a bootleg copy?"
It's good for a laugh, but you're not going to get a polite "sure,
friend."

On the other side of the coin, I run my own business now, and I CAN
pay for the software I use--AND I DO PAY FOR IT, 100%. Not only that,
being rather neutral on computer viruses, I have written them and
copyrighted them, selling them for educational purposes to those who
need to know. However, anti-virus developers are not the fount of
morality they often make themselves out to be. A number of them have
decided, quite apart from the law, that since virus writing is a
priori immoral, that they have the perfect right to copy viruses among
themselves as they see fit, including my own work.  Some have even
been so bold as to boast about it in print. So I find myself in the
position of being financially damaged by an organized piracy ring.
I'd like to take legal action, but frankly, (1) lawyers cost too damn
much, (2) I don't seriously believe the courts care for justice at
all, as judges are often carressed by slick-tongued lawyers, and (3)
it is rather hard to prove who copied what--even when they boast about
it in print.

In short, I guess I've seen both sides of this problem. As far as I
can see, there are two ways to approach it on ethical grounds, which
really depends on what kind of society you live in. If you live in a
society where there are absolute moral standards, you're probably
pretty well off, because you can use those standards like theorem and
hypothesis to draw some conclusions.  That isn't the United States,
though. In our society there are no absolute morals anymore.

Once a pirate was brought to stand trial before Alexander the Great.
Alexander asked him by whose authority he comandeered ships. The
pirate, facing immanent execution, defiantly asked Alexander by whose
authority he comandeered nations.  The point is simple: in a world
without absolutes, power is the only rule, and all men do what they
can get away with. The state becomes the chief criminal, the
Godfather, not the standard-bearer of righteousness. May I submit to
you that this is exactly where we are at today. Our government has
cast off all restraints of law. If the government could claim any
authority beyond raw power, it would appeal to the founding fathers
and the constitution.  The founding fathers plainly appealed to God in
the Declaration of Independence and many less noticed writings. Yet
any such claims are patently false, in as much as our government now
subverts the constitution and the original intent of the fathers at
will. I could give a myriad of examples. Furthermore, our government
is the chief purveyor of immorality. You name it--whether you're
talking homoerotic art and ads for condoms, or the subversion of
justice in the courts, the willingness of government agencies to
murder anyone they don't like (e.g. Vicki Weaver or the Davidians), or
let others murder without consequence (LA riots), or the character of
our leaders, the message is clear: our government is the leader in
every evil thing. In word it may tell us to obey the law, but in deed,
our leaders are saying loud and clear that there is no law but power.

As such, the law as a statement of prevailing morality is purely the
tool of the powerful. If you have power, you consolidate it into law
and give it the name of morality. Machiavelli.

Now let's look at piracy from that angle: There are two sources of
power:  first, there's power where the money is: e.g. the software
developers. Second, there's power where the technology is. And the
technology favors the pirates.  When you can copy a disk for $0.30 in
less than a minute in complete privacy, and then encrypt it so nobody
but you can read it, that's power. It didn't have to be that way. I
mean, what if software came on custom LSI chips, which you would plug
into a board in your machine? Piracy wouldn't be a real issue then.
The bottom line is that we have a power struggle.  Techno-power
inherent in the ease of copying, or money?

Money has made the law. Technology has made a farce of the law. If we
face the facts, practically everyone who has a keen personal interest
in computers has copied software at some time or another. The old joke
about engineers, after all, is that "I never saw a piece of software
he didn't like." So it seems resonable to suppose that, legally
speaking, we might equate engineers with felons. Furthermore, as a
systems-level programmer, I can GUARANTEE you that nobody in the past
10 years has written good, compatible PC systems software without at
least a little "piracy". It's simply impossible to do it legally, as I
discussed above. Thus, since systems software is the foundation that
all other software is build upon, we might say that the whole of
cyberspace is built on illegal activity.

Now, the essence of tyranny is to put everyone in violation of a
draconian law at all times. Then, anyone can be arrested at any time
for any variety of reasons, and legally punished without measure. Our
software piracy law seems to fit well in line here. If I were Stalin,
I could well rejoice in it. With a stroke of the pen I would have
declared the very people who have built the technological society we
so love to be felons. Of course I wouldn't arrest them all and herd
them off to jail. That would not be expedient. But when one of them
steps on my toes, I get out my little black law-book and start looking
for things to get them on. Software piracy looks like a mighty fine
tool to me.

Mr. Weyker makes the comment that "We are all morally bound to obey
the law" except in a public protest. I'll plainly disagree. All of
this talk about piracy being "stealing" and the like is concocted
double-speak. I mean, whose morals are we talking about here?
America's? Then might makes right, and you can do what you like. How
about the Bible? Surely it forbids stealing, yet as far as I can see
that applies to tangible objects alone. I can find no example of an
"intellectual property" right there, which would imply that there is
no such thing as intellectual property in God's eyes. If we really
face the facts, it's harder to put your finger on software than on
air. To say that copying software is stealing is streching "stealing"
FURTHER than if you say that I'm stealing if I breathe air in your
house. Even if there were grounds for "intellectual property" here,
biblical punishments for stealing are only something like five-fold
restoration. That would suggest that--bibilically speaking (moral high
ground)--the present law is immoral.

The oldest form of protest is exactly to IGNORE the law. Nothing works
better to make a mockery of the laws and the lawmakers. And a public
protester will get nowhere if there are not a multitude who have gone
before him quietly ignoring a law they dislike. Dr. Kevorkian is
indeed a good example here.

Suppose we did away with "intellectual property rights" re software
altogether and just let people decide for themselves when to pay for
something?  Where would society go? Having been in the software
industry and sold software, I expect what it would do might just be
beneficial. Firstly, I expect you would see, for the most part, a
gentleman's fair-use agreement much like most people use under the
table today to determine when to buy software. In other words, if I
use it regularly and it benefits me, I buy it. Despite the amoral
climate we live in, I think most people try to be fair to vendors most
of the time.  For the most part, they have been to my company, even
though there is a cadre who aren't.

It's not the little guy who will get hurt in such a scheme. He can
still sell software because chances are his neighbor won't have that
package anyhow. The big guy will get hurt though. But is that
necessarily so bad? It sounds to me like a good way to keep monopolies
out of the software industry. Sort of a natural limit on how big you
can get. Right now, the spectre of monopolies appears to me to be the
biggest hinderance to continued progress in cyberspace.  Robert
Cringley recently (Infoworld, Mar 28 94, p.98) compared the software
industry to the auto industry. The comparison is apt. "In 1920 there
were about 300 full-line american automobile makers. By 1930 there
were 25. By 1940 there were 10. Today there are 3." And think of what
you'd have to do to make that 4! Government red tape, financing,
advertising . . . it's impossible. Notice that progress also stopped.
I mean, if you go back 50 years and look at predictions of what today
would be like, they had us flying to work! Monopolies and innovation
are not usually cousins. Software is going to be just like that in 20
years if something doesn't change. I mean the works. Government
license and red tape. Mega windows gui apps that take thirty
man-centuries to develop.  And innovation dead.

Frankly, I think the hacker ethic re piracy as expounded by Emmanuel
Goldstein is perhaps closer to the truth than present SPA and
government policy. Yet I don't think we'll see "intellectual property
rights" abandoned anytime soon, so the only real game in town is to
leverage power. The key to this is to know where your power is. The
software developers who support the SPA know. That's why they write
immorally draconian laws. The pirate's power is in technology.  I
decided to leverage that by sponsoring development of the Potassium
Hydroxide encryption system. If you'll look at that program, you'll
notice that it is IDEAL for protecting the individual against
enforcement of the piracy laws. (Don't think it wasn't developed as a
response to the new laws.) It encrypts your hard disk and all your
floppies using IDEA. Then only you can see them. The executable is
freeware so you won't be a pirate if you use it, and the source is
available for a modest fee. So get it and use it.

------------------------------

Date: 28 Mar 1994 20:39:07 GMT
From: [email protected] (Lorrie Faith Cranor)
Subject: File 6--Computers, Freedom, and Privacy '94 Conference Report

The following is my second annual Computers, Freedom, and Privacy
conference report.  Last year I wrote a report on CFP93 for my advisor
and friends and soon had requests to distribute it around the world
(followed by rebuttals from half the EFF board).  So this year I'll go
ahead and grant permission for reposting in advance.  If you do repost
or if you have any comments or corrections, please let me know.  I
have tried my best to accurately quote people and get the spelling of
speakers' names right.  However, I have not had the opportunity to
listen to a tape of the proceedings, double check with the speakers
themselves, or even carefully edit this report, so there may be some
(hopefully minor) errors.  Anyway, here is the CFP94 conference as I
experienced it.  All unattributed opinions are my own.

I flew into Chicago around noon on March 23 and took the train to the
Palmer House Hilton, the conference hotel.  I was impressed with the
way the train stopped almost right at the hotel entrance -- until I
realized that my room was almost directly above the train station.  At
CFP93 last year I was often tempted to skip a session, enjoy the
sunshine, and walk along the bay.  However, at CFP94, held in a high
rise hotel in the middle of a maze of very tall buildings and
elevated train tracks that prevented all but the most determined sun
beams from making their way down to street level, this was not a
temptation.

I missed the morning pre-conference tutorials, but arrived in time to
attend a three-hour afternoon tutorial session at the John Marshall
Law School (a few blocks away from the conference hotel).  The
election tutorial I had planned on attending was canceled, so I went
to a tutorial on cryptography instead.  Despite the hot stuffy air in
the room (as they wheeled in auxiliary air conditioners and draped air
hoses around the room the people from Chicago kept explaining that it
wasn't supposed to be 75 degrees in Chicago in March and that very
tall buildings don't adapt well to temperature change), the
cryptography tutorial was quite interesting and informative.  Lawyer
Mark Hellmann gave some good background information in his
introduction, but Matt Blaze of AT&T Bell Labs stole the show with his
presentation titled "Everything you need to know about cryptography in
just 60 easy minutes."  Blaze explained why cryptography is
useful/necessary, how some popular cryptosystems work, some
applications in which cryptography is used, and questions people should
ask before using a cryptosystem.  His conclusion was "Be realistic,
but be paranoid."  Douglas Engert of Argonne National Laboratory
followed with a rather rushed and confusing explanation and
demonstration of Kerberos, a "practical implementation of encryption."

Conference chair George Trubow officially opened the single-track
conference at 8:30 a.m. on Thursday morning.  He announced some
changes to the conference program and introduced John McMullen,
scholarship chair.  McMullen introduced the scholarship recipients
(including myself) and noted that three-time scholarship winner Phiber
Optik would not be in attendance because he is currently in jail.

The keynote address, originally scheduled to be delivered by John
Podesta, was delivered by David Lytel of the White House Office of
Science and Technology Policy.  Lytel first spoke about the
administration's plans for the National Information Infrastructure
(NII), explaining that the white house was attempting to lead by
example by accepting email correspondence (and maybe soon actually
responding to it properly) and making white house publications
available electronically.  (Look for a "welcome to the white house"
WWW server sometime soon.  Information from the II task force is
currently available via gopher from iitf.doc.gov.)  Lytel then put
himself in the line of fire by discussing the administration's
encryption policy.  He stated the goals of this policy as 1) to
provide a higher baseline security for everyone and 2) to maintain
the ability to do wiretaps.  Notably, he stated: "There will be no
restrictions on domestic use of encryption," and "If you don't think
Clipper is secure, don't use it."  Then the bombing began.  In the
following Q&A session, Lytel claimed ignorance on many points of the
Clipper proposal, but did make some interesting claims.  He stated
that (here I've paraphrased):

- Clipper will be a government procurement standard that agencies may
 choose to use in addition to other standards.

- The establishment of a public key registration system for all public
 key cryptosystems is important (this has not been officially proposed).

- Clipper-encrypted messages may be further encrypted with another
 cryptosystem.  However, messages may not be encrypted before being
 encrypted with Clipper.

- The public is more at risk from criminal activity (which Clipper may be
 able to prevent) than from government abuse of power.

- Clipper was designed by the government for it's own use.  But they
 wouldn't mind if it becomes popularized as a commercial product.

- Clipper was only designed to catch "dumb criminals."

- Clipper does not make it easier or harder for law enforcement to get
 permission to do a wire tap.

After a short break, Lytel took the podium again as one of six
panelists in a discussion of "The Information Superhighway: Politics
and the Public Interest."  The panelists generally agreed that the
information superhighway should provide "universal access" and two-way
communication.  They all seemed to fear a future in which the
information superhighway was simply a 500 channel cable television
network in which two-way communication only occurred when consumers
ordered products from the home shopping network.  Jeff Chester of the
Center for Media Education stressed the need for public activism to
prevent the form and content of the information superhighway from
being determined only by cable and telephone providers.  In the
following Q&A session the "information superhighway" was dubbed a bad
metaphor ("The vice president's office is the department of metaphor
control," quipped Lytel.), and subsequently used sparingly for the
remainder of the conference.

Thursday's lunch (all lunches and dinners were included in the price
of admission) was the first of many really bad meals served at CFP.  I
requested vegetarian meals and winded up eating plate after plate of
steamed squash.  My meat-eating friends claimed not to enjoy their
meals either.  Fortunately the lunch speaker was much better than the
lunch itself.  David Flaherty, Canada's Information and Privacy
Commissioner, explained what his job entails and gave some
interesting examples of privacy cases he has worked on.

The first panel discussion after lunch was titled "Is it Time for a
U.S.  Data Protection Agency?"  The panelists agreed that with all the
information currently being collected about people, it is time for the
U.S. to institute an organization to help protect privacy.  Currently,
litigation is the only way to force compliance with the "patchwork" of
privacy laws in the U.S.  However, the panelists disagreed on what
form a privacy protection organization should take.  The most concrete
proposal came from Khristina Zahorik, a congressional staffer who
works for Senator Paul Simon.  Simon recently introduced legislation
to form a five-member independent privacy commission.  Martin Abrams
of TRW objected to the formation of a commission, but supported the
formation of a "fair information office."  Law professor Paul Schwartz
then discussed the European draft directive on data protection and
stated that once the Europeans approve this directive the U.S. will
have difficulty doing business with Europe unless a U.S. data
protection board is formed.

In the next panel discussion, "Owning and Operating the NII: Who, How,
and When?"  Mark Rotenberg of Computer Professionals for Social
Responsibility (CPSR) played talk show host as he questioned four
panelists.  The panelists stressed the importance of universal access
and privacy for the NII.  Barbara Simons, chair of ACM's new public
policy committee USACM, was particularly concerned that the NII would
be viewed as an electronic democracy even though large segments of the
U.S. population would be unlikely to have access to it.  "I worry that
when people talk about electronic democracy they might be serious,"
she said.  She added that NII discussions are exposing all of the
major problems with our society including poverty and poor education.
Her comments were interrupted by a call to the podium phone, which
turned out to be a wrong number.  Jamie Love of the Taxpayer Assets
Project pointed out problems that could occur if NII providers do not
have flat rate fees.  For example, listservers, which are often used
as organizational and community-building tools, would not be able to
exist unless somebody volunteered to pick up the tab.  Somebody from
the audience pointed out that throughout the day panelists had been
opposing plans for carrying entertainment on the NII, despite the fact
that most Americans want entertainment, especially shows like Beavis
and Butthead.  Love explained that the panelists were not opposing
entertainment plans, just plans that only include entertainment.  He
noted, "I personally like to watch Beavis and Butthead."

After the panel discussion, conference organizers scurried to hook up
a teleconference with Senator Patrick Leahy, author of the 1986
Electronic Privacy Act.  Jerry Berman acted as moderator, speaking to
Leahy through the podium phone as audience members watched and
listened to Leahy on a projection TV.  The teleconference began with
some technical difficulties during which the audience could see Leahy,
but only Berman could hear him.  Berman reported this problem to Leahy
and then told the audience, "Senator Leahy may hold his speech up in
front of his face."  Once the technical difficulties had been worked
out, Leahy discussed the NII and problems with the Clipper proposal.

The final panel discussion of the day was titled, "Data Encryption:
Who Holds the Keys?"  The discussion began with a presentation from
Professor George Davida, whose 1970s crypto research brought him some
unwanted attention from the National Security Agency (NSA).  Davida
explained the importance of cryptography for both privacy and
authentication.  The Clipper proposal, he said, was a bad idea because
it would attempt to escrow privacy.  He pointed out that the bad
guys have a lot of money to hire hackers to write encryption schemes
for them that the government does not hold the keys to.  Furthermore,
he opposed the idea of the NSA being responsible for an encryption
scheme that many people would use to guard their privacy.  "Asking the
NSA to guarantee privacy is kind of like asking Playboy to guard
chastity belts," he explained.  Next, Stewart Baker of the NSA took
the podium to deliver an ultra-slick presentation on the "Seven Myths
about Key Escrow Encryption."  His main points (here paraphrased)
were:

- If you think key escrow encryption will create a "brave new world" of
 governmental intrusion, ask yourself how bad governmental intrusion
 is today.  If won't be any worse with key escrow encryption.

- If you think unreadable encryption is the key to our future liberty,
 you should be aware that the beneficiaries of unreadable encryption
 are going to be bad guys.

- If you think key escrow encryption will never work because crooks
 won't use it if it's voluntary and therefore there must be a secret
 plan to make key escrow encryption mandatory, you're wrong.

- If you think the government is interfering with the free market by
 forcing key escrow on the private sector, remember that nobody is
 forcing the private sector to use Clipper.

- If you think the NSA is a spy agency and thus has no business worrying
 about domestic encryption policy, you should realize that the NSA also
 designs encryption technology for government use.

David Banisar of CPSR followed Baker with more anti-Clipper arguments.
Banisar pointed out that communication systems are designed to
communicate, not to provide intelligence information.  If we build
communications systems as intelligence systems, we are treating
everyone as a criminal, he said.  He pointed out that there were about
14 million arrests in the U.S. in 1992, but only about 800 wire taps.

The encryption panel was followed by the annual EFF awards reception
and the conference banquet.  (Incidentally, I can't complain about the
EFF board the way I did last year because most board members were not
present this year.  Seriously, though, I have been much more impressed
with the way EFF has been reaching out to its members this year.)
During dinner (more squash) Ben Masel of NORML lectured my table on
how to legally harvest marijuana.  After dinner, the lights dimmed,
choir music played, and Simon Davies walked through the banquet hall
garbed in pontifical robes.  The founder and Director General of
Privacy International, Davies told the audience he would read from
"The Book of Unix."  Davies read a witty parable about privacy in the
U.S. and then urged the audience to "get off their computer screens
and start lobbying ordinary people."  He said efforts like CPSR's
anti-Clipper petition only reach people on the net, not the general
public.  Unless the public becomes aware of privacy problems, there
will be no privacy in the U.S.  within 15 years he stated.

Following Davies' talk, conference participants went to
Birds-of-a-Feather sessions, some of which ran until almost midnight.
I stopped by a BOF for scholarship winners before attending a lively
discussion on "Censorship of Computer-Generated Fictional
Interactivity."

The second day of the conference began at 9 a.m.  Many participants
had not gotten enough sleep the night before, and many skipped the
first session on health information policy.  Congressional staffer Bob
Gellman discussed a bill in the U.S. House of Representatives that
would provide for comprehensive rules for using health information,
patient rights for access to and correction of their health
information, and security of health data.  He said the bill was
important because health reform will increase the use of medical
information.  (The bill is available via gopher from cpsr.org.  An OTA
report on privacy of computerized medical information is available via
FTP from ota.gov.)  Janlori Goldman of the ACLU added that privacy has
been an afterthought in health care reform proposals.  All panelists
agreed that if the privacy problem is not dealt with, patients will
withhold important information from their doctors so that it does not
appear in their medical records.  In response to a question from the
audience about the use of social security numbers as medical
identification numbers, the panelists gave conflicting responses.
Goldman opposed the use of the SSN for identification purposes because
it is not a unique identifier and because it is already used for other
purposes and thus easy to cross reference.  However, Gellman argued
that if a new identification number is introduced, it will soon have
the same problems as the SSN.  He said the SSN should be used, but
there should be restrictions on its use.  Lee Ledbetter of HDX added
that most databases can do cross references based on telephone
numbers.  The panelists also discussed the problem of informed
consent.  Gellman explained that people often sign away privacy rights
through informed consent because they think they have to, not because
they really are informed or consenting.

The next panel was titled, "Can Market Mechanisms Protect Consumer
Privacy?"  This discussion, which centered around whether privacy is a
right or good, was probably most easily understood by the lawyers and
economists (I am neither) in the audience.  Of note, panelist Eli Noam
suggested that consumers could reduce intrusion on their privacy by
telemarketers if telemarketers could only reach them through personal
900 numbers.  Mark Rotenberg explained that the real problem with
caller ID is that the phone companies use it to sell rights to
consumers.  One audience member challenged a panelist's proposal that
people should own the information about themselves asking, "Who owns
your birthday -- you or your mother?"

The lunch lecture was eloquently delivered by Phil Zimmermann, author of
Pretty Good Privacy (PGP), a public key encryption tool.  Zimmermann,
who is being investigated for export control violations but has not been
indicted, told the audience that the future of privacy in America
is not hopeless.  Referring to the Clipper proposal he said, "We
live in a democracy here... we ought to be able to stop it."
Zimmermann explained why he developed PGP and allows it to be distributed
free of charge.  He also spoke out against the fact that all public
key cryptography patents are in the hands of one company (thus
those who use PGP without licensing the cryptographic algorithm may
be breaking the law).

The next panel discussion focused on "Creating an Ethical Community
in Cyberspace."  Computer science professor Martin van Swaay began by
explaining the importance of trust in a free society.  "Freedom is not
the absence of restraint, but the presence of self restraint," he
stated.  He said freedom is necessary to earn trust, and trust is
necessary to give laws meaning.  Philosophy professor Bruce
Umbaugh then discussed anonymity and pseudonymity in cyberspace.
He gave some examples of cases where pseudonymity is useful but
anonymity is not and explained why anonymity is much more
of a threat than pseudonymity.  Steven Levy, author of Hackers,
then discussed the hacker ethic and how it is helping to shape
cyberspace.  In response to a question, van Swaay said he reserves
the right to ignore anonymous messages because, "If you have
something real to say, why do you want to hide?  And if you want
to hide, it makes me wonder why."

Most non-computer-scientists skipped the next panel discussion,
"Standards for Certifying Computer Professionals."  However, among
computer scientists, the panel was quite controversial.  Professor
Donald Gotterbarn explained that both ACM and IEEE are considering
licensing proposals.  He discussed one proposal that would impose
mandatory licensing on computer professionals.  The proposal called
for various levels of licensing, based on skill and areas of
competence.  Attorney Steve Barber explained some of the problems with
a licensing model, including the fact that licensing is usually
handled by the states and thus varies from state to state.  John
Marciniak of CTA Inc. stated that the computer industry does not need
licensing because the companies, not the programmers, stand behind their
products.  He suggested that a voluntary certification program be
considered instead.  Another panelist (whose name was not in the
program) insisted that "when a B777 [a plane with completely
computerized controls] goes down, we will have licensing."  He
suggested that computer professionals come to a consensus about what
kind of licensing they want so that they can tell congress when
congress demands licensing.  Gotterbarn urged people interested in
working on a licensing proposal to contact him at [email protected].

The final panel of the day, "Hackers and Crackers: Using and Abusing
the Networks," was led by Emmanuel Goldstein, publisher of 2600
magazine.  Goldstein hung a sign reading "hackers" on the table where
the four other panelists sat.  He hung a sign reading "crackers" on an
empty table at the opposite side of the podium.  "One thing that
distinguishes hackers from crackers is that hackers are here and
crackers are not," said Goldstein.  After rattling off several other
differences he looked under the empty table and retrieved three boxes
of crackers (the edible kind).  "Alright I stand corrected," he
quipped.  As Goldstein spoke admiringly about hackers and their quest
for knowledge, several audience members were mumbling that they didn't
understand.  Goldstein then unveiled a large photograph of hacker
Phiber Optik and played a taped message that Phiber recorded from
prison.  Panelist Bruce Fancher of Mindvox said he used to think there
was no problem with breaking into other peoples' computer systems.  "I
think my opinion changed when I started running a public access
Internet site....[I discovered that a breakin] wasn't that
charming."  He encouraged hackers to explore and learn about computer
systems, but urged them not to break into other peoples' systems.
Panelist Robert Steele described hacking as "elegance."  He explained,
"Hacking is doing it better than it has ever been done before," no
matter what "it" is.  He added that hackers should not be blamed for
breaking into systems because most systems are wide open to attack.
"Ethics is nice.  Engineering is better," he stated.  Panelist Bob
Strantton of UUNET discussed the need for an electronic "place" people
can go to learn things without disrupting the work of others.  During
the Q&A session Goldstein illustrated how unsecure computer and
telecommunication systems are by picking up a cellular phone call on a
hand-held scanner, much to the amazement of some audience members.

The day's program concluded with a dinner reception at Chicago's
Museum of Science and Industry.  The food was tasty (finally a decent
meal) and the museum exhibits were both educational and enjoyable.

The final day of the conference began with a 9 a.m. panel on "The Role
of Libraries on the Information Superhighway."  Carl Kadie, editor of
Computers and Academic Freedom News, described several cases in which
he had turned to library policies when recommending solutions to
computers and academic freedom problems.  Kadie explained that
libraries have adopted policies that protect free speech and free
access to information.  Next Bernard Margolis, director of Pikes Peak
Library District discussed the roles of libraries on the information
superhighway, describing libraries as on ramps, filling stations, and
driver training schools.  He also noted that as electronic resources
have been added to the Pikes Peak libraries, the demand for
traditional resources has not decreased.  Elaine Albright of the
University of Maine library described some of the issues related to
electronic information delivery currently being discussed by
librarians.  A pamphlet discussing these issues is available from the
American Library Association by contacting [email protected].

The next panel, "International Governance of Cyberspace: New Wine in
Old Bottles -- Or is it Time for New Bottles?" was another discussion
for the lawyers in attendance.  I got lost in the legal jargon as
panelist discussed whether cyberspace has sovereignty and what sort
of laws could be practically enforced there.  Panelist Herbert Burkett
described the net as "the greatest threat to national sovereignty
since the opening of the first McDonalds in Paris."  In the Q&A period,
cypherpunk Eric Hughes put the whole conversation in perspective (for me
at least) when, referring to people who use cryptography to hide their
identities, he asked "How is national sovereignty going to have
any effect if you can't find us?"

The final conference lunch featured more squash and short
presentations from three of the student paper competition winners (the
fourth winner, a student from the computers and society course I
taught last semester, was not able to attend the conference).

The first panel after lunch discussed "The Electronic Republic:
Delivery of Government Services over the Information Superhighway."
This was an interesting, but relatively low bandwidth session about
how governments can use information technology to collect and
disseminate information.  Panelists from information "kiosk" vendors
had nothing but praise for pilot projects in several states.  However,
Jeff Arnold of the Cook County circuit court raised a number of
concerns about allowing the public to access computerized court
records.  In particular he was concerned about people who want to use
court records to generate advertising mailing lists (a list of recent
divorcees or traffic offenders for example) and liability for
incorrect information.

The next panel, "Education and NREN, K-12" was quite interesting, but
not well attended.  (By this time most conference participants were
networking in the hallway outside the main conference room.)  The
panelists generally agreed that most schools are organized in a way
that is not reflected in the organization of the Internet.  Panelist
Steve Hodas explained that schools are usually organized into tidy
departments and that information flows mostly in one direction (from
book to student).  In addition schools generally regard the absence of
censorship as a system failure.  The Internet, on the other hand, is
not tidy, allows a two-way flow of information, and views censorship
as a system failure.  Hodas warned, as people rush in to protect schools
from the net, "we must remember to protect the net from the schools."
Panelist Philip Agre added, "American democracy is suffering, in part
because of educational practices."  Janet Murray, a school librarian,
gave a humorous presentation in which she emphasized the importance of
freedom of access to information.  "If you're worried about what students
can access on the Internet, think about what else they have access to," she
said as she displayed slides of racy material found in popular
news publications.

The final CFP94 session was titled "Guarding the Digital Persona."
The panelists first discussed the problem of too much personal
information finding its way into the hands of direct marketers.
Possible solutions discussed included requiring yellow-page style
advertising and creating a new legal fiction -- an electronic person
with the right to own money, communicate electronically, and not be
arbitrarily deleted.  The legal fiction suggestion was motivated by
the idea that it would be impossible to create useful profiles of
people if all the information about them was compartmentalized and
each compartment had a separate identity.  This idea seemed to be
bordering on science fiction, and thus the final speaker, science
fiction writer Bruce Sterling, seemed an appropriate choice to bat
cleanup.

I had considered writing an abstract for this lengthy report, but I
don't think I could do as good a job as Sterling did in his remarks.
I have read some of Sterling's books, but this was the first time I
have heard him speak.  I must say, the man can speak as well as he
writes, and he writes pretty darned well.  Sterling began his talk by
stating his general lack of concern about privacy.  "Being afraid of
monolithic organizations, especially when they have computers, is like
being afraid of really big gorillas, especially when they are on
fire," he explained.  "How can privacy abuses be kept a secret?"  He
then proceeded to describe what he will remember about CFP94.  He
characterized this conference (the fourth CFP) as "the darkest CFP by
far."  Referring to the administration's proposed encryption policy he
stated, "I see nothing but confrontation ahead."  Sterling reminded
the audience of David Lytel's unsettling key note address ("Who was
briefing that guy?") and Stewart Baker and the seven myths that the
NSA wants you to believe are not true ("a tone of intolerable
arrogance").  And he mentioned Dorothy Denning, one of the few Clipper
supporters in the computer science community.  Denning was not in
attendance this year, but she was worth mentioning because she was
certainly present in spirit.  Read the talk yourself if you see it
posted on the net.

I think Sterling identified what was on the minds of most conference
attendees.  While some attendees were extremely concerned about their
privacy, most had never really considered that they had anything to
hide, or even anything that anyone else really wanted to know.  And
yet, almost everyone was bothered by the Clipper proposal and the fact
that it would treat them as if they had something to hide.  Last
year's conference was much more animated and controversial.  People
were constantly complaining that there wasn't enough time for all
views to be heard.  This year there was much more harmony; but it
was a dark harmony.  The disagreements among panelists seemed
relatively insignificant when compared to the disagreement between
the people and their government.

Epilogue: As I rode the train out to the airport, I noticed an
advertisement for the Chicago Sun-Times "Social Security Sweepstakes."
It seems the Sun-Times is asking people to send in their names and
social security numbers for a chance to win a trip to Hawaii.  Is this
informed consent?

                            -- Lorrie Faith Cranor
                               March 27, 1994

------------------------------

End of Computer Underground Digest #6.29
************************************

You are viewing proxied material from gopher.661.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.