Computer underground Digest Wed Sep 21, 1994 Volume 6 : Issue 83

Computer underground Digest Wed Sep 21, 1994 Volume 6 : Issue 83
ISSN 1004-042X

Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Retiring Shadow Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Urban Legend Editor: E. Greg Shrdlugold

CONTENTS, #6.83 (Wed, Sep 21, 1994)

File 1--EPIC Letter on Wiretap Bill
File 2--EFF Policy Dir. Jerry Berman, 09/13/94 HR Testimony on DigTel bill
File 3--Dig Teleph Bill (HR 4922) to be marked up in Sen. Judic. Comm
File 4-- For CUD: Pizza by E-mail in Santa Cruz
File 5--One Hundred Reasons to Oppose the FBI Wiretap Bill (CPSR)
File 6--Cu Digest Header Information (unchanged)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

----------------------------------------------------------------------

Date: Wed, 21 Sep 1994 16:25:03 EST
From: David Sobel <[email protected]>
Subject: File 1--EPIC Letter on Wiretap Bill

EPIC Letter on Wiretap Bill
September 13, 1994

Hon. Jack Brooks
Chairman
Committee on the Judiciary
U.S. House of Representatives
2138 Rayburn House Office Bldg.
Washington, DC 20515

Dear Chairman Brooks:

We are writing with regard to H.R. 4922, the Federal Bureau
of Investigation's proposed wiretap legislation now pending before
the Judiciary Committee. As you know, the current bill is the
most recent version to emerge from a process that began more than
two years ago, when the FBI first sought legislation to ensure its
ability to conduct electronic surveillance through mandated design
changes in the nation's information infrastructure. The
Electronic Privacy Information Center (EPIC) has monitored that
process closely and has scrutinized the FBI's claims that remedial
legislation is necessary. EPIC has sponsored conferences at which
the need for such legislation was debated with the participation
of the law enforcement community, the telecommunications industry
and privacy advocates. We have also sought the disclosure of all
relevant information through a series of requests under the
Freedom of Information Act. Having thus examined the issue, EPIC
remains unconvinced of the necessity or advisability of the
pending bill.

The Need for the Proposed Legislation

As a threshold matter, we do not believe that a compelling
case has been made that new communications technologies hamper the
ability of law enforcement agencies to execute court orders for
electronic surveillance. For more than two years, EPIC has sought
the public disclosure of any FBI records that might document the
alleged problem. To date, no such documentation has been
released. We recently initiated litigation under the FOIA in
federal district court seeking disclosure of two internal FBI
surveys cited by Director Freeh in support of the proposed
legislation. Through earlier litigation we discovered that no FBI
field offices had reported technical difficulties in executing
court-ordered electronic surveillance. In fact, several field
offices reported that they had not encountered such problems.

Without public scrutiny of factual information on the nature
and extent of the alleged technological impediments to
surveillance, the FBI's claims remain anecdotal and speculative.
Indeed, representatives of the telecommunications industry have
consistently maintained that they are unaware of any instances in
which a communications carrier has been unable to comply with law
enforcement's requirements. For instance, in Congressional
testimony on March 18, 1994, Roy Neel, President of the United
States Telephone Association stated that,

In the quarter century since the federal government
first authorized court ordered wiretaps there have been
tens of thousands of requests for assistance from local
telephone exchange companies. In virtually every
instance the local telephone company provided the
appropriate law enforcement authority with the timely
assistance it needed to effect the intercept.

Under these circumstances, the nation should not embark upon
a costly and potentially dangerous re-design of its telecommunica-
tions network solely to protect the viability of fewer than 1000
annual surveillances against wholly speculative impediments.

Increased Risk of Network Vulnerability

Our nation's communications infrastructure has never before
been designed with the stated purpose of facilitating the
interception of private communications. The proposed legislation
would require, for the first time, that the telephone network must
have vulnerabilities intentionally built into it. The potential
pitfalls of such a course are apparent. As the General Services
Administration noted in its analysis of an earlier version of the
FBI's proposal (which we obtained under the FOIA),

The proposed legislation would assist eavesdropping by
law enforcement, but it would also apply to users who
acquire the new technology capability and make it easier
for criminals, terrorists, foreign intelligence (spies)
and computer hackers to electronically penetrate the
phone network and pry into areas previously not open to
snooping. This situation of easier access due to new
technology changes could therefore affect national
security.

As your report on the Computer Security Act of 1987 noted,
"lack of computer security is a serious problem since such systems
are the core of every modern organization." H. Rpt. 100-153, Part
2, at 10. With an ever-increasing flow of sensitive commercial
and personal information traveling through the communications
infrastructure, we should be seeking to strengthen the security of
those transmissions. Unfortunately, as the GSA recognized, the
pending legislation is likely to have the precise opposite effect
on communications security.

A Threat to Privacy in the Future

We also believe that the proposed legislation would establish
a dangerous precedent for the future. While the FBI claims that
the legislation would not enhance its surveillance powers beyond
those contained in existing law, the pending bill represents a
fundamental change in the law's approach to electronic
surveillance and police powers generally. The legislation would,
for the first time, mandate that our means of communications must
be designed to facilitate government interception. While we as a
society have always recognized law enforcement's need to obtain
investigative information upon presentation of a judicial warrant,
we have never accepted the notion that the success of such a
search must be guaranteed. By mandating the success of police
searches through the re-design of the telephone network, the
proposed legislation breaks troubling new ground. The principle
underlying the pending bill could easily be applied to all
emerging information technologies and be incorporated into the
design of the National Information Infrastructure. It could also
soon lead to the prohibition of encryption techniques other than
government-designed "key escrow" or "Clipper" type systems.

In short, EPIC believes that the proposed FBI wiretap bill
raises substantial civil liberties and privacy concerns. The
present need for the legislation has not been established and its
future implications are frightening. In the spring of 1992, you
convened hearings on law enforcement's claimed need to restrict
the development and use of privacy-enhancing encryption
technology. You observed that "the decisions we make in this area
could have a profound impact on the future of U.S. industry and
our society as a whole." We share your concern and urge you to
examine closely both the claimed need for H.R. 4922 and its
desirability for our democratic society.

Sincerely,

______________________________ ______________________________
Marc Rotenberg David L. Sobel
Director Legal Counsel

------------------------------

Date: Wed, 21 Sep 1994 16:22:11 EST
From: [email protected] (Stanton McCandlish)
Subject: File 2--EFF Policy Dir. Jerry Berman, 09/13/94 HR Testimony on DigTel b
ill

Electronic Frontier Foundation

Testimony of

Jerry J. Berman, Policy Director
Electronic Frontier Foundation

before the

United States House Of Representatives
Committee on Energy and Commerce
Subcommittee On Telecommunications and Finance

Hearing on

Digital Telephony Legislation (H.R. 4922)

September 13, 1994

Chairman Markey and Members of the Subcommittee:

I want to thank you for the opportunity to testify today on the
recently introduced Digital Telephony bill (H.R. 4922, S. 2375). Over
the past several years under the leadership of Chairman Markey,
Representatives Fields, Boucher, and others, the Subcommittee has
demonstrated knowledge, sensitivity, and vision in crafting our nation's
telecommunications policy. I am pleased that the Subcommittee has
chosen to apply its experience and expertise to the extraordinarily
complex issues posed by the Digital Telephony legislation.
The Electronic Frontier Foundation (EFF) is a public interest
membership organization dedicated to achieving the democratic potential
of new communications and computer technology and works to protect civil
liberties in new digital environments. EFF also coordinates the Digital
Privacy and Security Working Group (DPSWG), a coalition of more than 50
computer, communications, and public interest organizations and
associations working on communications privacy issues. I am testifying
today, however, only on behalf of EFF.
Since 1992, the Electronic Frontier Foundation has opposed a
series of FBI Digital Telephony proposals, each of which would have
forced communications companies to install wiretap capability into every
communications network. However, earlier this year, when it became
apparent that some version of the bill would pass the Congress, Senator
Patrick Leahy and Representative Don Edwards asked EFF, along with
computer and communications industry groups, to participate in a process
that would yield a narrow bill that both met law enforcement needs and
had strong privacy protections. The result of that process is the bill
before us today.
EFF remains deeply troubled by the prospect of the federal
government requiring communications networks to be made "wiretap ready,"
but we believe that this legislation is substantially less intrusive
that the original FBI proposals. If Congress is going to act in this
area, it should work to improve and pass this version of the
legislation.
As I testified to before a joint hearing of the House Subcommittee
on Civil and Constitutional Rights and the Senate Subcommittee on
Technology and the Law on August 11, 1994, we have worked diligently on
this legislation with all interested parties in an effort to strike a
careful balance between law enforcement's ability to conduct electronic
surveillance and the more important public good -- the right to privacy
guaranteed by the 4th amendment. The bill strikes this balance in a
number of critical areas:

* Law enforcement gains no additional authority to conduct
electronic surveillance. The warrant requirements specified
under current law remain unchanged

* The standard for law enforcement access to online
transactional records is raised to require a court order
instead of a mere subpoena

* Information gleaned from pen register devices is limited to dialed
number information only. Law enforcement may not receive
location-specific information

* The bill does not preclude a citizen's right to use encryption

* Privacy must be maintained in making new technologies
conform to the requirements of the bill and privacy groups
may intervene in the administrative standard-setting
process.

However, Mr. Chairman, the effectiveness of these privacy
protections, as well as the future of technological innovation and the
deployment of advanced telecommunications services to the American
public, turn on one critical issue which remains to be addressed: Who
assumes the risk and pays the cost of complying with the bill's
requirements? The government or industry?
EFF believes that allocating the risk and cost to industry will
place privacy and security at risk if industry is required to foot the
bill for unnecessary or unwarranted surveillance capabilities.
Similarly, privacy may be shortchanged if industry takes short cuts to
save costs in meeting the legislation's requirements. Industry may
also be discouraged from deploying new and innovative technologies
because of the costs of law enforcement compliance features. Finally,
public accountability is undermined by making potentially significant
law enforcement costs without public scrutiny and debate. In our view,
the public interest can only be served if government assumes the risk
and pays the costs of compliance. While effective law enforcement may
be in the public interest, it should not come at the expense of other
public goods -- privacy, public accountability, and technological
innovation. To resolve this issue, we believe that the legislation
should be amended to require government to pay all reasonable costs
incurred to meet the statute's requirements on an ongoing basis.

A. Linkage of cost to compliance requirements in the first four
years -- the FBI gets what it pays for and no more

The bill authorizes, but does not appropriate, $500 million to be
spent by the government in reimbursing telecommunications carriers for
bringing their networks into compliance with the bill within the first
four years of enactment. The FBI maintains that this is enough money to
cover all reasonable expenses of retrofitting. The industry, however,
has consistently maintained that the costs are five to ten times higher.
Given the FBI's confidence in their cost estimate, we believe that
telecommunications carriers should only be required to comply to the
extent that they have been reimbursed.
In his testimony before a joint hearing of the House Subcommittee
on Civil and Constitutional Rights and the Senate Subcommittee on
Technology and the Law on August 11, 1994, the FBI director stated that
"I think it would be [...] extremely unlikely for a district court judge
in the process which is contemplated by this legislation to force
compliance or use of any sanctions when compliance is impossible because
of the non-reimbursement which is the predicate in the legislation".
Based on the Director's previous testimony and other discussions with
the FBI, EFF believes that the bill should include a provision to
directly link telecommunications carriers liability with government
reimbursement for retrofitting.

B. Government reimbursement for compliance costs after four years
-- public accountability necessary

The problem, Mr. Chairman, is that under the current bill, the
government is not responsible for paying the cost of meeting the
mandated capability requirements after four years, particularly with
respect to new services. The FBI has repeatedly argued that the costs
for incorporating surveillance capabilities in new services at the
design stage will be de minimis, a contention which most industry
representatives and EFF believe may not be correct.
As this Subcommittee is aware, it is impossible to estimate
compliance costs for technologies which are not even on the drawing
boards. The way to resolve the issue is to have the government assume
the risks.
If costs for compliance after four years are truly de minimis,
then the expenses born by the taxpayers will be minimal. If, however,
costs are substantial, the government should pay. This will insure that
the government, on a case-by-case basis and with an opportunity for
public oversight, determines if compliance is significant enough to pay
for out of taxpayers' funds. This will also ensure that the government
sets law enforcement priorities.
As I stated earlier, if the telecommunications industry is
responsible for all future compliance costs, it may be forced to accept
solutions which short-cut the privacy and security of telecommunications
networks, or be forced to leave advanced features on the shelf, slowing
technological innovation and the development of the NII. Linking
compliance to government reimbursement in the out years also has the
added benefit of providing public oversight and accountability for law
enforcement surveillance capability.
The drafters of this legislation have wisely included public
oversight of government surveillance expenditures in the first four
years. This same principal should be applied to out year compliance
costs.

C. Ensure the right to deploy untappable services

The enforcement provisions of the bill suggest, but do not state
explicitly, that services which are untappable may be deployed.
Having worked for many years towards the goal of promoting the
development of the NII, the members of this Subcommittee are clearly
aware that its promise and potential rest on the deployment of advanced
technologies and services. EFF remains deeply concerned that
technological innovation and the deployment of advanced
telecommunications services to the public may be stifled if
telecommunications carriers are forced to incur huge costs for
compliance, or if the Government is allowed to prohibit a new feature or
service from being deployed. Although EFF believes that the bill
intends to allow carriers to deploy untappable features or services,
the bill must clearly state that if it is technically and economically
unreasonable to make a service tappable, or if the government has failed
to reimburse a carrier for compliance costs, then it may be deployed,
without interference by a court. Making the government responsible for
all reasonable costs of having new services comply with the legislation
will go a long way to insuring that this legislation will not be a drag
on innovation.

D. Additional areas where strengthening is necessary

In addition to our concerns about compliance costs, EFF believes
that the bill requires strengthening in the following areas before final
passage:

1. Strengthened public process

In the first four years of the bill's implementation, most of the
requests that law enforcement makes to carriers are required to be
recorded in the public record. However, additional demands for
compliance after that time are only required to be made by written
notice to the carrier. To facilitate public scrutiny, the bill should
require all compliance requirements, whether initial requests or
subsequent modification, must be recorded in the Federal Register.

2. Clarify definition of call identifying information

The definition of call identifying information in the bill is too
broad. Whether intentionally or not, the term now covers network
signaling information of networks which are beyond the scope of the
bill. As drafted, the definition would appear to require
telecommunications carriers to deliver not only the signaling
information generated by their own services, but also the signaling
information generated by information services and electronic
communication services that travel over the facilities of the
telecommunication carrier. In many cases this may be technically
impractical. Moreover, it is contrary to the policy adopted by the bill
to maintain a narrow scope.

3. Review of minimization requirements in view of commingled
communications

The bill implicitly contemplates that law enforcement, in some
cases, will intercept large bundles of communications, some of which are
from subscribers who are not subject of wiretap orders. For example,
when tapping a single individual whose calls are handled by a PBX, law
enforcement may sweep in calls of other individuals as well. Currently
the Constitution and Title III requires "minimization" procedures in all
wiretaps, to minimize the intrusion on the privacy of conversations not
covered by a court's wiretap order. In the world of 1968, when the
original Wiretap Act was passed, most subscribers telecommunications
facilities carried single conversations on single lines. But today,
many conversations are co-mingled on one broadband communications
facility. In order to ensure that constitutionally-mandated
minimization is maintained, the bill should recognize that stronger
minimization procedures may be required.

E. New privacy protections

The Digital Telephony legislation before us includes significant
recognition that new communication technologies, and new patterns of
technology use, require new privacy protections. Thanks to the work of
Senator Leahy and Representative Edwards and Senator Biden, the bill
contains a number of significant privacy advances, including enhanced
protection for the detailed transactional information records generated
by online information services, email systems, and the Internet. These
protections should remain in the legislation.

1. Expanded protection for transactional records sought by law
enforcement

Chief among these new protections is an enhanced protection for
transactional records from indiscriminate law enforcement access. For
purposes of maintenance and billing, most online communication and
information systems create detailed records of users' communication
activities as well as lists of the information that they have accessed.
Provisions in the bill recognize that this transactional information
created by new digital communications systems is extremely sensitive and
deserves a high degree of protection from casual law enforcement access
which is currently possible without any independent judicial
supervision.
EFF commends the authors of this legislation for recognizing that
law enforcement access to transactional records in online communication
systems (everything from the Internet to America OnLine to hobbyist
BBSs) threatens privacy rights. Indiscriminate access to transactional
records implicates privacy interests because:

* the records are personally identifiable,
* they reveal the content of people's communications, and,
* the compilation of such records makes it easy for law enforcement
to create a detailed picture of people's lives online.

Based on this recognition, the draft bill contains the following
provisions:

* Court order required for access to transactional records instead
of mere subpoena

In order to gain access to transactional records, such as a list
of to whom a subject sent email, which online discussion group one
subscribes to, or which movies a subject requested on a pay-per view
channel, law enforcement will have to prove to a court, by the showing
of "specific and articulable facts" that the records requested are
relevant to an ongoing criminal investigation. This means that the
government may not request volumes of transactional records merely to
see what it can find through traffic analysis. Rather, law enforcement
will have to prove to a court that it has reason to believe that it will
find specific information relevant to an ongoing criminal investigation
in the records it requests.
With these provisions, we have achieved for all online systems a
significantly greater level of protection than exists today for records
such as email logs, and greater protection than currently exists for
telephone toll records. The lists of telephone calls that are kept by
local and long distance phone companies are available to law enforcement
without any judicial intervention at all. Law enforcement gains access
to hundreds of thousands of such telephone records each year, without a
warrant and without even notice to the citizens involved. Court order
protection will make it much more difficult for law enforcement to go on
"fishing expeditions" through online transactional records, hoping to
find evidence of a crime by accident. We have also submitted a detailed
memorandum on the importance of protection and would ask that this
document be included in the record of these proceedings along with this
testimony.

* Standard of proof much greater than for telephone toll records,
but below that for content

The most important change that these new provisions offer is that
law enforcement will: (a) have to convince a judge that there is reason
to look at a particular set of records, and; (b) have to expend the time
and energy necessary to have a United States Attorney or District
Attorney actually present a case before a court. However, the burden of
proof to be met by the government in such a proceeding is lower than
required for access to the content of a communication.

2. New protection for location-specific information available in
cellular, PCS and other advanced networks

Much of the electronic surveillance conducted by law enforcement
today involves gathering telephone dialing information through a device
known as a pen register. Authority to attach pen registers is obtained
merely by asserting that the information would be relevant to a criminal
investigation. Under current law, courts must approve pen register
requests without any substantive review of the basis for law
enforcement's request. This legislation offers significant new limits on
the use of pen register data.
Under this bill, when law enforcement seeks pen register
information from a telecommunications carrier, the carrier is forbidden
to deliver to law enforcement any information which would disclose the
location or movement of the calling or called party. Cellular phone
networks, PCS systems, and so-called "follow-me" services all store
location information in their networks. This new limitation is a major
safeguard which will prevent law enforcement from casually using mobile
and intelligent communications services as nation-wide tracking systems.

3. New limitations on "pen register" authority

Contemporary uses of pen registers also involve substantial
privacy invasion, even aside from location information. Currently, law
enforcement is able to use pen registers to capture not only the
telephone number dialed, but also any other touch-tone digits dialed
which reflect the user's interaction with an automated information
service on the other end of the line, such as an automatic banking
system or a voice-mail password. If this bill is enacted, law
enforcement would be required to use "technology reasonably available"
to limit pen registers to the collection of calling number information
only. We are aware that new pen register devices are now on the market
which automatically screen out all dialed digits except for the actual
telephone numbers. Just as this bill would require telecommunications
carriers to deploy technology which facilitates taps, we believe that
law enforcement should be required to deploy technology which shields
users communications from unauthorized invasion.

4. Bill does not preclude use of encryption

Unlike previous Digital Telephony proposals, this bill places no
obligation on telecommunication carriers to decipher encrypted messages,
unless the carrier actually holds the key to the message as well.

5. Automated remote monitoring precluded

Law enforcement is specifically precluded from having automated,
remote surveillance capability. Any court-ordered electronic
surveillance must be initiated by an employee of the telecommunications
carrier, upon request by law enforcement. Maintaining operational
separation between law enforcement agents and communication networks is
an important privacy safeguard.

6. Privacy considerations essential to development of new technology

One of the requirements that telecommunications carriers must meet
to be in compliance with the bill is that the wiretap access methods
adopted must protect the privacy and security of each user's
communication. If this requirement is not met, anyone may petition the
FCC to have the wiretap access requirements modified so that network
security is maintained. This requirement, just like those designed to
serve law enforcement's needs, must be carefully implemented and
monitored so that the technology used to conduct wiretaps cannot also
jeopardize the security of the network as a whole. If network-wide
security problems arise because of wiretapping standards, then the
standards should be overturned.

F. Improvements over previous Administration proposals

In addition to the privacy protections added to this bill, we also
note that the surveillance requirements are not as far-reaching as the
original FBI version. A number of procedural safeguards are added which
seek to minimize the threatens to privacy, security, and innovation.
Though the underlying premise of the bill is still cause for concern,
these new limitations deserve attention:

1. Narrow Scope

The bill explicitly excludes Internet providers, email systems,
BBSs, and other online services. Unlike the bills previously proposed by
the FBI, this bill is limited to local and long distance telephone
companies, cellular and PCS providers, and other common carriers.

2. Open process with public right of intervention

The public will have access to information about the
implementation of the bill, including open access to all standards
adopted in compliance with the bill, the details of how much wiretap
capacity the government demands, and a detailed accounting of all
federal money paid to carriers for modifications to their networks.
Privacy groups, industry interests, and anyone else has a statutory
right under this bill to challenge implementation steps taken by law
enforcement if they threaten privacy or impede technology advancement.

3. Technical requirements standards developed by industry instead of
the Attorney General

All surveillance requirements are to be implemented according to
standards developed by industry groups. The government is specifically
precluded from forcing any particular technical standard, and all
requirements are qualified by notions of economic and technical
reasonableness.

4. Right to deploy untappable services

Unlike the original FBI proposal, this bill recognizes that there
may be services which are untappable, even with Herculean effort to
accommodate surveillance needs. We understand that the bill intends to
allow untappable services to be deployed if redesign is not economically
or technically feasible. These provisions, however, should be
clarified.

G. Conclusion

In closing, I would like to thank Chairman Markey and members of
the Subcommittee, as well as others who have worked so hard on this
legislation. The Electronic Frontier Foundation looks forward to
working with all of you as the bill moves through the legislative
process.

------------------------------

Date: Thu, 22 Sep 1994 00:27:05 -0400 (EDT)
From: "Shabbir J. Safdar" <[email protected]>
Subject: File 3--Dig Teleph Bill (HR 4922) to be marked up in Sen. Judic. Comm

DISTRIBUTE WIDELY (though no later than October 15, 1994)

[If you've only got 2 minutes, skip down to the "What You Can Do"
section.

The place to concentrate grass-roots efforts is now the Senate! The
Senate half of this bill is about to be "marked up" in the Judiciary
Committee. This is a great time to stop it. Your Senator needs to
hear from you!]

The FBI's Wiretap bills (also known as the DT - Digital Telephony bills)
mandate that *all* communications carriers must provide wiretap-ready
equipment so that the FBI can more easily implement their court-ordered
wiretaps more easily. The costs of re-engineering all communications
equipment will be borne by the government, industry and consumers.

The bill is vague and the standards defining "wiretap ready" do not
exist. Furthermore, the FBI has yet to make a case which demonstrates
that they have been unable to implement a single wiretap. Although
we as a society have accepted law enforcement's need to perform
wiretaps, it is not reasonable to mandate this functionality as a part
of the design. In itself, that would be an important balance. However
without any proof that this is indeed a realistic and present problem,
it is unacceptable and premature to pass this legislation today.

The Voters Telecomm Watch (VTW) does not believe the FBI has made a
compelling case to justify that all Americans give up their privacy.
Furthermore, the VTW does not believe the case has been made to justify
spending 500 million Federal dollars over the next 4 years to
re-engineer equipment to compromise privacy, interfere with
telecommunications privacy, and fulfill an unproven government need.

WHAT YOU CAN DO
========================
You can help stop this legislation before it is too late!
Contact your Senators, especially if they're on the Judiciary
Committee. Faxes are best, phone calls are second best; email
is probably not the greatest method of showing your opposition.
Congress just doesn't handle email well yet.

Step 1.
Figure out which state you're in. :-)
Find your two Senators on the lists appended.

Step 2. Pick up the phone, or type up your letter.

Step 3. Express your opinion. If you're at a loss for words, use
our sample communique below:

SAMPLE PHONE CALL

The FBI's Digital Telephony bill (SB 2375) affects the delicate
balance between the public's privacy and law enforcement's need
to perform wiretaps. It will require huge unknown amounts of
funding, and its need has not yet been justified by the FBI to
the public.

Please vote against SB 2375.

Thank you,

___________________

SAMPLE FAX
Dear Honorable Senator _______________,

The FBI's Digital Telephony bill (SB 2375) disturbs me
greatly. The FBI has not yet made their case to the public
that we need to build wiretap functionality into the telephones
of 250 million people to justify wiretaps which have not yet
been proven to be difficult to implement.

Furthermore, no one has yet explained how we as a nation are
going to pay for the costs of this bill, which are at least 500
million dollars and likely to be higher.

The bill would clearly compromise the privacy of all Americans
with no counterbalancing benefit to either law enforcement or
the public. The FBI has not yet demonstrated to the public a
need for this.

I urge you to oppose the Digital Telephony bill (SB 2375).

Sincerely,

___________________

Step 4. Feel good about yourself. You've just participated in democracy
without leaving your seat.

Step 5. [Extra special bonus step for activists :-]
Before you hang up, ask your Senator's staff member what
their position is on SB 2375. It's not an unreasonable question,
they were elected to represent people like you. Mail the answer
to [email protected]. We believe in making legislators accountable
for their positions.

For more information about the Digital Telephony bills, check the
Voters Telecomm Watch gopher site (gopher.panix.com) or contact Steven
Cherry, VTW Press Contact at (718) 596-2851 or [email protected].

VTW posts a Digital Telephony FAQ monthly to several Usenet newsgroups
including comp.org.cpsr.talk and comp.org.eff.talk. Look for it or
contact us at [email protected] for a copy.

List of Senators on the Judiciary Committee:
p st name phone fax
========================
D DE Biden Jr., Joseph R. 1-202-224-5042 na
Note: Sen. Biden is both the Chairman and a cosponsor of the bill
R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331
D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417
R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300
D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519
R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315
D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302
R IA Grassley, Charles E. 1-202-224-3744 na
D VT Leahy, Patrick J. 1-202-224-4242 na
Note: Sen. Leahy is the bill's sponsor
R PA Specter, Arlen 1-202-224-4254 na
D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149
R CO Brown, Henry 1-202-224-5941 na
D IL Simon, Paul 1-202-224-2152 1-202-224-0868
R ME Cohen, William S. 1-202-224-2523 1-202-224-2693
D WI Kohl, Herbert H. 1-202-224-5653 na
R SD Pressler, Larry 1-202-224-5842 1-202-224-1630
D CA Feinstein, Diane 1-202-224-3841 na
D IL Moseley-Braun, Carol 1-202-224-2854 na

Complete list of Senators:
p st name phone fax
========================
R AK Murkowski, Frank H. 1-202-224-6665 1-202-224-5301
R AK Stevens, Ted 1-202-224-3004 1-202-224-1044
D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149
D AL Shelby, Richard C. 1-202-224-5744 1-202-224-3416
D AR Bumpers, Dale 1-202-224-4843 1-202-224-6435
D AR Pryor, David 1-202-224-2353 na
D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302
R AZ McCain, John 1-202-224-2235 na
D CA Boxer, Barbara 1-202-225-5161 na
D CA Feinstein, Diane 1-202-224-3841 na
D CO Campbell, Ben N. 1-202-225-4761 1-202-225-0228
R CO Brown, Henry 1-202-224-5941 na
D CT Dodd, Christopher J. 1-202-224-2823 na
D CT Lieberman, Joseph I. 1-202-224-4041 1-202-224-9750
D DE Biden Jr., Joseph R. 1-202-224-5042 na
R DE Roth Jr., William V. 1-202-224-2441 1-202-224-2805
D FL Graham, Robert 1-202-224-3041 na
R FL Mack, Connie 1-202-224-5274 1-202-224-8022
D GA Nunn, Samuel 1-202-224-3521 1-202-224-0072
R GA Coverdell, Paul 1-202-224-3643 na
D HI Akaka, Daniel K. 1-202-224-6361 1-202-224-2126
D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747
D IA Harkin, Thomas 1-202-224-3254 1-202-224-7431
R IA Grassley, Charles E. 1-202-224-3744 na
R ID Craig, Larry E. 1-202-224-2752 1-202-224-2573
R ID Kempthorne, Dirk 1-202-224-6142 1-202-224-5893
D IL Moseley-Braun, Carol 1-202-224-2854 na
D IL Simon, Paul 1-202-224-2152 1-202-224-0868
R IN Coats, Daniel R. 1-202-224-5623 1-202-224-8964
R IN Lugar, Richard G. 1-202-224-4814 na
R KS Dole, Robert 1-202-224-6521 1-202-224-8952
R KS Kassebaum, Nancy L. 1-202-224-4774 1-202-224-3514
D KY Ford, Wendell H. 1-202-224-4343 na
R KY McConnell, Mitch 1-202-224-2541 1-202-224-2499
D LA Breaux, John B. 1-202-224-4623 na
D LA Johnston, J. Bennett 1-202-224-5824 na
D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417
D MA Kerry, John F. 1-202-224-2742 na
D MD Mikulski, Barbara A. 1-202-224-4654 1-202-224-8858
D MD Sarbanes, Paul S. 1-202-224-4524 1-202-224-1651
D ME Mitchell, George J. 1-202-224-5344 na
R ME Cohen, William S. 1-202-224-2523 1-202-224-2693
D MI Levin, Carl 1-202-224-6221 na
D MI Riegle Jr., Donald 1-202-224-4822 1-202-224-8834
D MN Wellstone, Paul 1-202-224-5641 1-202-224-8438
R MN Durenberger, David 1-202-224-3244 na
R MO Bond, Christopher S. 1-202-224-5721 1-202-224-8149
R MO Danforth, John C. 1-202-224-6154 na
R MS Cochran, Thad 1-202-224-5054 na
R MS Lott, Trent 1-202-224-6253 1-202-224-2262
D MT Baucus, Max 1-202-224-2651 na
R MT Burns, Conrad R. 1-202-224-2644 1-202-224-8594
R NC Faircloth, D. M. 1-202-224-3154 1-202-224-7406
R NC Helms, Jesse 1-202-224-6342 na
D ND Conrad, Kent 1-202-224-2043 na
D ND Dorgan, Byron L. 1-202-225-2611 1-202-225-9436
D NE Exon, J. J. 1-202-224-4224 na
D NE Kerrey, Joseph R. 1-202-224-6551 1-202-224-7645
R NH Gregg, Judd 1-202-224-3324 na
R NH Smith, Robert 1-202-224-2841 1-202-224-1353
D NJ Bradley, William 1-202-224-3224 1-202-224-8567
D NJ Lautenberg, Frank R. 1-202-224-4744 1-202-224-9707
D NM Bingaman, Jeff 1-202-224-5521 na
R NM Domenici, Pete V. 1-202-224-6621 1-202-224-7371
D NV Bryan, Richard H. 1-202-224-6244 na
D NV Reid, Harry 1-202-224-3542 1-202-224-7327
D NY Moynihan, Daniel P. 1-202-224-4451 1-202-224-9293
R NY D'Amato, Alfonse M. 1-202-224-6542 1-202-224-5871
D OH Glenn, John 1-202-224-3353 na
D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519
D OK Boren, David L. 1-202-224-4721 na
R OK Nickles, Donald 1-202-224-5754 1-202-224-6008
R OR Hatfield, Mark O. 1-202-224-3753 na
R OR Packwood, Robert 1-202-224-5244 na
D PA Wofford, Harris 1-202-224-6324 1-202-224-4161
R PA Specter, Arlen 1-202-224-4254 na
D RI Pell, Claiborne 1-202-224-4642 1-202-224-4680
R RI Chafee, John H. 1-202-224-2921 na
D SC Hollings, Ernest F. 1-202-224-6121 na
R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300
D SD Daschle, Thomas A. 1-202-224-2321 1-202-224-2047
R SD Pressler, Larry 1-202-224-5842 1-202-224-1630
D TN Mathews, Harlan 1-202-224-1036 1-202-228-3679
D TN Sasser, James 1-202-224-3344 na
D TX Krueger, Robert 1-202-224-5922 na
R TX Gramm, Phil 1-202-224-2934 na
R UT Bennett, Robert 1-202-224-5444 na
R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331
D VA Robb, Charles S. 1-202-224-4024 1-202-224-8689
R VA Warner, John W. 1-202-224-2023 1-202-224-6295
D VT Leahy, Patrick J. 1-202-224-4242 na
R VT Jeffords, James M. 1-202-224-5141 na
D WA Murray, Patty 1-202-224-2621 1-202-224-0238
R WA Gorton, Slade 1-202-224-3441 1-202-224-9393
D WI Feingold, Russell 1-202-224-5323 na
D WI Kohl, Herbert H. 1-202-224-5653 na
D WV Byrd, Robert C. 1-202-224-3954 1-202-224-4025
D WV Rockefeller, John D. 1-202-224-6472 1-202-224-1689
R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315
R WY Wallop, Malcolm 1-202-224-6441 1-202-224-3230

------------------------------

Date: Fri, 16 Sep 1994 18:27 CDT
From: Bill Higgins-- Beam Jockey <[email protected]>
Subject: File 4-- For CUD: Pizza by E-mail in Santa Cruz

In Santa Cruz, a Pizza Hut will now accept pizza delivery orders by
e-mail. Wow.

After a much-forwarded press release landed in my mailbox, I phoned
one of the numbers to see if it was a hoax (well, if it is, at least
they have the phones covered convincingly), then fired up Mosaic to
look at the WWW page. I append some excerpts from the press release
and an account of the project snagged (with permission) from one of
the PizzaNet Web pages.

History has been made. Ordering pizza from your computer. It's the
fulfillment of a hacker dream at least as old as computer networking.
(Is this indeed the first time such a service has been available?)

Bill Higgins Internet: [email protected]
Fermi National Accelerator Laboratory Bitnet: [email protected]
=========
FOR IMMEDIATE RELEASE CONTACT:

Rob Doughty Elisheva Steiner
Pizza Hut, Inc. The Santa Cruz Operation, Inc.
TEL: 316/681-9602 TEL: 408/427-7252

SCO AND PIZZA HUT ANNOUNCE PILOT PROGRAM
FOR PIZZA DELIVERY ON THE INTERNET

"PizzaNet'' Program Enables Computer Users
to Electronically Order Deliveries

WICHITA, KS AND SANTA CRUZ, CA, SCO FORUM94 (August 22, 1994) --
(NASDAQ:SCOC) In a revolutionary spin on business use of the
Information Superhighway, The Santa Cruz Operation, Inc. (SCO)
and Pizza Hut, Inc. today announced "PizzaNet," a pilot program
that enables computer users, for the first time, to
electronically order pizza delivery from their local Pizza Hut
restaurant via the worldwide Internet.

Pizza Hut will launch the PizzaNet pilot in the Santa Cruz area
on August 22 and use it to study the feasibility of expanding the
program to other cities in the U.S. and around the world.
Technology for the pilot program includes the SCO Global Access
product, an integrated Internet business server solution. The SCO
Global Access incorporates advanced NCSA Mosaic software for
browsing the Internet, and the custom "PizzaNet" application
software developed by SCO's Professional Services organization.

[...]

To participate in the PizzaNet Pilot, customers in the Santa Cruz
area need computers with Internet access and any version of
Mosaic, such as Windows, Mac, or UNIX. Customers use the
Internet's World Wide Web to access the centralized PizzaNet
server at Pizza Hut Headquarters in Wichita, Kansas. This 486
system runs SCO Open Server and SCO Global Access software, using
the Mosaic and Hypertext Transfer Protocol to present customers
with a customized menu page for ordering pizza deliveries. Mosaic
is widely used at many technology companies, government agencies,
and universities. It is rapidly being adopted by many business
and home users in response to the continuing availability of new
and innovative business and information services.

The customer uses the menu pages to enter name, address, and
phone information, along with orders for pizza and beverages. The
order is then transmitted via the Internet back to Wichita, and
then relayed via modem and conventional phone lines to the SCO
Open Server system at the customer's nearest Pizza Hut
restaurant. The local restaurant can then telephone first-time
users to verify orders. All money changes hand at the point of
delivery.

[...]

Santa Cruz Internet users can access PizzaNet by entering
http://www.pizzahut.com. To obtain more information on SCO via
the Internet, enter http://www.sco.com.

[End of press release. Text of WWW page with URL
http://www.pizzahut.com/team.html begins:]

The PizzaNet Team

PizzaNet is the brainchild of two cooperating companies: Pizza Hut
Inc. (PHI), and The Santa Cruz Operation (SCO).

In particular, it was conceived by Jon Payne (PHI), and Doug Michels
(SCO) while in a meeting discussing potential uses for the
``Information Super-Highway.''

The idea sort of stewed for a while, until Jon contacted SCO
Professional Services, to see if he could get some help implementing
this idea. From there, Phil Neuman (SCO's webmaster) and Steph Marr
(SCO chief consultant on the project) sat down to figure out if this
scheme the bosses had cooked up was really do-able.

Apparently, they decided it was.

Jon provided some initial screen layouts, while Phil and Steph tried
to figure a transaction flow that could be dealt with in HTML forms.
Kurt Schmidt (PHI) was trying to figure out a way to interface into
the existing SCO-based branch automation system used in Pizza Hut
stores. Kurt made this as painless as possible by tying into an
existing interface used by Pizza Hut Customer Service Centers.

With the initial forms done, Steph left Santa Cruz (phil was replacing
SCO's Web Server with a new system at the time), and went to Wichita
to work on integration with Kurt and PHOEBE (the Pizza Hut Order Entry
Back End) and to help get the 56Kbps Alternet link to the Internet up
and running.

After a few false starts, a few hundred cups of coffee, and only a
couple of weeks, the link was made, and the first pizza was ordered
and delivered (to Phil in Santa Cruz) on Friday, 12 August, 1994.

The system is now in pilot test within Santa Cruz; given that it is
successful there, it will become available for use throughout
Cyberspace where ever Pizza Hut stores are within delivery distance.

Pizza in Cyberspace.

Well, if you're going to have food here, it might as well be Pizza.

Sorry, there's no beer. :-)

PizzaNet Services / Pizza Hut Inc. / [email protected]

------------------------------

Date: Fri, 16 Sep 1994 14:06:07 EST
From: Marc Rotenberg <[email protected]>
Subject: File 5--One Hundred Reasons to Oppose the FBI Wiretap Bill (CPSR)

((CuD MODERATORS' NOTE: CPSR is compiling a list of reasons to oppose
the FBI Wiretap Bill (HR 4922). CuD will reprint them periodically,
and we produce the first three here. HR 4922 is opposed by a broad
spectrum of organizations and citizens, because it greatly expands the
FBI's ability to intercept electronic communications. The complete
text of HR 4922 was reprinted in CuD 6.73).

100 Reasons to Oppose the FBI Wiretap Bill

REASON 2: The Constitution protects the right of privacy, not the use
of wiretap.

Privacy is a Constitutional right. The Fourth Amendment protects
privacy and the right of individuals to be free from unreasonable
search and seizure. Wiretapping is permitted by federal statute only
in narrow circumstances. It has no Constitutional basis. Congress
could outlaw all wiretapping tomorrow if it chose to do so, but it
could not easily repeal the Fourth Amendment.

REASON 21: The wiretap bill mandates new technologies for data
surveillance

The wiretap bill says that "a telecommunications carrier shall
ensure that it can enable government access to call-identifying
information." This is the first time the U.S. government has
required by law that communications networks be designed to
facilitate electronic data surveillance. Telecommunications
firms, equipment manufacturers, and those who work in the hi-tech
industry face a legal obligation to design networks for electronic
monitoring.

REASON 60: The bill contains no provisions to protect the
confidentiality of telephone toll records.

Tens of thousands of telephone toll records are obtained each year
by subpoena. This process which allows the government to gather
private records from the telephone companies by simply signing a
statement effectively endruns the Fourth Amendment premise that a
judge must first decide if the search is reasonable. Experts on
wiretap law believe that stronger protections for telephone toll
records should be a top priority if the federal wiretap law is to be
amended. This issue is no where addressed in the legislation now
pending in Congress.

==================

What To Do: Fax Rep. Jack
Brooks (202-225-1584). Express your concerns about the FBI Wiretap
proposal.
============================
((100 Reasons is a project of the Electronic Privacy Information
Center (EPIC) in Washington, DC. For more information:
[email protected]))

------------------------------

Date: Thu, 13 Aug 1994 22:51:01 CDT
From: CuD Moderators <[email protected]>
Subject: File 6--Cu Digest Header Information (unchanged)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to [email protected] or [email protected]
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
In BELGIUM: Virtual Access BBS: +32.69.45.51.77 (ringdown)

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #6.83
************************************