Computer underground Digest Wed Oct 2, 1996 Volume 8 : Issue 70

Computer underground Digest Wed Oct 2, 1996 Volume 8 : Issue 70
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.70 (Wed, Oct 2, 1996)

File 1--Mitnick Pleads Innocent
File 2--ELEMENTS OF THE NEW CRYPTO PROPOSAL
File 3--White House crypto proposal -- too little, too late
File 4--White House Statement on Return of Clipper
File 5--Press Release in re Cleveland Crypto Challenge
File 6--Newsnybble: GPS privacy threat
File 7--Corrected URL for Crypt Newsletter Awards
File 8--Cu Digest Header Info (unchanged since 7 Apr, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Wed, 2 Oct 1996 06:55:18 -0400 (EDT)
From: Noah <[email protected]>
Subject: File 1--Mitnick Pleads Innocent

From -Noah

---------- Forwarded message ----------
Date--Tue, 1 Oct 1996 15:20:37 -0400 (EDT)
From--Anthony Williams <[email protected]>

Computer hacker Mitnick pleads innocent

September 30, 1996
Web posted at: 11:45 p.m. EDT

LOS ANGELES (AP) -- The notorious computer hacker Kevin Mitnick pleaded
innocent Monday to charges he mounted a multimillion-dollar crime wave
in cyberspace during 2 1/2 years as a fugitive.

Mitnick, 33, held without bail on a fraud conviction, told the judge
not to bother reading the indictment, which includes 25 new counts of
computer and wire fraud, possessing unlawful access devices, damaging
computers and intercepting electronic messages.

"Not guilty," Mitnick said. His indictment, handed up Friday by a
federal grand jury, follows an investigation by a national task force
of FBI, NASA and federal prosecutors with high-tech expertise.

It charges Mitnick with using stolen computer passwords, damaging
University of Southern California computers and stealing software
valued at millions of dollars from technology companies, including
Novell, Motorola, Nokia, Fujitsu and NEC.

...........

Mitnick pleaded guilty in April to a North Carolina fraud charge of
using 15 stolen phone numbers to dial into computer databases.
Prosecutors then dropped 22 other fraud charges but warned that new
charges could follow.

Mitnick also admitted violating probation for a 1988 conviction in Los
Angeles where he served a year in jail for breaking into computers at
Digital Equipment Corp. At 16, he served six months in a youth center
for stealing computer manuals from a Pacific Bell switching center.

Mitnick also got a new lawyer Monday, Donald C. Randolph, who
represented Charles Keating Jr.'s top aide, Judy J. Wischer, in the
Lincoln Savings swindle.

------------------------------

Date: Tue, 1 Oct 1996 02:02:48 -0400 (EDT)
From: Voters Telecommunications Watch <[email protected]>
Subject: File 2--ELEMENTS OF THE NEW CRYPTO PROPOSAL

VTW BillWatch #60

VTW BillWatch: A newsletter tracking US Federal legislation
affecting civil liberties. BillWatch is published about every
week as long as Congress is in session. (Congress is in session)

BillWatch is produced and published by the
Voters Telecommunications Watch ([email protected])

Issue #60, Date: Tue Oct 1 01:59:19 EDT 1996

Do not remove this banner. See distribution instructions at the end.
----------------------------------------------

ELEMENTS OF THE NEW CRYPTO PROPOSAL

Strap yourself in, friends. The White House is at it again.

On Thursday October 3, the White House will unveil it's long-dreaded
encryption proposal. The cause of some significant consternation among
Administration staffers, the proposal has been so long in coming that
Justice officials attending hearings last week on H.R. 3011 were visibly
annoyed at being left to twist in the wind.

Leaks abound right before a big announcement like this, but this time
everyone with a copy of the proposal has kept mum these last few days.
However the press has caught bits and pieces of it which we've collected
for you here. If you're an absolute crypto-media-hound, this may not be
news to you.

MOVE OF EXPORT APPROVALS FROM STATE TO COMMERCE, FBI VETO POWER
For years, companies have attempted to get their encryption products
through an easier, more lenient export process in the Department of
Commerce, instead of State. Approval in Commerce goes quickly, and
the hurdles are less formidable. Clearly, this should be a good thing.

However the deal that's been floating around for several weeks now is
that this move will not be this easy. The Department of Justice,
(or as Brock Meeks translates, the FBI) wants a seat at the table. In
effect, they want veto power over export applications. The assumption
is that they feel they can influence the domestic encryption market to
integrate Clipper-style key escrow technology by simply refusing the
export of any strong encryption products that might have previously been
approved in State.

This is bad news for companies that have no customer base demanding
government-friendly key escrow products.

KEY LENGTH RAISED TO 56 OR 64 BITS PROVIDED IT USES KEY ESCROW
This aspect of the proposal looks like old news, and to a certain extent,
it is. The Clipper II proposal suggested that the industry build hooks
into their products so that third parties could hold your keys for you.
Of course, that third party cannot be yourself, or anyone you would think
of when you think of entities you trust.

Thursday's proposal is likely to look a lot like Clipper II, and it will
likely cite the new IBM offering, SuperCrypto, as an example of products
that employ key escrow to allow export of products that use higher length
keys. What isn't certain is the extent to which key lengths will be raised.
There have been several conflicting rumors, some of them claiming 56 bits,
others claiming 64 bits.

More important than the question of key length will be the determination of
which companies are allowed to hold their own keys. This author predicts
that the only entities that will be allowed to hold keys will be: a gov't
agency (such as NIST), the maker of the encryption product itself, or
large companies that have the significant resources to run a key recovery
center. In all cases, the key recovery centers will still need to be
seperate entities that will dole out keys to law enforcement without the
knowledge of the key's owner.

In other words, you as an individual or small business are still out of luck.

PROBABLY NOT IN PLAN: KEY LENGTH RAISED TO 56 BITS WITHOUT KEY ESCROW
It has long been rumored that the avalanche of proof provided by the industry
experts would eventually force the Administration to raise the key length
for which unescrowed encryption products could be exported. Currently,
this limit is 40 bits, but several rumors floated and died within the
last few weeks suggesting that the Administration would be raising the
key length. It now looks like those were indeed just rumors.

SUMMARY
Most of these measures, if not all of them, can be implemented
administratively removing the need for Congress to get involved. However
Congress has already staked out its turf on this issue, and isn't likely
to cede that any time soon. Keep an eye out for the reactions from sponsors
of S.1726 (Pro-CODE) and HR 3011 on the feasibility White House proposal.

------------------------------

Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
From: Declan McCullagh <[email protected]>
Subject: File 3--White House crypto proposal -- too little, too late

I just got back from the White House, where Gore's office held a
roundtable plugging the administration's long-awaited and already
widely-derided Return of Clipper proposal.

Gore announced that jurisdiction over crypto exports would move to the
Commerce Dept; that the export embargo on 56-bit DES would be lifted
in part for two years only; that to be approved for export firms must
submit a detailed proposal describing how they will move towards key
escrow; that the new regulations would go into effect on January 1.

The true problem with this plan is that 56-bit DES is woefully
inadequate. But much of the media coverage I've read of the plan
doesn't even mention that. Take Elizabeth Corcoran's article, which
ran above the fold on the front page in today's Washington Post. (It's
what almost certainly prompted Gore's office to move the announcement
to today rather than hold it later this week.)

The thrust of the article is that the administration's new proposal
balances the needs of privacy, business, and law enforcement. But it
doesn't. The Feds, foreign governments, and determined attackers can
crack anything encrypted with 56-bit DES -- the strongest crypto that
can be exported under the plan. This vital fact appears nowhere in the
Post article.

That's why Bruce Schneier, author of Applied Cryptography, recommends
against using DES in favor of a more secure algorithm. According to
Schneier: "A brute-force DES-cracking machine [designed by Michael
Wiener] that can find a key in an average of 3.5 hours cost only $1
million in 1993."

More recently, in January 1996 an ad hoc group of renowned
cryptographers including Matt Blaze, Whitfield Diffie, Ronald Rivest
and Schneier, released a report going even further. They said: "To
provide adequate protection against the most serious threats -
well-funded commercial enterprises or government intelligence agencies
- keys used to protect data today should be at least 75 bits long. To
protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long."

What's even more disturbing is what the administration might do
next. After the roundtable broke up, I chatted with Michael Vadis, one
of the assistant deputy attorneys general who oversees national
security issues. He said an international consensus is forming that
terrorists can use crypto; therefore crypto must be controlled. The
U.S. is certainly pushing this line at the OECD talks.

"But it just takes one country to decide to export strong crypto," I said.

"You're missing something," said Vadis.

"What?" I asked. "Unless you're talking about import restrictions."

"Exactly," he said.

-Declan

*******

Some background:

Linkname: Brock Meeks on White House plan -- 6 Sep 96
Filename: http://www.muckraker.com/muckraker/96/36/index4a.html

********

http://www.washingtonpost.com/wp-srv/WPlate/1996-10/01/041L-100196-idx.html

U.S. TO EASE ENCRYPTION RESTRICTIONS

Privacy Advocates Wary of Proposal For Software Exports

By Elizabeth Corcoran
Washington Post Staff Writer
Tuesday, October 1 1996; Page A01
The Washington Post

The Clinton administration is cutting off an emotional four-year-old
debate with the computer industry over the export of
information-scrambling technology with a plan that it says will help
U.S. companies boost sales overseas and still allow law enforcement
agencies to unscramble messages, officials said yesterday.

President Clinton has decided to sign an executive order that changes
the rules restricting the overseas sale of the technology, the
officials said. Although the full details of the plan had yet to be
revealed, privacy advocates and some industry executives contended
that it would be difficult to put into practice.

Under current rules, companies can sell only relatively easy-to-crack
scrambling technology. Under the plan, they would get permission to
export somewhat more sophisticated versions of the software and
hardware, which prevents eavesdroppers from looking at information.

The issue has caused enormous friction between the government and
computer industry and privacy groups, which contend that keeping any
restrictions in place will harm the protection of personal information
everywhere and slow the development of on-line commerce, which relies
on keeping credit card numbers and other sensitive information secure.

The administration counters that it has come a long way in meeting
such objections. However, last night some companies and privacy
advocates were still worried that the constraints will leave U.S.
companies at a disadvantage abroad and will not ensure that
individuals will be able to protect their communications.

The government's plan preserves what has been its unnegotiable
cornerstone since the debate began in the early day of the Clinton
administration -- that law enforcement officials must have the means
for peeking at encrypted information when they are properly equipped
with court authorization.

Earlier versions of the plan tightly limited what kinds of technology
could be sold abroad. They also called for makers of encryption
technology to deposit "keys" with approved third parties so that law
enforcement authorities could decode material. The new plan doesn't
specify who would have the keys.

Last night, several companies, led by International Business Machines
Corp., said they have a technical plan that they believe could comply
with the new rules on keys.

[...]

Industry officials say they ultimately want to be able to use the most
sophisticated encryption technology available. "It's really critical
to doing business around the world," said an IBM source. "But
governments exist. It's a balancing act . . . to satisfy the needs of
the governments and make sure that markets and individuals trust the
integrity of what's being sent over the networks."

------------------------------

Date: Tue, 1 Oct 1996 20:23:46 -0700 (PDT)
From: Declan McCullagh <[email protected]>
Subject: File 4--White House Statement on Return of Clipper

[Also at http://www.epic.org/crypto/key_escrow/clipper4_statement.html
-Declan]

THE WHITE HOUSE
Office of the Vice President

FOR IMMEDIATE RELEASE
CONTACT: 456-7035
TUESDAY, October 1, 1996

STATEMENT OF THE VICE PRESIDENT

President Clinton and I are committed to promoting the growth of
electronic commerce and robust, secure communications worldwide
while protecting the public safety and national security. To that
end, this Administration is consulting with Congress, the
information technology industry, state and local law enforcement
officials, and foreign governments on a major initiative to
liberalize export controls for commercial encryption products.

The Administration's initiative will make it easier for Americans
to use stronger encryption products -- whether at home or abroad
-- to protect their privacy, intellectual property and other
valuable information. It will support the growth of electronic
commerce, increase the security of the global information, and
sustain the economic competitiveness of U.S. encryption product
manufacturers during the transition to a key management
infrastructure.

Under this initiative, the export of 56-bit key length encryption
products will be permitted under a general license after one-time
review, and contingent upon industry commitments to build and
market future products that support key recovery. This policy
will apply to hardware and software products. The relaxation of
controls will last up to two years.

The Administration's initiative recognizes that an industry-led
technology strategy will expedite market acceptance of key
recovery, and that the ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would
make commitments to develop and sell products that support the key
recovery system that I announced in July. That vision presumes
that a trusted party (in some cases internal to the user's
organization) would recover the user's confidentiality key for the
user or for law enforcement officials acting under proper
authority. Access to keys would be provided in accordance with
destination country policies and bilateral understandings. No key
length limits or algorithm restrictions will apply to exported key
recovery products.

Domestic use of key recovery will be voluntary, and any American
will remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader
encryption policy initiative designed to promote electronic
information security and public safety. For export control
purposes, commercial encryption products will no longer be treated
as munitions. After consultation with Congress, jurisdiction for
commercial encryption controls will be transferred from the State
Department to the Commerce Department. The Administration also
will seek legislation to facilitate commercial key recovery,
including providing penalties for improper release of keys, and
protecting key recovery agents against liability when they
properly release a key.

As I announced in July, the Administration will continue to expand
the purchase of key recovery products for U.S. government use,
promote key recovery arrangements in bilateral and multilateral
discussions, develop federal cryptographic and key recovery
standards, and stimulate the development of innovative key
recovery products and services.

Under the relaxation, six-month general export licenses will be
issued after one-time review, contingent on commitments from
exporters to explicit benchmarks and milestones for developing and
incorporating key recovery features into their products and
services, and for building the supporting infrastructure
internationally. Initial approval will be contingent on firms
providing a plan for implementing key recovery. The plan will
explain in detail the steps the applicant will take to develop,
produce, distribute, and/or market encryption products with key
recovery features. The specific commitments will depend on the
applicant's line of business.

The government will renew the licenses for additional six-month
periods if milestones are met. Two years from now, the export of
56-bit products that do not support key recovery will no longer be
permitted. Currently exportable 40-bit mass market software
products will continue to be exportable. We will continue to
support financial institutions in their efforts to assure the
recovery of encrypted financial information. Longer key lengths
will continue to be approved for products dedicated to the support
of financial applications.

The Administration will use a formal mechanism to provide
industry, users, state and local law enforcement, and other
private sector representatives with the opportunity to advise on
the future of key recovery. Topics will include:

evaluating the developing global key recovery architecture
assessing lessons-learned from key recovery implementation
advising on technical confidence issues vis-a-vis access to and
release of keys addressing interoperability and standards issues
identifying other technical, policy, and program issues for
governmental action.

The Administration's initiative is broadly consistent with the
recent recommendations of the National Research Council. It also
addresses many of the objectives of pending Congressional
legislation.

------------------------------

Date: Mon, 30 Sep 1996 19:22:52 -0400
From: "Peter D. Junger" <[email protected]>
Subject: File 5--Press Release in re Cleveland Crypto Challenge

Press Release

Plaintiff Seeks Summary Judgment in Cleveland Case Challenging
Licensing of ``Exports'' of Cryptographic Information

Government Argues That Law Professor Cannot Challenge Regulation
Requiring Him to Get Permission Before Teaching and Publishing
Because He Did Not Apply for That Permission

Oral Argument in Junger v. Christopher Set for Wednesday, November 20

Cleveland, Ohio, Tuesday, October 1, 1996
For Immediate Release

For More Information Contact:

Raymond Vasvari (216) 522-1925
Gino Scarselli (216) 291-8601

Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/

Cleveland, Ohio, Oct. 1 -- Lawyers for Professor Peter D. Junger today
filed a brief and a motion for summary judgment in Junger v.
Christopher, the case challenging the licensing of the communication of
``cryptograhic software'' that is pending before Judge Donald C. Nugent
in the Federal District Court here.

Junger seeks an injunction against the enforcement of provisions of
the International Traffic in Arms Regulations that require him to get
the permission of the State Department's Office of Defense Trade
Controls (the "ODTC") before he can communicate information about
cryptographic software to foreign persons, ``whether in the United
States or abroad.'' The penalty for failing to get such permission
before disclosing the information can be as great as a fine of one
million dollars and imprisonment for ten years. These provisions
effectively prevent Junger from admitting foreign students to the
course that he teaches about Computers and the Law at Case Western
Reserve Law School in Cleveland, Ohio, and keep him from publishing
his course materials and articles containing cryptographic software,
or explaining what it does, how and where to get it, and how to use
it.

The challenged licensing scheme threatens the long-run viability of
the United States software industry and, according to a blue-ribbon
panel of the National Research Council, already costs that industry at
least ``a few hundred million dollars per year ..., and all
indications are that this figure will only grow in the future.'' The
regulations have been extensively criticized by industry and bills to
repeal or limit them are now pending in Congress.

Junger's legal challenge is not based, however, on the economic damage
that the ITAR's cryptographic licensing scheme imposes on the software
industry and the nation's economy, but rather on the unconstitutional
restraints that it imposes on anyone who wants to speak or write
publically about any computer program that has, in the words of the
ITAR, the ``capability of maintaining secrecy or confidentiality of
information or information systems.'' Junger does not challenge the
constitutionality of requiring one to get a license before exporting a
physical cryptographic device: ``It isn't unconstitutional for the
Office of Defense Trade Controls to damage the computer industry and
our economy by requiring export licenses for cryptographic hardware,
but information about cryptographic software is, as the National
Research Council has pointed out, `pure knowledge that can be
transported over national borders inside the heads of people or via
letter.' Requiring the permission of the government before one can
communicate knowledge is unconstitutional. Such a prior restraint is,
in fact, the paradigmatic example of a violation of the First
Amendment.''

THE GOVERNMENT ARGUES THAT PLAINTIFF MUST APPLY FOR PERMISSION
TO SPEAK BEFORE HE CAN CHALLENGE THE REQUIREMENT
THAT HE APPLY FOR SUCH PERMISSION

In motions and briefs submitted August 21st, the government has asked
the court to dismiss the lawsuit, or in the alternative, to grant the
government judgment prior to trial.

The government makes the initial argument that Junger lacks standing
to claim that the provisions of the ITAR requiring him to get a formal
license or other permission from the ODTC before he publically
communicates information about cryptographic software, including the
contents of the software itself, are unconstitutional. And it also
argues that that claim is neither ``ripe'' nor ``colorable'', because
Junger has not applied to the ODTC for such permission.

Junger takes the position that as a law teacher who venerates the
First Amendment it would be as improper for him to request the federal
censors for permission to speak and publish as it would be for him
openly violate the law. As he puts it: ``My duty is to challenge
these unconstitutional regulations, not to give in to them nor to
violate them in an act of civil disobedience.'' His lawyers point out
in their briefs that few propositions of constitutional law are better
established than the rule that a plaintiff does not have to submit to
an unconstitutional restraint on speech and on the press before
challenging it in court.

``Those arguments by the government are rather strange,'' says Gino
J. Scarselli, one of Junger's lawyers, ``they seem to be based on
their argument that cryptographic software is actually hardware
because it is functional.'' And then he adds, ``Of course, that
argument is also rather strange.''

THE GOVERNMENT ARGUES THAT SOME OF THE MATERIAL AT ISSUE
IS EXEMPT UNDER THE ITAR

The government also contends that some of the information at issue may
be exempt from the ITAR's licensing requirements as technical data
that is in the ``public domain'' because it is available to the public
through ``fundamental research in science and engineering'' or through
``sales at newsstands and bookstores.''

``That hardly is a defense,'' says Scarselli, ``since it is quite
clear that the government will not concede that all of the information
that Professor Junger wants to be able publish and discuss is in the
public domain. And to make matters worse, the only way that Professor
Junger can actually find out whether the government will treat
particular information as being exempt from the formal licensing
requirements is to apply to the ODTC for it calls a Commodity
Jurisdiction Determination, which in reality is just another form of
license.''

``It is not as if I am engaged in fundamental research in science and
engineering.'' Junger adds. ``What I want to publish and discuss has
to do with the political and legal issues that are raised by computer
technology, including, of course, cryptography.

``For just one example, since lawyers have a legal and ethical duty to
protect the confidences of their clients, I am convinced that lawyers
who use electronic mail or other computer technologies to communicate
with their clients, or to store information supplied by their clients,
are in some circumstances ethically, and perhaps even legally,
required to use cryptography to maintain the confidentiality of that
information. And yet I cannot publically explain to law students and
lawyers--and lawyers cannot publically explain to their clients--how
to obtain and use effective cryptographic software without first
getting the government's permission to disclose that information.
And, of course, if the cryptographic software really is effective,
then there is little or no chance that the government will permit its
disclosure.''

THE GOVERNMENT ARGUES THAT CRYPTOGRAPHIC SOFTWARE
IS NOT PROTECTED BY THE FIRST AMENDMENT
BECAUSE IT IS FUNCTIONAL

There is no law in the United States that forbids or regulates the use
of cryptography. Yet the government argues that the information in
texts containing cryptographic software, including recipes for
creating such software, can be used in a computer to preserve secrecy
and confidentiality, and concludes that cryptographic software is
``conduct'' and ``functional'' and is thus not a text that is
constitutionally protected as speech.

Junger's lawyers, on the other hand, say that his claims do not relate
to the conduct of running a cryptographic program on a
computer--conduct that is not regulated by the ITAR, after all--and
that he only challenges the restraints that the ITAR impose on the
communication of information about how to carry on such legal conduct.

``Expressive conduct is exactly what is protected by the First
Amendment,'' says Raymond Vasvari, another of Junger's lawyers. ``And
if that expression were not functional, if it were not effective,
there would be no need to protect it. The government's argument turns
two hundred years of First Amendment jurisprudence on its head.''

``The government's arguments about software being conduct and
functional are striking examples of the sort of confusion that
pervades the whole area of Computers and the Law,'' Junger says.
``Trying to clear up such confusion is my major goal in my course in
Computers and the Law. In fact, when I started teaching that course
in 1993, I wrote some cryptographic software to assist my students in
grasping the distinction between software as a text that can be
communicated, and that is protected by copyright law and the First
Amendment, and software as a process that runs in a computer's central
processor that can be protected by patents, but not by copyrights. If
it weren't so frustrating, it would almost be funny that I cannot
publish that software because of the prior restraints imposed by the
defendants' interpretation of the ITAR, even though it is perfectly
legal for me, or for any one else, including `foreign persons,' to
actually run such software on a computer. The government's confusion
is so extensive that an agent of the ODTC has actually told me that
software, cryptographic software, is actually hardware.''

``It is quite clear to me,'' Junger adds, ``that the State Department
and the National Security Agency and other elements in the executive
branch of the government are attempting to restrain the communication
of information about cryptographic software not only abroad, but also
within the United States, because they do not want us actually to be
able to use cryptography to preserve the privacy of our thoughts and
our communications. It is as if the government required one to get a
license before explaining how to make or use an envelope, even though
it did not forbid the use of envelopes themselves. After all, all
that cryptographic software is is a way of making electronic
envelopes.''

ORAL ARGUMENT SCHEDULED

Junger v. Christopher has been placed on a fast track by Judge Nugent.
On September 5 he established a briefing schedule: the plaintiff's
brief was due and was filed today and the government's response is due
on Friday, October 18.

Oral argument is scheduled for Wednesday, November 20.

Judge Nugent's decision is expected before the first of the year.

BACKGROUND ON THE LITIGATION

Litigation is expensive. Professor Junger and his volunteer lawyers
were only able to bring the suit because of a generous gift by an
anonymous donor of $5,000 that was used to create the ITAR Legal
Attack Fund. Additional donations by Professor Junger and others have
increased that fund to more than seven thousand dollars.

Scarselli and Vasvari are lawyers in private practice in Cleveland who
have dedicated much of their professional lives to the protection of
First Amendment freedoms. The third lawyer on the team is Kevin
O'Neill, a law professor at Cleveland State University and the former
legal director of the Ohio Chapter of the American Civil Liberties
Union.

--30--

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet: [email protected] [email protected]
URL: http://samsara.law.cwru.edu

------------------------------

Date: Tue, 1 Oct 1996 13:04:42 -0700 (PDT)
From: Stanton McCandlish <[email protected]>
Subject: File 6--Newsnybble: GPS privacy threat

Excerpt from Innovation (business-oriented version of Edupage):

MORE USES FOR GPS TECHNOLOGY
Global positioning satellite technology is finding its way into new
products that are smarter and more functional than their previous
"dumb" counterparts, says the founder of Sirf Technology, which
designs tiny GPS chipsets that can go almost anywhere. For
instance, by teaming up low-cost GPS with a wireless link, "you
could have a watch with a personal tracking system. And because GPS
satellites have atomic clocks, these would be very accurate watches.
Also you would never have to set it for time zones, because it
automatically knows where you are. A GPS device could be provided
to visitors at theme parks... to guide them through the park and
include information about the rides. And there's no reason why a
portable computer can't become a locating device. You could just
add the GPS capability as a PCMCIA card or include it on the
motherboard. Then you could location-lock your PC. If it's moved
from a certain location, it will not work." (Interview with Kanwar
Chadha, Investor's Business Daily 26 Sep 96 A8)

[The privacy risks here should be immediately apparent, esp. given
the FBI's recent attempt to turn all cell phones into surveillance
devices.]

------------------------------

Date: 02 Oct 96 15:40:58 EDT
From: "George C. Smith" <[email protected]>
Subject: File 7--Corrected URL for Crypt Newsletter Awards

((MODERATORS' NOTE: In the last issue, the URL for information
on Crypt's "virus hype" contest. Here is the updated announcement
with the corrected URL))

==============================================================

Crypt Newsletter and Computer Virus Myths guru Rob Rosenberger
have put their heads together to comb the media for
computer virus stories that have contributed the most to
computer virus misinformation and confusion in 1996. Once they've
been compiled, we'll put them on display along with analyses of their
impact and faults and throw the nominees open to Netizens for their
votes on which are the best, or worst, depending on your point
of view.

Rob has puckishly named the contest the 1996 John McAfee Awards
after the 1992 watershed event of Michelangelo hype that catapulted
the anti-virus software developer to fame and fortune -- his
former company to a dominant position in the anti-virus industry.

But we want this to be an exercise in extending computer literacy
and to that end we intend to give away some prizes -- namely books!
Here's where you -- authors, publishers, the pure of heart and
philanthropic -- come in. Contribute one book on computer security,
computer viruses or reality and culture in cyberspace and we'll be
forever in your debt. You'll get publicity when we mention your
philanthropy and book during the nominations, voting and awards
ceremony. Plus you'll have the satisfaction of knowing your book
is going to be placed directly into the hands of someone in the media
who needs it the most!

To contribute a book, contact me or Rob Rosenberger.

George Smith: [email protected]
Rob Rosenberger: [email protected]

In late October we'll publicize the nominees and the prizes so the
voting can begin. Watch this space for further details.

Computer Virus Myths
http://www.kumite.com/myths
Crypt Newsletter
http://www.soci.niu.edu/~crypt

Postscript: Already in the prize pot are "Bandits on the Information
Superhighway" by Dan Barrett, "Masters of Deception: The Gang That
Ruled Cyberspace" by Michelle Slatalla & Joshua Quittner and
"The NCSA Guide to PC and LAN Security" by Stephen Cobb. Profuse
thanks to the parties involved.

------------------------------

Date: Thu, 21 Mar 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 8--Cu Digest Header Info (unchanged since 7 Apr, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.70
************************************