Computer underground Digest Sun Aug 10, 1997 Volume 9 : Issue 61

Computer underground Digest Sun Aug 10, 1997 Volume 9 : Issue 61
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.61 (Sun, Aug 10, 1997)

File 1--CuD took a Break while Weber went down for Maintenance
File 2--Samsung's Cease And Desist Flaming (fwd)
File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column
File 4--Re: The irony of the Tin Drum
File 5--Computers and the Law IV Symposium
File 6--Hacking Considered Constructive
File 7--Letter to AOL on "proposed censorship summit with rad-right"
File 8--Review - "A Gift of Fire" by Baase
File 9--Janet Reno's comments on Encryption
File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt)
File 11--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sat, 09 Aug 97 16:32 CDT
From: Cu Digest <[email protected]>
Subject: File 1--CuD took a Break while Weber went down for Maintenance

CuD took a week off while the server at weber.ucsd.edu
took some time for maintenance.

If you tried to unsub, sub, or otherwise contact the mailing
list server, your post likely bounced. Wait another day or two
and try again.
If you can't live without CuD, you can always visit the
archives at: http://www.soci.niu.edu/~cudigest

------------------------------

Date: Fri, 8 Aug 1997 17:11:44 -0400 (EDT)
From: Charles Platt <[email protected]>
Subject: File 2--Samsung's Cease And Desist Flaming (fwd)

((MODERATORS' NOTE: The following note, alleged to be from
Samsung, was send to numerous people on the Net. However,
the letter is a HOAX. Voice mail at the KHS&K law offices
indicate that they are attempting to track down the source
for prosecution.

Platt is the author of ANARCHY ONLINE, which some reviewers
have described as one of the best books every on the "Computer
Underground." Ask your library to order a copy)).

-------

I received the following email today. Note that the attorney has no
evidence (is accusing me of something based entirely on hearsay) and has
an understanding of the law that is sketchy at best. As it is, I've never
sent email to Samsung and have not received email from them, either.

--C

---------- Forwarded message ----------
Date--Fri, 08 Aug 97 12:11:32 EST
[email protected]
[email protected]
Subject--Cease And Desist Flaming

On behalf of our client, Samsung America Inc., ("Samsung")
we hereby request that you cease and desist all
inflammatory internet hacking, telephone hacking, flaming,
jamming, and other illegal activities.

If you have responded aversely to a recent bulk email
message from our client, Samsung America, Inc., or from any
of its subsidiary companies, then you may be one of the
people who has performed fraudulent and actionable
transgressions, thereby causing severe harm to our client.

Your email name was provided as being suspected of
connection to various acts of internet terrorism. Your acts
are illegal.

Several messages have suggested that Samsung and/or its
subsidiaries, including but not limited to Sailahead Global
Emporium, www.sailahead.com, and Samsung Electronics,
www.sosimple.com, violated US Federal Laws through
activities commonly called "spamming." This allegation is
unfounded in the law, as spamming is a protected activity
under the laws of free speech.

Our client has asked us to inform you that all of your
future correspondences should be directed to their counsel:

Russell L. Allyn, Attorney at Law
California Sate Bar Number (SBN) 143531
Katz, Hoyt, Seigel & Kapor LLP
Los Angeles, CA
[email protected]
310-473-1300
310-473-7138 (fax)

All incidents of internet terrorism will be prosecuted
where possible, and reported to appropriate law enforcement
authorities as warranted.

Please consider this as your notice to cease all attempts
to harm multi-national corporations who conduct legitimate
commerce on the internet.

Russell L. Allyn, Attorney at Law

------------------------------

Date: Sunday, June 1, 1997
From: [email protected](Jim Thomas)
Subject: File 3--"Vonnegut Speech" a Hoax - It was a Mary Schmich column

((MODERATORS' COMMENT: About a week ago, we began receiving posts
purporting to be a commencement speech at MIT by novelist Kurt
Vonnegut. The material WAS NOT written by Vonnegut. The material
originally appeared in Mary Schmich's 1 June column in the
Chicago Tribune. Probably like others, we continue to receive
one or two of the hoax-posts each day.

Some people either remain clueless about the hoax,
or--worse--believe that "Mary Schmich" is a character from a new
Vonnegut novel. There's no doubt that Mary Schmich is a
character (she does, after all, also write the story lines for
Brenda Starr), but she is real. Those of us in the Chicago area
(who read the Tribune) also appreciate her as an exceptionally
gifted writer with wit, incisive insights, and warmth. (In fact,
she another Tribune columnist, Eric Zorn, easily rank among the
best newspaper columnists in the U.S.).

Because the "hoax" just won't die, and because there seems to
be an astonishing number of folks who doubt the existence of
"Mary Schmich" or her authorship of her column, we are taking the
liberty of reproducing the original as it appeared on 1 June
in the Tribune's America Online version (identical to the
hardcopy version).

For those wondering how "Schmich" is pronounced, it
rhymes with "speak."

===================

Copyright CHICAGO TRIBUNE

ADVICE, LIKE YOUTH, PROBABLY JUST WASTED ON THE YOUNG

Inside every adult lurks a graduation speaker dying to get out, some
world-weary pundit eager to pontificate on life to young people who'd rather
be Rollerblading. Most of us, alas, will never be invited to sow our words of
wisdom among an audience of caps and gowns, but there's no reason we can't
entertain ourselves by composing a Guide to Life for Graduates.
I encourage anyone over 26 to try this and thank you for indulging my
attempt.
Ladies and gentlemen of the class of '97:
Wear sunscreen.
If I could offer you only one tip for the future, sunscreen would be it.
The long-term benefits of sunscreen have been proved by scientists, whereas
the rest of my advice has no basis more reliable than my own meandering
experience. I will dispense this advice now.
Enjoy the power and beauty of your youth. Oh, never mind. You will not
understand the power and beauty of your youth until they've faded. But trust
me, in 20 years, you'll look back at photos of yourself and recall in a way
you can't grasp now how much possibility lay before you and how fabulous you
really looked. You are not as fat as you imagine.
Don't worry about the future. Or worry, but know that worrying is as
effective as trying to solve an algebra equation by chewing bubble gum. The
real troubles in your life are apt to be things that never crossed your
worried mind, the kind that blindside you at 4 p.m. on some idle Tuesday.
Do one thing every day that scares you.
Sing.
Don't be reckless with other people's hearts. Don't put up with people who
are reckless with yours.
Floss.
Don't waste your time on jealousy. Sometimes you're ahead, sometimes
you're behind. The race is long and, in the end, it's only with yourself.
Remember compliments you receive. Forget the insults. If you succeed in
doing this, tell me how.
Keep your old love letters. Throw away your old bank statements.
Stretch.
Don't feel guilty if you don't know what you want to do with your life.
The most interesting people I know didn't know at 22 what they wanted to do
with their lives. Some of the most interesting 40-year-olds I know still
don't.
Get plenty of calcium. Be kind to your knees. You'll miss them when
they're gone.
Maybe you'll marry, maybe you won't. Maybe you'll have children, maybe you
won't. Maybe you'll divorce at 40, maybe you'll dance the funky chicken on
your 75th wedding anniversary. Whatever you do, don't congratulate yourself
too much, or berate yourself either. Your choices are half chance. So are
everybody else's.
Enjoy your body. Use it every way you can. Don't be afraid of it or of
what other people think of it. It's the greatest instrument you'll ever own.
Dance, even if you have nowhere to do it but your living room.
Read the directions, even if you don't follow them.
Do not read beauty magazines. They will only make you feel ugly.
Get to know your parents. You never know when they'll be gone for good. Be
nice to your siblings. They're your best link to your past and the people
most likely to stick with you in the future.
Understand that friends come and go, but with a precious few you should
hold on. Work hard to bridge the gaps in geography and lifestyle, because the
older you get, the more you need the people who knew you when you were young.
Live in New York City once, but leave before it makes you hard. Live in
Northern California once, but leave before it makes you soft. Travel.
Accept certain inalienable truths: Prices will rise. Politicians will
philander. You, too, will get old. And when you do, you'll fantasize that
when you were young, prices were reasonable, politicians were noble and
children respected their elders.
Respect your elders.
Don't expect anyone else to support you. Maybe you have a trust fund.
Maybe you'll have a wealthy spouse. But you never know when either one might
run out.
Don't mess too much with your hair or by the time you're 40 it will look
85.
Be careful whose advice you buy, but be patient with those who supply it.
Advice is a form of nostalgia. Dispensing it is a way of fishing the past
from the disposal, wiping it off, painting over the ugly parts and recycling
it for more than it's worth.

------------------------------

Date: Fri, 8 Aug 1997 14:42:47 -0500
From: Marc Rotenberg <[email protected]>
Subject: File 4--Re: The irony of the Tin Drum

Because of the battle over the Tin Drum in Oklahoma
City, we decided last month to offer the book for
sale at the EPIC bookstore. Details below.

Marc Rotenberg.

<snip>

=======================================================================
[7] New at the EPIC Bookstore
=======================================================================

The EPIC Bookstore includes a wide range of books on privacy,
cryptography and free speech that can be ordered online. Many of the
books are available at up to 40 percent off list price.

New titles include:

"Protect Your Privacy on the Internet" by Bryan Pfaffenberger

"Digital Cash" by Peter Wayner

"Contested Commodities" by Margaret Jane Radin

Other popular titles:

"The Right to Privacy" by Ellen Alderman & Caroline Kennedy

"Who Knows: Safeguarding Your Privacy in a Networked World"
by Ann Cavoukian & Don Tapscott

"Applied Cryptography, 2nd Edition" by Bruce Schneier

We are also now featuring _The Tin Drum_ by Gunther Grass. The novel, a
bizarre but extraordinary diary of a young boy who refuses to grow up
during the rise and fall of Nazi Germany, is considered by some the
greatest German novel written since WWII. In 1979, the film version of
the Tin Drum received an Academy Award for Best Foreign Film. However,
in recent months, groups that oppose "pornography" have persuaded the
Oklahoma City Library to remove copies of the film from the public
library. For this reason, we are now making the book available at the
EPIC Bookstore.

Support the Freedom to Read.

Check out the EPIC Bookstore at:

http://www.epic.org/bookstore/

------------------------------

Date: Thu, 24 Jul 1997 15:46:28 -0500
From: ecavazos <[email protected]>
Subject: File 5--Computers and the Law IV Symposium

Computers & The Law IV Symposium
October 6-9, Boston

Computers & The Law IV is the only event to bring together corporate
decision-makers, computer professionals and legal experts to discuss
Internet
and Web technology in the eyes of the law. This conference provides a
forum and educational opportunities for all those interested in
keeping their system investment safe and within the law.
Topics will include:
* Corporate liablity on the Internet
* Internet risk management in the enterprise
* Hiring a SysAdmin you can trust
* Legal risks of Internet commerce
* Establishing a fair-use policy
* Prosecuting system intruders
* Communicating with your SysAdmin
* Understanding copyright law
* Assessing your exposure to hackers
* Employee privacy vs. owner rights
.. and much more!

FOR MORE INFORMATION CONTACT
The Sun User Group * 14 Harvard Ave, 2nd Floor * Allston, MA 02134
(617)787-2301 * [email protected] * http://www.sug.org/CL4

------------------------------

Date: Fri, 01 Aug 1997 14:40:09 +0200
From: Gisle Hannemyr <[email protected]>
Subject: File 6--Hacking Considered Constructive

I have just completed an essay: "Hacking Considered Constructive",
which I hope will be of interest to the readers of CU Digest.
The essay is accessible on the web:

http://home.sn.no/home/gisle/oks97.html

Comments from the readers of CU Digest will be most welcome.
My e-mail address is <[email protected]>.

===

Abstract
--------

The premise for the paper is that "hackers" as an identifiable
group of computer workers arose as a reaction to Taylorist
influences on system development which instigated the deliberate
destruction of programming as a craft. It then explores the rise
of the hacker community, and the explicit and implicit ideologies
expressed through hacking. Finally, by deconstructing computer
artifacts of origin both inside and outside the hacker community,
it attempts to contrast the two approaches to design, and to
infer the embedded properties of the resulting artifacts.

------------------------------

Date: Fri, 1 Aug 1997 07:16:14 -0700 (PDT)
From: Declan McCullagh <[email protected]>
Subject: File 7--Letter to AOL on "proposed censorship summit with rad-right"

Source - [email protected]

Date-- 97-07-31 11:43:06 EDT
From-- WildcatPrs
To-- Steve Case

Dear Steve Case,

As one of the plaintiffs in the ACLU/ALA case on the CDA, who saw
it through all the way to the Supreme Court, I am shocked and
dismayed that you would dignify the demands of the Christian
Coalition et al by sitting down with them in such a summit.

You know and I know that America Online will leave that
negotiating table having made major concessions on the subject of
Internet censorship -- not only for content on gay and lesbian
and AIDS, but also women's issues and many other subjects. The
religious right have a very long list of subjects that they would
like to censor out of U.S. libraries, schools and media...which
you will discover if you take the trouble to read BANNED BOOKS,
published each year by the ALA.

Get a clue, Mr. Case This battle over "content" is not really
about "child pornography." It is a thinly veiled disguise for
the radical right's efforts to impose its total belief and its
proposed penal system on the people of the United States. It
wants to have the United States be like the Colony of
Massachusetts before the Revolution. I suggest you read some
history, and ponder whether you would have liked living under the
religious dictatorship that ran the colony.

Between 1962 and 1972, I lived in Spain as a working journalist
for the Reader's Digest, working out of its office in Madrid, and
I saw in operation just the kind of right-wing censorship system
that the Christian Coalition et al would like to impose on this
country. Part of its success involved just the kind of
"self-censorship" that you are now proposing to slap on your own
company. You are no different than the Spanish book publishers
who sat down with the Catholic Church and agreed on what could be
published. As a result, Spanish culture languished. The
Spanish people reached the point where they had lots of jokes
about self-censorship and didn't take their own media or culture
seriously. It all came to an end in 1975, when Franco died, and
the Spanish people were so sick of church and censors that the
new government moved to end the hegemony of the Spanish Catholic
Church and put an end to censorship.

So shame on you for moving to introduce this kind of censorship
to the United States of America. I have been a loyal customer
of AOL since I got onto the Internet two years ago, and I will
take my business elsewhere if you go through with this summit.

Sincerely,
Patricia Nell Warren

Wildcat Press
8306 Wilshire Blvd. Box 8306
Beverly Hills, CA 90211
213/966-2466
213/966-2467 fax

------------------------------

Date: Thu, 24 Jul 1997 10:46:51 EST
From: "Rob Slade, doting grandpa of Ryan & Trevor"
Subject: File 8--Review - "A Gift of Fire" by Baase

BKGFTFIR.RVW 970222

"A Gift of Fire", Sara Baase, 1997, 0-13-458779-0
%A Sara Baase [email protected]
%C One Lake St., Upper Saddle River, NJ 07458
%D 1997
%G 0-13-458779-0
%I Prentice Hall
%O +1-201-236-7139 fax: +1-201-236-7131 [email protected]
%P 382
%T "A Gift of Fire: Social, Legal, and Ethical Issues in Computing"

I found this book very surprising. As a look at computer ethics,
it covers privacy, encryption, reliability, intellectual
property, crime, work, and social issues. Each chapter comes
with review exercises, general exercises, and assignments that
are reasonably well chosen and formulated. There are extensive
endnotes and references for further study.

There are, however, two major flaws.

One concerns the technical level of the material. Most of the
cases presented are not inaccurate, but they are often
oversimplified. A lack either of technical understanding or of
research seems evident in places. Internet-pornography-blocking
software is mentioned, but not the more disturbing addition of
political restrictions to that software. The initial use of
"hacker" as a positive term is mentioned--and then completely
ignored, as crackers, phreaks, and virus writers are all lumped
together as hackers. True, a discussion of computer ethics and
social issues does not always require a detailed understanding of
the technology, but a debate proceeding on the basis of a flawed
understanding is more likely to come to a flawed conclusion.

The other problem is that ethics are left completely out of the
picture until the final chapter of the book. This is extremely
odd, and suggests that the first ninety percent of the book will
be used in a "pooling of ignorance" exercise before any common
ground has been discussed.

With its breadth of topics (rather like a less thorough version
of "Computer Related Risks" [cf. BKCMRLRS.RVW]), it would make a
reasonable adjunct text for an ethics/social issues course. But
it is no replacement for Johnson's "Computer Ethics" [cf.
BKCMPETH.RVW].

copyright Robert M. Slade, 1997 BKGFTFIR.RVW 970222

======================
[email protected] [email protected] [email protected]
"The only thing necessary for the triumph of evil is for good men to do
nothing." - Edmund Burke http://www2.gdi.net/~padgett/trial.htm

------------------------------

Date: Sat, 9 Aug 1997 13:38:30 -0500
From: [email protected](Jim Thomas)
Subject: File 9--Janet Reno's comments on Encryption

((MODERATORS' NOTE: The following was provided by Mike Godwin
on the Well)).

--------

26 July 1997
Source: Hardcopy from Declan McCullagh http://www.netlynews.com

See parallel 21 July 1997 declassified transcript of congressional hearing
on encryption.

-----------------------------------------------------------

Office of the Attorney General

Washington, D.C. 20530

July 18, 1997

Dear Member of Congress:

Congress is considering a variety of legislative proposals
concerning encryption. Some of these proposals would, in effect,
make it impossible for the Federal Bureau of Investigation (FBI),
Drug Enforcement Administration (DEA), Secret Service, Customs
Service, Bureau of Alcohol, Tobacco and Firearms, and other
federal, state, and local law enforcement agencies to lawfully
gain access to criminal telephone conversations or electronically
stored evidence possessed by terrorists, child pornographers,
drug kingpins, spies and other criminals. Since the impact of
these proposals would seriously jeopardize public safety and
national security, we collectively urge you to support a
different, balanced approach that strongly supports commercial
and privacy interests but maintains our ability to investigate
and prosecute serious crimes.

We fully recognize that encryption is critical to
communications security and privacy, and that substantial
commercial interests are at stake. Perhaps in recognition of
these facts, all the bills being considered allow market forces
to shape the development of encryption products. We, too, place
substantial reliance on market forces to promote electronic
security and privacy, but believe that we cannot rely solely on
market forces to protect the public safety and national security.
Obviously, the government cannot abdicate its solemn
responsibility to protect public safety and national security.

Currently, of course, encryption is not widely used, and
most data is stored, and transmitted, in the clear. As we move
from a plaintext world to an encrypted one, we have a critical
choice to make: We can either (1) choose robust, unbreakable
encryption that protects commerce and privacy but gives criminals
a powerful new weapon, or (2) choose robust, unbreakable
encryption that protects commerce and privacy and gives law
enforcement the ability to protect public safety. The choice
should be obvious and it would be a mistake of historic
proportions to do nothing about the dangers to public safety
posed by encryption without adequate safeguards for law
enforcement.

Let there be no doubt: without encryption safeguards, all
Americans will be endangered. No one disputes this fact; not

-----------------------------------------------------------

industry, not encryption users, no one. We need to take
definitive actions to protect the safety of the public and
security of the nation. That is why law enforcement at all
levels of government -- including the Justice Department,
Treasury Department, the National Association of Attorneys
General, International Association of Chiefs of Police, the
Major City Chiefs, the National Sheriffs' Association, and the
National District Attorneys Association -- are so concerned about
this issue.

We all agree that without adequate legislation, law
enforcement in the United States will be severely limited in its
ability to combat the worst criminals and terrorists. Further,
law enforcement agrees that the widespread use of robust non-key
recovery encryption ultimately will devastate our ability to
fight crime and prevent terrorism.

Simply stated, technology is rapidly-developing to the point
where powerful encryption will become commonplace both for
routine telephone communications and for stored computer data.
Without legislation that accommodates public safety and national
security concerns, society's most dangerous criminal will be
able to communicate safely and electronically store data without
fear of discovery. Court orders to conduct electronic
surveillance and court-authorized search warrants will be
ineffectual, and the Fourth Amendment's carefully-struck balance
between ensuring privacy and protecting public safety well be
forever altered by technology. Technology should not dictate
public policy, and it should promote, rather than defeat, public
safety.

We are not suggesting the balance of the Fourth Amendment be
tipped toward law enforcement either. To the contrary, we only
seek the status quo, not the lessening of any legal standard or
the expansion of any law enforcement authority. The Fourth
Amendment protects the privacy and liberties of our citizens but
permits las enforcement to use tightly controlled investigative
techniques to obtain evidence of crimes. The result has been the
freest country in the world with the strongest economy.

Law enforcement has already confronted encryption in high-
profile espionage, terrorist, and criminal cases. For example:

* An international terrorist was plotting to blow up
11 U.S.-owned commercial airliners in the Far
East. His laptop computer, which was seized in
Manila, contained encrypted files concerning this
terrorist plot.

* A subject in a child pornography case used
encryption in transmitting obscene and
pornographic images of children over the Internet.

2

-----------------------------------------------------------

* A major international drug trafficking subject
recently used a telephone encryption device to
frustrate court-approved electronic surveillance.

And this is just the tip of the iceberg. Convicted spy Aldrich
Ames, for example, was told by the Russian Intelligence Service
to encrypt computer file information that was to be passed to
them.

Further, today's international drug trafficking
organizations are the most powerful, ruthless and affluent
criminal enterprises we have ever faced. We know from numerous
past investigations that they have utilized their virtually
unlimited wealth to purchase sophisticated electronic equipment
to facilitate their illegal activities. This has included state
of the art communication and encryption devices. They have used
this equipment as a part of their command and control process for
their international criminal operations. We believe you share
our concern that criminals will increasingly take advantage of
developing technology to further insulate their violent and
destructive activities.

Requests for cryptographic support pertaining to electronic
surveillance interceptions from FBI Field Offices and other law
enforcement agencies have steadily risen over the past several
years. There has been an increase in the number of instances
where the FBI's and DEA's court-authorized electronic efforts
were frustrated by the use of encryption that did not allow for
law enforcement access.

There have also been numerous other cases where law
enforcement, through the use of electronic surveillance, has not
only solved and successfully prosecuted serious crimes but has
also been able to prevent life-threatening criminal acts. For
example, terrorists in New York were plotting to bomb the united
Nations building, the Lincoln and Holland Tunnels, and 26 federal
Plaza as well as conduct assassinations of political figures.
Court-authorized electronic surveillance enable the FBI to
disrupt the plot as explosives were being mixed. Ultimately, the
evidence obtained was used to convict the conspirators. In
another example, electronic surveillance was used to stop and
then convict two men who intended to kidnap, molest, and kill a
child. In all these cases, the use of encryption might have
seriously jeopardized public safety and resulted in the loss of
life.

To preserve law enforcement's abilities, and to preserve the
balance so carefully established by the Constitution, we believe
any encryption legislation must accomplish three goals in
addition to promoting the widespread use of strong encryption.
It must establish:

3

----------------------------------------------------------

* A viable key management infrastructure that
promotes electronic commerce and enjoys the
confidence of encryption users.

* A key management infrastructure that supports a
key recovery scheme that will allow encryption
users access to their own data should the need
arise, and that will permit law enforcement to
obtain lawful access to the plain text of
encrypted communications and data.

* An enforcement mechanism that criminalizes both
improper use of encryption key recovery
information and the use of encryption for criminal
purposes.

Only one bill, S.909 (the McCain/Kerrey/Hollings bill),
comes close to meeting these core public safety, law enforcement,
and national security needs. The other bills being considered by
Congress, as currently written, risk great harm to our ability to
enforce the laws and protect our citizens. We look forward to
working to improve the McCain~Kerrey/Hollings bill.

In sum, while encryption is certainly a commercial interest
of great importance to the Nation, it is not solely a commercial
or business issue. Those of us charged with the protection of
public safety and national security, believe that the misuse of
encryption technology will become a matter of life and death in
many instances. That is why we urge you to adopt a balanced
approach that accomplishes the goals mentioned above. Only this
approach will allow police departments, attorneys general,
district attorneys, sheriffs, and federal authorities to continue
to use their most effective investigative techniques, with court
approval, to fight crime and espionage and prevent terrorism.

Sincerely yours,

[Signature]

Janet Reno
Attorney General

4

-------------------------------------------------------

[Signatures with each of the following]

Louis Freeh Barry McCaffrey
Director Director
Federal Bureau of Investigation Office of National Drug
Control Policy

Thomas A. Constantine Lewis C. Merletti
Director Director
Drug Enforcement Administration United States Secret Service

Raymond W. Kelly George J. Weise
Undersecretary for Enforcement Commissioner
U.S. Department of Treasury United States Customs Service

John W. Magaw
Director
Bureau of Alcohol, Tobacco
and Firearms

------------------------------

Date: Sat, 9 Aug 1997 16:38:41 -0500
From: [email protected](Jim Thomas)
Subject: File 10--Crime and Crypto: A Report Shaded Gray (Wired excerpt)

From Wired, at: http://www.wired.com/news/news/politics/story/5840.html

by Wired News Staff
Crime and Crypto: A Report Shaded Gray

5:02am 7.Aug.97.PDT The reports sound ominous:

In Italy, the Mafia is downloading PGP to help ward off
investigators.

In Colombia, the Cali cocaine cartel maintains encrypted personnel
files - complete with lists of relatives to be leaned on when
necessary - and has scrambled some of its telecommunications.

In Japan, the Aum Shinri Kyo cult kept RSA-encrypted plans for
launching a chemical and nuclear campaign of mass murder both at home
and in the United States.

A study by two authorities on the US encryption debate lists many more
incidents in which cops have faced down criminals armed with the
cryptographic means to hide what they're doing. But amid the
discussion of all that these developments imply, the doom scenario one
might be tempted to cut to in a report by government-friendly crypto
experts is remarkably missing.

Instead, the authors - Georgetown University computer scientist
Dorothy Denning and William Baugh, vice president of Science
Applications International Corp. and former assistant director of the
FBI - conclude that strict export controls and key-management systems
are unlikely to stop criminals.

"No approach to encryption will be foolproof. Whereas export controls
clearly have an impact on product lines, they do not keep unbreakable
encryption out of the hands of criminals entirely," says the report,
which Denning and Baugh developed over the past six months and began
circulating late this spring. It was published last week.

The report is part of a series by the National Strategy Information
Center's US Working Group on Organized Crime, a group that includes
academics, congressional staffers, and officials from the Defense
Department, FBI, Drug Enforcement Administration, and Federal Reserve.

Sifting through accounts of criminal cases involving encryption - some
from law officers or security professionals, some from academic or
government studies, some from journalists' accounts - Denning and
Baugh estimate the total number of criminal cases involving encryption
worldwide is at least 500, with an annual growth rate of 50 percent to
100 percent. But the report's collected anecdotes suggest that so far,
though, encrypted files have sometimes slowed investigations and made
them more expensive, and that law officers have found ways to crack
ciphers or used other evidence to complete prosecutions.

<snip>

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 11--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.61
************************************