Computer underground Digest Sun Jan 25, 1998 Volume 10 : Issue 06

Computer underground Digest Sun Jan 25, 1998 Volume 10 : Issue 06
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #10.06 (Sun, Jan 25, 1998)

File 1--Update on '96 student who "threatened" Calif Senator
File 2--Cyber-Liberties Update, January 17, 1998
File 3--Suit Filed in Navy/AOL Privacy Case; Discharge Delayed
File 4--AOL Targets Online Habits
File 5--AOL/Steve Case response to "Privacy" criticisms
File 6--Fwd: Virtual Intellectual Property newsletter
File 7--Re: Cu Digest, #10.04 - More on Microsoft
File 8--Calif Spam Bill Raises Commercial Speech, Commerce Concerns
File 9--press release from CYBERsitter on "suicide sites"
File 10--German Parliament Approves Bugging Bill
File 11--New Encryption Rules Could Relax Export Criminalization
File 12--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Tue, 20 Jan 1998 21:55:08 -0700
From: Jose Saavedra <[email protected]>
Subject: File 1--Update on '96 student who "threatened" Calif Senator

Dear Mr. Thomas

About 2 years ago in May of 1996, you posted a article about a student from
El Paso, TX being arrested for "threatening" a Senator from California. I
happen to be that student and let me give you an update of what happened.
In September of 1996, the real culprit came forward and said he was that
person who said those awful things about Sen. Leslie. He talked to my
lawyer at the time and my lawyer said that I took the blame and that person
got upset and called me foolish and immature. My charge was reduced down
to a Class A Misdemeanor and eventually was dropped. Now I am a very
successful student at University of Texas at El Paso majoring in Music
Education with a minor in Music Technology. I want to thank you because
that article did not say anything bad about me.

Sincerely,

Jose Saavedra
[email protected]

------------------------------

Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST)
From: [email protected]
Subject: File 2--Cyber-Liberties Update, January 17, 1998
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Navy Officer Discharged After AOL Disclosure of Private Information

The Navy announced that it will delay its plans to formally discharge a
highly decorated officer from service until January 21 for allegedly
violating the militarys "Dont ask, dont tell" policy by listing his
marital status as "gay" on an Internet user profile.

The announcement came after Senior Chief Petty Officer Timothy R.
McVeigh (no relation to the Okla. City bomber) filed suit against Naval
investigators Jan. 15 for obtaining confidential information about him
illegally from his Internet Service Provider, America Online (AOL).

The Electronic Communications Privacy Act, ("ECPA") prohibits online
service providers, such as AOL, from releasing subscriber information to
the government without a court order stating that the information is
pertinent to a criminal investigation or without the consent of the
subscriber. No such order or permission was obtained by the Navy in
this case.

"Neither the military nor AOL appear to have any respect for online
privacy rights manifested under federal law. It is sad to learn that the
government is violating the rights of the very people who pledge their
lives to defend our democratic liberties," ACLU Staff Attorney Ann
Beeson said.

The discharge hearings against McVeigh began after a Navy civilian
received a message from an AOL address and looked up the senders
profile. The profile identified the sender as a Navy officer named "Tim"
and listed his marital status as "gay." However, the profile did not
include the senders full name. The Navy civilian forwarded this
information to Naval investigators.

During the discharge hearing held against McVeigh last November, a Naval
Investigator testified that he spoke with an AOL representative to
obtain the full name of the account holder whose user profile was
obtained by the civilian. He was given the identification information
without a court order as mandated by law. The information from
McVeighs AOL profile is the only evidence that was presented by the
Navy to show that McVeigh violated the "Dont ask, Dont tell" policy.

AOL has denied any wrongdoing. AOL has a privacy policy that states
that personally identifiable information will remain strictly
confidential unless it receives express permission, an emergency order
or court order. The policy states:

Because protecting your privacy is very important to America
Online...[w]e will NOT disclose any Individual Information except in
limited circumstances..."

It is our policy not to disclose to third parties Member Identity
information that links a Members screen name(s) with a Members actual
name, unless required to do so by law or legal process served on AOL
Inc. (e.g., subpoena). AOL Inc. reserves the right to make exceptions to
this policy in exceptional circumstances (such as a bomb or suicide
threat, or instances of suspected illegal activity) on a case-by-case
basis and at AOL Inc's sole discretion.

AOL Inc. intends to abide by applicable laws governing the disclosure to
governmental entities of Members Individual Information and other
records. When responding to legal process served on AOL Inc. by
non-government entities, unless otherwise ordered, AOL Inc's current
policy is to make reasonable efforts to notify affected Member(s) in
advance of releasing the information in order to provide Member(s) an
opportunity to pursue any available legal protection.

"What this case highlights is just how easy it is to obtain and abuse
personal information and the need for Congress to enact strong privacy
legislation. The public also needs to be aware of how their personal
information can be given away without their knowledge or consent," the
ACLU said.

The ACLU recently launched a campaign called Take Back Your Data to
inform the public about data collection and abuses and plans to present
the Congress with a model bill to safeguard online privacy this
session.

Information about McVeighs case can be found online at:
<http://www.geocities.com/Pentagon/9241/INFO.HTML>

------------------------------

Date: Thu, 15 Jan 1998 15:10:06 -0500
From: Electronic Privacy Info Center <[email protected]>
Subject: File 3--Suit Filed in Navy/AOL Privacy Case; Discharge Delayed

ELECTRONIC PRIVACY INFORMATION CENTER
http://www.epic.org

P R E S S R E L E A S E

For Immediate Release Contact:
Thursday, January 15, 1998 David L. Sobel
EPIC Legal Counsel
(202) 544-9240

SAILOR SUES NAVY FOR ONLINE PRIVACY VIOLATION;
GOVERNMENT AGREES TO DELAY PENDING DISCHARGE

Washington, DC -- A highly decorated Navy Senior Chief Petty
Officer today filed suit challenging a pending discharge based
upon information the Navy illegally obtained from America Online.
The lawsuit, filed in U.S. District Court in Washington, charges
that Naval investigators violated the federal Electronic
Communications Privacy Act (ECPA) when they requested and
received confidential subscriber information from AOL, the
nation's largest online service.

In response to the lawsuit, Government attorneys have agreed
to delay the pending discharge until next Wednesday, January 21,
to allow time for judicial consideration of McVeigh's claims.

Navy officials had ordered the discharge of the sailor,
Timothy R. McVeigh (no relation to the convicted Oklahoma City
bomber), effective tomorrow morning (Eastern time) on the ground
that McVeigh violated the military's "Don't Ask, Don't Tell"
policy on homosexuality. The Navy's proposed action is based
entirely upon information obtained from AOL linking the sailor to
a "screen name" on the system in which the user's marital status
was listed as "gay."

The information was received from AOL in clear violation of
ECPA, which prohibits the government from obtaining "information
pertaining to a subscriber" without a court order or subpoena.
In addition to the privacy protections contained in ECPA, AOL's
contractual "Terms of Service" prohibit the company from
disclosing such information to *any* third party "unless
required to do so by law or legal process."

According to EPIC Legal Counsel David L. Sobel, McVeigh's
lawsuit is the first case to challenge governmental access to
sensitive subscriber information maintained by an online service.
"This case is an important test of federal privacy law," Sobel
said. "It will determine whether government agents can violate
the law with impunity, or whether they will be held accountable
for illegal conduct in cyberspace." He noted that the incident
also raises serious questions concerning the adequacy of
contractual privacy protections like those contained in the AOL
subscriber agreement.

In a letter sent to Navy Secretary John Dalton yesterday,
the Electronic Privacy Information Center urged a postponement
of McVeigh's discharge pending an investigation of the Navy's
conduct. EPIC noted that, "Any other result would make a
mockery of federal privacy law and subject the American people
to intrusive and unlawful governmental surveillance."

Senior Chief McVeigh is being represented by the Washington
law firm of Proskauer Rose LLP.

------------------------------

Date: Fri, 16 Jan 1998 13:19:31 -0800 (PST)
From: "Brock N. Meeks" <[email protected]>
Subject: File 4--AOL Targets Online Habits

Source - [email protected]

In light of the flap over the sailor's name being released by AOL to
Naval investigators, the following story may be of interest, as well:

AOL Targets Online Habits for Profit
by Brock N. Meeks
MSNBC

WASHINGTON-America Online plans to target its subscribers with
advertisements based on the areas they visit while connected to the
system, MSNBC has learned. The move is a dramatic shift away from how
AOL has traditionally used so-called "navigational" data that the company
routinely collects on its subscribers. Previously, navigational data has
only been used for system enhancements; now it becomes a powerful
marketing tool.

[snip]

According to the memo obtained by MSNBC, key changes include a new
marketing scheme called "personalization," and a time limit for marketing
preferences to be maintained by AOL.

The "personalization" preference "refers to targeting and promoting
offers to Members based on the areas they visit online," according to the
memo. As an example, AOL says that if someone checks up on a particular
sports team every day, "he could be shown a special sports promotion or
receive an offer to buy an NFL jersey determined by his past usage of the
sports area." Users will have the ability to not be targeted, based on
their online usage, the memo says.

[snip]

The targeted ad campaign is troublesome for David Banisar, a policy
analyst for the Electronic Information Privacy Center in Washington,
D.C. "What's now happening is that we're seeing a rather substantive
increase in the collection of personal information about individuals
that's then going to be used to target them for what ever purposes,"
Banisar said. "AOL has a fairly bad record going back several years now
of not even being able to adequately control the data they collect."

The full story can be found at:

http://www.msnbc.com/news/136984.asp

------------------------------

Date: Sun, 25 Jan 1998 13:34:09 -0600
From: [email protected](Jim Thomas)
Subject: File 5--AOL/Steve Case response to "Privacy" criticisms

Dear Members,

For more than a decade, we have been working hard to build an
interactive medium we can all be proud of. We have always
recognized that privacy was an absolutely central building block
for this medium, so from day one we've taken steps to build a
secure environment that our members can trust.

We handle over one million calls each week in our customer
service centers, and we protect the privacy of our members with
great care and with stringent rules.
Our member services representatives understand the importance
of not disclosing any account information to anyone who is not
the verified account holder. The verification process is
sophisticated, and our policies are effective, clear and well
communicated to all of our employees.

So it is with regret that we recently learned about an incident
that compromised the privacy of one of our members, a Navy
sailor. A member services representative received a call from
somebody who later turned out to be a Navy investigator but
called himself a friend of the member. The caller asked us to
confirm that a screen name that was on something he had received
was the AOL member's. Our employee should have refused to do
this. Unfortunately, he did confirm the member's identity to
the caller.

As we've said publicly, this should not have happened, and we
deeply regret it.

After a thorough review, we've confirmed this was a matter of
human error. Our representative understood our privacy policies
and procedures, but made a mistake -- a mistake for which we
take complete responsibility.

In light of this incident, we are taking additional steps to
protect the privacy of our members. First, we are reinforcing
the existing policies and procedures with additional employee
training, including the use of case studies to highlight unusual
facts and circumstances that member services representatives
should know how to respond to. Second, we'll test our employees
on their understanding of these policies and procedures. Third,
we have communicated to our member services representatives the
importance of not "confirming" a member's personal account
information, even to that member's friends and family. Fourth,
all representatives will be required to acknowledge in writing
that they understand AOL's privacy policies on a regular basis.
Finally, we will do everything possible to ensure that
government agencies follow the law in seeking information about
our members.

AOL's commitment to protecting the privacy of our members is
stronger than ever. We will keep working to make AOL a service
you can rely on, and this medium
something we can, indeed, all be proud of.

Regards,

Steve Case

------------------------------

Date: 01/10 4:14 AM
From: Charles C. Mann, [email protected]
Subject: File 6--Fwd: Virtual Intellectual Property newsletter

This is part of a posting to the cni-copyright list. It has enough
distressing implications that I thought you might be interested.
Charles C. Mann

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
V.I.P. (Virtual Intellectual Property) Newsletter U.S.
Intellectual Property & New Media Law Update Monday, December 29,
1997 Volume I, Issue XXXIII Bazerman & Drangel, P.C.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
(C) Bazerman & Drangel, P.C. 1997

*********************************************

<table of contents snipped out>

*********************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEW YORK'S LIBRARY PRIVILEGE -
FREEDOM OF INFORMATION ACT AND
EMPLOYEES' INTERNET USE

Quad/Graphics Inc. v. Southern Adirondack Library System (N.Y. Sup.
Ct. - Decided- September 30, 1997)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is a rather interesting case of first impression. Petitioner is
a major national commercial printing house headquartered in Wisconsin.
It has a thousand employees and uses computers extensively in its
business. High long distance bills led Petitioner to suspect that its
computers were being misused. Defendant, Southern Adirondack Library
Systems, is a cooperative system consisting of 30 member libraries
located in four upstate New York counties which, among other things
operates an electronic information service known as "Library Without
Walls." ("LWW") Once one obtains a valid library card and a personal
identification number, access is free for 30 minute periods.

Petitioner's employees are prohibited from using company computers for
personal purposes. Although these computers do not normally have the
capability of directly accessing outside lines, a knowledgeable user
can do so through a network connection with the company's mainframe
computer. Internet access for personal use from April 1995 to December
1996 cost Petitioner over $23,000 in long distance telephone charges
and some 1,770 employee man hours.

Petitioner feels a little put upon and, accordingly, desired to sue
its web-searching employees but couldn't figure out who they were.
Petitioner has been able to decipher nine 13 digit identification
numbers which were used to access the LWW from its computer system. In
an effort to learn the identities behind the nine identification
numbers, it made a New York Freedom Of Information request to the
Library. Since the library system is a quasi-municipal agency,
Petitioner argues that it is bound by the Freedom Of Information law.
This was rejected by the library, which considered such information as
confidential and not to be voluntarily disclosed. Plaintiff
petitioned to compel pre-litigation disclosure of the names of certain
of the employees using the located numbers. The Library, maintained
that under New York Civil Procedure Law and Rules Sec. 4509 the
identities are required to be kept confidential, since they are
library records which contain names of personal identity, and details
regarding the users of a library. The Court found that this New York
State statute provided protection against the requested disclosure,
noting that "for the application to be granted, the door would be open
to other similar requests made, for example, by a parent who wishes to
learn what a child is reading or viewing on the Internet via LWW or by
a spouse to learn what type of information his or her mate is
reviewing in the public library."

The decision may be seen at:

http://www.lcp.com/products/NY/slipops/pay/misc/F9757370.htm

VIP is put out by:
Bazerman & Drangel, P.C.
Intellectual Property and New Media Attorneys
60 East 42nd Street
Suite 1158
New York, NY 10165
tel: 212 292 5390
fax: 212 292 5391
e-mail: [email protected]
The complete set of newsletters can now be viewed at:
http://www.ipcounselors.com/
To subscribe, send a message to [email protected] with
"subscribe update" in the body of the message.

------------------------------

Date: Wed, 21 Jan 1998 14:22:32 -0700
From: Doc Holliday <[email protected]>
Subject: File 7--Re: Cu Digest, #10.04 - More on Microsoft

<CuD snip>

>begs an obvious question: Do the Ends justify the Means?
>
>Sure, Microsoft has definately made some major contributions to the
>computing industry, albiet it can be argued that those contributions are
>wholly self-serving in the end. But despite this, there are numerous
>documented incidents where Microsoft overstepped its bounds and gained a
>competitve advantage in an unethical and possibly illegal fashion. Yes,
>we're all fully aware that Microsoft didn't create the trend, but we're
>also not going to go jumping off bridges because everyone else is doing it
>too.

Yes, Microsoft was not the first to use unethical and, possibly,
illegal means to advances its interests. However, that doesn't
mean it is acceptable.

Prior to WWII German signed a pact referred to as the London
Submarine Pact of 1936. The pact said, basically, the signatories
would not sink merchant ships until the crew and the ships papers
were in a safe place. The United States signed this pact, too.

During their trial by the International Military Tribunal in
Nuremburg, Admirals Raeder and Doenitz asked for statements of US
Policy on sinking Japanese merchant traffic in the Pacific. Adm.
Nimitz said that, essentially, he did not comply with the London
Submarine Pact of 1936.

Defendants Doenitz and Raeder attempted to use this admission as
a "tu quoque" defense to the allegations German U-Boats sank
allied merchant traffic in the Atlantic without warning. "tu
quoque" essentially is an assertion by one party that they are
not guilty of anything, if the accusing party or others have done
the same thing without being prosecuted.

The International Military Tribunal did not accept the admirals
"tu quoque" defense. Raeder was sentenced to life in prison and
Doenitz to 10 years in prison.

I doubt a "tu quoque" defense presented by Microsoft would be any
more favorably received than was Raeder and Doenitz's.

------------------------------

Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST)
From: [email protected]
Subject: File 8--Calif Spam Bill Raises Commercial Speech, Commerce Concerns

Source - Cyber-Liberties Update, January 17, 1998

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

California Spam Bill Raises Commercial Speech, Commerce Concerns

Unsolicited e-mail advertisement, or "spam," has few fans on the net.
Court battles have been waged between service providers, such as AOL and
Compuserve, and spam advertisers, including Cyber Promotions, over
whether the thousands of messages sent to user e-mails can be blocked.

During the last session of the Congress several bills to ban or prohibit
"spamming" were introduced, but many were fraught with First Amendment
problems because they ban commercial speech altogether or are content
specific. Now, many states have entered the debate, raising even more
constitutional concerns over potential commerce clause violations.

California Assemblyman Gary Miller recently introduced a state anti-spam
bill (AB 1629) similar to the "Netizen Protection Act," introduced last
year in Congress by Rep. Christopher Smith. The bill would prohibit
businesses from sending unsolicited commercial e-mail to California
residents unless that person has a preexisting business or personal
relationship with the recipient, or the recipient has provided express
consent to the sender.

The bill would also authorize the recipient of unwanted mail received in
violation of the statute to bring suit against the sender to enjoin
future solicitations and to recover damages and attorneys fees.

"This bill may face serious constitutional obstacles given last years
decision in ALA v. Pataki, which held that state control or regulation
of Internet communications violates the Commerce Clause of the
Constitution," said Cassidy Sehgal, ACLU William J. Brennan First
Amendment Fellow. "Moreover, commercial speech is entitled to full
First Amendment protection and it is unclear that the bill may place an
outright ban on commercial messages."

In the decision in ALA v. Pataki, which involved a challenge by the ACLU
to a New York Internet decency law, federal district Judge Loretta
Preska declared that states are prohibited from regulating an interstate
communication which merely passes through their borders. Judge Preska
warned of the extreme danger that state regulation would pose to the
Internet, rejecting the state's argument that the statute would even be
effective in preventing so-called "indecency" from reaching minors.
Hence, state spam bills will probably not withstand constitutional
challenges. The decision in ALA v. Pataki is
available at <http://www.aclu.org/court/nycdadec.html>

Traditionally, commercial speech restrictions on telemarketing calls and
unsolicited fax advertisements have passed First Amendment challenges
but direct mail and door-to-door solicitations enjoy much greater
protection. Given the Supreme Court decision in ACLU v. Reno, on-line
messages should receive the same First Amendment protection given
traditional print media, which includes commercial mailings. Thus, while
netizens may laud efforts to curb spam, it is unclear whether
unsolicited commercial e-mail bills can pass constitutional muster.

------------------------------

Date: Wed, 14 Jan 1998 11:53:31 -0600 (CST)
From: Bennett Haselton <[email protected]>
Subject: File 9--press release from CYBERsitter on "suicide sites"

Source -- [email protected]

On Sunday, a California teenager killed himself by throwing himself in front
of a train.

A reporter called me about it and my exact words were, I swear, "In the next
couple of days there will probably be a press release from one of the
blocking software companies talking about how their program could have
prevented this." Solid Oak Software's press release from this morning is below.

The exact same thing happened with the Heaven's Gate cult -- Solid Oak
Software sent out the same kind of press release, but Declan confirmed that
CYBERsitter had not been blocking the Heaven's Gate site before the suicides
took place.

The suicide FAQ is at:
http://www.duke.edu/~economak/suicide.html

-Bennett

>
> SANTA BARBARA, Calif.--(BUSINESS WIRE)--Jan. 14, 1998--CYBERsitter, the
>leading Internet filter from Solid Oak Software Inc., blocks Internet sites
>providing information on methods of committing suicide.
> In light of a recent tragedy involving a teenager's suicide, it is
>increasingly important that parents monitor their children's Internet
>activity, said Marc Kanter of
>Solid Oak Software. A California teenager was found possessing 20 pages of
>information on "How to Commit Suicide" that was reportedly retrieved from the
>Internet.
> Access to any information, whether appropriate for children or not, is
>a mouse-click away without filtering software installed on the home computer.
> CYBERsitter works by monitoring Internet activity and restricting
>access to adult-oriented material and sites not suitable for children. The
>fact that CYBERsitter
>can maintain a history of all Internet activity for later review especially
>provides parents the peace of mind that their children aren't accessing
>these sites in the first
>place.
> This feature has placed CYBERsitter as the filter of choice among
>parents, since the leading competition does not offer this option.
> CYBERsitter is best known for blocking access to the pornography found
>online. The other categories that CYBERsitter filters are also as
>important, such as
>advocating illegal/radical activities and advocating hate/intolerance.
> Parents must take an active role in their children's computer activity
>when it involves the Internet. Just as children need to be overseen in
>daily life, the same holds
>true on the Internet. With a few simple precautions, the use of filtering
>software and general good parenting, the Internet can be a safe and
>educational environment.
> Free trial versions of CYBERsitter are available for download from
>Solid Oak Software's Web site at www.cybersitter.com .
> CYBERsitter sells for $39.95, offers free filter file updates and is
>available directly from Solid Oak Software's Web site. It can be ordered by
>calling
>800/388-2761 or 805/884-8201. A network version, site licenses and
>educational discounts are available.
>===============================================
>Brian S. McWilliams
>News Radio editor, PC World Online
>http://www.pcworld.com/newsradio
>Voice: (603) 868-2949 Sound Off! (415) 267-4544

------------------------------

Date: Fri, 16 Jan 1998 09:56:24 -0800
From: "(--Todd Lappin-->)" <[email protected]>
Subject: File 10--German Parliament Approves Bugging Bill

Source - [email protected]

Friday January 16 11:55 AM EST

German Parliament Approves Bugging Bill

By Mark John

BONN (Reuters) - The German parliament Friday narrowly passed a
controversial bill allowing police to bug suspected criminals for
the first time in post-World War Two Germany, despite protests from civil
liberty groups.

The vote followed approval by parliament's legal committee this week of a
compromise between Chancellor Helmut Kohl's government
and the opposition Social Democrats (SPD) to restore eavesdropping powers
banned since the Nazi era.

In a much tighter vote than expected, the Bundestag, parliament's lower
house, passed the measure by 452 votes to 184, thus securing
by four votes the two-thirds majority needed for laws which require
amendments to the German constitution.

Interior Minister Manfred Kanther played down suggestions the bill amounted
to a watering down of the strong guarantees of civil
liberties and privacy that West Germany set up in reaction to the abuses of
Hitler's Gestapo secret police.

"This is not a key issue for a constitutional state. It is a measure that
will only be used rarely to combat crime," Kanther told parliament.

But Manfred Such, a deputy for the environmentalist Greens who opposed the
bill, said it was a "black Friday" for Germany's
constitution.

The bill, if approved by the upper house of parliament, will allow police
to eavesdrop over an extended period of time on private homes
using high-tech surveillance devices such as directional microphones linked
to transmitters.

Electronic surveillance is currently only allowed in Germany if there is an
overwhelming suspicion that a crime is on the verge of being
committed.

Police say they need the powers to fight a surge in organized crime, but
lawyers, journalists and doctors have condemned the bill,
saying it will violate the confidentiality between them and their clients
or contacts.

"This is a dismal event for the constitution," said human rights group
Humanistiche Union in a statement.

"We demand that the regional state governments...do their duty to defend
the constitution and deny this legal contraption the two-thirds
majority it needs in the Bundesrat (upper house of parliament)," it added.

Opposition from civil liberties and church groups to the bill led earlier
this week to parliament's legal committee exempting church
confessionals from surveillance.

At least one regional state, Rhineland-Palatinate, has said it is
considering opposing the bill when it moves to the upper house unless
conversations between criminal suspects and doctors, journalists or lawyers
are also exempted.

A defeat in the Bundesrat would then send the bill to a mediation committee
for amendment.

------------------------------

Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST)
From: [email protected]
Subject: File 11--New Encryption Rules Could Relax Export Criminalization

Source - Cyber-Liberties Update, January 17, 1998

New Encryption Rules Could Relax Clinton Administration Export
Criminalization

The Bureau of Export Administration published a notice of rulemaking
this week on encryption export that may relax the current Clinton
Administration restrictions which criminalize export of programs from
the United States.

The "Implementation of the Wassenaar Arrangement List of Dual-Use Items:
Revisions to the Commerce Control List and Reporting Under the Wassenaar
Arrangement," was published in the January 15 Federal Register. Comments
on this rule must be received on or before February 17, 1998.

Representatives of thirty-three countries gave final approval July
12-13, 1996 in Vienna, Austria to establish the Wassenaar Arrangement on
Export Controls for Conventional Arms and Dual-Use Goods and
Technologies. The thirty-three countries agreed to control all items in
the List of Dual-Use Goods and Technologies with the objective of
preventing unauthorized transfers. They further agreed on a target date
of November 1, 1996, for implementation of the Wassenaar Lists.

The purpose of this interim rule is to make the changes to the current
U.S. commerce controls that are necessary to implement the Wassenaar
List. However, the interim rule imposes new reporting requirements on
persons that export certain items controlled under the Wassenaar
Arrangement to non-member countries.

Encryption programs scramble information so that it can only be read
with a "key" -- a code the recipient uses to unlock the scrambled
electronic data. Currently, there are no laws that prohibit using as
strong encryption as possible inside the United States. But, unless keys
are made available to the government, the Clinton Administration bans
export of encryption equipment and software, treating the products as
"munitions."

The ACLU, Electronic Privacy Information Center (EPIC) and Electronic
Frontier Foundation (EFF) will be participating in this process and we
will update you in the coming weeks. The text of the rules are available
online at:

<http://jya.com/bxa-wa-rule.txt (354K)>
<http://jya.com/bxa-wa-rule2.txt (373K)>
<http://jya.com/bxa-wa-rule3.txt (32K)>

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 12--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #10.06
************************************