Computer underground Digest Sun Feb 15, 1998 Volume 10 : Issue 11

Computer underground Digest Sun Feb 15, 1998 Volume 10 : Issue 11
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #10.11 (Sun, Feb 15, 1998)

File 1--AOL's insecurity complex
File 2--Skeeve Faces 10 Years
File 3--Policy Post 4.1 -- Digital Wiretap Law at Key Juncture
File 4--Solid Oak's mail bomb--a reply from Brain Milburn
File 5--Comment on the ever-continuing CyberSitter thread.
File 6--CRYPT Additions to the Joseph K Guide to Tech Terminology
File 7--Defamation havens
File 8--Tokyo municipal office urging teacher to delete web page
File 9--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Fri, 6 Feb 1998 08:41:14 -0800
From: "James Galasyn" <[email protected]>
Subject: File 1--AOL's insecurity complex

((CuD Moderators' Note: The following may not be reprinted
without permission of Salon)).

from http://www.salonmagazine.com/21st/

----------------------

AOL's insecurity complex

THE ONLINE SERVICE CAN'T EVEN KEEP
ITS OWN STAFF BULLETIN BOARDS PRIVATE.

BY DAVID CASSEL | You've probably heard about the "other" Timothy McVeigh --
the sailor who found himself the target of Navy discharge proceedings for
violating its "don't ask, don't tell" policy, after America Online divulged
the real-life name behind his online profile.

At this point, only a district judge has prevented the Navy from completing
the discharge. After a firestorm of press coverage, AOL CEO Steve Case
issued a special "Community Update" to try to mollify anger. "We have always
recognized that privacy was an absolutely central building block for this
medium," Case argued, "so from day one we've taken steps to build a secure
environment that our members can trust."

But Case's words rang hollow. The McVeigh affair wasn't an isolated
incident. In the ensuing coverage, other subscribers also came forward with
stories about AOL's loose lips. And only days after that controversy arose
came the latest in a long sequence of disturbing AOL security breaches,
undermining AOL's claim that it provides a "secure environment."

Around midnight Jan. 26, I received a mysterious e-mail message: "Before you
miss the whole thing, you should really try and check out keyword: TA."

Since I edit a mailing list about AOL, I sometimes receive tips about hacked
content. So I dutifully visited AOL's "Traveler's Advantage" area, which
normally promotes innocuous travel-related services. ("Win a romantic
Getaway for Two OR $5,000 CASH!")

It was different that Monday. As with many previous acts of high-tech
vandalism, the title of the window had been changed in the middle of the
night. Instead of "Welcome to AOL Travelers Advantage!" the page read,
"Lithium Node was here." (This wasn't the first time AOL had heard from
"Lithium Node": Last June, the same group converted AOL's "Academic
Assistance Center" into a kind of hacker resource center, complete with
manifesto.)

But this attack offered a new twist: Below the substitute title lay a menu
linked to dozens of AOL staff bulletin boards. Following the links led to
private boards reserved for conversations among AOL's online staff --
including staffers of "The Rosie O'Donnell Show" and AOL's own army of
volunteers. Ironically, one area included an essay on the word
"confidentiality," saying users should observe confidentiality policies, and
"we should take pride in our ability to do so, and set an example for other
staffs."

Though the material was apparently meant to be off-limits to the public, it
wasn't. A week later, one of the boards sported an announcement outlining a
pending policy change. Staffers were told that "Beginning February 4, 1998,
Keyword TCB will be viewruled." In other words, AOL was going to restrict
access to "The Community Building," a gathering place for AOL's online
staff. This tactic was "becoming increasingly important," the memo stated,
to assure that an area "is limited to its intended audience, and not
available for viewing by others."

The bulletin boards linked from the giant index that had appeared the week
before were soon to be roped off. But the obvious question -- why this
no-brainer protection wasn't already in place -- went unaddressed. The
announcement stated hopes that the board "remains a safe and secure area."

I can't say I was surprised by any of this; AOL has a long history of
security and privacy problems. In 1995 hackers accessed the e-mail of CEO
Case and other executives. One message -- describing AOL's meeting with the
FBI to crack down on hackers -- was even posted to Usenet newsgroups. The
hacks continued over the years, and grew more sophisticated. Last April my
mailing list uncovered a trick that allowed access to any subscriber's
credit card number if they'd revealed their password. AOL had stated this
wasn't possible.

While there's no information on how many subscribers were affected, an
omnipresent population of ill-wishers compounds any AOL security breach. In
September 1996 the Washington Post reported that AOL canceled 370,000
accounts in one three-month period for "credit card fraud, hacking, etc." I
once counted over 300 troublemakers massing in chat rooms for an en masse
demonstration of dissatisfaction.

What's making users uneasy is the realization that hackers aren't the only
threat to privacy. Last August a parody of AOL's CEO appeared in Mad
magazine, addressing concerns about high-tech burglar Kevin Mitnick: "My
subscribers' card numbers are accessible to someone far more dangerous than
him!" Case's parody doppelgnger commented. "ME!!"

In a scramble for profits, AOL itself has resorted to varying degrees of
invasiveness. In July, for instance, AOL faced controversy over plans to
sell subscribers' home phone numbers to telemarketers. AOL's compromise
solution wasn't as well publicized: Users will still receive unsolicited
calls, but only from AOL's own stable of telemarketers. In addition, when
customers now phone for technical support, staffers try to transfer them to
outside telemarketing firms at the end of the call.

AOL has faced questions about its privacy policies since 1994, when Rep. Ed
Markey, D-Mass., expressed concerns about AOL's plan to sell information
about customers to marketers. Three years later, privacy advocates at the
Electronic Privacy Information Center remain concerned. AOL recently
acknowledged that its current marketing plan includes gathering aggregate
information about customers' movement through the service, and then using
the information to sell more targeted advertisements. The existence of such
a database troubles privacy advocates, whether or not the information is
attached to a user's identity. And since a recent industry report calculate
s
that nearly 60 percent of the time Americans spend online is spent on AOL,
the company is in a unique position to compile records on how that time is
spent.

In the McVeigh incident, AOL originally stated it was confident that its
policies had been followed. Later, Case's "Community Update" conceded that
"this should not have happened, and we deeply regret it." He closed by
telling members that "AOL's commitment to protecting the privacy of our
members is stronger than ever." Ironically, Case's apology appeared above an
icon reading "Click Here to Keep Your Resolutions." It often seems that AOL
is more interested in appearing to honor privacy and security than in
actually providing it.

In the last 10 months, at least 28 areas of AOL have been altered by
hackers. Most fell to human error -- someone with "publishing rights"
divulged their password. But AOL's performance in the face of these problems
hasn't inspired confidence. Content partners say a memo distributed in
October acknowledged that one of AOL's own employees had lost control of a
privileged account. Seven areas were modified that night, including Reebok,
AOL's Jewish Community Area and even Case's Community Update. (Its second
page was retitled "Hey there, Sexy.")

The attacks are getting more sophisticated. After vandals left a manifesto
criticizing AOL's NetNoir area, its producer dispensed a carefully crafted
response to reporters. But the graffiti artists got a second chance -- weeks
s
later they returned on another purloined account and posted a rebuttal.

AOL has a ways to go before it regains my trust. By the morning after I
received that mysterious e-mail message, keyword "TA" had been restored to
its original travel pitches. But for nine days afterward, most of the staff
areas remained accessible to anyone who'd added them to their bookmark file

Case needs to work a little harder on his resolutions.

COPYRIGHT:
SALON | Feb. 6, 1998
(May not be reprinted without permisson)

------------------------------

Date: Tue, 10 Feb 1998 18:12:51 -0500
From: Anonymous <[email protected]>
Subject: File 2--Skeeve Faces 10 Years

Hacker faces 10-year sentence

By NICK PAPADOPOULOS

A computer hacker who obtained and then circulated the details of
1,200 credit-card holders on to the Internet, after illegally
accessing the files from an Internet Service Provider, faces a
maximum 10-year jail sentence in the Downing Centre District Court
today.

Skeeve Stevens, 27, of Sydney, had initially denied that he was
the "Optik Surfer" responsible for one of Australia's worst
computer security breaches but he later pleaded guilty.

The hacking incident is said to have cost the service provider,
AUSNet, more than $2 million in lost clients and contracts.

At the court yesterday the Crown submitted that Stevens had
"maximised the damage" to both the company and the credit card
holders by contacting journalists after the break-in and other
"publicity-seeking behaviour".

In a statement of facts tendered to the court the Australian
Federal Police said Stevens hacked into AUSNet's computer network
in March 1995, two months after he was refused a job with the
company.

The court heard how Stevens, using the user account and password
details of AUSNet's technical director, altered the company's home
page on April 17, 1995, by prominently displaying a message that
subscriber credit card details had been captured and distributed
on the Internet.

This was followed the next day by an e-mail message created by
Optik Surfer boasting about "this crime of stupidity by AUSNet"
and highlighting the company's lax security.

Stevens faces one count of inserting data into a computer, which
carries a maximum 10-year jail sentence, and eight counts of
unlawful access to computer data. He is likely to be sentenced
today.

------------------------------

Date: Fri, 6 Feb 1998 17:56:05 -0500
From: Graeme Browning <[email protected]>
Subject: File 3--Policy Post 4.1 -- Digital Wiretap Law at Key Juncture

((CuD MODERATORS' NOTE: The following post was edited down for parsimony))

The Center for Democracy and Technology /____/ Volume 4, Number 1
-----------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
---------------------------------------------------------------
CDT POLICY POST Volume 4, Number 1 February 6, 1998

** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of <[email protected]>
__________________________________________________________

(1) DIGITAL WIRETAP STATUTE AT KEY JUNCTURE

What started as a law intended to preserve law enforcement's ability to
conduct wiretaps on digital networks is now being used by the FBI in an
effort to enhance its surveillance capabilities. The struggle over the
scope of the 1994 law is being waged in Congress, at the Federal
Communications Commission (FCC) and in negotiations between the telephone
industry and the FBI. The status of the debate and its implications for
privacy are reviewed in a recent CDT memo posted at
http://www.cdt.org/digi_tele/status.html.

(2) FBI PURSUES EXPANDED SURVEILLANCE CAPABILITIES

Congress enacted the Communications Assistance for Law Enforcement Act
(CALEA)--popularly called the 'digital telephony'law--in 1994. The FBI is
now trying to use the law to require special surveillance features in the
nation's land-based and wireless telephone systems. Telephone companies
have yielded to some of the FBI's demands and have resisted others, but now
face pressure to compromise further.

* Under pressure from the FBI, the wireless phone industry has agreed to
provide law enforcement with the capability to track the location of
cellular phone users.
* The telephone industry has also agreed that carriers using increasingly
common 'packet switching' protocols may provide to the government the full
content of customer communications even though the government is only
legally authorized to intercept the less sensitive addressing data that
indicates who is calling whom.

Despite these concessions, the FBI remains unsatisfied with the industry's
proposed compliance plan. The FBI continues its push for additional
surveillance features, including the ability to --
* continue monitoring parties on a conference call after the subject of
the wiretap order has dropped off the call;
* collect detailed information identifying each party on a call,
including parties not the subject of investigation; and
* receive instant notification when a customer has a voice mail waiting
or makes any changes in service.

The FBI also has proposed requiring carriers to install capacity for far
more surveillances than ever before. See
http://www.cdt.org/digi_tele/970218_comments.html.

(3) INDUSTRY - FBI NEGOTIATIONS: GOVERNMENT SEEKS SOMETHING FOR NOTHING

Congress set October 25, 1998 as the deadline for complying with CALEA. It
has been clear for some time that the deadline can't be met: the FBI's
insistence on adding surveillance functions outside the scope of the law
snarled the process of drafting technical standards. Congress foresaw that
compliance might take longer than expected, so it gave companies the right
to seek delays from the FCC or the courts.

The FBI, however, is offering carriers special extensions (called
'forbearances') if they agree to develop the additional surveillance
capabilities. Since the carriers are *already* entited to an extension of
time under CALEA, the FBI's negotiating ploy is seeking something for
nothing. Manufacturers or carriers may be tempted to accept the offer to
avoid the cost of litigation. They would do so, however, at the expense of
privacy and control over network design.

(4) CDT WILL URGE FCC TO INTERVENE TO PROTECT PRIVACY

CALEA gives the FCC an oversight role in how the law is applied, but the
Commission has been reluctant so far to intervene. In August 1997, the
cellular industry, CDT and the Electronic Frontier Foundation filed
pleadings at the FCC urging it to find that the FBI's demands for
additional surveillance capability go beyond the scope of CALEA. The
petitions are still pending. See http://www.cdt.org/digi_tele/#fcc.

Instead, the FCC in October began considering an FBI proposal to require
telephone company employees to undergo background investigations and to
sign nondisclosure agreements. The FBI is also urging the Commission to
limit the ability of telephone companies to verify the validity of
purported wiretap orders.

In comments to be filed on February 11, CDT will urge the FCC to balance
the interests of law enforcement with the interests of privacy and
technological innovation, as Congress intended. The full text of CDT's
comments will be posted at http://www.cdt.org.

(5) CDT'S PRIVACY RECOMMENDATIONS

CDT believes that several steps should be taken to restore CALEA to the
spirit of balance it originally incorporated. These steps would preserve
law enforcement's basic surveillance capability (without the specific and
highly detailed enhancements sought by the FBI), and yet would protect
privacy in the face of the increasing surveillance potential of the new
technology:

* Congress should put an end to the controversy over enhanced
surveillance capabilities and reaffirm its narrow intent for CALEA by
authorizing the FBI to begin reimbursing carriers and switch manufacturers
to implement the industry's interim standard, minus wireless phone tracking
and minus any premature treatment of packet switching systems that does not
require the separation of call content from addressing information.
* Congress should deny the FBI the ability to impose redundant capacity
requirements on carriers, by limiting expenditure of the capacity
reimbursement funds.
* Congress should extend the October 1998 deadline, so that the FBI
cannot use the threat of non-compliance sanctions to force industry to
capitulate. However, extension of the deadline should not be traded for
enhanced capability.
* The FCC should assure itself of the security of the networked
surveillance administration systems that carriers will be installing to
comply with CALEA.
* The FCC should drop its proposals for intrusive background
investigations of carrier personnel.
* The FCC and/or Congress should launch an inquiry into the privacy
implications of surveillance in a packet switching environment.
* Since developments in technology are already increasing surveillance
capabilities, a probable cause standard for government access to location
tracking information should be established.
* The standard for governmental access to other transactional information
(through pen registers and trap and trace devices) should be increased to
require an affirmative finding by a judge that the information sought is
relevant and material to an on-going investigation. (The current standard
reduces the role of the judge to a mere rubber-stamp.)

(6) CDT CALEA WEBSITE UPDATED

We have recently revamped and updated our CALEA website, at
http://www.cdt.org/digi_tele/

__________________________________________________________

(7) SUBSCRIPTION INFORMATION

<snip>

To subscribe to CDT's Policy Post list, send mail to

[email protected]

in the BODY of the message (leave the SUBJECT LINE BLANK), type

subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

unsubscribe policy-posts
_____________________________________________________________

(8) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information: [email protected]
World Wide Web: http://www.cdt.org/

Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968

------------------------------

Date: Tue, 10 Feb 1998 16:23:35 -0700
From: [email protected]
Subject: File 4--Solid Oak's mail bomb--a reply from Brain Milburn

I send a message to Solid Oak's official PR address
([email protected]) asking about the mail bombing and got the attached reply.
My original email message is at the bottom.
The noteworthy parts (to me) of the reply were their distinction
between a "mail bomb" and this incident and that it was the work of an
individual employee and not of the company:

"The large number of e-mail messages she was sent (about 446)
were actually separate but multiple replies to her original
messages, not a mail-bomb, and were made by an obviously
frustrated and overworked technical support employee."

While I am pleased that Solid Oak does "not encourage or condone
this type of behavior" I am disappointed that they did not mention any
steps that they were taking to help their employees follow said policy.
One obvious step might be to teach their employees about .kill files.

Joe

--snip--
From--Brian Milburn <[email protected]>
Subject-- Re--Confirmation of mail bombing story
Date--Tue, 10 Feb 1998 12:52:20 -0800

Thank-you for your mail concerning recent events you have read about
on-line. The person mentioned is not and was not a potential customer
evaluating blocking software. And, as she operates a web site promoting
witchcraft and paganism, it is highly unlikely that she will ever purchase
or use any any content filtering product.

Additionally, she is an admitted member of a group that has been engaged in
a campaign of organized harassment against us for over 14 months. During
this time, we have received hundreds of e-mail messages from members of
this group as well as mail-bombs, "denial of service attacks" and "out of
band attacks". We have even received death threats sent via e-mail to
private accounts whose addresses are published by this group on their web
pages and in their membership newsletters.

This group has made their position on filtering software well known over
this time. We feel that their concerns have already been adequately
expressed. Many of the messages we have received have DEMANDED a response
and threaten disastrous consequences it we do not. We are under no
obligation whatsoever to respond to these messages, but we do have an
obligation to our customers to provide timely technical support and answers
to their questions.

This person sent 12 messages to these accounts even though she was asked
not to. Her ISP was contacted and their assistance was requested in
persuading her to cease her e-mail activities to us. They refused to
assist. The large number of e-mail messages she was sent (about 446) were
actually separate but multiple replies to her original messages, not a
mail-bomb, and were made by an obviously frustrated and overworked
technical support employee.

While we do not encourage or condone this type of behavior, we must
recognize the fact that our employees have to endure a great deal of abuse
from members of this group and it's supporters.

Thank-you

Solid Oak Software

On 02/10/98 12:19pm you wrote...
>
>Hello,
> I was writing because I was recently forwarded an account claiming
>that Solid Oak had mail bombed some woman for emailing a critical letter
>to Solid Oak's feedback email address. Since Solid Oak has been the subject
>of heated accusations in the past, I didn't want to propagate an erroneous
>story without checking its accuracy. Would you be able to tell me what, if
>anything happened? I believe the woman's name was something like "Sarah
>Salls."
>
>Thank you,
>
>Joe
--snip--

------------------------------

Date: Thu, 12 Feb 1998 22:52:20 +0100 (MET)
From: DELETED <[email protected]>
Subject: File 5--Comment on the ever-continuing CyberSitter thread.

Hello,

I've been a regular reader of CuD for about 8 months now, and so I've seen
alot of articles related to Solid Oak and its filtering software. Now,
judging from the information contained in those articles, and various other
sources on the web, it's rather obvious that Solid Oak has a rather
"personal" interpretation of "material unfit for children", and well, after
quite a few moments of thinking the matter over, my only reaction is:
so what ?

What I mean is, no one is forcing anyone to actually use Solid Oak's
software. If Solid Oak wants to sell an inferior product, let them (we all
know another very large company that's been doing this since 1981). Just
like the consumer has a right to choose what he buys or not, so should the
merchant have the right to sell crap if he so chooses.

Ofcourse, the behaviour that Solid Oak has been displaying lately shows
their inferiorness is not only a matter affecting their software...

While I'm on the subject, I would also like to add that I really don't
understand this problem you Americans seem to have concerning the protection
of your children against material deemed unfit for their eyes. I mean, it's
not as if a child will 'accidently' stumble upon some hardcore pornography
while just browsing the web; if you find your 10-year old downloading
material from sites containing sexually explicit material, you can be sure
he/she's doing so by his/her own will, or would you argue that those "press
here if you are 18 or older"-buttons got pressed all by themselves ? The
same applies to IRC, the child still has to make the decision to actually
join a channel where such material is being spread.

Basically, I feel that if you cannot trust your child to not actively go out
and seek such material, then you should not be letting your child wander
about the net unattended. (the same applies to any other medium imo)

Feel free to comment on this :)

PS: for personal reasons i prefer to remain anonymous (ie. not reveal my
real name), i hope you can respect this choice.

Regards,
<deleted>

------------------------------

Date: Wed, 7 Jan 1998 23:32:22 -0500
From: "George Smith [CRYPTN]" <[email protected]>
Subject: File 6--CRYPT Additions to the Joseph K Guide to Tech Terminology

ADDITIONS TO THE JOSEPH K GUIDE TO TECH TERMINOLOGY: Another
brief in a very popular Crypt Newsletter continuing feature.

consultant: U.S. Department of Defense or civil service
free-lancer usually involved in a conflict of interest; or, a recently
downsized employee of corporate America.

Usage: The _consultant_ from Science Applications International
Corporation enjoyed writing policy papers for the Pentagon's Joint Chiefs
which always cleverly ensured more DoD business for his firm.

Usage: Two years after being downsized by Acme Data Systems, Scroggins'
carefree life as an Internet _consultant_ came to an end when he
declared bankruptcy, was divorced by his wife and lost visitation
rights to his children.

cutting edge: hackneyed usage meant to convey a quality of
hipness and intellectual excellence but, instead, standing for quite
the opposite.

Usage: One editor at a stodgy newspaper declared his business and
technology section _cutting edge_ even though everyone knew
it was only a forum for billionaire hagiography and rewritten press
releases issued by corporate America.

libertarian: once a handy political label for those who
believe in free markets and personal liberty; now a handy marketing
tool for those who wish to lower taxes, disarm government employees
and spend large amounts of money on anything published by Wired
Ventures, Inc.

Usage: The mighty publisher of WIRED magazine galvanized a
phalanx of Net _libertarians_ into sending a million
electronic mails to Congress in protest of Net censorship -- where
they were immediately deleted, unread, by college interns.

Netizen: formerly, a term meaning citizen of the Net;
now, an overused, unintentional pejorative describing a group of
annoying computing technology-obsessed, mostly white, mostly
male, blowhards.

Usage: _Netizen_ Kane stamped his foot in glee as he
used his skills in PC automation to send 1,000 e-mail copies of a
windy, libertarian rant to Congressmen, the President
and the press, where it was subsequently deleted, unread, by
college interns.

Yes, you can contribute to the Joseph K Guide without fear of
professional retribution or stain upon your reputation. Send your
suggestions, definitions or usages to Crypt Newsletter!

=======================

Editor: George Smith, Ph.D.
INTERNET: [email protected]
[email protected]
http://www.soci.niu.edu/~crypt

Mail to:
Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
ph: 626-568-1748

------------------------------

Date: 4 Feb 1998 16:29:25 +1000
From: "Brian Martin" <[email protected]>
Subject: File 7--Defamation havens

Defamation havens

Brian Martin
[email protected]
http://www.uow.edu.au/arts/sts/bmartin/

The net could make defamation law obsolete. The best solution to
defamatory comments is a timely opportunity to reply, and this is
readily available to users through email lists and the web. This
is a dramatic difference from the mass media, where the ordinary
person can't afford to reply to a defamatory story.

Although the net provides a wonderful solution to defamation,
that's not the end of the problem. Defamation law is routinely
used to suppress free speech, especially speech critical of those
with power and wealth.

In countries such as Australia and Britain, defamation laws are
incredibly harsh and used capriciously. One Australian book
reviewer, for example, said in a newspaper "I object to the
author's lack of moral concern." The author sued and after two
trials finally obtained more than $100,000 from the publisher. In
another case, police kept a book off the market for a decade by
launching dozens of defamation actions against the author,
publisher and retailers. Corrupt politicians have escaped media
scrutiny by threatening actions for defamation.

Things look better on paper in the US, but in practice defamation
law often restrains free speech. After the magazine Rolling Stone
published an article about the origin of AIDS from polio vaccines,
the scientist who developed the vaccine in question sued. Rolling
Stone, having spent half a million dollars on legal fees before
even getting to court, decided to settle by publishing a
"clarification". It didn't run any further stories on the topic.

There are hundreds of cases where US defamation law is used to
intimidate citizens who write a letter of complaint to the
government or even just sign a petition. These so-called SLAPPs
(Strategic Lawsuits Against Public Participation) show how the
legal system can be manipulated to squelch free speech.

The net cannot solve all these problems at a stroke, but it does
offer the potential to get around one major obstacle: how to
publish material when the mass media are scared away by the threat
of defamation. The answer: put it on the web. But what if the ISP
is threatened? Put it on the web in another country!

Even this isn't totally safe, since the publisher can be sued in
the other country, and the author can be sued there or at home.
The answer? Defamation havens.

A country could make itself a defamation haven by eliminating all
laws against defamation and offering itself as a host for web
sites or targeted email. Local writers could offer, for a fee, to
be the authors of documents. Alternatively, indigent writers from
other countries could be the authors. A defamation haven would be
analogous to a tax haven, though less lucrative.

Those who wish to suppress speech will not give up without a
struggle, however. One battleground is web links.

David Rindos, an archaeologist from the US, took a post at the
University of Western Australia (UWA) in 1989. He soon became
aware of some unsavoury activities in his department and reported
them. As a result, he came under fierce attack and was denied
tenure. His case generated enormous concern internationally and
led to the establishment of a web site of documents about the
case, at http://www.acsu.buffalo.edu/~hjarvis/rindos.html, hosted
at the State University of New York at Buffalo.

In 1996, the web site address was published in The Australian (a
national daily newspaper) and Campus Review (a national weekly)
and broadcast on ABC (Australian Broadcasting Corporation) radio.
UWA threatened defamation actions against each and successfully
deterred further publication of the address. It also threatened
SUNY, but it became apparent that this was only a bluff.

Note that this was a threat to sue for simply publishing a web
address, along with the allegation that the web site contained
defamatory material. Such as suit would seem to have little chance
of success in court, though one never knows in Australia. But in
this case the threat was enough to scare the Australian media.

The net community has more options. The Rindos site at SUNY has
now been mirrored at other locations. Indeed, the best response to
threats to web publication is to provide greater access and, to be
fair, to offer critics a chance to publish replies.

The net provides such ease of publication that the key in the
future will not be access but rather credibility. With mounds of
defamatory material, of claims and counterclaims, will anyone pay
attention? Only if the source is impeccable. In a world with easy
publication and no effective defamation law, there will still be a
great incentive to be accurate. That may be better protection for
reputations than defamation law ever provided.

------------------------------

Date: Thu, 5 Dec 1996 01:19:30 -0500 (EST)
From: Declan McCullagh <[email protected]>
Subject: File 8--Tokyo municipal office urging teacher to delete web page

Source - [email protected]

Teacher told to delete Web page

Asahi Shimbun

The municipal office of Tokyo's Setagaya Ward is urging a
fifth-grade teacher to delete an Internet home page he created
with his pupils, saying it may violate local regulations, Asahi
Shimbun learned Monday.

Ward officials said the home page, which includes a picture of the
31 children in the class and articles in which they introduce
themselves, may violate an ordinance on privacy protection.

The ordinance prohibits connecting computers in public facilities
to computers outside the ward and bars anyone from providing
private information to anyone outside.

The ward officials said information on the home page, including
the children's names, should be protected under the ordinance.
They also said that, under the ordinance, a panel on information
disclosure and privacy protection that advises the ward chief had
to give the teacher permission to connect the school computer to
the Internet.

The 44-year-old teacher, however, said he will not follow the
ward's instruction. He said while he thinks privacy protection is
important, the ordinance restricts the right of people who want to
send information through the Internet.

The teacher started the classroom home page on Nov. 6. It also
includes illustrations and poems by the children. The pupils also
communicate with elementary school students in Aichi Prefecture
through e-mail.

The ward officials late last month urged the teacher to delete the
home page.

The teacher denied any intention to violate privacy. He said his
pupils enjoy the Internet and their parents appreciate their
computer communications.

According to the Home Affairs Ministry, 1,202 municipalities
across the nation had similar ordinances as of April 1. Of those,
895 prohibit or restrict connecting school or public office
computers to networks outside the municipalities, the ministry
said.

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #10.11
************************************