Subject: RISKS DIGEST 17.72

Subject: RISKS DIGEST 17.72

RISKS-LIST: Risks-Forum Digest Weds 14 February 1996 Volume 17 : Issue 72

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, etc. *****

Contents:
The CDA: Has It Fallen? Can It Get Up? (Stanton McCandlish)
REVIEW: "Digital Money" by Lynch/Lundquist (Rob Slade)
Re: RISKS (...) of typing credit-card numbers (Olin Sibert)
Re: The measurement of risk (Pete Mellor, Martin Minow, Robert Walking-Owl)
REMINDER: Privacy Digests (PGN)
ABRIDGED info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 14 Feb 1996 00:48:11 -0800 (PST)
From: Stanton McCandlish <[email protected]>
Subject: The CDA: Has It Fallen? Can It Get Up?

The CDA: Has It Fallen? Can It Get Up? - Stanton McCandlish, [email protected]

In the days after the passage of the unconstitutional "Communications
Decency Act" as part of the Telecom bill, the CDA appears to be toppling
just as it should have begun to ride high in the saddle of fundamentalist
"victory" (though the battles are hardly over yet.)

The entire Congress passed this bill (some Members knowing it was
unconstitutional, and some on the other extreme not even knowing the CDA
existed), with the exception of the following legislators who voted against
the whole Telecom Bill:

Representatives

Earl Hilliard (D-AL), Pete Stark (D-CA), Pat Schroeder (D-CO), Neil
Abercrombie (D-HI), Lane Evans (D-IL), Sidney Yates (D-IL), Barney Frank
(D-MA), John Conyers (D-MI), Collin Peterson (D-MN), Harold Volkmer (D-MO),
Pat Williams (D-MT), Maurice Hinchey (D-NY), Jerrold Nadler (D-NY), Peter
DeFazio (D-OR), Timothy Johnson (D-SD), Bernard Sanders (independent-VT)

Senators

Dianne Feinstein (D-CA), Patrick Leahy (D-VT), Paul Simon (D-IL), Paul
Wellstone (D-WI), and John McCain (R-AZ).

(Plus a handful that did not vote.) In all, only a singe Republican, out
of both Houses of Congress, voted to preserve American freedom of
expression.[*]

The President proclaimed, in the first State of the Union Address to mention
the Internet, "When parents control what their children see, that's not
censorship. That's enabling parents to assume more responsibility for their
children. And I urge them to do it". Clinton then, in a signing party timed
to coincide with the press attention given to the "24 Hours In Cyberspace"
multimedia event, enacted a law that strips parents of the right and
responsibility to decide what is appropriate for their own children. The
CDA would not only fail to help "parents control what their children see" -
a goal long supported by EFF, ACLU, VTW, CDT and others opposed to the
"decency" bill - but actually hinder the development of tools and services
to help parents and teachers filter children's Net access.

* Backlash

It is ironic that it took passage of this law to garner the public and media
attention it warrants.

For 48 hours after President Clinton's signing of the CDA into law,
thousands of Web users and BBS sysops world wide took part in a "Thousand
Points of Darkness" protest of the new censorship law by turning their Web
page and login screen backgrounds to black, to mourn the death of the
Internet as we know it. Some, including online magazines such as Factsheet
Five Electric and Scamizdat, blanked out their entire online offerings,
replacing everything that had been available with a single sentence: "This
is what censorship looks like".

The protest garnered major news coverage of the Net censorship debate for
the first time. Finally the debate has shifted from false "save the
children" hype to the real issue: free speech, press and association rights
in new media. The "facts", figures and motives of the lobbyists and
lawmakers behind the CDA are at last being more widely examined.

The "black page" protest is being followed up with a long term
awareness-raising and protest effort, in which participants, already
numbering in the tens of thousands, wear blue ribbons, and place graphics of
blue ribbons on their online services and homepages. Participants range
from individual users, to online journalism sites like HotWired, to major
centers of Internet connectivity like Netcom and Yahoo!, among others.

As with Germany and France, where attempted censorship of online information
has backfired, leading to proscribed data's immediate global availability
from numerous anti-censorship "mirror sites", the U.S. government may have
to learn the hard way. The online community is determined to knock the
lesson into regulators' heads. To cater to censored U.S. users, "offshore"
anonymous Internet access providers are popping up, such as Offshore
Information Services Ltd - http://online.offshore.com.ai/ - offering
$50/month privacy-protected accounts from tax-haven island Anguilla.

In case that were not enough, an ad-hoc programmer coalition, the Decense
Project - at http://www.clark.net/pub/rjc/decense.html - has produced an
"de-censoring" solution, which like that of the Anguilla ISP, also provides
privacy protection as a bonus: Decense, "a cgi script designed to
provide a double-blind pseudonym scheme which allows a site to hide
behind a chain of http servers which 'proxy' for it. Neither the user [ID]
requesting the document, nor the ultimate address of the destination web
site is immediately available to prying government eyes."

* Action in Court and Congress

The action has spread offline as well. There has already been an public
protest rally in Washington DC on Feb. 10, and there are others in the
works. The University of Pennsylvania at Philadelphia will see a
demonstration just before a scheduled speech by VP Gore. A DC "Electronic
Freedom March" is gearing up, and even high school students are donning blue
ribbons and demonstrating against reactive academic censorship

Most importantly, the new law itself is under concerted attack in
the courts and on the Hill.

EFF, with ACLU and 24 other organizations, have filed a federal lawsuit
against the Department of Justice (DoJ), in the Philadelphia court of Judge
Ronald Buckwalter, challenging the CDA on constitutional grounds. As of Feb.
13, Judge Buckwalter has not only commended the plaintiffs on a well-
written lawsuit, but has put the case on the fast track, demanding a DoJ
response by Wed. Feb. 14. The Judge further indicated that he will likely
grant plaintiffs' motion for a temporary restraining order (TRO), by Thu.,
Feb. 15 at the latest, without further hearings. The TRO would prevent
enforcement of the CDA pending a hearing before and decision from a panel of
three judges, on a motion for a longer-term preliminary injunction that
would prevent all enforcement of the "decency" provisions until the real meat
of the case is settled - whether the CDA stands up to constitutional
challenges. The hearing on the long-term injunction should take place
within the next few weeks. And the balance of the legal "tests" the CDA
must face are very much in plaintiffs' favor.

Though the DoJ has agreed to make no arrests under the new statutes between
now and the probable issuance of a TRO this week, content and access
providers should be warned that the FBI and other Justice Dept. agents may
later decide to prosecute for CDA violations committed during this time, if
they eventually win the case - a possibility everyone should be concerned
about. And plaintiffs' attorneys warn that even the little assurance
provided by DoJ for now is rather meaningless since it has not been put in
writing.

The Justice Dept. and the Christian Coalition are expected to present, as
evidence supporting the CDA, the most vulgar content they can possibly find
online - though this tactic could backfire. After all, the CDA does not
address pornography (obscenity) at all, since it is already illegal online
or offline, but rather targets indecency, a broader category including
nudity in almost any context, or "indecent" words like those found in any
PG-rated movie.

In the meantime, the Telecom bill has been delivered a one-two-punch by
some of the legislators that voted against it the first time around. Sen.
Patrick Leahy (D-VT), like Rep. Jerrold Nadler (D-NY), was a high-profile
participant in the WWW Blackout protest, and has, with Sen. Russ Feingold,
introduced a new bill (S.1567) to repeal most of the CDA. This legislation
will likely need to be re-examined and modified to make sure it actually
succeeds in the goal of removing the threat posed by the Communications
Decency Act.

* Women's Groups and Others Join the Battle

Rep. Pat Schroeder (D-CO) is attacking another dangerous provision of
the Telecom Bill - an amendment outlawing the online distribution of
certain kinds of abortion-related information. The amendment in question
was slipped into the leviathan telecommuncations "deregulation" package
by Rep. Henry Hyde (R-IL), who also shepherded the final version of the CDA.

Schroeder announced that she will introduce a bill, when Congress
re-convenes on Feb. 26, to repeal this less well-known Telecom Bill
assault on free expression. (It should be noted that although Rep.
Shroeder voted against the Telecom bill in the final vote, she can be
partially blamed for the existence of the CDA in that bill - she voted
"yes" on it in committee deliberations, along with a majority of her
colleagues.)

The "abortion gag rule" in the Telecom bill is also being slammed in in
another lawsuit, Sanger v. Reno, filed in New York by the Center for
Reproductive Law and Policy, and many other plaintiffs. In this case, U.S.
Attorney Zachary Carter has (according to ACLU releases) admitted the
unconstitutionality of the CDA, and also agreed to hold off enforcing it for
a while. East District of New York Chief Judge Charles P. Sifton has asked
Chief Judge Jon O. Newman of the U.S. Court of Appeals for the 2nd Circuit
to convene another 3-judge panel to decide this case.

Sifton has not granted a TRO or injunction. The Judge appears to find the
DoJ's assurances sufficient evidence that this particular provision will not
be enforced or chill free speech. His decision may also rely on the fact
that the section of the ancient Comstock censorship law modified by the
Telecom Bill to ban abortion info online, has not been enforced in many
years. However, no court has yet to rule the Comstock Act unconstitutional,
leaving some people worried for the short term, even if they expect an
eventual favorable decision from the 3-judge appellate court. Content
providers and internet users, as well as women's groups, are also not
particularly comforted by the platitudes of supporters of the abortion info
ban, who have disingenuously claimed they simply want to update the Comstock
law for consistency reasons and to show support for "Christian" ideals, but
don't expect anyone to actually be censored under the new revisions.

Plaintiffs' attorney Simon Heller said, "We are extremely pleased that the
Clinton Administration has recognized the invalidity of this law. However,
we believe a court ruling against the provision barring receipt or provision
of abortion information is still necessary to prevent a future
administration or radical right-wing members of Congress from wielding it
against women's health care providers and advocates."

* Shifting Lines

It is clear that the Internet and computer industries do not support the
Communications Decency Act, though most organizations in these fields did
not act, other than to support EFF and other advocacy groups, until too
late. It has shocked the commercial world as well as the general public
that Congress would actually pass a bill so terrible. The industry is,
however, increasingly participating in protest, and legal, action against
the CDA, realizing that such important decisions as what we each should read
or avoid cannot be left up to government. Even the usually Beltway-shy
Microsoft is taking a stand; in an AP interview, the company's leader, Bill
Gates, said of the Internet regulation attempt, "Unfortunately, it means
we're going to have to spend some time in Washington, DC. In the first 15
years of Microsoft history, we never visited Washington."

And content producers of all sorts are expressing concern, even outrage,
from upstart multimedia giants, to major print publishers, all of whom now
find not only their free press rights but also their livelihoods threatened.
As journalism organizations have flocked to the pro-speech side, only one
news association, to our knowledge, has offered anything but derision for
the CDA. (Newspaper Association of America President John Sturm expressed
support for the telecom bill as a whole, citing only disappointment at the
censorship, and support of the "motives of the conferees to protect children
from obscene and indecent material". One wonders how closely Mr. Sturm has
questioned those motives.)

It is clear that the fundamentalist organizations and legislators behind the
CDA have neither an understanding of the medium and issue, nor any
particular desire to inform the public or the media. The Family Research
Council - http://www.frc.org - disinformed readers by quoting and explaining
in their newsletter the obscenity restrictions from an older draft of the
bill (which they helped replace with an unconstitutional "indecency"
version) in an attempt to imply that the FRC and their favorite bill would
prohibit online distribution of obscenity.

Religious right spokespersons, as well as CDA sponsors like Exon and Hyde,
repeatedly tell the press and tv news programs that they are trying to
"protect children from pornography" as if somehow unaware that their bill
actually makes it more difficult to prevent children from being exposed to
inappropriate materials, by removing all incentive to continue developing
services and software which genuinely perform this needed function.

But perhaps even the moralists are having second thoughts (or trying to save
face): Confronted with World Wide Web co-creator Tim Berners-Lee's free Net
filtration software, Christian Coalition spokesperson Heidi Strup conceded
that the program "definitely would be a useful tool for us." One must
wonder how and why the CC and its allies failed to realize this 6 months
ago.

More education and outreach is clearly needed, so that legislators do not
fear the net, so that lobbyist groups do not push for unneeded and hazardous
legislation, and most importantly so that the general public have a better
understanding of their free speech rights and recognize the early warning
signs of censorship threats.

On the other side of the issue, organizations like Voters' Telecom Watch
(http://www.vtw.org), with help from local activists (see, for example the
"Tennessee Hit List" of bad legislators at
http://www.people.memphis.edu/~mddallara/hitlist.html) vow to bring the Net
constituency into its own in upcoming elections. They are gearing up to
vote out legislators and other officials at all levels who betray the trust
of their voters by pushing for censorship. The online voting bloc will have
a number of people to remove from office, it seems, given Congresspersons
like Rep. Thomas Bliley (R-VA), chair of the House Telecom Committee, who
seems to consider the CDA's assault on the Constitution an inconsequential
matter to be fixed by "technical corrections" to the bill later in the year.
And what about Vice-President Al Gore? For all his "Information
Superhighway" hype, Gore strongly supported passage of the legislation,
since, after all, the courts can take care of the unconstitutional stuff.
Sen. Carl Levin (D-MI) echoed both sentiments, at an "ask the politicians"
event in Kalamazoo, MI, claiming that the CDA was only "one small page in a
very large bill", and stating that he knew it was unconstitutional and (you
won't believe this) that it is "always necessary to test the
Constitutionality of some legislation", ergo no service providers would get
hurt! Perhaps Sen. Levin considers this a game, but online voters may just
cure him of that notion come election day. And let's not forget legislators
from Connecticut and other states, who did not even know the CDA was in the
Telecom Bill - they passed it without reading the bill at all, much less
understanding it's impact.

* Civil Disobedience (and Decidedly Uncivil Obedience)

At present EFF cannot advise what to do and not do under the CDA.
No one can. The law is too vague and overbroad to be applied meaningfully.

Some sites are already closing, with more providers broadly self-censoring
their content. The moderator of an amateur radio discussion group closed
the forum down, saying only, "I have closed my mailing lists to minors, not
in protest but for my own protection. Since I enforce rules of conduct for
the lists, I think I'm too close to being part of content creation to be
safe should one of the subscribers post a 4-letter word." If the judges in
the cases challenging the CDA need any evidence of the chilling effect of
this legislation, this should be all they need.

Other content providers, including many who had never thought of posting
"offensive" materials at all, are engaging is widespread civil disobedience,
deliberately violating the new Act. A particularly creative example can be
found at http://coolheart.infi.net/exon/index.html - you can send a
Valentine'd Day card to Sen. Exon, reading "In honor of Valentine's Day, I
thought I would send you an example of some of the nudity I've found on the
Internet - Enjoy", and including your choice of several classic works of
art, including Michelangelo's "David" and Boticelli's "Birth of Venus".

Yet more are being "uncivilly obedient", complying - barely - by
ROT13-encrypting "dirty words", putting "CENSORED!" banners all over their
web pages, replacing scatological terms with legislators' surnames, and
other actions of visible obedience-under-duress.

Still, helpful as these actions may - or may not - prove to be, some protest
activities are decidedly unhelpful. "Spamming" Senate and House email
addresses, particularly with indecent material is self-defeating. Please
remember that this legislation passed because legislators by and large were
too ignorant of the medium to recognize that the Net is not really a den of
pornographers and terrorists. Irresponsible and overtly threatening
gestures - especially threat letters or dirty stories - will only prove to
legislators' minds that they were right after all.

Lastly, please keep in mind that obvious civil disobedience can be
dangerous, particularly as "Oklahomans for Children and Families" and other
local fundamentalist groups are on the prowl, vowing to report to police any
CDA violations they find. The current hold on enforcement of these laws by
the Justice Dept. does not even mean you can't be prosecuted for violations
occurring now (assuming the court cases fail, which is probably not a good
assumption, fortunately), only that you won't be prosecuted right now.

Stanton McCandlish, Online Activist & Webmaster, Electronic Frontier Foundation
San Francisco - Feb. 13, 1995

[* I observe that only one Republican voted against the CDA because it
is a fact. This does not constitute an endorsement of the Democractic
Party or any other kind of endorsement on my or EFF's part.]

Stanton McCandlish Electronic Frontier Foundation [email protected]
http://www.eff.org/~mech/

------------------------------

Date: Tue, 13 Feb 1996 12:07:47 EST
From: "Rob Slade" <[email protected]>
Subject: REVIEW: "Digital Money" by Lynch/Lundquist

BKDGLMNY.RVW 960126

"Digital Money", Lynch/Lundquist, 1996, 0-471-14178-X, U$24.95/C$29.50
%A Daniel C. Lynch
%A Leslie Lundquist
%C 22 Worchester Road, Rexdale, Ontario M9W 9Z9
%D 1996
%G 0-471-14178-X
%I Wiley
%O U$24.95/C$29.50 416-236-4433 fax: 416-236-4448 800-263-1590 800-567-4797
%P 285
%T "Digital Money"

This book does cover, briefly but well, the concepts involved in preparing
digital money which is safe (for both customer and vendor) and private. Some
additional time and space could have been given to the strengths and weaknesses
of encryption, even given the non-technical target audience.

There are a number of other topics which are related, but not really essential.
Much space is given to new forms of marketing, and even to a discussion (those
who know the history of this review series will note the irony) of copyright.
While these fields are interesting, they do detract from the central issue of
commercial information security in an open environment.

copyright Robert M. Slade, 1996 BKDGLMNY.RVW 960126
Vancouver Institute for Research into User Security Canada V7K 2G6
[email protected] [email protected] [email protected]

------------------------------

Date: Tue, 13 Feb 96 12:47:42 EST
From: Olin Sibert <[email protected]>
Subject: Re: RISKS (...) of typing credit-card numbers (Fisher, RISKS-17.71)

Mark Fisher suggests that running a secure OS (e.g., Windows NT) is a "real
solution" to these attacks. I think this is misleading. The suggested
approach (an API call to retrieve a string not visible to keyboard
interceptors) is not qualitatively different from the notion of displaying a
calculator keypad and entering the number with mouse clicks. Both
approaches make it necessary to target the attack more precisely, and
perhaps to use different means (such as grabbing the number from a memory
bufffer or a disk file), but don't materially improve the security of the
information.

A secure OS is no panacea, for all it can do is prevent the things it knows
about. It can't stop a program that I run from accessing files to which I
have legitimate access. It can't really even stop me from breaching the OS
security perimeter: after all, if one of that interminable series of
diskettes says "On Windows NT, log in as Administrator and run this SETUP
program to install an improved device driver", what can I do? I can refuse,
but then I won't get whatever software I wanted. I can't exactly examine
anything to see if it's "safe"; I can't even figure out what "safe" might
be. In a personal desktop computer, the user is responsible for everything
that happens, and there is no "system administrator" to set the rules and to
decide what's safe and what isn't. The PC environment poses fundamentally
different security problems from the ones we've spent 30 years figuring out
how to solve.

------------------------------

Date: Wed, 14 Feb 96 10:10:37 GMT
From: Pete Mellor <[email protected]>
Subject: Re: The measurement of risk (Shaw, RISKS-17.71)

> ... Sandman's seven characteristics that determine an issue's
> "outrage valency" in a community.

Add another one:-

Immediate vs deferred risks: if something has an immediate effect,
it inspires more dread than something which takes a long time,
e.g., it is well known that smoking leads to fatal diseases, but
these usually manifest themselves only after many years of consumption.

> Plane accidents are much rarer, cause fewer deaths, but because they
> can cause large fatalities, air travel is much more widely feared
> than car travel. [Perhaps this explains (in part) the number of
> articles regarding air safety in comp.risks ;-) ]

As a captain is reported to have said over the PA after landing,
"Thank you for flying with us. The safest part of your journey is
now over."

A good way of saving weight would be to remove the life-jackets
from under the seats of the smoking section! :-)

Peter Mellor, Centre for Software Reliability, City University, Northampton
Square, London EC1V 0HB, UK. Tel: +44 (171) 477-8422, [email protected]

------------------------------

Date: Tue, 13 Feb 1996 17:01:12 -0800
From: [email protected] (Martin Minow)
Subject: Re: The measurement of risk (Shaw, RISKS-17.71)

Dave Shaw's summary of "outrage at the unknown," notes seven characteristics
that determine an issues "outrage valency" in a community. I should like to
add an additional characteristic that is implied, but not stated by Dave's
article: "Us vs. Them"

In the particular example, a new mobile phone transmission tower adjacent to
a school, all of the benefit of the transmission tower will go to people who
can afford a mobile phone, while all of the risks -- however miniscule --
will be borne by the children in the adjacent school. Since the children
derive no benefit from the tower, it is not unreasonable that their families
are unwilling to bear the medical risks, even if they are trivial.

This subject is also discussed in Charles Perrow's book, "Normal Accidents,"
which should be on every Risk reader's bookshelf.

Martin Minow [email protected]

------------------------------

Date: Tue, 13 Feb 96 20:16:22
From: Robert Walking-Owl <[email protected]>
Subject: Re: The measurement of risk (Shaw, RISKS-17.71)

>Hence, if Telstra could have found a better way of measuring the
>risk of their towers (i.e., the Radiation Laboratory and their
>EMR meters), they may have avoided publicity like the angry

An interesting point, but the perception I think is not based on
distinctions like voluntary/involuntary, familiar/exotic risks, etc. but in
what many people view as a distinction between a "risk" and a "hazard".
Much literature on technology and society (Langdon Winner comes to mind)
discusses this distinction.

To call something a "risk" is to emphasize probability and chance while
minimizing the danger. There are no value judgements in discussing risks:
losing change in a vending machine or getting cancer from a nearby toxic
waste dump can be both termed as a "risk". The latter is viewed as a
"hazard" by most people, since the "risk" involves a person's health and
well-being.

Indeed, the "risk" of getting ill from a nearby tower may be incredibly
small, but it isn't nil either: would *you* want to be the one in a million
who catches cancer?

That some in government or a business would actually weigh the economic
costs of "health risks" versus the costs of avoiding them, and deciding a
lawsuit is cheaper to settle than to clean up a toxic waste site or move a
tower (or public perception that this is happening) can fuel public outrage.

------------------------------

Date: 22 Jan 1996
From: [email protected]
Subject: REMINDER: Privacy Digests

Periodically I remind you of TWO useful digests related to privacy, both of
which are siphoning off some of the material that would otherwise appear in
RISKS, but which should be read by those of you vitally interested in
privacy problems. RISKS will continue to carry general discussions in which
risks to privacy are a concern.

* The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather
selectively moderated digest, somewhat akin to RISKS; it spans the full
range of both technological and non-technological privacy-related issues
(with an emphasis on the former). For information regarding the PRIVACY
Forum, please send the exact line:

information privacy

as the first text in the BODY of a message to:

[email protected]

You will receive a response from an automated listserv system. To submit
contributions, send to "[email protected]".

Information and materials relating to the PRIVACY Forum may also be
obtained from the PRIVACY Forum Archive via ftp to "ftp.vortex.com",
gopher at "gopher.vortex.com", and World Wide Web via:
"http://www.vortex.com". Full keyword searching of the PRIVACY
Forum Archive is available through the World Wide Web access address.

* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
run by Leonard P. Levine. It is gatewayed to the USENET newsgroup
comp.society.privacy. It is a relatively open (i.e., less tightly moderated)
forum, and was established to provide a forum for discussion on the
effect of technology on privacy. All too often technology is way ahead of
the law and society as it presents us with new devices and applications.
Technology can enhance and detract from privacy. Submissions should go to
[email protected] and administrative requests to
[email protected].

There is clearly much potential for overlap between the two digests,
although contributions tend not to appear in both places. If you are very
short of time and can scan only one, you might want to try the former. If
you are interested in ongoing discussions, try the latter. Otherwise, it
may well be appropriate for you to read both, depending on the strength of
your interests and time available.
PGN

------------------------------

Date: 8 February 1996 (LAST-MODIFIED)
From: [email protected]
Subject: ABRIDGED info on RISKS (comp.risks)

The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <[email protected]> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for further information]

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution. Diversity is welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
By submitting an item that is accepted for publication in RISKS, the author
grants permission for unlimited noncommercial public distribution and
redistribution in electronic and print form. Relevant contributions may
appear in the RISKS section of regular issues of ACM SIGSOFT Software
Engineering Notes or SIGSAC Review.

RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks

RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://ftp.sri.com/risks

------------------------------

End of RISKS-FORUM Digest 17.72
************************