Copy Link
Add to Bookmark
Report
Legal Net Newsletter Volume 1 Issue 02
±±Ü ±±±±±±Ü ±±±±±±Ü ±±±±±±Ü ±±Ü ±±±ÜÜ ±±Ü ±±±±±±Ü ±±±±±±Ü
±±Û ±±Ûßßßß ±±Ûßßßß ±±Ûß±±Û ±±Û ±±Û±±Û±±Û ±±Ûßßßß ß±±Ûßß
±±Û ±±±±±Ü ±±Û±±±Ü ±±±±±±Û ±±Û ±±Û ß±±±Û ±±±±±Ü ±±Û
±±Û ±±Ûßßß ±±Û ±±Û ±±Û ±±Û ±±Û ±±Û ±±Û ±±Ûßßß ±±Û
±±±±±±Ü ±±±±±±Ü ±±±±±±Û ±±Û ±±Û ±±±±±±Ü ±±Û ±±Û ±±±±±±Ü ±±Û
ßßßßßß ßßßßßß ßßßßßß ßß ßß ßßßßßß ßß ßß ßßßßßß ßß
±±±ÜÜ ±±Ü ±±±±±±Ü ±±Ü ±±Ü ±±±±±±Ü
±±Û±±Û±±Û ±±Ûßßßß ±±Û ±±Û ±±Ûßßßß
±±Û ß±±±Û ±±±±±Ü ±±Û ±±Û ±±±±±±Ü
±±Û ±±Û ±±Ûßßß ±±Û±±Ü±±Û ßßß±±Û
±±Û ±±Û ±±±±±±Ü ß±±±±Ûßß ±±±±±±Û
ßß ßß ßßßßßß ßßßß ßßßßßß
Legal Net Newsletter
Volume 1, Issue 2 -- 19 April, 1993
Legal Net Newsletter is dedicated to providing information
on the legal issues of computing and networking in the 1990's
and into the future.
The information contained in this newsletter is not to be
misconstrued as a bona fide legal document, nor is it to be taken
as an advocacy forum for topics discussed and presented herein.
The information contained within this newsletter has been
collected from several governmental institutions, computer
professionals and third party sources. Opinion and ideological
excerpts have been collected from many sources with prior approval.
Copyright (c) 1993 Paul Ferguson -- All rights reserved.
Legal Net News is released approximately twice a month.
E-mail submissions, comments and editorials to: fergp@sytex.com
- --
In this issue --
o Editorial Forward -- How much is too much?
o Threats to Privacy -- February extract from Boardwatch Magazine
on proposed Digital Telephony legislation. Article by Shari Steele,
of the Electronic Frontier Foundation (EFF)
o RSA & DES Encryption Control -- Vinton Cerf
o "Promising technology alarms government --
Use of super-secret codes would block legal phone taps in FBI's
crime work". Article by Joe Abernathy, formerly of the Houston Chronicle
o Lance Rose's "SYSLAW" -- Book review by Rob Slade
o White House Electronic Publications and Public Access E-Mail - FAQ
o LATE BREAKING NEWS - The "Clipper Chip" debate
o Further recommended legal-oriented reading
- --
How much is too much?
(or, When do we say no?)
With the introduction of the Digital Telephony proposal last year, a
virtual Pandora's box of privacy infringement was opened. Several
outspoken groups were quick to speak out and take a rock-solid stance
on a topic that could very well touch each of our lives in a very
personal way. The Electronic Frontier Foundation (EFF) and The CPSR
(Computer Professionals for Social Responsibility) are examples of just
two such groups with a large and established electronic following who
spoke out and were incensed with the ideals expressed in the desire to
implement this policy.
This proposal would require communications providers (such as AT&T,
MCI and other carriers) and software developers who produce any type
of encryption software (such as LOTUS NOTES, for example) to leave a
"back door" in their services for law enforcement agencies to monitor
electronic communications in plain text, "if necessary". This proposal
would make it possible for the FBI, or other governmental law
enforcement agencies, to actively monitor private electronic
communications. Additionally, the United States Government wants to
control secure methods of "personal" encryption in areas such as public
key encryption by "licensing" private keys for personal use.
In INFO SECURITY NEWS, Volume 4, Number 2, March/April 1993, there is
an interesting article with Dorothy Denning, who is described as
"...a cryptographic researcher, she wrote the widely known and
highly regarded text, Cryptography and Data Security"."She
currently chairs the computer science department at Georgetown
University in Washington, DC." Dorothy Denning is a respected
professional in the field, but she holds some rather dangerous
opinions. When asked by INFO SECURITY NEWS' Timothy Garon about the
subject -
"GARON: 'You recently wrote a paper on the FBI's proposed bill to
require communication companies to provide and maintain the ability to
tap digital communications. You support the government proposal while
many others in the field have taken the opposite view, that there is
too much Big Brother contained in it. What is your position?'
DENNING: 'It should be enacted because wiretapping is an important
tool for law enforcement. It's the only tool that can be used to deal
with certain criminal cases that can't be solved by other means, for
example, in major cases involving narcotics, organized crime and
terrorist activities. It would be a mistake to lose the capability to
use that tool when, by proper designing and planning of our
telecommunication systems, we can make the tool available when needed.
If we lose that capability for electronic surveillance, we're
potentially opening ourselves up to a situation where we won't be able
to deal effectively with certain serious crimes.'"
Hopefully, Legal Net News presents the details necessary to help you
make a decision and take a stance, one way or the other.
- Paul Ferguson, Editor, Legal Net Newsletter
- --
"Threats to Privacy"
"FBIs Wiretapping Proposal Thwarted"
Extracted from Boardwatch Magazine, February, 1993,
pages 19 - 22 (BBS Legislative Watch, Shari Steele, EFF) -
"In a move that worried privacy experts, software manufacturers and
telephone companies, the FBI proposed legislation to amend the
Communications Act of 1934 to make it easier for the Bureau to perform
electronic wiretapping. The proposed legislation, entitled 'Digital
Telephony,' would have required communications service providers and
hardware manufacturers to make their systems 'tappable' by providing
'back doors' through which law enforcement officers could intercept
communications. Furthermore, this capability would have been provided
undetectably, while the communications was in progress, exclusive of
any communications between other parties, regardless of the mobility
of the target of the FBI's investigation, and without degradation of
service.
"The privacy implications are frightening. Today, all sorts of
information about who we are and what we do, such as medical records,
credit reports and employment data, are held on electronic databases.
If these databases have government-mandated 'tappability,' this
private information could be accessed by anyone tapping in. In
addition, the language in the proposed bill is vague. This is
especially troubling since, under the proposal, the Department of
Justice (DOJ) can keep communications products off the market if it
determines that these products do not meet the DOJ's own vague
guidelines. This will probably result in increased costs and reduced
competitiveness for service providers and equipment manufacturers,
since they will be unlikely to add any features that may result in a
DOJ rejection of their entire product. And to add insult to injury,
the FBI proposal suggests that the cost of this wiretapping 'service'
to the Bureau would have to be borne by the service provider itself,
which ultimately means you and I will be paying higher user fees.
"The Electronic Frontier Foundation organized a broad coalition of
public interest and industry groups, from Computer Professionals for
Social Responsibility (CPSR) and the ACLU to AT&T and Sun
Microsystems, to oppose the legislation. A white paper produced by
the EFF and ratified by the coalition, entitled, 'An Analysis of the
FBI Digital Telephony Proposal,' was widely distributed throughout the
Congress. Senator Patrick Leahy (D-Vermont) and Representative Don
Edwards (D-California), chairs of two key committees, referred to the
EFF paper as they delayed the introduction of the FBI's proposal. As
Leahy stated before the Senate, 'Our goal is to assist law
enforcement,' but 'without jeopardizing privacy rights or frustrating
the development of new communications technologies.' The Justice
Department lobbied hard in the final days to get Congress to take up
the bill before Congress adjourned, but the bill never even found a
Congressional sponsor (and was therefore never officially introduced).
The FBI will almost certainly reintroduce "Digital Telephony" when the
103rd Congress convenes in January."
- --
Date: Thu, 8 Apr 1993 17:53:32 -0400
From: BITNET list server at GWUVM (1.7f) <uunet!gwuvm.gwu.edu!LISTSERV>
Subject: File: "CRYPTO ARTICLE"
To: Paul Ferguson <SYTEX.COM!fergp>
This cryptography article appeared Sunday, June 21. It is being forwarded to
RISKS as a way of giving back something to the many thoughtful participants
here who helped give shape to the questions and the article.
In a companion submission [see RISKS-13.61], I include the scanned text of the
NSA's 13-page response to my interview request, which appears to be the most
substantial response they've provided to date. I would like to invite feedback
and discussion on the article and the NSA document. Please send comments to
edtjda@chron.com
Promising technology alarms government --
Use of super-secret codes would block legal phone taps in FBI's crime work
By JOE ABERNATHY, Copyright 1992, Houston Chronicle
Government police and spy agencies are trying to thwart new technology that
allows conversations the feds can't tap. A form of cryptography -- the science
of writing and deciphering codes -- this technology holds the promise of
guaranteeing true privacy for transactions and communications. But an array
of Federal agencies is seeking to either outlaw or severely restrict its use,
pointing out the potency of truly secret communications as a criminal tool.
``Cryptography offers or appears to offer something that is unprecedented,''
said Whitfield Diffie, who with a Stanford University colleague devised public
key cryptography,'' an easily used cryptography that is at the center of the
fight. ``It looks as though an individual might be able to protect information
in such a way that the concerted efforts of society are not going to be able to
get at it. ``No safe you can procure has that property; the strongest safes
won't stand an hour against oxygen lances. But cryptography may be different. I
kind of understand why the police don't like it.''
The National Security Agency, whose mission is to conduct espionage against
foreign governments and diplomats, sets policy for the government on matters
regarding cryptography. But the FBI is taking the most visible role. It is
backing legislation that would address police fears by simply outlawing any use
of secure cryptography in electronic communications. The ban would apply to
cellular phones, computer networks, and the newer standard telephone equipment
-- already in place in parts of Houston's phone system and expected to gain
wider use nationwide.
``Law enforcement needs to keep up with technology,'' said Steve Markardt, a
spokesman for the FBI in Washington. ``Basically what we're trying to do is
just keep the status quo. We're not asking for anything more intrusive than we
already have.'' He said the FBI uses electronic eavesdropping only on complex
investigations involving counterterrorism, foreign intelligence, organized
crime, and drugs. ``In many of those,'' he said, we would not be able to
succeed without the ability to lawfully intercept.''
The State and Commerce departments are limiting cryptography's spread
through the use of export reviews, although many of these reviews actually are
conducted by the NSA. The National Institute of Standards and Technology,
meanwhile, is attempting to impose a government cryptographic standard that
critics charge is flawed, although the NSA defends the standard as adequate
for its intended, limited use.
``It's clear that the government is unilaterally trying to implement a
policy that it's developed,'' said Jim Bidzos, president of RSA Data Security,
which holds a key cryptography patent. ``Whose policy is it, and whose
interest does it serve? Don't we have a right to know what policy they're
pursuing?'' Bidzos and a growing industry action group charge that the policy
is crippling American business at a critical moment.
The White House, Commerce Department, and NIST refused to comment.
The NSA, however, agreed to answer questions posed in writing by the Houston
Chronicle. Its purpose in granting the rare, if limited, access, a spokesman
said, was ``to give a true reflection'' of the policy being implemented by the
agency. ``Our feeling is that cryptography is like nitroglycerin: Use it
sparingly then put it back under trusted care,'' the spokesman said.
Companies ranging from telephone service providers to computer manufacturers
and bankers are poised to intro duce new services and products including
cryptography. Users of electronic mail and computer networks can expect to see
cryptography-based privacy enhancements later this year.
The technology could allow electronic voting, electronic cash transactions,
and a range of geographically separated -- but secure -- business and social
interactions. Not since the days before the telephone could the individual
claim such a level of privacy.
But law enforcement and intelligence interests fear a world in which it
would be impossible to execute a wiretap or conduct espionage.
``Secure cryptography widely available outside the United States clearly
has an impact on national security,'' said the NSA in its 13-page response to
the Chronicle. ``Secure cryptography within the United States may impact law
enforcement interests.''
Although Congress is now evaluating the dispute, a call by a congressional
advisory panel for an open public policy debate has not yet been heeded, or
even acknowledged, by the administration.
The FBI nearly won the fight before anyone knew that war had been declared.
Its proposal to outlaw electronic cryptography was slipped into another bill as
an amendment and nearly became law by default last year before civil liberties
watchdogs exposed the move.
``It's kind of scary really, the FBI proposal being considered as an
amendment by just a few people in the Commerce Committee without really
understanding the basis for it,'' said a congressional source, who requested
anonymity. ``For them, I'm sure it seemed innocuous, but what it represented
was a fairly profound public policy position giving the government rights to
basically spy on anybody and prevent people from stopping privacy
infringements.''
This year, the FBI proposal is back in bolder, stand-alone legislation that
has created a battle line with law enforcement on one side and the technology
industry and privacy advocates on the other. ``It says right on its face that
they want a remote government monitoring facility'' through which agents in
Virginia, for instance, could just flip a switch to tap a conversation in
Houston, said Dave Banisar of the Washing ton office of Computer Professionals
for Social Responsibility.
Though the bill would not change existing legal restraints on phone-tapping,
it would significantly decrease the practical difficulty of tapping phones --
an ominous development to those who fear official assaults on personal and
corporate privacy. And the proposed ban would defuse emerging technical
protection against those assaults.
CPSR, the point group for many issues addressing the way computers affect
peoples' lives, is helping lend focus to a cryptographic counterinsurgency that
has slowly grown in recent months to include such heavyweights as AT&T, DEC,
GTE, IBM, Lotus, Microsoft, Southwestern Bell, and other computer and
communications companies.
The proposed law would ban the use of secure cryptography on any message
handled by a computerized communications network. It would further force
service providers to build access points into their equipment through which the
FBI -- and conceivably, any police officer at any level -- could eavesdrop on
any conversation without ever leaving the comfort of headquarters.
``It's an open-ended and very broad set of provisions that says the FBI can
demand that standards be set that industry has to follow to ensure that (the
FBI) gets access,'' said a congressional source. ``Those are all code words
for if they can't break in, they're going to make (cryptography) illegal.
``This is one of the biggest domestic policy issues facing the country. If you
make the wrong decisions, it's going to have a profound effect on privacy and
security.''
The matter is being considered by the House Judiciary Committee, chaired by
Rep. Jack Brooks, D-Texas, who is writing a revision to the Computer Security
Act of 1987, the government's first pass at secure computing.
The recent hearings on the matter produced a notable irony, when FBI
Director William Sessions was forced to justify his stance against cryptography
after giving opening remarks in which he called for stepped-up action to combat
a rising tide of industrial espionage. Secure cryptography was designed to
address such concerns.
The emergence of the international marketplace is shaping much of the debate
on cryptography. American firms say they can't compete under current policy,
and that in fact, overseas firms are allowed to sell technology in America that
American firms cannot export.
``We have decided to do all further cryptographic development overseas,''
said Fred B. Cohen, a noted computer scientist. ``This is because if we do it
here, it's against the law to export it, but if we do it there, we can still
import it and sell it here. What this seems to say is that they can have it,
but I can't sell it to them -- or in other words -- they get the money from our
research.''
A spokeswoman for the the Software Publishers Association said that such
export controls will cost $3-$5 billion in direct revenue if left in place over
the next five years. She noted the Commerce Department estimate that each $1
billion in direct revenue supports 20,000 jobs.
The NSA denied any role in limiting the power of cryptographic schemes used
by the domestic public, and said it approves 90 percent of cryptographic
products referred to NSA by the Department of State for export licenses. The
Commerce Department conducts its own reviews. But the agency conceded that its
export approval figures refer only to products that use cryptology to
authenticate a communication -- the electronic form of a signed business
document -- rather than to provide privacy.
The NSA, a Defense Department agency created by order of President Harry
Truman to intercept and decode foreign communications, employs an army of
40,000 code-breakers. All of its work is done in secret, and it seldom
responds to questions about its activities, so a large reserve of distrust
exists in the technology community.
NSA funding is drawn from the so-called ``black budget,'' which the Defense
Budget Project, a watchdog group, estimates at $16.3 billion for 1993.
While the agency has always focused primarily on foreign espionage, its
massive eavesdropping operation often pulls in innocent Americans, according to
James Bamford, author of _The Puzzle Palace_, a book focusing on the NSA's
activities. Significant invasions of privacy occurred in the 1960s and 1970s,
Bamford said.
Much more recently, several computer network managers have acknowledged
privately to the Chronicle that NSA has been given access to data transmitted
on their networks -- without the knowledge of network users who may view the
communications as private electronic mail.
Electronic cryptology could block such interceptions of material circulating
on regional networks or on Internet -- the massive international computer link.
While proponents of the new technology concede the need for effective law
enforcement, some question whether the espionage needs of the post-Cold War
world justify the government's push to limit these electronic safeguards on
privacy.
``The real challenge is to get the people who can show harm to our national
security by freeing up this technology to speak up and tell us what this harm
is,'' said John Gillmore, one of the founders of Sun Microsystems. ``When the
privacy of millions of people who have cellular telephones, when the integrity
of our computer networks and our PCs against viruses are up for grabs here, I
think the battleground is going to be counting up the harm and in the public
policy debate trying to strike a balance.''
But Vinton Cerf, one of the leading figures of the Internet community, urged
that those criticizing national policy maintain perspective. ``I want to ask
you all to think a little bit before you totally damn parts of the United
States government,'' he said. ``Before you decide that some of the policies
that in fact go against our grain and our natural desire for openness, before
you decide those are completely wrong and unacceptable, I hope you'll give a
little thought to the people who go out there and defend us in secret and do so
at great risk.''
- --
Dr. Vinton G. Cerf
Annandale, VA
11 April 1993
The Honorable Timothy Valentine
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
House of Representatives
Rayburn House Office Building
Dear Chairman Valentine:
I recently had the honor of testifying before the
Subcommittee on Technology, Environment and Aviation
during which time Representative Rohrabacher (R,
California) made the request that I prepare
correspondence to the committee concerning the
present US policy on the export of hardware and
software implementing the Data Encryption Standard
(DES) and the RSA Public Key encryption algorithm
(RSA).
As you know, the DES was developed by the National
Institute for Standards and Technology (NIST) in the
mid-1970s, based on technology developed by
International Business Machines (IBM). The details of
the algorithm were made widely available to the
public and considerable opportunity for public
comment on the technology was offered. In the same
general time period, two researchers at Stanford
University (Martin Hellman and Whitfield Diffie)
published a paper describing the possible existence
of mathematical functions which, unlike the
symmetric DES algorithm, could act in a special,
pairwise fashion to support encryption and
decryption. These so-called "public key algorithms"
had the unusual property that one function would
encrypt and the other decrypt -- differing from the
symmetric DES in which a single function performs
both operations. The public key system uses a pair
of keys, one held private and the other made public.
DES uses one key which is kept secret by all parties
using it.
Three researchers at MIT (Rivest, Shamir and
Adelman) discovered an algorithm which met Hellman
and Diffie's criteria. This algorithm is now called
"RSA" in reference to its inventors. The RSA
technology was patented by Stanford and MIT and a
company, Public Key Partners (PKP), created to
manage licensing of the RSA technology. A company
called RSA Data Security, Inc., was also formed,
which licensed the technology from PKP and markets
products to the public based on the technology.
The current policy of the United States places DES
and RSA technology under export control. Because
cryptography falls into the category of munitions,
it is controlled not only by the Commerce Department
but also by the State Department under the terms of
the International Traffic in Arms regulations.
Despite the public development of both of these
technologies and their documented availability
outside the United States over the last 15 years, US
policy has been uniformly restrictive concerning
export licensing.
As the United States and the rest of the world enter
more fully into the Information Age in which digital
communications plays a critical role in the global
infrastructure, the "digital signature" capability
of public key cryptography is a critical necessity
for validating business transactions and for
identifying ownership of intellectual property
expressed in digital electronic forms.
Registration and transfer of intellectual property
rights in works which can be represented in digital
form will be central factors in the national and
global information infrastructure. A number of
parties are exploring technical means for carrying
out rights registration and transfer, making use of
public key cryptography as a basic tool.
In addition, there is a great deal of current work
on electronic mail systems which support privacy by
means of encryption and support authenticity by
means of digital signatures. One of these systems,
developed in the Internet environment I mentioned in
my testimony, is called Privacy-enhanced Mail (PEM)
and makes use of DES, RSA and some other special
"hash" functions which are integral to the
production of digital signatures.
For these various systems to be compatible on an
international basis, it would be very helpful for
the cryptographic components to be exportable on a
world-wide basis. A number of vendors make produces
relying on these technologies within the United
States but often find it very difficult to engage in
international commerce owing to the export licensing
required for these technologies. Ironically, the
technology appears to be widely available outside
the US and also outside the COCOM countries, so US
firms face both competition outside the US and
export inhibitions in their attempts to develop
worldwide markets.
There are many valid national security reasons for
limiting the export of cryptographic capabilities,
since these technologies may aid an opponent in time
of war or other conflict. Perhaps just as important,
US intelligence gathering capability can be eroded
by the availability of high grade cryptography on a
worldwide basis. Recently, it has also been alleged
that the world-wide availability of cryptography
would also seriously impede US drug enforcement and
anti-crime efforts. While these reasons seem
sufficient, many have pointed out that the
widespread accessibility to the detailed
specifications of DES and RSA and availability and
existence of software and hardware outside the US
have long since done whatever damage is going to be
done in respect of warfighting, crime or drug
potential. This line of reasoning leads to the
conclusion that our policies only inhibit legitimate
commerce, but have little impact on the other
concerns expressed.
As in all such controversy, there is often some
truth on both sides. The National Institutes of
Standards and Technology (NIST), has offered
alternative digital signature capability. Technical
assessments of the alternative have turned up
weaknesses, in the opinions of some experts. There
is not yet an alternative to DES, unless it is to be
found in NSA's Commercial Crypto Evaluation Program
(CCEP) in which NSA proposes to provide algorithms
which are implemented in hardware by industry and
made available for civilian use. As I understand
this program, NSA does not intend to release any
details of the algorithms, leaving open questions
about the nature and strength of the technology.
Some experts will persist in the belief that such
offerings have weaknesses which are deliberately
built in and hidden (so-called "Trojan Horses")
which will allow the agency to "break" any messages
protected by this means.
The critics complained loudly that the reasoning
behind the design of certain parts of the DES
algorithm (specifically the "S-boxes") was never
made public and therefore that the algorithm was
suspect. In fact, the DES has proven to be very
strong - indeed, it may be that very fact which
makes it so unpalatable in some quarters to permit
its unrestricted export. It may be that the CCEP
technology offered is satisfactory, but this is hard
to tell without knowing more about its provenance.
Presuming the wide availability of both DES and RSA
technology, it seems to me appropriate and timely to
re-examine US export control policy regarding these
two algorithms. In all probability, any such review
will require some classified testimony which will
have to be heard in confidence by cleared members of
your committee. I sincerely hope that the outcome
will be favorable to use by US industry in
international commerce, but even if the outcome
results in continuation of present policy, it is
timely to make such a review, in my opinion.
Sincerely,
Vinton G. Cerf
- --
Date: 7 Apr 93 17:35 -0600
From: "Rob Slade, DECrypt Editor" <uunet!decus.arc.ab.ca!roberts>
Subject: Review of "Syslaw" by Rose/Wallace
BKSYSLAW.RVW 930402
PC Information Group, Inc.
1126 East Broadway
Winona, MN 55987
Syslaw, 2nd ed., Lance Rose and Jonathan Wallace, 1992
The introduction to "Syslaw" states that although the title implies the
existence of a new kind of law relating to electronic bulletin board systems,
in reality it is simply and extension of existing laws, mores and practices.
In the same way, although the book states itself to be aimed at the BBS
community, and particularly sysops, there is much here of interest and moment
to anyone involved with sharing information through computer systems.
The book also starts with a "disclaimer": the authors suggest that any
significant concerns with legal affairs be taken to a lawyer. Parts of the
book may give concern to experts in the specific fields: I was disappointed by
the coverage of viral programs (and rather intrigued by a somewhat
idiosyncratic definition of "worm"). That aside, the book is an excellent
overview of the legal situation and considerations with regard to computer
communications systems.
Chapter one is entitled "Your rights as a sysop", although "First Amendment"
(the first amendment to the American constitution deals with "free speech")
arguments seem to comprise the bulk of it. Chapter two discusses contracts,
and the advisability to have a formal contract so that there is an express
understanding between caller and sysop. Chapter three deals with copyright and
other "intellectual property" issues. Chapter four deals with "injurious
materials": it is somewhat surprising that it is not more closely related with
chapters eight ("Viruses and other dangerous code") and nine ("Sexually
explicit material). chapters five, six and seven deal with privacy, crime
directly related to BBS operation and search and seizure, respectively. All of
them rely quite heavily on examination of the existing American statutes.
A number of appendices are included. B through H are copies of various related
American legislation: I is a list of various state computer crime laws
(although the table of contents makes reference to "Sexual Exploitation of
Children"). Appendix J is an annotated bibliography of sources for further
study. Interestingly, for a book supposedly targeted at BBS sysops, none of
the materials are cited in "online" form.
Appendix A, however, is probably of greatest interest: it is a sample "caller
contract"; an agreement between the "users" and "owners" of computer systems.
Written in a "folksy" style, and intended as a understanding between sysops and
their "members", it is still a valuable template for any organization with
online information systems and general "communications" functions such as email
(and, these days, voice mail).
A recommendation that I would make to the authors for the third edition is to
make the book less "American". On the face of it, this might seem like a
strange request. Laws vary from country to country, and it is impossible to
write a book covering all possible laws. However, there are many legal
precepts which are common to almost all legal systems. Chapter two of
"Syslaw", for example, deals with contracts. It does so in a very general way,
applicable to almost all situations. Chapter one, on the other hand, deals
with the "First Amendment" to the American Constitution, and is therefore of
little use to anyone in any other country. Chapter three falls into the range
between: it deals with copyright and other related concepts, but from an
American perspective and with specific and extensive reference to American
laws. Most of the book falls somewhere into the middle ranges.
Most systems managers and computer operators tend to see "systems law"
primarily in relation to "pirate software". Syslaw is a valuable guide in
opening discussions of many related topics which are all too often either
neglected, or pass over as being of little importance.
copyright Robert M. Slade, 1993 BKSYSLAW.RVW 930402
- --
From: clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement)
Subject: White House Public Encryption Management Fact Sheet
Organization: National Institute of Standards & Technology
Date: Fri, 16 Apr 1993 20:44:58 GMT
Note: The following was released by the White House today in
conjunction with the announcement of the Clipper Chip
encryption technology.
FACT SHEET
PUBLIC ENCRYPTION MANAGEMENT
The President has approved a directive on "Public Encryption
Management." The directive provides for the following:
Advanced telecommunications and commercially available encryption
are part of a wave of new computer and communications technology.
Encryption products scramble information to protect the privacy of
communications and data by preventing unauthorized access.
Advanced telecommunications systems use digital technology to
rapidly and precisely handle a high volume of communications.
These advanced telecommunications systems are integral to the
infrastructure needed to ensure economic competitiveness in the
information age.
Despite its benefits, new communications technology can also
frustrate lawful government electronic surveillance. Sophisticated
encryption can have this effect in the United States. When
exported abroad, it can be used to thwart foreign intelligence
activities critical to our national interests. In the past, it has
been possible to preserve a government capability to conduct
electronic surveillance in furtherance of legitimate law
enforcement and national security interests, while at the same time
protecting the privacy and civil liberties of all citizens. As
encryption technology improves, doing so will require new,
innovative approaches.
In the area of communications encryption, the U. S. Government has
developed a microcircuit that not only provides privacy through
encryption that is substantially more robust than the current
government standard, but also permits escrowing of the keys needed
to unlock the encryption. The system for the escrowing of keys
will allow the government to gain access to encrypted information
only with appropriate legal authorization.
To assist law enforcement and other government agencies to collect
and decrypt, under legal authority, electronically transmitted
information, I hereby direct the following action to be taken:
INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS
The Attorney General of the United States, or her representative,
shall request manufacturers of communications hardware which
incorporates encryption to install the U.S. government-developed
key-escrow microcircuits in their products. The fact of law
enforcement access to the escrowed keys will not be concealed from
the American public. All appropriate steps shall be taken to
ensure that any existing or future versions of the key-escrow
microcircuit are made widely available to U.S. communications
hardware manufacturers, consistent with the need to ensure the
security of the key-escrow system. In making this decision, I do
not intend to prevent the private sector from developing, or the
government from approving, other microcircuits or algorithms that
are equally effective in assuring both privacy and a secure key-
escrow system.
KEY-ESCROW
The Attorney General shall make all arrangements with appropriate
entities to hold the keys for the key-escrow microcircuits
installed in communications equipment. In each case, the key
holder must agree to strict security procedures to prevent
unauthorized release of the keys. The keys shall be released only
to government agencies that have established their authority to
acquire the content of those communications that have been
encrypted by devices containing the microcircuits. The Attorney
General shall review for legal sufficiency the procedures by which
an agency establishes its authority to acquire the content of such
communications.
PROCUREMENT AND USE OF ENCRYPTION DEVICES
The Secretary of Commerce, in consultation with other appropriate
U.S. agencies, shall initiate a process to write standards to
facilitate the procurement and use of encryption devices fitted
with key-escrow microcircuits in federal communications systems
that process sensitive but unclassified information. I expect this
process to proceed on a schedule that will permit promulgation of
a final standard within six months of this directive.
The Attorney General will procure and utilize encryption devices to
the extent needed to preserve the government's ability to conduct
lawful electronic surveillance and to fulfill the need for secure
law enforcement communications. Further, the Attorney General
shall utilize funds from the Department of Justice Asset Forfeiture
Super Surplus Fund to effect this purchase.
- --
From: uunet!toad.com!gnu (John Gilmore)
Subject: White House press release on encryption policy
Date: Fri, 16 Apr 93 12:24:20 -0700
Note: This file will also be available via anonymous file
transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and
via the NIST Computer Security BBS at 301-948-5717.
---------------------------------------------------
THE WHITE HOUSE
Office of the Press Secretary
_________________________________________________________________
For Immediate Release April 16, 1993
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring
the Federal Government together with industry in a voluntary
program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement.
The initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links.
For too long there has been little or no dialogue between our
private sector and the law enforcement community to resolve the
tension between economic vitality and the real challenges of
protecting Americans. Rather than use technology to accommodate
the sometimes competing interests of economic growth, privacy and
law enforcement, previous policies have pitted government against
industry and the rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to
protect electronic funds transfer. It is now being used to
protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used
by terrorists, drug dealers, and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has
been developed by government engineers. The chip represents a
new approach to encryption technology. It can be used in new,
relatively inexpensive encryption devices that can be attached to
an ordinary telephone. It scrambles telephone communications
using an encryption algorithm that is more powerful than many in
commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.
A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
"keys," numbers that will be needed by authorized government
agencies to decode messages encoded by the device. When the
device is manufactured, the two keys will be deposited separately
in two "key-escrow" data bases that will be established by the
Attorney General. Access to these keys will be limited to
government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no
new authorities to access the content of the private
conversations of Americans.
To demonstrate the effectiveness of this new technology, the
Attorney General will soon purchase several thousand of the new
devices. In addition, respected experts from outside the
government will be offered access to the confidential details of
the algorithm to assess its capabilities and publicly report
their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield
criminals and terrorists. We need the "Clipper Chip" and other
approaches that can both provide law-abiding citizens with access
to the encryption they need and prevent criminals from using it
to hide their illegal activities. In order to assess technology
trends and explore new approaches (like the key-escrow system),
the President has directed government agencies to develop a
comprehensive policy on encryption that accommodates:
-- the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
-- the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
-- the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
-- the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.
The Administration is committed to working with the private
sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to
information. This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV
programming, and huge data files as easily as today's telephone
system transmits voice.
Since encryption technology will play an increasingly important
role in that infrastructure, the Federal Government must act
quickly to develop consistent, comprehensive policies regarding
its use. The Administration is committed to policies that
protect all Americans' right to privacy while also protecting
them from those who break the law.
Further information is provided in an accompanying fact sheet.
The provisions of the President's directive to acquire the new
encryption technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
- - ---------------------------------
QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S
TELECOMMUNICATIONS INITIATIVE
Q: Does this approach expand the authority of government
agencies to listen in on phone conversations?
A: No. "Clipper Chip" technology provides law enforcement with
no new authorities to access the content of the private
conversations of Americans.
Q: Suppose a law enforcement agency is conducting a wiretap on
a drug smuggling ring and intercepts a conversation
encrypted using the device. What would they have to do to
decipher the message?
A: They would have to obtain legal authorization, normally a
court order, to do the wiretap in the first place. They
would then present documentation of this authorization to
the two entities responsible for safeguarding the keys and
obtain the keys for the device being used by the drug
smugglers. The key is split into two parts, which are
stored separately in order to ensure the security of the key
escrow system.
Q: Who will run the key-escrow data banks?
A: The two key-escrow data banks will be run by two independent
entities. At this point, the Department of Justice and the
Administration have yet to determine which agencies will
oversee the key-escrow data banks.
Q: How strong is the security in the device? How can I be sure
how strong the security is?
A: This system is more secure than many other voice encryption
systems readily available today. While the algorithm will
remain classified to protect the security of the key escrow
system, we are willing to invite an independent panel of
cryptography experts to evaluate the algorithm to assure all
potential users that there are no unrecognized
vulnerabilities.
Q: Whose decision was it to propose this product?
A: The National Security Council, the Justice Department, the
Commerce Department, and other key agencies were involved in
this decision. This approach has been endorsed by the
President, the Vice President, and appropriate Cabinet
officials.
Q: Who was consulted? The Congress? Industry?
A: We have on-going discussions with Congress and industry on
encryption issues, and expect those discussions to intensify
as we carry out our review of encryption policy. We have
briefed members of Congress and industry leaders on the
decisions related to this initiative.
Q: Will the government provide the hardware to manufacturers?
A: The government designed and developed the key access
encryption microcircuits, but it is not providing the
microcircuits to product manufacturers. Product
manufacturers can acquire the microcircuits from the chip
manufacturer that produces them.
Q: Who provides the "Clipper Chip"?
A: Mykotronix programs it at their facility in Torrance,
California, and will sell the chip to encryption device
manufacturers. The programming function could be licensed
to other vendors in the future.
Q: How do I buy one of these encryption devices?
A: We expect several manufacturers to consider incorporating
the "Clipper Chip" into their devices.
Q: If the Administration were unable to find a technological
solution like the one proposed, would the Administration be
willing to use legal remedies to restrict access to more
powerful encryption devices?
A: This is a fundamental policy question which will be
considered during the broad policy review. The key escrow
mechanism will provide Americans with an encryption product
that is more secure, more convenient, and less expensive
than others readily available today, but it is just one
piece of what must be the comprehensive approach to
encryption technology, which the Administration is
developing.
The Administration is not saying, "since encryption
threatens the public safety and effective law enforcement,
we will prohibit it outright" (as some countries have
effectively done); nor is the U.S. saying that "every
American, as a matter of right, is entitled to an
unbreakable commercial encryption product." There is a
false "tension" created in the assessment that this issue is
an "either-or" proposition. Rather, both concerns can be,
and in fact are, harmoniously balanced through a reasoned,
balanced approach such as is proposed with the "Clipper
Chip" and similar encryption techniques.
Q: What does this decision indicate about how the Clinton
Administration's policy toward encryption will differ from
that of the Bush Administration?
A: It indicates that we understand the importance of encryption
technology in telecommunications and computing and are
committed to working with industry and public-interest
groups to find innovative ways to protect Americans'
privacy, help businesses to compete, and ensure that law
enforcement agencies have the tools they need to fight crime
and terrorism.
Q: Will the devices be exportable? Will other devices that use
the government hardware?
A: Voice encryption devices are subject to export control
requirements. Case-by-case review for each export is
required to ensure appropriate use of these devices. The
same is true for other encryption devices. One of the
attractions of this technology is the protection it can give
to U.S. companies operating at home and abroad. With this
in mind, we expect export licenses will be granted on a
case-by-case basis for U.S. companies seeking to use these
devices to secure their own communications abroad. We plan
to review the possibility of permitting wider exportability
of these products.
- --
Date: Fri, 16 Apr 1993 16:23:44 EST
Sender: Computer Professionals for Social Responsibility
<uunet!VTVM2.CC.VT.EDU!CPSR%GWUVM.BITNET>
From: David Sobel <uunet!washofc.cpsr.org!dsobel>
Organization: CPSR Civil Liberties and Computing Project
Subject: CPSR Crypto Statement
CPSR Crypto Statement
-----------------------------------------------
April 16, 1993
Washington, DC
COMPUTER PROFESSIONALS CALL FOR PUBLIC
DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE
Computer Professionals for Social Responsibility (CPSR)
today called for the public disclosure of technical data
underlying the government's newly-announced "Public Encryption
Management" initiative. The new cryptography scheme was
announced today by the White House and the National Institute
for Standards and Technology (NIST), which will implement the
technical specifications of the plan. A NIST spokesman
acknowledged that the National Security Agency (NSA), the super-
secret military intelligence agency, had actually developed the
encryption technology around which the new initiative is built.
According to NIST, the technical specifications and the
Presidential directive establishing the plan are classified. To
open the initiative to public review and debate, CPSR today
filed a series of Freedom of Information Act (FOIA) requests
with key agencies, including NSA, NIST, the National Security
Council and the FBI for information relating to the encryption
plan. The CPSR requests are in keeping with the spirit of the
Computer Security Act, which Congress passed in 1987 in order to
open the development of non-military computer security standards
to public scrutiny and to limit NSA's role in the creation of
such standards.
CPSR previously has questioned the role of NSA in
developing the so-called "digital signature standard" (DSS), a
communications authentication technology that NIST proposed for
government-wide use in 1991. After CPSR sued NIST in a FOIA
lawsuit last year, the civilian agency disclosed for the first
time that NSA had, in fact, developed that security standard.
NSA is due to file papers in federal court next week justifying
the classification of records concerning its creation of the
DSS.
David Sobel, CPSR Legal Counsel, called the
administration's apparent commitment to the privacy of
electronic communications, as reflected in today's official
statement, "a step in the right direction." But he questioned
the propriety of NSA's role in the process and the apparent
secrecy that has thus far shielded the development process from
public scrutiny. "At a time when we are moving towards the
development of a new information infrastructure, it is vital
that standards designed to protect personal privacy be
established openly and with full public participation. It is
not appropriate for NSA -- an agency with a long tradition of
secrecy and opposition to effective civilian cryptography -- to
play a leading role in the development process."
CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society. CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, Cambridge,
Massachusetts and Washington, DC. For additional information on
CPSR, call (415) 322-3778 or e-mail <cpsr@csli.stanford.edu>.
- --
Date: Fri, 16 Apr 1993 15:17:02 -0400
From: Cliff Figallo <uunet!eff.org!fig>
Subject: EFFector Online 5.06
To: eff.org!eff-news (eff-news mailing list)
EFFector Online Volume 5 No. 6 4/16/1993 editors@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
454 lines
-==--==--==-<>-==--==--==-
In this issue:
Initial EFF Analysis of Clinton Privacy and Security Proposal
Society for Electronic Access: A New York City-based
grassroots online activist group.
Updated Contact List for Regional Online Activist Groups
-==--==--==-<>-==--==--==-
April 16, 1993
INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY
PROPOSAL
The Clinton Administration today made a major announcement
on cryptography policy which will effect the privacy and security of
millions of Americans. The first part of the plan is to begin a
comprehensive inquiry into major communications privacy issues
such as export controls which have effectively denied most people
easy access to robust encryption as well as law enforcement issues
posed by new technology.
However, EFF is very concerned that the Administration has
already reached a conclusion on one critical part of the inquiry, before
any public comment or discussion has been allowed. Apparently, the
Administration is going to use its leverage to get all telephone
equipment vendors to adopt a voice encryption standard developed
by the National Security Agency. The so-called "Clipper Chip" is an
80-bit, split key escrowed encryption scheme which will be built into
chips manufactured by a military contractor. Two separate escrow
agents would store users' keys, and be required to turn them over
law enforcement upon presentation of a valid warrant. The
encryption scheme used is to be classified, but they chips will be
available to any manufacturer for incorporation into their
communications products.
This proposal raises a number of serious concerns .
First, the Administration appears to be adopting a solution
before conducting an inquiry. The NSA-developed Clipper chip may
not be the most secure product. Other vendors or developers may
have better schemes. Furthermore, we should not rely on the
government as the sole source for Clipper or any other chips. Rather,
independent chip manufacturers should be able to produce chipsets
based on open standards.
Second, an algorithm can not be trusted unless it can be tested.
Yet the Administration proposes to keep the chip algorithm
classified. EFF believes that any standard adopted ought to be public
and open. The public will only have confidence in the security of a
standard that is open to independent, expert scrutiny.
Third, while the use of the split-key, dual-escrowed
system may prove to be a reasonable balance between privacy and
law enforcement needs, the details of this scheme must be explored
publicly before it is adopted. What will give people confidence in the
safety of their keys? Does disclosure of keys to a third party waive
individual's fifth amendment rights in subsequent criminal
inquiries?
In sum, the Administration has shown great sensitivity to the
importance of these issues by planning a comprehensive inquiry into
digital privacy and security. However, the "Clipper chip" solution
ought to be considered as part of the inquiry, not be adopted before
the discussion even begins.
DETAILS OF THE PROPOSAL:
ESCROW
The 80-bit key will be divided between two escrow agents, each of
whom hold 40 bits of each key. Upon presentation of a valid
warrant, the two escrow agents would have to turn the key parts
over to law enforcement agents. Most likely the Attorney General
will be asked to identify appropriate escrow agents. Some in the
Administration have suggested one non-law enforcement federal
agency, perhaps the Federal Reserve, and one non-governmental
organization. But, there is no agreement on the identity of the agents
yet.
Key registration would be done by the manufacturer of the
communications device. A key is tied to the device, not to the person
using it.
CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS
The Administration claims that there are no back door means by
which the government or others could break the code without
securing keys from the escrow agents and that the President will
be told there are no back doors to this classified algorithm. In order
to prove this, Administration sources are interested in arranging for
an all-star crypto cracker team to come in, under a security
arrangement, and examine the algorithm for trap doors. The results
of the investigation would then be made public.
GOVERNMENT AS MARKET DRIVER
In order to get a market moving, and to show that the government
believes in the security of this system, the feds will be the first big
customers for this product. Users will include the FBI, Secret Service,
VP Al Gore, and maybe even the President.
FROM MORE INFORMATION CONTACT:
Jerry Berman, Executive Director
Daniel J. Weitzner, Senior Staff Counsel
- --
Date: Mon, 19 Apr 93 00:11:40 -0700
From: uunet!netcom.com!crunch (John Draper)
Subject: My comments on the Clipper or Tapper chip,
I don't know wheter or not I should post this in alt.security.pgp,
or other newsgroups, but here's my official comments on what
I think of the Clinton Adm "Clipper" or "Tapper" chip. Any press
people are welcome to use it, and feel free to send it out
wherever it will help.
My official statement and comments on the "Tapper chip"
=======================================================
I believe that the Clintom Admin is trying to push this idea through
without giving much thought on the ramifications of this rather intreguing
idea of "registering" your keys with some government agency. This
overwhelming urge to "tap into" our private conversations is just going
to promote private encryption and voice scrambling. It is not going
to make law enforcement's job any easier to catch criminals, because
they will also encrypt their voice and data. It reminds me of that
popular bumper sticker "If guns are outlawed, then only outlaws will
have guns". It is clear that the government considers encryption as
a "weapon", used by the enemy to keep nosey people away. Look at
the current export laws to convince yourself of that. I guess I
can think of it as a weapon to preserve my privacy.
This is not only going to get a bad reception in the industry, but
it will cost the government more money by adding huge administration
costs. Talk about government "FAT"? I thought our goals are to
cut government spending, not add to it. Lets see!! You need
two agencys (Hopefully ones that people can trust). Gee!! I cannot
even think of just ONE agency that I can trust!! can you? Then,
these agencys have to keep track of one half of an 80 bit key.
I guess there is one key for each "clipper" chip, so there has to be
the capability of millions of keys, each one has to perfectly match
the other half. Then there will be people needed to "register" these
"tapper" phones. Lets not even think about what happens when one
decides to sell it!! MORE government FAT!!. I guess thats why
they're called FAT CATS.
Now, if I were a criminal, do you think I would be dumb enough to
"register" my phone with the government. Of course not. I would
probably get mine on the black market, or though some other illicit
means!! If I were a law abiding citizen, would I trust some government
agency with my encryption key? Would you??
Then, there is this classified algorithm used in the clipper chip
itself. I'm sure its pretty good, and it is probably hard to attack
and crack. But can you really be absolutely sure that there isn't some
sort of "back door" in it??
It is clear that the industry hasn't been consulted, or ideas were
not put forth in some public forum. So, where is this democratic
process?? We ARE still a democracy, aren't we?
How was this company that sells the "Clipper chip" selected?? Was
RSA data security people contacted??
It is clear that a lot of questions have to be answered before something
like this can be accepted. I just hope the right people make the right
decision, and that PRIVATE encryption be the responsibility of the
user,
and NOT the carriers.
It is important that more and more private encryption programs, equipment,
etc, can be made available on the market. If RSA is two tight with
their licensing fees and policys, then there should be more math whiz
types making better algorithms than RSA's. The field is wide open, so
lets exploit them!!
John D.
- --
To keep from duplicating the efforts already compiled by it's editors,
LNN highly recommends reading the April 14, 1993 issue of the Computer
Underground Digest (CuD)(Volume 5, Issue 27). The entire content of this
particular issue discusses important legal issues which the computing
public should be familiar with. To get you pointed in the right
direction, this snippet of that issue outlines the topics discussed
and instructions on how to get CuD are included below:
8<------ Cut Here ---------------
Computer underground Digest Wed Apr 14 1993 Volume 5 : Issue 27
ISSN 1004-042X
CONTENTS, #5.27 (Apr 14 1993)
File 1--EFF and CPSR testimony against 18 USC 1030 Sent. Revisions
File 2--CPSR Comments on 1030 Guidelines
File 3--EFF Response to Proposed Sentencing Guidelines
File 4--LEGISLATIVE DATA ONLINE -- AB1624 needs support
File 5--AB1624 MANDATES ONLINE PUBLIC ACCESS TO LEGISLATIVE RECORDS
File 6--Some comments on AB1624 re online legislative access
File 7--AB1624 UPDATE#1--Making Leg. Data available Online
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) 203-832-8441 NUP:Conspiracy
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in Luxembourg BBS (++352) 466893;
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
Back issues also may be obtained through mailservers at:
mailserv@batpad.lgb.ca.us or server@blackwlf.mese.com
- --
End of Legal Net News, v1, i2
