Computer underground Digest Wed May 17, 1995 Volume 7 : Issue 39 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Goddess of Judyism Editor: J. Tenuta CONTENTS, #7.39 (Wed, May 17, 1995) File 1--Gov't Appeal in 2600 Case File 2-- Making Bombs File 3--Mendacity File 4--(fwd) "Blacklisted! 411" - a direct ripoff of 2600 Magazine (fwd) File 5--Response to teleright critics File 6--(review) "Alive 0, Alive 1", Suzana Stojakovic-Celustka, 1994 File 7--Cu Digest Header Info (unchanged since 19 Apr, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: 17 May 1995 15:54:26 -0400 From: "David Sobel" Subject: File 1--Gov't Appeal in 2600 Case The U.S. Secret Service has filed an appellate brief seeking to overturn a lower court decision ordering the release of information on a controversial "hacker" investigation. At issue are documents detailing the Secret Service's role in the so-called "Pentagon City Mall Raid." In November 1992, a group of young people affiliated with the computer magazine "2600" were confronted by mall security personnel, local police officers and several unidentified individuals. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded and some of their property was confiscated. However, no charges were ever brought against any of the individuals. Although the Secret Service has never formally acknowledged its role in the incident, it eventually conceded that it did possess relevant information. Computer Professionals for Social Responsibility (CPSR) filed suit in federal court in early 1993 seeking the release of Secret Service records under the Freedom of Information Act. In July 1994, U.S. District Judge Louis Oberdorfer ordered the Secret Service to release the vast majority of documents it maintains on the incident. The Electronic Privacy Information Center (EPIC) is litigating the appeal that is now pending. The Secret Service has maintained that the disputed records were collected during the course of an investigation of telephone toll fraud. In its recently-filed brief, the agency asserts that "obviously, a meeting of individuals 'affiliated with 2600 Magazine' would be of interest to such an investigation since those individuals have, by their conduct, evidenced an interest in the technical intricacies of the telephone system." The government also reveals for the first time that the underlying investigation was closed on March 14 of this year. The Pentagon City incident has been described as an example of over-zealous law enforcement activities directed against so-called computer "hackers." The case raises significant issues of free speech and assembly, privacy and government accountability. EPIC is seeking support to assist with its defense of the lower court decision ordering disclosure. Tax-deductible contributions (payable to EPIC) can be sent to FOIA Project, EPIC, 666 Pennsylvania Avenue, S.E., Suite 301, Washington, DC 20003. ------------------------------ Date: Wed, 17 May 95 07:59:41 MST From: Dan Lester Subject: File 2-- Making Bombs Those who worry about bomb making should worry about an outfit called Loompanics, in Port Townsend, WA, before they worry about the nets. These folks (Box 1197, 98368, catalog $5.00, mail order only) sell books on a wide variety of interesting topics. Every time I lecture to classes (library science, journalism, political science, philosophy, education, etc.) on censorship I don't just take "dirty books". I also take the loompanics catalog and let them browse the titles in it to decide what, if anything, should be kept from kids, adults, etc. Here are some titles from the latest Loompanics Catalog: How to get tax amnesty, a guide to the forgiveness of IRS debt. The complete book of international smuggling. The organization of illegal makets. Sneak it through: smuggling made easier. How to build a bugproof room. Telling lies: clues to deceit in the marketplace, politics, and marriage. Reborn in the USA: personal privacy through a new identity. Counterfeit ID made easy. How to get anything on anybody. Techniques of the professional pickpocket. Escape from controlled custody. How to steal food from the supermarket. Techniques of safecracking. Deal the first deadly blow: an encyclopedia of unarmed and hand to hand combat. Screw the bitch: divorce tactics for men. Gunrunning for fun and profit. How to make disposable silencers. (also volume 2) Ragnar's homemade detonators. Ragnar's guide to home and recreational use of high explosives. Kitchen improvised plastic explosives. Kitchen improvised fertilizer explosives. "Among the everyday materials used in the manufacture are such things as fertilizer, fuel oil, diesel fuel, ....etc....etc....." "Because of the nature of this material, we must emphasize that this book is sold for informational purposes only." Mercenary operations manual. Coup d'etat: a practical handbook. "Remember: Coup d'etat is more common and more successful than free elections." The poisoner's handbook. 21 techniques of silent killing. How to date young women, for men over 35. (what every older geek needs? o-) ) Getting started in the illicit drug business. That should be enough to give you the flavor of this catalog of almost 300 pages, several books per page. Some of the other books cover living off the land, surviving in the wilds, building shelter from natural materials, and related topics. Should the catalog and the books in it be legal? Of course they should. All of them. Every blasted one, regardless of how disgusting, offensive, evil, or nasty you or I might think they are. One of the local TV stations did a feature last week on "bombmaking info on the internet". I called and informed them that it was a "so what?" topic since all the stuff was in print and freely available anyway. They said they didn't care...the internet was what was hot and of interest right now. Yeah, no surprise..... cyclops Dan Lester Internet: alileste@idbsu.idbsu.edu Network Information Coordinator WWW: http://cyclops.idbsu.edu/ Boise State University Library Boise, Idaho 83725 How can one fool make another wise? 208-385-1235 Kansas, "No One Together," 1979 ------------------------------ Date: Thu, 11 May 95 10:11:36 EDT From: Jerry Leichter Subject: File 3--Mendacity It's said that all organizations come to resemble their opponents. Sad to say, this has happened - with a vengence - with the organizations that nominally started out to protect Internet users. (I'm deliberately avoiding naming particular organizations because all have good and bad sides.) Now that they've entered the political realm, truth and careful analysis have tended to disappear. All that matters is public appeal. Numbers are not there for explanation; they are there to serve propaganda needs. Even when I agree with the aims of the groups and people involved, the ever-growing intellectual dishonesty of their means disgusts me. A case in point is Marc Rotenberg's recent CuD article quoting "Dave Banisar ['s recent efforts] ... going through the wiretap reports for 1994." I have no idea whether the interpretations below are due to Banisar or Rotenberg. Rotenberg's intent in quoting them was clear, however. Rotenberg and others have quoted fairly low numbers of total wiretaps in the past to show that wiretaps are not very important to law enforcement, so cannot justify various measures proposed by the FBI that the FBI claims are necessary to keep them possible. So now we have: -- wiretapping reached an all-time high in 1994, 1,154 taps authorized for federal and state combined up from 976 in 1993. In context (we'll see more below), it's clear that the intent of this quote (and of using language like "all-time high") is to produce a feeling of a growing threat to civil liberties. Of course, one could equally argue that 1,154 taps in a country of 300,000,000 or so, that pursued millions of criminal investigations in 1994, is so insignificant that it could be tossed out without any noticeable effect. I suppose others *will* make that argument, simply ignoring the increase. The numbers are wonderful. If they are small, they aren't important and it's no great loss if they are eliminated. If they are large, civil liberties are threatened, so they should be cut down. If they are increasing (decreasing) ... well, you can fill in the arguments. -- 75% of all taps were authorized for narcotics investigations, 8% for gambling, and 8% for racketeering OK. -- Not a single tap was authorized for investigations involving "arson, explosives, or weapons" in 1994. In fact, such an order hasn't been approved since the late 1980s. Keep that in mind when people say wiretapping is necessary to prevent tragedies like Oklahoma City. I guess whoever wrote this hasn't been listening to the radio, watching television, or reading the newspapers. Guess what: The investigative agen- cies of the government are under severe criticism for *ignoring* the threat posed by right-wing extremists. Not only haven't they wire-tapped these people; they basically haven't investigated them at all. One could equally well argue that "the FBI tells us FBI agents are necessary to prevent tragedies like Oklahoma City, but a look at the record indicates that they haven't been used in relevant investigations in 1994, so clearly they are wrong." (Oh, yes "preventing tragedies like Oklahoma City" is one of those little phrases all the best spin-doctors are using. Tugs so nicely at the heart strings. Can justify anything at all. Let's give it a try: "If money were available to provide better pre-school education, people like Timothy McVay would be better adjusted, better educated, and have better jobs. That would get at the root causes, the frustrations with modern life, and would be a big step toward preventing tragedies like Oklahoma City." OK, class, your assignment: Justify government funding of laptop computers for all citizens. Extra credit assignment: Justify better traffic control systems. Hint: TV cameras to monitor traffic.) By the way, the FBI more or less stopped investigating nominally-political groups in the mid- to late-1980's after changes in procedures made it very difficult. Under current rules, the FBI needs pre-existing evidence of criminal acts to "infiltrate" - i.e., send someone to a meeting without first identifying him as from the FBI - such a group. These rules were imposed in reaction to the perception of abuses, particularly in the infiltration of various political organizations concerned with Nicaragua. There is debate now as to whether the rules have gone too far and made investigation too difficult. Perhaps not, but *as the FBI has chosen to interpret them*, these rules have shut down investigation of "political" groups - which certainly includes shutting down wiretapping of such groups. -- Only 17% of all conversations intercepted were deemed "incriminating" by prosecutors. That figure is at an all-time low (in the early '70s it was closer to 50%), and it means that the FBI is gathering far more information through electronic surveillance unrelated to a criminal investigation than ever before. -- Also, the duration of the taps is way up, now around 40 days on average. Twenty years ago, it was closer to 18. So, if we put these together, it seems that the FBI is tapping phones that are being used for multiple purposes, rather than "criminal business lines" so to speak. So? We know from earlier figures that narcotics investigations made up the bulk of wiretaps. It seems logical that narcotics trafficers need to make relatively few "business-related" calls. Suppose twenty years ago a much larger percentage of taps were in gambling investigations. Many of those taps would be of bookie's phone lines, which are used for hours on end just for taking bets. Could this be the cause of the change? We can't say, because we aren't given any comparative numbers. Again, the numbers aren't being quoted here for information; they are being quoted to make a point. Finally: The FBI's claim that new technologies are frustrating wiretap is completely without support. The FBI has claimed that new technologies are just beginning to frustrate wiretapping, but that they will be an increasing problem in the future. The deployment of many of these technologies is limited even today. Yes, the FBI has at times been guilty of overstating the current problems. They too have been more interested in propaganda value than truth. I don't approve of mendacity on their part any more than I approve of it on the part of others - but lying doesn't justify more lying. Any objective look at the technologies that are beginning to be introduced into the telephone system make it clear that the FBI is correct. As a simple example, a traditional analogue telephone line can be tapped anywhere along its length with simple, inexpensive equipment. An ISDN voice line cannot be tapped without great difficulty and expense anywhere except within the telephone company central office, or within the premises where the phone is located. (This is inherent in the nature of the coding on the line, which is the combination of signals going both ways. The two endpoints each know their own signal and can subtract it off to figure out the other guy's signal; but in the middle, you know neither signal and so can get neither. The only way to "tap" the line is to physically cut it and break it into two separate lines, with you sitting in the middle, playing the role of telephone to the central office and central office to the telephone. Possible but not cheap or easy compared to a pair of clips and an amplifier. This is a fairly *simple* technology to deal with!) That new technologies will, in the near future, make tapping more difficult and expensive is clear fact. How important that fact is - how important the ability to wiretap is - can be argued. What we as a society choose to do about it is a political question. We've been conflating fact with political choices for too many years. We want to spend more and tax less - fine, come up with some "facts" to prove that (a) if the government taxes less, it will bring in more money; (b) deficits don't matter anyway. We want to provide Social Security for everyone - fine, cite the "fact" that it's an insurance system while implementing a pay-as-you-go system. We want cleaner air, so cite the "fact" that electic cars are "zero-pollution"; ignore such incon- veniences as emissions from the power plants, or the lead emitted into the environment in the process of making the batteries for those cars. (See a recent New York Times article.) If the remedy for bad speech is better speech, the remedy for propaganda masquerading as facts is real facts, not more propaganda. But if the $500,000,000 to make the network wiretap ready is appropriated, the current trends will be amplified: more surveillance, longer duration, less well targeted --> less privacy for all Americans. Pure hyperbole, speculation upon speculation all heaped on top of numbers way too flimsy to bear any such weight. -- Jerry ------------------------------ Date: Fri, 12 May 1995 22:04:43 -0500 (CDT) From: David Smith Subject: File 4--(fwd) "Blacklisted! 411" - a direct ripoff of 2600 Magazine (fw d) ---------- Forwarded message ---------- Recently a number of people have contacted 2600 concerning another hacker magazine called "Blacklisted! 411". Having more hacker publications has always been something we've tried to encourage. Zines like Cybertek, 40Hex, Hack Tic, and Private Line have been helped or inspired by 2600 over the years, not to mention numerous other zines that we have trade arrangements with. The current zine scene is healthy and prospering. So we were happy to see that there was another hacker rag in the works. Then we got our first look at "Blacklisted! 411". To say it's similar in appearance to 2600 would be an incredible understatement. Anyone looking at the two publications will notice a very disturbing amount of unattributed duplication which, we regret to say, goes far over the line to the category of blatant ripoff. This is not about style similarity. True, their zine is the same size as ours. They use the exact same font style and size, their text boxes are the same, the staff box looks almost identical (except, of course, for the staff). Not too original, but so what. The real problem comes from the fact that this publication has taken numerous pieces of 2600 and published them as their own without any credit given and without ever asking permission. We've nearly always granted permission for zines to reprint selected articles of ours, as long as the author and 2600 are credited. Our primary goal, after all, is to get the word out. But this goes way beyond any conceivable 'sharing of information' between two publications. The two feature articles in the current issue of "Blacklisted! 411" were both printed years ago in 2600. One of the articles (on 5ESS switches) was also printed in Phrack a few years back. No mention of this fact is made, no credit to the authors is given. Both articles appear to have been written by the staff of "Blacklisted! 411". We've heard reports that most of the other articles were also lifted from other publications or the net, again without accreditation and leaving the impression that "Blacklisted! 411" is the originator. "Blacklisted! 411" has a section very similar to the 2600 Marketplace. They call theirs the Marketplace. Our wording for our marketplace advertising is: "Marketplace ads are free to subscribers! Send your ad to:
. Ads may be edited or not printed at our discretion." Their wording reads: "Marketplace Ads are FREE to subscribers! Send your ad to:
. Ads may be edited or not printed at our discretion." Not only that, but these people have actually gone so far as to reproduce our subscribers' ads without their permission, no doubt as part of a plan to obtain more advertising by appearing to have many customers. They did such a poor job covering this up that one of "their" ads has a line reading "All 2600 subscribers gain complete access". Throughout its pages, "Blacklisted 411" reproduces our house ads *word for word* as if they were their own. Perhaps the most disturbing examples of this magazine's ill intent lie in the replies to their letters. Not surprisingly, some of their readers think they're somehow affiliated with 2600 and address them as such. In one reply, the editor says, "I wonder why everyone keeps addressing us as 2600? Are we THAT much alike? haha." So now we're faced with the unpleasant prospect of what to do about this. To do or say nothing would be a disservice to our magazine, our readers, and all that we've accomplished over the last 11 years. At the same time, we have no desire to emulate the corporate giants who try to intimidate us into not publishing what we publish, even though a number of people are advising us to take some sort of legal action. The truth is, we haven't decided yet on a course of action. Suggestions would be welcomed. Our only goals are to get these people to stop printing material from our magazine without permission or credit, to stop copying our in-house and subscriber advertisements, and to stop representing themselves fraudulently to the hacker community. Emmanuel Goldstein Editor, 2600 Magazine (516) 751-2600 emmanuel@2600.com ------------------------------ Date: Sat, 13 May 1995 13:40:30 -0500 (CDT) From: Wade Riddick Subject: File 5--Response to teleright critics Reply to Teleright Criticism (c) 1995 By Wade Riddick Circulate freely unaltered I have made an effort to respond to most of my private critics and I believe the exchange has been mutually beneficial. Because of space constraints and other factors, I apparently failed to fully address certain areas which others found important to my argument so I will try to share the fruits of these exchanges with CUD readers and also address public comments made by David Gersic in CUD 7.37. Let me first thank everyone for their constructive criticism. The first major issue pertains to cryptography and piracy. As many have noted, no system of cryptography is full-proof. In Mr. Gersic's words, I've "missed the basic method of software piracy; remove the protection." While at least one of my respondents believes that secure hardware encryption devices are possible, I do not share this faith in technology. That is why I dedicated several paragraphs in my original essay to discussing the possibilities of piracy. Where there's a key, there's always a way to pick the lock. In the case of cryptography, there is always the danger that individuals with the proper keys (or technical knowledge) will undermine the system. This is a social-economic problem having to do with the way technology is used. But I do not wish to use cryptography to eliminate piracy and I implied as much in my reasoning. I just want to change the economic incentive structures to make piracy less prevalent. My aim is not to do away with fraud but to discourage it. It has been pointed out that licensing programmers will not put a stop to fraud. Well, licensing lawyers does not prevent them from abusing their powers of attorney. The potential for disbarment (not to mention jail) does, however, severely curtail these abuses. Plenty of people also run around counterfeiting currency, but I see no reason to legalize this activity for the general public. In Mr. Gersic's phrase, "information [is] neither 'good' nor 'bad.'" We may not be able to restrict information, but I think we can and must prosecute its misuse. When it comes to piracy, I can think of two separate sets of problems. The first problem comes from individuals decrypting and re- telerighting documents as their own in order to make money. If publications are issued from a public utility, that utility can ask for decrypted copies of the document and always check for pirated copies. In any event, a teleright document always contains its source and a company scanning the market for pirated copies could quite easily trace a pirated document back to its source, assuming network nodes can't be faked. There is the possibility that con-artists could set up and strike down node sites quite quickly to pick up a fast buck, but given the amount of time it would take to build a client base relative to the amount of time it would take to be detected I do not think this would usually be economically feasible. The second method of piracy is harder to detect and involves the possession/transmission of decrypted documents. Someone stealing information on their home computer wouldn't cost companies much unless they started passing it around. As long as the skills for doing such things are fairly restricted, the loss from private abuse is not likely to be great enough to worry companies. On the other hand, corporations will probably have the necessary talent base and economic incentives to buy a copy, decrypt it and pass it around the company. This sort of thing may be detectable by using intelligent software agents and packet sniffers on public right-of-ways to scan for copyrighted materials that has been decrypted. There is an optimization problem as far as deciding how much data to scan for and how high to set pirating fines. This sort of thing tends to be easier to detect the larger the organization is. I think, though, there is a better social solution. We can make individuals and corporations with the skills to pirate materials part of the legitimate distribution system. We can give them a re-publication franchise and a legal share of the gains made from their distribution efforts, cutting both the distribution and enforcement costs for normal publishers. This was essentially the solution accepted in the Chinese trade dispute over CDs several months ago. Sadly, this will not work for those individuals who pirate information for ideological and not economic reasons. One must make an effort to trace the decrypted documents back to their source and prosecute the original decryptor/distributor. Of course, the only real way society can deal with harmful beliefs is to insure that it does not produce individuals holding them. When it comes to piracy, as it does with any other form of criminal behavior, the question is not how to prevent something but how to discourage it from happening and reduce losses associated with it. The best example of this type of reasoning is found in Madison's Federalist #10. The second criticism leveled at telerights has to do with privacy. Many people balk at the idea of using a copyright protection system that links users and publishers so closely. People often give up a small amount of privacy for even more convenience. This happened with checks and credit cards. Cash is anonymous but people regularly use these easier forms of transactions, despite the fact that they have the buyer's name attached to them and pass through numerous institutions. From the privacy standpoint you would expect individuals to want to keep their most expensive purchases private and not care about smaller items, but we see exactly the opposite sort of behavior in the market. There are even laws that force companies to report large cash transactions ($10,000+). If this is of concern, though, it would be possible to use public libraries and private corporations as firewalls. The library would double encrypt the works it lent out with a time-expiring key and the library, not the borrower, would show up to the publisher as the user. One benefit to using a public utility is that it can act as just such a firewall; indeed, in many ways, libraries are already model utilities. One of my respondents indicated you could also use zero-knowledge proofs as one way to guarantee anonymity in the transaction. There are even ways telerights can strengthen individual privacy. A user could, for instance, teleright personal information about themselves to control who has access to it and to have knowledge about who's using it. There is also nothing to prevent the fragmentation of keys or the adoption of a public key system so that with credit records, let's say, you have to get the key from my site and the bank's in order to check my credit record. Technically I'm supposed to know about everyone who looks at my credit record, but in practice we rarely have time to request such information and the agencies that maintain the data don't ever go to the trouble to notify us on their own. Any agency collecting private information about us could be forced by law - depending on the type of information - to use a public key to encrypt that information and give us (and a government repository) the key necessary to decrypt it (or rather, we would give them the public key for encryption). It would be impossible to view such telerighted documents without first informing the individual concerned. The government would act as a disinterested third party that would verify to the company that the keys were valid. A third misconception is that telerights mandate a certain form of contract in the market, namely per-use billing for material. Mr. Gersic writes that "each time I want to refer to a diagram in this document I have to insert a quarter in the coin slot in the side of my monitor." Telerights, by strengthening private property rights, makes a variety of contracts possible. I would hope that companies continue to sell permanent rights to documents. I'm not trying to push a particular contract on the industry, just lower the general transaction cost for intellectual property. I think a telerights system, just like many digital technologies, causes us to rethink the mission of public libraries. Libraries not only create a barrier of anonymity between readers and publishers, they also serve as an archive for valuable information that may not be used for years to come. Under telerights, libraries get specifically encrypted copies to loan out. It is the publisher's duty to store the decrypted copies. I think telerighted libraries turn into archives for decrypted information, information that publishers no longer have an economic incentive to maintain. In this sense telerights might squeeze more money out of large publishing houses because it would force them to be more creative and more productive. Why buy a reprint of Machiavelli when you can get your own copy for free at the school library? I will now address the rest of Mr. Gersic's criticisms. I would normally not address some of these points, since they are minor, but they were made in a public forum. Mr. Gersic states that "At best, the current copyright code does not map well onto the computer information it is being applied to" but he himself offers no alternative method for rewarding producers of information, nor does he offer any revisions to the copyright code. This conceptual gap is most apparent when he links copyright law to the print media: "the print media are attempting to maintain their monopoly on information distribution." Copyrights apply to a number of electronic media as well. He does make a legitimate point that people will attempt to scan back in information for electronic distribution, in his words, "bootlegging movies... [with] a cam-corder." He also mentions "lousy" bootlegged copies of rock concerts and indicates these items tend to do well in the market. I would say that they only do well when better copies are unavailable. In both instances, they do not compete well at all with the genuine item. When the producers release the movie on videotape, I'll bet the bootleg market dries up unless the price for the legitimate item is exorbitantly high. Given that electronic distribution and teleright protection will lower transaction costs, I do not normally think this will be a problem. This also pertains to another point I made about non-linear media. There aren't any physical hard copies that can be scanned back in. Hypertext links and other non-linear structures can't be printed because they aren't of use on paper. The only real threat is to traditional linear media like books that can be perfectly scanned. Ignoring the re-publication and piracy issue which I've already covered, it's unclear why someone would scan a book back in for individual use if the license was inexpensive enough. Special care does have to be taken when it comes to fair use quotation, since that material may circulate around electronically. Mr. Gersic has also either failed to correctly read my essay or deliberately distorted it by taking portions out of context. If I can quote myself, I said in my opening paragraphs that, "Some have proposed drastically curtailing electronic technology in order to protect future publishers. They want to put all forms of computer copying under the copyright code... They want to ban the electronic resale or renting of copyrighted material fearing that the piracy which has plagued software will plague movies and books when they enter cyberspace." Mr. Gersic, though, only quotes the last sentence and asks the question, "Who are 'they'?", implying some sort of attempt on my part to be conspiratorial. "They" refers to the "some" people mentioned in the opening sentence of the paragraph - conveniently not quoted. Mr. Gersic does make valid points that a teleright system assumes, to use Mr. Gersic's words, "that I'll have a network connection wherever I might want to use this document... If I carry my laptop out under a tree to sit in the sunshine, I'm screwed and have to go back inside where the ethernet is." I happen to agree that this assumes a personal, high-bandwidth network connection. That's why I made the point in my original essay. "[E]ven though the technology exists, the infrastructure needed to make a system like telerights work is not yet in place." Mr. Gersic has conveniently omitted this quotation in his criticism. Regardless, I don't see why telerights could not operate over the airwaves, since the bandwidth that's needed to transmit the keys is much lower than that needed to transmit the entire document. And I don't think it's much of a burden to make someone get up from under a tree to go inside and purchase a copy of the movie. The life of digital convenience is a hard one. Mr. Gersic also assumes that "I have to pay for [network links] on a per-call basis." No one is forced to pay for local phone service on a per-call basis. I think this reasoning assumes network exchanges will periodically shut down and start up at fixed and knowable intervals. I see the networked future (in twenty years, say) as being something more or less continuous. I also think, given a high volume of network traffic and a flat rate for local use, that resending keys will be fairly cheap. Also, I believe I pointed out that the document stays decrypted in RAM once that link is made. Mr. Gersic seems to think that "if that document has a link to another document, there's another phone call to validate the new document, and possibly a third one to get back to my original document." No, it stays around - unless you lack the 4 terabytes needed to run Windows 2019, in which case the operating system can just cache the key. Although I have already covered the issue of privacy, I wish to reiterate that I do, in fact, share Mr. Gersic's desire to protect individual privacy. I do not think that the FBI (or the NSC, in particular) should run around making unwarranted checks on what everyone's doing. As one reader has pointed out, it is impossible to look at a library's records without a warrant. It ought to be the same with telerights. I do think these agencies should have warranted access to these records. If the FBI can convince a judge that there's reasonable cause Tim McVeigh bombed a federal building, then they should have the ability to search through all his records. There is no such thing as an absolute right to privacy. If individuals fail to produce cryptological keys when faced with a court order, they should be jailed for contempt just like a witness who refuses to testify. We don't make exceptions for witnesses in trails and we shouldn't make exceptions for inanimate lumps of bits. I do also agree with Mr. Gersic that international export poses a problem for telerights, though not on the cryptological dimension he points out. Obviously the American government will have to get past its problems with strong cryptography, but there are more important points with international copyright law. Telerights would automate and enforce a number of laws that some countries have up until now only paid lip service to. This brings me to my final point. Mr. Gersic sums up an number of common opinions found on the internet when he examines my degree program (political science) and states "I'm just another net.admin/programmer out here in the world. Maybe I don't know any better, but I worry when the government (or, in this case, somebody majoring in government) wants to help me." Well, I feel sorry that Mr. Gersic is unable to take individuals who profess to have an interest in the common good of society at their word. If I didn't feel that this attitude was dangerously prevalent, I would let this comment pass. I don't, in fact, feel that Mr. Gersic has been malicious in any of his criticisms - after all, he did call my proposal "well-meaning" - but he has been careless. The same National Science Foundation which has funded my analysis of politics also helped fund his beloved internet. I think the attitude - and I'm not accusing anyone in particular of having it, just pointing out its prevalence - that I've gotten mine now you get yours is quite harmful to society. All too often the government seems to be invisible when it's helping us. When it's helping others it looks, to use PJ O'Rourke's phrase, as if public restrooms are the pinnacle of public works projects. The real solution to government problems is not to become detached from the public discourse, but rather to join it. I don't think Mr. Gersic realizes that in responding to my essay he has made an important contribution to public political discourse. Why we see such activities as somehow being 'non-political' is beyond me. In any event, I have received a number of similar responses indicating a distrust in government. As a political refugee from Louisiana living in Texas (not much of an improvement), all I can say is that the solution to 'corruption' isn't to do away with warranted searches or to dismantle the 'government.' The solution is to go to the polls and carefully select your elected representatives. Trust me. The potential for abusing any kind of private information is far greater when it's in private hands. By and large, the people working in government are more diligent and honest than those in private industry (I would include Mr. Gersic in the former group since his net address indicates he works for a university). Few go into government service to get rich, though they may go there to make their friends rich. There is a corruption problem in politics and I've experienced it first-hand in a way that most of my readers have not. The solution isn't to get rid of government, but rather to get involved. I've seen the private sector at work too and I think we fail to realize that private market economics is all too often the prime cause of government corruption. If anything, we should be distrustful of the market. We don't always have a vote in it. We do with government. ------------------------------ Date: Thu, 11 May 1995 14:18:23 EST From: "Rob Slade, Social Convener to the Net" Subject: File 6--(review) "Alive 0, Alive 1", Suzana Stojakovic-Celustka, 1994 MLALIVE.RVW 950508 "Alive 0, Alive 1", Suzana Stojakovic-Celustka, 1994 %A Suzana Stojakovic-Celustka celustka@sun.felk.cvut.cz %B Alive Ejournal %C Prague/Zagreb %D March 1994, July 1994 %E Suzana Stojakovic-Celustka celustka@sun.felk.cvut.cz %P Alive 0, 25K Alive 1, 100K %S Alive %T Alive 0, Alive 1 Suzana Celustka is part of the international virus research community. She became active in research while attending university in Prague, but comes originally from Croatia and is currently resident in Zagreb. In 1993 she attempted to spur development of a proper definition of a viral program (which still eludes researchers and writers) by promoting a virus definition contest. (She did put a bit of life into the proceedings by calling for definitions not only in text and mathematical forms, but also jokes and poetry.) The lack of success in this area will be familiar to workers in the field of artificial life, who have had similar difficulties in delineating life. As it happens, this is another area of Ms. Celustka's interests, and in 1994 she started "Alive" magazine, distributed electronically, in order to examine the relation between computer viral programs and artificial life. Two editions of the magazine have been published so far, with a third now in process. (The move back to Croatia and a period of ill health contributed to the delay.) "Alive 0" is stated to be the zeroth, or beta, edition, and explains the background of the project. It also contains the results of the first contest the definition of a computer virus in the technical categories. There are also articles on the "lifelike" characteristics of code for LAN token regeneration and on Cohen's theorem of the "undecidability" of viral detection. In "Alive 1", Ms. Celustka contributes two articles herself, one on the nature and limitations of language (in regard to the problem of technical definition), and another on the "Great Debate" about the benefits versus dangers of viral programs. In addition to the feature and invited articles, each edition includes an interview with at least one (and usually more) researcher prominent in the field. The participants in "The Great Debate", for example, were Fred Cohen (cf BKSHRTVR.RVW and BKITSALV.RVW), Mark Ludwig (cf BKLUDWIG.RVW) and Vesselin Bontchev. The questions asked are incisive and insightful. Alive is available in a number of ways. Subscriptions requests should be sent to mxserver@ubik.demon.co.uk. Back issues are available from ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/alive, ftp://ftp.demon.co.uk/pub/antivirus/journal/alive, ftp://ftp.elte.hu/pub/virnews, ftp://ftp.u.washington.edu/public/Alive, gopher://saturn.felk.cvut.cz, and gopher://ursus.bke.hu. Send your contributions and comments to celustka@sun.felk.cvut.cz. Alive represents very real explorations in both virus and artificial life research. The opinions and thought presented are sometimes radical departures from mainstream discussion. With careful moderation and editing, however, there is no chance of the "high noise/low signal" traffic one usually sees in many more well known fora. Alive is highly recommended for any interested in viral or artificial life studies. copyright Robert M. Slade, 1995 MLALIVE.RVW 950508 Postscriptum: As this review was being written, anti-personnel rounds were falling on Zagreb. Although the situation seems to have eased, momentarily, Croatia still does not seem to be a preferred situation for raising a family. Although Ms. Celustka does not know I am adding this message, I have reason to believe that she would appreciate any assistance with employment or immigration which those in safer parts of the world could give her. ============= Vancouver ROBERTS@decus.ca | "The only thing necessary Institute for Robert_Slade@sfu.ca | for the triumph of evil Research into Rob_Slade@mindlink.bc.ca | is for good men to do User slade@freenet.victoria.bc.ca | nothing." Security Canada V7K 2G6 | - Edmund Burke ------------------------------ Date: Sun, 19 Apr 1995 22:51:01 CDT From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 19 Apr, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: Bits against the Empire BBS: +39-464-435189 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.39 ************************************