******************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ******************************************************************** EFFector Online Volume 6 No. 3.01 10/20/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 -==--==--==-<>-==--==--==- In This Issue: EFF Changes: New Editor, Suns Move to DC! EFF Elects Two New Members to Its Board of Directors Notes from House Hearing on Cryptography Export Controls Administration Expands FOIA Rights UK Cryptoprivacy Association Meeting -==--==--==-<>-==--==--==- EFF Changes: New Editor, Suns Move to DC! EFFector Online is now produced by Stanton "Mechanism" McCandlish, EFF's Online Activist, mech@eff.org. Besides UseNet ubiquity, Stanton has been active in the BBS scene for some time, particularly in FidoNet, and is the founder of IndraNet. Mech hails from Albuquerque, New Mexico, and is finding EFF and Washington DC to be a fascinating change of pace and place. Some new formatting: All articles are separated by the -==-==-==... line you see above, which should make it convenient to scan forward to a new article quickly. General comments about EFFector, EFF, and the issues raised should be directed to editors@eff.org. Other important addresses, one of which is new: eff@eff.org - to get on mailing lists, and other tech stuff. ask@eff.org - to ask questions about EFF or the issues we are involved in. EFF's Sun Microsystems SPARCstations finally have been moved down to our offices in DC. Chris Davis and Helen Rose-Davis, EFF's former Systems Administrators, journeyed with the machines and, with the help of new Systems Administrator Dan Brown (brown@eff.org), had them up and running within one hour of arrival onsite! Chris and Helen now will be able to devote their complete energies to KEI, which was kind enough to loan us their talents. We thank them for all they've done for us and wish them the best of luck. Note that EFF *is* still reachable at eff.org, the ftp site is still ftp.eff.org, the gopher site is still gopher.eff.org, wais is wais.eff.org, as always. However, kragar.eff.org may not be a valid host domain name much longer, so avoid using it and use ftp.eff.org instead. -==--==--==-<>-==--==--==- EFF Elects Two New Members to Its Board of Directors The Electronic Frontier Foundation (EFF) today announced the election of two individuals to its Board of Directors: David Johnson, a Washington, D.C. attorney specializing in computer law, and Rob Glaser, a software industry executive and multimedia pioneer. David Johnson is counsel in the Washington, D.C. law firm of Wilmer, Cutler & Pickering where his areas of practice include software and systems contracting, electronic publishing and privacy issues, newspaper distribution systems, litigation, property valuation and administrative law. He also serves as President and CEO of Counsel Connect, an electronic mail and conferencing system that connects corporate counsel and outside law firms, and has been instrumental in encouraging the use of information technology in the legal profession. Johnson serves on the Board of Directors of the Center for Computer-Assisted Legal Instruction (CALI) and is a Trustee of the National Center for Automated Information Research (NCAIR). "EFF has provided unique leadership by helping everyone involved in building and using the new electronic networks to understand the importance of preserving core democratic values in this new medium," said Johnson. "The founders of EFF have pushed vigorously for networks that preserve freedom of speech, privacy and enhanced opportunities for all. I am excited to have a chance to participate in EFF's continuing discussion of these vital questions." Rob Glaser is presently a consultant to Microsoft Corporation. He most recently served as the company's Vice President for Multimedia and Consumer Systems, where he led Microsoft's development of multimedia technology and the company's strategy for entering the emerging market for consumer digital appliances. Prior to that, Glaser held positions at Microsoft related to the development and marketing of networking systems software and desktop applications such as Microsoft Word and Excel. Before joining Microsoft in 1983, Glaser was founder and President of Ivy Research, a PC software startup company. Glaser also is a minority owner of the Seattle Mariners baseball team, and serves on the board of the Target Margin Theater Company of New York, and Dwight Hall, the umbrella organization for Yale University student social and political activism. "I'm honored and excited to be joining the board," said Glaser about his involvement in EFF. "In its brief history EFF has established itself as the leading organization working to ensure that the Electronic Frontier is organized and run in accordance with fundamental American principles of openness, democracy, and social justice. I hope to help EFF extend its work into the arena of video and multimedia information." Johnson and Glaser join with other members of the Foundation's Board of Directors, including EFF co-founders Mitchell Kapor and John Perry Barlow, Jerry Berman, John Gilmore, Stewart Brand, Esther Dyson, and David Farber. -==--==--==-<>-==--==--==- Notes from House Hearing on Cryptography Export Controls by Danny Weitzner, EFF Senior Staff Counsel October 12, 1993 House Foreign Affairs Committee Subcommittee on Economic Policy, Trade, and the Enviornment Hearing on mass market cryptography and export controls Rep. Sam Gejdenson (D-Conn.), Chair Committee Members present: Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.) Manzullo (R-Ill.) Witnesses: PANEL 1 (Open) J. Hendren, Arkansas Systems (A data security firm that does a lot of international banking work) Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes developer) Stephen Walker, Trusted Information Systems for Software Publishers Association Philip Zimmermann, PGP developer Don Harbert, Digital Eqiupment Corp. PANEL 2 (Secret Session) NSA representative Opening Statement of Gejdenson: "This hearing is about the well intentioned attempts of the National Security Agency to try to control the uncontrollable.... The NSA itself acknowledges that if you have a long distance telephone line and a modem, you can send this software anywhere in the world. If you have a computer and a modem you can take this software off of the Internet anywhere in the world.... I do not question the value of the information sought by the National Security Agency. But once it is determined that the dispersion of this software cannot be controlled, then however much we might want to protect our ability to obtain information, it is beyond our means to do so. Just as in the case of telecommunications, the National Security Agency is attempting to put the genie back in the bottle. It won't happen; and a vibrant and productive sector of American indsutry may be sacrificed in the process." The main points raised by witnesses were these: 1. DES and other strong encryption which is barred by ITAR is in the public domain and available on the global market from foreign software manufacturers: -Ray Ozzie used his laptop and a modem to show how to get a DES implementation from ftp.germany.eu.net. The committee loved it and most of them seemed to understand what was going on on the screen, even though they had never heard of ftp. -Stephen Walker described the results of an SPA study which uncovered over 250 cryptography packages which offer DES-based or stronger algorithms. -Phil Zimmermann testified that he designed PGP from publicly available information. 2. Foreign DES implementations are just as good as US versions. Surprisingly enough, this is a contentious issue. Some members of the committee seemed to have been told by someone or another that foreign versions of DES may not be as strong as those that are made in the USA. If this were true, then export controls might still be justified despite the numerous foreign versions of DES on the market. In my view, this is a pretty desperate argument. -Steve Walker demonstrated that all DES works the same way by encrypting a passage from Mozart's Eine Kleine Nachtmusik with several different foreign DES packages, and then decrypting them. Surprise! They all sounded just the same. 3. Lots of money is being lost by US software/hardware vendors: -Don Harbert from DEC told of loses of over $70 Million in just the last few months. -BSA estimates that export controls exclude access to a global market the is $6-9 Billion. 4. People want their privacy -Phil Zimmermann told the committee about his experience with PGP users and how badly people need and want to protect their privacy in electronic environments Committee Responses: Overall, the committee was quite sympathetic to the witnesses. Chairman Gejdenson seemed very supportive of changing export controls. Rep. Dana Rohrbacher, no flaming liberal, said, "the cold war is over. I sympathize with everything that has been said here." -==--==--==-<>-==--==--==- Administration Expands FOIA Rights In an announcement made on Monday, October 4, 1993, President Bill Clinton has called on all federal departments and agencies "to renew their commitment to the Freedom of Information Act (FOIA), to its underlying principles of government openness, and to its sound administration." Attorney General Janet Reno specified some changes the Administration will be making in its enforcement of FOIA. First, the Department of Justice will no longer allow agencies the excuse that there MIGHT be a legal basis for withholding information. Instead, agencies will be encouraged to disclose unless there is a clear legal reason that prevents disclosure. "In short, it shall be the policy of the U.S. Department of Justice to defend the assertion of a FOIA exemption only in those cases where the agency reasonably foresees that disclosure would be harmful to an interest protected by that exemption." Attorney General Reno also announced that the Department of Justice would be reviewing regulations implementing FOIA and forms used in the process. DoJ will also strive to reduce the current FOIA backlogs over the coming year. The Electronic Frontier Foundation (EFF) was especially pleased that President Clinton refered to enhancing "public access through the use of electronic information systems." EFF believes that electronic access to information is critical, and EFF has been working with Congress (through support of Senator Patrick Leahy's (D-VT) Electronic FOIA amendments and other legislation) and members of the Administration to ensure that electronically stored information is as easily obtainable as printed documents. EFF Director of Legal Services Shari Steele commented, "We are encouraged that the Clinton Administration has recognized the importance of this method of information dissemination. In this electronic era, it is critical that information be made available in a format that is most useful to citizens as they inquire about the activities of their government." After over a decade of government whittling away at citizen access to public information, EFF is pleased to see this shift in priorities. "We applaud the Clinton Administration for taking this first step toward restoring our vital right to access information," Ms. Steele continued, "and we are hopeful that the Administration will take further steps in this direction, particularly when it comes to information that is stored electronically." A copy of the Administration's memorandum is available for anonymous ftp at /pub/EFF/legislation/freedom-info-act-10.4.93 on ftp.eff.org. -==--==--==-<>-==--==--==- UK Cryptoprivacy Association Meeting Date: Sunday, 31 October 1993 Time: 1430 At the offices of: FOREST 4th floor 2 Grosvenor Gardens London SW1W 0DH [ FOREST is located at the corner of Grosvenor Gardens and Hobart Place, a couple of blocks west of Victoria Station. There is a taxi shelter across the street from the office. Those who have trouble finding this location can page Russell Whitaker on 081-812-2661, and stand by the payphone or cellphone for a callback. ] The UK Cryptoprivacy Association has its roots in the U.S. cypherpunk advocacy of strong personal cryptography. The next UKCA meeting, to be held at the offices of FOREST (see the above), will feature roundtable discussion on such issues as: - The recent well-publicised discovery of a larger number of U.S. National Security Agency (NSA) electronic listening posts than had been previously suspected; - Further news on the spread of freely-available public key cryptography software in Eastern Europe, Russia, and the Transcaucasian states; - The status of the various UK and Moscow PGP public key servers and software archive sites, with input from a couple of maintainers of these services in the UK; - The implications of the legal controversy surrounding the development and distribution of PGP encryption software in the U.S., with further discussion on the possibility of volunteer contributions to Phil Zimmermann's legal defence fund; - Introduction to public key cryptography for novices Attendees are encouraged to bring and exchange diskettes with their PGP public keys. A few of us will bring along our MS-DOS laptops, to sign public keys on site. In the interest of speeding things along, it is recommended that all keys signed at the meeting be submitted later, with their newly appended signatures, to the PGP Key Server at Demon Internet Services. Send a message with the subject line "help" to pgp-public-keys@demon.co.uk, for more information. PGP (Phil Zimmermann's "Pretty Good Privacy") public key encryption software can be obtained by ftp from, among other places, ftp.demon.co.uk in the directory /pub/pgp. Versions include, but are not limited to, Unix, MS-DOS, Archimedes, and MacOS. Full source code is available. This meeting will also feature discussion on the upcoming First European Conference on Computers, Freedom and Privacy (ECFP '93) to be held on 20 November 1993, which will feature speakers including John Gilmore, David Chaum, and Duncan Frissell, as well as a representative of the UK's Data Protection Registry. Russell Earl Whitaker ECFP Ventures Ltd russell@eternity.demon.co.uk -==--==--==-<>-==--==--==- EFFector Online is published biweekly by: Electronic Frontier Foundation 1001 G Street, N.W., Suite 950 East Washington, DC 20001, USA Phone: +1 202 347 5400, FAX: +1 202 393 5509 Internet Address: eff@eff.org or ask@eff.org Coordination, production and shipping by: Stanton McCandlish, Online ActivistReproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons.* -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address treached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students and $40.00 per year for regular members. You may, of course, donate more if you wish. -==--==--==-<>-==--==--==- Mail to: Membership Coordinator Electronic Frontier Foundation 1001 G Street, N.W. Suite 950 East Washington, DC 20001 USA Membership rates: $20.00 (student or low income membership) $40.00 (regular membership) [ ] I wish to become a member of the EFF. I enclose: $_______ [ ] I wish to renew my membership in the EFF. I enclose: $_______ [ ] I enclose an additional donation of $_______ Name: Organization: Address: City or Town: State: Zip: Phone: ( ) (optional) FAX: ( ) (optional) E-mail address: I enclose a check [ ]. Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: ______________________________________________ Date: Optional: I hereby grant permission to the EFF to share my name with other nonprofit groups from time to time as it deems appropriate. Initials:______________________