////////////// //////////////// ////////////// //// //// //// _________ /////////________ /////////_______ /////////________________ //// //// //// ////////////////// //// //// ////////////////////////////////////////////////////////////////////// EFFector Online 4.03 12/23/1992 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-424 IN THIS ISSUE: THE NEW, STREAMLINED BILL O' RIGHTS by John Perry Barlow CRACKER BREAKS INTO ATHENA @ MIT: The Security Alert EFF'S LEGISLATIVE WATCH by Shari Steele -==--==--==-<>-==--==--==- The New, Streamlined BILL O' RIGHTS (As amended by the recent federal & state decisions) Amendment 1 Congress shall encourage the practice of Judeo-Christian religion by its own public exercise thereof and shall make no laws abridging the freedom of responsible speech, unless such speech contains material which is copyrighted, sexually arousing, or deeply offensive to non-Europeans, non-males, differently-abled or alternatively preferenced persons; or the right of the people peaceably to assemble, unless such assembly is taking place on corporate or military property or within an electronic environment, or to make petitions to the Government for a redress of grievances, unless those grievances relate to national security. Amendment 2 A well-regulated Militia having become irrelevant to the security of the State, the right of the people to keep and bear Arms against one another shall nevertheless remain uninfringed. Amendment 3 No soldier shall, in time of peace, be quartered in any house, without the consent of the owner, unless that house is thought to have been used for the distribution of illegal substances. Amendment 4 The right of the people to be secure in their persons, houses, papers. and effects against unreasonable searches and seizures, may be suspended to protect public welfare, and no Warrants need be issued, but upon the unsupported suspicion of law enforcement officials, any place or conveyance shall be subject to immediate search and such places or conveyances and any property within them may be permanently confiscated without further judicial proceeding. Amendment 5 Any person may be held to answer for a capital, or otherwise infamous crime involving illicit substances, terrorism, or child pornography, or upon any suspicion whatever; and may be subject for the same offense to be twice put in jeopardy of life or limb, once by the State courts and again by the Federal Judiciary; and may be compelled by various means, including interrogation or the forced submission of breath samples, bodily fluids, or encryption keys, to be a witness against himself, refusal to do so constituting an admission of guilt; and may be deprived of life, liberty, or property without further legal delay; and any property thereby forfeited shall be dedicated to the discretionary use of law enforcement agents. Amendment 6 In all criminal prosecutions, the accused shall enjoy the right to a speedy and private plea bargaining session before pleading guilty. He is entitled to the Assistance of underpaid and incompetent Counsel to negotiate his sentence, except where such sentence falls under federal mandatory sentencing requirements. Amendment 7 In Suits at common law, where the contesting parties have nearly unlimited resources to spend on legal fees, the right of trial by jury shall be preserved. Amendment 8 Sufficient bail may be required to ensure that dangerous criminals will remain in custody, where cruel punishments are usually inflicted. Amendment 9 The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others which may be asserted by the Government as required to preserve public order, family values, or national security. Amendment 10 The powers not delegated to the United States by the Constitution, shall be reserved to the United States Departments of Justice and Treasury, except that the States shall have the right to ban abortions. Derived by J. P .Barlow New York, New York December 21, 1992 -==--==--==-<>-==--==--==- Our Farflung Correspondents From: Roland H. PeschTo: junk@cygnus.com Subject: 20 years of progress in Scotts Valley, CA A front-page story (headlined "High tech, high crimes") in today's Santa Cruz Sentinel features a fascinating quote from the Chief of Police of Scotts Valley: "It's all new", says Scotts Valley Police Chief Steve Walpole. "Twenty years ago, who would have thought you could arrest someone for what's in his head?" -==--==--==-<>-==--==--==- MIT Discovers Athena Security Breech Recently, the MIT Information Systems staff discovered that one of the Institute's Athena dialup servers had been compromised through an unauthorized modification of the machine's system software. If you have used the Athena dialup service during the last two months to telnet to other machines, read on. Your accounts on other machines may have been compromised. Specifically, each time the telnet command was executed on this Athena dialup machine the userid, password, and name of the system to which the Athena user was connecting were evidently captured by an unauthorized user. This individual is now in a position to use the captured information to gain access to other systems. Our official system logs indicate that during the time the modified version of the telnet program was in place, over 4000 individuals used this particular dialup server. Those individuals who executed the telnet command from this machine within the past two months may have had their accounts on other machines compromised. Check your username To determine whether you are among the 4000 individuals most at risk, you can use a command called checkmyid located in the Athena info locker. From your Athena account, at the athena% prompt, type: attach info /mit/info/checkmyid Change your password We recommend that all Athena users change their passwords frequently - once a semester is recommended. If checkmyid verifies that you are one of the 4000 people who used this specific dialup server during the last two months, we STRONGLY recommend that you change your passwords immediately on ALL systems, including Athena, to which you may have telneted. You must assume that all accounts you may have reached using telnet are compromised. Your new Athena password should be at least 6 characters long, and can contain any combination of UPPER- and lower-case letters, numbers, or other symbols that appear on the computer keyboard. For further information on choosing a secure password, see Athena's On-Line Help Service. Alert others In addition please inform the system manager of any machines - including Athena workstations in faculty offices - to which you may have connected, since it is possible that the intruder may have used your account to compromise those machines as well. The individual who compromised our system used a pattern of attack identical to one used by an individual operating from outside the MIT community to attack a number of systems across the country during the past year. In all likelihood, if you are among those whose accounts were compromised, you will probably not find any damage to your files. This individual's mode of operation is believed to be limited to breaking into accounts for the sole purpose of discovering any userids and passwords stored there to enable him to break into additional systems. We sincerely apologize for the inconvenience this causes our user community. We have taken immediate steps to eliminate this particular security threat and we are reviewing and modifying our operational procedures to limit our vulnerability to this and other types of attacks in the future. If you have any questions or comments, please send electronic mail to or contact your Athena cluster manager. -==--==--==-<>-==--==--==- BBS Legislative Watch Legislation from Last Congress that May Affect Your Online Communications by Shari Steele (EFF attorney) For those of us communicating electronically, it is often hard to see how involvement in the bureaucracy of Washington, D.C., could have any positive impact on our lives online. But laws that can have great effect on our online rights are constantly introduced and modified in the United States Congress and local legislatures, and last year was no exception. While the 102nd Congress is now history, here is a sample of the legislation introduced over the past year that will likely affect those of us building communities on the electronic frontier. Threats to Privacy FBI's Wiretapping Proposal Thwarted In a move that worried privacy experts, software manufacturers and telephone companies, the FBI proposed legislation to amend the Communications Act of 1934 to make it easier for the Bureau to perform electronic wiretapping. The proposed legislation, entitled "Digital Telephony," would have required communications service providers and hardware manufacturers to make their systems "tappable" by providing "back doors" through which law enforcement officers could intercept communications. Furthermore, this capability would have to be provided undetectably, while the communication was in progress, exclusive of any communications between other parties, regardless of the mobility of the target of the FBI's investigation, and without degradation of service. The security risks are obvious; if law enforcement officers can "tap" into a conversation, so can others with harmful intent. The privacy implications are also frightening. Today, all sorts of information about who we are and what we do, such as medical records, credit reports and employment data, are held on electronic databases. If these databases have government-mandated "tappability," this private information could potentially be accessed by anyone tapping in. To add insult to injury, the FBI proposal suggests that the cost of providing this wiretapping "service" to the Bureau would have to be bourne by the service provider itself, which ultimately means you and I will be paying higher user fees. The Electronic Frontier Foundation organized a broad coalition of public interest and industry groups, from Computer Professionals for Social Responsibility (CPSR) and the ACLU to AT&T and Sun MicroSystems, to oppose the legislation. A white paper produced by EFF and ratified by the coalition, entitled, "An Analysis of the FBI Digital Telephony Proposal," was widely distributed throughout the Congress. Senator Patrick Leahy (D-Vermont) and Representative Don Edwards (D- California), chairs of two key committees, referred to the EFF paper as they delayed introduction of the FBI's proposal. As Leahy stated before the Senate, "Our goal is to assist law enforcement," but "without jeopardizing privacy rights or frustrating the development of new communications technologies." The Justice Department lobbied hard in the final days to get Congress to take up the bill before Congress adjourned, but the bill never even found a Congressional sponsor (and was therefore never officially introduced). The FBI will almost certainly reintroduce "Digital Telephony" when the 103rd Congress convenes in January. Cellular Scanners Prohibited The wrong solution won out as Congress attempted to protect the privacy of users of cellular telephones. Congress chose to ban scanners as it amended the Communications Act of 1934 with the FCC Authorization Act of 1991. The Authorization Act, among other things, prohibits the U.S. manufacture and importation of scanning receivers capable of: receiving cellular transmissions, being easily altered to receive cellular transmissions, or being equipped with decoders to convert digital cellular transmissions to analog voice audio. While privacy protection is always important, EFF opposed the bill, arguing that technical solutions, such as encryption, are the only way to protect private communications carried over the airwaves. Unable to stop the scanner ban, EFF worked with Representative Edward Markey (D-Massachusetts) and Senator Ernest Hollings (D-South Carolina) to add an amendment to the legislation requiring the FCC to study the impact of this law on privacy. Sometime in 1993, the FCC must also conduct a public inquiry and issue a report on alternative means for protecting cellular telephone conversations with a focus on encryption. Threats to Free Speech Federal Agency to Study Hate Crimes on BBSs Recognizing that electronic media have been used more and more often to spread messages of hate and bigotry, Congress mandated the National Telecommunications and Information Adminstration (NTIA) to conduct a study on "the role of telecommunications in crimes of hate and violent acts against ethnic, religious, and racial minorities." Computer bulletin boards are specifically mentioned as one of the targeted media to be studied under the Telecommunications Authorization Act of 1992. Representative Markey, while supporting the Act in the House, cautioned NTIA to be sensitive to privacy concerns while conducting the study. A report on the results of the study will be presented to the Senate before the end of June, 1993. Congress Regulates Video Transmissions Much has been written about the passage of the Cable Television Consumer Protection and Competition Act of 1992, more commonly known as the "Cable Act." While specifically designed to regulate rates, establish customer service requirements and prevent unfair competition for cable television providers, the Cable Act may have broader implications for those of us communicating online. The communications networks of the future will include video and data transmission, as well as the voice transmission we are now used to using over the telephone lines. The Cable Act is Congress's first attempt to regulate the wire/cable transmissions that will make up our networks of the future. EFF is currently studying the implications of this legislation, specifically as it applies to free speech over the network. Threats to the Public's Right to Government Information Fees Charged for Use of Government BBS In a poorly thought-out move designed to raise federal revenues, Congress passed a law permitting the Federal Maritime Commission to charge user fees on its Automated Tariff Filing and Information System (AFTI). The law requires shippers, freight forwarders, ocean carriers and third-party information vendors to pay 46 cents for every minute they are connected to the government-sponsored electronic database. EFF joined with many other groups, including library groups, the Information Industry Association and The Journal of Commerce, in opposing this legislation. EFF and the others fear that this precedent of allowing the government to charge citizens more than the government's cost for information could be applied to many other federal databases and impinge on the public's access to government data in electronic formats. Federal Employees Denied Copyrights for Government Software EFF joined with several other organizations to successfully stop the Technology Transfer Improvements Act in a Senate committee after it had passed in the House of Representatives. This Act would have allowed the federal government to claim copyright in certain computer software created by federal employees working with non-federal parties. Because so much government information is stored only in computerized formats, EFF and the others, including the Software Publishers Association, American Library Association, and Information Industry Association, were concerned that this legislation would impinge on a citizen's right to obtain and use government information that he or she has the right to obtain and use. Reproducing Copyrighted Software Now a Felony Under the strong lobby of the Software Publishers Association, Congress decided to stiffen penalties for individuals making illegal reproductions of copyrighted software. The amended law makes reproducing copyrighted software a felony if certain conditions are met. According to the statute, any person who makes 1) at least ten copies 2) of one or more copyrighted works 3) that have a retail value of more than $2500, can be imprisoned for up to five years and/or fined $250,000. In order for the infringement to be a criminal violation, however, the copies must be made "willfully and for purposes of commerical advantage or private financial gain." While the term "willfully" is not defined in the statute, previous criminal court cases on copyright law have held that the person making the copies must have known that his or her behavior was illegal. Software backups are not illegal (in fact, they are usually encouraged by software providers), and therefore do not fall under the scope of this statute. Like most of us, EFF is concerned about the ramifications of this legislation. While the statute itself provides safeguards that seem to place heavy restrictions on how the law is applied, we are wary that improper application of the law could result in extreme penalties for software users. We will be monitoring cases brought under this statute and intervening if we see civil liberties violations taking place. Network Access for All Commercial Users Given Internet Access Congress gave the National Science Foundation (NSF), the agency overseeing the Internet, the authority to relax some of its access rules governing certain types of information travelling over the network, including commercial information. The Internet has been an educational and research-oriented network since the 1980s. Over the past few years, however, the Internet has become increasingly open to non- educational and commercial uses. The National Science Foundation Act was amended to encourage an increase in network uses that will ultimately support research and education activities. While the amendment was still being considered by the House Science Subcommittee, chaired by Representative Richard Boucher (D- Virginia), EFF's President, Mitch Kapor, argued for more flexible rules to spur diversity and innovation on the Internet. Relying in part on Kapor's contentions, Representative Boucher sponsored the amendment as it passed in the full House of Representatives; Senator Albert Gore (D- Tennessee) championed it in the Senate. EFF lobbied to convince potential congressional and industry opponents that the legislation would facilitate, not impede, wider access to the Internet. EFF's Open Platform Proposal Introduced This past Fall, Mitch Kapor testified before the House Subcommittee on Telecommunications and Finance about the perceived dangers of regional Bell telephone company entry into the information services market. To combat the fear that the Bells would engage in anticompetitive behavior, EFF proposed an information network for the near future that would be affordable, equitable, and easily-accessible (EFF's Open Platform Proposal). Kapor suggested that ISDN could make such a network possible sooner rather than later and at little expense. Legislation was circulated near the end of Congress which included the Open Platform Proposal. The proposed legislation, entitled the "Telecommunications Competition and Services Act of 1992," was sponsored by House Telecommunications and Finance Subcommitee Chair Markey and would give government support to anyone moving forward to provide digital telecommunications now over existing copper wires. This, in turn, would pave the way for a broadband network requiring telecommunications infrastructure modernization in the future. This piece of legislation laid the groundwork for a major debate in the next Congress, especially since President-elect Clinton and Vice-President- elect Gore have committed themselves to an infrastructure of information highways. As you can see, Congress has been very busy creating legislation that may affect your lives online. Next month, we will make some predictions of areas where the 103rd Congress is likely to concentrate its efforts. Shari Steele is a Staff Attorney with the Washington office of the Electronic Frontier Foundation (EFF). Steele can be reached at ssteele@eff.org. -==--==--==-<>-==--==--==- THE SECOND ANNUAL INTERNATIONAL EFF PIONEER AWARDS: CALL FOR NOMINATIONS Deadline: December 31,1992 In every field of human endeavor,there are those dedicated to expanding knowledge,freedom,efficiency and utility. Along the electronic frontier, this is especially true. To recognize this,the Electronic Frontier Foundation has established the Pioneer Awards for deserving individuals and organizations. The Pioneer Awards are international and nominations are open to all. In March of 1992, the first EFF Pioneer Awards were given in Washington D.C. The winners were: Douglas C. Engelbart of Fremont, California; Robert Kahn of Reston, Virginia; Jim Warren of Woodside, California; Tom Jennings of San Francisco, California; and Andrzej Smereczynski of Warsaw, Poland. The Second Annual Pioneer Awards will be given in San Francisco, California at the 3rd Conference on Computers, Freedom, and Privacy in March of 1993. All valid nominations will be reviewed by a panel of impartial judges chosen for their knowledge of computer-based communications and the technical, legal, and social issues involved in networking. There are no specific categories for the Pioneer Awards, but the following guidelines apply: 1) The nominees must have made a substantial contribution to the health, growth, accessibility, or freedom of computer-based communications. 2) The contribution may be technical, social, economic or cultural. 3) Nominations may be of individuals, systems, or organizations in the private or public sectors. 4) Nominations are open to all, and you may nominate more than one recipient. You may nominate yourself or your organization. 5) All nominations, to be valid, must contain your reasons, however brief, on why you are nominating the individual or organization, along with a means of contacting the nominee, and your own contact number. No anonymous nominations will be allowed. 6) Every person or organization, with the single exception of EFF staff members, are eligible for Pioneer Awards. 7) Persons or representatives of organizations receiving a Pioneer Award will be invited to attend the ceremony at the Foundation's expense. You may nominate as many as you wish, but please use one form per nomination. You may return the forms to us via email to pioneer@eff.org You may mail them to us at: Pioneer Awards, EFF, 155 Second Street Cambridge MA 02141. You may FAX them to us at: +1 617 864 0866 Just tell us the name of the nominee, the phone number or email address at which the nominee can be reached, and, most important, why you feel the nominee deserves the award. You may attach supporting documentation. Please include your own name, address, and phone number. We're looking for the Pioneers of the Electronic Frontier that have made and are making a difference. Thanks for helping us find them, The Electronic Frontier Foundation -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online, the @eff.org newsletter and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Our memberships are $20.00 per year for students, $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ---------------- EFF MEMBERSHIP FORM --------------- Mail to: The Electronic Frontier Foundation, Inc. 155 Second St. #41 Cambridge, MA 02141 I wish to become a member of the EFF I enclose:$__________ $20.00 (student or low income membership) $40.00 (regular membership) $100.00(Corporate or company membership. This allows any organization to become a member of EFF. It allows such an organization, if it wishes to designate up to five individuals within the organization as members.) I enclose an additional donation of $ Name: Organization: Address: City or Town: State: Zip: Phone:( ) (optional) FAX:( ) (optional) Email address: I enclose a check [ ] . Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ] . Initials: Your membership/donation is fully tax deductible. ===================================================================== EFFector Online is published by The Electronic Frontier Foundation 155 Second Street, Cambridge MA 02141 Phone: +1 617 864 0665 FAX: +1 617 864 0866 Internet Address: eff@eff.org Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. ===================================================================== This newsletter is printed on 100% recycled electrons.