########## | Volume I Number 6 | ########## | | ### | EFFECTOR ONLINE | ####### | | ####### | In this issue: | ### | NetNews: The EFF Wants You! | ########## | Computers and Academic Freedom | ########## | All I Really Need to Know I Learned from my Computer| | The Prodigy Saga Marches On...and On | ########## | S.266: What You Can Do | ########## | -==--==--==-<:>-==--==--==- | ### | Editors: | ####### | Gerard Van der Leun (van@eff.org) | ####### | Mike Godwin (mnemonic@eff.org) | ### | Mitchell Kapor (mkapor@eff.org) | ### | Managing Editors: | ### |Chris Davis (ckd@eff.org), Helen Rose (hrose@eff.org)| | | ########## | Reproduction of Effector Online via all | ########## | electronic media is encouraged.. | ### | To reproduce signed articles individually | ####### | please contact the authors for their express | ####### | permission.. | ### | | ### | Published Fortnightly by | ### | The Electronic Frontier Foundation (eff.org) | effector n, Computer Sci. A device for producing a desired change. -==--==--==-<>-==--==--==- FAST BREAKS: Net News from the Electronic Frontier THE EFF WANTS YOU After many months, the EFF has received its 501(c)3 Federal tax exemption. This means that membership in, and donations to, the EFF are fully tax-deductible. For over a year, we have been funding the work of this organization through the generosity of a few individuals who believe in our mission and our goals. Now we are able to open the EFF to people from all our various constituencies throughout the world. As a result, we would like to ask all of you who support us to become members. To sustain our current goals and programs, and expand our efforts will take the commitment of time and money on the part of many people and institutions from all areas of our society. We will be raising funds in the near future from a variety of sources, but without the concrete support of individuals like you, we cannot pursue and achieve our goals of assuring that Constitutional protections are extended to online media. Without your support we can't effectively advocate policy changes on the federal and state level. Without you, we can't continue to effectively pursue the education of the general public as to the benefits of online media and the potential of the National Public Network of the future. Nor can we continue to effectively defend the rights of those wrongly accused. Pioneer membership rates are $20.00 per year for students and low-income supporters, $40.00 per year for regular members. We are currently working on an institutional membership program. The way this works is simple. We are going to be assembling all the detritus of joining an organization: tidy forms, lots of check-boxes, payment via Visa or Mastercard, and all the fancy stuff you've learned to expect from well-meaning organizations over the years. But you can cut to the chase right now and just mail a check. And, yes, we are going to be handing out numbers. This means low numbers will have a certain cachet with those who value such things. And if you don't care, you'll still have the knowledge that you've helped us move forward this year and in the future. Member Privacy Policy: The EFF will never sell any names or information about its members. We will, from time to time, share consenting members names with other non-profit organizations which we are certain will advance the shared causes and goals of the EFF. But, even then, we will only share your name if you consent to it. This means you have to state that you grant us the privilege of sharing your name. You can revoke this at any time. If you do not actively grant us this permission, we will assume that you wish your membership to be absolutely confidential. You can send your membership fees and/or your additional donation to The Electronic Frontier Foundation, 155 Second Street, Cambridge, MA 02141. Please include your name, postal address, and electronic mail address. THE EFF AND SENATE BILL 266 At the EFF we continue to oppose the spirit and the letter of those provisions of Senate Bill 266 that would require mandatory cooperation of telecommunications providers with law enforcement. We believe that those individuals and organizations that support this initiative fail to understand the implications of compromising encryption methods in this time of emergent online technologies. In order to play an active role in shaping this legislation the EFF expects to meet with the bill's sponsors in Washington and express our fundamental opposition to any move on the part of the Federal government that would prohibit or have a chilling effect on the individual's right to use cryptography. THE CPSR ANNOUNCES A WASHINGTON WORKSHOP ON PRIVACY, ENCRYPTION, AND TELECOMMUNICATIONS POLICY Computer Professionals for Social Responsibility, the Electronic Frontier Foundation, RSA are sponsoring a one-day workshop in Washington, D.C. on June 10. This workshop will bring together a broad coalition of professionals in the computer and telecommunications fields, as well as experts in cutting-edge cryptography, privacy advocates, and civil liberties protectors. It will feature a congressional briefing on current federal policy initiatives including S.266 and export restrictions. The workshop will be followed at 2:00 by a press conference and the National Press Club (14th & Pennsylvania Avenue N.W.). All interested parties are invited to attend the press conference. -==--==--==-<>-==--==--==- EFF DOCUMENT FILES NOW AVAILABLE THE DOCUMENT CASE -- a collection of briefs, judgements white papers, rulings, and references of moment to the issues of law and order on The Electronic Frontier--is now available via FTP at eff.org. This represents our current and expanding collection of legal papers of interest to attorneys and the net at large. It was created and maintained by Staff Counsel Mike Godwin (mnemonic@eff.org). For details on how to access this archive please contact ftphelp@eff.org. To add to the archive, send mail to Michael Godwin (mnemonic@eff.org). -==--==--==-<>-==--==--==- COMPUTERS AND ACADEMIC FREEDOM GROUPS NOW AT EFF.ORG CAF discusses such questions as : How should general principles of academic freedom (such as freedom of expression, freedom to read, due process, and privacy) be applied to university computers and networks? How are these principles actually being applied? How can the principles of academic freedom as applied to computers and networks be defended? The EFF has given the discussion a home on the eff.org machine. As of April 23, less than two week after its creation, the list has 230 members in four countries. There are three versions of the mailing list: comp-academic-freedom-talk - you'll received dozens of e-mail notes every day. comp-academic-freedom-batch - about once a day, you'll receive a compilation of the day's notes. comp-academic-freedom-news - about once a week you'll receive a compilation of the best notes of the week. (I play the editor for this one). To join a version of the list, send mail to listserv@eff.org. Include the line "add". (Other commands are "delete " and "help"). In any case, after you join the list you can send e-mail to the LIST BY addressing it to caf-talk@eff.org. These mailing lists are also available as the USENET alt groups 'alt.comp.acad-freedom.talk' and 'alt.comp.acad-freedom.news'. -==--==--==-<>-==--==--==- the sand remembers once there was beach and sunshine but chip is warm too -==--==--==-<>-==--==--==- The Need for a Discussion of Computers and Academic Freedom by Carl Kadie (kadie@eff.org) When my grandmother attended the University of Illinois fifty-five years ago, academic freedom meant the right to speak up in class, to created student organizations, to listen to controversial speakers, to read "dangerous" books in the library, and to be protected from random searches of your dorm room. Today these rights are guaranteed by most universities. These days, however, my academic life very different from my grandmother's. Her academic life was centered on the classroom and the student union. Mine centers on the computer and the computer network. In the new academia, my academic freedom is much less secure. The suppression of academic freedom on computers is common. At least once a month, someone posts on plea on Usenet for help. The most common complaint is that a newsgroup has been banned because of its content (usually alt.sex). In January, a sysadmin at the University of Wisconsin didn't ban any newsgroups directly. Instead, he reduced the newsgroup expiration time so that reading groups such as alt.sex is almost impossible. Last month, a sysadmin at Case Western killed a note that a student had posted to a local newsgroup. The sysadmin said the information in the note could be misused. In other cases, university employees may be reading e-mail or looking through user files. This may happen with or without some prior notice that e-mail and files are fair game. In many of these cases the legality of the suppression is unclear. It may depend on user expectation, prior announcements, and whether the university is public or private. The legality is, however, irrelevant. The duty of the University is not to suppress everything it legally can; rather it is to support the free and open investigation and expression of ideas. This is the ideal of academic freedom. In this role, the University acts a model of how the wider world should be. (In the world of computers, universities are perhaps the most important model of how things should be). If you are interested in discussing this issues, or if you have first-hand experience with academic suppression on computers or networks, please join the mailing list. -==--==--==-<>-==--==--==- one with nintendo halcyon symbiosis hand thinks for itself -==--==--==-<>-==--==--==- All I Really Need to Know I Learned from My Computer All I really need to know about how to live and what to do and how to be I learned right here in the CAEN labs. Illumination was not at the top of the graduate school mountain, but right there in front of the computer monitors. These are the things I learned. Everything you need to know is here somewhere: 1. Share all your executables. 2. Pay for your shareware. 3. Don't hit the computer. 4. Back up files after you have found them. 5. Clean up your own messy desktop. 6. Don't copy software that is not yours. 7. Make a smiley when you send someone a nasty message. 8. Wash your hands before you type. 9. Flush your buffers. 10. M&Ms and a cold can of Coke are good for you. 11. Live a student's life--learn some and think some and MacDraw and IPaint and Readnews and play Tetris and hack every day some. 12. Take a break every two hours from staring at the terminal. 13. When you go out in the world, watch out for network traffic, hold connections and stick together. 14. Be aware of wonder. Remember the little bytes in the chip: The code goes in and the graphics come out and nobody really knows how or why, but computers are all like that. 15. Pets and Lisas and DN350s and even the little bytes in the chip all die. So do we. 16. And then remember the Computer Reference Manuals and the first command you learned--the biggest command of all--Quit. by Ann Gordon (anng@caen.engin.umich.edu) -==--==--==-<>-==--==--==- samurai fighter keyboard and mouse are his sword digital battles -==--==--==-<>-==--==--==- THE PRODIGY SAGA CONTINUED....REDUX....ENCORE.... [Prodigy continued to be a main subject of conversation on the net over the past two weeks. Here is a selection of one exchange of views on comp.org.eff.talk.] -- From: brad@looking.on.ca (Brad Templeton) In article <14193.281F5781@fidogate.FIDONET.ORG> Tom.Jennings@f111.n125.z1.FIDONET.ORG (Tom Jennings) writes: >It's easy to support free-speech issues on "safe" subjects >-- the real test is when it is an unpopular one, or even one >you don't agree with. I agree with this 100%. It's one of the strongest parts of my personal philosophy. But this is not a free-speech issue, so it is not relevant. People do not understand that freedom of the press (and Prodigy is press) has two very important components: a) Nobody can tell you what not to print (freedom from censorship) b) Nobody can tell you what *to* print. (editorial control) Both are important. To insist that Prodigy allow gay/lesbian discussion against their will is not much different from forbidding them from having gay/lesbian discussion if they want it. Congress shall make no law abridging the freedom of the press. That's no law in *either* direction. -- From: lee@wang.com (Lee Story) In-Reply-To: brad@looking.on.ca's message of 4 May 91 Well sorry, Brad, but it's not clear to many of us that a service like Prodigy is self-evidently "press", as you seem to claim. In the part of the service which presents (publishes) advertisements (mostly!) and Prodigy-initiated or Prodigy-contracted informative articles (rarely), they would seem to deserve the same protections offered to the print and broadcast media. But in their provision of email service they would seem to be merely a by-subscription carrier, and their unpleasant lack of interfaces to other carriers does not disguise that fact. I don't see why the same protections offered to mail and telephone subscribers shouldn't apply. And I don't see why bulletin boards to which subscribers are welcome to contribute shouldn't be considered either (1) simply useful extensions of email, or (2) publishing ventures, but ones in which the subscribers are the publishers and Prodigy remains the carrier. Isn't some scheme like this simple and fair enough to be worth codifying as law, and the added marketability of email and bulletin boards sufficient to encourage commercial services to provide them even if they aren't allowed to control the contents? (By the way, I think the trashy, ad-oriented nature of Prodigy has encouraged many of us to criticize them for practices that would raise few complaints on GEnie, CIS, etc. They may be doing us a real service.) -- From: brad@looking.on.ca (Brad Templeton) I have seen no proof of Prodigy doing anything but charge for their E-mail. They are not press, but an E-mail provider, when it comes to E-mail. But in all the public areas of the system, they are indeed press, and have explicitly said and acted in such a fashion at all times as far as I can tell. I am not sure how other people have gotten any other impression. Prodigy screens everything posted in the public areas. It's 100% edited. How can you consider them anything but press? -- [The discussion continues in comp.org.eff.talk.] -==--==--==-<>-==--==--==- DAT arrives frequency notch treachery people are not fooled -==--==--==-<>-==--==--==- S.266: WHAT YOU CAN DO From: metzger@watson.ibm.com (Perry E. Metzger) [Editor's Note:After sending a letter to Biden's office protesting the language of S.266, Mr. Metzger received, as did many others, a form letter reply.In comp.org.eff.talk, this is what he did next.] I actually bothered to follow up on my (identical) form letter from Sen. Biden's office. I spoke to John Bentivoglio, who is on the Senator's Judiciary committee staff (not his personal staff), who claims to have been the person who drafted the letter that went out on Joe Biden's signature. He's more or less unmovable, though he is friendly. He has already heard from lots and lots of people from the net about this. His claim is more or less this: the stated section of the law is intended more to get communications providers to help with the tapping of things like Cellular Phones and the like, which he claims is now difficult. (All of us on the net, of course, know you can tap a cellular phone with a radio scanner and some patience, but never mind that). He also claims that they understand that there are technical reasons making the provisioning of back doors into cryptosystems difficult, and that is the reason for the "sense of congress" thing. He also claims that this is not the proverbial crack in the dike, and that the Senator has no intention of following through with additional legislation to enforce a ban on secure cryptosystems. Personally, I have no idea whether to believe him. My gut says, never trust a politico, and that he is trying to sell me a bridge. That's not the part that matters, though. The part that matters is whether or not we can still do something to stop this clause from getting through. My suggestion is that we, the UseNetters, organize an attempt to get S.266 Section 2201, and S.618 Section 545, discussed in a congressional hearing. My suggestion: Call up as many of the following Senators as you can. (Maybe you can leave out Biden, he's probably useless at this point.) Ask to speak to an actual human on their staff for a few minutes; don't just register a complaint with a random bill. Say something like "I'd like to speak to a member of the senators staff about a bill coming before the Judiciary committee that I am very concerned about." When you get someone, calmly and quietly tell them why you oppose S.266 section 2201 and S.618 section 545. (the wording in both is identical, and be sure to mention that the two sections are identical). Explain to them that there are lots of other people who think the same way and tell them you would like to see hearings held where people who are members of prominent organizations like the Electronic Freedom Foundation, the ACLU, and other similar groups would be given a chance to oppose the section. Be nice; these men are the ones who we have to count on to rescue us. (Gawd help us all!) Here, again, is the text of what we are opposing, which is identical in both S.266 sec. 2201 and S.618 sec. 545: ---------------------------------------------------------------------- COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law. ---------------------------------------------------------------------- The members of the Senate Judiciary Committee, which will be acting on these bills, are: Chair: Joseph R. Biden, Delaware Edward M. Kennedy, Massachusetts Howard M. Metzenbaum, Ohio Dennis DeConcini, Arizona Patrick J. Leahy, Vermont Howell Heflin, Alabama Paul Simon, Illinois Herbert Kohl, Wisconsin Strom Thurmond, South Carolina Orrin G. Hatch, Utah Alan K. Simpson, Wyoming Charles E. Grassley, Iowa Arlen Specter, Pennsylvania Hank Brown, Colorado The phone number of the U.S. Senate Switchboard, which will get you any of these men's staff's, is... (202)-224-3121 Their specific numbers and addresses are... DEMOCRATS: Senator Joseph Biden (Del) Suite 221 Russell Building U.S. Senate, Washington DC 20510 <-- for all of them (202) 224-5042 Senator Edward Kennedy Suite 315 Russell Building (202) 224-4543 Senator Howard Metzenbaum (Ohio) Suite 140 Russell (202) 224-2315 Senator Dennis DeConcini (Arizona) Suite 328 Russell (202) 224-4521 Senator Patrick Leahy (Vermont) Suite 433 Russell (202) 224-4242 Senator Howell Heflin (Alabama) Suite 728 Russell (202) 224-4124 Senator Paul Simon (Illinois) Suite 462 Dirksen Building (202) 224-2152 Senator Herbert Kohl (Wisconsin) Suite 702 Russell (202) 224-5653 REPUBLICANS: Senator Strom Thurmond (South Carolina) Suite 218 Russell (202) 224-5972 Senator Orrin Hatch (Utah) Suite 135 Russell (202) 224-5251 Senator Alan Simpson (Wyo) Suite 261 Dirksen Bldg (202) 224-3424 Senator Charles Grassley (Louisiana) Suite 135 Hart Bldg (202) 224-3744 Senator Arlen Specter (Pennsylvania) Suite 303 Hart Bldg (202) 224-4254 -==--==--==-<>-==--==--==- oh no godzilla guns and planes cannot stop him tokyo is ablaze -==--==--==-<>-==--==--==- COMPUTING & VALUES CONFERENCE, AUG 12-16 The National Conference on Computing and Values will convene August 12-16, 1991, in New Haven, CT. N C C V / 91 is a project of the National Science Foundation and the Research Center on Computing and Society. Specific themes (tracks) include - Computer Privacy & Confidentiality - Computer Security & Crime - Ownership of Software & Intellectual Property - Equity & Access to Computing Resources - Teaching Computing & Values - Policy Issues in the Campus Computing Environment The workshop structure of the conference limits participation to approximately 400 registrants, but space *IS* still available at this time (mid-May). Confirmed speakers include Ronald E. Anderson, Daniel Appleman, John Perry Barlow, Tora Bikson, Della Bonnette, Leslie Burkholder, Terrell Ward Bynum, David Carey, Jacques N. Catudal, Gary Chapman, Marvin Croy, Charles E. M. Dunlop, Batya Friedman, Donald Gotterbarn, Barbara Heinisch, Deborah Johnson, Mitch Kapor, John Ladd, Marianne LaFrance, Ann-Marie Lancaster, Doris Lidtke, Walter Maner, Diane Martin, Keith Miller, James H. Moor, William Hugh Murray, Peter Neumann, George Nicholson, Helen Nissenbaum, Judith Perolle, Amy Rubin, Sanford Sherizen, John Snapper, Richard Stallman, T. C. Ting, Willis Ware, Terry Winograd, and Richard A. Wright. The registration fee is low ($175) and deeply discounted air fares are available into New Haven. To request a registration packet, please send your name, your email AND paper mail addresses to ... BITNet MANER@BGSUOPIE.BITNET InterNet maner@andy.bgsu.edu (129.1.1.2) or, by fax ... (419) 372-8061 or, by phone ... (419) 372-8719 (answering machine) (419) 372-2337 (secretary) or, by regular mail ... Professor Walter Maner Dept. of Computer Science Bowling Green State University Bowling Green, OH 43403 USA USENIX EFF BOF UPDATE: TIME CHANGE At the Summer 1991 USENIX Conference, being held in Nashville, TN, from 10-14 June 1991, a Birds Of a Feather (BOF) session on the Electronic Frontier Foundation (EFF) will be held. The EFF BOF will be held from 7-9pm on Tuesday, 11 June 1991. Note the time change! It will be located in the Jefferson A room (the same room as the GNU BOF). The EFF BOF will now be held *before* (instead of after) the GNU BOF. We will give an update of recent EFF activities, an overview of cases the EFF has been involved with and their outcomes, the EFF's missions, current and future projects, etc. John Gilmore, a member of the EFF's Board of Directors, will co-chair the BOF and will talk about some of the work EFF has been doing on privacy technology, also known as encryption, and the threats and promise we see in it. There will be a general question and answer session at the end of the BOF. -==--==--==-<>-==--==--==- FEEDBACK [Here are a few of the comments received on Effector Online 1.05:] From tachyon@ucscb.UCSC.EDU Sun May 26 07:59:28 1991 Just two quick, unpolished comments, so I'm mailing them rather than posting them. I'm surprised at the amount of ridicule Jim Warren aimed at people who might not want their names on CPSR (or other) mailing lists, when it would be a simple enough matter for CPSR to include something like "We periodically send out announcements and other mailings to people on our mailing list. Check here if you would prefer NOT to receive these unsolicited mailings." Mitch Kapor is being a little too quick in telling a Prodigy person that the Well's conflict resolution methods do not involve throwing people off the system, because I know that at least one person HAS been thrown off the Well. However, as a sysop myself, I know that these systems can be sitting ducks for people who, for whatever reason, have decided to spend as much time as possible insulting and harassing other users. I have thrown one user off my own BBS for that reason. ---------- Subject: Cryptography, Mythology, and S. 266 In an article in Effector Online, Denise Caruso joins the crowd of people all over the networks attacking a provision placed by Senator Biden into two Senate bills (S. 266 and S. 618), which make it the "sense of the Senate" that providers of encryption technology and communication services ensure that they can provide, in response to proper court order, a clear-text version of any material transmitted using their systems. Caruso, and many others, have argued that such a law would require the use of a "trap door", or in generally weakened cryptographic algorithms. THIS IS COMPLETELY FALSE. What it mainly requires is record keeping. The technical details get very complex, but in fact choosing a good crypto- graphic algorithm is only the beginning of designing a usable cryptosystem. Key distribution is as big a headache. In most proposed systems, one uses a unique "session key" for each communication session. This key is provided to the two participants by a central server. A server that recorded the keys it assigned would have no problem with the provisions of these bills. Compromise of the server is deadly to the entire system, whether it keeps records or not, so this need imply no significant weakening of the system. It certainly does not require the insertion of any trap door or other weakness into the under- lying cryptographic algorithms. The public-key-based systems that Caruso refers to, as far as I know, do NOT use public key cryptography to encrypt most user data. Rather, they use it to make the communication with the session-key server simpler. Today, and for at least the near-term future, known public-key algorithms are too ex- pensive and slow to use for bulk data. They can, however, be used in such combined public/private key systems to get good performance with most of the advantages of private key systems. Why should anyone care about this technical detail? (By now I'm sure I've lost the real flamers, who know nothing but how to repeat catch phrases like "trap door".) Because basing an attack on S. 266 and such measures on some- thing that is verifiably false is a good way to lose arguments. Badly. Suppose someone introduced a bill requiring the registration of all computer equipment. Would you argue against it on the grounds that only MS/DOS systems could meet the registration requirement? The problems with S. 266 and similar measures are NOT technical. If you want to object to them, do so on the basis of rights to privacy, protection of free speech, or whatever. Don't let the argument get onto the ground of what is technically feasible, or you'll lose. -- Jerry From: Jerry Leichter -==--==--==-<>-==--==--==- ENDNOTES Effector Online would like to thank Damon A. Koronakos and Brian Roberts at stanford.edu for the Hi-Tech Haikus that grace this issue. We also would like to extend our thanks to Leila Gallagher, a great volunteer and true pioneer of the Electronic Frontier. Without her constant and generous efforts here at the office, the EFF would have floundered during our first year. We are always interested in news, pointers, tall tales, quotes jokes and brilliant strokes related to life on the Electronic Frontier. Write to us with comments and criticism, or write for us if you prefer. Any letters or stories can be posted to comp.org.eff.talk, or sent directly to the editor of Effector Online: van@eff.org. We'll be back in a fortnight with another edition. In the meantime, you are still on the Electronic Frontier. Be careful out there. -==--==--==-<>-==--==--==-