Copy Link
Add to Bookmark
Report

Computer Undergroud Digest Vol. 05 Issue 40

  



Computer underground Digest Wed June 02 1993 Volume 5 : Issue 40
ISSN 1004-042X

Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Editor: Etaoin Shrdlu, Senrio

CONTENTS, #5.40 (June 02 1993)
File 1--Bridges of Understanding
File 2--MTV News, Nets, Feedback from Users
File 3--CPSR NIST Crypto Statement
File 4--AB 1624/Online Info Bill PASSES MAJOR HURDLE!
File 5--UPDATE #8-AB1624--Press Freedom for Paper Pubs Only?
File 6--Virus News INTERNATIONAL CONFERENCE 93

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) 203-832-8441 NUP:Conspiracy
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in Luxembourg BBS (++352) 466893;

ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)

Back issues also may be obtained through mailserver at:
server@blackwlf.mese.com

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

----------------------------------------------------------------------

Date: 25 May 93 15:50:56 EDT
From: Ken Citarella <70700.3504@COMPUSERVE.COM>
Subject: File 1--Bridges of Understanding

I would like to respond to the posting by Larry Landwehr in CUD 5.38.
He denied that law enforcement would be interested in any genuine
dialogue with anyone sympathetic to the underground, because cops are
"pragmatic" and only interested in "more arrests" from any
associations with other people.

These sentiments completely miss half of law enforcement's mission:
the effort to deter crime before it occurs. If there is someone who
may learn from law enforcement that some acts are prohibited, and
rightly so, and therefore avoid criminal conduct he might otherwise
have engaged in, then law enforcement has done better work than if it
has made an arrest.

I personally have learned from contacts with people on all sides of
computer related issues, and have heard from several that they have
learned from me. I have deterred people from potentially criminal
conduct by alerting them to what the law is and why it is that way.

I have learned from them how to be a better prosecutor. I have been
complemented by people I have prosecuted, thanking me for steering
them away from more serious computer abuse while disposing of their
case in a way they believe is just and proper.

Law enforcement is not perfect nor are all law enforcement personnel.
But, quite frankly, they are one heck of a lot better than Mr.
Landwehr's posting claims. As a prosecutor involved in tech crimes I
am committed to exactly the sort of dialogue existing on Kim's board.

Ken Citarella (kcit)
CompuServe:70700,3504
kcit@mindvox.phantom.com

------------------------------

Date: Fri, 28 May 1993 12:44:13 -0700
From: Chris Bell <crisbell@WELL.SF.CA.US>
Subject: File 2--MTV News, Nets, Feedback from Users

An upcoming MTV News piece in the "Free Your Mind" series may feature
1st amendment issues as they apply to online communication, hate
online, BBS-ing, Prodigy policies, fringe groups, a rebuttal from a
small BBS SYSOP, etc.

MTV News is gearing up to cover technology in a big way, ideally at
the same level and standard as was seen during the '92 election
coverage ("Choose or Lose"). They want to reach the real users of
technology and not just re-package press releases and tow the
corporate line.
++++++++++++++++++++++++++++++++++++

To: online communities and lurkers of all kinds
RE: MTV News on technology *** call (212) 258-8700 #7 ***

Register support for the online community at large and suggest
technology-oriented topics which might be enlightening for MTV
audiences. Be sure to call in your interest in MTV News' new
alternative coverage of "CyberStuff," featured this week on "The Week
In Rock." Help propel it forward into new hackerish, political, and
cyberesque areas, ideally with your direct input. 212-258-8700 is
the number. Press #1 to give a viewer comment. Press #7 for more
info about MTV News. There are live people to talk to on this line
during regular business hours EST.

Computer Buzzwords on MTV Daily News
++++++++++++++++++++++++++++++++++++
Wednesday 5/26 10:50 p.m.
Thursday 5/27 4:50 a.m., 7:50 a.m., 10:50 a.m., and 1:50 p.m.

Computer Buzzwords on MTV's "The Week In Rock"
++++++++++++++++++++++++++++++++++++++++++++
Saturday 5/29 11:30 & 6:30
Sunday 5/30 12:30 & 6:30

Note: Times listed feature the same introductory "Buzzwords" segment.
The question is, what should be next?

------------------------------

Date: Wed, 2 Jun 1993 17:08:40 EST
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 3--CPSR NIST Crypto Statement

CPSR NIST Crypto Statement

==============================================

Department of Commerce
National Institute of Standards and Technology

Computer System Security and Privacy Advisory Board

Review of Cryptography Policy
June 1993

Statement of CPSR Washington office
Marc Rotenberg, director
(rotenberg@washofc.cpsr.org)
with David Sobel, legal counsel,
Dave Banisar, policy analyst


Mr. Chairman, members of the Advisory Panel, thank you for the
opportunity to speak today about emerging issues on cryptography
policy.

My name is Marc Rotenberg and I am director of the CPSR
Washington office. Although CPSR does not represent any computer
firm or industry trade association, we speak for many in the
computer profession who value privacy and are concerned about the
government's Clipper proposal.

During the last several years CPSR has organized several meetings
to promote public discussion of cryptography issues. We have also
obtained important government documents through the Freedom of
Information Act. We believe that good policies will only result if the
public, the profession, and the policy makers are fully informed
about the significance of these recent proposals.

We are pleased that the Advisory Board has organized hearings.
This review of cryptography policy will help determine if the Clipper
proposal is in the best interests of the country. We believe that a
careful review of the relevant laws and policies shows that the key
escrow arrangement is at odds with the public interest, and that
therefore the Clipper proposal should not go forward.

Today I will address issues 1 through 3 identified in the NIST
announcement, specifically the policy requirements of the Computer
Security Act, the legal issues surrounding the key escrow
arrangement, and the importance of privacy for network
development.


1. CRYPTOGRAPHY POLICY

The first issue concerns the 1987 statute enacted to improve
computer security in the federal government, to clarify the
responsibilities of NIST and NSA, and to ensure that technical
standards would serve civilian and commercial needs. The Computer
Security Act, which also established this Advisory Panel, is the true
cornerstone of cryptography policy in the United States. That law
made clear that in the area of unclassified computing systems, the
Department of Commerce and not the Department of Defense, would
be responsible for the development of technical standards. It
emphasized public accountability and stressed open decision-making.

The Computer Security Act grew out of a concern that classified
standards and secret meetings would not serve the interests of the
general public. As the practical applications for cryptography have
moved from the military and intelligence arenas to the commercial
sphere, this point has become clear. There is also clearly a conflict of
interest when an agency tasked with signal interception is also given
authority to develop standards for network security.

In the spirit of the Computer Security Act, NIST set out in 1989 to
develop a public key standard FIPS. In a memo dated May 5, 1989
and obtained by CPSR through the Freedom of Information Act, NIST
said that it planned:

to develop the necessary public-key based security
standards. We require a public-key algorithm for
calculating digital signatures and we also require a
public-key algorithm for distributing secret keys.

NIST then went on to define the requirements of the standard:

The algorithms that we use must be public, unclassified,
implementable in both hardware or software, usable by
federal Agencies and U.S. based multi-national
corporation, and must provide a level of security
sufficient for the protection of unclassified, sensitive
information and commercial propriety and/or valuable
information.

The Clipper proposal and the full-blown Capstone configuration,
which incorporates the key management function NIST set out to
develop in 1989, is very different from the one originally conceived
by NIST.

% The Clipper algorithm, Skipjack, is classified,

% Public access to the reasons underlying the proposal is
restricted,

% Skipjack can be implemented only in tamper-proof
hardware,

% It is unlikely to be used by multi-national corporations,
and

% Its security remains unproven.

The Clipper proposal undermines the central purpose of the
Computer Security Act. Although intended for broad use in
commercial networks, it was not developed at the request of either
U.S. business or the general public. It does not reflect public goals.
Rather it reflects the interests of one secret agency with the
authority to conduct foreign signal intelligence and another
government agency responsible for law enforcement investigations.

It is our belief that the Clipper proposal clearly violates the intent
of the Computer Security Act of 1987.
What is the significance of this? It is conceivable that an expert
panel of cryptographers will review the Skipjack algorithm and find
that it lives up its billing, that there is no "trap door" and no easy
way to reverse-engineer. In fact, the White House has proposed just
such a review process

But is this process adequate? Is this the procedure the Advisory
Board would endorse for the development of widespread technical
standards? The expert participants will probably not be permitted
to publish their assessments of the proposal in scientific journals,
further review of the standard will be restricted, and those who are
skeptical will remain in the dark about the actual design of the chip.
This may be an appropriate process for certain military systems, but
it is clearly inappropriate for a technical standard that the
government believes should be widely incorporated into the
communications infrastructure.

Good government policy requires that certain process goals be
satisfied. Decisions should be made in the open. The interests of the
participating agencies should be clear. Agencies should be
accountable for their actions and recommendations. Black boxes and
government oversight are not compatible.

There is an even greater obligation to promote open decisions
where technical and scientific issues are at stake. Innovation
depends on openness. The scientific method depends on the ability
of researchers to "kick the tires" and "test drive" the product. And,
then, even if it is a fairly good design, additional testing encourages
the development of new features, improved performance and
reduced cost. Government secrecy is incompatible which such a
development process.

Many of these principles are incorporated into the Computer
Security Act and the Freedom of Information Act. The current
government policy on the development of unclassified technical
standards, as set out in the Computer Security Act, is a very good
policy. It emphasizes public applications, stresses open review, and
ensures public accountability. It is not the policy that is flawed. It is
the Clipper proposal.

To accept the Clipper proposal would be to endorse a process that
ran contrary to the law, that discourages innovation, and that
undermines openness.


2. LEGAL AND CONSTITUTIONAL ISSUES

There are several legal and constitutional issues raised by the
government's key escrow proposal.

The premise of the Clipper key escrow arrangement is that the
government must have the ability to intercept electronic
communications, regardless of the economic or societal costs. The
FBI's Digital Telephony proposal, and the earlier Senate bill 266, was
based on the same assumption.

There are a number of arguments made in defense of this
position: that privacy rights and law enforcement needs must be
balanced, or that the government will be unable to conduct criminal
investigations without this capability.

Regardless of how one views these various claims, there is one
point about the law that should be made very clear: currently there
is no legal basis -- in statute, the Constitution or anywhere else --
that supports the premise which underlies the Clipper proposal. As
the law currently stands, surveillance is not a design goal. General
Motors would have a stronger legal basis for building cars that could
not go faster than 65 miles per hour than AT&T does in marketing a
commercial telephone that has a built-in wiretap capability. In law
there is simply nothing about the use of a telephone that is
inherently illegal or suspect.

The federal wiretap statute says only that communication service
providers must assist law enforcement in the execution of a lawful
warrant. It does not say that anyone is obligated to design systems
to facilitate future wire surveillance. That distinction is the
difference between countries that restrict wire surveillance to
narrow circumstances defined in law and those that treat all users of
the telephone network as potential criminals. U.S. law takes the first
approach. Countries such as the former East Germany took the
second approach. The use of the phone system by citizens was
considered inherently suspect and for that reason more than 10,000
people were employed by the East German government to listen in
on telephone calls.

It is precisely because the wiretap statute does not contain the
obligation to incorporate surveillance capability -- the design
premise of the Clipper proposal -- that the Federal Bureau of
Investigation introduced the Digital Telephony legislation. But that
legislation has not moved forward on Capitol Hill and the law has
remained unchanged. The Clipper proposal attempts to accomplish
through the standard-setting and procurement process what the
Congress has been unwilling to do through the legislative process.

On legal grounds, adopting the Clipper would be a mistake. There
is an important policy goal underlying the wiretap law. The Fourth
Amendment and the federal wiretap statute do not so much balance
competing interests as they erect barriers against government excess
and define the proper scope of criminal investigation. The purpose
of the federal wiretap law is to restrict the government, it is not to
coerce the public.

Therefore, if the government endorses the Clipper proposal, it will
undermine the basic philosophy of the federal wiretap law and the
fundamental values embodied in the Constitution. It will establish a
technical mechanism for signal interception based on a premise that
has no legal foundation. I am not speaking rhetorically about "Big
Brother." My point is simply that the assumption underlying the
Clipper proposal is more compatible with the practice of telephone
surveillance in the former East Germany than it is with the narrowly
limited circumstances that wire surveillance has been allowed in the
United States.

There are a number of other legal issues that have not been
adequately considered by the proponents of the key escrow
arrangement that the Advisory Board should examine. First, not all
lawful wiretaps follow a normal warrant process. It is critical that
the proponents of Clipper make very clear how emergency wiretaps
will be conducted before the proposal goes forward. Second, there
may be civil liability issues for the escrow agents if there is abuse or
compromise of the keys. Escrow agents may be liable for any harm
that results. Third, there is a Fifth Amendment dimension to the
proposed escrow key arrangement if a network user is compelled to
disclose his or her key to the government in order to access a
communications network. Each one of these issues should be
examined.

There is also one legislative change that we would like the
Advisory Board to consider. During our FOIA litigation, the NSA cited
a 1951 law to withhold certain documents that were critical to
understand the development of the Digital Signature Standard. The
law, passed grants the government the right restrict the disclosure
of any classified information pertaining to cryptography. While the
government may properly withhold classified information in FOIA
cases, the practical impact of this particular provision is to provide
another means to insulate cryptographic policy from public review.

Given the importance of public review of cryptography policy, the
requirement of the Computer Security Act, and the Advisory Board's
own commitment to an open, public process, we ask the Advisory
Board to recommend to the President and to the Congress that
section 798 be repealed or substantially revised to reflect current
circumstances.

This is the one area of national cryptography policy where we
believe a change is necessary.


3. INDIVIDUAL PRIVACY

Communications privacy remains a critical test for network
development. Networks that do not provide a high degree of privacy
are clearly less useful to network users. Given the choice between a
cryptography product without a key escrow and one with a key
escrow, it would be difficult to find a user who would prefer the key
escrow requirement. If this proposal does go forward, it will not be
because network users or commercial service providers favored it.

Many governments are now facing questions about restrictions on
cryptography similar to the question now being raised in this
country. It is clear that governments may choose to favor the
interests of consumers and businesses over law enforcement. Less
than a month ago, the government of Australia over-rode the
objections of law enforcement and intelligence agencies and allowed
the Australian telephone companies to go forward with new digital
mobile phone networks, GSM, using the A5 robust algorithm. Other
countries will soon face similar decisions. We hope that they will
follow a similar path

To briefly summarize, the problem here is not the existing law on
computer security or policies on cryptography and wire surveillance.
The Computer Security Act stresses public standards, open review,
and commercial applications. The federal wiretap statute is one of
the best privacy laws in the world. With the exception of one
provision in the criminal code left over from the Cold War, our
current cryptography policy is very good. It reflects many of the
values -- individual liberty, openness, government accountability --
that are crucial for democratic societies to function.

The problem is the Clipper proposal. It is an end-run around
policies intended to restrict government surveillance and to ensure
agency accountability. It is an effort to put in place a technical
configuration that is at odds with the federal wiretap law and the
protection of individual privacy. It is for these reasons that we ask
the Advisory Board to recommend to the Secretary of Commerce, the
White House, and the Congress that the current Clipper proposal not
go forward.

I thank you for the opportunity to speak with you about these
issues. I wish to invite the members of the Advisory Committee to
the third annual CPSR Privacy and Cryptography conference that will
be held Monday, June 7 in Washington, DC at the Carnegie
Endowment for International Peace. That meeting will provide an
opportunity for further discussion about cryptography policy.


ATTACHMENTS

"TWG Issue Number: NIST - May 5, 1989," document obtained
by CPSR as a result of litigation under the Freedom of
Information Act.

"U.S. as Big Brother of Computer Age," The New York Times,
May 6, 1993, at D1.

"Keeping Fewer Secrets," Issues in Science and Technology, vol.
IX, no. 1 (Fall 1992)

"The Only Locksmith in Town," The Index on Censorship
(January 1990)

[The republication of these articles for the non-commercial purpose
of informing the government about public policy is protected by
section 107 of the Copyright Act of 1976]

------------------------------

Date: Thu, 3 Jun 1993 03:58:45 GMT
From: kiddyr@GALLANT.APPLE.COM(Ray Kiddy)
Subject: File 4--AB 1624/Online Info Bill PASSES MAJOR HURDLE!

June 2nd, 1993

AB1624, Debra Bowen's bill to bring the State legislature onto the
Internet and "into the 21st century" (her words) was heard by the
Assembly Ways & Means committee this morning. It was over quickly.
The bill was passed with the text added to it in the Rules committee
by John Burton. Burton's addition allows the Legislature to require
that people reselling this information should pay a fee that would go
to the Legislative Data Center.

I am appending the text as it is now at the end of this post. When
you read it, keep in mind Bowen's office does not like some of this
language. It is a compromise, tho. John Burton wanted some
acknowledgement of the fact that this data was "his", in the sense
that he is head of Rules, is responsible for the Legislative Data
Center and is not giving up on the idea that the LDC may fund itself
with this data. This would not be without precedent. Mary Winkley
pointed out to me that most states that make this data available in
electronic form charge for it, however nominally. If California gives
this stuff away, it would be a first. As I told her, tho, that is what
California is here for :-> We would also be a good place to start the
policy of giving it away because of the size of the state and the fact
that we have approximately one million (!!!) people in this state with
some connectivity to the Internet.

This is probably the bill that is going to be passed, if it makes it
out of the Senate. Someone in Vasconcellos' office explained it to me
this way. Debra Bowen has a choice of leaving the "state fee" language
in the bill and raising the ire of the Republicans, or taking it out
and getting John Burton mad at her. If the bill was changed in the
Senate, it would have to go back to the Assembly for review, where it
would go back to John Burton's Rules committee. The bill would be
killed quickly. Also, the bill could be passed over the Republican's
objections. They do not dominate the Legislature. Bowen, being a
first-year member, would be better off alienating the Republicans than
the head of a major committee with a lot of pull.

Also, it was pointed out that the language of the bill does not
require a fee, it merely authorizes one. Also, there is no fee if you
are not selling the data. Most interest groups on the Internet are not
selling their archives. John Burton would also have to hold public
hearings to set a fee, and there are members of the committee
sympathetic to Bowen who would respond to public opinions. Also, the
newspapers might oppose this, as they could be charged.

Of course, Burton may have already figured out a way to keep them
quiet. Did you know that the commercial vendors of this data, the data
we pay for, see this data before our own legislators do? Bowen had an
example of this, a bill that was retrievable on State-Net, yet was not
updated to the member's system yet. hmmmm. Makes you wonder what the
LDC's priorities are.

Well, if anybody wants more info on this, please mail me at
ray@ganymede.apple.com. Mary Winkley says she really appreciates all
the calls and the interest in their bill, but it would be a lot easier
on her if everybody checked on-line to see what's going on. If you
just want to know status of the bill, call your Assembly member. They
are there to serve you, and will answer questions, even if it is not
their bill.

There is still much to do, of course! if you live in Burton's
district in SF, their office needs to be evangelized about this
issue. if you use legislative data in a not-for-profit way, and
would benefit from having this stuff available, testimonials with
specifics to Burton and Bowen's office would be much appreciated.
I am going to start leaving leaflets at computer stores in SF.
Somebody could hop on the BBSes up there, too.

Keep in mind, this data is all yours. The flow of important info
and the "old-boy" network look very similiar right now. In an
information economy, these battles we fight now will help a lot
of people later on.

thanx - ray

"Information is not Knowledge" - Frank Zappa
"but it sure helps..." - yours truly

AB1624 LEGISLATIVE COUNSEL'S DIGEST

(sorry about this, when Mary faxed me the bill, i lost some of the
text. The digest came through whole, tho. - rk)

AB1624, as amended, Bowen. Legislature: legislative information:
access by computer modem.
Under existing law, all meetings of a house of the Legislature
or a committee thereof are required to be open and public, unless
specifically exempted, and any meeting that is required to be open
and public, including specified closed sessions, may only be held
after full and timely notice to the public as provided by the Joint
Rules of the Assembly and Senate.
This bill would make legislative findings and declarations that
the public should be informed to the fullest extent possible as to
the time, place, and agendfa for each meeting.
This bill would require the Legislative Counsel, with the advice
of the Joint Rules Committee of the Senate and Assembly, to make
available to the public by any means of access by way of computer
modem specified information concerning bills, the proceedings of
the houses and committees of the Legislature, statutory enactments,
and the California Constitution.
This bill would authorize an imposition of a fee or other charge
for any republication or duplication of information accessed pursuant
to the bill under specified circumstances, and would appropriate
any amounts received from this fee or charge in augmentation of any
other amounts that are appropriated for the support of the Legislative
Counsel Bureau.
Vote: 2/3. Appropriation: yes. Fiscal committee: yes. State-
mandated local program: no.

------------------------------

Date: Sat, 29 May 1993 17:49:34 -0700
From: Jim Warren <jwarren@WELL.SF.CA.US>
Subject: File 5--UPDATE #8-AB1624--Press Freedom for Paper Pubs Only?

Friday, May 28, 1993

We [constitutionally] protect the rights of *print* newspapers and
publishers to obtain, publish and distribute government public
records. We do essentially the same for radio and television
broadcasters. In both cases, there is a filter - reporter or news
announcer - between us and the complete public information.

Do we want the government to control, restrict or suppress the rights
of *electronic* publishers to obtain, publish and distribute public
records?

Should those who wish to publish or distribute part or all of
government public records be required to first obtain permission -
which, by definition, could be refused - or perhaps [probably] pay
much more than the incremental cost of copying, in order to obtain
copies of the public's records in their most useful forms?

Do we want to establish the precedent that the *print* media have
strong protections for freedom of access, publication and
distribution, and traditional broadcast media have similarly strong
protections, but computer media can be licensed, controlled,
restricted, charged and possibly even prohibited from electronically
publishing public government information?

AB1624, as amended at the *insistence* of several legislators,
requires exactly that [below] - the *only* rationale being that the
legislature wants to profit from any *electronic* publisher or
distributor charging for providing their *electronic* publications or
services.

Illustrating the attitude:
Monday, 5/24/93, Assembly Rules Committee public hearing on AB1624:
[brief excerpts; all-caps-titles and bracketed notes are mine. -jim]

SHOULD NEWSPAPERS & PUBLISHERS FIRST OBTAIN GOVERNMENT'S PERMISSION
BEFORE BEING PERMITTED TO PUBLISH/DISTRIBUTE GOVERNMENT PUBLIC RECORDS?
[Jud Clark from State Net legislative-information distributor, testifying]
...
John Burton, Rules Committee Chair: "You buy a service from us, right
Jud?"
Jud Clark, State Net: "Right. ..." [State Net buys legislature's public
records in computerized form, as opposed to paper form, on magnetic tape]
Burton: "And then if you sell that, I guess that's part of the deal.
I would have an aversion to giving you something for nothing and then have
you making a profit off of, quote, 'our labor'."
Clark: "First of all, we don't sell the data. We sell a service that we
derive from the data. ... "

SHOULD SOME DISTRIBUTORS BE ABLE TO
PURCHASE PUBLIC RECORDS "IN ADVANCE OF PUBLIC ACCESS"?
Clark: "What we would like is assurance that we could continue to
purchase the data, and we feel if we are purchasing it in advance of public
access, we are willing to continue to pay ...

SHOULD [FOR-PROFIT] NEWSPAPERS OR PUBLISHERS BE
TREATED DIFFERENTLY THAN MEMBERS OF THE PUBLIC?
Clark: "If we access on a public access system, we would like the
public access system to be on the same basis as [everyone else; tape was
unintelligible] ... problem in trying to enforce a provision that
discriminates on the basis of whether we are going to try and do
something for profit [unintelligible]."


"SUBDIVISION (d)" MANDATES DISCRIMINATION BASED ON MONEY
Note: The powerful, unelected Chief Legislative Counsel controls the
Legislative Data Center from which all public records flow.
Currently, AB1624 includes the following, called "subdivision (d)":
"(d) No individual or entity obtaining access to information under the
system established [by AB1624] shall republish or otherwise duplicate
that information for a fee or any other consideration except with the
a authorization of the Legislative Counsel and the approval of the
Joint Rules Committee pursuant to a written agreement between the
individual or entity and the Legislative Counsel that may provide for
payment of a fee or charge for this purpose." ... "Any amounts
received by the Legislative Counsel [go to] the Legislative Counsel
Bureau."

WHAT PRECEDENTS DO *YOU* WANT FOR THE ONLINE PRESS?
Subdivision (d) *may* be deleted from AB1624 - *IF* enough of the public
demand it. Better let your elected representative know what precedents you
want established for online publishers of our public information.
You can simply say, "Delete subdivision (d) from AB1624," and briefly
state some of your reasons.

( Please copy, post and circulate. )

------------------------------

Date: Mon, 31 May 93 13:45:56 GMT
From: wachtel@CANON.CO.UK(Tom Wachtel)
Subject: File 6--Virus News INTERNATIONAL CONFERENCE 93

(Forwarded from Sara Gordon)
+++++++
Hello!

Can you please post this to appropriate newsgroups asap; it is
regarding a conference scheduled for June 23rd in London. I am
scheduled to speak there regarding Virus Writers, and will probably
discuss the Dark Avenger, since I recently interviewed him. Actually
this is the first time I am planning to take public questions
regarding the interview and related matters, so if you are still
interested, maybe better get your
ticket now :)

Speakers scheduled are listed in this announcement.

Thanks!!

Sara Gordon
SGordon@Dockmaster.ncsc.mil
vfr@netcom.com

===================

virus news
INTERNATIONAL CONFERENCE
93

23rd June 1993

Sheraton Skyline
Heathrow

Virus News International is widely recognised for its excellent
coverage of security issues. VNI contributors gather information
from around the world and are in constant contact with police forces
and law enforcement agencies. Nowhere near all of this information
has been published in VNI - yet.

As the virus field comes of age, so your need for information becomes
more and more specialised. Because you now have a much better
understanding of viruses, you are now asking more focused questions.
You will be given answers on which to build your defences against
potential security breaches.

What you will get at the VNI Conference is a concise intelligence
briefing. When you return to your organisation, you will be in a
position to update your company's policies and procedures with the
advantage of having a clear idea of what is to come.

* Why do virus authors do it?

* What new approaches are virus authors likely to take?

* How to prepare for the next attack

* Up to the minute news of activities in the virus world


What the conference will give you

One of the most frequently asked questions is "Why do they do it?"
At the VNI Conference, you will hear from people who have contacted
virus authors and who have hacked into closed computer systems.
Their insights will help you understand your enemy better.

Knowing what new angles virus authors are likely to take is one of
the questions many technical people would like to know. Vesselin
Bontchev of the Virus Test Center at the University of Hamburg is one
of the world's leading virus researchers and is better placed than
most to be able to provide at least some of the answers.

Most people assume that all anti-virus software operates in the same
way. Dr. Simon Shepherd of the United Kingdom Computer Virus
Certification Centre, University of Bradford knows better. He will
explain how a full evaluation is carried out and what you should look
for when deciding which products to use.

Dr Alan Solomon, Chairman of S & S International, will give you a
briefing on the activities of virus authors and others involved in
the dissemination of viruses. With contacts right around the globe,
Dr Solomon has an unrivalled understanding of what virus authors and
distributors are doing.


Speakers

Sara Gordon is an independent researcher and consultant in computer
security. Her insight into the minds, motives and methods of hackers
and virus writers provides a unique perspective, with a wealth of
expertise and information. She recently interviewed the Dark Avenger.

Robert Schifreen is the man the House of Lords cleared of all charges
of hacking into Prince Philip's Prestel mailbox. Now one of the
world's most respected consultants in the field of protection from
hacking, he will be giving you an insight into the motives of
hackers.

Vesselin Bontchev is a Research Associate at the University of
Hamburg, while continuing his research at the Virus Test Center there.

Dr Simon Shepherd is Senior Lecturer in Cryptography and Computer
Security at the University of Bradford, and Director of the UK
Computer Virus Certification Centre. He has extensive experience in
the design of secure communications and computing systems.

Dr Alan Solomon, one of the leading figures in the anti-virus
research community, is co-founder and technical director of the
European Institute for Computer Anti-Virus Research. He is also
Chairman of S & S International and of the IBM PC User Group.


An International Event

Virus News International has frequently shown that the appearance of
a virus in one part of the world is usually the prelude to its
appearance in other countries, probably including yours. VNI has a
truly international following and the conference provides and
opportunity to discuss experienced with delegates from around the
globe.

For the benefit of international delegates, The Sheraton Skyline at
Heathrow has been selected as the venue for the conference. VNI is
conscious that delegates must justify fees and expenses so we have
packed this conference into one day. The location makes it perfectly
possible for delegates to fly in from Europe or other parts of the
UK, spend a full and fruitful day at the conference, and return home
without incurring any overnight expense.


Who should attend?

Senior IT staff, network managers, Information Centre managers and
technical staff involved in data security procedures and development

Date 23rd June 1993
Venue The Sheraton Skyline, Heathrow
Fee L295.00 + VAT per delegate

Delegates' fees may be paid by Access or Visa or by cheque. Company
purchase orders accepted.

Since the conference is scheduled for less than one month from now,
interested persons should contact Paul Robinson on +44-792-324-000 asap.
Alternatively, his email address is 70007.5406@COMPUSERVE.COM.

++++++++++++++++++++++
virus news INTERNATIONAL, William Knox House, Llandarcy, Swansea. West
Glamorgan, SA10 6NL, United Kingdom
Tel No. +44 792 324000 Fax No. +44 792 324001

------------------------------

End of Computer Underground Digest #5.40
************************************




← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT