Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 05 Issue 49
Computer underground Digest Sun July 4 1993 Volume 5 : Issue 49
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Editor: Etaoin Shrdlu, Seniur
CONTENTS, #5.49 (July 4 1993)
File 1--*GEnie* Roundtable transcript of VIRUS/SECURITY
File 2--CPSR Workplace Privacy Test
File 3--JOB OPENING AT EFF
File 4--CuDs on BBSes: "Other Side of Infinity"
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 11 Jun 93 21:01:22 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 1--*GEnie* Roundtable transcript of VIRUS/SECURITY
The following is a transcript from the VIRUS/SECURITY RoundTable on
GEnie. Note that "ga" in the text stands for "go ahead" and signals
that the current speaker has finished their thought. This transcript
is reprinted with permission.
Real Time Conference in the Virus/Security RoundTable on GEnie with
Ken Citarella, Assistant District Attorney, Deputy Bureau Chief of the
Frauds Bureau for Westchester County, New York. Sysop: Ross
Greenberg. Assistant sysops: Mitch Wagner and Sarah Collier. June 2,
1993, 9:00 PM EDT.
-----# Participants #-----
<[ken] GUEST-3>
<[ross] GREENBER>
<SARAH>
<[Mitch] MITCHWAGNER>
<[AmigaNut] JABBA>
<[Cy TROic] F.GLYNN>
<MIKE.C>
<[Chuck] C.LEPAGE>
<[Dennis] D.MCCAULEY1>
<[Ron] R.RITCH>
<[Joe] J.HOLLIDAY6>
<[Dennis] D.MCCAULEY1>
<R.GREENBERG5>
<N C.HORNER1>
<[Janet] J.ATTARD>
-----# Room 1 #-----
<SARAH> Welcome, Ken! We're glad to have you here. ga
<[Mitch] MITCHWAGNER> Hi, Ken. Could you give a brief rundown of your
experience? ga
<[ken] GUEST-3> OK. Hi everyone. Let me introduce myself. I am an
Asst DA in Westchester County, NY (just north of NYC).
I do fraud cases, with a speciality in tech crimes.
Whatever you would like to talk about is ok with me.
I have been a prosecutor for 12 years, and helped
write the NY computer crime laws.
<SARAH> What kinds of tech crimes, Ken? ga
<[ken] GUEST-3> I do telephone fraud and computer crimes, ranging
from intrusions to theft of developmental software.
ga
<SARAH> Theft of developmental software? ga
<[ken] GUEST-3> Yes, I have had two investigations in which it was
alleged that person A stole software developed by
person B. B claimed it was worth zillions. ga
<[AmigaNut] JABBA> Ken, any comments/opinion on the controversial
"Clipper Chip" proposal?
<[ken] GUEST-3> Well, we are a bit out of my league, but I share many
of the concerns that have appeared in the media: why
the secret development? why no public debate over
adoption, etc. ga
<[AmigaNut] JABBA> How about your view of the necessity of such a thing
for law enforcement?
<[ken] GUEST-3> If I may be so bold, I think what you and others are
really asking is if the need to tap any and all
communications is a necessary skill for LE. That is a
societal balancing act. What LE can do helps it fight
crime. It also raises the spectre of abuse. And that
can be scary. ga
<[ross] GREENBER> LE = Law Enforcement
<SARAH> More on Jabba's question, how often would you say you
might have need of a phone tap on a scrambled phone?
ga
<[ken] GUEST-3> Not to be flippant, but whenever the bad guys use a
scrambled phone. Actually, there are relatively few
crimes for which taps are allowed, and the number
varies state by state. There is no hard data yet on
how often bad guys use scrambled phones. The real
threat is from their use of cellular clones which
makes tapping them as impossible as a scrambled phone
does. ga
<SARAH> Well, say, in your career, how many times have you had
to do it? ga
<[ken] GUEST-3> Never. ga
<[Chuck] C.LEPAGE> Ken, have you ever handled any cases of
harassment/obscene messaging on public BBs, or through
e-mail? Do you ever have to deal with "stalker" cases?
ga
<[ken] GUEST-3> I have recently had a case like that brought to my
attention. Frankly, it is not a fact pattern that I am
inclined to do much with. I view it more as a matter
internal to the bbs. I am more interested if the perp
used a stolen credit card to get the bbs account. Now
that's a real crime. ga
<SARAH> Follow-up, Chuck?
<[Cy TROic] F.GLYNN> Ken, what kind d of "intrusion" cases have you done?
ga
<[ken] GUEST-3> The most notable one is the outgrowth of the infamous
(grin) Pumpcon police action. I cannot go into too
much detail because charges are still pending.
But, I have one person under indictment for breaking
into a business computer and installing three user-ids
into the PASSWD file. Two were superusers. He is
charged with felony computer tampering and forgery.
ga
<[ross] GREENBER> Why only TWO superuser ids?
<SARAH> (You might oughta define superuser.)
<[ken] GUEST-3> One was set up as a regular id. ***(Prefer omission of
rest of this answer; or if you must proceed as edited)***Want to know why? Ask
the <intruder>. ga
<[ross] GREENBER> (A superuser can do anything they like to a system,
without exception.)
<[ken] GUEST-3> Superuser means the computer thought he was god. ga
<SARAH> This is the case I know as the Marriott Hotel Bust,
right? Thanks, Ross. ga
<[ken] GUEST-3> Right. ga
<SARAH> What about theft of phone service? Is it just mostly
kids cutting corners? ga
<[ken] GUEST-3> That's how it starts. Unfortunately, it is a
multi-billion dollar business that has caused at least
one street murder in NYC in a battle over control of
phone booths. ga
<SARAH> A murder?! ga
<[ken] GUEST-3> Yeah, the dead man tried to run his own call sell
operation. That means he used stolen access codes and
sold calls to people in the street. Ten bucks for 20
minutes, anywhere in the world. His competitor wanted
to control all the illegal street phone use in the
neighborhood. It seems they could not reach an
amicable settlement. ga
<SARAH> This is a pretty big business? ga
<[ken] GUEST-3> Estimates run from 1 to 6 billion dollars annually in
lost revenue. ga
<SARAH> Ouch! The Mafia? ga
<[ken] GUEST-3> If you mean the good ole La Cosa Nostra, I do not
know. If you mean organized crime: Yes! ga
***(Prefer omission of next q&a or use edited version)***
<[Chuck] C.LEPAGE> My gosh! How do you become a "super-user"? (Especially
here on GEnie.) <g> How could you ever convince a
system to let you do ANYTHING you wanted, as if you
were the sysop? ga
<[ken] GUEST-3> The <intruder> accessed the PASSWD file in an edit
mode, and simply typed in the superuser ids. ga
*****
<[ross] GREENBER> Follow-up, Chuck?
<[Chuck] C.LEPAGE> Thanks. Is the average BB that easy to break
into/tamper with?
<[ken] GUEST-3> This was not a bbs, but the business computer of a
retail store chain. It was very easy to break in to.
They had not removed any default passwords from the
initial login sequences. ga
<[ross] GREENBER> Another, Chuck?
<SARAH> Good grief!
<[ross] GREENBER> Cy's up now. Go ahead, Cy
<[Cy TROic] F.GLYNN> Ken, have you run into any cases involving Storm
Shadow (Morty Rosenfield) or Phiber Obtik (Mark
Abene). If so, what are your view of the cases? ga
<[ken] GUEST-3> I have heard of these gentlemen, and met Phiber once.
But no allegations against them have been made to me.
ga
<[ross] GREENBER> Follow up, Cy?
<[Cy TROic] F.GLYNN> As a follow up to your last comment, Ken... What is
your view about systems not getting rid of their
defaults or lowering their security. Shouldn't they be
held responsible for the "attacks" against them? ga
<[ken] GUEST-3> NO! The law permits people to be sloppy, lazy, even
stupid. None of that excuses an unauthorized break-in.
You can leave your car with the door open,
the key in the ignition, and the motor running, and no
one can use it w/o your permission. Why should a
computer be different?. ga
<[ross] GREENBER> Another, Cy?
<[Cy TROic] F.GLYNN> But, if you park your car in a bad section of the
city, and even w/out "THECLUB" in better parts, you
are asking for trouble. GA
<[ken] GUEST-3> I am not saying that sloppy security is bright, and it
is certainly true that LE looks askance at undue
stupidity, but those are practical questions .. of how
you treat a case, and separate from the question of
whether the intrusion was ok under the law. ga
<[ross] GREENBER> Done, Cy?
<[Cy TROic] F.GLYNN> Yes. Thanks. :) GA!
<[ross] GREENBER> Dennis, You're on! LE-to-LE!
<[Dennis] D.MCCAULEY1> Ken, what's your assessment of the hacker threat these
days? Is it mischief or is it a true concern to
society? ga
<[ken] GUEST-3> Sounding like a true lawyer, it is both! (g) Most
teenage hacking is mischief, just like most other
teenage misconduct. However, I know teenagers who
are in the racket of stealing credit profiles from
TRW-type companies and selling them to organized crime
for illicit use. ga
<[ross] GREENBER> Another, Dennis?
<[Dennis] D.MCCAULEY1> Well, I meant public concern in the sense of starting
World War III and that kind of thing.
Like Kevin Mitnick was said to be able to do. ga
<[ken] GUEST-3> No, that is pure media-hype BS! ga
<[ross] GREENBER> Done, Dennis? (I take it you LIKED Wargames?)
<[Dennis] D.MCCAULEY1> Well, I also wanted to ask Ken about porn on BBS's. ga
<[ross] GREENBER> Go for it, then!
<[ken] GUEST-3> Do you mean my favorite type <g>? ga
<[Dennis] D.MCCAULEY1> OK Ken - what about garden-variety dirty pix on BBS?
Seems to generate a lot of bad PR for the BBS world,
but most don't carry more than your average video
store. Not kiddie porn, of course, that's clearly
illegal. ga
<[ken] GUEST-3> The only problem has to do with the kids: can they get
at it? or are they in it?
Re the first issue, MOM and DAD are the best cops
there are. Re the second, that's just about the most
depraved bahavior there is. ga
<[ross] GREENBER> Mitch, you're FINALLY up.
<[Mitch] MITCHWAGNER> Okay, my question is whether computer crime really is
a big business. All the stuff we read about seems to
be penny-ante. Credit-card fraud for a couple of
thousand of dollars at most. Is anyone making big
money off of computer crime? This is something of a
follow-up to Dennis's question. -ga-
<[ken] GUEST-3> I am not aware of any big capers that I do not
personally handle unless they get some publicity.
The biggest bucks have been stolen as far as I know,
not through intrusions, but by using the computer as
the burglar tool or record keeper for the crime. In
those types of cases, tens of millions have been
stolen. ga
<[ross] GREENBER> Follow-up, Mitch?
<[Mitch] MITCHWAGNER> How did that work? ga
<[ken] GUEST-3> Take your pick. Making up phony insurance policies to
lure investors into the Equity Funding swindle about
15 years ago was the first biggie.
There is also the story that VW Corp in Germany got
ripped off for many millions due a computer-directed
fund transfer. But I cannot vouch for that. ga
<[ross] GREENBER> Done, Mitch?
<[Mitch] MITCHWAGNER> Yup.
<[ross] GREENBER> Jabba, the AmigaNut, is up.
<[AmigaNut] JABBA> Ken, when you participated in drafting the computer
crime statutes, was there any significant opposition
to the legislation? [ga]
<[ken] GUEST-3> Not to the idea of it, but there was a lot of fighting
about how they should be structured. The big problem
was whether teenage curiosity was to be outlawed or
not. ga
<[ross] GREENBER> Follow-up, Jabba?
<[AmigaNut] JABBA> Teenage curiosity? ga
<[ken] GUEST-3> Yeah, "hackers" breaking in just to look. The answer
was that it is illegal, but we trust the discretion of
LE to know when to prosecute or not, just like in
other crimes. ga
<[ross] GREENBER> Another, Jabba?
<[AmigaNut] JABBA> Ah. Does the statute contain confiscation provisions?
ga
<[ken] GUEST-3> No, not specifically. But if a computer is used to
commit a crime, it goes under the general idea that
the bad guy must forfeit the tools of his crime. ga
<[ross] GREENBER> Does this fit under RICO?
<[AmigaNut] JABBA> OK. Thanks.
<[ken] GUEST-3> No. RICO is a federal statute that would not apply to
a single person committing intrusions. ga
<[ross] GREENBER> Thanks. Mike, you're up!
<MIKE.C> Jabba just touched on this, but as a follow-up... Do
you feel that there are adequate computer crime laws
on the books? If not, is this because of a lack of
understanding among legislators of how serious
computer crime can be? ga
<[ken] GUEST-3> The laws in NY are okay, but could be tighter. For
example, there is no specific provision outlawing the
unauthorized insertion of a virus, and to prove
unauthorized use, LE has to show that the defendant
was warned to stay out of the system! The problem
is the ignorance of the legislature. ga
<[ross] GREENBER> Mike, another question for Ken?
<MIKE.C> Is a computer criminal prosecuted under the laws of
the state he/she lives in, or where the computer is
located? ga
<[ken] GUEST-3> Can be either or both. Just like shooting someone
across a state line. You can prosecute for murder in
either state. We can assert jurisdiction where the
actor was or where the penetrated computer was. ga
<[ross] GREENBER> Follow-up on that, Mike?
<MIKE.C> Do you think a strong national computer crime law
would be a good idea? ga
<[ken] GUEST-3> Sure, why not? But more important are well trained
cops and prosecutors at all levels, especially the
states. I hate to see the feds take over the field.
They tend to treat everything as a national
emergency. ga
<MIKE.C> Thanks Ken, Ross!
<[ross] GREENBER> Thanks for the questions, Mike. Cy's up!
<[Cy TROic] F.GLYNN> Ken, what do you think of cases where a user on a BIG
system (national), knows the system to a large extent.
The user tells the Sysops of the systems of bugs and
problems he has found. Do you think this user deserves
thanks, or at least recognition or his finding?
<[ken] GUEST-3> Is he an authorized user? ga
<[Cy TROic] F.GLYNN> In my opinion, this kind of "hacker" is a asset. To
other people, such as those on a system, he is a
hacker. The user is authorized -- it is a public
system. ga
<[ken] GUEST-3> If he is authorized and does not exceed his
authorization, then thank him. If he in not
authorized or exceeds the level, that's like thanking
the burglar for pointing out your loose window. ga
<[ross] GREENBER> Cy, another?
<[Cy TROic] F.GLYNN> Nope. Thanks!
<[ross] GREENBER> Okey doke. Chuck, you're on stage!
<[Chuck] C.LEPAGE> Ken, do you know if other countries have national
computer crime laws? How do other nations deal with
computer crime? Especially European nations. ga
<[ken] GUEST-3> Most European nations, at least western, do have them.
I do not know the details, however.ga
<[ross] GREENBER> I know that the UK has VERY strong laws against
Computer Misuse! Chuck, another?
<[Chuck] C.LEPAGE> Do you know of any international statutes concerning
computer crimes? ga
<[ken] GUEST-3> I have not heard of any international provisions of
any sort. ga
<[ross] GREENBER> Chuck, another question for Ken?
<[Chuck] C.LEPAGE> That's all for now.
<[ross] GREENBER> Thanks, Chuck. Sarah? You're up!
<SARAH> Backing up to computer porn, if someone handed you a
case where a kid (say 19) with a local BBS had a
closed directory for x-rated files, but a couple of
x-rated files were found in an open directory, what
would you do? ga
<[ken] GUEST-3> Didn't this just happen somewhere near Cleveland?...
<SARAH> I think so, but I don't remember the name.
<[ken] GUEST-3> If the availability of the porn was accidental, then
so what, IMHO. ga
<SARAH> How would the kid prove it was accidental? ga
<[ken] GUEST-3> By showing the protections he normally has in place.
ga
<SARAH> Ah, I see. Thanks. ga
<[ross] GREENBER> Ken: if a person unknowingly spreads a virus, are they
criminally negligent?
<[ken] GUEST-3> No, not if they do so knowingly. That's intentional.ga
Sorry, I misread your question....
If they did so unknowingly, they they are not guilty
of anything. Even criminal negligence requires a
grossly sloppy and negligent behavior. Simple not
knowing cannot convict you of anything. ga
<[ross] GREENBER> Sarah advises me that cops like to get up early and go
to bed early. This being Ken's first RTC (but
hopefully not his last), let's wrap up. Any last
questions?
<[ross] GREENBER> Okey doke. Last question for the evening. Chuck, you
have the honors!
<[Chuck] C.LEPAGE Would you prosecute someone who spread a harmless
virus, one that simply flashed a message at a given
time, or would you just "slap his wrist"? I mean,
would you NOT slap his wrist.
<[ken] GUEST-3> If the virus is harmless, but it did intrude without
any authorization, then some low level LE attention is
warranted. How low level would depend on the details
of the behavior and the extent of the spread. ga
<[ross] GREENBER> Chuck, last question?
<[Chuck] C.LEPAGE> That's it. Thank you, Ken.
<SARAH> Ken, thanks so much for coming. This has been a really
informative RTC. Can we ask you again some other time?
<[ken] GUEST-3> Sure, be delighted. ga
<SARAH> Then we'll say good night and let you get some sleep.
:)
<[ross] GREENBER> Ken, my thanks, too. I have a feeling that only about
10% of the questions people wanted to ask got asked.
So you'll be back sooner than you thought!
<[ken] GUEST-3> OK, good night to all, and thanks for the opportunity
to RTC with you. I think this sort of dialogue is
VIP. ga
<[ross] GREENBER> Good night, Ken!
<SARAH> 'Night, Ken. :)
<[ross] GREENBER> And, for those in the audience and for the
question-askers: thanks for being here and for asking
the questions!
|
| This listing was generated by LRTC Version 1.00
| (C)opyright by Hartmut W. Malzahn, 1991. All rights reserved.
------------------------------
Date: Fri, 2 Jul 1993 16:00:05 EST
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 2--CPSR Workplace Privacy Test
CPSR Workplace Privacy Testimony
=====================================================
Prepared Testimony
and
Statement for the Record
of
Marc Rotenberg,
Director, CPSR Washington office,
Adjunct Professor, Georgetown University Law Center
on
H.R. 1900,
The Privacy for Consumers and Workers Act
Before
The Subcommittee on Labor-Management Relations,
Committee on Education and Labor,
U.S. House of Representatives June 30, 1993
Mr. Chairman, members of the Subcommittee, thank for the opportunity
to testify today on H.R. 1900, the Privacy for Consumers and Workers
Act. My name is Marc Rotenberg and I am the director of the CPSR
Washington office and an adjunct professor at Georgetown University
Law Center where I teach a course on information privacy law.
Speaking on behalf of CPSR, we strongly endorse the Privacy for
Consumers and Workers Act. The measure will establish important
safeguards for workers and consumers in the United States. We believe
that H.R. 1900 is particularly important as our country becomes more
dependent on computerized information systems and the risk of privacy
abuse increases.
CPSR has a special interest in workplace privacy. For almost a
decade we have advocated for the design of computer systems that
better serve the needs of employees in the workplace. We do not view
this particular goal as a trade-off between labor and management. It
is our belief that computer systems and information policies that are
designed so as to value employees will lead to a more productive work
environment and ultimately more successful companies and
organizations. As Charles Hecksher of the Harvard Business School has
said good managers have no use for secret monitoring.
Equally important is the need to ensure that certain fundamental
rights of employees are safeguarded. The protection of personal
privacy in the information age may be as crucial for American workers
as the protection of safety was in the age of machines. Organizations
that fail to develop appropriate workplace privacy policies leave
employees at risk of abuse, embarrassment, and harassment.
The concern about workplace privacy is widely felt in the computer
profession. This month MacWorld magazine, a leading publication in
the computer industry, released a special report on workplace privacy.
The report, based on a survey of 301 companies in the United States
and authored by noted science writer Charles Piller, made clear the
need for a strong federal policy.
Among the key findings of the MacWorld survey:
> More than 21 percent of those polled said that they had
"engaged in searches of employee computer files, voice mail,
electronic mail, or other networking communications."
> "Monitoring work flow" is the most frequently cited reason for
electronic searches.
> In two out of three cases, employees are not warned about
electronic searches.
> Only one third of the companies surveyed have a written policy on
privacy
What is also interesting about the MacWorld survey is the high level
of concern expressed by top corporate managers about electronic
monitoring. More than a half of those polled said that electronic
monitoring was either "never acceptable" or "usually or always
counterproductive." Less than five percent believed that electronic
monitoring was a good tool to routinely verify honesty.
These numbers suggest that managers would support a sensible privacy
law. Indeed, they are consistent with other privacy polls conducted
by Professor Alan Westin for the Lou Harris organization which show
that managers are well aware of privacy concerns and may, with a
little prodding, agree to sensible policies.
What would such a policy look like? The MacWorld report also
includes a model privacy policy that is based on several U.S. and
international privacy codes. Here are the key elements:
> Employees should know what electronic surveillance tools are used,
and how management will use the data gathered.
> Management should minimize electronic monitoring as much as
possible. Continuous monitoring should not be permitted.
> Data should only be used for clearly defined, work-related
purposes.
> Management should not engage in secret monitoring unless there is
credible evidence of criminal activity or serious wrongdoing.
> Data gathered through monitoring should not be the sole factor in
employee evaluations.
> Personal information gathered by employers should not be disclosed
to any third parties, except to comply with legal requirements.
> Employees or prospective employees should not be asked to waive
privacy rights.
> Managers who violate these privacy principles should be subject to
discipline or termination.
Many of these provisions are contained in H.R. 1900, the Privacy for
Consumers and Workers Act. Clearly, the policies and the bill itself
are not intended to prohibit monitoring, nor to prevent employers from
protecting their business interests. What the bill will do is help
establish a clear framework that ensures employees are properly
notified of monitoring practices, that personal information is not
misused, and that monitoring capability is not abused. It is a
straightforward, sensible approach that does not so much balance
rights as it clarifies interests and ensures that both employers and
employees will respect appropriate limitations on monitoring
capability.
The need to move quickly to establish a framework for workplace
privacy protection is clear. Privacy problems will become more acute
in the years ahead as new monitoring schemes are developed and new
forms of personal data are collected. As Professor Gary Marx has made
clear, there is little that can be imagined in the monitoring realm
that can not be achieved. Already, some members of the computer
profession are wearing "active badges" that provide full-time
geographical monitoring. Properly used, these devices help employees
use new tools in the hi-tech workplace. Improperly used, such devices
could track the physical movements of an employee throughout the day,
almost like a blip on a radar screen.
Computers are certainly powerful tools. We believe that they can be
used to improve productivity and increase job satisfaction. But this
requires that appropriate policies be developed to address employee
concerns and that laws be passed, when necessary, to ensure that
computer abuse does not occur.
This concludes my testimony. I would be pleased to answer your
questions.
------------------------------
Date: Wed, 30 Jun 1993 13:44:52 -0500
From: lbreit@EFF.ORG(Lisa Breit)
Subject: File 3--JOB OPENING AT EFF
Position Announcement
SYSTEMS ADMINISTRATOR
Electronic Frontier Foundation
The Electronic Frontier Foundation is a nonprofit public interest
organization located in Washington, D.C. We are looking for a skilled
Systems Administrator experienced with management of Unix-based Internet
hosts, Macintosh LAN management, business applications, and user support.
This is a key technical and administrative role in a rapidly growing
organization with national visibility.
EFF recently moved its headquarters from Massachusetts to Washington. The
Systems Administrator's initial responsibilities will include relocating
EFF's servers and setting up a tech center in the DC office. The Systems
Administrator reports to the Business Manager, and interfaces on a regular
basis with program and support staff, members, subcontractors,
collaborators, and the Board of Directors.
The current EFF Sun cluster includes a pair of SparcStation 2 workstations,
and a SparcStation ELC workstation, with 3.0+ Gb. storage, Exabyte 8200
(8mm) tape backup, and a CDROM drive. There is also a Telebit Netblazer
doing double duty as a router (56kb to PSInet) and a terminal server with
Telebit modems.
Most of EFF's projects are electronically mediated. Eff.org is the primary
host for the core staff and volunteers of EFF for whom electronic mail is a
"mission critical" function.
The Systems Administrator Position
The Electronic Frontier Foundation is seeking a hands-on, multi-talented
Systems Administrator. In the coming year EFF will be expanding its
internal system functions and providing more Internet-based services to
individuals who are frequent Net users. We are looking for an individual
with an outstanding technical background, good communication skills, a user
service orientation, and a commitment to the Electronic Frontier
Foundations's mission.
The Systems Administrator's job responsibilities include:
System Administration
o Eff.org is the Foundation's Internet access point. Support and
maintain all hardware, software, and net traffic related to eff.org,
including a cluster of Sun workstations, associated communications
equipment, and key systems including SMTP, ftp archive, Gopher, and WAIS
site.
o EFF LAN: Manage a 15 station Appletalk LAN (may be expanded).
o Voice Telephone System: Manage and maintain a 50 port PBX.
o System Maintenance: Ensure regular servicing, upgrading and
maintenance of all hardware and communications systems; maintain data
security and virus protections; perform regular backups.
o Record Keeping and Documentation: Maintain logs, inventories,
reports, and any other records or paperwork required for management,
insurance, administration, etc.; regularly draft and update documentation
for internal systems and procedures.
Application Support and Training
o Support EFF's internal systems for MIS, communication,
publications, and other functions, including hardware and software
selection, purchase, installation and upgrade, troubleshooting, problem
solving, and answering users' questions.
o Train staff and others as designated on a wide variety of
applications used at EFF, including Microsoft Word, Excel, Filemaker Pro,
Pagemaker, Internet-based utilities and other online services.
Program Support
o Work with policy, communications, and administrative staff to
conduct online political organizing, fundraising, and education efforts.
o Assist in development of database applications to support EFF
membership and fundraising.
o Support communications and membership staff by monitoring EFF's
email and EFF hosted on-line newsgroups and discussion groups.
o Provide technical advise and expertise necessary to comprehend or
formulate policy issues.
Qualifications:
This is a key position requiring a completely dependable individual who is
able to be keep the trains running on time for day to day operations while
completing special projects and a variety new development projects. S/he
occasionally may be required to do some weekend work, and will wear a
beeper. Ideal candidates will enjoy the challenge of a high demand job and
the unpredictability of an interrupt-driven environment: We are seeking:
Substantial experience in Unix systems administration, including mastery of
sendmail, DNS, and other Internet functions. Ability to write shell scripts
using Unix tools such as perl and awk. Background in C programming an
ability to customize, install and debug C programs.
Extensive Macintosh support including System 7.x, and networking both with
LocalTalk an dEthernet, plus MacTCP. Hardware experience a plus.
Minimum 3 years experience in systems administration, including hardware
and software purchase, setup and maintenance, record keeping, security,
etc.
Good communication skills, and a helpful, instructive approach to
supporting users;
Ability to work independently on multiple projects and as part of a team.
Ability to write clear and simple documentation, keep records and maintain
an organized, orderly environment;
Interest in EFF's mission a definite plus;
B.S. or other technical degree in Computer Science, Electrical Engineering,
MIS, or related field. Will consider experience in lieu of education.
Compensation:
Salary $28,000-$32,000 depending on experience
Full benefits include health insurance, disability, life insurance,
pension, vacation.
How to apply:
This position is located in Washington DC. Deadline for applications is
July 6. To apply, send a resume and cover letter by US mail to our
recruiter in Massachusetts:
Electronic Frontier Foundation
Systems Administrator Position
238 Main Street
Cambridge, MA 02142
Attn: Lisa Breit
by email (ASCII only please): lbreit@eff.org
About the Electronic Frontier Foundation (EFF)
The Electronic Frontier Foundation was founded in July, 1990 to ensure
freedom of expression in digital media, with a particular emphasis on
applying the principles embodied in the Constitution and the Bill of Rights
to computer-based communication. EFF has rapidly evolved into one of the
leading organizations that individuals, corporations, the media, and
government turn to when considering questions involving new communications
technology.
EFF's mission is to foster the opportunities of digital communication for
individuals and communities in a free and open society. The Foundation:
o Shapes the national policy debate on how the communications
infrastructure will develop, and how electronic communications will be
regulated;
o Facilitates discussion and organizes action around technology
policy issues of interest to a wide range of groups and individuals, such
as digital privacy and cryptography, the future of the Internet; etc. and
o Seeks and undertakes cases to defend the civil liberties of
individuals and organizations using computers and communication technology,
and provides informal legal services to net users;
o Engages in outreach and educational activities within the community
of electronic network users as well as among law enforcement officials,
policy makers, corporations and others.
EFF also creates forums, publications and information resources, available
in print and on a number of electronic networks, to raise awareness of
political, legal, social and cultural issues that result from the
widespread use of electronic communication. Over the next few years, EFF
will continue its work in the civil liberties, policy, and public education
arenas, while sponsoring research projects and events that explore the
nature of communities in Cyberspace, and support their evolution here and
abroad.
In the next two years, EFF expects to broaden its presence on a range of
electronic networks, expand its membership; experiment with organizing and
fundraising campaigns conducted on electronic networks; add new members to
its Board; and improve its communication program encompassing media
relations, public speaking engagements for staff and Board members, the
development of a number of online forums, and regular production of
electronic and printed publications. EFF currently has 7 full time
professional staff and two support staff. The staff size is expected to
double over the next year to accommodate the anticipated growth of EFF's
programs and operations.
EFF receives funding from a variety of sources, including corporations,
individual donors, and other foundations. EFF also receives membership fees
from several hundred individual and corporate members, which entitles them
to publications and online access to discussions and seminars on the
Internet.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Lisa A. Breit o c/o EFF o 238 Main Street, Cambridge, MA 02142
Mailing address: 29 Beechwood Road, Waltham, MA 02154
617-894-5415 phone o email: lbreit@eff.org
------------------------------
Date: Tue, 29 Jun 1993 22:15:17 -0400 (EDT)
From: KAMAKIZE@DELPHI.COM
Subject: File 4--CuDs on BBSes: "Other Side of Infinity"
((MODERATORS' NOTE: About one-third of CuD readers obtain CuD from
local BBSes. We receive a few calls or letters each week from readers
wondering if there are BBSes in their area that carry CuD, but we
haven't kept formal list of boards that maintain up-to-date archives.
There are so many, we can't maintain systematic records. But, we'll
periodically publish a list of BBSes around the world that do. If your
board does, let us know. Send a summary of the board and other
information (in a brief paragraph or two) and every few months we will
list them. Here's another board that maintains complete CuD files)).
BBS Name : The Other Side Of Reality
BBS Phone: 703-366-4620
Hours: 24
All Cuds online and available on release date, and many EFF files
available on first call.
BBS is FREE.
Run on WWIV BBS Software with a 14.4K modem
Networked With WWIV-link,Icenet,Insanity
CD-Rom Online with approx 10,000+ files online for D/l on first call
located in Roanoke,Virginia
We also carry many Occult text Files, along with Computer related Files
------------------------------
End of Computer Underground Digest #5.49
************************************
