Copy Link
Add to Bookmark
Report
The Journal of American Underground Computing Issue 2
THE JOURNAL OF AMERICAN UNDERGROUND COMPUTING / Published Periodically
======================================================================
ISSN 1074-3111 Volume One, Issue Two April 4, 1994
======================================================================
Editor-in-Chief: Scott Davis (dfox@fennec.com)
Technology Editor: Max Mednick (kahuna@bga.com)
Consipracy Editor: Gordon Fagan (dolphin@bga.com)
Network Security: George Phillips (ice9@bga.com)
** ftp site: etext.archive.umich.edu /pub/Zines/JAUC
U.S. Mail:
The Journal Of American Underground Computing
10111 N. Lamar #25
Austin, Texas 78753-3601
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
To Subscribe to "TJOAUC", send mail to: sub@fennec.com
All questions/comments about this publication to: comments@fennec.com
Send all articles/info that you want published to: submit@fennec.com
Commercial Registration for Profitable Media: form1@fennec.com
"The underground press serves as the only effective counter to a growing
power, and more sophisticated techniques used by establishment mass media
to falsify, misrepresent, misquote, rule out of consideration as a priori
ridiculous, or simply ignore and blot out of existence: data, books,
discoveries that they consider prejudicial to establishment interest..."
(William S. Burroughs and Daniel Odier, "The Job", Viking, New York, 1989)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Contents Copyright (C) 1994 The Journal Of American Underground Computing
and/or the author of the articles presented herein. All rights reserved.
Nothing may be reproduced in whole or in part without written permission
of the Editor-In-Chief and/or the author of the article. This publication
is made available quarterly to the amateur computer hobbyist free of
charge. Any commercial usage (electronic or otherwise) is strictly
prohibited without prior consent of the Editor, and is in violation of
applicable US Copyright laws. To subscribe, send email to sub@fennec.com
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DISCLAIMER AND NOTICE TO DISTRIBUTORS -
NOTE: This electronic publication is to be distributed free of charge
without modifications to anyone who wishes to have a copy. Under NO
circumstances is any issue of this publication, in part or in whole,
to be sold for money or services, nor is it to be packaged with other
computer software, including, but not limited to CD Rom disks, without
the express written or verbal consent of the author and/or editor.
To obtain permission to distribute this publication under any of the
certain circumstances stated above, please contact the editor at one of
the addresses above. If you have intentions of publishing this journal
in any of the ways described above, or you are in doubt about whether or
not your intentions conflict with the restrictions, please contact the
editor. FOR A COPY OF THE REGISTRATION FORM, MAIL - form1@fennec.com
This publication is provided without charge to anyone who wants it.
This includes, but is not limited to lawyers, government officials,
cops, feds, hackers, social deviants, and computer hobbyists. If anyone
asks for a copy, please provide them with one, or mail the subscription
list so that you may be added.
The articles and information printed herein are the property of the author
and / or The Journal Of American Underground Computing. An electronic mail
address of the author will be provided when made available to us so that you
can contact the author with your comments. No article in this publication
can be reprinted without the permission of the author / editor. Any attempt
to do so will be in direct violation of United States Copyright laws.
Any attempt to sell this publication in part or in whole, on CD Rom or
while packaged with any other software bundle without the express consent
of the editor is also a direct violation of United States Copyright laws.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
THE JOURNAL OF AMERICAN UNDERGROUND COMPUTING - Volume 1, Issue 2
TABLE OF CONTENTS
1) A note from the Editor Scott Davis
2) Comments from our readers Readers
3) Paul and Karla Hit The Net Wired Online
4) AT&T Cellular Privacy Systems David Arneke
5) Clipper / From "The Guardian" Mike Holderness
6) Privacy: Notes from Cyberspace Various
7) Kidnapped By The State / Internet Not Safe Matthew Mihaly
8) Legion Of Doom - Internet T-Shirts Chris Goggans
9) Public vs. Mass Media: The Case of The Internet Jim O'Loughlin
10) Bruce Sterling's Comments at CFP '94 Bruce Sterling
11) Book Review - Doing Business On The Internet Steve Brock
12) Generic Usenet Flame Form [Humor]
13) McDonnell Douglas Warranty Card [Humor]
14) Social Contract Between Us and Them [Humor]
15) Electronic Petition Against Clipper Editors
16) Form letter againt Clipper for the President Editors
17) Official Government press release: Clipper Editors
18) ISDN Information (RBOCS) Max Mednick
19) A catalog of national ISDN solutions Max Mednick
20) Sprint expands presence in China News
21) SSN FAQ / Social Security Number info Chris Hibbert
22) The Clipper Chip is your friend Bob Davis (WSJ)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
A NOTE FROM THE EDITOR
It is my pleasure to welcome aboard to the editing staff Mr. Max Mednick
as the Technology Editor. Max is a technical trainer and network support
specialist for a Fortune 500 company, and has several years of experience
in the field of networking and communications. Everyone send him a message
welcoming him. (kahuna@bga.com). Also, we are welcoming Carl Guderian
as Director of Information Systems. He is currently employed by big-brother.
His email address is bjacques@cypher.com
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
COMMENTS FROM OUR READERS
From: jim@rsa.com (Jim Bidzos)
To: comments@fennec.com
Subject: TJOAUC-1.1
Great! I'm honored to have contributed to TJOAUC! Thanks, and keep up
the good work.
=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: Anonymous@some.government.agency
To: comments@fennec.com
Subject: Thanks!
I checked your archived 'Journal of American Underground Computing'
at extext.archive.umich.edu.
I found the quality and content to be high.
If you could also subscribe me, I would be grateful. Sorry about
the skepticism (with reservations to Mark Lanes allegations that
the CIA murdered JFK).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
PAUL AND KARLA HIT THE NET
Posted By Dennis R. Hilton (drhilton@kaiwan.com)
Copyright 1993,4 Wired Ventures, Ltd. All Rights Reserved
For complete copyright information, please see the end of this file
WIRED 2.04
Electric Word
*************
Recent events in Canada have proven once again that - for better or worse -
the information genie has escaped into cyberspace and can't be put back in
the bottle. When an Ontario judge issued an order barring media coverage of
a sensationalized murder trial, Canadians used the Net to break the ban.
The case concerns Paul "Bernardo" Teale and his wife, Karla Homolka Teale,
who were each charged in the grisly murders of two teenagers. Paul Teale
now stands accused of 48 sex-related charges, while Karla Homolka entered
into a plea bargain: She pleaded guilty to manslaughter and is expected to
testify against Paul.
The nonstop press coverage prompted Paul Teale's lawyer to ask for a media
gag order until the conclusion of his trial, on the grounds that it would
be impossible to impanel an impartial jury. Despite legal intervention by
several major Canadian media outlets, the court imposed a ban on the
publication of the details of the crimes.
At first the ban had its desired effect. When the US television show
A Current Affair featured the case, it was banned in Canada, and Canadian
cable stations blacked out CNN coverage of the case.
With the conventional media halted, the infosphere took over. First, two
BBSes in Toronto began to post daily details of the trial. In August, a
group of McGill University students created a Usenet group, alt.fan.karla-
homolka, to discuss the case. By December, after phone calls by law-abiding
Net surfers to systems managers, the Usenet group had been banned by
systems managers and university officials at sites all over Canada.
After the banning of alt.fan.karla-homolka, two new Usenet groups were
created: alt.pub-ban and alt.pub-ban.homolka.
Some Net users theorized that if they cross-posted all over the Net, the
Royal Canadian Mounted Police would be in the impossible position of
scrambling through cyberspace plugging leaks. One Net dweller jokingly
proposed the ideal tactic: "The solution is obvious. Take the discussion to
rec.sport.hockey. You silly Canadians would never ban that group."
Other curious Canadians searched the pay-per-view news and magazine
databases on Nexis and CompuServe for stories published by US newspapers.
Most of the banned articles were re-posted verbatim to alt.true-crime, a
group overlooked by the Mounties.
As the infosphere grows to encompass the planet, the question is no longer
whether certain information is too sensitive to be made public. The real
question becomes whether it is even possible to keep certain information
out of cyberspace. In the Teale-Homolka case, the ban was not so much
broken as rendered irrelevant by the voracious online community: It is
estimated that one in four Canadians knows the banned facts.
Anita Susan Brenner and B. Metson
%%%%%%%%%%%%%%%%%%%% WIRED Online Copyright Notice %%%%%%%%%%%%%%%%%%%%%%
Copyright 1993,4 Wired Ventures, Ltd. All rights reserved.
This article may be redistributed provided that the article and this
notice remain intact. This article may not under any circumstances
be resold or redistributed for compensation of any kind without prior
written permission from Wired Ventures, Ltd.
If you have any questions about these terms, or would like information
about licensing materials from WIRED Online, please contact us via
telephone (+1 (415) 904 0660) or email (info@wired.com).
WIRED and WIRED Online are trademarks of Wired Ventures, Ltd.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
AT&T CELLULAR PRIVACY SYSTEMS
AMERITECH CELLULAR PRIVACY SERVICE USES AT&T TECHNOLOGY
By David R. Arneke (darneke@attmail.com)
AT&T SECURE COMMUNICATIONS SYSTEMS NEWS RELEASE
Reprinted with permission
GREENSBORO, N.C. -- Ameritech Cellular Services in Chicago has
become the first cellular telephone system in the country to offer
voice privacy service using the AT&T Advanced Cellular Privacy System.
Ameritech launched its Enhanced Voice Privacy service in Chicago
this month.
"This technology adds to the productivity and value that
Ameritech cellular service provides to its customers," said Thomas A.
Brooks, AT&T Paradyne senior vice president, Secure Communications
Systems.
"And, by helping the carrier provide value to the cus- tomer,
AT&T cellular privacy technology adds value to the carrier as well."
The AT&T technology scrambles the cellular telephone's
over-the-air signal. The signal is descrambled at Ameritech's
cellular switch, transmitting a conventional phone signal to the
recipient.
If the scrambled over-the-air signal is intercepted, the
eavesdropper will hear only a chirping sound. AT&T's advanced privacy
technology renders the over-the-air signal unintelligible.
The system already is in wide use in Japan in the cellular system
of one of the two major Japanese telephone companies.
The AT&T Cellular Privacy System offers cellular users a variety
of benefits.
-- Its technology is small enough and light enough to be
embeddable in today's small, portable phones.
-- The system features an unmatched combination of high voice
quality and an advanced level of privacy.
-- It is applicable to all three types of cellular telephones --
portable, transportable ("bag phones") and mobile (car phones).
The system has two components. The AT&T privacy unit attaches to
the phone and scrambles the phone's signal. Voice privacy modules are
available for several brands of cellular telephones, among them AT&T
models, including the AT&T Privacy-Capable Portable Telephone 9000;
the Audiovox 3200 series; Mitsubishi models using the Model 1200
transceiver; the Motorola 2600; the NEC 3800B and 4800; the Oki 800
series; and the Toshiba 3200 series.
Modules for other brands and models are in development.
The Mobile Telephone Office Switch (MTSO) unit is installed at
the cellular carrier's switch and descrambles the signal.
Because the privacy system scrambles only the over-the-air
portion of the call, no matching unit or special equipment is required
at the receiving phone.
The AT&T Paradyne Cellular Privacy System was developed by AT&T
Secure Communications Systems, a world leader in the design,
manufacture and integration of encryption and privacy products. It is
a primary supplier of secure products to the governments of the United
States and other nations as well as corporations around the world.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
CLIPPER (From The Guardian)
By Mike Holderness (mikeh@gn.apc.org)
This piece on the Clipper controversy appeared in the London, UK
_Guardian_ on 3 March 1994. My apologies for the delay in circulating
this to all of you who helped with advice and comments or expressed
an interest; and to a couple people whose attributions got cut for space.
Some Netizens may find the piece a bit wishy-washy. Better that than
the _Independent_'s coverage, which was full of unsubstantiated claims --
if they _know_ the NSA has a back-door, I wish they'd publish
the evidence...
I _know_ the description of the technology ended up inexact. Anyone
who can give an exact description in fewer words gets a bottle of
champagne next time you're in London...
If you re-distribute this, please do so in its entirety and un-cut.
Contact me to discuss terms before you publish it on paper: I have
a freelance living to earn and a landlord to feed.
(C)opyright 1994 Mike Holderness
mikeh@gn.apc.org
London, UK
HED: Are these men a threat to freedom?
PIC: (4-column): Gore & Clinton
YOUR COMPANY is, at last, connected to the Internet. You can swap memos
with branch offices around the world within minutes. But you naturally
don't want your competitors, or their governments, siphoning the details
of your bid for that dam contract in the Philippines out of the net.
What do you do?
On the other hand, when you receive an electronic message announcing a
call for tenders, how do you know it's genuine? You've heard that it's
possible to fake electronic mail, and you're worried about all the
possibilities for creative industrial espionage which this opens up.
Then again, you might be a Cabinet minister, setting up a meeting with
your boyfriend on the mobile phone. Wouldn't it be good to know that
no-one could tap the message?
The answer to all these problems lies in encryption technology. The
solution the US government proposed earlier this month, however, has
generated a furious row in the "on-line community" about the government
interfering in citizens' right to communicate in private. The disturbing
implications for people outside the US have gone largely unremarked.
Computer programs that can do practically unbreakable encryption are
available to the public in the US and elsewhere. One, named PGP for
Pretty Good Privacy, is increasingly being used to authenticate
electronic messages (Computer Guardian, Nov ?? 1993). It can encrypt the
whole message, or send the main text "in clear", followed by an
encrypted block containing a mathematical "fingerprint" of the message
and the sender's name and address. The program can thus verify whether a
signature belongs to the purported sender and whether the message
arrives as it left.
Encryption has long worried law-enforcement agencies. What if drug- dealers
and terrorists start using unbreakable encryption? The US government's
Key Escrow Encryption system -- commonly known by its working title,
Clipper -- is its answer.
Clipper uses an encryption chip suitable for building into a mobile
phone or a modem. Its method of encryption, developed by the US National
Security Agency (NSA), depends on "keys". These are codes which are used
mathematically to mangle the text or speech. The receiver can only get
the original back out if they have the key and can use it to un-mangle
-- decrypt -- the message.
PGP depends on a "public-key" system. Users sending signed messages
encrypt the signature with keys known only to them. They also issue
public keys. These are mathematically derived from the private key, and
allow anyone to verify the signature. If someone sends them a message
encrypted with their public key, only the private key will extract it.
By contrast, each Clipper chip will have an encryption key built in.
When the chip is manufactured, two parts of the key will be lodged with
two separate US government agencies. (In legal jargon, this is like
"holding the keys in escrow".) A secret "super-key" allows law
enforcement agencies to retrieve the serial number of the chip used on
the link they're tapping.
Under US guidelines released on February 4, if a law enforcement agency
wants to eavesdrop on encrypted communications, it should send details
of a search warrant to the agencies holding the key components.
This is a red rag to the inhabitants of Internet discussion forums,
"the world's largest functioning anarchy". There, discussions of the
right (under the First Amendment to the Constitution) to unrestricted
free speech can and do slip effortlessly into the belief that, as one
participant put it, "The People must be allowed to discuss anything,
including revolution."
According to Brian Yoder, president of California company Networxx,
"The US Constitution doesn't grant the government the power to maintain
this kind of surveillance capability over the population. Period. The
assumption is that anything that enhances the ability of the police to
catch criminals is OK, but that is not what the Constitution says, and
that's not the kind of country I want to live in."
Cryptology specialist Dr Dorothy Denning at Georgetown University in
Washington DC, who was part of a team reviewing the NSA's design
process, points out that Clipper "will not make it any easier to tap
phones, let alone computer networks. All it will do is make it
technically possible to decrypt communications that are encrypted with
the standard, assuming the communications are not super-encrypted with
something else. Law enforcers still need to get a court order."
But who trusts the NSA? The Clipper design is secret. Many assume that
the Agency has built in a "trap-door" allowing it to break encryption
without the keys.
No-one has proposed making non-Clipper encryption illegal, but the US
government clearly hopes to establish it as an industry standard. For
example, while it's usually illegal to export any form of encryption
technology from the US, it will be legal to export Clipper.
Non-US companies using it to protect their communications will have to
live with the uneasy knowledge that the NSA could be listening in -- and
the NSA, like its UK sibling organisation GCHQ in Cheltenham, has a long
history of intercepting foreign commercial messages for the benefit of
home companies. (GCHQ declined to say whether it had been involved in
any discussions over Clipper.)
The protests have started. A petition organised by Computer
Professionals for Social Responsibility against Clipper, and in favour
of a Bill to permit export of competing encryption systems, gathered
more than 20,000 electronic signatures in its first two weeks. Wired
magazine has proclaimed that ``This is a pivotal moment in history'',
accusing ``the Clinton-Gore administration'' of ``attempting a stealth
strike on our rights''. It has asked readers to sign the CPSR petition
against Clipper and to ``call or write your Congressional
representatives and let them know how you feel''.
Encryption and authentication are important for much more than the
privacy of the frequently obscure or banal discussions on the Net.
Medical and financial records are now commonly held on computers, and a
growing proportion of business transactions take place on line.
Cyberspace is where your money is.
For private communications, Emma Nicholson MP takes a relaxed view: "In
communicating, we should start from a belief that everyone listens to
everything. Gossip is what makes the world go round. I have very few
secrets. I would be deeply concerned if a device were marketed that
could stop interception -- I would support the FBI completely."
Computer-law barrister Alistair Kelman, however, believes that any
attempt to enforce the Clipper chip as a worldwide standard would meet
stiff opposition. The European Commission could be expected to object
that it fell foul of Treaty of Rome provisions against misuse of a
dominant position. "If you want to have a world standard for encryption,
fine," Kelman said, but the EC could respond: "let's all get together
and settle on something that meets our requirements as well."
<ufpoints>
Wired articles on Clipper can be obtained via the Internet by putting
the following three lines into the body of an electronic mail message
addressed to infobot@wired.com:
send clipper/privacy.meeks
send clipper/privacy.barlow
end
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
PRIVACY: NOTES FROM CYBERSPACE
These are just little tidbits picked up from here and there...feel free to
comment on them. -Editors
NOTES FROM CYBERSPACE - ARTICLE 1
By Arthur Entlich (ua107@freenet.victoria.bc.ca)
Subject: Privacy in Canada
Over the last several years there has been a feeding frenzy in the private
sector toward collection of private information. Currently, to my know-
ledge there is only one province in Canada that has legislation on the
books which protects individual's private information within the
private sector, and that is Quebec, which may not be a province of
Canada for long, if things continue.
Anyway, recently a few provinces have developed Offices of Privacy and
Freedom of Information (Ontario and British Columbia) both of which have
"left of center" parties in power. However, these government offices
only regulate the issues of freedom of information and privacy within the
public sector (governmental agencies). These is also a similar
office on a federal basis. Ther eis much to be done here to roll
back the amount and connectivity of information in the public and
private sector. For instance, our SIN number (Social Insurance Number)
which was legislated originally for only about 6 programs, all relating
to employment, has been expanded to uses such as banking, (required by law
now) medical plans, etc, Also, the private sector has a field day with
this number and it has basically become a national identity number.
Some changes are occurring, such as in British Columbia, we were issued
a separate and unique medical plan number after many complaints, however
on several occasions I have by phone or in person requested information
about my coverage and claimed I did not have my medical number handy,
and was asked for my SIN, at which point they crossreferenced to my
medical number, so obviously they are still connected internally.
More recently, the government of B.C. has indicated that in two months
a new program called PharmaNet will be put in place. This will hook up
all pharmacies in the province so that ones drug profile is available
to each pharmacist if they use a keyword you provide (the keyword was
demanded by the office of privacy, originally it didn't even have this).
You must provide this keyword and your medical plan number in order
to purchase the drugs. The government claims it is becaus ethey
have a problem with drug interactions, especially amongst the
elderly who see numerous doctors and don't remember what they are taking.
They also claim it is to prevent the practice of people seeing several
doctors for one prescription type, then go to several pharmacies to buy
multiple prescriptions, and then sell the drugs on the street.
The government does have some justification, in that they do pay for
the partial cost of drugs to people over 65 and they also pay for
all drug costs over $600 per family per year. However, the vast
majority of the population does not fit into these groups.
In the private sector things are much worse. Most video stores re-
quire D.L.# plus SIN, and they can sell this info to anyone at
the present state of the law. Banks have gotten really nasty of
late, and are requiring a credit card number just to open a chequing
(or checking if you are south of the border) account. I was required
to sign a statement when opening a simple chequing/savings account
at a credit union which gave them permission to "acquire any information
deemed necessary to verify the information provided, or to protect the
credit union", and that such information could be transmitted to
other financial institutions, branches of their company, and other
companies they own (which includes and investment and insurance
division). I am fighting to change this now, as the next shareholders
meeting is in mid-April and i have submitted several resolutions to
change the current constitution of the credit union.
Anyway, I know this has been long winded... sorry. I would be most
interested in anyone who can provide inform
anyone who can provide information on laws in the states or elsewhere
which deal with issues such as these. I would like to know what other
legislation is out there to protect the privacy of personal information
in either the public or private sector.
Thanks... please E-Mail me.
%%%%%%%%%%%%%%%%%%%
NOTES FROM CYBERSPACE - ARTICLE 2
By Anonymous
Subject: What is being done about Privacy???
I have been doing some reading about the available databases, I was
shoked at some of the services that are listed. Just to name a
few ....
* Searches for SSN's, lists name, address, last transaction
* Searches for Mass Mailings and magazine subscriptions
* change of address, (someone also mentioned PO Box info!!)
* for most states - car ownership and Drivers lisc history
* Top of Credit reports (name, address, SSN, employer)
* neighborhood searches, demographics (income, ect ..)
* National Phone listings
* Airplane and Boat ownership
* Professional Lisc's
* ect, ect, ......
I have seen alot of talk about not giving out a SSN, but whats the point?
It seems like it is already too late. I haven't seen the info in all of
these datbases, but it seems as though Big Brother is already here.
I am sure many people in this group already knew about alot of this. I
am curious if anything is actually being done about this? I have seen
the EFF do alot against clipper; are they doing anything against these
databases that are open to the public (for a price)??? The clipper
petition got alot of names, couldn't the same be done about these
databases. I would bet most people have no idea all this personal
information is available. They would be just as shocked as I was and
you could get more signatures than the clipper petition.
%%%%%%%%%%%%%%%%%%
NOTES FROM CYBERSPACE - ARTICLE 3
By Anonymous
Subject: Comments on Wall Street Journal / NSA 'cryptomathematician'
In the Tuesday March 22, 1994 issue of the Wall Street Journal appeared
an interview by reporter Bob Davis of Clinton Brooks the head of the
NSA effort for an Escrow Encryption system commonly associated with
Clipper. In the article Mr. Brooks relates there efforts to produce
such as system came to fruition in a timely fashion with respect to
AT&T desiring to sell secure voice systems.
Having spoken with several people marketing AT&T Surety Communications
products, it appears that indeed, NSA 'balked', and not just over the
point of export licensing for DES based products. AT&T also sells several
proprietary encryption algorithms, including one approved for export
under ITAR. These all predate clipper. One of the marketing types
at AT&T Surety indicated that NSA didn't want DES in secure voice
products and hinted at international agreements to limit proliferation
of DES applications, although apparently no evidence of this has arisen
through John Gilmores FOIA requests.
If AT&T was ready to sell two tier products domestic/overseas, why
the jump to clipper? They offered a captive market, the Justice Department,
which has paid in the neighborhood of $8 million dollars from asset siezures
for a couple thousand clipper phone units probably at a higher price
than they would sell for on the open market. They have also gained the
promise of a single tiered product, although the rest of the STUIII
compatible products are still available. AT&T appears hard pressed to
find a nongovernment related market place for secure voice, without
significant non-Justice shipping. Part of this may be cost, a Telephone
Security Device costs more than an AT&T videophone while having a lower
complexity. A popular MODEM manufacturer Paradyne, a subsidiary of
AT&T, sells a MODEM with more than half the complexity of the Telephone
Security Device for $179 retail. The videophone is selling for around
$940 while the TSD 3600, a unit sitting between your phone and the wall
sells for $1050.
AT&T appears to have had a hard time waiting for MYK-78e chip shipments
from Mykotronx. They received the initial production lot in October or
November, following a protracted nonreassuring rubber stamp review
process and a NIST Encryption Escrow non Standard release, which from
the WSJ article was staged simple for AT&Ts benefit.
That and we get a secretive governmental agency starting an unprecedented
propaganda effort. Is this a case of our government doing more for us than
we would possibly ask? Perhaps we should ask why.
%%%%%%%%%%%%%%%%%%%%
NOTES FROM CYBERSPACE - ARTICLE 4
By Anonymous
Subject: Creative Freedom / Restrictions on Free Communcication
I am aware of a case where a student made significant headway
in development of techniques which accelerate convergence of
algorithms used in computer arbitrage. The advisor told
the student that this was amazing and great! But then the
advisor tried to get the student to change the name of the
technique to something that would make it sound like the
advisor thought of it. Then, on the second idea the student
mentioned, the advisor exclaimed how great it was and then
suddenly turned around and began to try to talk the student
out of the idea. But, the student had already convinced his/herself
of the validity and value and stood ground on the second idea.
When the student began to e-mail others in the community, the
advisor had an irrational reaction. The advisor required the
student to consult with (the advisor) before discussing his/her
results vi e-mail with others in the community. Also, the advisor
said that such discussions should not leave the local research
group.
TELL ME, IS THIS AN ETHICAL REQUIREMENT??
WHAT DO YOU THINK IS GOING ON HERE?
%%%%%%%%%%%%%%%%%%%%%
NOTES FROM CYBERSPACE - ARTICLE 5
From: James Ebright (jebright@magnus.acs.ohio-state.edu)
Subject: Re: Wall Street Journal Interview with NSA 'cryptomathematician'
My response to AT&T: I switched to MCI today... (Who else is listening
to my true voice?) You can switch too... call 800-624-8030.
My response to NSA: I still don't think folks are going to buy
many guaranteed tapable 'secure' phones.
But this shows the power of entrenched bureacuracies who have a vested
interest in intrusive government. If the Cantwell bill passes, this
mugging of US businesses via ITARs would be impossible.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
KIDNAPPED BY THE STATE / INTERNET NOT SAFE
By Matthew A. Mihaly (mam6@cornell.edu)
O.k., here is the situation. I had been contemplating suicide and
posted my situation on alt.romance.chat (lot's of nice people replied,
btw.) I also posted something on alt.drugs (under the name "Matt" asking
for some useful drugs for the purpose of killing myself (which, for any
of you fu*king ass-sucking cops out there: I am not saying I want to).
The Internet is not safe. Two days (on 3/14) after I posted it, a couple
of cops show up at my door, along with some nut from the mental health
department of Tompkins County (that's this county obviously) and tell me
I have to come with them to the hospital for "an hour, maybe an hour and
a half." I said "What if I don't choose to go." They replied that I
don't have a choice. They informed me that I'm going with them because
some people read my internet message and were concerned. I was in the
middle of conducting some business on the phone and asked if I could make
a couple of phone calls first but the pigs replied that no, I couldn't.
In effect, they kidnapped me.
So, they drive me to Tompkins County Hospital where I am forced to sit in
a room for 2 hours (with a couple of goons waiting outside to make sure I
don't try to run). Finally, some bitch comes in and talks to me for all
of 4 or 5 minutes. I explicity told her that I am not planning on
killing myself (partly due to the 20 or 30 supportive e-mail messages I
got from people). She said it's not here decision whether I'm held or
not but that she would go give the doctor her opinion (she left me with
the impression that she would tell me to let me go.) The doctor came in,
after another 45 minutes of waiting) and talked to me for maybe 2
minutes. I said I wanted a lawyer. He said "Sure, you can always have a
lawyer." and walked away mumbling something about always being able to
have a lawyer. Apparently he was being sarcastic because no lawyer ever
showed up. After another 20 minutes or so, some guy pokes his head in
the room and asks me who I am. I didn't tell me of course, but 2 minutes
later, some little geek walks in, sits down and says "I don't know if
you've heard yet, but you are being transfered to a mental health ward."
I say something to the effect of f*ck you I'm not going anywhere. By
this time, there were a couple of goons in the room also. They told me
that I could either go of my own free will or they would drag me there.
Noticing that there were about six other guys standing out in the hall
way I said I'd go. I then stood up, told the little geek that I hope he
goes home tonight and suffers the worst kind of hell (or something to
that effect). Then, one of the goons grabs me and drags me out into the
hallway where I see one of those portable beds for ambulances with
restraining devices on them.
AT this point I was absolutely livid with rage. No way are you f*ckers
restraining me I said. Well, they said I had to be restrained because I
had just threatened the little geek with violence (not true, I just
wished hell on him). So, they strap me down (I cooperated but was
berating them the whole time) and put me in the ambulance and left a guy
in the back to watch me. I was telling him what a dick he is and how big
a violation of my human rights this was and he just told me to shut up.
After a period of silence I apologized to him and told him I didn't mean
anything personal. He responded with something to the effect of "Well
f*ck you, I dont' like your tone of voice." I asked him, very
sarcastically, if he was pleased with how well he was doing his job. He
said "Look, I'm just doing my job here." Yeah, yeah I replied, so were
the Nazi death-camp guards.
Anyhow, they get me to this hospital (Soldiers and Sailors Memorial in
Penn Yan, NY). They made me strip and put on stupid hospital clothes.
By this time it was 8:30 at night (I got picked up at about 4:30) and no
one had given me anything to eat. They gave me some graham crackers at
this point. Whoopee.
So anyhow, I wait for an hour or so and some guy named Tom Rice (yeah, I
hope you're reading this you cocksucker) comes in and talks to me for
about 3 minutes and says "o.k., I'm admitting you." Well, I was pretty
pissed as you might imagine.
So, they bring me upstairs, give me a room, etc., etc. and expect me to
go to sleep until morning. Yeah, whatever. Like I can sleep when I'm a
prisoner. I spent the whole night planning a way to escape (pathetic
security cause I was in the wing where people with things like depression
are kept, not the criminally insane wing). At 6:30 in the morning, they
come in and tell me they are going to take blood from me. When I said no
they said they were going to anyhow.
Well, the long and short of this all is that I ended up spending two
nights in a f*cking mental hospital because A) some f*ckers at Cornell
University are idiots (I know at least one of their names so far... Leeza
Casinelli, a therapist at our health services.. she is a fascist pig,
don't go see her) and B) the idiot psychiatrist I saw the next morning
said they have to keep me another night for observation. Nevermind the
fact that I was obviously fine and the rest of the staff knew it. The
food there sucked, I was confined in EXTREME boredom (what, they expect
me to read 2 year old Time magazines all day???), missed many classes, a
test, and some papers. Furthermore, I do alot of investing and lost a
significant sum during this time.
I guess my point in all this is that the Internet is definitely not safe,
even if you aren't breaking the law. I got back about 2 hours ago from
that f*cking place. I'm thinking about suing Cornell U (they are the
ones who started all this) and maybe the state of New York. The way I
look at it, I was held without indictement, without warrant, and without
legal representation based on evidence contained on a Usenet posting. I
mean c'mon. Like even 1/8 of the stuff posted here should be taken
seriously. Take a look at alt.devilbunnies for instance. A completely
amusing group, but not something to take seriously. Anyhow, I go to
Cornell and live in Ithaca. I keep on trying to contact the ACLU here
but no one ever answers. I've only gotten a busy signal once too. Also,
are there any lawyers around here that someone can recommend for me?
I was kidnapped and imprisoned for two days by the state. The state, not
just of America, but the state of the world must be destroyed. Power,
concentrated like this is absolutely tyrannical. I am not suicidial
(although I was at one point) and these morons should have realized this.
Be careful what you post and look into PGP encryption. F*ck the
government and f*ck you you Cornell U. bastards. I hope you rot in the
worst part of hell for what you put me through. If you want me to be
depressed, go ahead, do it again. Make me miss classes, tests, and lose
money.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
LEGION OF DOOM T-SHIRTS!! Get 'em
By Chris Goggans <phrack@well.sf.ca.us>
After a complete sellout at HoHo Con 1993 in Austin, TX this past
December, the official Legion of Doom t-shirts are available
once again. Join the net luminaries world-wide in owning one of
these amazing shirts. Impress members of the opposite sex, increase
your IQ, annoy system administrators, get raided by the government and
lose your wardrobe!
Can a t-shirt really do all this? Of course it can!
--------------------------------------------------------------------------
"THE HACKER WAR -- LOD vs MOD"
This t-shirt chronicles the infamous "Hacker War" between rival
groups The Legion of Doom and The Masters of Destruction. The front
of the shirt displays a flight map of the various battle-sites
hit by MOD and tracked by LOD. The back of the shirt
has a detailed timeline of the key dates in the conflict, and
a rather ironic quote from an MOD member.
(For a limited time, the original is back!)
"LEGION OF DOOM -- INTERNET WORLD TOUR"
The front of this classic shirt displays "Legion of Doom Internet World
Tour" as well as a sword and telephone intersecting the planet
earth, skull-and-crossbones style. The back displays the
words "Hacking for Jesus" as well as a substantial list of "tour-stops"
(internet sites) and a quote from Aleister Crowley.
--------------------------------------------------------------------------
All t-shirts are sized XL, and are 100% cotton.
Cost is $15.00 (US) per shirt. International orders add $5.00 per shirt for
postage.
Send checks or money orders. Please, no credit cards, even if
it's really your card.
Name: __________________________________________________
Address: __________________________________________________
City, State, Zip: __________________________________________
I want ____ "Hacker War" shirt(s)
I want ____ "Internet World Tour" shirt(s)
Enclosed is $______ for the total cost.
Mail to: Chris Goggans
603 W. 13th #1A-278
Austin, TX 78701
These T-shirts are sold only as a novelty items, and are in no way
attempting to glorify computer crime.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
PUBLIC vs. MASS MEDIA: THE CASE OF THE INTERNET
By Jim O'Loughlin (v049lnwe@ubvms.cc.buffalo.edu)
In its initial configuration, the Internet was designed to be
neither a public or a mass media. Twenty years ago, the ARPAnet, as
it was then called, was a U.S. Department of Defense research experiment
into how to create a computer network that could withstand partial
outages, as from a bomb attack. (Krol 11) In the mid 1980s, the National
Science Foundation created a network built on the ARPAnet technology that
for the first time expanded access beyond computer researchers and
government employees. The NSF promoted universal access by connecting
universities only if they had plans to promote Internet use. (12)
The Internet, as a network of networks, began expanding rapidly, becoming
international and spawning commercial imitators such as Prodigy, CompuServe,
and America Online.
Currently, strictly commercial ventures are banned on the Internet,
which is still officially only used for research purposes. However, its
growing popularity and commercial potential have whetted the appetite of
business. Much of the current discussion about the "information
superhighway" revolves around how to turn the Internet into a source of
commercial profit. Lost in much of the information superhighway rhetoric
is the nature of most of the "traffic" on the Internet. For while media
discussion often portrays the Internet as a science fiction version of
Cable TV, much of its current popularity is due to its ability to
facilitate discussions between people throughout the globe. To understand
what is at stake in the transition from the Internet to the information
superhighway, it is necessary to consider the cultural position of the
Internet, or, to use C. Wright Mills terminology from *The Power Elite*,
the extent to which the Internet is a public vs. a mass media.
Though Mills's model focuses on the extent to which a population is a
public or a mass, I believe it can be applied to media and its use.
First, the formal media of communication need to be examined for the
proportion of expressed to received opinions. In a public, "virtually
as many people express opinions as receive them." (303) In essence,
opinions would be communicated through direct discussions. In a mass,
"far fewer people express opinions than receive them." (304) The extreme
of the latter state would be a case in which "one person talks impersonally
through a network of communications to millions of listeners and viewers."
(302)
The second standard is the extent to which an opinion can be
responded to without "internal or external reprisals being taken." (302)
Public communications would be organized to facilitate the immediate and
effective response to any publicly expressed opinion without fear of
retribution. The conditions of mass communications make it impossible for
any individual to "answer back immediately or with any effect." (304)
The third term of measurement would be the degree to which the
formation of opinions can lead to social action. In a public realm,
opinions can readily lead to effective action, even against the powers
that be. Authorities retain tight control over opinion in a mass sphere
and can organize and control any attempts at such action.
Finally, there is the extent to which "institutionalized authority,
with its sanctions and controls, penetrates the public." (303) Is a
particular media one in which the public has true autonomy? In an ideal
public, "authoritative institutions do not penetrate the public," (304) while
in a mass, people have no autonomy from institutions of power and are
frequently manipulated.
The limitations of these terms need to be understood. They represent
extreme types, "social reality is always some sort of mixture of the two.
Yet we cannot readily understand just how much of which is mixed into our
situation if we do not first understand, in terms of explicit dimensions,
the clear-cut and extreme types." (302) The Internet functions in a
combination of mass and public roles. Importantly, however, this paper
will argue that much of what is involved in the creation of the information
superhighway will turn the Internet into more of a mass media, to the
detriment of the extent to which the Internet is currently a public media.
The Internet is probably most noteworthy as a public media for the
extent to which people have equal access to expressing and receiving
opinions. Though large parts of the Internet exist to disperse information
(tools such as GOPHER and MOSAIC are designed to facilitate access to
databases and other information banks), much of the Internet is made up of
bulletin boards, salons, or discussion groups around cultural, political or
leisure topics (such as alt.cyberspace, soc.politics or
rec.food.veg.cooking). Though some groups are controlled by moderators,
the majority have no limitations on what can be posted. In a newsgroup,
there are usually a number of parallel conversations (or threads) going
on at any one time. In a recent overview of commercial on-line services
in *Newsweek*, it was noted that people seem more interested in
communication than services. "People want to talk to one another."
(Meyer 39) On-line shopping and banking facilities have had a less than
stellar reception, however, discussion groups have been hugely popular.
More than 100,000 messages are posted on the Prodigy system every day.
On the Internet, the equivalent of dozens of full-length novels are
written on a daily basis. This interchange, or the extent to which
authorship has become a public role, is perhaps the Internet's most
important feature.
A concern with the coming of the information superhighway is the
extent to which these discussion groups will be affected. As the Internet
becomes increasingly privatized, it comes questionable whether or not these
groups will retain their current form. Some businesses have attempted to
capitalize on their popularity. Microsoft is launching a Complete Baseball
newsgroup that features discussions, fantasy-baseball leagues, and access to
a wealth of statistical information. According to Barry Berkov of
CompuServe, "this is where the growth is... Anything addictive is good."
(quoted in Meyer 39) Groups based on entertainment or leisure topics
(particularly ones in which certain people have an obsessive interest) may
attract capital. It remains questionable what would happen to less
"addictive" or more politically inclined groups.
At its best, discussion on the Internet operates on a civil
libertarian model. One is free to post whatever one wishes and free to
participate in any of the discussions. However, the computer technology
upon which the Internet relies also makes surveillance and reprisals a
simple matter. It is relatively easy for any group to monitor a conversation
(some on the Internet have suggested that governmental agencies do just
that), and a simple matter for systems operators at any computer site to
tap into one's account or to withdraw one's Internet privileges.
Though cases of direct governmental intervention so far are few, there
are cases such as the 18 year old who was arrested for threatening the
president's life over electronic mail (president@whitehouse.gov).
However, one of the most ominous recent developments has been the
proposed "Clipper chip." A Clinton administration proposal to standardize
encryption chips was recently developed in consultation with the National
Security Agency. Telephones containing the Clipper chip would send out "a
string of bits called a law enforcement field. Its purpose is to enable the
police and the FBI to decode conversations that they wiretap pursuant to
court order." (Wallich 116) Both computer civil libertarians and major
software companies have been opposed to this proposal (the former for
reasons of privacy, the latter for reasons of international competitiveness).
The Clinton administration is currently rethinking the policy, nevertheless,
the technology and means does exist to give the government an exclusive
"back-door" into cellular telephones.
The third criterion for measurement, the extent to which the
formation of opinions can lead to social action, is the one in which the
jury is still out on the Internet. Few traditional political groups are
entirely "online," and the physical distance between Internet participants
raises serious questions as to its use in organizing. Is cyberspace a
locale within which social action is likely or possible? Has it become
a medium of a public sphere in which people can engage public authorities
"in a debate over the general rules governing relations in the basically
privatized but publicly relevant sphere of commodity exchange and social
labor?" (Habermas 27) Computer Professionals for Social Responsibility
circulated an electronic petition in opposition to the Clipper Chip
proposal. This petition was distributed to a wide variety of newsgroups
and eventually forwarded to the president. Such examples, however, are
the exception rather than the rule. Calls to action are rare on the
Internet. The question would be whether that is a carry over from the
state of the world outside of cyberspace or endemic to shifting populations
of the Internet.
The final issue to consider is the role of institutionalized
authority. No single authority governs the Internet. A council of elders
(called the Internet Architecture Board) from the Internet Society has
responsibility for the technical management and direction of the Internet.
(Krol 14) However, this group has almost no control over the actual content
of materials over the Internet. Often the metaphor used to describe the
rules of the Internet is "frontier justice." "The two overriding premises
of network ethics are: Individualism is honored and fostered.
The network is good and must be protected." (35) Such a definition seems
a bit romanticized but it does capture the suspicion of any authorial
intrusion into cyberspace. Many recognize that the computer technology
which brought about the Internet also makes stricter governmental control
a possibility.
As the Internet slowly becomes repaved into the Information
superhighway, it will be important to watch the extent to which people are
assumed to be either a mass or a public. In the former case, we can expect
governmental concern about consumer rights, or the ability of people to have
the ability to obtain as much information as possible for a reasonable price.
Such a mindset governs most federal discussions about cable television
regulation. However, if the people are considered to constitute a public,
then concern will be raised about what Jurgen Habermas has termed
"participatory rights" (229) These are not simply rights which protect
people from something (often the intrusion of government), but rights which,
in this case, ensure people's ability to partake in freedom of assembly and
association through the medium of the Internet.
Works Cited
Habermas, Jurgen. *The Structural Transformation of the Public Sphere: An
Inquiry into a Category of Bourgeois Society* Cambridge: MIT Press,
1993 (1962).
Krol, Ed. *The Whole Internet: User's Buide & Catalog* Sebastopal, CA:
O'Reilly & Associates, Inc., 1992.
Meyer, Michael. "The 'On-Line' War Heats Up." *Newsweek* 28 March
1994: 38-9.
Mills, C. Wright. *The Power Elite* New York: Oxford University Press,
1956.
Wallich Paul. "Clipper Runs Aground." *Scientific American* August 1993:
116.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
BRUCE STERLING'S REMARKS AT CFP '94
Posted By Carl Kadie (kadie@eff.org)
Comments to Bruce Sterling (bruces@well.sf.ca.us)
LITERARY FREEWARE: NOT FOR COMMERCIAL USE
I've been asked to explain why I don't worry much about the
topics of privacy threat raised by this panel. And I don't. One reason
is that these scenarios seem to assume that there will be large,
monolithic bureaucracies (of whatever character, political or
economic) that are capable of harnessing computers for one-way
surveillance of an unsuspecting populace. I've come to feel that
computation just doesn't work that way. Being afraid of monolithic
organizations especially when they have computers, is like being
afraid of really big gorillas especially when they are on fire.
The threat simply doesn't concur with my historical
experience. None of the large organizations of my youth that
compelled my fear and uneasy respect have prospered. Let me just
roll off a few acronyms here. CCCP. KGB. IBM. GM. AEC. SAC.
It was recently revealed that the CIA has been of actual
negative worth -- literally worse than useless -- to American
national security. They were in the pockets of the KGB during our
death struggle with the Soviet Union -- and yet we still won.
Japanese zaibatsus -- Japan Inc. -- the corporate monoliths of Japan
-- how much hype have we heard about that lately? I admit that
AT&T has prospered, sort of -- if you don't count the fact that
they've hollowed themselves out by firing a huge percentage of their
personnel.
Suppose that, say, Equifax, turned into an outright fascist
organization and stated abusing privacy in every way they could.
How could they keep that a secret? Realistically, given current
employment practices in the Western economies, what kind of
loyalty could they command among their own personnel? The low
level temps have no health insurance and no job security; the high
level people are ready to grab their golden parachutes and bail at any
time. Where is the fanatically loyal army of gray flannel
organization men who will swear lifelong allegiance to this
organization, or *any* organization in this country with the possible
exception of the Mafia?
I feel that the real threat to our society isn't because people
are being surveilled but because people are being deliberately
ignored. People drop through the safety nets. People stumble
through the streets of every city in this country absolutely wrapped
in the grip of demons, groping at passersby for a moment's attention
and pity and not getting it. In parts of the Third World people are
routinely disappeared, not because of high-tech computer
surveillance but for the most trivial and insane reasons -- because
they wear glasses, because they were seen reading a book -- and if
they survive, it's because of the thin thread of surveillance carried
out by Amnesty International.
There may be securicams running 24 hours a day all around us,
but mechanical surveillance is not the same as people actually
getting attention or care. Sure, rich people, like most of us here, are
gonna get plenty of attention, probably too much, a poisonous
amount, but in the meantime life has become so cheap in this society
that we let people stagger around right in front of us exhaling
tuberculosis without treatment. It's not so much information haves
and have-nots and watch and watch-nots.
I wish I could speak at greater length more directly to the
topic of this panel. But since I'm the last guy to officially speak at
CFP IV, I want the seize the chance to grandstand and do a kind of
pontifical summation of the event. And get some irrepressible
feelings off my chest.
What am I going to remember from CFP IV? I'm going to
remember the Chief Counsel of NSA and his impassioned insistence
that key escrow cryptography represents normality and the status
quo, and that unlicensed hard cryptography is a rash and radical leap
into unplumbed depths of lawlessness. He made a literary reference
to BRAVE NEW WORLD. What he said in so many words was, "We're
not the Brave New World, Clipper's opponents are the Brave New
World."
And I believe he meant that. As a professional science fiction
writer I remember being immediately struck by the deep conviction
that there was plenty of Brave New World to go around.
I've been to all four CFPs, and in my opinion this is the darkest
one by far. I hear ancestral voices prophesying war. All previous
CFPs had a weird kind of camaraderie about them. People from the
most disparate groups found something useful to tell each other.
But now that America's premiere spookocracy has arrived on stage
and spoken up, I think the CFP community has finally found a group of
outsiders that it cannot metabolize. The trenchworks are going up
and I see nothing but confrontation ahead.
Senator Leahy at least had the elementary good sense to
backpedal and temporize, as any politician would when he saw the
white-hot volcano of technological advance in the direct path of a
Cold War glacier that has previously crushed everything in its way.
But that unlucky flak-catcher the White House sent down here
-- that guy was mousetrapped, basically. That was a debacle! Who
was briefing that guy? Are they utterly unaware? How on earth
could they miss the fact that Clipper and Digital Telephony are
violently detested by every element in this community -- with the
possible exception of one brave little math professor this high?
Don't they get it that everybody from Rush Limbaugh to Timothy
Leary despises this initiative? Don't they read newspapers? The
Wall Street Journal, The New York Times? I won't even ask if they
read their email.
That was bad politics. But that was nothing compared to the
presentation by the gentleman from the NSA. If I can do it without
losing my temper, I want to talk to you a little bit about how
radically unsatisfactory that was.
I've been waiting a long time for somebody from Fort Meade to
come to the aid of Dorothy Denning in Professor Denning's heroic and
heartbreaking solo struggle against twelve million other people with
email addresses. And I listened very carefully and I took notes and I
swear to God I even applauded at the end.
He had seven points to make, four of which were disingenuous,
two were half-truths, and the other was the actual core of the
problem.
Let me blow away some of the smoke and mirrors first, more
for my own satisfaction than because it's going to enlighten you
people any. With your indulgence.
First, the kidporn thing. I am sick and tired of hearing this
specious blackwash. Are American citizens really so neurotically
uptight about deviant sexual behavior that we will allow our entire
information infrastructure to be dictated by the existence of
pedophiles? Are pedophiles that precious and important to us? Do
the NSA and the FBI really believe that they can hide the structure of
a telephone switch under a layer of camouflage called child
pornography? Are we supposed to flinch so violently at the specter
of child abuse that we somehow miss the fact that you've installed a
Sony Walkman jack in our phones?
Look, there were pedophiles before NII and there will be
pedophiles long after NII is just another dead acronym. Pedophiles
don't jump out of BBSes like jacks in the box. You want to impress
me with your deep concern for children? This is Chicago! Go
down
to the Projects and rescue some children from being terrorized and
recruited by crack gangs who wouldn't know a modem if it bit them
on the ass! Stop pornkidding us around! Just knock it off with that
crap, you're embarrassing yourselves.
But back to the speech by Mr. Baker of the NSA. Was it just me,
ladies and gentlemen, or did anyone else catch that tone of truly
intolerable arrogance? Did they guy have to make the remark about
our missing Woodstock because we were busy with our
trigonometry? Do spook mathematicians permanently cooped up
inside Fort Meade consider that a funny remark? I'd like to make an
even more amusing observation -- that I've seen scarier secret
police agencies than his completely destroyed by a Czech hippie
playwright with a manual typewriter.
Is the NSA unaware that the current President of the United
States once had a big bushel-basket-full of hair? What does he
expect from the computer community? Normality? Sorry pal, we're
fresh out! Who is it, exactly, that the NSA considers a level-headed
sober sort, someone to sit down with and talk to seriously? Jobs?
Wozniak? Gates? Sculley? Perot -- I hope to God it's not Perot.
Bob Allen -- okay, maybe Bob Allen, that brownshoe guy from AT&T.
Bob Allen seems to think that Clipper is a swell idea, at least he's
somehow willing to merchandise it. But Christ, Bob Allen just gave
eight zillion dollars to a guy whose idea of a good time is Microsoft
Windows for Spaceships!
When is the NSA going to realize that Kapor and his people and
Rotenberg and his people and the rest of the people here are as good
as people get in this milieu? Yes they are weird people, and yes they
have weird friends (and I'm one of them), but there isn't any
normality left for anybody in this society, and when it comes to
computers, when the going got weird the weird turned pro! The
status quo is *over!* Wake up to it! Get used to it!
Where in hell does a crowd of spooks from Fort Meade get off
playing "responsible adults" in this situation? This is a laugh and a
half! Bobby Ray Inman, the legendary NSA leader, made a stab at
computer entrepreneurism and rapidly went down for the third time.
Then he got out of the shadows of espionage and into the bright
lights of actual public service and immediately started gabbling like
a daylight-stricken vampire. Is this the kind of responsive public
official we're expected to blindly trust with the insides of our
phones and computers? Who made him God?
You know, it's a difficult confession for a practiced cynic like
me to make, but I actually trust EFF people. I do; I trust them;
there, I've said it. But I wouldn't trust Bobby Ray Inman to go down
to the corner store for a pack of cigarettes.
You know, I like FBI people. I even kind of trust them, sort of,
kind of, a little bit. I'm sorry that they didn't catch Kevin Mitnick
here. I'm even sorry that they didn't manage to apprehend Robert
Steele, who is about one hundred times as smart as Mitnick and ten
thousand times as dangerous. But FBI people, I think your idea of
Digital Telephony is a scarcely mitigated disaster, and I'll tell you
why.
Because you're going to be filling out your paperwork in
quintuplicate to get a tap, just like you always do, because you don't
have your own pet court like the NSA does. And for you, it probably
is going to seem pretty much like the status quo used to be. But in
the meantime, you will have armed the enemies of the United States
around the world with a terrible weapon. Not your court-ordered,
civilized Digital Telephony -- their raw and tyrannical Digital
Telephony.
You're gonna be using it to round up wiseguys in streetgangs,
and people like Saddam Hussein are gonna be using it to round up
democratic activists and national minorities. You're going to
strengthen the hand of despotism around the world, and then you're
going to have to deal with the hordes of state-supported
truckbombers these rogue governments are sending our way after
annihilating their own internal opposition by using your tools. You
want us to put an axe in your hand and you're promising to hit us
with only the flat side of it, but the Chinese don't see it that way;
they're already licensing fax machines and they're gonna need a lot
of new hardware to gear up for Tiananmen II.
I've talked a long time, but I want to finish by saying
something about the NSA guy's one real and actual argument. The
terrors of the Brave New World of free individual encryption. When
he called encryption enthusiasts "romantic" he was dead-on, and
when he said the results of spreading encryption were unpredictable
and dangerous he was also dead-on, because people, encryption is not
our friend. Encryption is a mathematical technique, and it has about
as much concern for our human well-being as the fact that seventeen
times seventeen equals two hundred and eighty-nine. It does, but
that doesn't make us sleep any safer in our beds.
Encrypted networks worry the hell out of me and they have
since the mid 1980s. The effects are very scary and very
unpredictable and could be very destabilizing. But even the Four
Horsemen of Kidporn, Dope Dealers, Mafia and Terrorists don't worry
me as much as totalitarian governments. It's been a long century,
and we've had enough of them.
Our battle this century against totalitarianism has left
terrible scars all over our body politic and the threat these people
pose to us is entirely and utterly predictable. You can say that the
devil we know is better than the devil we don't, but the devils we
knew were ready to commit genocide, litter the earth with dead, and
blow up the world. How much worse can that get? Let's not build
chips and wiring for our police and spies when only their police and
spies can reap the full benefit of them.
But I don't expect my arguments to persuade anyone in the NSA.
If you're NSA and I do somehow convince you, by some fluke, then I
urge you to look at your conscience -- I know you have one -- and
take the word to your superiors and if they don't agree with you --
*resign.* Leave the Agency. Resign now, and if I'm right about
what's coming down the line, you'll be glad you didn't wait till later.
But even though I have a good line of gab, I don't expect to
actually argue people out of their livelihood. That's notoriously
difficult.
So CFP people, you have a fight on your hands. I'm sorry that a
community this young should have to face a fight this savage, for
such terribly high stakes, so soon. But what the heck; you're
always bragging about how clever you are; here's your chance to
prove to your fellow citizens that you're more than a crowd of net-
nattering MENSA dilettantes. In cyberspace one year is like seven
dog years, and on the Internet nobody knows you're a dog, so I figure
that makes you CFP people twenty-eight years old. And people, for
the sake of our society and our children you had better learn to act
your age.
Good luck. Good luck to you. For what it's worth, I think you're
some of the best and brightest our society has to offer. Things look
dark but I feel hopeful. See you next year in San Francisco.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
[BOOK REVIEW] DOING BUSINESS ON THE INTERNET: HOW THE ELECTRONIC
HIGHWAY IS TRANSFORMING AMERICAN COMPANIES
By Steve Brock (sbrock@teal.csn.org)
DOING BUSINESS ON THE INTERNET: HOW THE ELECTRONIC HIGHWAY IS
TRANSFORMING AMERICAN COMPANIES by Mary J. Cronin. Van Nostrand
Reinhold, 115 Fifth Avenue, N.Y., NY 10003, (800) 544-0550, (212)
254-9499 FAX. Index, bibliography, list of service providers. 320
pp., $29.95 paper. 0-442-01770-7
REVIEW
Buying and selling on the Internet? Deals being made? Call
the net police! Seriously, commercial traffic is only forbidden on
the NSFnet - the Internet backbone, and restrictions there are
scheduled to disappear by the end of this year, when the National
Science Foundation (NSF) turns its administration of NSFnet over to
commercial organizations. Sensing this transition, companies are
flocking to the Internet. In a recent survey, 63% of Internet
traffic worldwide is by businesses or their research labs.
What can businesses get from the Internet? Mary Cronin, in
her new book "Doing Business on the Internet," has many answers.
After an overview of the mother of all networks and tips for
choosing a service provider, she outlines strategies for seeking
and exchanging information, increasing productivity, and increasing
communications between departments and with customers.
Another asset for businesses is that information can be
retrieved swiftly. While the Internet has gone through many
permutations, businesses have business to do right now, and Cronin
says that companies with an Internet connection can "receive the
advantages of high-speed telecommunications and continuously
evolving technology while learning invaluable lessons about the
management of networked organizations."
While a few may desire more information than the non-technical
overview Cronin provides, "Doing Business on the Internet" is a
solid introduction to networked communication and information
retrieval - the way business is going to be conducted from now on.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
GENERIC FLAME FORM
This form is a generic-all-purpose Flame Form (tm). Don't you just hate it
when you are reading Usenet and can't filter through all of the crap
posted by people who simply do not have a clue! Well, maybe this form
will cut down on some of that. If someone pisses you off on Usenet,
fill it out and mail it to 'em.
---------cut here-------------cut here-------------cut here-------------
*************************************************************************
GENERIC FLAME FORM
*************************************************************************
Dear Sir/Madam
I took exception to your recent post to alt.insert.newsgroup.here
MESSAGE CONTENT SECTION
It was (check all that apply):
___ lame.
___ stupid.
___ much longer than any worthwhile thought of which you may be capable.
Your attention is drawn to the fact that:
___ What you posted/said has been done before.
___ Not only that, it was also done better the last time.
___ Your post was a pathetic imitation of ______________________.
___ Your post contained commercial advertising.
___ Your post contained numerous spelling errors.
___ Your post contained multiple grammatical errors.
___ YOUR POST CONTAINED EXCESSIVE CAPITALIZATION AND/OR PUNCTUATION!!!!!
___ Your post was an obvious forgery.
___ It was done clumsily.
___ You quoted an article in followup and added no new text.
___ You quoted an article in followup and only added ___ lines of text.
___ You quoted an article in followup and only added the line "Me, too!!!"
___ You flamed someone who has been around far longer than you.
___ You flamed someone who is far more intelligent and witty than you.
___ Your lines are 80 columns wide or wider.
SIGNATURE SECTION
___ Your .sig is longer than four lines.
___ And your mailer truncated it.
___ Your .sig is ridiculous because (check all that apply):
___ You listed ___ snail mail address(es).
___ You listed a nine-digit ZIP code.
___ You listed ___ phone numbers for people to use in prank calls.
___ You included a stupid disclaimer.
___ Your pathetic attempt at being witty in the disclaimer failed.
___ Miserably.
You included:
___ a stupid self-quote.
___ a stupid quote from a net.nobody.
___ a Rush Limbaugh quote.
___ a Dan Quayle joke.
___ a Hitler reference
___ a reference to the world being 6000 years old
___ a reference to Beavis & Butthead.
___ lame ASCII graphic(s) (Choose all that apply):
___ USS Enterprise
___ Australia
___ The Amiga logo
___ Company logo
___ and you stated that you don't speak for your employer.
___ Bicycle
___ Bart Simpson
Furthermore:
___ You have greatly misunderstood the purpose of alt.insert.newsgroup.here
___ You have greatly misunderstood the purpose of the net.
___ You are a loser.
___ You must have spent your entire life on a milk carton to be this dumb!
___ This has been pointed out to you before.
___ It is recommended that you:
___ Stick to FidoNet and come back when you've grown up.
___ Find a volcano and throw yourself in.
___ Get a gun and shoot yourself.
___ Stop reading alt.censorship and get a life.
___ Stop sending email and get a life.
___ Learn the concepts of cross-posting and follow-ups
___ Try reading a newsgroup for a week (or more than an hour) before
posting
Additional comments:
Follow-ups to: /dev/null
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
McDonnell Douglas
AIRCRAFT-SPACE SYSTEMS-MISSILES
Important! Important!
Please fill out and mail this form within 10 days of purchase
Thank you for purchasing a McDonnell Douglas military aircraft. In
order to protect your new investment, please take a few moments to
fill out the warranty registration card below. Answering the survey
questions is not required, but the information will help us to develop new
products that best meet your needs and desires.
1. _Mr. _Mrs. _Ms. _Lt. _Gen. _Comrade _Classified _Other
First Name________________Initial____Last Name_______________________
Latitude________________________Longitude____________________________
Altitude____________________Password, Code Name, Etc.________________
2. Which model aircraft did you purchase?
_F-15 Eagle _F-16 Falcon _F-117A Stealth _Classified
3. Date of purchase: Month___________Day___________Year____________
4. Serial Number____________________
5. Please check where this product was purchased:
_Received as Gift/Aid Package
_Catalog Showroom
_Sleazy Arms Broker
_Mail Order
_Discount Store
_Government Surplus
_Classified
6. Please check how you became aware of the McDonnell Douglas product
you have just purchased:
_Heard loud noise, looked up
_Store Display
_Espionage
_Recommended by friend/relative/ally
_Political lobbying by Manufacturer
_Was attacked by one
7. Please check the three (3) factors which most influenced your
decision to purchase this McDonnell Douglas product:
_Style/Appearance
_Kickback/Bribe
_Recommended by salesperson
_Speed/Maneuverability
_Comfort/Convenience
_McDonnell Douglas Reputation
_Advanced Weapons Systems
_Price/Value
_Back-Room Politics
_Negative experience opposing one in combat
8. Please check the location(s) where this product will be used:
_North America
_Central/South America
_Aircraft Carrier
_Europe
_Middle East
_Africa
_Asia/Far East
_Misc. Third-World Countries
_Classified
9. Please check the products that you currently own, or intend to purchase in
the near future:
Product Own Intend to purchase
Color TV
VCR
ICBM
Killer Satellite
CD Player
Air-to-Air Missiles
Space Shuttle
Home Computer
Nuclear Weapon
10. How would you describe yourself or your organization? Check all
that apply:
_Communist/Socialist
_Terrorist
_Crazed (Islamic)
_Crazed (Other)
_Neutral
_Democratic
_Dictatorship
_Corrupt (Latin American)
_Corrupt (Other)
_Primitive/Tribal
11. How did you pay for your McDonnell Douglas product?
_Cash
_Suitcases of Cocaine
_Oil Revenues
_Deficit Spending
_Personal Check
_Credit Card
_Ransom Money
_Traveler's Check
12. Occupation You Your Spouse
Homemaker
Sales/Marketing
Revolutionary
Clerical
Mercenary
Tyrant
Middle Management
Eccentric Billionaire
Defense Minister/General
Retired
Student
13. To help us understand our Customers' lifestyles, please indicate
the interests and activities in which you and your spouse enjoy
participating on a regular basis:
Activity/Interest You Your Spouse
Golf
Boating/Sailing
Sabotage
Running/Jogging
Propaganda/Disinformation
Destabilizing/Overthrow
Default on Loans
Gardening
Crafts
Black Market/Smuggling
Collectibles/Collections
Watching Sports on TV
Wines
Interrogation/Torture
Household Pets
Crushing Rebellions
Espionage/Reconnaissance
Fashion Clothing
Border Disputes
Mutually Assured Destruction
Thanks for taking the time to fill out this questionnaire. Your
answers will be used in market studies that will help McDonnell
Douglas serve you better in the future -- as well as allowing you to
receive mailings and special offers from other companies, governments,
extremist groups, and mysterious consortia.
Comments or suggestions about our fighter planes? Please write to:
McDONNELL DOUGLAS CORPORATION
Marketing Department
Military Aerospace Division
P.O. Box 800
St. Louis, MO 55500
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
SOCIAL CONTRACT
between an individual and the United States Government
WHEREAS I wish to reside on the North American continent, and
WHEREAS the United States Government controls the area of the
continent on which I wish to reside, and
WHEREAS tacit or implied contracts are vague and therefore
unenforceable,
I agree to the following terms:
SECTION 1: I will surrender a percentage of my property to the
Government. The actual percentage will be determined by the Government and
will be subject to change at any time. The amount to be surrended may be
based on my income, the value of my property, the value of my purchases, or
any other criteria the Government chooses. To aid the Government in
determining the percentage, I will apply for a Government identification
number that I will use for all of my major financial transactions.
SECTION 2: Should the Government demand it, I will surrender my liberty for
a period of time determined by the Government and typically no shorter than
two years. During that time, I will serve the Government in any way it
chooses, including military service in which I may be called upon to
sacrifice my life.
SECTION 3: I will limit my behavior as demanded by the Government. I will
consume the drugs only permitted by the Government. I will limit my sexual
activities to those permitted by the Government. I will forsake religious
beliefs that conflict with the Government's determination of propriety.
More limits may be imposed at any time.
SECTION 4: In consideration of the above the Government will allow me to
find employment, subject to limits that will be subject to the Government.
These limits may restrict my choice of career or the wages I may accept.
SECTION 5: The Government will permit me to reside in the area of North
America that it controls. Also the Government will permit me to speak
freely, subject to limits determined by the Government's Congress and
Supreme Court.
SECTION 6: The Government will attempt to protect my life and my claim to
the property that it has allowed me to keep. I agree not to hold the
Government liable if it fails to protect me or my property.
SECTION 7: The Government will offer various services to me. The nature
and extent of these services will be determined by the Government and are
subject to change at any time.
SECTION 8: The Government will determine whether I may vote for certain
Government officials. The influence of my vote will vary inversely with the
number of voters, and I understand that it will be typically miniscule. I
agree not to hold any elected Government officials liable for acting against
my best interests or for breaking promises, even if those promises motivated
me to vote for them.
SECTION 9: I agree that the Government may hold me fully liable if I fail
to abide by the above terms. In that event, the Government may confiscate
any property that I have not previously surrended to it, and may imprison me
for a period of time determined by the Government. I also agree that the
Government may alter the terms of this contract at any time.
______________________________________ ______________________________
SIGNATURE DATE
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Electronic Petition to Oppose Clipper
Please Distribute Widely
On January 24, many of the nation's leading experts in cryptography
and computer security wrote President Clinton and asked him to
withdraw the Clipper proposal.
The public response to the letter has been extremely favorable,
including coverage in the New York Times and numerous computer and
security trade magazines.
Many people have expressed interest in adding their names to the
letter. In response to these requests, CPSR is organizing an
Internet petition drive to oppose the Clipper proposal. We will
deliver the signed petition to the White House, complete with the
names of all the people who oppose Clipper.
To sign on to the letter, send a message to:
Clipper.petition@cpsr.org
with the message "I oppose Clipper" (no quotes)
You will receive a return message confirming your vote.
Please distribute this announcement so that others may also express
their opposition to the Clipper proposal.
CPSR is a membership-based public interest organization. For
membership information, please email cpsr@cpsr.org. For more
information about Clipper, please consult the CPSR Internet Library -
FTP/WAIS/Gopher CPSR.ORG /cpsr/privacy/crypto/clipper
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
The President
The White House
Washington, DC 20500
Dear Mr. President:
We are writing to you regarding the "Clipper" escrowed encryption
proposal now under consideration by the White House. We wish to
express our concern about this plan and similar technical standards
that may be proposed for the nation's communications infrastructure.
The current proposal was developed in secret by federal agencies
primarily concerned about electronic surveillance, not privacy
protection. Critical aspects of the plan remain classified and thus
beyond public review.
The private sector and the public have expressed nearly unanimous
opposition to Clipper. In the formal request for comments conducted
by the Department of Commerce last year, less than a handful of
respondents supported the plan. Several hundred opposed it.
If the plan goes forward, commercial firms that hope to develop
new products will face extensive government obstacles. Cryptographers
who wish to develop new privacy enhancing technologies will be
discouraged. Citizens who anticipate that the progress of technology
will enhance personal privacy will find their expectations
unfulfilled.
Some have proposed that Clipper be adopted on a voluntary basis
and suggest that other technical approaches will remain viable. The
government, however, exerts enormous influence in the marketplace, and
the likelihood that competing standards would survive is small. Few
in the user community believe that the proposal would be truly
voluntary.
The Clipper proposal should not be adopted. We believe that if
this proposal and the associated standards go forward, even on a
voluntary basis, privacy protection will be diminished, innovation
will be slowed, government accountability will be lessened, and the
openness necessary to ensure the successful development of the
nation's communications infrastructure will be threatened.
We respectfully ask the White House to withdraw the Clipper
proposal.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
THE WHITE HOUSE
Office of the Press Secretary
For Immediate Release
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring
the Federal Government together with industry in a voluntary
program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement.
The initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links.
For too long, there has been little or no dialogue between our
private sector and the law enforcement community to resolve the
tension between economic vitality and the real challenges of
protecting Americans. Rather than use technology to accommodate
the sometimes competing interests of economic growth, privacy and
law enforcement, previous policies have pitted government against
industry and the rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to
protect electronic funds transfer. It is now being used to
protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used
by terrorists, drug dealers, and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has
been developed by government engineers. The chip represents a
new approach to encryption technology. It can be used in new,
relatively inexpensive encryption devices that can be attached to
an ordinary telephone. It scrambles telephone communications
using an encryption algorithm that is more powerful than many in
commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.
A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
"keys," numbers that will be needed by authorized government
agencies to decode messages encoded by the device. When the
device is manufactured, the two keys will be deposited separately
in two "key-escrow" data bases that will be established by the
Attorney General. Access to these keys will be limited to
government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no
new authorities to access the content of the private
conversations of Americans.
To demonstrate the effectiveness of this new technology, the
Attorney General will soon purchase several thousand of the new
devices. In addition, respected experts from outside the
government will be offered access to the confidential details of
the algorithm to assess its capabilities and publicly report
their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield
criminals and terrorists. We need the "Clipper Chip" and other
approaches that can both provide law-abiding citizens with access
to the encryption they need and prevent criminals from using it
to hide their illegal activities. In order to assess technology
trends and explore new approaches (like the key-escrow system),
the President has directed government agencies to develop a
comprehensive policy on encryption that accommodates:
the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.
The Administration is committed to working with the private
sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to
information. This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV
programming, and huge data files as easily as today's telephone
system transmits voice.
Since encryption technology will play an increasingly important
role in that infrastructure, the Federal Government must act
quickly to develop consistent, comprehensive policies regarding
its use. The Administration is committed to policies that
protect all American's right to privacy while also protecting
them from those who break the law.
Further information is provided in an accompanying fact sheet.
The provisions of the President's directive to acquire the new
encryption technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ISDN Contacts (RBOCS)
Editor's Note:
This is a list sent to us regarding getting more info on ISDN from the
RBOCS. We claim no accuracy to this info. I am sure that most, if not
all of it is valid. If you need ISDN info, feel free to contact one
of the organizations below.
COMPANY CONTACT TELEPHONE NO.
AMERITECH National ISDN Hotline 1-800-543-ISDN
BELL ATLANTIC ISDN Sales & Technology Center 1-800-570-ISDN
BELL SOUTH National ISDN HotLine 1-800-428-ISDN
CINCINNATI BELL ISDN Service Center 1-513-566-DATA
NYNEX ISDN Information Hotline 1-800-GET-ISDN
or Roy Ray 1-914-644-5152
PACIFIC BELL ISDN Information or Wayne Purves, 1-800-622-0735
NI-1 Product Mgr. 1-510-823-5118
SNET Donovan Dillon 1-203-553-2369
STENTOR (Canada) Steve Finlay 1-604-432-3527
SOUTHWESTERN BELL Cyd McInerney 1-314-235-1567
U S WEST Louise Walsh 1-303-965-7073
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
BELLSOUTH ANNOUNCES LARGEST GEOGRAPHIC DEPLOYMENT OF ISDN IN THE NATION
Advanced telecommuting telemedicine and education applications will become
the most widely available in the nation as a result of a technology
deployment plan announced today by BellSouth Telecommunications.
The nine-state introduction of a new way to provide Integrated Services
Digital Network (ISDN), which combines voice, data and video services,
begins in June 1994. ISDN can use advanced fiber optic cable or
traditional copper cable to transmit multiple services.
Until now, a customer who wished to use ISDN needed to be served by a
telephone office that was ISDN capable. With the innovative approach by
BellSouth, a customer can obtain the benefits of ISDN through an alternate
serving arrangement which eradicates geographic boundaries.
"Expanded access to ISDN will facilitate customer-oriented applications
since there are fewer technological and geographic limitations on
availability," said Larry Carter, assistant vice president of product
management for BellSouth Telecommunications.
This announcement is the latest in a very aggressive deployment strategy
for ISDN.
-- In July 1992, Bellsouth announced the nation's first metropolitan-wide
deployment of ISDN in the cities of Huntsville and Madison, Ala.
-- Six months later, South Central Bell customers throughout the state
of Tennessee were offered ISDN Individual Line Service and now ISDN
availability is being expanded region wide.
This announcement significantly increases the percentage of customers
with access to ISDN capabilities and will ultimately lead to 100% of
BellSouth customers. Until now, 50% of BellSouth's customers in major
metropolitan areas had direct access to ISDN and 320 central offices were
equipped with ISDN. The expanded access applies to ISDN Individual Line
(2B+D) and MegaLink (SM) ISDN Service which is BellSouth's primary rate
(23B+D) offering.
"Previously, you had to be served directly by a central office switch
equipped with ISDN capability. Under this new alternate serving
arrangement, ISDN capabilities can be routed from a nearby ISDN-capable
switch to your home or office -- at no additional charge. This
arrangement is a cost-effective and expeditious method of deploying
ISDN region wide," Carter said.
ISDN availability is an important part of the information superhighway
providing access at lower speeds. For example, through distance
learning, advanced classes could be transported at very high speeds
to a customer's city on the information highway from a university in
another city. This high speed signal is then divided into lower speeds
and redistributed within the city. ISDN would make these classes
available to any school anywhere.
Dr. Ira Denton, chief surgeon at Crestwood Hospital in Huntsville, Ala.,
has used ISDN to send, receive and annotate X-rays and video images
while talking to other physicians. Because ISDN is available citywide
and there are no geographic restrictions, physicians can communicate
through ISDN from any of their offices and even their homes.
"Health care specialists as well as any other businesses that have
multiple locations within a metropolitan area can benefit from this new
capability," Carter added. "The education industry will especially benefit
from applications including distance learning, security and truancy
monitoring."
To aid in marketing ISDN, last year BellSouth announced the "ISDN
Applications and Solutions Plus" (IAS+) initiative where strategic
marketing alliances are formed in major metropolitan areas to provide
customers with complete and innovative solutions. This initiative in
addition to the expanded access will make ISDN applications more readily
available for BellSouth customers.
BellSouth Telecommunications, Inc., with headquarters in Atlanta, provides
telecommunications services in the BellSouth (NYSE: BLS) region. BellSouth
Telecommunications, Inc. does business as Southern Bell in North Carolina,
South Carolina, Georgia and Florida, and as South Central Bell in
Kentucky, Tennessee, Alabama, Mississippi and Louisiana. These
companies serve more than 19 million local telephone lines and provide
local exchange and intraLATA long distance service over one of the most
modern telecommunications networks in the world.
CONTACT:
Karen M. Roughton of BellSouth Telecommunications, 404-529-6514
BellSouth National ISDN HotLine, 1-800-428-4736
Posted by:
Bellcore ISDN Hotline 1-800-992-ISDN
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
A CATALOG OF NATIONAL ISDN SOLUTIONS ...
The files in this directory compose the final draft
of "A Catalog of National ISDN Solutions for Selected NIUF
Applications, Second Edition." This document was
approved as an official product of the North American ISDN Users'
Forum on February 11, 1994.
The Catalog is intended for anyone who needs detailed
information on how ISDN can be used today to support a wide
variety of applications. Each of the 61 solution guides includes a
description, picture, details on what to look for in end-systems, and
what to ask for from the ISDN provider. A separate chapter
presents one page summaries of over 200 products and services
from over 100 companies. The new Catalog goes far beyond the First
Edition. For the decision maker, example "feasibility studies" are
included to help support a business' decision to use ISDN. Each
solution is rewritten to be more accessible. The solutions cover
National ISDN-1, National ISDN-2, BRI, and PRI. Applications
range from multipoint videoconferencing to point of sale,
telecommuting to PBX interflow. For the more technical reader,
additional detailed information is included on a variety of topics.
CONTENTS
0.ps Title page, Preface, Table of Contents, etc.
1.ps Introduction
2.ps ISDN - A Decision Maker's Perspective
3.0.ps National ISDN Solutions
3.1.A.ps NI-1 BRI Local Area Network (LAN) Solutions
Integrating telephones and workstations
Access on demand to local-area networks
High performance access on demand to local-area
networks Linking workstations with supercomputers
Leased line replacement
3.1.B.ps NI-1 BRI Screen Sharing Solutions
Screen sharing for two users
Screen sharing for many users
Screen sharing with workstations connected to a
remote LAN
3.1.C.ps NI-1 BRI Video Solutions
Desktop videoconferencing
Centralized management of video images
Videoconferencing facilities
3.1.D.ps NI-1 BRI Voice & Data Solutions
Caller identification
Call coverage
ACD agent at home
3.1.E.ps NI-1 BRI File Transfer Solutions
Flexible bandwidth allocation
File transfer between personal computers
File transfer between a personal computer and a host
computer
High speed transfer of large text and image files
3.1.F.ps NI-1 BRI Work-At-Home Solutions
Telecommuting with casual data requirements
Telecommuting and transferring files
Telecommuting accessing interactive services
High performance telecommuting (interactive
graphics and text)
3.1.G. NI-1 BRI Facsimile and Imaging Solutions
Group 3 facsimile
Receiving faxes as electronic documents
High speed access to electronic document image
systems
Multimedia real estate listings
Medical document imaging
3.1.H.ps NI-1 BRI Transaction Services Solutions
Credit card authorization at the point of sale
Electronic Data Interchange (EDI)
Insurance verification at the point of service
Supermarket checkout
3.1.I.ps Other NI-1 BRI Solutions
Access to IBM mainframes and compatibles
Remote access to minicomputers
Integrating voice and data communications
Integrated communications and messaging
Automatic utility meter reading
University dormitory
Access to frame relay services
Switched access to frame relay services
High fidelity voice transmission systems
3.2.ps National ISDN-2 BRI Solutions
Roll about videoconferencing
X.25 backup
Packet mode screen sharing for many users
Home office
3.3.0.ps National ISDN-2 PRI Solutions
3.3.A.ps NI-2 PRI Local Area Network (LAN) Solutions
Local-area network interconnection
File transfer and LAN access in PBX environment
Private line overflow and disaster recovery
ISDN concentrator for campus connectivity
3.3.B.ps NI-2 PRI Video Solutions
PRI Videoconferencing
Multimedia desktop video via Ethernet and
Multirate ISDN
Multipoint videoconferencing
Videoconferencing facilities
3.3.C.ps NI-2 PRI Voice & Data Solutions
Caller identification to PBXs and other devices
Emergency-services call management
Call by Call Service Selection
3.3.D.ps NI-2 PRI Facsimile and Imaging Solutions
Fax mail
Teleradiology
3.3.E.ps Other NI-2 PRI Solutions
High quality audio transmission
Access to litigation support system
Call center load balancing
Networked voice messaging systems
4.0&1.ps National ISDN Product Information and Industry
Contacts
4.2.1.ps Basic Rate Terminal Adapters
4.2.2.ps Basic Rate Interface Cards for Personal Computers,
Workstations, and Minicomputers; Workstations
with Built-in ISDN
4.2.3.ps Attendant Consoles
4.2.4.ps ISDN Phones
4.2.5.ps Single Port ISDN LAN Bridges
4.2.6.ps Communications Servers, Routers, Bridges, and
Multiport ISDN LAN Bridges and Routers
4.2.7.ps Inverse Multiplexers, Multiplexers, and
Communications Controllers
4.2.8.ps PRI Adapters
4.2.9.ps Videoconferencing Systems and Multipoint Control
Units
4.2.10.ps Other Products
4.2.11.ps Network Terminations (NT-1s)
4.2.12.ps Power Supplies
4.2.13.ps Software and Services
4.2.14.ps Private Network Solutions and Private Branch
Exchanges(PBXs)
4.2.15.ps Service Providers
4.3.ps Supplier Contact Information
5.1.ps Selected Topics in ISDN
Call Types and Bearer Capabilites
Terminal Endpoint Identifiers (TEIs)
Service Profile Identifiers (SPIDs)
Rate Adaptation: V.110/V.120
Lower Layer Compatibility (LLC) and Higher Layer
Compatibility (HLC) Information Elements
Signaling System 7 (SS7) Interconnection
Multiline Hunt Group
Powering and Wiring of Customer Equipment
Configurations for High Bandwidth Applications
Communications Server Alternatives
NIUF ISDN Interface Groups (NIIGs) and Parameter
Groups (NIPGs)
Additional Information Applicable to Many ISDN
Solutions
Conformance Testing
5.2.ps ISDN Signaling Diagrams
6.ps Bibliography
7.ps Glossary of Terms
8.ps Acronym List
A.ps Annex: How the NIUF is making real the promise of
ISDN An Overview of the North American ISDN Users'
Forum (NIUF)
Relevance of this NIUF Catalog
Application Profiles
Implementation Agreements
Versions
Conformance Criteria and ISDN Testing
Application Software Interfaces
Cost Justification Worksheet
I.ps Index
All of the above files are uncompressed PostScript files and may
be FTPed using the text/ASCII option.
The Catalog is a publicly available document and may be
distributed and used freely with proper recognition of the source.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
SPRINT EXPANDS PRESENCE IN CHINA, INTRODUCES NEW SERVICES
Interesting press release I thought you might like.
THIS RELEASE WAS DISTRIBUTED IN CHINA ONLY.
Contacts: Janis Langley, (O) 202-828-7427
BEIJING, March 21, 1994 -- Sprint today announced a
significant expansion of its presence, and product and service
offerings, in China. Sprint also announced the immediate availability
of three of those services -- a toll-free Sprint Express(R) number for
calling worldwide and for collect calling to the United States, a
prepaid calling card, and CLEARLINE(R) international private-line
service.
Sprint made the announcements today at a press briefing and
two-day seminar to inform customers and leading Chinese organizations
of the company's expanded local capabilities.
Sprint is one of the largest telecommunications carriers in
the United States, providing innovative calling services to nearly 8
million customers in that country alone. Sprint offers voice, video
and data communications services worldwide via some of the world's
largest and most advanced networks.
Sprint is a pioneer and innovator in technology. It built
the first nationwide (40,000 kilometer) all-digital, fiber-optic
network in the United States. It also is the first carrier to offer
such advanced services as Asynchronous Transfer Mode -- a broadband
service that simultaneously carries voice, data and image -- and a
voice-recognition calling card that automatically dials frequently
called numbers with a single-word command, such as "home" or "office."
Sprint has operated locally in China since 1992 through an
office in Beijing that primarily offered data communications systems
support for the company's growing customer base. Its Beijing office
now has expanded to 15 employees who represent the company's
increasingly diverse capabilities in consumer services, including the
Sprint Prepaid Calling Card and Sprint FONCARD(SM); international
network solutions for large-scale multinational users; data
communications systems and services; and international carrier
services to provide transit and capacity for telecommunications
carriers worldwide.
Sprint China will immediately begin to offer several of
Sprint's versatile and cost-effective calling products: a toll-free
Sprint Express number for global calling and collect calls to the
United States; Sprint's Prepaid Calling Card; and its CLEARLINE
international private line service.
o Sprint Express -- By dialing "108-13," callers in China can
place collect calls to family and colleagues in the United States,
and also charge calls to the United States and worldwide using
their major credit card or Sprint FONCARD. Operator assistance is
available in English, with Mandarin support planned.
o Sprint's Prepaid Calling Card, which initially will be
available only through a limited market test, lets consumers pre-
purchase calling credits that they can use from any telephone
without needing exact change. The card carries attractive
designer graphics -- suitable for collectors -- and offers the
added convenience of operator assistance.
Callers can use the prepaid calling card from nearly 30
countries for calls to virtually any other country worldwide --
including the United States. Mandarin-language instructions are
available for calls from China (by dialing 108-16). The card can also
be used in more than 28 countries worldwide to make calls back to
China or to virtually anywhere in the world.
o CLEARLINE international private-line service lets
large-scale users consolidate their international calling to receive
volume discounts. The service is provided via Sprint's worldwide
network, which extends from the United States through its
participation in virtually every major submarine fiber-optic cable
system project.
"Sprint has been active in China for several years, and we
are delighted to be able to expand our commitment to users in this
important market by offering some of the other feature-rich, cost
effective products popular in the United States and worldwide," said
Herb Bradley, China country manager for Sprint International, Sprint's
global telecommunications subsidiary.
"We believe that businesses and consumers will benefit from
these innovative services as much in China as they have in the United
States, and we look forward to building on strong relationships we
have formed with many Chinese organizations in delivering these new
services," he said.
Elsewhere in the Pacific Rim, Sprint has data network points
of presence in Hong Kong, Indonesia, Japan, Korea, Taiwan, Singapore,
Australia and New Zealand. It also has an office in Hong Kong, which
provides sales and technical support for Sprint's business interests
in Hong Kong, Indochina, Indonesia, Malaysia, the Philippines, Taiwan,
Thailand and Singapore.
Sprint operates fiber-optic and value-added networks that are
among the world's largest, offering voice services to over 290
countries and locations, packet-switched data links to more than
120 countries and international locations, and video services via
one of the world's largest videoconferencing networks, serving
nearly 40 countries. Sprint also has U.S. cellular operations that
serve 42 metropolitan markets and more than 50 rural service
areas. The company has more than 50,000 employees and has
operations in six continents through more than 50 subsidiaries,
joint ventures and distributors. Sprint's customers include 80
percent of the 500 largest U.S. industrial corporations (the
"Fortune 500"), and the U.S. federal government, which awarded
Sprint a contract to provide 40 percent of the government's total
long distance services, and data and video services, over a
10-year period.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
SOCIAL SECURITY FAQ
HOW TO GET INFORMATION AND HOW TO PROTECT YOUR OWN
By Chris Hibbert (hibbert@netcom.com)
Computer Professionals For Social Responsibility
Many people are concerned about the number of organizations asking for their
Social Security Numbers. They worry about invasions of privacy and the
oppressive feeling of being treated as just a number. Unfortunately, I
can't offer any hope about the dehumanizing effects of identifying you with
your numbers. I *can* try to help you keep your Social Security Number
from being used as a tool in the invasion of your privacy.
Surprisingly, government agencies are reasonably easy to deal with; private
organizations are much more troublesome. Federal law restricts the agencies
at all levels of government that can demand your number and a fairly
complete disclosure is required even if its use is voluntary. There are no
comparable Federal laws restricting the uses non-government organizations
can make of it, or compelling them to tell you anything about their plans.
Some states have recently enacted regulations on collection of SSNs by
private entities. With private institutions, your main recourse is refusing
to do business with anyone whose terms you don't like. They, in turn, are
allowed to refuse to deal with you on those terms.
Short History
Social Security numbers were introduced by the Social Security Act of 1935.
They were originally intended to be used only by the social security
program. In 1943 Roosevelt signed Executive Order 9397 which required
federal agencies to use the number when creating new record-keeping systems.
In 1961 the IRS began to use it as a taxpayer ID number. The Privacy Act of
1974 required authorization for government agencies to use SSNs in their
data bases and required disclosures (detailed below) when government
agencies request the number. Agencies which were already using SSN as an
identifier before January 1, 1975 were allowed to continue using it. The
Tax Reform Act of 1976 gave authority to state or local tax, welfare,
driver's license, or motor vehicle registration authorities to use the
number in order to establish identities. The Privacy Protection Study
Commission of 1977 recommended that the Executive Order be repealed after
some agencies referred to it as their authorization to use SSNs. I don't
know whether it was repealed, but no one seems to have cited EO 9397 as
their authorization recently.
Several states use the SSN as a driver's license number, while others record
it on applications and store it in their database. Some states that
routinely use it on the license will make up another number if you insist.
According to the terms of the Privacy Act, any that have a space for it on
the application forms should have a disclosure notice. Many don't, and
until someone takes them to court, they aren't likely to change. (Though
New York recently agreed to start adding the notice on the basis of a letter
written by a reader of this blurb.)
The Privacy Act of 1974 (Pub. L. 93-579) requires that any federal, state,
or local government agency that requests your Social Security Number has to
tell you four things:
1: Whether disclosure of your Social Security Number is required or
optional,
2: What statute or other authority they have for asking for your number,
3: How your Social Security Number will be used if you give it to them, and
4: The consequences of failure to provide an SSN.
In addition, the Act says that only Federal law can make use of the Social
Security Number mandatory. So anytime you're dealing with a government
institution and you're asked for your Social Security Number, just look for
the Privacy Act Statement. If there isn't one, complain and don't give your
number. If the statement is present, read it. If it says giving your
Social Security Number is voluntary, you'll have to decide for yourself
whether to fill in the number.
Private Organizations
The guidelines for dealing with non-governmental institutions are much more
tenuous. Most of the time private organizations that request your Social
Security Number can get by quite well without your number, and if you can
find the right person to negotiate with, they'll willingly admit it. The
problem is finding that right person. The person behind the counter is
often told no more than "get the customers to fill out the form completely."
Most of the time, you can convince them to use some other number. Usually
the simplest way to refuse to give your Social Security Number is simply to
leave the appropriate space blank. One of the times when this isn't a
strong enough statement of your desire to conceal your number is when
dealing with institutions which have direct contact with your employer.
Most employers have no policy against revealing your Social Security Number;
they apparently believe that it must be an unintentional slip when an
employee doesn't provide an SSN to everyone who asks.
Public utilities (gas, electric, phone, etc.) are considered to be private
organizations under the laws regulating SSNs. Most of the time they ask for
an SSN, and aren't prohibited from asking for it, but they'll usually relent
if you insist. Ask to speak to a supervisor, insist that they document a
corporate policy requiring it, ask about alternatives, ask why they need it
and suggest alternatives.
Lenders and Borrowers
(those who send reports to the IRS)
Banks and credit card issuers and various others are required by the IRS to
report the SSNs of account holders to whom they pay interest or when they
charge interest and report it to the IRS. If you don't tell them your
number you will probably either be refused an account or be charged a
penalty such as withholding of taxes on your interest.
Most banks send your name, address, and SSN to a company called ChexSystem
when you open an account. ChexSystem keeps a database of people whose
accounts have been terminated for fraud or chronic insufficient funds in the
past 5 years. ChexSystems is covered by the Fair Credit Reporting Act, and
the bank is required to let you know if it refuses to open your account
and a report from ChexSystems was a factor. You can also send a letter to
ChexSystems directly and request a copy of your report.
Many Banks, Brokerages, and other financial institutions have started
implementing automated systems to let you check your balance. All too often,
they are using SSNs as the PIN that lets you get access to your personal
account information. If your bank does this to you, write them a letter
pointing out how common it is for the people with whom you have financial
business to know your SSN. Ask them to change your PIN, and if you feel
like doing a good deed, ask them to stop using the SSN as a default
identifier for their other customers. Some customers will believe that
there's some security in it, and be insufficiently protective of their
account numbers.
Sometimes banks provide for a customer-supplied password, but are reluctant
to advertise it. The only way to find out is to ask if they'll let you
provide a password. (This is reportedly true of Citibank Visa, e.g. They
ask for a phone number but are willing to accept any password.)
When buying (and possibly refinancing) a house, most banks will now ask for
your Social Security Number on the Deed of Trust. This is because the
Federal National Mortgage Association recently started requiring it. The
fine print in their regulation admits that some consumers won't want to give
their number, and allows banks to leave it out when pressed. [It first
recommends getting it on the loan note, but then admits that it's already on
various other forms that are a required part of the package, so they already
know it. The Deed is a public document, so there are good reasons to refuse
to put it there, even though all parties to the agreement already have
access to your number.]
Insurers, Hospitals, Doctors
No laws require medical service providers to use your Social Security Number
as an ID number (except for Medicare, Medicaid, etc.) They often use it
because it's convenient or because your employer uses it to identify
employees to its groups health plan. In the latter case, you have to get
your employer to change their policies. Often, the people who work in
personnel assume that the employer or insurance company requires use of the
SSN when that's not really the case. When a previous employer asked for my
SSN for an insurance form, I asked them to try to find out if they had to
use it. After a week they reported that the insurance company had gone
along with my request and told me what number to use. Blood banks also ask
for the number but are willing to do without if pressed on the issue.
After I asked politely and persistently, the blood bank I go to agreed that
they didn't have any use for the number. They've now expunged my SSN from
their database, and they seem to have taught their receptionists not to
request the number.
Most insurance companies share access to old claims through the Medical
Information Bureau. If your insurance company uses your SSN, other
insurance companies will have a much easier time finding out about your
medical history. You can get a copy of the file MIB keeps on you by writing
to Medical Information Bureau, P.O. Box 105, Essex Station, Boston, MA
02112. Their phone number is (617)426-3660.
If an insurance agent asks for your Social Security Number in order to
"check your credit", point out that the contract is invalid if your check
bounces or your payment is late. They don't need to know what your credit
is like, just whether you've paid them.
Children
The Family Support Act of 1988 (Pub. L. 100-485) requires states to require
parents to give their Social Security Numbers in order to get a birth
certificate issued for a newborn. The law allows the requirement to be
waived for "good cause", but there's no indication of what may qualify.
The IRS requires taxpayers to report SSNs for dependents over one year of
age, but the requirement can be avoided if you're prepared to document the
existence of the child by other means if challenged. The law on this can be
found at 26 USC 6109. The penalty for not giving a dependant's number is
only $5. Several people have reported that they haven't provided SSNs for
their dependents for several years, and haven't been challenged by the IRS.
Universities and Colleges
Universities that accept federal funds are subject to the Family Educational
Rights and Privacy Act of 1974 (the "Buckley Amendment"), which prohibits
them from giving out personal information on students without permission.
There is an exception for directory information, which is limited to names,
addresses, and phone numbers, and another exception for release of
information to the parents of minors. There is no exception for Social
Security Numbers, so covered Universities aren't allowed to reveal students'
numbers without their permission. In addition, state universities are bound
by the requirements of the Privacy Act, which requires them to provide the
disclosures mentioned above. If they make uses of the SSN which aren't
covered by the disclosure they are in violation.
Why SSNs are a bad choice for UIDs in data bases
Database designers continue to introduce the Social Security Number as the
key when putting together a new database or when re-organizing an old one.
Some of the qualities that are (often) useful in a key and that people think
they are getting from the SSN are Uniqueness, Universa
lity, Security, and
Identification. When designing a database, it is instructive to consider
which of these qualities are actually important in your application; many
designers assume unwisely that they are all useful for every application,
when in fact each is occasionally a drawback. The SSN provides none of
them, so designs predicated on the assumption that it does provide them will
fail in a variety of ways.
Uniqueness
Many people assume that Social Security Numbers are unique. They were
intended by the Social Security Administration to be unique, but the SSA
didn't take sufficient precautions to ensure that it would be so. They have
several times given a previously issued number to someone with the same name
and birth date as the original recipient, thinking it was the same person
asking again. There are a few numbers that were used by thousands of people
because they were on sample cards shipped in wallets by their manufacturers.
(One is given below.)
The passage of the Immigration reform law in 1986 caused an increase in the
duplicate use of SSNs. Since the SSN is now required for employment,
illegal immigrants must find a valid name/SSN pair in order to fool the INS,
and IRS long enough to collect a paycheck. Using the SSN when you can't
cross-check your database with the SSA means you can count on getting some
false numbers mixed in with the good ones.
Universality
Not everyone has a Social Security Number. Foreigners are the primary
exception, but many children don't get SSNs until they're in school. They
were only designed to be able to cover people who were eligible for Social
Security.
Identification
Few people ever ask to see an SSN card; they believe whatever you say. The
ability to recite the number provides little evidence that you're associated
with the number in anyone else's database.
There's little reason to carry your card with you anyway. It isn't a good
form of identification, and if your wallet is lost or stolen, it provides
another way for the thief to hurt you, especially if any of your banks use
the SSN as your PIN.
Security
The card is not at all forgery-resistant, even if anyone did ever ask for
it. The numbers don't have any redundancy (no check-digits) so any 9-digit
number in the range of numbers that have been issued is a valid number.
It's relatively easy to copy the number incorrectly, and there's no way to
tell that you've done so.
In most cases, there is no cross-checking that a number is valid. Credit
card and checking account numbers are checked against a database almost
every time they are used. If you write down someone's phone number
incorrectly, you find out the first time you try to use it.
Why you should resist requests for your SSN
When you give out your number, you are providing access to information about
yourself. You're providing access to information that you don't have the
ability or the legal right to correct or rebut. You provide access to data
that is irrelevant to most transactions but that will occasionally trigger
prejudice. Worst of all, since you provided the key, (and did so
"voluntarily") all the info discovered under your number will be presumed to
be true, about you, and relevant.
A major problem with the use of SSNs as identifiers is that it makes it hard
to control access to personal information. Even assuming you want someone
to be able to find out some things about you, there's no reason to believe
that you want to make all records concerning yourself available. When
multiple record systems are all keyed by the same identifier, and all are
intended to be easily accessible to some users, it becomes difficult to
allow someone access to some of the information about a person while
restricting them to specific topics.
Unfortunately, far too many organizations assume that anyone who presents
your SSN must be you. When more than one person uses the same number, it
clouds up the records. If someone intended to hide their activities, it's
likely that it'll look bad on whichever record it shows up on. When it
happens accidentally, it can be unexpected, embarrassing, or worse. How do
you prove that you weren't the one using your number when the record was
made?
What you can do to protect your number
If despite your having written "refused" in the box for Social Security
Number, it still shows up on the forms someone sends back to you (or worse,
on the ID card they issue), your recourse is to write letters or make phone
calls. Start politely, explaining your position and expecting them to
understand and cooperate. If that doesn't work, there are several more
things to try:
1: Talk to people higher up in the organization. This often works
simply because the organization has a standard way of dealing
with requests not to use the SSN, and the first person you deal
with just hasn't been around long enough to know what it is.
2: Enlist the aid of your employer. You have to decide whether talking
to someone in personnel, and possibly trying to change
corporate policy is going to get back to your supervisor and
affect your job.
3: Threaten to complain to a consumer affairs bureau. Most newspapers
can get a quick response. Ask for their "Action Line" or
equivalent. If you're dealing with a local government agency,
look in the state or local government section of the phone book
under "consumer affairs." If it's a federal agency, your
congressmember may be able to help.
4: Insist that they document a corporate policy requiring the number.
When someone can't find a written policy or doesn't want to
push hard enough to get it, they'll often realize that they
don't know what the policy is, and they've just been following
tradition.
5: Ask what they need it for and suggest alternatives. If you're
talking to someone who has some independence, and they'd like
to help, they will sometimes admit that they know the reason
the company wants it, and you can satisfy that requirement a
different way.
6: Tell them you'll take your business elsewhere (and follow through if
they don't cooperate.)
7: If it's a case where you've gotten service already, but someone
insists that you have to provide your number in order to have a
continuing relationship, you can choose to ignore the request
in hopes that they'll forget or find another solution before
you get tired of the interruption.
If someone absolutely insists on getting your Social Security Number, you
may want to give a fake number. There are legal penalties for providing
a false number when you expect to gain some benefit from it. A federal
court of appeals ruled that using a false SSN to get a Driver's License
violates the federal law.
There are a few good choices for "anonymous" numbers. Making one up at
random is a bad idea, as it may coincide with someone's real number and
cause them some amount of grief. It's better to use a number like
078-05-1120, which was printed on "sample" cards inserted in thousands of
new wallets sold in the 40's and 50's. It's been used so widely that both
the IRS and SSA recognize it immediately as bogus, while most clerks haven't
heard of it.
There are several patterns that have never been assigned, and which
therefore don't conflict with anyone's real number. They include numbers
with any field all zeroes, and numbers with a first digit of 8 or 9.
For more details on the structure of SSNs and how they are assigned, use
anonymous ftp to retrieve the file:
/cpsr/privacy/ssn/SSN-structure from the machine cpsr.org.
Giving a number with an unused patterns rather than your own number isn't
very useful if there's anything serious at stake since they're likely to be
noticed . The Social Security Administration recommends that people showing
Social Security cards in advertisements use numbers in the range 987-65-4320
through 987-65-4329.
If you're designing a database or have an existing one that currently uses
SSNs and want to use numbers other than SSNs, you should make your
identifiers use some pattern other than 9 digits. You can make them longer
or shorter than that, or include letters somewhere inside. That way no one
will mistake the number for an SSN.
The Social Security Administration recommends that you request a copy of
your file from them every few years to make sure that your records are
correct (your income and "contributions" are being recorded for you, and
no one else's are.) As a result of a recent court case, the SSA has agreed
to accept corrections of errors when there isn't any contradictory evidence,
SSA has records for the year before or after the error, and the claimed
earnings are consistent with earlier and later wages. (San Jose Mercury
News, 5/14, 1992 p 6A) Call the Social Security Administration at
(800) 772-1213 and ask for Form 7004, (Request for Earnings and Benefit
Estimate Statement.)
When All Else Fails
(Getting a Replacement Number)
The Social Security Administration (SSA) will occasionally issue a
replacement SSN. The most common justification is that the SSA or the IRS
has mixed together earnings records from more than one person, and since one
of the people can't be located, it's necessary to issue a new number to the
other. The SSA tries very hard to contact the person who is using the
number incorrectly before resorting to this process.
There are a few other situations that the SSA accepts as justifying a new
number. The easiest is if the number contains the sequences 666 or 13. The
digits need to be consecutive according to SSA's policy manual, but may be
separated by hyphens. You apparently don't have to prove that your religious
objection is sincere. Other commonly accepted complaints include harassment,
sequential numbers assigned to family members, or serious impact on your
credit history that you've tried to clear up without success.
In all cases, the process includes an in-person interview at which you have
to establish your identity and show that you are the original assignee of
the number. The decision is normally made in the local office. If the
problem is with a credit bureau's records, you have to show that someone
else continues to use your number, and that you tried to get the credit
bureau to fix your records but were not successful. When they do issue a
new number, the new recoreds are linked to the old ones. (Unless you can
convince them that your life might be endangered by such a link.)
There are a few justifications that they don't accept at all: attempting to
avoid legal responsibilities, poor credit record which is your own fault,
lost SSNm card (without evidence that someone else has used it), or use of
the number by government agencies or private companies.
The only justification the SSA accepts for cancelling the issuance of an SSN
is that the number was assigned under their Enumeration at Birth (wherein
SSNs are assigned when birth certificates are issued) program without the
parent's consent. In this case, the field officer is instructed to try very
hard to convince the parent that getting the number revoked is futile, but
to give in when the parent is persistent.
US Passports
The application for US Passports (DSP-11 12/87) requests a Social Security
Number, but gives no Privacy Act notice. There is a reference to "Federal
Tax Law" and a misquotation of Section 6039E of the 1986 Internal Revenue
Code, claiming that the section requires that you provide your name, mailing
address, date of birth, and Social Security Number. The referenced section
only requires TIN (SSN), and it requires that it be sent to the IRS and not
to the Passport office. It appears that when you apply for a passport, you
can refuse to reveal your SSN to the passport office, and instead mail a
notice to the IRS, giving only your SSN (other identifying info optional)
and notifying them that you are applying for a passport. [Copies (in
postscript) of the letter that was used by one contributor (The measure of
his success is that he didn't hear back from any with complaints.) are
available by anonymous ftp from cpsr.org in /cpsr/privacy/ssn/passport.ps.Z.
I'd be interested in hearing how the State department and the Post Office
(which processes passport applications) react.]
Results from Some Recent Legal Cases (3/24/93)
CPSR joined two legal cases in 1992 which concerned Social Security Numbers
and privacy. One of them challenged the IRS practice of printing Social
Security Numbers on mailing labels when they send out tax forms and related
correspondence. The other challenged Virginia's requirement of a Social
Security Number in order to register to vote.
Dr. Peter Zilahy Ingerman filed suit against the IRS in Federal District
Court in 1991, and CPSR filed a friend of the court brief in August '91. The
case was decided in favor of the IRS. According to "Privacy Journal", the
IRS plans to start covering the SSNs on its mailing labels, but they made
the decision too late to affect this year's returns. Some people got a
version that hid their numbers, but it was apparently a pilot project in
limited areas. |
The Virginia case was filed by a resident who refused to supply a Social
Security Number when registering to vote. When the registrar refused to
accept his registration, he filed suit. He also challenged Virginia on two
other bases: the registration form lacked a Privacy Act notice, and the
voter lists they publish include Social Security Numbers. The Federal court
of appeals ruled that Virginia may not require the disclosure of Social
Security numbers as a condition of registering to vote. The court said that
the Virginia requirement places an "intolerable burden" on the right to
vote. The case is officially referred to as Greidinger v. Davis, No.
92-1571, Fourth Circuit Court of Appeals, March 22, 1993.
If you have suggestions for improving this document please send them to me
at:
Chris Hibbert
hibbert@netcom.com or 1195 Andre Ave.
Mountain View, CA 94040
New versions of this posting are always available using any of the
following mechanisms. You can use anonymous ftp from the following
sites:
Site Location
rtfm.mit.edu /pub/usenet-by-hierarchy/news/answers/ssn-privacy
ftp.pica.army.mil /pub/privacy/ssn-privacy.faq
ftp.cpsr.org /cpsr/privacy/ssn/Social_Security_Number_FAQ
Gopher can retrieve it from gopher.cpsr.org. World Wide Web (www) can
find it using the following locator (and probably several others you
could construct from the other directions I've given):
http://polar.pica.army.mil/ssn_faq.html
You can also retrieve it by sending email to
Address Command (omit the quotes)
listserv@cpsr.org "GET cpsr/privacy/ssn Social_Security_Number_FAQ"
mail-server@rtfm.mit.edu
"send usenet-by-hierarchy/news/answers/ssn-privacy"
You can also ask for general help from either of these email servers by
sending a message to the same address with just "help" in the body.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
CLIPPER CHIP IS YOUR FRIEND, NSA CONTENDS
NSA Seeks to Dispel Misgivings of Public About Clipper Chip
By Bob Davis
Staff Reporter of The Wall Street Journal.
(C)1994 Wall Street Journal
FORT MEADE, Md. --- The National Security Agency wants everyone to know
that its new computer-security system will protect individual privacy.
But as the spy agency knows, hardly anyone believes that.
Critics fear the government will use the NSA technology, designed in
secret, to spy on Americans. The project "is a focal point for the
distrust of government," acknowledges Clinton Brooks, the NSA scientist
who led the so-called Clipper Chip project, in the agency's first
interview on the subject.
The Clinton administration last month adopted the NSA plan for a series
of computer chips that would protect telephones and computers. Use
of the technology would be voluntary. Federal agencies would adopt it
first, and public use is expected to spread gradually.
Under the plan, cryptographic "keys" that could unscramble the
communications would be split in two and held separately at the Treasury
Department and the National Institute of Standards and Technology. That
way, law-enforcement agents could tap the communications by getting court
authorization to obtain the two halves. The idea is to boost security
but to keep the technology out of the hands of criminals and spies.
The NSA is the world's biggest eaves-dropper. Equipped with the latest
in super-computers and satellite receivers, it targets communications by
foreign governments. The agency shuns publicity but agreed to the
interview to explain its role in the Clipper controversy and try to
dispel fears. Mr. Brooks, a 26-year veteran of the NSA, says the project
began in 1989 and cost more than $2.5 million.
He says the NSA is consumed with what it calls the "equities problem" ---
how to balance privacy rights against the needs of law enforcement,
national security and private industry. In 1989, he and Raymond Kammer,
deputy director of NIST, began discussions about how to improve computer
security without making it impenetrable to police. NIST is a Commerce
Department agency with formal responsibility for unclassified computer
security.
Before the interview, Mr. Brooks takes a look around a small cryptographic
museum just outside the NSA's gates. He stands before an exhibit of
Enigma machines, used by the Germans during World War II to encrypt
messages --- and later broken by Allied intelligence. Enigma started as
a commercial product; recognizing its military value, the Nazis pulled
it off the market. "That was the concern we're wrestling with today,"
Mr. Brooks says --- commercial encryption technology becoming so good that
U.S. spy agencies can't crack it.
In 1989, NIST and the NSA put together an eight-person team, split evenly
between the agencies, to quietly work out security concepts. The team
decided against using a weak encryption code --- "Roman Numeral One is
that it had to be good security," says Mr. Brooks. And it also rejected
a so-called trapdoor approach, in which the computer code would be
designed so it would have a weak spot --- a trapdoor --- that federal
agencies could enter via computer to tap the communications. Someone else
could discover the trapdoor, they decided.
The team settled on a system with a powerful encryption formula, called
an algorithm, and encryption keys that would be held by outsiders. Law-
enforcement agencies could get copes of the keys when they needed to bug
the conversations. The toughest decision, both Mr. Brooks and Mr. Kammer
say, was to keep the algorithm, dubbed the Skipjack, secret. That meant
the public wouldn't know for sure whether the NSA had inserted a trapdoor
or some other eavesdropping device.
"It would defeat the purpose [of the project] if we gave the knowledge
of how the algorithm worked" to the public, says the 56-year-old Mr.
Brooks. "It was going to have to be kept classified." Otherwise, he
explains, engineers could use the algorithm to design computer-security
systems that the government's encryption keys couldn't unlock.
By 1990, he says, as many as 30 NSA "cryptomathematicians" and other
employees were working to perfect the algorithm and other features. A
year later, the NSA launched what it called the Capstone Project to build
the algorithm into a computer chip. The NSA contracted with Mykotronx
Inc., a small company in Torrance, Calif., to do much of the development.
By September 1992, the NSA was confident the system would work.
None too early for the NSA. Earlier that year, Mr. Brooks says, American
Telephone & Telegraph Co. informed the NSA that it wanted to sell a
phone using a popular encryption technology to scramble conversations.
The NSA balked. "We said it probably wouldn't get an export license
from this country," Mr. Brooks says. Instead, AT&T was told of the
Capstone work and agreed to use the technology if it became a federal
standard and was exportable, he says. The NSA then took some of the
functions of the Capstone chip and tailored it to phone equipment, calling
the resulting product the Clipper Chip. For computers, Capstone was
encased on a computer card that became known as Tessera.
The the Bush administration, enmeshed in a re-election bid, never pushed
Capstone. So shortly after the election, National-security heavyweights
importuned the Clinton transition team to move quickly on Capstone. Just
weeks after the inauguration, the new administration's national-security
team was debating the NSA proposal and in April announced to the public
that it would adopt the scheme.
Last month, the administration gave the final go-ahead --- despite
withering criticism from industry. Vice President Gore called encryption
a "law and order issue." NIST's Mr. Kammer says the new administration
was also trying to line up backing among national-security officials to
liberalize export controls on computer equipment and other high-tech
gear.
The high-tech industry was stunned at the decision. David Peyton, vice
president of the Information Technology Association of America, a trade
group of computer companies, says the scheme will dangerously centralize
power in the federal government and will limit exports. James Bidzos,
president of a computer-security firm, RSA Data Security Inc., goes
further. He posted a letter on the Internet computer network arguing
that Clipper may be the "visible portion of a large-scale covert
operation on U.S. soil by NSA."
Nonsense, responds Mr. Brooks, who says he is distressed by the
"emotionalism" of the arguments. "The only reason we're involved is
that we have the best cryptomathematicians in the country."
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
In the super-state, it really does not matter at all what
actually happened. Truth is what the government chooses
to tell you. Justice is what it wants to happen.
--Jim Garrison, New Orleans District Attorney
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%