From cafnews Fri Dec 13 16:15:02 1991
From: rwing!peterm@uunet.uu.net (Peter Marshall)
Subject: WA State Employee E-Mail Privacy Policy
Message-ID: <9201152338.aa22497@claudius.pica.army.mil>
Date: 13 Jan 92 03:22:22 GMT
On 12/16/91, the Office of WA State Governor Booth Gardner issued an Executive
Order "Establishing the Governor's Policy On Electronic Message Systems," which
requires a set of "actions to endure that state government properly mangages
..electronically stored information."
According to the Executive Order, "Agencies...shall develop individual policies
..[which] shall apply to : computerized electronic mail systems...; voice mail
systems...; and other electronically stored data typically under the control of
an individual state employee.... These policies shall conform to all applicable
public disclosure statutes and regulations, and shall address, at a minimum,
the following issues:
A. Permissible uses of the agency's electronic message systems;
B. Whether the agency monitors the contents or transactional records of
electronic message systems and if so, for what purposes;
C. Duration of message storage and media used for storage; and
D. Under what circumstances the agency will obtain access to the contents of
...messages without the consent of the sender or recipient."
The Executive Order also requires state agencies to provide written notice to
employees of policies regarding use of electronic message systems.
The Order further sets out a number of "broad principles," applicable
"In the absence of specific agency...policies." These include:
"Employees shall use state-provided...systems only for state business purposes."
"Agency management may access data usually under an individual employee's
control when necessary to carry out normal business functions."
Peter Marshall
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: Effect of the Compuserve decision
Message-ID: <9201131720.AA21890@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 13 Jan 92 05:20:52 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: hackers, crackers, privacy on KQED
Message-ID: <9201140105.AA13302@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 13 Jan 92 13:05:14 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: Effect of the Compuserve decision
Message-ID: <9201140105.AA28434@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 13 Jan 92 13:05:37 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: hackers, crackers, privacy on KQED
Message-ID: <9201140327.AA30872@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 13 Jan 92 15:27:15 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: ooi@mace.cc.purdue.edu (Jim Porter)
Subject: conference info?
Message-ID: <9201131750.AA04600@mace.cc.purdue.edu>
Sender: ooi@mace.cc.purdue.edu
Date: 13 Jan 92 17:50:47 GMT
I am trying to track down information about two upcoming
conferences:
*electronic networking and publishing '93
(I know about this year's conference, which begins
tomorrow, but does anyone have information about next year's?)
*conference on computers, freedom, and privacy
(I would like information both about this year's and next
year's, if it's available.)
Any information about either of these conferences--or about
other conferences on related topics--would be appreciated.
(A contact address would be especially helpful.) Thanks!
Jim Porter
Purdue University
ooi@mace.cc.purdue.edu
From cafnews Fri Dec 13 16:15:02 1991
From: acheng@ncsa.uiuc.edu (A. Cheng)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan13.220006.6737@ux1.cso.uiuc.edu>
Date: Mon, 13 Jan 1992 22:00:06 GMT
In article <1991Dec31.144936.19661@ux1.cso.uiuc.edu>, davis@kahane.cogsci.uiuc.edu (Gordon Davis) writes:
>I am thankful that the university allows me to use my accounts to transmit
>personal messages. However, if the rules changed and that privilege was
>taken away, I would have no grounds on which to complain since it was
>not a right but a privilege.
Hm... Since UI allows me sit in the Quad "free of charge", should I
be readily comply to any demand of search? I thought 1984 has long
passed.
--
[This line is intentionally left blank]
From cafnews Fri Dec 13 16:15:02 1991
From: mnemonic@eff.org (Mike Godwin)
Subject: Re: hackers, crackers, privacy on KQED
Message-ID: <1992Jan13.235159.3451@eff.org>
Date: Mon, 13 Jan 1992 23:51:59 GMT
In article <1992Jan11.083311.25336@odin.corp.sgi.com> lear@oni.sgi.com (Eliot Lear) writes:
>Friday morning KQED's Forum program hosted a wide ranging discussion
>of hackers, crackers, computer privacy, the government's role, and
>corporate America's role in balancing computer security and privacy.
[Much interesting text deleted.]
>A breaking story involving litigation between U.C. Berkeley and a
>student who is undergoing disciplinary review was also briefly
>mentioned. For those who are not yet aware of the case, the pertinent
>information for the discussion was a court order requiring Berkeley to
>search all their computers for any files containing the student's user
>or login name. I am told that in this particular case, U.C. is the
>defendant. According to a Berkeley student's posting, the search is
>occurring pursuant to The Buckeley Amendment to the California Family
>Education Rights and Privacy Act, which apparently takes precedence
>over the Electronic Communications Privacy Act of 1986 (ECPA), as it
>is believed that ECPA allows such orders.
It is not universally believed that the Buckley Amendment trumps
ECPA. The Buckley Amendment addresses university *records*, while
ECPA addresses *communications*. Surely these are not the same
thing. For example, if student A sends a message to student B
in which she mentions student X, should that message be considered
a "record"?
--Mike
--
Mike Godwin, |"In broadcasting, freedom of the speech and of the
mnemonic@eff.org | press has been compromised.... Full, robust citizen
(617) 864-0665 | participation in a democratic forum casts only a
EFF, Cambridge | shadow on the tube." --Ithiel de Sola Pool
From cafnews Fri Dec 13 16:15:02 1991
From: mnemonic@eff.org (Mike Godwin)
Subject: Re: Effect of the Compuserve decision
Message-ID: <1992Jan13.235727.3665@eff.org>
Date: Mon, 13 Jan 1992 23:57:27 GMT
In article <1992Jan12.193556.3818@alphalpha.com> nazgul@alphalpha.com (Kee Hinckley) writes:
>No, I definitely don't prescreen. I guess I'm more concerned with the
>case of the adult bookshops, where the claim is made that they had good
>reason to know that what was in the books was obscene. But I extrapolating
>that to carrying BBS is probably too extreme... at least this year.
It is certainly the case that your disclaimers would not make you *more*
liable than you would be if you had no disclaimers but maintained
an adult section on your BBS. After all, your knowledge of the general
character of the material could easily be inferred beyond a reasonable
doubt from the fact that you maintained a sub-board for it.
--Mike
--
Mike Godwin, |"In broadcasting, freedom of the speech and of the
mnemonic@eff.org | press has been compromised.... Full, robust citizen
(617) 864-0665 | participation in a democratic forum casts only a
EFF, Cambridge | shadow on the tube." --Ithiel de Sola Pool
From cafnews Fri Dec 13 16:15:02 1991
From: ccc_spt@waikato.ac.nz (Simon Travaglia)
Subject: Acad Freedom
Message-ID: <1992Jan14.135729.6110@waikato.ac.nz>
Date: 14 Jan 92 00:57:29 GMT
This is very important, apparently the numbers of acad in the wild are
diminishing rapidly, most of them residing in captivity.
The fund for freedom of acad is accepting donations as of now; our aims are
- to restore acad to it's natural habitat
- to prevent further incidences of it's captivity
- to buy up versions of acad and release them into freedom
- to forcibly BREAK into people's machines and free acad whenever
possible.
- to write to our senators and lambast them for allowing this to go
on
You too can help, free acad!
--
----------------------------------------------------------------------------
This signature has been thoroughly vetted by the Signature Police.
Vetting procedure includes full signature body cavity searches and exposure
in infraviolent light. Federal Signature Cleanliness Rating: X-3
Not to be viewed with terminal at full brightness.
spt@grace.waikato.ac.nz (or @truth.waikato..) Voice: 064 7 8384008 "Hello?"
----------------------------------------------------------------------------
Bradley's Bromide: If computers get too powerful, we can organize them into a
committee -- that will do them in.
From cafnews Fri Dec 13 16:15:02 1991
From: lear@oni.sgi.com (Eliot Lear)
Subject: Re: hackers, crackers, privacy on KQED
Message-ID: <1992Jan14.014608.5742@odin.corp.sgi.com>
Date: 14 Jan 92 01:46:08 GMT
In <1992Jan13.235159.3451@eff.org> mnemonic@eff.org (Mike Godwin) writes:
>It is not universally believed that the Buckley Amendment trumps
>ECPA. The Buckley Amendment addresses university *records*, while
>ECPA addresses *communications*. Surely these are not the same
>thing. For example, if student A sends a message to student B
>in which she mentions student X, should that message be considered
>a "record"?
Hi Mike, and happy new year!
A communication becomes a record once it is delivered to the final
addressees. One could argue that only *official* communications are
covered, but it's a red herring. After all, if I, in my capacity as
system administrator at Podunk U. mail my boss alerting him to a
break-in and student X's account that was broken into/did the breaking
in, is that not an official record? And if student A and student B
are having are being harassed by student X, or if student X has
broken into their accounts, then those records are certainly relevant
to the case. Whether the Buckley Amendment was meant to cover such
cases is something that I don't know. My burning question: how can
you tell what discussions apply, and who has the right to make those
sorts of judgments?
Doing my best Devil's Advocate,
--
Eliot Lear
[lear@sgi.com]
From cafnews Fri Dec 13 16:15:02 1991
From: john@anasaz (John Moore)
Subject: Re: UC computer searches (was Re: hackers, crackers, privacy on KQED)
Message-ID: <1992Jan14.023840.29527@anasaz>
Date: 14 Jan 92 02:38:40 GMT
Keywords:
In article dean2@garnet.berkeley.edu (Dean Pentcheff) writes:
]2. The family has requested that all "student records" concerning the
] student which exist on two of our mainframes be turned over to the
] court. These records have been defined as any record that names him
] (based on his four- or five-letter login ID).
Once again we see the abuses of the discovery process in litigation.
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: hackers, crackers, privacy on KQED
Message-ID: <1992Jan14.032659.8519@m.cs.uiuc.edu>
Date: 14 Jan 92 03:26:59 GMT
References: <1992Jan11.083311.25336@odin.corp.sgi.com> <1992Jan13.235159.3451@eff.org> <1992Jan14.014608.5742@odin.corp.sgi.com>
lear@oni.sgi.com (Eliot Lear) writes:
[...]
>A communication becomes a record once it is delivered to the final
>addressees. One could argue that only *official* communications are
>covered, but it's a red herring.
Not for students, like me, who are not employees of the University.
> After all, if I, in my capacity as
>system administrator at Podunk U. mail my boss alerting him to a
>break-in and student X's account that was broken into/did the breaking
>in, is that not an official record?
[...]
Maybe.
But email between student A and student B about student X (archived in
the home directories of A and B), should not be considered a
University maintained record about X.
If it is
1) The A&B's email could not be disclosed to any nonuniversity
personnel without X's consent. In other words, A&B could
not read their own email archive.
2) X could see A&B's email
3) X could demand a hearing to challenge and possibly amend
inaccurate information in A&B's email.
4) The University must make a "reasonble effort" to notify
students mentioned in the email before releasing the
email under a subpoena. Timely notice is to allow
the students mentioned the opportunity to contest
the validity of the subpoena on their own behalf.
5) All requests for disclosure would need to be logged.
The log becomes part of X's record (and A's and B's)
(Based on _Your Right To Privacy_, 2nd edition, by Even Hendricks, et al)
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142030.AA31167@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:30:45 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142031.AA24816@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:31:00 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142031.AA22546@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:31:12 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142031.AA04470@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:31:25 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142031.AA26316@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:31:46 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142032.AA27885@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:32:08 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201142032.AA22578@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:32:43 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Speech & the University (was Re: Dorner vs. the lunatic fringe)
Message-ID: <9201142033.AA10842@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 08:33:00 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan14.125650.2487@ux1.cso.uiuc.edu>
Date: Tue, 14 Jan 1992 12:56:50 GMT
acheng@ncsa.uiuc.edu (A. Cheng) writes:
>In article <1991Dec31.144936.19661@ux1.cso.uiuc.edu>, davis@kahane.cogsci.uiuc.edu (Gordon Davis) writes:
>>I am thankful that the university allows me to use my accounts to transmit
>>personal messages. However, if the rules changed and that privilege was
>>taken away, I would have no grounds on which to complain since it was
>>not a right but a privilege.
>Hm... Since UI allows me sit in the Quad "free of charge", should I
>be readily comply to any demand of search?
I don't know, does this have anything to do with the passage you quoted?
A more accurate version would be "If the U lets me sit in the quad for
free, can they kick me out, too?" The answer would be yes, and Gordon's
statement would very reasonable.
If the U says you're a trespasser, then the answer to your question
would be yes.
> [This line is intentionally left blank]
Thank you for telling us that your one line sig is intentionally zero
lines long. \:-7
--
Ken.
KT@uiuc.edu brownfld@mrcnext.cso.uiuc.edu
From cafnews Fri Dec 13 16:15:02 1991
From: morgan@ms.uky.edu (Wes Morgan)
Subject: Re: hackers, crackers, privacy on KQED
Message-ID: <1992Jan14.083607.7661@ms.uky.edu>
Date: 14 Jan 92 13:36:07 GMT
Article-I.D.: ms.1992Jan14.083607.7661
References: <1992Jan13.235159.3451@eff.org>
<1992Jan14.014608.5742@odin.corp.sgi.com>
<1992Jan14.032659.8519@m.cs.uiuc.edu>
X-Bytes: 3074
kadie@m.cs.uiuc.edu (Carl M. Kadie) writes:
>lear@oni.sgi.com (Eliot Lear) writes:
>
>[...]
>>A communication becomes a record once it is delivered to the final
>>addressees. One could argue that only *official* communications are
>>covered, but it's a red herring.
>
>Not for students, like me, who are not employees of the University.
>
Well, it seems to me that any email sent to a University employee in
the course of that employee's official duties might easily be classed
as "official" records. I would STRONGLY consider such letters to fall
into the same category as "student records" (e.g. Registrar, etc.). As
such, I can see how the Buckley amendment would apply.
>> After all, if I, in my capacity as
>>system administrator at Podunk U. mail my boss alerting him to a
>>break-in and student X's account that was broken into/did the breaking
>>in, is that not an official record?
>[...]
>
>Maybe.
I wouldn't class this as a "maybe". Email between two University em-
ployees concerning their official duties would qualify as "official"
correspondence.
Many proponents of electronic communication have spoken about "the
paperless office". More and more official business is being con-
ducted via electronic mail/messaging systems. We really do need
some method of determining the "official status", or lack thereof,
of a given message. How should we go about this? The current
anarchic system will not work.
As a system administrator, I think that it is important to place the
security of email in the users' hands. To that end, we have implemen-
ted several administrative procedures:
-- User mailboxes are owned (in the logical, computerized sense)
by the user. For those of you unfamiliar with systems which
offer such capabilities, this means that user mail is kept in
a file which is owned by that user. This is not always the
case. Under IBM's CMS/MVS operating system, incoming user mail
is placed in the user's "reader", which is simply an amorphous
chunk of disk space owned by the system.
-- Our staff will NOT peruse user's electronic mail without the
express permission (and, preferably, the physical presence)
of the affected user. The sole exception to this policy is
user mail forwarded by the mail system to the "postmaster"
for problem resolution; in those cases, every attempt is
made to ignore the content of the message, and the confiden-
tiality WILL be preserved.
-- User mailboxes are NOT subject to backup. After long discus-
sion, we decided that archiving user mail in backup tapes
effectively removes that mail from the user's control. Since
we certainly do NOT want to control user mail, the most logi-
cal means of protecting our users was to eliminate their mail
from the backup procedures.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <9201150220.AA12832@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 14 Jan 92 14:20:56 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: dorner@pequod.cso.uiuc.edu (Steve Dorner)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan14.143031.11603@ux1.cso.uiuc.edu>
Date: Tue, 14 Jan 1992 14:30:31 GMT
brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield) writes:
>acheng@ncsa.uiuc.edu (A. Cheng) writes:
>>Hm... Since UI allows me sit in the Quad "free of charge", should I
>>be readily comply to any demand of search?
> A more accurate version would be "If the U lets me sit in the quad for
>free, can they kick me out, too?" The answer would be yes
Ken's got it wrong. The University can revoke an account; that's the
parallel to "kicking you out" of the quad. Frisking people on the quad
*is* the parallel to monitoring mail.
Annother example is a dorm room. Yes, the University can require you
to leave. No, the University cannot search your room without a warrant.
However, simple logic should never be applied in cases of law. There are
all sorts of magic cookies that apply (eg, a dorm room is probably special
because you live there, and the quad may be special because the University
makes no attempt to keep people out); if normal rational persons could
figure out what the law was, lawyers would make less money.
(Maybe we should send this in to "Liberal Issues in the News" with
Jim Pfander? :-))
--
Steve Dorner, U of Illinois Computing Services Office
Internet: s-dorner@uiuc.edu UUCP: uunet!uiucuxc!uiuc.edu!s-dorner
"What is Truth?"--Pontius Pilate.
From cafnews Fri Dec 13 16:15:02 1991
From: bfrg9732@uxa.cso.uiuc.edu (Brian F. Redman)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan14.144014.13209@ux1.cso.uiuc.edu>
Date: Tue, 14 Jan 1992 14:40:14 GMT
acheng@ncsa.uiuc.edu (A. Cheng) writes:
>In article <1991Dec31.144936.19661@ux1.cso.uiuc.edu>, davis@kahane.cogsci.uiuc.edu (Gordon Davis) writes:
>>I am thankful that the university allows me to use my accounts to transmit
>>personal messages. However, if the rules changed and that privilege was
>>taken away, I would have no grounds on which to complain since it was
>>not a right but a privilege.
>Hm... Since UI allows me sit in the Quad "free of charge", should I
>be readily comply to any demand of search? I thought 1984 has long
>passed.
That is a crucial question I think. Is the university a sort of "East Berlin"
in which one leaves their rights as a citizen at "Checkpoint Charley" and
accepts whatever "student rights" the university is willing to give them?
The area of constitutional rights on university campuses seems fuzzy to me.
From cafnews Fri Dec 13 16:15:02 1991
From: dorner@pequod.cso.uiuc.edu (Steve Dorner)
Subject: Speech & the University (was Re: Dorner vs. the lunatic fringe)
Message-ID: <1992Jan14.161057.27161@ux1.cso.uiuc.edu>
Date: Tue, 14 Jan 1992 16:10:57 GMT
bfrg9732@uxa.cso.uiuc.edu (Brian F. Redman) writes:
>Is the university a sort of "East Berlin"
>in which one leaves their rights as a citizen at "Checkpoint Charley"
This is unnecessarily alarmist and slanted (cf. Lee Iacocca).
>The area of constitutional rights on university campuses seems fuzzy to me.
That's quite true.
I would certainly support the exercise of student (and faculty and staff)
rights without sanctions from the University. However, I also support the
idea that the University has the authority to limit the use of
University-owned facilities.
I should be able to write a letter to the editor of the News Gazette that
says "Vote Libertarian". This should not result in disciplinary action
from the University.
However, I do NOT support the "right" to "exercise free speech" by having
the same letter published by the University Press and delivered to everyone
via campus mail, at University expense. Were I to do this and charge it
to CSO, the University would be quite right to take disciplinary action.
Therefore, I do not agree with what seems to be Carl Kadie's position;
that any restriction on the content of network traffic (above the usual
things like fraud and slander) is impermissible. I think that the
University foots the bill, and so can exercise control without infringing
on anyone's rights.
On the other hand, I think it would be an abuse of power for the University
to deny the mailing of a "Vote Libertarian" letter, but permit the mailing
of a "Vote Tsongas" letter. The University ought to be fair in the
application of its restrictions.
Please note that I am expressing *my opinion* of how things *ought* to be.
I am not enough of a University policy or legal scholar to say whether
or not my opinions agree with University policy (of which I have yet to
see a formal statement) or current legal thought.
--
Steve Dorner, U of Illinois Computing Services Office
Internet: s-dorner@uiuc.edu UUCP: uunet!uiucuxc!uiuc.edu!s-dorner
"What is Truth?"--Pontius Pilate.
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: Speech & the University (was Re: Dorner vs. the lunatic fringe)
Message-ID: <1992Jan14.233811.13776@m.cs.uiuc.edu>
References: <1991Dec31.144936.19661@ux1.cso.uiuc.edu> <1992Jan13.220006.6737@ux1.cso.uiuc.edu> <1992Jan14.144014.13209@ux1.cso.uiuc.edu> <1992Jan14.161057.27161@ux1.cso.uiuc.edu>
Date: Tue, 14 Jan 1992 23:38:11 GMT
dorner@pequod.cso.uiuc.edu (Steve Dorner) writes:
[...]
>Therefore, I do not agree with what seems to be Carl Kadie's position;
>that any restriction on the content of network traffic (above the usual
>things like fraud and slander) is impermissible. I think that the
>University foots the bill, and so can exercise control without infringing
>on anyone's rights.
>
>On the other hand, I think it would be an abuse of power for the University
>to deny the mailing of a "Vote Libertarian" letter, but permit the mailing
>of a "Vote Tsongas" letter. The University ought to be fair in the
>application of its restrictions.
[...]
To clarify my position, I don't think that all content restrictions
are (legally) impermissible, just that many are undesirable given the
importance of free expression at a university. I would hope that
restrictions (e.g. restricting Campus Mail to business use) are based
on cost and not on a desire to limit communications or to stamp out
offensiveness.
Also, I think that permissible restrictions should not be enforced
with impermissible means. For example, a (hypothetical) rule against
personal use of University telephones does not, in my opinion, justify
warrentless tapping of our telephones.
[Additional info is available in the Computers and Academic Freedom
archive. You can access it via anonymous ftp to ftp.eff.org. Here
are some relevent files:
pub/academic/caf-statement
pub/academic/law/constraints.constitututional
pub/academic/law/README
pub/academic/faq/README
]
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: bh@anarres.Berkeley.EDU (Brian Harvey)
Subject: official e-mail (was: hackers, crackers, privacy on KQED)
Message-ID:
Date: 14 Jan 92 23:55:29 GMT
Article-I.D.: agate.kn6u3hINNhap
References: <1992Jan14.014608.5742@odin.corp.sgi.com> <1992Jan14.032659.8519@m.cs.uiuc.edu> <1992Jan14.083607.7661@ms.uky.edu>
NNTP-Posting-Host: anarres.berkeley.edu
morgan@ms.uky.edu (Wes Morgan) writes:
>Well, it seems to me that any email sent to a University employee in
>the course of that employee's official duties might easily be classed
>as "official" records. I would STRONGLY consider such letters to fall
>into the same category as "student records" (e.g. Registrar, etc.). As
>such, I can see how the Buckley amendment would apply.
Uh oh, does this mean that every time a student sends me e-mail I have
to archive it forever just in case we get sued? I commonly receive,
process, and delete several such messages every day.
From cafnews Fri Dec 13 16:15:02 1991
From: brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan15.013340.24984@ux1.cso.uiuc.edu>
Date: Wed, 15 Jan 1992 01:33:40 GMT
dorner@pequod.cso.uiuc.edu (Steve Dorner) writes:
>> A more accurate version would be "If the U lets me sit in the quad for
>>free, can they kick me out, too?" The answer would be yes
>Ken's got it wrong. The University can revoke an account; that's the
>parallel to "kicking you out" of the quad. Frisking people on the quad
>*is* the parallel to monitoring mail.
Good point, I was only referring to the removal or taking away of
accounts, not the monitoring of mail (the original point of the string.)
Of course, I'm not aware of any applicable laws that state that the U
can't monitor mail. It's a federal offense to muck with US mail, but email?
It may be a violation of privacy, but there indeed are no guarantees by the
U as to a degree of privacy. The U could by right state in the conditions
for accounts that "The U reserves the right to monitor any mail to or from
this account" and you would get the account or not. This would be a legally
sound alternative in that it would probably protect the U from any litigation,
although monitoring on the basis of no prior guarantees would be hard to shoot
down in court.
All of the above is a humble opinion from someone with a little knowledge
of criminal law, and coincidental knowledge otherwise. :-) Maybe a little
too much common sense, too.
>Annother example is a dorm room. Yes, the University can require you
>to leave. No, the University cannot search your room without a warrant.
>However, simple logic should never be applied in cases of law. There are
>all sorts of magic cookies that apply (eg, a dorm room is probably special
>because you live there, and the quad may be special because the University
>makes no attempt to keep people out); if normal rational persons could
>figure out what the law was, lawyers would make less money.
And there wouldn't be as many. Ah, but for dreams.
>(Maybe we should send this in to "Liberal Issues in the News" with
>Jim Pfander? :-))
>--
>Steve Dorner, U of Illinois Computing Services Office
>Internet: s-dorner@uiuc.edu UUCP: uunet!uiucuxc!uiuc.edu!s-dorner
> "What is Truth?"--Pontius Pilate.
--
Ken.
KT@uiuc.edu brownfld@mrcnext.cso.uiuc.edu
--------------------
--
Helen C. O'Boyle | Co-moderator, Computers and Academic Freedom list
helen@eff.org | << insert usual disclaimer here... my opinions
isy5hob@cabell.vcu.edu | are mine alone, not EFF's or VCU's, etc. >>
From helen Wed Jan 8 12:56:12 1992
Received: by eff.org id AA04812
(5.65c/IDA-1.4.4 for cafb-list@eff.org); Wed, 8 Jan 1992 17:56:24 -0500
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@eff.org (Carl M. Kadie)
Subject: Re: Query...what is a 'Quad'???
Message-ID: <1992Jan15.020520.20834@eff.org>
References: <920115110832.21400522@DARWIN.NTU.EDU.AU>
Date: Wed, 15 Jan 1992 02:05:20 GMT
NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University) writes:
>>>Hm... Since UI allows me sit in the Quad "free of charge", should I
>>>be readily comply to any demand of search? I thought 1984 has long
>>>passed.
>OK...I am (thought probably not for the first time) going to show my ignorance
>and ask...what the hell is a "quad"...??
[...]
The Quad, short for Quadrangle, is the open area in center of the U.
of Illinois at U-C campus. It is similar to the Commons or Green at
other schools. It is kind of a town square.
- Carl
--
Carl Kadie -- kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.4352@hri.com
I do not represent EFF; this is just me.
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@eff.org (Carl M. Kadie)
Subject: Re: official e-mail (was: hackers, crackers, privacy on KQED)
Message-ID: <1992Jan15.021235.21091@eff.org>
References: <1992Jan14.014608.5742@odin.corp.sgi.com> <1992Jan14.032659.8519@m.cs.uiuc.edu> <1992Jan14.083607.7661@ms.uky.edu>
Date: Wed, 15 Jan 1992 02:12:35 GMT
morgan@ms.uky.edu (Wes Morgan) writes:
>Well, it seems to me that any email sent to a University employee in
>the course of that employee's official duties might easily be classed
>as "official" records. I would STRONGLY consider such letters to fall
>into the same category as "student records" (e.g. Registrar, etc.). As
>such, I can see how the Buckley amendment would apply.
bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>Uh oh, does this mean that every time a student sends me e-mail I have
>to archive it forever just in case we get sued? I commonly receive,
>process, and delete several such messages every day.
As far as I know, the Buckley amendment does not require that letters
be kept. It just requires (with some exceptions) that stuff that is
kept, is made available to the student. If anything, the Buckley
amendment discourages the accumulation of the irrelevant.
- Carl
--
Carl Kadie -- kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.4352@hri.com
I do not represent EFF; this is just me.
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: UC computer searches (was Re: hackers, crackers, privacy on KQED)
Message-ID: <9201151430.AA00043@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 15 Jan 92 02:30:58 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: Dorner vs. the lunatic fringe
Message-ID: <1992Jan15.024024.24535@m.cs.uiuc.edu>
References: <1991Dec31.144936.19661@ux1.cso.uiuc.edu> <1992Jan13.220006.6737@ux1.cso.uiuc.edu> <1992Jan14.125650.2487@ux1.cso.uiuc.edu> <1992Jan14.143031.11603@ux1.cso.uiuc.edu> <1992Jan15.013340.24984@ux1.cso.uiuc.edu>
Date: Wed, 15 Jan 1992 02:40:24 GMT
brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield) writes:
> Of course, I'm not aware of any applicable laws that state that the U
>can't monitor mail. It's a federal offense to muck with US mail, but email?
The Electronic Communications Privacy Act of 1986 may (or may not!)
prohibit the University from searching email.
[see ftp.eff.org:pub/academic/law/ecpa.1986 and
ftp.eff.org:pub/academic/news/cafv01n30 ]
Also, as part of the state of Illinois, the University is constrained
by Constitutional requirements of "reasonable searches", even of its
own property.
[see ftp.eff.org:pub/academic/law/gillard-v-schmidt
and ftp.eff.org:pub/academic/law/constraints.constitutional]
In my opinion, the main argument against arbitrary email searches is
not, however, based on law. It is based on the University's respect of
the privacy. The University already explicitly recognizes the privacy
of university-assigned office space and dorm rooms. I look forward to
seeing this explicit recognitation extended to university-assigned
disk space.
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: "kicking you out" (was Re: Dorner vs. the lunatic fringe)
Message-ID: <1992Jan15.025831.29351@m.cs.uiuc.edu>
Date: 15 Jan 92 02:58:31 GMT
References: <1991Dec31.144936.19661@ux1.cso.uiuc.edu> <1992Jan13.220006.6737@ux1.cso.uiuc.edu> <1992Jan14.125650.2487@ux1.cso.uiuc.edu> <1992Jan14.143031.11603@ux1.cso.uiuc.edu>
brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield) writes:
> A more accurate version would be "If the U lets me sit in the quad for
>free, can they kick me out, too?" The answer would be yes
dorner@pequod.cso.uiuc.edu (Steve Dorner) writes:
>Ken's got it wrong. The University can revoke an account; that's the
>parallel to "kicking you out" of the quad.
[...]
Instructors at U of I used to able to expel a student from their
classes arbitrarily. Under current rules, however, a student can't be
expelled from class without due process. Due process basically means
that if the student wants a hearing, he or she can have one.
As far as I know, the University can't ban a student from the Quad
without due process. Also, I assume that the University can't expel a
student from, say, their free student computers accounts, without due
process.
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: CLARK@uni2a.unige.ch (Robin Clark)
Subject: unsubscribe
Message-ID: <01GFC56OW600000DOX@uni2a.unige.ch>
Sender: CLARK@uni2a.unige.ch
Date: 15 Jan 92 06:28:28 GMT
Please unsubscribe me!
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: UC computer searches (was Re: hackers, crackers, privacy on KQED)
Message-ID: <9201152136.AA19390@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 15 Jan 92 09:36:54 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: RE: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <920115103016.21400522@DARWIN.NTU.EDU.AU>
Sender: warnold
Date: 15 Jan 92 10:30:16 GMT
>Date: Tue, 14 Jan 92 14:31:00 -0600
>From: "Carl M. Kadie"
>davis@kahane.cogsci.uiuc.edu (Gordon Davis) writes:
>
>>carey@m.cs.uiuc.edu (John Carey) writes:
>
>[...]
>>>I wonder how many of these managers would feel
>>>about going through their employees' U. S. Mail mailboxes?
>
>>Now, wait a minute here. Do I understand that you do not see a difference
>>between the U.S. mail and sending/receiving electronic mail via an
>>employer-owned machine using an employer-owned account.
>[...]
>This is a good point.
No it isn't...I think this is an area in which people will have to agree to
disagree! Until there is clear legislation on point, no-one will be able to say
conclusively what is right/wrong.
IMHO, (and yes this has been debated for ever) the simple fact that someone
_owns_ the computer system does not ipso facto (by that fact) give them the
right to inspect _private_ email.
They may _reserve_ for themselves the right to do so, by posting appropriate
notices and ensuring that it comes to _every_ users' attention. The ability to
reserve this right is said to come from their owning the system.
But let me draw an analogy: In many supermarkets there are signs saying that
Management reserves the right to inspect baggage etc of people who enter their
store. These signs are displayed prominantly at the entrance of the shop and
(usually) at the registers.
The argument goes that it is a term of the contract entered into between
shopper and store management that if they agree to enter the shop, then they
must submit themselves to baggage inspection.
Actually, this is false! There is _NO_ right on the behalf of store management
to request/require that shoppers submit to baggage inspection. The signs at the
entrance and at registers are of no effect!
I am unclear on the basis of this assertion (but I think it has something to do
with the store attempting to enforce a unilaterally imposed term in the alleged
contract). Any attempt of store security personel to inspect you bags will
constitute a trespass to property (unless you give tacit approval to the act),
so too, any attempt to detain you whilst the search is carried out will amount
to false imprisonment (in the civil sense).
The above is from common (case) law, and may (but I doubt it) have been altered
in the US by statute.
My point:
You are on the Stores' property (as you are on someone elses' system). They
attempt to reserve rights of inspection (or monitoring of email on a computer).
They have at law, NO RIGHT to do so!
I would argue that it is all a bluff. There is no firm legal precedent (I
haven't yet heard the decision in the Epson/Nissan cases...perhaps someone
could fill me in) on the area, so it is just words/rhetoric at the moment.
>I believe that the university has a right to look through US mail
>that they pay for.
Nope...would disagree with that also...there is still a privacy element which
must be satisfied/met before this occurs. The Uni. may be able to open it _with
your permission_, and they must first have good reason for doing so (I exclude
here the search/seizure type openings).
>If I put a stamp on a letter and put it
>in the outgoing mailbox, then it is a federal crime for the
>university to look at it. If I put a letter in the
>"mail needing postage" box, then the university can look
>at it. I think this is university policy.
So you say that 30 cents makes all the difference?
Note - Uni. policy (just as store policy) is _not_ law.
>John Holm
>jgholm@crhc.uiuc.edu
Mark N.
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: RE: [uiuc.general] Re: Dorner vs. the lunatic fringe
Message-ID: <920115104334.21400522@DARWIN.NTU.EDU.AU>
Sender: warnold
Date: 15 Jan 92 10:43:34 GMT
>brownfld@mrcnext.cso.uiuc.edu (Kenneth R Brownfield) writes:
>However, simple logic should never be applied in cases of law. There are
>all sorts of magic cookies that apply (eg, a dorm room is probably special
>because you live there, and the quad may be special because the University
>makes no attempt to keep people out);
Actually you may have stumbled upon something there!
It is because private electronic communications are not regarded as important
("they're only a collection of electronic impulses after all...") as one's
living space that they are not automatically given equal/similar status under
the law. It took a while for paper mail to be accorded the status which it
holds today, so similarly it is not until the lawmakers and shakers recognise
the _fundamental_ importance of electronic communication that this protection
will arise.
As yet, the lawmakers etc are still dancing with the notion of 1st amendment
protection for "computer publications" (i.e. publications written, edited,
formated and distributed electronically...see for e.g. the Craig
Neidorf/_PHRACK_ case and the issue as to whether the electronic newsletter
should be granted equal status as the New York Times).
And my prediction is that e-mail will be statutorily protected from monitoring,
but that private firms/computer systems will be able to exempt themselves from
the operation of the legislation providing they instruct users that they
reserve the right to monitor. Mind you, even then I'd imagine that strict
guidelines would be laid down as to when, where how and why one could do so.
> if normal rational persons could
>figure out what the law was, lawyers would make less money.
No-one likes lawyers :) Maybe we charge so much to compensate for the ego
beatings we take :)
>--
>Steve Dorner, U of Illinois Computing Services Office
>Internet: s-dorner@uiuc.edu UUCP: uunet!uiucuxc!uiuc.edu!s-dorner
> "What is Truth?"--Pontius Pilate.
Mark N.
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: RE: [uiuc.general] Speech & the University (was Re: Dorner vs. the lunatic fringe)
Message-ID: <920115105919.21400522@DARWIN.NTU.EDU.AU>
Sender: warnold
Date: 15 Jan 92 10:59:19 GMT
>bfrg9732@uxa.cso.uiuc.edu (Brian F. Redman) writes:
>I would certainly support the exercise of student (and faculty and staff)
>rights without sanctions from the University. However, I also support the
>idea that the University has the authority to limit the use of
>University-owned facilities.
>
[stuff deleted]
>
>Therefore, I do not agree with what seems to be Carl Kadie's position;
>that any restriction on the content of network traffic (above the usual
>things like fraud and slander) is impermissible. I think that the
>University foots the bill, and so can exercise control without infringing
>on anyone's rights.
As long as the Univ. doesn't _pretend_ to be a forum for free speech then!
Now if the Univ. wants to impose a restriction on network traffic, then that it
it's prerogative. BUT...I would argue that the onus is on the Univ. to make it
absolutely clear to the USERS what it's policies and intentions are! How many
do so?
If this Univ. were to pull out a piece of my mail and then tell me that it
disagreed with its content, I would be onto them in a flash! This site has
never intimated any intent to restrict content of postings, nor notified users
that they intended to monitor e-mail/postings (I am not saying they do, just
giving an example).
As such, and until I am told otherwise, I would submit that I had a reasonable
expectation of privacy over what I do/say etc. If it were brought to my
attention that the Univ. intended to monitor/filter, then I would have no such
reasonable expectation, and hence (probably) no recourse (unless I could
establish mala fides or something along those lines).
The fact that I work on Univ.'s machines is of little consequence in my mind.
The basic right to privacy pervades even private property (can K-Mart film
users of it's toilets??) until the opposite is brought to the user's attention.
>--
>Steve Dorner, U of Illinois Computing Services Office
>Internet: s-dorner@uiuc.edu UUCP: uunet!uiucuxc!uiuc.edu!s-dorner
> "What is Truth?"--Pontius Pilate.
Mark N.
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: re:privacy in monitoring e-mail
Message-ID: <920115110640.21400522@DARWIN.NTU.EDU.AU>
Sender: NEELY_MP@DARWIN.NTU.EDU.AU
Date: 15 Jan 92 11:06:40 GMT
> The university would need to provide a disclaimer if it changed
> its rules on personal messages. By calling something "e-mail"
> (specifically by using the word "mail") there is an implication
> of privacy.
The name given to a personal communication is of little consequence. It is its
existence as a personal communication which entitles it, until the otherwise is
made clear, to privacy.
> You are correct that it is not a right as such, however
> as in the case of cigarettes for example a disclaimer is necessary.
This is a bad analogy...the disclaimer is there as a matter of specific law (in
Australia, and I assume the US, manuafacturers are required to have notices
stating that, inter alia, smoking is bad for you). As such, there is no
specific legislation requiring Univ.'s to notify users that it's e-mail system
is not to be regarded as private...it is the general principles of privacy
which require them to do so.
Mark N.
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: Query...what is a 'Quad'???
Message-ID: <920115110832.21400522@DARWIN.NTU.EDU.AU>
Sender: NEELY_MP@DARWIN.NTU.EDU.AU
Date: 15 Jan 92 11:08:32 GMT
>>Hm... Since UI allows me sit in the Quad "free of charge", should I
>>be readily comply to any demand of search? I thought 1984 has long
>>passed.
OK...I am (thought probably not for the first time) going to show my ignorance
and ask...what the hell is a "quad"...??
Mark N.
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From cafnews Fri Dec 13 16:15:02 1991
From: comp-academic-freedom-talk
Reply-To: comp-academic-freedom-talk
Precedence: bulk
To: comp-academic-freedom-talk
Errors-To: comp-academic-freedom-talk-request
Date: Wed, 15 Jan 1992 14:01:07 -0500
X-Digest-Sender: "William W. Arnold"
Message-Id: <199201151901.AA20433@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Computers and Academic Freedom mailing list (batch edition)
Wed Jan 15 13:59:10 EST 1992
[For information on how to get a much smaller edited version of the
list, send email to archive-server@eff.org. Include the line:
send acad-freedom caf
- Billy ]
In this issue:
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: Effect of the Compuserve decision
ooi@mace.cc.purdue : conference
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: Effect of the Compuserve decision
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: hackers, crackers, privacy on KQED
ccc spt@waikato.ac : Acad Freedom
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: hackers, crackers, privacy on KQED
kadie@m.cs.uiuc.ed : Re: hackers, crackers, privacy on KQED
morgan@ms.uky.edu : Re: hackers, crackers, privacy on KQED
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@cs.uiuc.edu : (uiuc.general) Speech & the University (was Re: Dorner vs.
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
kadie@m.cs.uiuc.ed : Re: Speech & the University (was Re: Dorner vs. the lunat
bh@anarres.Berkele : official e-mail (was: hackers, crackers, privacy on KQED)
NEELY MP@DARWIN.NT : RE: (uiuc.general) Re: Dorner vs. the lunatic fringe
NEELY MP@DARWIN.NT : re:privacy in monitoring e-mail
NEELY MP@DARWIN.NT : Query...what is a
kadie@eff.org (Car : Re: Query...what is a
kadie@eff.org (Car : Re: official e-mail (was: hackers, crackers, privacy on K
kadie@cs.uiuc.edu : (uiuc.general) Re: Dorner vs. the lunatic fringe
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
From cafnews Fri Dec 13 16:15:02 1991
From: mnemonic@eff.org (Mike Godwin)
Subject: Re: UC computer searches (was Re: hackers, crackers, privacy on KQED)
Message-ID: <1992Jan15.192046.20849@eff.org>
Date: Wed, 15 Jan 1992 19:20:46 GMT
In article <1992Jan14.023840.29527@anasaz> john@anasaz (John Moore) writes:
>Keywords:
>
>In article dean2@garnet.berkeley.edu (Dean Pentcheff) writes:
>]2. The family has requested that all "student records" concerning the
>] student which exist on two of our mainframes be turned over to the
>] court. These records have been defined as any record that names him
>] (based on his four- or five-letter login ID).
>Once again we see the abuses of the discovery process in litigation.
Apparently, there is no "abuse" of this sort after all. It was not
the complainant who defined "records" as any file that names him--it was the
*university* that did so. The complainant, a student, is simply seeking
student records--he has no interest in private communications that
don't have to do with the university administration's handling of his
case.
Why did the university define "record" so broadly? Apparently in order
to avoid complying with requests to turn over records to the complainant.
Finally, this doesn't seem to be a "discovery" action at all. The
complainant is seeking his records in a special proceeding under
California law--he is not suing the university at this point.
Moreover, he has limited his records requests to the directories of
four administrators who have been involved in his case.
--Mike
--
Mike Godwin, |"In broadcasting, freedom of the speech and of the
mnemonic@eff.org | press has been compromised.... Full, robust citizen
(617) 864-0665 | participation in a democratic forum casts only a
EFF, Cambridge | shadow on the tube." --Ithiel de Sola Pool
From cafnews Fri Dec 13 16:15:02 1991
From: morgan@ms.uky.edu (Wes Morgan)
Subject: Re: official e-mail (was: hackers, crackers, privacy on KQED)
Message-ID: <1992Jan15.152943.13564@ms.uky.edu>
Date: 15 Jan 92 20:29:43 GMT
References: <1992Jan14.032659.8519@m.cs.uiuc.edu>
<1992Jan14.083607.7661@ms.uky.edu>
X-Bytes: 2046
bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>morgan@ms.uky.edu (that's me) writes:
>>Well, it seems to me that any email sent to a University employee in
>>the course of that employee's official duties might easily be classed
>>as "official" records. I would STRONGLY consider such letters to fall
>>into the same category as "student records" (e.g. Registrar, etc.). As
>>such, I can see how the Buckley amendment would apply.
>
>Uh oh, does this mean that every time a student sends me e-mail I have
>to archive it forever just in case we get sued? I commonly receive,
>process, and delete several such messages every day.
The vast majority of such messages are sufficiently routine that they
can be discarded. Do you automatically file each paper memo you receive?
I don't think many of us do. We read it, and assign some degree of im-
portance to it. Most of them, in academia at least, find their way into
the trash. Some are passed around, and some are filed.
You can apply the same criteria to email. I, too, discard the vast
majority of "workaday" email. Certain things, however, set off the
proverbial mental bells. Requests for special services, comments on
new hardware/software, and the like are likely to be filed; they come
in handy when I'm asked "what did you do in the last year?" 8). Questions
or comments that indicate a certain "crackerish" bent are also suspect
to archival. I also kept a count of my business-related email for a
few months, in an attempt to demonstrate its importance; while I did
not archive individual messages, I did keep track of "faculty questions",
"student questions", "bug reports", and the like.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@eff.org (Carl M. Kadie)
Subject: [eff.mail.telecom-priv] WA State Employee E-Mail Privacy Policy
Message-ID: <199201161412.AA24887@eff.org>
Sender: kadie
Date: 16 Jan 92 04:12:49 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: schwae@aix.rpi.edu (Eric A. Schwartz)
Subject: Re: The USENET pornographic network
Message-ID:
Nntp-Posting-Host: aix.rpi.edu
References: <1991Dec20.182121.24027@m.cs.uiuc.edu>> <1992Jan5.023936.10850@eff.org>
Date: 16 Jan 92 06:55:49 GMT
In article <1992Jan5.023936.10850@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>
>Must every provider site enforce the rules every network and site that
>access it? Boston University prohibits its users from transmitting
>"offensive material". [ftp.eff.org:pub/academic/policies/bostonu.edu]
>Is your site responsible for making sure that no student at BU
>violates this rule during an anonymous ftp to your site?
>
"I download no material that I find offensive. Therefore, what I downloaded
was not offensive, and only became so when you found out that I downloaded
it. In conclusion, university rules state that you must cease to exist."
E.S.
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [soc.men] Re: There is No Such Thing (was: Pornography)
Message-ID: <9201162112.AA23642@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 16 Jan 92 09:12:59 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk, et al.] Re: Computer Publications and the First Amendment
Message-ID: <9201162255.AA00716@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 16 Jan 92 10:55:55 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [soc.men] CERT Pissed about Piss on a Grave (was: There is No Such Thing (was: Pornography))
Message-ID: <9201162304.AA06256@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 16 Jan 92 11:04:53 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.censorship] Re: A British tv report on censorship in USA
Message-ID: <9201170314.AA00702@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 16 Jan 92 15:14:11 GMT
From cafnews Fri Dec 13 16:15:02 1991
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: Computer Publications & the 1st Amendment
Message-ID: <920116161057.2140105f@DARWIN.NTU.EDU.AU>
Sender: NEELY_MP@DARWIN.NTU.EDU.AU
Date: 16 Jan 92 16:10:57 GMT
I'd like to express a few thoughts and concerns that arose as a result of
reading a paper entitled "Computer Publications and the First Amendment", by
Brian J. Peretti (to be published in _Computers and the Law_, by Ronald
Polanski)
Peretti begins by expressing one of the main truisms in the interpretation
of any constitutional document - that the US Constitution was expressed in
broad language so as to enable it to change and expand (with the help of a
progressive Supreme Court) over time, in order to adjust with an ever changing
society.
Peretti states that although the Founding Fathers did have an idea of what
the 'press' was in their day, the concept has since been expanded to cover
television and radio. In line with this, he argues that it should also be
interepreted so as to encompass the new media of computer publications.
What constitutes a "computer publication" is denoted by a fairly strict set
of criteria.
Peretti stipulates that the material comprising the publication must have
been created/gathered on/with a computer (i.e written in final form on a
computer) and should not have been printed in hard copy after the initial
information was entered into the computer.
Secondly, the publications' production (spell-checking, formatting etc) must
occur _exclusively_ on the computer (which, he notes, would even include the
letterhead/coverpage).
Finaly, the distribution of the publication must occur via electronic
(non-print) medium.
Once a publication falls within this new catagory, it should, Peretti argues,
be accorded similar privilleges/protections to those granted to printed press,
radio and television.
In support of this, he cites _Lovell v. City of Griffin_ Ga 303 US 444, 452
(1938), where the court held:
The liberty of the press is not confined to newspapers and periodicals.
It necessarily embraces pamphlets and leaflets....The press in its
historical connotation comprehends every sort of publication which affords
a vehicle of information and opinion".
Such protection has been extended to motion pictures and even to computer
bulletin board services (BBS): Legi-Tech v. Keiper 766 F.2d 728, 734-35
(2d. Cir 1985).
Under the Lovell doctrine, publications such as Craig Neidorf's _Phrack_
magazine, and the Legion of Doom's Technical journals would surely constitute
protected speech, and as such would not be subject to prior restraint. Peretti
does note, however, that publication of information in furtherance of a
crime or ciminal activity may not receive protection.
One exception to the Lovell doctrine is the decision of _Brandenburg v.
Ohio (1969), where the court ruled that no speech should be subject
to prior restraint or criminal prosection unless it is intended
to incite - and is likely to cause - imminent lawless action.
As was recently noted by Mitch Kapor (co-founder of the Electronic Frontier
Foundation), there is little speech or publications which would fall
outside this protection, as most people are able to reflect before acting
on written or spoken suggestion[1].
Whilst the author is unsure if that is the approach taken to this situation
by American courts, it is certainly a factor that should be noted prior to
effecting a prior restraint.
Types of Restrictions?
However, it must be conceded that computer publications should, and no doubt
will be, subject to some forms of restriction. But in what manner will these
restrictions be expressed?
Peretti notes that there are two types to First Amendment protection:
that which attaches to newspapers; and that which applies to radio and
television.
Newspaper publishers have fewer restrictions than do radio and television
broadcasters (who are subject to licensing and content regulations). Peretti
views computer publications as similar to newspapers, and as such
should be subjected to only minimal limitations.
However, the scope of protection accorded to computer publications is unclear
to say the least. That this is so is evidenced by the attemted Neidorf
prosecution. That the editor of a magazine which provided information to
a group of computer enthusiasts sharing similar interests was brought to
trial is a sorry indictment (no pun intended) on the civil liberties record
of the United States.
However, until time, energy and resources are engaged in an effort to clear
the murkied waters surrounding the application of existing laws and civil
liberties in Cyberspace, one wonders how many other computer publishers might
suffer a similar fate?
Mark Neely 1992.
1. M. Kapor, Civil Liberties in Cyberspace, _Scientific American_ (Sept. 1991)
116.
From cafnews Fri Dec 13 16:15:02 1991
From: comp-academic-freedom-talk
Reply-To: comp-academic-freedom-talk
Precedence: bulk
To: comp-academic-freedom-talk
Errors-To: comp-academic-freedom-talk-request
Date: Thu, 16 Jan 1992 16:17:12 -0500
X-Digest-Sender: "William W. Arnold"
Message-Id: <199201162117.AA09766@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Computers and Academic Freedom mailing list (batch edition)
Thu Jan 16 16:15:07 EST 1992
[For information on how to get a much smaller edited version of the
list, send email to archive-server@eff.org. Include the line:
send acad-freedom caf
- Billy ]
In this issue:
kadie@m.cs.uiuc.ed : Re: Dorner vs. the lunatic fringe
kadie@m.cs.uiuc.ed : "kicking you out" (was Re: Dorner vs. the lunatic fringe)
CLARK@uni2a.unige. : unsubscribe
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: UC computer searches (was Re: hack
NEELY MP@DARWIN.NT : RE: (uiuc.general) Re: Dorner vs. the lunatic fringe
NEELY MP@DARWIN.NT : RE: (uiuc.general) Speech & the University (was Re: Dorne
morgan@ms.uky.edu : Re: official e-mail (was: hackers, crackers, privacy on KQ
kadie@cs.uiuc.edu : (comp.org.eff.talk) Re: UC computer searches (was Re: hack
NEELY MP@DARWIN.NT : Computer Publications & the 1st Amendment
kadie@eff.org (Car : (eff.mail.telecom-priv) WA State Employee E-Mail Privacy
schwae@aix.rpi.edu : Re: The USENET pornographic network
kadie@m.cs.uiuc.ed : Re: Computer Publications and the First Amendment
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
From cafnews Fri Dec 13 16:15:02 1991
From: mnemonic@eff.org (Mike Godwin)
Subject: Re: Computer Publications and the First Amendment
Message-ID: <1992Jan16.181231.3401@eff.org>
Date: Thu, 16 Jan 1992 18:12:31 GMT
In article <1992Jan16.141211.2349@darwin.ntu.edu.au> neely_mp@darwin.ntu.edu.au (Mark Neely, NTU Law School) writes:
>In support of this, he cites _Lovell v. City of Griffin_ Ga 303 US 444, 452
>(1938), where the court held:
>
> The liberty of the press is not confined to newspapers and periodicals.
> It necessarily embraces pamphlets and leaflets....The press in its
> historical connotation comprehends every sort of publication which affords
> a vehicle of information and opinion".
[text deleted]
>One exception to the Lovell doctrine is the decision of _Brandenburg v.
>Ohio (1969), where the court ruled that no speech should be subject
>to prior restraint or criminal prosection unless it is intended
>to incite - and is likely to cause - imminent lawless action.
Mark, Brandenburg is not an exception to Lovell. Brandenburg concerns
speech, while Lovell addresses press freedoms. To my knowledge, there
has never been a case following Brandenburg in which *any* publication
has been held to be intended to cite and likely to cause "imminent
lawless action."
To be likely to cause "imminent lawless action," a communication
has to give the reader/hearer no chance to reflect before acting.
Yet printed material invariably allows an interval for reflection.
This explains why no printed material (again, to my knowledge) has
ever been held by the Supreme Court to be likely to cause "imminent
lawless action."
>However, it must be conceded that computer publications should, and no doubt
>will be, subject to some forms of restriction. But in what manner will these
>restrictions be expressed?
It is not conceded that these restrictions will be any different from
those that apply to newspapers, however--restrictions such as those
against defamation, obscenity, or copyright infringement.
>Newspaper publishers have fewer restrictions than do radio and television
>broadcasters (who are subject to licensing and content regulations). Peretti
>views computer publications as similar to newspapers, and as such
>should be subjected to only minimal limitations.
It should be noted that the restrictions on radio and television are a
function of an affirmative, statutory regulatory scheme. No such scheme
has ever been proposed with regard to computer communications, and it is
unlikely that there ever will be one. Regulation of broadcasting is
justified in terms of "scarcity" and of the "pervasiveness" of the medium.
Yet computer communication resources are not scarce (quite the opposite,
in fact), and they are not pervasive the way broadcasting is (that is,
there is no risk in computer communication that corresponds to the risk
that a child might hear something unwillingly on the radio or TV).
>However, the scope of protection accorded to computer publications is unclear
>to say the least. That this is so is evidenced by the attemted Neidorf
>prosecution. That the editor of a magazine which provided information to
>a group of computer enthusiasts sharing similar interests was brought to
>trial is a sorry indictment (no pun intended) on the civil liberties record
>of the United States.
The Neidorf case does not say anything about the scope of protection
accorded to computer publication. In the United States, the mere fact
that someone has been prosecuted has no significance in determining
whether or not that prosecution was based on a correct understanding of
the law.
>However, until time, energy and resources are engaged in an effort to clear
>the murkied waters surrounding the application of existing laws and civil
>liberties in Cyberspace, one wonders how many other computer publishers might
>suffer a similar fate?
Increasingly, law-enforcement agents and prosecutors are acknowledging
that computer communication is protected by the First Amendment. During my
frequent speeches to law-enforcement groups, I have noticed that few
if any argue these days that computer communication is less worthy of
First Amendment protection.
--Mike
--
Mike Godwin, |"In broadcasting, freedom of the speech and of the
mnemonic@eff.org | press has been compromised.... Full, robust citizen
(617) 864-0665 | participation in a democratic forum casts only a
EFF, Cambridge | shadow on the tube." --Ithiel de Sola Pool
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: Computer Publications and the First Amendment
Message-ID: <1992Jan16.181629.25987@m.cs.uiuc.edu>
References: <1992Jan16.141211.2349@darwin.ntu.edu.au>
Date: Thu, 16 Jan 1992 18:16:29 GMT
neely_mp@darwin.ntu.edu.au (Mark Neely, NTU Law School) writes:
>I'd like to express a few thoughts and concerns that arose as a result of
>reading a paper entitled "Computer Publications and the First Amendment", by
>Brian J. Peretti (to be published in _Computers and the Law_, by Ronald
>Polanski)
[...]
>What constitutes a "computer publication" is denoted by a fairly strict set
>of criteria.
Why? I would think that hybrid publications deserve protection, too.
[...]
>In support of this, he cites _Lovell v. City of Griffin_ Ga 303 US 444, 452
>(1938), where the court held:
>
> The liberty of the press is not confined to newspapers and periodicals.
> It necessarily embraces pamphlets and leaflets....The press in its
> historical connotation comprehends every sort of publication which affords
> a vehicle of information and opinion".
Has this decision been influential (used in other decisions)?
>Such protection has been extended to motion pictures and even to computer
>bulletin board services (BBS): Legi-Tech v. Keiper 766 F.2d 728, 734-35
>(2d. Cir 1985).
Does anyone know the details of _Legi-Tech v. Keipler_?
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
--------------------
--
Helen C. O'Boyle | Co-moderator, Computers and Academic Freedom list
helen@eff.org | << insert usual disclaimer here... my opinions
isy5hob@cabell.vcu.edu | are mine alone, not EFF's or VCU's, etc. >>
From warnold Tue Dec 10 02:51:12 1991
Received: by eff.org id AA18515
(5.65c/IDA-1.4.4 for cafb-list@eff.org); Tue, 10 Dec 1991 07:51:22 -0500
From cafnews Fri Dec 13 16:15:02 1991
From: tjw+@cis.pitt.edu (Terry J. Wood)
Subject: Re: There is No Such Thing (was: Pornography)
Message-ID: <406@blue.cis.pitt.edu.UUCP>
Date: 16 Jan 92 18:35:52 GMT
In article <1992Jan15.231155.26434barry@netcom.COM> barry@netcom.COM (Kenn Barry) writes:
>In article <62391@netnews.upenn.edu> jmoore@tucker.cis.upenn.edu (Joseph Moore) writes:
>>But the line needs to
>>be drawn, and why not start with the material that in the majority of
>>people's mind's is way across it.
> No lines needed, Joe, nor is there any "majority of people"
>standing behind you to cheer your line-drawing fetish on. Most of the
>time, when the censors try to snuff a new target, juries just say no,
>thank goodness.
You'd be amazed (or maybe not) at where some people would like to draw
the line. I get requests (demands) to revoke people's accounts here
at the Univ of Pgh at regular intervals. [When this new news-server
machine becomes available to the Pitt public, I'm sure I'm going to
see even more requests].
CERT (the Computer Emergency Response Team) asked me to investigate an
account here at Pitt (PUBLIC@vms.cis.pitt.edu) because someone at Penn
State was offended by what PUBLIC posted in a French speaking mailing
list. They would not tell me who the person was at PSU, nor could they
tell me what was so offensive, since the posting in question was in French.
I translated the posting and found it to be a discussion about whether
French or English should be the primary language of Quebec. I guessed the
offensive part of the message was "people like you should be sat in front
of a cannon and I'll piss on your grave..." (or at least that's how I
think it translated).
In any case, I could not see what the problem was.
CERT informed me that the reader WAS OFFENDED!!! My reply: "So what?
It's his/her god given right to be offended. Show me something that's
obscene or breaks a law (makes a threat to do bodily harm)".
In other words it appeared to be the usual type of political discussion
with the obvious flames that come with them.
I believe that such discussion is in keeping with the purpose of mailing
lists. Now if this had been posted to rec.cooking or sci.aquaria, I could
see where they users of the group would have a beef. Similarly, if
someone is trying to shut a newsgroup/mailing-list down via other forms of
harassment, I think it's appropriate to revoke an account.
But honest debate is no reason to shut down an account. Especially when
the loser of the debate is making the demand! ;-)
I did pull the account PUBLIC, but for the reason that the account had
been forged! (I found some BITNET hackers had gotten an FAIS
adminstrator's password and authorized the account).
[Hacker's take note: If you have too high of a profile, you'll get
caught. Theft of services is a crime in PA, whether you check into a
hotel and don't pay, or take Cable TV and don't pay, or create a computer
account and don't pay].
But if I PERSONALLY were to draw these "lines", I guess I'd start with
most of USENET. People who don't respect the First Amendment OFFEND ME!
Off with their heads!
Terry
--
INTERNET: tjw+@pitt.edu BITNET: TJW@PITTVMS
"Laugh while you can, Monkey Boy!" - Various characters from Buckaroo Banzai
"I've been dead before" - Mr. Spock
From cafnews Fri Dec 13 16:15:02 1991
From: greeny@top.cis.syr.edu (Jonathan Greenfield)
Subject: Re: A British tv report on censorship in USA
Message-ID: <1992Jan16.191015.10513@newstand.syr.edu>
Date: Thu, 16 Jan 92 19:10:15 EST
I'm reposting this because I understand that it didn't make it outside of
SU. My apologies if you have seen this before.
In article <1992Jan13.171845.26430@m.cs.uiuc.edu> kadie@m.cs.uiuc.edu (Carl M. Kadie) writes:
>>Unfortunately for the principle of "Freedom of Speech", the Supreme
>>Court has said that the definition of "obscenity" is a local matter.
>>That means that each community may define "obscenity" any way it
>>likes.
>
>The Supreme Court's definition of obscenity (the so-called _Miller_
>test) is:
>1) must appeal to the prurient interest
>2) must describe sexual conduct in a way that is "patently offensive"
>to community standards
>and
>3) when taken as a whole, it "must lack serious literary, artistic,
>political, or scientific value"
>
>Note that only "patently offensiveness" is decided by community
>standards.
It should also be noted that local community's do NOT have total control
over the definition of "patently offensive."
In the 1974 case of Jenkins v. Georgia the SC unanimously overturned an
Albany, Georgia's court decision that "Carnal Knowledge" (the highly-
acclaimed Jack Nicholson film from 1971) was obscene, in a decision that
"clarified" (modified) the 1973 decisions of Miller v. California and
Paris Adult Theatre v. Slaton.
In the court's opinion, Justice Rehnquist wrote, "it would be a serious
misunderstanding of Miller to conclude that juries have unbridled discretion
in determining what is 'patently offensive.'"
The opinion further stated the court's expectation that appelate courts,
would necessarily be needed to protect non-obscene material from local
communities attempting to ban it as obscene.
In a concurring decision, Brennan, Marshall, and Douglas (all of whom
dissented in the Miller case), renewed their argument that the standard
created by Miller ultimately left only the SC to make determinations of
what was obscene, and as such was completely impractical.
greeny greeny@top.cis.syr.edu
"What's the difference between an orange?"
From cafnews Fri Dec 13 16:15:02 1991
From: cnh5730@maraba.tamu.edu (Charles Herrick)
Subject: CERT Pissed about Piss on a Grave (was: There is No Such Thing (was: Pornography))
Message-ID: <7729@tamsun.tamu.edu>
Date: 16 Jan 92 20:23:06 GMT
Terry J. Wood writes
[... munch ...]
> You'd be amazed (or maybe not) at where some people would like to draw
> the line.
[... munch some more ...]
> CERT (the Computer Emergency Response Team) asked me to investigate an
> account
[...]
> They would not tell me who the person was at PSU, nor could they
> tell me what was so offensive
[...]
> the offensive part of the message was "people like you should be sat
> in front of a cannon and I'll piss on your grave..."
[...]
> CERT informed me that the reader WAS OFFENDED!!! My reply: "So what?
> It's his/her god given right to be offended. Show me something that's
> obscene or breaks a law (makes a threat to do bodily harm)".
Aside from the fact that a prestigious and powerful group such as CERT is
choosing to involve itself in such a clearly repressive action (shudder,
shudder)
1) How do you determine what is obscene?
2) Is a threat against the law?
Seems to me you hear these days that lots of (you pick the aspersive
descriptor) threaten people and the local brown-shirts claim they can't do
anything until the person does something "physical."
Chuck Herrick
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: There is No Such Thing (was: Pornography)
Message-ID: <1992Jan16.214344.13549@m.cs.uiuc.edu>
References: <695442470@lear.cs.duke.edu> <62391@netnews.upenn.edu> <1992Jan15.231155.26434barry@netcom.COM> <406@blue.cis.pitt.edu.UUCP>
Distribution: na
Date: Thu, 16 Jan 1992 21:43:44 GMT
tjw+@cis.pitt.edu (Terry J. Wood) writes:
>In article <1992Jan15.231155.26434barry@netcom.COM> barry@netcom.COM (Kenn Barry) writes:
[...]
>You'd be amazed (or maybe not) at where some people would like to draw
>the line. I get requests (demands) to revoke people's accounts here
>at the Univ of Pgh at regular intervals. [When this new news-server
>machine becomes available to the Pitt public, I'm sure I'm going to
>see even more requests].
[...]
>But if I PERSONALLY were to draw these "lines", I guess I'd start with
>most of USENET. People who don't respect the First Amendment OFFEND ME!
[...]
Thanks for standing up to the bullies.
At most universities the line has already been drawn in favor of
freedom of expression. Very few public universities have speech
restrictions. The speech restrictions that were recently put in are
being struck down by the courts. For example, in _UWM Post V. U. of
Wisconsin_, the federal judge strict down a "discriminatory
harassment" rule that had been applied against a student because of
email that he sent. The judge's decision concludes:
"The founding fathers of this nation produced a remarkable document in
the Constitution but it was ratified only with the promise of the Bill
of Rights. The First Amendment is central to our concept of freedom.
The God-given "unalienable rights" that the infant nation rallied to
in the Declaration of Independence can be preserved only if their
application is rigorously analyzed.
The problems of bigotry and discrimination sought to be addressed here
are real and truly corrosive of the educational environment. But
freedom of speech is almost absolute in our land and the only
restriction the fighting words doctrine can abide is that based on the
fear of violent reaction. Content-based prohibitions such as that in
the UW Rule, however well intended, simply cannot survive the
screening which our Constitution demands."
Even when speech or action *does* go over the line, student and
faculty users should not just be kicked off. Just as a student has a
right to hearing before being expelled from a class, a student should
be able to ask for a hearing before being expelled from the computer
system.
For more info, see
ftp.eff.org:pub/academic/law/uwm-post-v-u-of-wisconsin
ftp.eff.org:pub/academic/law/goss-v-lopez.fischer
ftp.eff.org:pub/academic/law/README
ftp.eff.org:pub/academic/README
ftp.eff.org:pub/academic/faq/README
These files are also available via email. Send email to archive-server@eff.org.
Include the lines: "help" and "index".
- Carl Kadie
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: CERT Pissed about Piss on a Grave (was: There is No Such Thing (was: Pornography))
Message-ID: <1992Jan16.232419.31262@m.cs.uiuc.edu>
References: <406@blue.cis.pitt.edu.UUCP> <7729@tamsun.tamu.edu>
Date: Thu, 16 Jan 1992 23:24:19 GMT
cnh5730@maraba.tamu.edu (Charles Herrick) writes:
[...]
> 1) How do you determine what is obscene?
[...]
Most sexual material is not obscene and is constitutionally protected.
If you are at a university, one source of guidance is your library.
My university owns _American Psycho_, _Playboy_, _The Joy of Sex_
(original, more, gay, and lesbian) _Last Tango in Paris_ (the book,
the screenplay, the motion picture, and the sound track). It also owns
material entitled _Fuck You_ and _Fuck the War_.
I assume that none of this material is obscene and that any net
material that is "milder" than this material is constitutionally
protected.
- Carl
p.s. There is a collection of American Library Association policy
statements available via anonymous ftp at
ftp.eff.org:pub/academic/library.
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From cafnews Fri Dec 13 16:15:02 1991
From: comp-academic-freedom-talk
Reply-To: comp-academic-freedom-talk
Precedence: bulk
To: comp-academic-freedom-talk
Errors-To: comp-academic-freedom-talk-request
Date: Fri, 17 Jan 1992 15:00:27 -0500
X-Digest-Sender: "William W. Arnold"
Message-Id: <199201172000.AA20445@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Computers and Academic Freedom mailing list (batch edition)
Fri Jan 17 14:59:40 EST 1992
[For information on how to get a much smaller edited version of the
list, send email to archive-server@eff.org. Include the line:
send acad-freedom caf
- Billy ]
In this issue:
kadie@cs.uiuc.edu : (soc.men) Re: There is No Such Thing (was: Pornography)
kadie@m.cs.uiuc.ed : Re: There is No Such Thing (was: Pornography)
kadie@cs.uiuc.edu : (comp.org.eff.talk, et al.) Re: Computer Publications and
kadie@cs.uiuc.edu : (soc.men) CERT Pissed about Piss on a Grave (was: There is
kadie@m.cs.uiuc.ed : Re: CERT Pissed about Piss on a Grave (was: There is No S
kadie@cs.uiuc.edu : (alt.censorship) Re: A British tv report on censorship in
NEELY MP@DARWIN.NT : Computer publications...
whelan@sbphy.physi : Re: The USENET pornographic network
ooi@mace.cc.purdue : RE: conference
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
From cafnews Fri Jan 01 00:00:00 1970
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200201.AA00302@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 19 Jan 92 14:01:42 GMT
From cafnews Fri Jan 01 00:00:00 1970
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA21033@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 19 Jan 92 14:02:12 GMT
From cafnews Fri Jan 01 00:00:00 1970
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA06766@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Date: 19 Jan 92 14:02:25 GMT
From cafnews Fri Jan 01 00:00:00 1970
From: tk@ai.mit.edu (Tom Knight)
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 23:27:15 GMT
In article <20731@dog.ee.lbl.gov> leres@ace.ee.lbl.gov (Craig Leres) writes:
Brian Harvey writes:
> Your site probably has dialup ports for the use of your staff. Some
> cracker could call up your modem and then attempt to get access to your
> system. If that happened, you might ask the phone company to help you
> track down the guilty party, and you'd expect them to cooperate. But
> you WOULDN'T agitate for shutting down the phone company because they
> allow anybody to use the telephone network. You wouldn't even agitate
> for shutting down public-access coin phones.
A cracker dialing in can only make login attempts. Worst case, he can
automate the attacks. But he can't use finger to learn the usernames of
valid accounts. He can't exploit bugs in network daemons. He can do all
of this (and more) when he logs into terminus...
I think you people aren't going far enough. Do you realize how
dangerous the possession of CASH could be in the hands of criminals?
Why there are all sorts of evil things they could do with it, and it
wouldn't even be traceable. They could buy drugs, bribe people,
purchase pornography, or even contribute to the ACLU without ANY
accountability. Why, the paragons of network purity couldn't even
find out who it was that was doing these things. Perhaps we should
outlaw cash, or at the very least require banks to report transactions
greater than $10K.
There are people in this world who think the most important thing is
allowing people freedom to do things, and who accept the fact that
some will abuse this privilege, and there are others who think their
job is to prevent us all from doing anything. Which do you prefer to
be?
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: Computer publications...
Message-ID: <920117103003.21401617@DARWIN.NTU.EDU.AU>
Sender: NEELY_MP@DARWIN.NTU.EDU.AU
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:30:03 GMT
Approved: usenet@eff.org
Lines: 59
This is a reply to my original posting entitled "Computer Publications
and the First Amendment" to the ethics-l mailing list. I thought CAF readers
would be interested in some of the points raised by it.
Mark N.
>Reply-To: Discussion of Ethics in Computing
>From: Jim Porter
>
>Just to further muddy already murky waters ... The
>Peretti article suggests that electronic publications
>are subject to the set of laws covering public media like
>printed press, radio, and television. It's not at all clear to
>me that electronic publications belong in any of these categories ...
>though maybe they do given Peretti's restrictive definition of "computer
>publication."
>
>The definition still leaves a lot unanswered: e.g., is any e-mail
>posting a "computer publication"? It strikes me that individual
>e-mail postings might be more appropriately treated as telephone
>conversations rather than as public media. What happens when an
>individual posting is entered into an electronic journal
>(like often happens with Computers & Composition Digest)?
>
>We're into the question of which analogy--and hence, which
>body of law--best fits electronic text: public media, whether
>broadcast or print; telephone conversation (which I imagine
>affords a greater protection for privacy); or something
>else (private speech, general print)? I'm not sure that
>cozying up to public media is the best tactic for
>advocates of electronic publication--but I'd like to hear
>more discussion of the issue.
>
>Other thought: One way (the Peretti way) to look at electronic
>publication is to regard the communication channel as the
>significant factor in determining its legal status: from that
>point of view, electronic material looks like a public medium
>that needs controlling. Another view (the one I'm favoring
>at the moment) looks not at the communication channel so
>much as the individual node (the posting, which we might
>call a "text"?). From that angle, electronic text looks
>more a private statement ... though maybe the law will
>not permit us to overlook its method of wide distribution.
>(Question: what status does the letter to the editor of
>a newspaper have? Could an individual e-mail post have
>similar status?)
>
>Thanks to Mark Neely for posting his thoughts about the
>Peretti article.
>
>Jim Porter
>Purdue University
>ooi@mace.cc.purdue.edu
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From caf-talk Caf Jan 17 00:00:00 1992
Path: eff!iWarp.intel.com|uunet!usc!sdd.hp.com!network.ucsd.edu!ucsbcsl!sbphy.physics.ucsb.edu!whelan
From: whelan@sbphy.physics.ucsb.edu (John T. whelan)
Newsgroups: alt.sex.bondage,alt.comp.acad-freedom.talk
Subject: Re: The USENET pornographic network
Message-ID:
Date: 16 Jan 92 22:43:44 GMT
References: <1991Dec20.182121.24027@m.cs.uiuc.edu>> <1992Jan5.023936.10850@eff.org>
Sender: news@ucsbcsl.ucsb.edu
Followup-To: alt.sex.bondage
Lines: 18
schwae@aix.rpi.edu (Eric A. Schwartz) writes:
>In article <1992Jan5.023936.10850@eff.org>
kadie@eff.org (Carl M. Kadie) writes:
>>access it? Boston University prohibits its users from transmitting
>>"offensive material". [ftp.eff.org:pub/academic/policies/bostonu.edu]
>"I download no material that I find offensive. Therefore, what I downloaded
>was not offensive, and only became so when you found out that I downloaded
>it. In conclusion, university rules state that you must cease to exist."
Hey, it would work on Star Trek. :-)
--
"Have you *been* to California?
Do you *know* the sort of stuff they do there?"
-- Arthur Dent, _So_Long,_
_and_Thanks_for_All_the_Fish_
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: ooi@mace.cc.purdue.edu (Jim Porter)
Subject: RE: conference info?
Message-ID: <9201171816.AA29692@mace.cc.purdue.edu>
Sender: ooi@mace.cc.purdue.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 18:16:06 GMT
Approved: usenet@eff.org
Lines: 9
Thanks to all who responded to my call for information about
upcoming conferences. I got the information I wanted
about the 1992 CFP Conference ... but so far no information
about the 1993 CFP, or about the 1993 conference on electronic
networking and publishing. Probably it's just too early ...
plans for those conferences may not be in place yet.
Jim Porter
ooi@mace.cc.purdue.edu
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [soc.men] Re: CERT Pissed about Piss on a Grave
Message-ID: <9201171845.AA14953@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 06:45:35 GMT
Approved: usenet@eff.org
Lines: 52
From caf-talk Caf Jan 17 00:00:00 1992
From: tjw+@cis.pitt.edu (Terry J. Wood)
Newsgroups: soc.men
Subject: Re: CERT Pissed about Piss on a Grave
Message-ID: <440@blue.cis.pitt.edu.UUCP>
Date: 17 Jan 92 04:31:06 GMT
Aside that I think CERT does more good...
In article <7729@tamsun.tamu.edu> cnh5730@maraba.tamu.edu (Charles Herrick) writes:
>Aside from the fact that a prestigious and powerful group such as CERT is
>choosing to involve itself in such a clearly repressive action (shudder,
>shudder)
> 1) How do you determine what is obscene?
That's a good question. I'll let you know when I find out. (I'll leave
that to the my manager and the University when they tell me). I'm sure
the library could help us out here. (This is a good question -- one
which I've posed to my manager btw. We may have to consult with one
of our user groups for help).
> 2) Is a threat against the law?
> Seems to me you hear these days that lots of (you pick the aspersive
>descriptor) threaten people and the local brown-shirts claim they can't do
>anything until the person does something "physical."
Well, I'm sure if you pick up the telephone and threaten somebody, the
local "boys in blue" (how sexist!) will pay you a visit. Or at least
you can obtain a PFA order.
If someone were to use their account for threats, (and I could demonstrate
that it did indeed come from their account) I would have no problem in
shutting down the account. They would have to deal with the other legal
problems of their actions.
In my original posting, I was just pointing out that I was surprised that
CERT would inquire about having the account investigated without even
knowing what was so "offensive". When I informed them that the message
appeared to be political in nature and that I considered the matter closed,
they let it drop.
If my user had threatened to shoot the other user (as opposed to sitting
him in front of a cannon), I'm sure my reaction would have been different.
Terry
--
INTERNET: tjw+@pitt.edu BITNET: TJW@PITTVMS
"Laugh while you can, Monkey Boy!" - Various characters from Buckaroo Banzai
"I've been dead before" - Mr. Spock
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201172200.AA22671@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:00:20 GMT
Approved: usenet@eff.org
Lines: 36
From caf-talk Caf Jan 17 00:00:00 1992
From: bonnett@seismo.CSS.GOV (H. David Bonnett)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <50328@seismo.CSS.GOV>
Date: 17 Jan 92 19:00:03 GMT
In article , ckd@eff.org (Christopher Davis) writes:
|>Dan> == Dan Bernstein
|>Dan> TERMINUS.LCS.MIT.EDU is an open terminal server. It lets anyone dial in.
|>Dan> The phone numbers are public. It lets everyone connect out, to any site
|>Dan> on the Internet.
|>
|> Unless you mail terminus-admin@lcs.mit.edu and ask them to block your
|> network. We did. That's a simple, direct way of solving the problem.
Why should the burden of this be on the individual domains?
By the time you realize that this is a problem, it is after the
occurence of a breakin or at least an attempt.
My understanding of the NSFNET policy (and possibly that of other
network providers) is that unrestricted terminal servers are
considered "bad" are therefore not permitted. MIT hangs directly off
NSFNET, so why has this situation continued if people have complained?
(Of course, it took a local attack to close off prep/pogo/etc at
ai.mit.edu, if my memory serves me correctly)
-dave bonnett- Center for Seismic Studies; Arlington, VA
bonnett@seismo.css.gov : All standard disclaimers apply.
--
-dave bonnett- Center for Seismic Studies; Arlington, VA
bonnett@seismo.css.gov : All standard disclaimers apply.
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201172200.AA20636@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:00:30 GMT
Approved: usenet@eff.org
Lines: 46
From caf-talk Caf Jan 17 00:00:00 1992
From: ecd@cert.sei.cmu.edu (Edward DeHart)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <864@cert.sei.cmu.edu>
Date: 17 Jan 92 19:27:38 GMT
In article <13758.Jan1715.05.0292@virtualnews.nyu.edu>, brnstnd@nyu.edu (Dan Bernstein) writes:
> I have seen firsthand at least three major cracking attempts hidden
> behind the shield of TERMINUS.LCS.MIT.EDU.
The problem is much larger than three cracking attempts.
> I know people have complained at MIT. I know people have complained at
> CERT. I haven't seen a peep out of either of them.
Unfortunatly, there isn't a policy about open terminal servers. This is
why the CERT hasn't posted about terminus. We do talk about terminus
when giving presentations about packet filtering or TCP/IP daemon wrapper
programs.
MIT is willing to block connections to your system or domain. Send e-mail
to terminus-admin@lcs.mit.edu.
Wietse Venema's TCP/IP daemon wrapper program is available via anonymous
ftp from our cert.sei.cmu.edu system in the /pub/network_tools directory.
Add TERMINUS.LCS.MIT.EDU to the /etc/hosts.deny file.
> Say that you support the Anti-TERMINUS Alliance, and that you want open
> terminal servers banned forever from the Internet!
Without a policy to add teeth to your alliance, I'm not sure what will be
accomplished. Perhaps the biggest benefit of your post is that it will raise
awareness of terminus.
Unauthenticated access to the Internet is a problem. Instead of raising
a storm on alt.security, contact the regional network providers about
creating security policies.
Thank you,
Ed DeHart
Computer Emergency Response Team
Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m. to 6:00p.m. EST(GMT-5)/EDT(GMT-4),
and are on call for emergencies during other hours.
From caf-talk Caf Jan 17 00:00:00 1992
Xref: eff comp.org.eff.talk:6023 alt.comp.acad-freedom.talk:2880 ba.politics:2473 uc.general:17
Path: eff!iWarp.intel.com|uunet!spool.mu.edu!agate!garnet.berkeley.edu!dean2
From: dean2@garnet.berkeley.edu (Dean Pentcheff)
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk,ba.politics,ucb.general,uc.general
Subject: UC computer searches: Summary #3.
Message-ID:
Date: 18 Jan 92 00:14:42 GMT
Article-I.D.: agate.knesbiINN8d1
Sender: Dean Pentcheff
Reply-To: dean2@garnet.berkeley.edu (Dean Pentcheff)
Followup-To: comp.org.eff.talk
Organization: Department of Integrative Biology, UC Berkeley
Lines: 212
NNTP-Posting-Host: garnet.berkeley.edu
Friday Jan 17, 1992
UC computer search summary number 3.
- Dean Pentcheff (dean2@garnet.berkeley.edu)
====================================================
This is the third (and probably final) in a short series of summaries
I've provided regarding the UC's court-ordered search of files on two
of its Unix mainframe computers. I will maintain the mailing list of
interested parties, just in case something else comes up. If you have
a continuing interest in these issues, please see the end of this
summary for suggestions on where to find more information.
**Please note** This summary (and the preceeding two) are based on my
own understanding of what's going on. These are not "official"
summaries, either from the University of California, or from the
plaintiff in the case. I am not involved with the case in any
capacity except as an interested observer.
A brief summary of the case runs as follows (based primarily on a
discussion with the University counsel involved). This repeats some
information contained in earlier postings, but also corrects some
misunderstandings.
A UC student is alleged to have broken into a UC computer system. The
University has initiated disciplinary proceedings against him.
Based on due process requirements, the student's family has retained a
lawyer and computer experts and gone to court to get court orders for
certain University maintained records for the disciplinary hearing.
NOTE: the only involvement of the court is to order (or not order, as
the case may be) the University to divulge records. Contrary to my
previous postings, the student's family is not suing the University.
They are preparing a case for the University disciplinary hearing, and
are using the court purely to require the University to provide
evidence they feel is important to the hearing. There is no "discovery
procedure" involved.
The judge involved is not particularly familiar either with electronic
communications law or computers. The strategy of the student's case
seems to be to obfuscate and complicate the entire sequence of hearings
as much as possible in an attempt to nullify the whole disciplinary
action. Hence, they requested that the court order the University to
produce all University maintained student records on the student in
question.
The key question here is the interpretation of "university maintained
records." The simple interpretation of the California State Buckley
Amendment is that a student is entitled access to conventional
administrative or faculty records of their university progress. In
this case, the student's lawyers chose to push an interpretation that
made university maintained records encompass any record about the
student that exists on university maintained systems.
The student's lawyers informed the judge that it would be simple to
just have the University search _all_ backups for the mainframes for
anything relevant. The University lawyers figuratively coughed and
sputtered, saying this was _most_ impractical. The judge, unwilling
(and unable) to decide between the claims of the lawyers arguing in
front of him, ordered them out into the hall to come up with a
compromise. The lawyers bargained and came up with a deal: the
University would search some specific backups and the online disks for
files that contain the student's name.
The University fought to search only for files that contained both the
student's first and last name. The student's lawyers wanted files that
contained the first or the last name. The judge, unwilling to accept
the University's claim that the latter option would produce too much,
ordered the University to do a search to determine how much text would
actually be located by these searches.
At this point, the University posted a message on the mainframes,
telling all users that they intended to search the disks on two of the
campus mainframes for any files "that may contain a particular
individual's name..." At this point, also, the University lawyers
became aware of the Electronic Communications Privacy Act of 1986.
Considering that this case was too complicated already, realizing that
they already accepted a court order to search, and feeling that the
ECPA might not actually apply to this search, they chose not to mount a
secondary effort to stop the search.
The Electronic Frontier Foundation became interested in the case, but
discovered that they had been contacted by the plaintiff last year and
had given him some help. This provides a potential conflict of
interest, so they have been carefully investigating their options.
At this point, the University has proceeded with the search, as ordered
by the court (though I'm not sure whether it's the first and last name
search or the first or last name search). The files that are located
by this procedure will be inspected. Any that are not relevant to the
disciplinary proceeding will not be divulged. If, for example,
someones mailbox file with 50 letters in it is a "hit", only the
individual letters that are relevant to the case will be extracted and
printed. All interaction with the court is complete. The disciplinary
hearing itself will occur in a few weeks.
What's the upshot? Files (including electronic mail files) on two
mainframes at UC Berkeley have been electronically searched (under
court order) for a particular character string. The University
resisted the search, not on grounds of protection of privacy, but
simply on the grounds of undue burden.
The next few paragraphs summarize my own reactions to the incident, and
are no longer "news" summaries.
The clearest lesson of this incident is the exposure of lack of
knowledge of information privacy issues. This applies both to the the
court and to the University counsel's office. Apparently the judge
involved (who is nearing retirement), asked the lawyers to send him a
letter, once he's retired, explaining what was _really_ being argued in
front of him, since it clearly had little to do with a simple minded
request for student records.
The "moral" of the story is that the EFF, the Association for Computing
Machinery, and other organizations definitely have an important job
ahead of them. We need clear policies and leadership on issues of
electronic privacy. We definitely need to educate the legal
profession, legislators, and the general public on these issues.
Actual damage to users' privacy? Pretty minimal (in my opinion). The
University computer center has done its best to be as nonintrusive as
possible while still complying with the court order.
Theoretical damage to users' privacy? Perhaps not so minimal. As
students, faculty, or staff using the University's mainframes, what
expectation of privacy do we have? Technically, it is trivial for
anyone with systems privilege to go on a fishing expedition for any
character string. Under what circumstances, though, is this
permissible? The issues in this case (users' privacy vs. right of
access to records) are not clear cut. What constitutes a university
record of a student? What legal protection's do computer user's files
have? I don't know. Nor does the University legal staff, the local
courts, or the University computer administration. I find that
disturbing.
========================================================================
Further sources of information on issues of electronic privacy and freedom
of information.
************************************************************
THE ELECTRONIC FRONTIER FOUNDATION
"The Electronic Frontier Foundation has been established to civilize
the electronic frontier; to make it useful and beneficial not just to a
technical elite, but to everyone; and to do this in keeping with our
society's highest traditions of the free and open flow of information
and communication."
You can request to be added to the EFF mailing list by sending a note
to "eff-request@eff.org". Alternatively, you can subscribe to the
moderated Usenet newsgroup "comp.org.eff.news" (which carries
everything sent out on the mailing list). You are also welcome to
participate in the unmoderated Usenet news group "comp.org.eff.talk".
You can get more information about the EFF via anonymous FTP from the
site "eff.org" (Internet number 192.88.144.3). Send electronic mail to
"ftphelp@eff.org" if you have questions or are unable to use FTP.
EFF ADDRESS:
The Electronic Frontier Foundation, Inc.
155 Second Street
Cambridge, MA 02142
+1 617 864 0665
+1 617 864 0866 FAX
THE EFF STAFF:
Mitchell Kapor, President and Co-founder (mkapor@eff.org);
John Perry Barlow, Co-founder (barlow@eff.org);
Michael Godwin, General Counsel (mnemonic@eff.org);
Gerard Van der Leun, Director of Communications (van@eff.org);
Christopher Davis, System Administrator (ckd@eff.org);
Helen Rose, System Administrator (hrose@eff.org);
Rita Rouvalis, Administrator (rita@eff.org)
THE EFF BOARD OF DIRECTORS:
Jerry Berman, John Perry Barlow, Stewart Brand, Esther Dyson, John
Gilmore, Mitchell Kapor, Steve Wozniak.
************************************************************
USENET NEWSGROUPS
If you subscribe to Usenet news, there are several newsgroups that may
be of interest to you:
comp.risks
A long running, well respected, moderated group that deals with
the risks of computers in society.
comp.org.eff.talk
Discussions of privacy and freedom of information in the
computer age.
comp.org.eff.news
Moderated group of the Electronic Frontier Foundation.
alt.comp.acad-freedom.talk
alt.comp.acad-freedom.news
Two other newsgroups dealing with issues of academic freedom.
If you don't know what Usenet news is, but are reading this message via
electronic mail, there's a good chance that your system supports the
Usenet news, but you just don't know about it. Check for information
about the "rn" command, or ask your systems administrator how you can
subscribe to Usenet news.
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@eff.org (Carl M. Kadie)
Subject: [] Summary 3. UC searches.
Message-ID: <199201180034.AA27965@eff.org>
Sender: kadie
Organization: EFF mail-news gateway
Date: 17 Jan 92 14:34:39 GMT
Approved: usenet@eff.org
Lines: 214
From caf-talk Caf Jan 17 00:00:00 1992
Date: Fri, 17 Jan 92 15:35:27 -0800
From: dean2@garnet.berkeley.edu (Dean Pentcheff)
Message-Id: <9201172335.AA14618@garnet.berkeley.edu>
Subject: Summary 3. UC searches.
Friday Jan 17, 1992
UC computer search summary number 3.
- Dean Pentcheff (dean2@garnet.berkeley.edu)
====================================================
This is the third (and probably final) in a short series of summaries
I've provided regarding the UC's court-ordered search of files on two
of its Unix mainframe computers. I will maintain the mailing list of
interested parties, just in case something else comes up. If you have
a continuing interest in these issues, please see the end of this
summary for suggestions on where to find more information.
**Please note** This summary (and the preceeding two) are based on my
own understanding of what's going on. These are not "official"
summaries, either from the University of California, or from the
plaintiff in the case. I am not involved with the case in any
capacity except as an interested observer.
A brief summary of the case runs as follows (based primarily on a
discussion with the University counsel involved). This repeats some
information contained in earlier postings, but also corrects some
misunderstandings.
A UC student is alleged to have broken into a UC computer system. The
University has initiated disciplinary proceedings against him.
Based on due process requirements, the student's family has retained a
lawyer and computer experts and gone to court to get court orders for
certain University maintained records for the disciplinary hearing.
NOTE: the only involvement of the court is to order (or not order, as
the case may be) the University to divulge records. Contrary to my
previous postings, the student's family is not suing the University.
They are preparing a case for the University disciplinary hearing, and
are using the court purely to require the University to provide
evidence they feel is important to the hearing. There is no "discovery
procedure" involved.
The judge involved is not particularly familiar either with electronic
communications law or computers. The strategy of the student's case
seems to be to obfuscate and complicate the entire sequence of hearings
as much as possible in an attempt to nullify the whole disciplinary
action. Hence, they requested that the court order the University to
produce all University maintained student records on the student in
question.
The key question here is the interpretation of "university maintained
records." The simple interpretation of the California State Buckley
Amendment is that a student is entitled access to conventional
administrative or faculty records of their university progress. In
this case, the student's lawyers chose to push an interpretation that
made university maintained records encompass any record about the
student that exists on university maintained systems.
The student's lawyers informed the judge that it would be simple to
just have the University search _all_ backups for the mainframes for
anything relevant. The University lawyers figuratively coughed and
sputtered, saying this was _most_ impractical. The judge, unwilling
(and unable) to decide between the claims of the lawyers arguing in
front of him, ordered them out into the hall to come up with a
compromise. The lawyers bargained and came up with a deal: the
University would search some specific backups and the online disks for
files that contain the student's name.
The University fought to search only for files that contained both the
student's first and last name. The student's lawyers wanted files that
contained the first or the last name. The judge, unwilling to accept
the University's claim that the latter option would produce too much,
ordered the University to do a search to determine how much text would
actually be located by these searches.
At this point, the University posted a message on the mainframes,
telling all users that they intended to search the disks on two of the
campus mainframes for any files "that may contain a particular
individual's name..." At this point, also, the University lawyers
became aware of the Electronic Communications Privacy Act of 1986.
Considering that this case was too complicated already, realizing that
they already accepted a court order to search, and feeling that the
ECPA might not actually apply to this search, they chose not to mount a
secondary effort to stop the search.
The Electronic Frontier Foundation became interested in the case, but
discovered that they had been contacted by the plaintiff last year and
had given him some help. This provides a potential conflict of
interest, so they have been carefully investigating their options.
At this point, the University has proceeded with the search, as ordered
by the court (though I'm not sure whether it's the first and last name
search or the first or last name search). The files that are located
by this procedure will be inspected. Any that are not relevant to the
disciplinary proceeding will not be divulged. If, for example,
someones mailbox file with 50 letters in it is a "hit", only the
individual letters that are relevant to the case will be extracted and
printed. All interaction with the court is complete. The disciplinary
hearing itself will occur in a few weeks.
What's the upshot? Files (including electronic mail files) on two
mainframes at UC Berkeley have been electronically searched (under
court order) for a particular character string. The University
resisted the search, not on grounds of protection of privacy, but
simply on the grounds of undue burden.
The next few paragraphs summarize my own reactions to the incident, and
are no longer "news" summaries.
The clearest lesson of this incident is the exposure of lack of
knowledge of information privacy issues. This applies both to the the
court and to the University counsel's office. Apparently the judge
involved (who is nearing retirement), asked the lawyers to send him a
letter, once he's retired, explaining what was _really_ being argued in
front of him, since it clearly had little to do with a simple minded
request for student records.
The "moral" of the story is that the EFF, the Association for Computing
Machinery, and other organizations definitely have an important job
ahead of them. We need clear policies and leadership on issues of
electronic privacy. We definitely need to educate the legal
profession, legislators, and the general public on these issues.
Actual damage to users' privacy? Pretty minimal (in my opinion). The
University computer center has done its best to be as nonintrusive as
possible while still complying with the court order.
Theoretical damage to users' privacy? Perhaps not so minimal. As
students, faculty, or staff using the University's mainframes, what
expectation of privacy do we have? Technically, it is trivial for
anyone with systems privilege to go on a fishing expedition for any
character string. Under what circumstances, though, is this
permissible? The issues in this case (users' privacy vs. right of
access to records) are not clear cut. What constitutes a university
record of a student? What legal protection's do computer user's files
have? I don't know. Nor does the University legal staff, the local
courts, or the University computer administration. I find that
disturbing.
========================================================================
Further sources of information on issues of electronic privacy and freedom
of information.
************************************************************
THE ELECTRONIC FRONTIER FOUNDATION
"The Electronic Frontier Foundation has been established to civilize
the electronic frontier; to make it useful and beneficial not just to a
technical elite, but to everyone; and to do this in keeping with our
society's highest traditions of the free and open flow of information
and communication."
You can request to be added to the EFF mailing list by sending a note
to "eff-request@eff.org". Alternatively, you can subscribe to the
moderated Usenet newsgroup "comp.org.eff.news" (which carries
everything sent out on the mailing list). You are also welcome to
participate in the unmoderated Usenet news group "comp.org.eff.talk".
You can get more information about the EFF via anonymous FTP from the
site "eff.org" (Internet number 192.88.144.3). Send electronic mail to
"ftphelp@eff.org" if you have questions or are unable to use FTP.
EFF ADDRESS:
The Electronic Frontier Foundation, Inc.
155 Second Street
Cambridge, MA 02142
+1 617 864 0665
+1 617 864 0866 FAX
THE EFF STAFF:
Mitchell Kapor, President and Co-founder (mkapor@eff.org);
John Perry Barlow, Co-founder (barlow@eff.org);
Michael Godwin, General Counsel (mnemonic@eff.org);
Gerard Van der Leun, Director of Communications (van@eff.org);
Christopher Davis, System Administrator (ckd@eff.org);
Helen Rose, System Administrator (hrose@eff.org);
Rita Rouvalis, Administrator (rita@eff.org)
THE EFF BOARD OF DIRECTORS:
Jerry Berman, John Perry Barlow, Stewart Brand, Esther Dyson, John
Gilmore, Mitchell Kapor, Steve Wozniak.
************************************************************
USENET NEWSGROUPS
If you subscribe to Usenet news, there are several newsgroups that may
be of interest to you:
comp.risks
A long running, well respected, moderated group that deals with
the risks of computers in society.
comp.org.eff.talk
Discussions of privacy and freedom of information in the
computer age.
comp.org.eff.news
Moderated group of the Electronic Frontier Foundation.
alt.comp.acad-freedom.talk
alt.comp.acad-freedom.news
Two other newsgroups dealing with issues of academic freedom.
If you don't know what Usenet news is, but are reading this message via
electronic mail, there's a good chance that your system supports the
Usenet news, but you just don't know about it. Check for information
about the "rn" command, or ask your systems administrator how you can
subscribe to Usenet news.
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: UC computer searches: Summary #3.
Message-ID: <9201181731.AA17305@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 05:31:28 GMT
Approved: usenet@eff.org
Lines: 31
From caf-talk Caf Jan 18 00:00:00 1992
From: kaminski@netcom.COM (Peter Kaminski)
Newsgroups: comp.org.eff.talk
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.045347.22065kaminski@netcom.COM>
Date: 18 Jan 92 04:53:47 GMT
From Dean Pentcheff's summary:
> In this case, the student's lawyers chose to push an interpretation
> that made university maintained records encompass any record about the
> student that exists on university maintained systems.
Unless I'm missing something, it seems to me that it's just common
sense that user files on University computers are not University
records. Administrative records, sure. But generally not user's
files.
I'll leave off the privacy issue -- the question of whether or not
user files on University computers should be "private." That's a
separate (albeit very important) issue.
But how could the University lawyers accept the proposition that
general user files on University computers are University records?
To me, that sounds like "University records are any files kept on
University property" -- including, say, file folders in a student's
dorm room.
Apparently the concept of ownership of data being distinct from
ownership of its container is not as intuitive as I'd thought.
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff comp.org.eff.talk:6030 alt.comp.acad-freedom.talk:2883
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk
Path: eff!world!uunet!caen!news.cs.indiana.edu!ux1.cso.uiuc.edu!m.cs.uiuc.edu!kadie
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.190850.13107@m.cs.uiuc.edu>
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
References: <1992Jan18.045347.22065kaminski@netcom.COM>
Date: Sat, 18 Jan 1992 19:08:50 GMT
kaminski@netcom.COM (Peter Kaminski) writes:
>Unless I'm missing something, it seems to me that it's just common
>sense that user files on University computers are not University
>records. Administrative records, sure. But generally not user's
>files.
[...]
>But how could the University lawyers accept the proposition that
>general user files on University computers are University records?
[...]
Suppose:
1. Student A has a home directory on at a computer at State U.
2. That the directory an email archive.
3. That the email archive includes email from student A to
student B about student C.
If user files are University records, it is illegal for the Univeristy
to let student A look at his or her own email archive because that
archive contains personally identifiable data on C.
From the ACLU Handbook _The Rights of Students_ by Janet R. Price, et al.,
1988, p. 138:
----------start-------
[Q:] Does a student have a right to have school records kept confidential
from outsiders?
[A:] Yes. The Buckley amendment also provides that educational
institutions must obtain the written consent of a student's parents
[or the student, if of age] before it may relase personally
identifiable data to anyone other than a specified list of persons,
such as scholl officials or teachers within the school who have a
"legitimate educational interest" in the student's records.
----------end----------
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.personals] alt.sex.erotica off UW hosts?
Message-ID: <9201182120.AA22667@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 09:20:50 GMT
Approved: usenet@eff.org
Lines: 23
From caf-talk Caf Jan 18 00:00:00 1992
From: ap.152@layout.Berkeley.EDU
Newsgroups: alt.personals
Subject: alt.sex.erotica off UW hosts?
Message-ID:
Date: 18 Jan 92 19:31:13 GMT
Hard to believe, but either an accident or fear of an impending
audit by the state has resulted in alt.sex.erotica not being
available from the University of Washington's computers. I
always thought that a.s.e offered the most tasteful (and some-
times the most droll) outlooks on human sexuality. Now it's
gone. Can anyone explain this? Looks like cheap "morality" is
on the rise.
--
To use this service, send EMAIL to:
Anonymous posting: ap.post@layout.Berkeley.EDU
Anonymous reply: @layout.Berkeley.EDU
Test path/get alias: ap.ping@layout.Berkeley.EDU
ACS administrator: ap.admin@layout.Berkeley.EDU
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201182121.AA26742@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 09:21:57 GMT
Approved: usenet@eff.org
Lines: 20
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.security
From: gardner@ux1.cso.uiuc.edu (Mike Gardner)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan18.191659.8158@ux1.cso.uiuc.edu>
Date: Sat, 18 Jan 1992 19:16:59 GMT
ecd@cert.sei.cmu.edu (Edward DeHart) writes:
>MIT is willing to block connections to your system or domain. Send e-mail
>to terminus-admin@lcs.mit.edu.
Dammit this is backwards! MIT should be only allowing access to nets/hosts
that they need to, rather than forcing every net on the Internet to take
active steps to protect themselves from TERMINUS.
CCC CCC SS OO University of Ill, Computing & Comm Services Ofc
C C S O O Michael G. Gardner, Assistant Director, 1122 DCL
C C S O O 1304 W Springfield, Urbana, Il 61801
CCC CCC SS OO (217)244-0914 FAX (217)244-7089 EMAIL mgg@uiuc.edu
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff comp.org.eff.talk:6034 alt.comp.acad-freedom.talk:2886
Path: eff!world!uunet!spool.mu.edu!news.cs.indiana.edu!ux1.cso.uiuc.edu!uxa.cso.uiuc.edu!tai50080
From: tai50080@uxa.cso.uiuc.edu (Thomas Aaron Insel)
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.210451.18989@ux1.cso.uiuc.edu>
Date: 18 Jan 92 21:04:51 GMT
Article-I.D.: ux1.1992Jan18.210451.18989
References: <1992Jan18.045347.22065kaminski@netcom.COM> <1992Jan18.190850.13107@m.cs.uiuc.edu>
Sender: usenet@ux1.cso.uiuc.edu (News)
Organization: University of Illinois at Urbana
Lines: 22
kadie@m.cs.uiuc.edu (Carl M. Kadie) writes:
>Suppose:
>1. Student A has a home directory on at a computer at State U.
>2. That the directory an email archive.
>3. That the email archive includes email from student A to
>student B about student C.
>If user files are University records, it is illegal for the Univeristy
>to let student A look at his or her own email archive because that
>archive contains personally identifiable data on C.
[reference deleted]
For that matter, if A's archive contained email from B to A in which B
discussed anything related to himself, wouldn't the same rule apply?
--
Thomas Aaron Insel (t-insel@uiuc.edu)
s-mail: URH 227 Saunders, 906 W. College, Urbana IL 61801
I speak for myself, and not for the State or University of Illinois.
Cute quote and/or drawing deleted courtesy U of I.
From caf-talk Caf Jan 18 00:00:00 1992
Path: eff!world!uunet!spool.mu.edu!agate!anarres.Berkeley.EDU!bh
From: bh@anarres.Berkeley.EDU (Brian Harvey)
Newsgroups: alt.comp.acad-freedom.talk
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 18 Jan 92 23:30:47 GMT
Article-I.D.: agate.knhe57INNmkn
References: <9201182121.AA26742@m.cs.uiuc.edu>
Organization: University of California at Berkeley
Lines: 15
NNTP-Posting-Host: anarres.berkeley.edu
The thrust of this thread seems to be that the securitroids want Internet
access restricted so that hosts can assume anyone on the net is a good guy.
Isn't that backwards and doomed to failure? Of the sixty gazillion
undergraduates with perfectly legitimate Internet access, there will always
be a few interested in cracking systems. Doesn't the burden of security
have to be on the individual connected-to host?
I suppose I should be posting this to alt.security, but (1) I don't want
to be flamed by securitroids, and (2) my real question is, can't we do
something in the political arena to defeat the growing assumption that
everyone should be paranoid by default?
This whole thing sounds about as sensible as suggesting that nobody should
be allowed to use the telephone [after all, they might have a modem] without
DoD permission.
From caf-talk Caf Jan 18 00:00:00 1992
Path: eff!world!uunet!spool.mu.edu!news.cs.indiana.edu!ux1.cso.uiuc.edu!m.cs.uiuc.edu!kadie
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Newsgroups: alt.comp.acad-freedom.talk
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.000346.13786@m.cs.uiuc.edu>
Date: 19 Jan 92 00:03:46 GMT
Article-I.D.: m.1992Jan19.000346.13786
References: <9201182121.AA26742@m.cs.uiuc.edu>
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
Lines: 31
bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>The thrust of this thread seems to be that the securitroids want Internet
>access restricted so that hosts can assume anyone on the net is a good guy.
>Isn't that backwards and doomed to failure? Of the sixty gazillion
>undergraduates with perfectly legitimate Internet access, there will always
>be a few interested in cracking systems. Doesn't the burden of security
>have to be on the individual connected-to host?
[...]
I forwarded these notes because they seem to relate to the duty that
site A owes site/net B to enforce site/net B's rules. As has been
pointed out in the past, when site A refuses to enforce site/net B's
rules, B can retaliate/protect-itself by shunning A.
The resolution of these conflicts seems to depend on the resolve and
power of A and B.
Is there a technical solution? Instead of cutting off all of MIT, how
easy would it be for NSFnet to refuse to handle traffic *from*
TERMINUS? In another scenario, how easy would it be for NSFnet to
refuse to handle traffic *to* megabyte-joke-archive.state.u.edu?
Note that these actions are not the same effect as closing down
TERMINUS and megabyte-joke-archive.state.u.edu. For one thing, the
services would still be available via other networks that may have
different rules than NSFnet.
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2889 alt.security:3059
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Path: eff!iWarp.intel.com|uunet!caen!uvaarpa!murdoch!fermi.clas.Virginia.EDU!gl8f
From: gl8f@fermi.clas.Virginia.EDU (Greg Lindahl)
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan18.235031.946@murdoch.acc.Virginia.EDU>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
References: <9201182121.AA26742@m.cs.uiuc.edu>
Date: Sat, 18 Jan 1992 23:50:31 GMT
In article bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>The thrust of this thread seems to be that the securitroids want Internet
>access restricted so that hosts can assume anyone on the net is a good guy.
Gee, and here I was under the impression that some securitroids don't
like sites that are frequently used for actual break-ins. Guess I
wasn't paying attention, or I'm not hip to the latest straw-man on the
net.
My security job has several parts: making sure the machines yI run are
secure, and assisting people who want to catch crackers who are using
my machines to get to other machines. Doing the second without
restricting legitimate work is difficult. Making fun of everyone who
might want to do so isn't very productive.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: Effect of the Compuserve decision
Message-ID: <9201191515.AA18435@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 03:15:20 GMT
Approved: usenet@eff.org
Lines: 56
From caf-talk Caf Jan 19 00:00:00 1992
From: rogue@cellar.org (Rachel McGregor)
Newsgroups: comp.org.eff.talk
Subject: Re: Effect of the Compuserve decision
Message-ID:
Date: 18 Jan 92 18:54:35 GMT
Harry.Lee@p0.f10.n396.z1.FIDONET.ORG (Harry Lee) writes:
> I wasn't clear. Consider the following two situations: let's say I get
> what you call rec.funny (?) or what we would call Humor. Let's assume that
> in the main, these conferences don't violate prevailing community standards.
> However, perhaps 1% of the traffic is questionable. You seem to be saying
> that if I post-screen, my liability is small. But in the other case, if I
> pre-screen, and I let something through that does violate prevailing
> community standards, would my liability be greater?
>
> I hope I don't seem pedantic here.
And I hope I don't blow Mike's argument.
I believe what Mike is saying (colored by my own interpretation, natch) is
that a censor bears some liability for the material he or she approves.
If you run your system with a policy of no censorship, or at least one in
which you remove offensive or illegal messages only after a complaint has
been made to you, your liability is less than if you held messages in a
pre-screening area before you released them to the bbs. There are four ways
to censor messages on a system. With each policy, your liability increases
with they level of the censor's activism.
Least activist: No censorship
2: Evaluation and/or removal of offensive messages after a user
has complained to you about them.
3: Your decision, based on your interpretation of the board's
community standards, to remove a message you've seen after a
user posted it, regardless of how long it's been visible to
the user community.
Most activist: Messages must be pre-screened by you or another user before
they will be released into the public message bases. After
a user posts a message, it is held for your next login and
approval based on your interpretation of community standards.
Censorship in the most activist case above carries the implication that if an
offensive message is posted, it reached the public because of the agreement
or negligence of the censor. Therefore, the censor can be held responsible
for the message and the effects of its release. (In no case does it absolve
the original author, though, if there is a criminal intent behind the
message.)
(Just to remind you: I'm not a lawyer, just another bitch with an opinion.)
----
Rachel McGregor | "Once in a wile an idea comes along that is so wonderful
rogue@cellar.org | that you forget it immediately."
From caf-talk Caf Jan 19 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2891 alt.security:3066
Path: eff!world!snorkelwacker.mit.edu!spool.mu.edu!agate!anarres.Berkeley.EDU!bh
From: bh@anarres.Berkeley.EDU (Brian Harvey)
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 16:06:14 GMT
Article-I.D.: agate.knj8fmINN32p
References: <9201182121.AA26742@m.cs.uiuc.edu> <1992Jan18.235031.946@murdoch.acc.Virginia.EDU>
Organization: University of California at Berkeley
Lines: 42
NNTP-Posting-Host: anarres.berkeley.edu
gl8f@fermi.clas.Virginia.EDU (Greg Lindahl) writes:
>
>bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>>The thrust of this thread seems to be that the securitroids want Internet
>>access restricted so that hosts can assume anyone on the net is a good guy.
>
>Gee, and here I was under the impression that some securitroids don't
>like sites that are frequently used for actual break-ins. Guess I
>wasn't paying attention, or I'm not hip to the latest straw-man on the
>net.
>
>My security job has several parts: making sure the machines yI run are
>secure, and assisting people who want to catch crackers who are using
>my machines to get to other machines. Doing the second without
>restricting legitimate work is difficult. Making fun of everyone who
>might want to do so isn't very productive.
I wasn't trying to make fun of anyone. I was trying to make a serious
point, and I still don't understand why it's wrong, and your sarcasm isn't
helping me understand.
Your site probably has dialup ports for the use of your staff. Some
cracker could call up your modem and then attempt to get access to your
system. If that happened, you might ask the phone company to help you
track down the guilty party, and you'd expect them to cooperate. But
you WOULDN'T agitate for shutting down the phone company because they
allow anybody to use the telephone network. You wouldn't even agitate
for shutting down public-access coin phones.
I think it's quite reasonable for you, or whoever, to ask the Terminus
administrators to help you track down the crackers. But instead you
seem to be asking to cut off the net access of a large class of people
because a few of those people misuse it. To me this feels like
discrimination, similar in principle to the WWII internment of
Japanese-Americans. I am raising a civil liberties issue, not a
technical security issue.
(P.S. It's also a kind of class issue. I feel damn lucky that the
taxpayers provide me with free net access. They do that to help me do
my real work, but they also let me use the net to read alt.whatever and
so on. Other people have to pay Compuserve for this privilege. I can
easily understand why they'd rather use Terminus.)
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191912.AA00860@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:12:29 GMT
Approved: usenet@eff.org
Lines: 30
From caf-talk Caf Jan 19 00:00:00 1992
From: yanek@mthvax.cs.miami.edu (Yanek Martinson)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 18 Jan 92 20:07:56 GMT
bonnett@seismo.CSS.GOV (H. David Bonnett) writes:
>ckd@eff.org (Christopher Davis) writes:
>|>Dan> == Dan Bernstein
>|>Dan> TERMINUS.LCS.MIT.EDU is an open terminal server. It lets anyone dial in.
>|>Dan> The phone numbers are public. It lets everyone connect out, to any site
>|>
>|> Unless you mail terminus-admin@lcs.mit.edu and ask them to block your
>|> network. We did. That's a simple, direct way of solving the problem.
>Why should the burden of this be on the individual domains?
Why should it be anyone else's burden to protect your computer. Isn't
that your job? If you want security, use some software that prevents
your users from choosing obvious passwords, instead of expecting tens
of thousands of internet sites to protect you. If you leave open
accounts on your system, and depend on other sites to protect you you
are not in any way protected from the tens of thousands of college
students who have legitimate internet access without terminal servers.
--
yanek@mthvax.cs.miami.edu
safe0%yanek@mthvax.cs.miami.edu
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191912.AA26483@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:12:52 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: wietse@wzv.win.tue.nl (Wietse Venema)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <2859@wzv.win.tue.nl>
Date: 18 Jan 1992 22:37:39 GMT
Our university had its share of break-ins from terminus, and from other
facilities that provide anonymous network access, such as hosts with an
open guest account. The problem is not limited to terminal servers.
As Gene Spafford suggested, keep bugging those who are responsible.
Sometimes it helps. You can always put them into your hosts.deny file.
IMHO, it is not antisocial to require the use of a personal account
when people want to connect to my system.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191913.AA15779@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:13:15 GMT
Approved: usenet@eff.org
Lines: 15
From caf-talk Caf Jan 19 00:00:00 1992
From: wietse@wzv.win.tue.nl (Wietse Venema)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <2860@wzv.win.tue.nl>
Date: 18 Jan 92 23:00:52 GMT
yanek@mthvax.cs.miami.edu (Yanek Martinson) writes:
>If you [...] depend on other sites to protect you you
>are not in any way protected from the tens of thousands of college
>students who have legitimate internet access without terminal servers.
Nonsense. If someone breaks in from a regular account one can identify
and shut off that account. Try doing that with a terminal server.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191913.AA06437@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:13:29 GMT
Approved: usenet@eff.org
Lines: 20
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.005510.8276@lokkur.dexter.mi.us>
Date: Sun, 19 Jan 92 00:55:10 GMT
brnstnd@nyu.edu (Dan Bernstein) writes:
>I know people have complained at MIT. I know people have complained at
>CERT. I haven't seen a peep out of either of them.
We inadventantly had a terminal set up for general internet access and
dialin. When it was used to crack some other systems, CERT let us know
very quickly. It's a safe bet they've passed the data on to MIT. There-
after your guess is as good as mine.
--
``Who likes music that's repetitious? Sensitive New Age Guys.
Who likes music that's repetitious? Sensitive New Age Guys.''
"Sensitive New Age Guys", Christine Lavin
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA13598@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:07 GMT
Approved: usenet@eff.org
Lines: 32
From caf-talk Caf Jan 19 00:00:00 1992
From: faustus@ygdrasil.CS.Berkeley.EDU (Wayne A. Christopher)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 03:31:11 GMT
The visions people have of Internet security seem to range over a
spectrum. One end has a very secure place where crackers cannot get
on the network in the first place, and you can trust root on any
machine. There are people who seem to think this is achievable and
desirable, but I doubt that many of them read this group.
The other end is one where you can't trust anybody anywhere, and
arbitrary crackers can and do gain anonymous access and send packets to
any of your ports at will. A lot of people on this group seem to be
saying that you have to assume this is the case, otherwise you are
running an insecure system and you deserve what you get. I think this
is extreme, but substantially correct.
Maybe it makes things easier on sysadmins to try and hold off this
scenario, but it will get harder and harder as the internet grows.
Sure you can eliminate the obvious terminal servers, but what about
the person who cracks root somewhere, telnets as he pleases, and then
erases his tracks? There are fewer such people, but aren't they the
ones to worry about?
This isn't a case of blaming the victim or excusing the cracker, it's
just common sense. If you care enough about your security, assume the
worst and protect yourself.
Wayne
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA22809@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:24 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: gl8f@fermi.clas.Virginia.EDU (Greg Lindahl)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.045442.3015@murdoch.acc.Virginia.EDU>
Date: 19 Jan 92 04:54:42 GMT
In article faustus@ygdrasil.CS.Berkeley.EDU (Wayne A. Christopher) writes:
>The visions people have of Internet security seem to range over a
>spectrum. One end has a very secure place where crackers cannot get
>on the network in the first place, and you can trust root on any
>machine. There are people who seem to think this is achievable and
>desirable, but I doubt that many of them read this group.
Do any of these people exist? The complaints we're seeing about
Terminus do not come only from these kind of people.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA29656@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:37 GMT
Approved: usenet@eff.org
Lines: 57
From caf-talk Caf Jan 19 00:00:00 1992
From: bav@matt.ksu.ksu.edu (Brick Verser)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Date: 19 Jan 92 06:55:37 GMT
Message-ID:
Security begins at home.
Should pay phones be outlawed? Look at all the nasty things that one can
do from a pay phone. Demanding authentication before one is allowed to
make a phone call would prevent a whole raft of criminal activity (no more
bogus bomb threats during final week, no more real-time ransom demands
from kidnappers). And should the phone company be held liable if a bogus
bomb threat is made and they can't tell where it came from and who did it?
There are many anonymous entrances into most systems. Local modem pools
are untracable without a court order. PC's connected to a local Ethernet
can run their own copy of software and gain access to much they shouldn't.
There really is very little we can do, given the networking hardware we
have, to keep someone from using a PC connected to the local Ethernet
from gaining access to the Internet. And even on those systems where we
require authentication, there's often nothing I can do after the fact
to trace who attacked you--we don't log every IP connection made, and on
a Unix system with 30 simultaneous users often the best I can do is say
"it was one of those 30." Indeed, on a default SunOS system, even if you
tell me while you're being attacked, 'bout all I can do is run NETSTAT
and agree with you that someone on the local machine is doing it--without
OFILES or some other non-standard tool, I don't believe there's a way to
trace an IP connection back to the process which owns it. And of course,
there are all those systems out there run by system administrators who
are really instructors or researchers using a tool and who don't want to
be bothered figuring out which of their students was responsible for
the breakin last night. You simply can't rely on remote sites to be able
to trace and intercept crackers.
I don't fear the day when gaining access to the Internet from any city
is as easy as dropping a quarter in a payphone; I look forward to it.
I'm really not quite as vehement about my views as the above may suggest.
Indeed, I used to feel a little differently but have lately come around.
One event which helped change my viewpoint was when I was asked to try
to track and find someone who had cracked a system; I spent a while going
through logs and coming up with probable suspects only to find out that
the system that was "cracked" was a setup--the guy leaves an unprotected
GUEST account on his machine and yells whenever someone uses it. Sorry,
but I've got better things to do.
And I DID recently close (sortof) our open terminal server--it was being
used to play MUD so much that local users were no longer able to use it to
connect to local hosts, and our incoming modems were being tied up with
MUD players as well. That it closed a security gap was mostly incidental.
In an ideal world we'd have enough resources to let the locals play MUD.
Brick Verser
Computing & Networking Services
Kansas State University
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191915.AA14296@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:15:00 GMT
Approved: usenet@eff.org
Lines: 19
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: pc@hal.gnu.ai.mit.edu (Pete Chown)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.182534.7227@mintaka.lcs.mit.edu>
Date: Sun, 19 Jan 1992 18:25:34 GMT
I know of about ten sites offering an equivalent service to TERMINUS, and they
have the added advantage to crackers that internet access is via a gateway
machine which places another barrier between them and detection.
I am not going to list the sites of course, that would be asking for crackers
to begin using sites which by and large they haven't so far.
--
-============================================================================-
Pete Chown, email pc@gnu.ai.mit.edu or pc123@phx.cam.ac.uk (Internet)
or pc123@uk.ac.cambridge.phoenix (Janet :-)
From caf-talk Caf Jan 19 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2900 alt.security:3069
Path: eff!iWarp.intel.com|uunet!spool.mu.edu!agate!dog.ee.lbl.gov!ace.ee.lbl.gov!leres
From: leres@ace.ee.lbl.gov (Craig Leres)
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <20731@dog.ee.lbl.gov>
Date: 19 Jan 92 21:54:35 GMT
Article-I.D.: dog.20731
References:
Reply-To: leres@ee.lbl.gov (ucbvax!leres for uucp weenies)
Followup-To: alt.security
Organization: Lawrence Berkeley Laboratory, Berkeley
Lines: 15
NNTP-Posting-Host: 128.3.112.6
Brian Harvey writes:
> Your site probably has dialup ports for the use of your staff. Some
> cracker could call up your modem and then attempt to get access to your
> system. If that happened, you might ask the phone company to help you
> track down the guilty party, and you'd expect them to cooperate. But
> you WOULDN'T agitate for shutting down the phone company because they
> allow anybody to use the telephone network. You wouldn't even agitate
> for shutting down public-access coin phones.
A cracker dialing in can only make login attempts. Worst case, he can
automate the attacks. But he can't use finger to learn the usernames of
valid accounts. He can't exploit bugs in network daemons. He can do all
of this (and more) when he logs into terminus...
Craig
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!kadie
From: kadie@eff.org (Carl M. Kadie)
Subject: Wanted: Rotating (or Guest) CAF-News editors
Message-ID: <1992Jan19.223535.24696@eff.org>
Organization: The Electronic Frontier Foundation
Date: Sun, 19 Jan 1992 22:35:35 GMT
Lines: 31
Having guest editors last month worked great. With the beginning of a
new semester, I'd like to make this a regular thing. This is an effort
to share the fun (and give myself more time for thesis work). So, ...
Wanted: Folks to edit the CAF-News on a rotating basis, ideally, about
once a month. Also, if you want to edit just one issue to see what it
is like (and to help me clear the backlog) that would be great too.
Short Job Description:
Given a file containing, on average, about 75 CAF-talk articles,
choose the approximately 12 best and write a short paraphrase of each
articles.
Job Requirements: Email access to me (kadie@eff.org)
Things that make the jobs easier:
Being able to run "nn" and "perl".
Compensation: You will be listed as editor for the issue you edit.
"Rotating" editors will also get a title (maybe "Associate Editor")
and will be put on the CAF administrative mailing list.
Also, you will have the satisfaction of doing something useful and
maybe even important. CAF-News has an estimated readership of 14000.
Its abstract is distributed to at least twice as many.
- Carl
--
Carl Kadie -- I do not represent EFF; this is just me.
=kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.3619@layout.berkeley.edu=
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200200.AA02220@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:00:37 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: leres@ace.ee.lbl.gov (Craig Leres)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <20730@dog.ee.lbl.gov>
Date: 19 Jan 92 21:34:16 GMT
Ah yes, terminus. The crackhouse of the Internet. Breakin attempts from
mit dropped significantly when I had them block my site. Having your
site blocked is as simple as sending the the message:
Please block access to network 140.XXX from terminus.lcs.mit.edu
to terminus-admin@lcs.mit.edu. Do it today before you forget!
Craig
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200201.AA11769@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:01:05 GMT
Approved: usenet@eff.org
Lines: 25
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: jwtlai@watcgl.waterloo.edu (Jim W Lai)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan20.004417.11535@watcgl.waterloo.edu>
Date: Mon, 20 Jan 1992 00:44:17 GMT
In article <1992Jan19.021948.22107@news.iastate.edu> i1neal@exnet.iastate.edu (Neal Rauhauser -- ) writes:
>In article <1992Jan18.225649.15620@watcgl.waterloo.edu> jwtlai@watcgl.waterloo.edu (Jim W Lai) writes:
>>My site has a terminal server with userids and passwords. This seems like
>>a reasonable compromise. When visiting, one can then "borrow" a terminal
>>server userid to call home (as it were) without compromising a real account.
>
> I just tried terminus. I can log in there from the outside world
>via telnet - ie two anonymous connections between me and my
>'target'. What a great security hole. Glad my unix box has no
>network connection
Exactly. So at my site you can't just telnet into the terminal server without
a userid and password on the terminal server. ONet doesn't allow anonymous
connections onto the net itself. Some level of identification is needed to
satisfy ONet (and NSFNet), isn't it?
I'm not sure your case is truly anonymous, since the sites involved can be
traced back, unlike a dialup to terminus.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200201.AA00302@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:01:42 GMT
Approved: usenet@eff.org
Lines: 25
From caf-talk Caf Jan 19 00:00:00 1992
From: brnstnd@nyu.edu (Dan Bernstein)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <310.Jan2001.22.1992@virtualnews.nyu.edu>
Date: 20 Jan 92 01:22:19 GMT
In article <1992Jan19.182534.7227@mintaka.lcs.mit.edu> pc@hal.gnu.ai.mit.edu (Pete Chown) writes:
> I am not going to list the sites of course, that would be asking for crackers
> to begin using sites which by and large they haven't so far.
Of course not. MIT prefers to have a monopoly on this business, eh?
I just received a message from one of the Athena muckity-mucks (who can
identify himself here if he wants) saying, in effect, that MIT doesn't
give a damn what its neighbors think of it: for one thing, it's a
``large and important site,'' and it has many people who would fight any
request to chop off terminus ``as a matter of principle''---apparently
the principle that MIT is better than everyone else. Given this attitude
it's tempting to deny all connections from *.mit.edu. Of course, he
wasn't speaking for MIT, but it's scary to see any hint that a site is
using the power of its position within the Internet to insist that it
need take absolutely no responsibility for the packets it generates.
---Dan
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA21033@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:02:12 GMT
Approved: usenet@eff.org
Lines: 39
From caf-talk Caf Jan 19 00:00:00 1992
From: tk@ai.mit.edu (Tom Knight)
Newsgroups: alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 23:27:15 GMT
In article <20731@dog.ee.lbl.gov> leres@ace.ee.lbl.gov (Craig Leres) writes:
Brian Harvey writes:
> Your site probably has dialup ports for the use of your staff. Some
> cracker could call up your modem and then attempt to get access to your
> system. If that happened, you might ask the phone company to help you
> track down the guilty party, and you'd expect them to cooperate. But
> you WOULDN'T agitate for shutting down the phone company because they
> allow anybody to use the telephone network. You wouldn't even agitate
> for shutting down public-access coin phones.
A cracker dialing in can only make login attempts. Worst case, he can
automate the attacks. But he can't use finger to learn the usernames of
valid accounts. He can't exploit bugs in network daemons. He can do all
of this (and more) when he logs into terminus...
I think you people aren't going far enough. Do you realize how
dangerous the possession of CASH could be in the hands of criminals?
Why there are all sorts of evil things they could do with it, and it
wouldn't even be traceable. They could buy drugs, bribe people,
purchase pornography, or even contribute to the ACLU without ANY
accountability. Why, the paragons of network purity couldn't even
find out who it was that was doing these things. Perhaps we should
outlaw cash, or at the very least require banks to report transactions
greater than $10K.
There are people in this world who think the most important thing is
allowing people freedom to do things, and who accept the fact that
some will abuse this privilege, and there are others who think their
job is to prevent us all from doing anything. Which do you prefer to
be?
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA06766@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:02:25 GMT
Approved: usenet@eff.org
Lines: 22
From caf-talk Caf Jan 19 00:00:00 1992
From: clive@mungarra.asis.unimelb.edu.au (Clive Newall)
Newsgroups: alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 20 Jan 92 01:29:38 GMT
tk@ai.mit.edu (Tom Knight) writes:
>...
>... Perhaps we should
>outlaw cash, or at the very least require banks to report transactions
>greater than $10K.
You mean that in the USA they DON'T have to report large cash transactions?
In Oz reporting large and/or suspicious cash transactions has been
compulsory for several years... :-(
Clive Newall E-mail: clive@asis.unimelb.EDU.AU
Information Technology Services (ASIS), University of Melbourne.
Disclaimer: This is ME talking. Not ITS. Not the University.
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: NEELY_MP@DARWIN.NTU.EDU.AU (Mark P. Neely, Northern Territory University)
Subject: Computer publications...
Message-ID: <920117103003.21401617@DARWIN.NTU.EDU.AU>
Sender: NEELY_MP@DARWIN.NTU.EDU.AU
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:30:03 GMT
Approved: usenet@eff.org
Lines: 59
This is a reply to my original posting entitled "Computer Publications
and the First Amendment" to the ethics-l mailing list. I thought CAF readers
would be interested in some of the points raised by it.
Mark N.
>Reply-To: Discussion of Ethics in Computing
>From: Jim Porter
>
>Just to further muddy already murky waters ... The
>Peretti article suggests that electronic publications
>are subject to the set of laws covering public media like
>printed press, radio, and television. It's not at all clear to
>me that electronic publications belong in any of these categories ...
>though maybe they do given Peretti's restrictive definition of "computer
>publication."
>
>The definition still leaves a lot unanswered: e.g., is any e-mail
>posting a "computer publication"? It strikes me that individual
>e-mail postings might be more appropriately treated as telephone
>conversations rather than as public media. What happens when an
>individual posting is entered into an electronic journal
>(like often happens with Computers & Composition Digest)?
>
>We're into the question of which analogy--and hence, which
>body of law--best fits electronic text: public media, whether
>broadcast or print; telephone conversation (which I imagine
>affords a greater protection for privacy); or something
>else (private speech, general print)? I'm not sure that
>cozying up to public media is the best tactic for
>advocates of electronic publication--but I'd like to hear
>more discussion of the issue.
>
>Other thought: One way (the Peretti way) to look at electronic
>publication is to regard the communication channel as the
>significant factor in determining its legal status: from that
>point of view, electronic material looks like a public medium
>that needs controlling. Another view (the one I'm favoring
>at the moment) looks not at the communication channel so
>much as the individual node (the posting, which we might
>call a "text"?). From that angle, electronic text looks
>more a private statement ... though maybe the law will
>not permit us to overlook its method of wide distribution.
>(Question: what status does the letter to the editor of
>a newspaper have? Could an individual e-mail post have
>similar status?)
>
>Thanks to Mark Neely for posting his thoughts about the
>Peretti article.
>
>Jim Porter
>Purdue University
>ooi@mace.cc.purdue.edu
___
Mark Neely neely_mp@darwin.ntu.edu.au
Research Student
Northern Territory University Law School
From caf-talk Caf Jan 17 00:00:00 1992
Path: eff!iWarp.intel.com|uunet!usc!sdd.hp.com!network.ucsd.edu!ucsbcsl!sbphy.physics.ucsb.edu!whelan
From: whelan@sbphy.physics.ucsb.edu (John T. whelan)
Newsgroups: alt.sex.bondage,alt.comp.acad-freedom.talk
Subject: Re: The USENET pornographic network
Message-ID:
Date: 16 Jan 92 22:43:44 GMT
References: <1991Dec20.182121.24027@m.cs.uiuc.edu>> <1992Jan5.023936.10850@eff.org>
Sender: news@ucsbcsl.ucsb.edu
Followup-To: alt.sex.bondage
Lines: 18
schwae@aix.rpi.edu (Eric A. Schwartz) writes:
>In article <1992Jan5.023936.10850@eff.org>
kadie@eff.org (Carl M. Kadie) writes:
>>access it? Boston University prohibits its users from transmitting
>>"offensive material". [ftp.eff.org:pub/academic/policies/bostonu.edu]
>"I download no material that I find offensive. Therefore, what I downloaded
>was not offensive, and only became so when you found out that I downloaded
>it. In conclusion, university rules state that you must cease to exist."
Hey, it would work on Star Trek. :-)
--
"Have you *been* to California?
Do you *know* the sort of stuff they do there?"
-- Arthur Dent, _So_Long,_
_and_Thanks_for_All_the_Fish_
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: ooi@mace.cc.purdue.edu (Jim Porter)
Subject: RE: conference info?
Message-ID: <9201171816.AA29692@mace.cc.purdue.edu>
Sender: ooi@mace.cc.purdue.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 18:16:06 GMT
Approved: usenet@eff.org
Lines: 9
Thanks to all who responded to my call for information about
upcoming conferences. I got the information I wanted
about the 1992 CFP Conference ... but so far no information
about the 1993 CFP, or about the 1993 conference on electronic
networking and publishing. Probably it's just too early ...
plans for those conferences may not be in place yet.
Jim Porter
ooi@mace.cc.purdue.edu
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [soc.men] Re: CERT Pissed about Piss on a Grave
Message-ID: <9201171845.AA14953@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 06:45:35 GMT
Approved: usenet@eff.org
Lines: 52
From caf-talk Caf Jan 17 00:00:00 1992
From: tjw+@cis.pitt.edu (Terry J. Wood)
Newsgroups: soc.men
Subject: Re: CERT Pissed about Piss on a Grave
Message-ID: <440@blue.cis.pitt.edu.UUCP>
Date: 17 Jan 92 04:31:06 GMT
Aside that I think CERT does more good...
In article <7729@tamsun.tamu.edu> cnh5730@maraba.tamu.edu (Charles Herrick) writes:
>Aside from the fact that a prestigious and powerful group such as CERT is
>choosing to involve itself in such a clearly repressive action (shudder,
>shudder)
> 1) How do you determine what is obscene?
That's a good question. I'll let you know when I find out. (I'll leave
that to the my manager and the University when they tell me). I'm sure
the library could help us out here. (This is a good question -- one
which I've posed to my manager btw. We may have to consult with one
of our user groups for help).
> 2) Is a threat against the law?
> Seems to me you hear these days that lots of (you pick the aspersive
>descriptor) threaten people and the local brown-shirts claim they can't do
>anything until the person does something "physical."
Well, I'm sure if you pick up the telephone and threaten somebody, the
local "boys in blue" (how sexist!) will pay you a visit. Or at least
you can obtain a PFA order.
If someone were to use their account for threats, (and I could demonstrate
that it did indeed come from their account) I would have no problem in
shutting down the account. They would have to deal with the other legal
problems of their actions.
In my original posting, I was just pointing out that I was surprised that
CERT would inquire about having the account investigated without even
knowing what was so "offensive". When I informed them that the message
appeared to be political in nature and that I considered the matter closed,
they let it drop.
If my user had threatened to shoot the other user (as opposed to sitting
him in front of a cannon), I'm sure my reaction would have been different.
Terry
--
INTERNET: tjw+@pitt.edu BITNET: TJW@PITTVMS
"Laugh while you can, Monkey Boy!" - Various characters from Buckaroo Banzai
"I've been dead before" - Mr. Spock
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201172200.AA22671@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:00:20 GMT
Approved: usenet@eff.org
Lines: 36
From caf-talk Caf Jan 17 00:00:00 1992
From: bonnett@seismo.CSS.GOV (H. David Bonnett)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <50328@seismo.CSS.GOV>
Date: 17 Jan 92 19:00:03 GMT
In article , ckd@eff.org (Christopher Davis) writes:
|>Dan> == Dan Bernstein
|>Dan> TERMINUS.LCS.MIT.EDU is an open terminal server. It lets anyone dial in.
|>Dan> The phone numbers are public. It lets everyone connect out, to any site
|>Dan> on the Internet.
|>
|> Unless you mail terminus-admin@lcs.mit.edu and ask them to block your
|> network. We did. That's a simple, direct way of solving the problem.
Why should the burden of this be on the individual domains?
By the time you realize that this is a problem, it is after the
occurence of a breakin or at least an attempt.
My understanding of the NSFNET policy (and possibly that of other
network providers) is that unrestricted terminal servers are
considered "bad" are therefore not permitted. MIT hangs directly off
NSFNET, so why has this situation continued if people have complained?
(Of course, it took a local attack to close off prep/pogo/etc at
ai.mit.edu, if my memory serves me correctly)
-dave bonnett- Center for Seismic Studies; Arlington, VA
bonnett@seismo.css.gov : All standard disclaimers apply.
--
-dave bonnett- Center for Seismic Studies; Arlington, VA
bonnett@seismo.css.gov : All standard disclaimers apply.
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201172200.AA20636@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 17 Jan 92 10:00:30 GMT
Approved: usenet@eff.org
Lines: 46
From caf-talk Caf Jan 17 00:00:00 1992
From: ecd@cert.sei.cmu.edu (Edward DeHart)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <864@cert.sei.cmu.edu>
Date: 17 Jan 92 19:27:38 GMT
In article <13758.Jan1715.05.0292@virtualnews.nyu.edu>, brnstnd@nyu.edu (Dan Bernstein) writes:
> I have seen firsthand at least three major cracking attempts hidden
> behind the shield of TERMINUS.LCS.MIT.EDU.
The problem is much larger than three cracking attempts.
> I know people have complained at MIT. I know people have complained at
> CERT. I haven't seen a peep out of either of them.
Unfortunatly, there isn't a policy about open terminal servers. This is
why the CERT hasn't posted about terminus. We do talk about terminus
when giving presentations about packet filtering or TCP/IP daemon wrapper
programs.
MIT is willing to block connections to your system or domain. Send e-mail
to terminus-admin@lcs.mit.edu.
Wietse Venema's TCP/IP daemon wrapper program is available via anonymous
ftp from our cert.sei.cmu.edu system in the /pub/network_tools directory.
Add TERMINUS.LCS.MIT.EDU to the /etc/hosts.deny file.
> Say that you support the Anti-TERMINUS Alliance, and that you want open
> terminal servers banned forever from the Internet!
Without a policy to add teeth to your alliance, I'm not sure what will be
accomplished. Perhaps the biggest benefit of your post is that it will raise
awareness of terminus.
Unauthenticated access to the Internet is a problem. Instead of raising
a storm on alt.security, contact the regional network providers about
creating security policies.
Thank you,
Ed DeHart
Computer Emergency Response Team
Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m. to 6:00p.m. EST(GMT-5)/EDT(GMT-4),
and are on call for emergencies during other hours.
From caf-talk Caf Jan 17 00:00:00 1992
Xref: eff comp.org.eff.talk:6023 alt.comp.acad-freedom.talk:2880 ba.politics:2473 uc.general:17
Path: eff!iWarp.intel.com|uunet!spool.mu.edu!agate!garnet.berkeley.edu!dean2
From: dean2@garnet.berkeley.edu (Dean Pentcheff)
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk,ba.politics,ucb.general,uc.general
Subject: UC computer searches: Summary #3.
Message-ID:
Date: 18 Jan 92 00:14:42 GMT
Article-I.D.: agate.knesbiINN8d1
Sender: Dean Pentcheff
Reply-To: dean2@garnet.berkeley.edu (Dean Pentcheff)
Followup-To: comp.org.eff.talk
Organization: Department of Integrative Biology, UC Berkeley
Lines: 212
NNTP-Posting-Host: garnet.berkeley.edu
Friday Jan 17, 1992
UC computer search summary number 3.
- Dean Pentcheff (dean2@garnet.berkeley.edu)
====================================================
This is the third (and probably final) in a short series of summaries
I've provided regarding the UC's court-ordered search of files on two
of its Unix mainframe computers. I will maintain the mailing list of
interested parties, just in case something else comes up. If you have
a continuing interest in these issues, please see the end of this
summary for suggestions on where to find more information.
**Please note** This summary (and the preceeding two) are based on my
own understanding of what's going on. These are not "official"
summaries, either from the University of California, or from the
plaintiff in the case. I am not involved with the case in any
capacity except as an interested observer.
A brief summary of the case runs as follows (based primarily on a
discussion with the University counsel involved). This repeats some
information contained in earlier postings, but also corrects some
misunderstandings.
A UC student is alleged to have broken into a UC computer system. The
University has initiated disciplinary proceedings against him.
Based on due process requirements, the student's family has retained a
lawyer and computer experts and gone to court to get court orders for
certain University maintained records for the disciplinary hearing.
NOTE: the only involvement of the court is to order (or not order, as
the case may be) the University to divulge records. Contrary to my
previous postings, the student's family is not suing the University.
They are preparing a case for the University disciplinary hearing, and
are using the court purely to require the University to provide
evidence they feel is important to the hearing. There is no "discovery
procedure" involved.
The judge involved is not particularly familiar either with electronic
communications law or computers. The strategy of the student's case
seems to be to obfuscate and complicate the entire sequence of hearings
as much as possible in an attempt to nullify the whole disciplinary
action. Hence, they requested that the court order the University to
produce all University maintained student records on the student in
question.
The key question here is the interpretation of "university maintained
records." The simple interpretation of the California State Buckley
Amendment is that a student is entitled access to conventional
administrative or faculty records of their university progress. In
this case, the student's lawyers chose to push an interpretation that
made university maintained records encompass any record about the
student that exists on university maintained systems.
The student's lawyers informed the judge that it would be simple to
just have the University search _all_ backups for the mainframes for
anything relevant. The University lawyers figuratively coughed and
sputtered, saying this was _most_ impractical. The judge, unwilling
(and unable) to decide between the claims of the lawyers arguing in
front of him, ordered them out into the hall to come up with a
compromise. The lawyers bargained and came up with a deal: the
University would search some specific backups and the online disks for
files that contain the student's name.
The University fought to search only for files that contained both the
student's first and last name. The student's lawyers wanted files that
contained the first or the last name. The judge, unwilling to accept
the University's claim that the latter option would produce too much,
ordered the University to do a search to determine how much text would
actually be located by these searches.
At this point, the University posted a message on the mainframes,
telling all users that they intended to search the disks on two of the
campus mainframes for any files "that may contain a particular
individual's name..." At this point, also, the University lawyers
became aware of the Electronic Communications Privacy Act of 1986.
Considering that this case was too complicated already, realizing that
they already accepted a court order to search, and feeling that the
ECPA might not actually apply to this search, they chose not to mount a
secondary effort to stop the search.
The Electronic Frontier Foundation became interested in the case, but
discovered that they had been contacted by the plaintiff last year and
had given him some help. This provides a potential conflict of
interest, so they have been carefully investigating their options.
At this point, the University has proceeded with the search, as ordered
by the court (though I'm not sure whether it's the first and last name
search or the first or last name search). The files that are located
by this procedure will be inspected. Any that are not relevant to the
disciplinary proceeding will not be divulged. If, for example,
someones mailbox file with 50 letters in it is a "hit", only the
individual letters that are relevant to the case will be extracted and
printed. All interaction with the court is complete. The disciplinary
hearing itself will occur in a few weeks.
What's the upshot? Files (including electronic mail files) on two
mainframes at UC Berkeley have been electronically searched (under
court order) for a particular character string. The University
resisted the search, not on grounds of protection of privacy, but
simply on the grounds of undue burden.
The next few paragraphs summarize my own reactions to the incident, and
are no longer "news" summaries.
The clearest lesson of this incident is the exposure of lack of
knowledge of information privacy issues. This applies both to the the
court and to the University counsel's office. Apparently the judge
involved (who is nearing retirement), asked the lawyers to send him a
letter, once he's retired, explaining what was _really_ being argued in
front of him, since it clearly had little to do with a simple minded
request for student records.
The "moral" of the story is that the EFF, the Association for Computing
Machinery, and other organizations definitely have an important job
ahead of them. We need clear policies and leadership on issues of
electronic privacy. We definitely need to educate the legal
profession, legislators, and the general public on these issues.
Actual damage to users' privacy? Pretty minimal (in my opinion). The
University computer center has done its best to be as nonintrusive as
possible while still complying with the court order.
Theoretical damage to users' privacy? Perhaps not so minimal. As
students, faculty, or staff using the University's mainframes, what
expectation of privacy do we have? Technically, it is trivial for
anyone with systems privilege to go on a fishing expedition for any
character string. Under what circumstances, though, is this
permissible? The issues in this case (users' privacy vs. right of
access to records) are not clear cut. What constitutes a university
record of a student? What legal protection's do computer user's files
have? I don't know. Nor does the University legal staff, the local
courts, or the University computer administration. I find that
disturbing.
========================================================================
Further sources of information on issues of electronic privacy and freedom
of information.
************************************************************
THE ELECTRONIC FRONTIER FOUNDATION
"The Electronic Frontier Foundation has been established to civilize
the electronic frontier; to make it useful and beneficial not just to a
technical elite, but to everyone; and to do this in keeping with our
society's highest traditions of the free and open flow of information
and communication."
You can request to be added to the EFF mailing list by sending a note
to "eff-request@eff.org". Alternatively, you can subscribe to the
moderated Usenet newsgroup "comp.org.eff.news" (which carries
everything sent out on the mailing list). You are also welcome to
participate in the unmoderated Usenet news group "comp.org.eff.talk".
You can get more information about the EFF via anonymous FTP from the
site "eff.org" (Internet number 192.88.144.3). Send electronic mail to
"ftphelp@eff.org" if you have questions or are unable to use FTP.
EFF ADDRESS:
The Electronic Frontier Foundation, Inc.
155 Second Street
Cambridge, MA 02142
+1 617 864 0665
+1 617 864 0866 FAX
THE EFF STAFF:
Mitchell Kapor, President and Co-founder (mkapor@eff.org);
John Perry Barlow, Co-founder (barlow@eff.org);
Michael Godwin, General Counsel (mnemonic@eff.org);
Gerard Van der Leun, Director of Communications (van@eff.org);
Christopher Davis, System Administrator (ckd@eff.org);
Helen Rose, System Administrator (hrose@eff.org);
Rita Rouvalis, Administrator (rita@eff.org)
THE EFF BOARD OF DIRECTORS:
Jerry Berman, John Perry Barlow, Stewart Brand, Esther Dyson, John
Gilmore, Mitchell Kapor, Steve Wozniak.
************************************************************
USENET NEWSGROUPS
If you subscribe to Usenet news, there are several newsgroups that may
be of interest to you:
comp.risks
A long running, well respected, moderated group that deals with
the risks of computers in society.
comp.org.eff.talk
Discussions of privacy and freedom of information in the
computer age.
comp.org.eff.news
Moderated group of the Electronic Frontier Foundation.
alt.comp.acad-freedom.talk
alt.comp.acad-freedom.news
Two other newsgroups dealing with issues of academic freedom.
If you don't know what Usenet news is, but are reading this message via
electronic mail, there's a good chance that your system supports the
Usenet news, but you just don't know about it. Check for information
about the "rn" command, or ask your systems administrator how you can
subscribe to Usenet news.
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
From caf-talk Caf Jan 17 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@eff.org (Carl M. Kadie)
Subject: [] Summary 3. UC searches.
Message-ID: <199201180034.AA27965@eff.org>
Sender: kadie
Organization: EFF mail-news gateway
Date: 17 Jan 92 14:34:39 GMT
Approved: usenet@eff.org
Lines: 214
From caf-talk Caf Jan 17 00:00:00 1992
Date: Fri, 17 Jan 92 15:35:27 -0800
From: dean2@garnet.berkeley.edu (Dean Pentcheff)
Message-Id: <9201172335.AA14618@garnet.berkeley.edu>
Subject: Summary 3. UC searches.
Friday Jan 17, 1992
UC computer search summary number 3.
- Dean Pentcheff (dean2@garnet.berkeley.edu)
====================================================
This is the third (and probably final) in a short series of summaries
I've provided regarding the UC's court-ordered search of files on two
of its Unix mainframe computers. I will maintain the mailing list of
interested parties, just in case something else comes up. If you have
a continuing interest in these issues, please see the end of this
summary for suggestions on where to find more information.
**Please note** This summary (and the preceeding two) are based on my
own understanding of what's going on. These are not "official"
summaries, either from the University of California, or from the
plaintiff in the case. I am not involved with the case in any
capacity except as an interested observer.
A brief summary of the case runs as follows (based primarily on a
discussion with the University counsel involved). This repeats some
information contained in earlier postings, but also corrects some
misunderstandings.
A UC student is alleged to have broken into a UC computer system. The
University has initiated disciplinary proceedings against him.
Based on due process requirements, the student's family has retained a
lawyer and computer experts and gone to court to get court orders for
certain University maintained records for the disciplinary hearing.
NOTE: the only involvement of the court is to order (or not order, as
the case may be) the University to divulge records. Contrary to my
previous postings, the student's family is not suing the University.
They are preparing a case for the University disciplinary hearing, and
are using the court purely to require the University to provide
evidence they feel is important to the hearing. There is no "discovery
procedure" involved.
The judge involved is not particularly familiar either with electronic
communications law or computers. The strategy of the student's case
seems to be to obfuscate and complicate the entire sequence of hearings
as much as possible in an attempt to nullify the whole disciplinary
action. Hence, they requested that the court order the University to
produce all University maintained student records on the student in
question.
The key question here is the interpretation of "university maintained
records." The simple interpretation of the California State Buckley
Amendment is that a student is entitled access to conventional
administrative or faculty records of their university progress. In
this case, the student's lawyers chose to push an interpretation that
made university maintained records encompass any record about the
student that exists on university maintained systems.
The student's lawyers informed the judge that it would be simple to
just have the University search _all_ backups for the mainframes for
anything relevant. The University lawyers figuratively coughed and
sputtered, saying this was _most_ impractical. The judge, unwilling
(and unable) to decide between the claims of the lawyers arguing in
front of him, ordered them out into the hall to come up with a
compromise. The lawyers bargained and came up with a deal: the
University would search some specific backups and the online disks for
files that contain the student's name.
The University fought to search only for files that contained both the
student's first and last name. The student's lawyers wanted files that
contained the first or the last name. The judge, unwilling to accept
the University's claim that the latter option would produce too much,
ordered the University to do a search to determine how much text would
actually be located by these searches.
At this point, the University posted a message on the mainframes,
telling all users that they intended to search the disks on two of the
campus mainframes for any files "that may contain a particular
individual's name..." At this point, also, the University lawyers
became aware of the Electronic Communications Privacy Act of 1986.
Considering that this case was too complicated already, realizing that
they already accepted a court order to search, and feeling that the
ECPA might not actually apply to this search, they chose not to mount a
secondary effort to stop the search.
The Electronic Frontier Foundation became interested in the case, but
discovered that they had been contacted by the plaintiff last year and
had given him some help. This provides a potential conflict of
interest, so they have been carefully investigating their options.
At this point, the University has proceeded with the search, as ordered
by the court (though I'm not sure whether it's the first and last name
search or the first or last name search). The files that are located
by this procedure will be inspected. Any that are not relevant to the
disciplinary proceeding will not be divulged. If, for example,
someones mailbox file with 50 letters in it is a "hit", only the
individual letters that are relevant to the case will be extracted and
printed. All interaction with the court is complete. The disciplinary
hearing itself will occur in a few weeks.
What's the upshot? Files (including electronic mail files) on two
mainframes at UC Berkeley have been electronically searched (under
court order) for a particular character string. The University
resisted the search, not on grounds of protection of privacy, but
simply on the grounds of undue burden.
The next few paragraphs summarize my own reactions to the incident, and
are no longer "news" summaries.
The clearest lesson of this incident is the exposure of lack of
knowledge of information privacy issues. This applies both to the the
court and to the University counsel's office. Apparently the judge
involved (who is nearing retirement), asked the lawyers to send him a
letter, once he's retired, explaining what was _really_ being argued in
front of him, since it clearly had little to do with a simple minded
request for student records.
The "moral" of the story is that the EFF, the Association for Computing
Machinery, and other organizations definitely have an important job
ahead of them. We need clear policies and leadership on issues of
electronic privacy. We definitely need to educate the legal
profession, legislators, and the general public on these issues.
Actual damage to users' privacy? Pretty minimal (in my opinion). The
University computer center has done its best to be as nonintrusive as
possible while still complying with the court order.
Theoretical damage to users' privacy? Perhaps not so minimal. As
students, faculty, or staff using the University's mainframes, what
expectation of privacy do we have? Technically, it is trivial for
anyone with systems privilege to go on a fishing expedition for any
character string. Under what circumstances, though, is this
permissible? The issues in this case (users' privacy vs. right of
access to records) are not clear cut. What constitutes a university
record of a student? What legal protection's do computer user's files
have? I don't know. Nor does the University legal staff, the local
courts, or the University computer administration. I find that
disturbing.
========================================================================
Further sources of information on issues of electronic privacy and freedom
of information.
************************************************************
THE ELECTRONIC FRONTIER FOUNDATION
"The Electronic Frontier Foundation has been established to civilize
the electronic frontier; to make it useful and beneficial not just to a
technical elite, but to everyone; and to do this in keeping with our
society's highest traditions of the free and open flow of information
and communication."
You can request to be added to the EFF mailing list by sending a note
to "eff-request@eff.org". Alternatively, you can subscribe to the
moderated Usenet newsgroup "comp.org.eff.news" (which carries
everything sent out on the mailing list). You are also welcome to
participate in the unmoderated Usenet news group "comp.org.eff.talk".
You can get more information about the EFF via anonymous FTP from the
site "eff.org" (Internet number 192.88.144.3). Send electronic mail to
"ftphelp@eff.org" if you have questions or are unable to use FTP.
EFF ADDRESS:
The Electronic Frontier Foundation, Inc.
155 Second Street
Cambridge, MA 02142
+1 617 864 0665
+1 617 864 0866 FAX
THE EFF STAFF:
Mitchell Kapor, President and Co-founder (mkapor@eff.org);
John Perry Barlow, Co-founder (barlow@eff.org);
Michael Godwin, General Counsel (mnemonic@eff.org);
Gerard Van der Leun, Director of Communications (van@eff.org);
Christopher Davis, System Administrator (ckd@eff.org);
Helen Rose, System Administrator (hrose@eff.org);
Rita Rouvalis, Administrator (rita@eff.org)
THE EFF BOARD OF DIRECTORS:
Jerry Berman, John Perry Barlow, Stewart Brand, Esther Dyson, John
Gilmore, Mitchell Kapor, Steve Wozniak.
************************************************************
USENET NEWSGROUPS
If you subscribe to Usenet news, there are several newsgroups that may
be of interest to you:
comp.risks
A long running, well respected, moderated group that deals with
the risks of computers in society.
comp.org.eff.talk
Discussions of privacy and freedom of information in the
computer age.
comp.org.eff.news
Moderated group of the Electronic Frontier Foundation.
alt.comp.acad-freedom.talk
alt.comp.acad-freedom.news
Two other newsgroups dealing with issues of academic freedom.
If you don't know what Usenet news is, but are reading this message via
electronic mail, there's a good chance that your system supports the
Usenet news, but you just don't know about it. Check for information
about the "rn" command, or ask your systems administrator how you can
subscribe to Usenet news.
--
Dean Pentcheff (Internet: dean2@garnet.berkeley.edu)
Department of Integrative Biology, University of California, Berkeley CA 94720
Work Phone: (510) 643-9048 Home Phone: (510) 839-1790 Fax: (510) 643-6264
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: UC computer searches: Summary #3.
Message-ID: <9201181731.AA17305@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 05:31:28 GMT
Approved: usenet@eff.org
Lines: 31
From caf-talk Caf Jan 18 00:00:00 1992
From: kaminski@netcom.COM (Peter Kaminski)
Newsgroups: comp.org.eff.talk
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.045347.22065kaminski@netcom.COM>
Date: 18 Jan 92 04:53:47 GMT
From Dean Pentcheff's summary:
> In this case, the student's lawyers chose to push an interpretation
> that made university maintained records encompass any record about the
> student that exists on university maintained systems.
Unless I'm missing something, it seems to me that it's just common
sense that user files on University computers are not University
records. Administrative records, sure. But generally not user's
files.
I'll leave off the privacy issue -- the question of whether or not
user files on University computers should be "private." That's a
separate (albeit very important) issue.
But how could the University lawyers accept the proposition that
general user files on University computers are University records?
To me, that sounds like "University records are any files kept on
University property" -- including, say, file folders in a student's
dorm room.
Apparently the concept of ownership of data being distinct from
ownership of its container is not as intuitive as I'd thought.
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff comp.org.eff.talk:6030 alt.comp.acad-freedom.talk:2883
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk
Path: eff!world!uunet!caen!news.cs.indiana.edu!ux1.cso.uiuc.edu!m.cs.uiuc.edu!kadie
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.190850.13107@m.cs.uiuc.edu>
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
References: <1992Jan18.045347.22065kaminski@netcom.COM>
Date: Sat, 18 Jan 1992 19:08:50 GMT
kaminski@netcom.COM (Peter Kaminski) writes:
>Unless I'm missing something, it seems to me that it's just common
>sense that user files on University computers are not University
>records. Administrative records, sure. But generally not user's
>files.
[...]
>But how could the University lawyers accept the proposition that
>general user files on University computers are University records?
[...]
Suppose:
1. Student A has a home directory on at a computer at State U.
2. That the directory an email archive.
3. That the email archive includes email from student A to
student B about student C.
If user files are University records, it is illegal for the Univeristy
to let student A look at his or her own email archive because that
archive contains personally identifiable data on C.
From the ACLU Handbook _The Rights of Students_ by Janet R. Price, et al.,
1988, p. 138:
----------start-------
[Q:] Does a student have a right to have school records kept confidential
from outsiders?
[A:] Yes. The Buckley amendment also provides that educational
institutions must obtain the written consent of a student's parents
[or the student, if of age] before it may relase personally
identifiable data to anyone other than a specified list of persons,
such as scholl officials or teachers within the school who have a
"legitimate educational interest" in the student's records.
----------end----------
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.personals] alt.sex.erotica off UW hosts?
Message-ID: <9201182120.AA22667@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 09:20:50 GMT
Approved: usenet@eff.org
Lines: 23
From caf-talk Caf Jan 18 00:00:00 1992
From: ap.152@layout.Berkeley.EDU
Newsgroups: alt.personals
Subject: alt.sex.erotica off UW hosts?
Message-ID:
Date: 18 Jan 92 19:31:13 GMT
Hard to believe, but either an accident or fear of an impending
audit by the state has resulted in alt.sex.erotica not being
available from the University of Washington's computers. I
always thought that a.s.e offered the most tasteful (and some-
times the most droll) outlooks on human sexuality. Now it's
gone. Can anyone explain this? Looks like cheap "morality" is
on the rise.
--
To use this service, send EMAIL to:
Anonymous posting: ap.post@layout.Berkeley.EDU
Anonymous reply: @layout.Berkeley.EDU
Test path/get alias: ap.ping@layout.Berkeley.EDU
ACS administrator: ap.admin@layout.Berkeley.EDU
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201182121.AA26742@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 18 Jan 92 09:21:57 GMT
Approved: usenet@eff.org
Lines: 20
From caf-talk Caf Jan 18 00:00:00 1992
Newsgroups: alt.security
From: gardner@ux1.cso.uiuc.edu (Mike Gardner)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan18.191659.8158@ux1.cso.uiuc.edu>
Date: Sat, 18 Jan 1992 19:16:59 GMT
ecd@cert.sei.cmu.edu (Edward DeHart) writes:
>MIT is willing to block connections to your system or domain. Send e-mail
>to terminus-admin@lcs.mit.edu.
Dammit this is backwards! MIT should be only allowing access to nets/hosts
that they need to, rather than forcing every net on the Internet to take
active steps to protect themselves from TERMINUS.
CCC CCC SS OO University of Ill, Computing & Comm Services Ofc
C C S O O Michael G. Gardner, Assistant Director, 1122 DCL
C C S O O 1304 W Springfield, Urbana, Il 61801
CCC CCC SS OO (217)244-0914 FAX (217)244-7089 EMAIL mgg@uiuc.edu
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff comp.org.eff.talk:6034 alt.comp.acad-freedom.talk:2886
Path: eff!world!uunet!spool.mu.edu!news.cs.indiana.edu!ux1.cso.uiuc.edu!uxa.cso.uiuc.edu!tai50080
From: tai50080@uxa.cso.uiuc.edu (Thomas Aaron Insel)
Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk
Subject: Re: UC computer searches: Summary #3.
Message-ID: <1992Jan18.210451.18989@ux1.cso.uiuc.edu>
Date: 18 Jan 92 21:04:51 GMT
Article-I.D.: ux1.1992Jan18.210451.18989
References: <1992Jan18.045347.22065kaminski@netcom.COM> <1992Jan18.190850.13107@m.cs.uiuc.edu>
Sender: usenet@ux1.cso.uiuc.edu (News)
Organization: University of Illinois at Urbana
Lines: 22
kadie@m.cs.uiuc.edu (Carl M. Kadie) writes:
>Suppose:
>1. Student A has a home directory on at a computer at State U.
>2. That the directory an email archive.
>3. That the email archive includes email from student A to
>student B about student C.
>If user files are University records, it is illegal for the Univeristy
>to let student A look at his or her own email archive because that
>archive contains personally identifiable data on C.
[reference deleted]
For that matter, if A's archive contained email from B to A in which B
discussed anything related to himself, wouldn't the same rule apply?
--
Thomas Aaron Insel (t-insel@uiuc.edu)
s-mail: URH 227 Saunders, 906 W. College, Urbana IL 61801
I speak for myself, and not for the State or University of Illinois.
Cute quote and/or drawing deleted courtesy U of I.
From caf-talk Caf Jan 18 00:00:00 1992
Path: eff!world!uunet!spool.mu.edu!agate!anarres.Berkeley.EDU!bh
From: bh@anarres.Berkeley.EDU (Brian Harvey)
Newsgroups: alt.comp.acad-freedom.talk
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 18 Jan 92 23:30:47 GMT
Article-I.D.: agate.knhe57INNmkn
References: <9201182121.AA26742@m.cs.uiuc.edu>
Organization: University of California at Berkeley
Lines: 15
NNTP-Posting-Host: anarres.berkeley.edu
The thrust of this thread seems to be that the securitroids want Internet
access restricted so that hosts can assume anyone on the net is a good guy.
Isn't that backwards and doomed to failure? Of the sixty gazillion
undergraduates with perfectly legitimate Internet access, there will always
be a few interested in cracking systems. Doesn't the burden of security
have to be on the individual connected-to host?
I suppose I should be posting this to alt.security, but (1) I don't want
to be flamed by securitroids, and (2) my real question is, can't we do
something in the political arena to defeat the growing assumption that
everyone should be paranoid by default?
This whole thing sounds about as sensible as suggesting that nobody should
be allowed to use the telephone [after all, they might have a modem] without
DoD permission.
From caf-talk Caf Jan 18 00:00:00 1992
Path: eff!world!uunet!spool.mu.edu!news.cs.indiana.edu!ux1.cso.uiuc.edu!m.cs.uiuc.edu!kadie
From: kadie@m.cs.uiuc.edu (Carl M. Kadie)
Newsgroups: alt.comp.acad-freedom.talk
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.000346.13786@m.cs.uiuc.edu>
Date: 19 Jan 92 00:03:46 GMT
Article-I.D.: m.1992Jan19.000346.13786
References: <9201182121.AA26742@m.cs.uiuc.edu>
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
Lines: 31
bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>The thrust of this thread seems to be that the securitroids want Internet
>access restricted so that hosts can assume anyone on the net is a good guy.
>Isn't that backwards and doomed to failure? Of the sixty gazillion
>undergraduates with perfectly legitimate Internet access, there will always
>be a few interested in cracking systems. Doesn't the burden of security
>have to be on the individual connected-to host?
[...]
I forwarded these notes because they seem to relate to the duty that
site A owes site/net B to enforce site/net B's rules. As has been
pointed out in the past, when site A refuses to enforce site/net B's
rules, B can retaliate/protect-itself by shunning A.
The resolution of these conflicts seems to depend on the resolve and
power of A and B.
Is there a technical solution? Instead of cutting off all of MIT, how
easy would it be for NSFnet to refuse to handle traffic *from*
TERMINUS? In another scenario, how easy would it be for NSFnet to
refuse to handle traffic *to* megabyte-joke-archive.state.u.edu?
Note that these actions are not the same effect as closing down
TERMINUS and megabyte-joke-archive.state.u.edu. For one thing, the
services would still be available via other networks that may have
different rules than NSFnet.
- Carl
--
Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
From caf-talk Caf Jan 18 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2889 alt.security:3059
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Path: eff!iWarp.intel.com|uunet!caen!uvaarpa!murdoch!fermi.clas.Virginia.EDU!gl8f
From: gl8f@fermi.clas.Virginia.EDU (Greg Lindahl)
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan18.235031.946@murdoch.acc.Virginia.EDU>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
References: <9201182121.AA26742@m.cs.uiuc.edu>
Date: Sat, 18 Jan 1992 23:50:31 GMT
In article bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>The thrust of this thread seems to be that the securitroids want Internet
>access restricted so that hosts can assume anyone on the net is a good guy.
Gee, and here I was under the impression that some securitroids don't
like sites that are frequently used for actual break-ins. Guess I
wasn't paying attention, or I'm not hip to the latest straw-man on the
net.
My security job has several parts: making sure the machines yI run are
secure, and assisting people who want to catch crackers who are using
my machines to get to other machines. Doing the second without
restricting legitimate work is difficult. Making fun of everyone who
might want to do so isn't very productive.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [comp.org.eff.talk] Re: Effect of the Compuserve decision
Message-ID: <9201191515.AA18435@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 03:15:20 GMT
Approved: usenet@eff.org
Lines: 56
From caf-talk Caf Jan 19 00:00:00 1992
From: rogue@cellar.org (Rachel McGregor)
Newsgroups: comp.org.eff.talk
Subject: Re: Effect of the Compuserve decision
Message-ID:
Date: 18 Jan 92 18:54:35 GMT
Harry.Lee@p0.f10.n396.z1.FIDONET.ORG (Harry Lee) writes:
> I wasn't clear. Consider the following two situations: let's say I get
> what you call rec.funny (?) or what we would call Humor. Let's assume that
> in the main, these conferences don't violate prevailing community standards.
> However, perhaps 1% of the traffic is questionable. You seem to be saying
> that if I post-screen, my liability is small. But in the other case, if I
> pre-screen, and I let something through that does violate prevailing
> community standards, would my liability be greater?
>
> I hope I don't seem pedantic here.
And I hope I don't blow Mike's argument.
I believe what Mike is saying (colored by my own interpretation, natch) is
that a censor bears some liability for the material he or she approves.
If you run your system with a policy of no censorship, or at least one in
which you remove offensive or illegal messages only after a complaint has
been made to you, your liability is less than if you held messages in a
pre-screening area before you released them to the bbs. There are four ways
to censor messages on a system. With each policy, your liability increases
with they level of the censor's activism.
Least activist: No censorship
2: Evaluation and/or removal of offensive messages after a user
has complained to you about them.
3: Your decision, based on your interpretation of the board's
community standards, to remove a message you've seen after a
user posted it, regardless of how long it's been visible to
the user community.
Most activist: Messages must be pre-screened by you or another user before
they will be released into the public message bases. After
a user posts a message, it is held for your next login and
approval based on your interpretation of community standards.
Censorship in the most activist case above carries the implication that if an
offensive message is posted, it reached the public because of the agreement
or negligence of the censor. Therefore, the censor can be held responsible
for the message and the effects of its release. (In no case does it absolve
the original author, though, if there is a criminal intent behind the
message.)
(Just to remind you: I'm not a lawyer, just another bitch with an opinion.)
----
Rachel McGregor | "Once in a wile an idea comes along that is so wonderful
rogue@cellar.org | that you forget it immediately."
From caf-talk Caf Jan 19 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2891 alt.security:3066
Path: eff!world!snorkelwacker.mit.edu!spool.mu.edu!agate!anarres.Berkeley.EDU!bh
From: bh@anarres.Berkeley.EDU (Brian Harvey)
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 16:06:14 GMT
Article-I.D.: agate.knj8fmINN32p
References: <9201182121.AA26742@m.cs.uiuc.edu> <1992Jan18.235031.946@murdoch.acc.Virginia.EDU>
Organization: University of California at Berkeley
Lines: 42
NNTP-Posting-Host: anarres.berkeley.edu
gl8f@fermi.clas.Virginia.EDU (Greg Lindahl) writes:
>
>bh@anarres.Berkeley.EDU (Brian Harvey) writes:
>>The thrust of this thread seems to be that the securitroids want Internet
>>access restricted so that hosts can assume anyone on the net is a good guy.
>
>Gee, and here I was under the impression that some securitroids don't
>like sites that are frequently used for actual break-ins. Guess I
>wasn't paying attention, or I'm not hip to the latest straw-man on the
>net.
>
>My security job has several parts: making sure the machines yI run are
>secure, and assisting people who want to catch crackers who are using
>my machines to get to other machines. Doing the second without
>restricting legitimate work is difficult. Making fun of everyone who
>might want to do so isn't very productive.
I wasn't trying to make fun of anyone. I was trying to make a serious
point, and I still don't understand why it's wrong, and your sarcasm isn't
helping me understand.
Your site probably has dialup ports for the use of your staff. Some
cracker could call up your modem and then attempt to get access to your
system. If that happened, you might ask the phone company to help you
track down the guilty party, and you'd expect them to cooperate. But
you WOULDN'T agitate for shutting down the phone company because they
allow anybody to use the telephone network. You wouldn't even agitate
for shutting down public-access coin phones.
I think it's quite reasonable for you, or whoever, to ask the Terminus
administrators to help you track down the crackers. But instead you
seem to be asking to cut off the net access of a large class of people
because a few of those people misuse it. To me this feels like
discrimination, similar in principle to the WWII internment of
Japanese-Americans. I am raising a civil liberties issue, not a
technical security issue.
(P.S. It's also a kind of class issue. I feel damn lucky that the
taxpayers provide me with free net access. They do that to help me do
my real work, but they also let me use the net to read alt.whatever and
so on. Other people have to pay Compuserve for this privilege. I can
easily understand why they'd rather use Terminus.)
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191912.AA00860@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:12:29 GMT
Approved: usenet@eff.org
Lines: 30
From caf-talk Caf Jan 19 00:00:00 1992
From: yanek@mthvax.cs.miami.edu (Yanek Martinson)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 18 Jan 92 20:07:56 GMT
bonnett@seismo.CSS.GOV (H. David Bonnett) writes:
>ckd@eff.org (Christopher Davis) writes:
>|>Dan> == Dan Bernstein
>|>Dan> TERMINUS.LCS.MIT.EDU is an open terminal server. It lets anyone dial in.
>|>Dan> The phone numbers are public. It lets everyone connect out, to any site
>|>
>|> Unless you mail terminus-admin@lcs.mit.edu and ask them to block your
>|> network. We did. That's a simple, direct way of solving the problem.
>Why should the burden of this be on the individual domains?
Why should it be anyone else's burden to protect your computer. Isn't
that your job? If you want security, use some software that prevents
your users from choosing obvious passwords, instead of expecting tens
of thousands of internet sites to protect you. If you leave open
accounts on your system, and depend on other sites to protect you you
are not in any way protected from the tens of thousands of college
students who have legitimate internet access without terminal servers.
--
yanek@mthvax.cs.miami.edu
safe0%yanek@mthvax.cs.miami.edu
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191912.AA26483@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:12:52 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: wietse@wzv.win.tue.nl (Wietse Venema)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <2859@wzv.win.tue.nl>
Date: 18 Jan 1992 22:37:39 GMT
Our university had its share of break-ins from terminus, and from other
facilities that provide anonymous network access, such as hosts with an
open guest account. The problem is not limited to terminal servers.
As Gene Spafford suggested, keep bugging those who are responsible.
Sometimes it helps. You can always put them into your hosts.deny file.
IMHO, it is not antisocial to require the use of a personal account
when people want to connect to my system.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191913.AA15779@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:13:15 GMT
Approved: usenet@eff.org
Lines: 15
From caf-talk Caf Jan 19 00:00:00 1992
From: wietse@wzv.win.tue.nl (Wietse Venema)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <2860@wzv.win.tue.nl>
Date: 18 Jan 92 23:00:52 GMT
yanek@mthvax.cs.miami.edu (Yanek Martinson) writes:
>If you [...] depend on other sites to protect you you
>are not in any way protected from the tens of thousands of college
>students who have legitimate internet access without terminal servers.
Nonsense. If someone breaks in from a regular account one can identify
and shut off that account. Try doing that with a terminal server.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191913.AA06437@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:13:29 GMT
Approved: usenet@eff.org
Lines: 20
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.005510.8276@lokkur.dexter.mi.us>
Date: Sun, 19 Jan 92 00:55:10 GMT
brnstnd@nyu.edu (Dan Bernstein) writes:
>I know people have complained at MIT. I know people have complained at
>CERT. I haven't seen a peep out of either of them.
We inadventantly had a terminal set up for general internet access and
dialin. When it was used to crack some other systems, CERT let us know
very quickly. It's a safe bet they've passed the data on to MIT. There-
after your guess is as good as mine.
--
``Who likes music that's repetitious? Sensitive New Age Guys.
Who likes music that's repetitious? Sensitive New Age Guys.''
"Sensitive New Age Guys", Christine Lavin
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA13598@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:07 GMT
Approved: usenet@eff.org
Lines: 32
From caf-talk Caf Jan 19 00:00:00 1992
From: faustus@ygdrasil.CS.Berkeley.EDU (Wayne A. Christopher)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 03:31:11 GMT
The visions people have of Internet security seem to range over a
spectrum. One end has a very secure place where crackers cannot get
on the network in the first place, and you can trust root on any
machine. There are people who seem to think this is achievable and
desirable, but I doubt that many of them read this group.
The other end is one where you can't trust anybody anywhere, and
arbitrary crackers can and do gain anonymous access and send packets to
any of your ports at will. A lot of people on this group seem to be
saying that you have to assume this is the case, otherwise you are
running an insecure system and you deserve what you get. I think this
is extreme, but substantially correct.
Maybe it makes things easier on sysadmins to try and hold off this
scenario, but it will get harder and harder as the internet grows.
Sure you can eliminate the obvious terminal servers, but what about
the person who cracks root somewhere, telnets as he pleases, and then
erases his tracks? There are fewer such people, but aren't they the
ones to worry about?
This isn't a case of blaming the victim or excusing the cracker, it's
just common sense. If you care enough about your security, assume the
worst and protect yourself.
Wayne
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA22809@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:24 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: gl8f@fermi.clas.Virginia.EDU (Greg Lindahl)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.045442.3015@murdoch.acc.Virginia.EDU>
Date: 19 Jan 92 04:54:42 GMT
In article faustus@ygdrasil.CS.Berkeley.EDU (Wayne A. Christopher) writes:
>The visions people have of Internet security seem to range over a
>spectrum. One end has a very secure place where crackers cannot get
>on the network in the first place, and you can trust root on any
>machine. There are people who seem to think this is achievable and
>desirable, but I doubt that many of them read this group.
Do any of these people exist? The complaints we're seeing about
Terminus do not come only from these kind of people.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191914.AA29656@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:14:37 GMT
Approved: usenet@eff.org
Lines: 57
From caf-talk Caf Jan 19 00:00:00 1992
From: bav@matt.ksu.ksu.edu (Brick Verser)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Date: 19 Jan 92 06:55:37 GMT
Message-ID:
Security begins at home.
Should pay phones be outlawed? Look at all the nasty things that one can
do from a pay phone. Demanding authentication before one is allowed to
make a phone call would prevent a whole raft of criminal activity (no more
bogus bomb threats during final week, no more real-time ransom demands
from kidnappers). And should the phone company be held liable if a bogus
bomb threat is made and they can't tell where it came from and who did it?
There are many anonymous entrances into most systems. Local modem pools
are untracable without a court order. PC's connected to a local Ethernet
can run their own copy of software and gain access to much they shouldn't.
There really is very little we can do, given the networking hardware we
have, to keep someone from using a PC connected to the local Ethernet
from gaining access to the Internet. And even on those systems where we
require authentication, there's often nothing I can do after the fact
to trace who attacked you--we don't log every IP connection made, and on
a Unix system with 30 simultaneous users often the best I can do is say
"it was one of those 30." Indeed, on a default SunOS system, even if you
tell me while you're being attacked, 'bout all I can do is run NETSTAT
and agree with you that someone on the local machine is doing it--without
OFILES or some other non-standard tool, I don't believe there's a way to
trace an IP connection back to the process which owns it. And of course,
there are all those systems out there run by system administrators who
are really instructors or researchers using a tool and who don't want to
be bothered figuring out which of their students was responsible for
the breakin last night. You simply can't rely on remote sites to be able
to trace and intercept crackers.
I don't fear the day when gaining access to the Internet from any city
is as easy as dropping a quarter in a payphone; I look forward to it.
I'm really not quite as vehement about my views as the above may suggest.
Indeed, I used to feel a little differently but have lately come around.
One event which helped change my viewpoint was when I was asked to try
to track and find someone who had cracked a system; I spent a while going
through logs and coming up with probable suspects only to find out that
the system that was "cracked" was a setup--the guy leaves an unprotected
GUEST account on his machine and yells whenever someone uses it. Sorry,
but I've got better things to do.
And I DID recently close (sortof) our open terminal server--it was being
used to play MUD so much that local users were no longer able to use it to
connect to local hosts, and our incoming modems were being tied up with
MUD players as well. That it closed a security gap was mostly incidental.
In an ideal world we'd have enough resources to let the locals play MUD.
Brick Verser
Computing & Networking Services
Kansas State University
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201191915.AA14296@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 07:15:00 GMT
Approved: usenet@eff.org
Lines: 19
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: pc@hal.gnu.ai.mit.edu (Pete Chown)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan19.182534.7227@mintaka.lcs.mit.edu>
Date: Sun, 19 Jan 1992 18:25:34 GMT
I know of about ten sites offering an equivalent service to TERMINUS, and they
have the added advantage to crackers that internet access is via a gateway
machine which places another barrier between them and detection.
I am not going to list the sites of course, that would be asking for crackers
to begin using sites which by and large they haven't so far.
--
-============================================================================-
Pete Chown, email pc@gnu.ai.mit.edu or pc123@phx.cam.ac.uk (Internet)
or pc123@uk.ac.cambridge.phoenix (Janet :-)
From caf-talk Caf Jan 19 00:00:00 1992
Xref: eff alt.comp.acad-freedom.talk:2900 alt.security:3069
Path: eff!iWarp.intel.com|uunet!spool.mu.edu!agate!dog.ee.lbl.gov!ace.ee.lbl.gov!leres
From: leres@ace.ee.lbl.gov (Craig Leres)
Newsgroups: alt.comp.acad-freedom.talk,alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <20731@dog.ee.lbl.gov>
Date: 19 Jan 92 21:54:35 GMT
Article-I.D.: dog.20731
References:
Reply-To: leres@ee.lbl.gov (ucbvax!leres for uucp weenies)
Followup-To: alt.security
Organization: Lawrence Berkeley Laboratory, Berkeley
Lines: 15
NNTP-Posting-Host: 128.3.112.6
Brian Harvey writes:
> Your site probably has dialup ports for the use of your staff. Some
> cracker could call up your modem and then attempt to get access to your
> system. If that happened, you might ask the phone company to help you
> track down the guilty party, and you'd expect them to cooperate. But
> you WOULDN'T agitate for shutting down the phone company because they
> allow anybody to use the telephone network. You wouldn't even agitate
> for shutting down public-access coin phones.
A cracker dialing in can only make login attempts. Worst case, he can
automate the attacks. But he can't use finger to learn the usernames of
valid accounts. He can't exploit bugs in network daemons. He can do all
of this (and more) when he logs into terminus...
Craig
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!kadie
From: kadie@eff.org (Carl M. Kadie)
Subject: Wanted: Rotating (or Guest) CAF-News editors
Message-ID: <1992Jan19.223535.24696@eff.org>
Organization: The Electronic Frontier Foundation
Date: Sun, 19 Jan 1992 22:35:35 GMT
Lines: 31
Having guest editors last month worked great. With the beginning of a
new semester, I'd like to make this a regular thing. This is an effort
to share the fun (and give myself more time for thesis work). So, ...
Wanted: Folks to edit the CAF-News on a rotating basis, ideally, about
once a month. Also, if you want to edit just one issue to see what it
is like (and to help me clear the backlog) that would be great too.
Short Job Description:
Given a file containing, on average, about 75 CAF-talk articles,
choose the approximately 12 best and write a short paraphrase of each
articles.
Job Requirements: Email access to me (kadie@eff.org)
Things that make the jobs easier:
Being able to run "nn" and "perl".
Compensation: You will be listed as editor for the issue you edit.
"Rotating" editors will also get a title (maybe "Associate Editor")
and will be put on the CAF administrative mailing list.
Also, you will have the satisfaction of doing something useful and
maybe even important. CAF-News has an estimated readership of 14000.
Its abstract is distributed to at least twice as many.
- Carl
--
Carl Kadie -- I do not represent EFF; this is just me.
=kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.3619@layout.berkeley.edu=
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200200.AA02220@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:00:37 GMT
Approved: usenet@eff.org
Lines: 16
From caf-talk Caf Jan 19 00:00:00 1992
From: leres@ace.ee.lbl.gov (Craig Leres)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <20730@dog.ee.lbl.gov>
Date: 19 Jan 92 21:34:16 GMT
Ah yes, terminus. The crackhouse of the Internet. Breakin attempts from
mit dropped significantly when I had them block my site. Having your
site blocked is as simple as sending the the message:
Please block access to network 140.XXX from terminus.lcs.mit.edu
to terminus-admin@lcs.mit.edu. Do it today before you forget!
Craig
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200201.AA11769@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:01:05 GMT
Approved: usenet@eff.org
Lines: 25
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.security
From: jwtlai@watcgl.waterloo.edu (Jim W Lai)
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <1992Jan20.004417.11535@watcgl.waterloo.edu>
Date: Mon, 20 Jan 1992 00:44:17 GMT
In article <1992Jan19.021948.22107@news.iastate.edu> i1neal@exnet.iastate.edu (Neal Rauhauser -- ) writes:
>In article <1992Jan18.225649.15620@watcgl.waterloo.edu> jwtlai@watcgl.waterloo.edu (Jim W Lai) writes:
>>My site has a terminal server with userids and passwords. This seems like
>>a reasonable compromise. When visiting, one can then "borrow" a terminal
>>server userid to call home (as it were) without compromising a real account.
>
> I just tried terminus. I can log in there from the outside world
>via telnet - ie two anonymous connections between me and my
>'target'. What a great security hole. Glad my unix box has no
>network connection
Exactly. So at my site you can't just telnet into the terminal server without
a userid and password on the terminal server. ONet doesn't allow anonymous
connections onto the net itself. Some level of identification is needed to
satisfy ONet (and NSFNet), isn't it?
I'm not sure your case is truly anonymous, since the sites involved can be
traced back, unlike a dialup to terminus.
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200201.AA00302@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:01:42 GMT
Approved: usenet@eff.org
Lines: 25
From caf-talk Caf Jan 19 00:00:00 1992
From: brnstnd@nyu.edu (Dan Bernstein)
Newsgroups: alt.security
Subject: Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <310.Jan2001.22.1992@virtualnews.nyu.edu>
Date: 20 Jan 92 01:22:19 GMT
In article <1992Jan19.182534.7227@mintaka.lcs.mit.edu> pc@hal.gnu.ai.mit.edu (Pete Chown) writes:
> I am not going to list the sites of course, that would be asking for crackers
> to begin using sites which by and large they haven't so far.
Of course not. MIT prefers to have a monopoly on this business, eh?
I just received a message from one of the Athena muckity-mucks (who can
identify himself here if he wants) saying, in effect, that MIT doesn't
give a damn what its neighbors think of it: for one thing, it's a
``large and important site,'' and it has many people who would fight any
request to chop off terminus ``as a matter of principle''---apparently
the principle that MIT is better than everyone else. Given this attitude
it's tempting to deny all connections from *.mit.edu. Of course, he
wasn't speaking for MIT, but it's scary to see any hint that a site is
using the power of its position within the Internet to insist that it
need take absolutely no responsibility for the packets it generates.
---Dan
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA21033@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:02:12 GMT
Approved: usenet@eff.org
Lines: 39
From caf-talk Caf Jan 19 00:00:00 1992
From: tk@ai.mit.edu (Tom Knight)
Newsgroups: alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 19 Jan 92 23:27:15 GMT
In article <20731@dog.ee.lbl.gov> leres@ace.ee.lbl.gov (Craig Leres) writes:
Brian Harvey writes:
> Your site probably has dialup ports for the use of your staff. Some
> cracker could call up your modem and then attempt to get access to your
> system. If that happened, you might ask the phone company to help you
> track down the guilty party, and you'd expect them to cooperate. But
> you WOULDN'T agitate for shutting down the phone company because they
> allow anybody to use the telephone network. You wouldn't even agitate
> for shutting down public-access coin phones.
A cracker dialing in can only make login attempts. Worst case, he can
automate the attacks. But he can't use finger to learn the usernames of
valid accounts. He can't exploit bugs in network daemons. He can do all
of this (and more) when he logs into terminus...
I think you people aren't going far enough. Do you realize how
dangerous the possession of CASH could be in the hands of criminals?
Why there are all sorts of evil things they could do with it, and it
wouldn't even be traceable. They could buy drugs, bribe people,
purchase pornography, or even contribute to the ACLU without ANY
accountability. Why, the paragons of network purity couldn't even
find out who it was that was doing these things. Perhaps we should
outlaw cash, or at the very least require banks to report transactions
greater than $10K.
There are people in this world who think the most important thing is
allowing people freedom to do things, and who accept the fact that
some will abuse this privilege, and there are others who think their
job is to prevent us all from doing anything. Which do you prefer to
be?
From caf-talk Caf Jan 19 00:00:00 1992
Newsgroups: alt.comp.acad-freedom.talk
Path: eff!eff-gate!usenet
From: kadie@cs.uiuc.edu (Carl M. Kadie)
Subject: [alt.security] Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID: <9201200202.AA06766@m.cs.uiuc.edu>
Sender: kadie@cs.uiuc.edu
Organization: EFF mail-news gateway
Date: 19 Jan 92 14:02:25 GMT
Approved: usenet@eff.org
Lines: 22
From caf-talk Caf Jan 19 00:00:00 1992
From: clive@mungarra.asis.unimelb.edu.au (Clive Newall)
Newsgroups: alt.security
Subject: Re: [alt.security] Re: Announcing AntiTERM: The Anti-TERMINUS Alliance!
Message-ID:
Date: 20 Jan 92 01:29:38 GMT
tk@ai.mit.edu (Tom Knight) writes:
>...
>... Perhaps we should
>outlaw cash, or at the very least require banks to report transactions
>greater than $10K.
You mean that in the USA they DON'T have to report large cash transactions?
In Oz reporting large and/or suspicious cash transactions has been
compulsory for several years... :-(
Clive Newall E-mail: clive@asis.unimelb.EDU.AU
Information Technology Services (ASIS), University of Melbourne.
Disclaimer: This is ME talking. Not ITS. Not the University.
