From owner-govaccess@well.com Fri Jan 19 19:07:49 1996 Received: from junior.wariat.org (brown@junior.wariat.org [192.147.147.15]) by eff.org (8.6.12/8.6.6) with ESMTP id TAA22585; Fri, 19 Jan 1996 19:07:24 -0800 Received: from well.com (majordom@well.com [206.15.64.10]) by junior.wariat.org (8.6.10/8.6.12) with ESMTP id SAA20180; Fri, 19 Jan 1996 18:41:06 -0500 Received: (from majordom@localhost) by well.com (8.6.12/8.6.12) id JAA10446 for govaccess-outbound; Fri, 19 Jan 1996 09:24:56 -0800 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 19 Jan 1996 09:24:15 -0800 To: GovAccess@well.com From: jwarren@well.com (Jim Warren) Subject: GovAccess.246.snoop: peepers+censors; Netscape+NSA; PGP; anonymous! Sender: owner-govaccess@well.com Precedence: bulk Status: O [This stuff is at least several weeks old ... but so am I. Too many windmills; too few lances. --jim] CONTENTS Spy Viruses In Our Future [Also!] New Meanings for "ISDN" Net Censorship Precedents Would be Useful to Enforcers, IRS, etc. Multi-National Corporations Take Lead in Demolishing Personal Privacy Spymaster Meets Webmaster -- Netscape and the NSA ( http://gnn-e2a.gnn.com/wr/ ) Netscape Presented Key-Escrow Policy to Feds ... But This Was Last December PGP Author Phil Zimmermann Finally [Probably] Freed from Federal Threats Pointer to AppleScripts That Integrate PGP and Eudora on the Mac [Foreigners Are Not to Read This] Getting PGP outside the US - ftp.ox.ac.uk Novices' Tutorial on Obtaining and Using PGP Crypto for Secure Personal Privacy Excerpts from the Internet's Best-Known Anonymous Remailer's "Help" File &&&&&&&&&&&&&&&&&&&& Spy Viruses In Our Future [Also!] Date: Mon, 1 Jan 1996 19:48:38 -0500 (EST) Sender: owner-edupage@elanor.oit.unc.edu From: Educom Subject: Edupage, 31 December 1995 SPY VIRUSES Syndicated columnist Gina Smith predicts a proliferation of computer "spy" viruses similar to Microsoft Windows 95's registration wizard that can zip around your CPU and determine whether you've legally registered all the software you've got loaded on there: "It's already possible to do this sort of scanning without alerting the user, so it doesn't take much of a futurist to imagine the same sort of stealth technology being used on unknowing bulletin board and Internet users. In fact, I think a trend away from juvenile-prank computer viruses to information-seeking `spy' viruses isn't merely likely, it's inevitable." (Popular Science Dec 95 p12) &&&&&&&&&&&&&&&&&&&& New Meanings for "ISDN" Date: Mon, 1 Jan 1996 14:32:17 +0001 (EST) From: scott b lacey Jim, Could ISDN possibly stand for Integrated Surveillance Digital Network? I find your newsletter very interesting - good work! [From the rash of "random" ISDN rate doublings and triblings, it would appear more likely that it stands for Increasingly Steep Dollars Necrophelia. --jim] &&&&&&&&&&&&&&&&&&&& Net Censorship Precedents Would be Useful to Enforcers, IRS, etc. Date: 09 Jan 96 08:45:09 EST From: John Cooper <76226.634@compuserve.com> Subject: Snoops+Censor: Investor's Business Daily Article Today's IBD (1-9-96) printed an in-depth (for a newspaper) article on Pg. B1, written by John A. Barnes, on the relationship between internet censorship and the DES effort. As you have been hinting, "there is a hidden lobbyist" in the censorship debate. The thrust of the article was that the FBI and the IRS "wouldn't mind seeing the government set a precedent for deciding what can and cannot go on the Internet" for several reasons. The article quoted economist Alan Reynolds of the Hudson Institute (Indianapolis) as saying the government wants more control of the Internet, not to curb smut or terrorism, but for *economic* reasons. To paraphrase Reynolds: "It terrifies the government that in the future, encryped financial data will make it more and more tough, if not impossible, to trace financial deals around the world. How, then, to collect taxes?" Good article - good newspaper. [Of course, that capability *is* available -- and undoubtedly already in use. Financial criminals certainly aren't going to stop using maximum/secure crypto to protect their privacy just because government attempts to suppress it. The fed's suppression of secure privacy protection merely assures that *innocent* citizens and businesses, and *stupid* criminals will have no privacy. And, as we imprison very bright computer crackers like Kevin Mitnick with the general prison population, even dumb criminals are getting excellent instruction in how to crack, snoop and protect their secrets -- the most eagerly sought education that prisons provide. --jim] &&&&&&&&&&&&&&&&&&&& Multi-National Corporations Take Lead in Demolishing Personal Privacy Date: Fri, 5 Jan 1996 23:54:14 -0500 (EST) From: "Declan B. McCullagh" To: Fight Censorship Mailing List Subject: Crypto: Big business gives in to governments' key escrow demands Last month I forwarded an article from the Financial Times reporting [on a European forum about] how businesses are acquiesing to government demands for key escrow. Attached are excerpts from a report on that Paris forum -- which included representatives of the bluest of the blue-chip companies: AT&T, Bankers Trust, DEC, EDS, IBM, Microsoft, Motorola, Novell, Shell. I haven't read it thoroughly, but what I've seen is not good news. ... --- http://www.cs.umass.edu/~lmccarth/cypherpunks/icl.txt Report of the Business-Government Forum on Global Cryptogoraphy Policy Held on 19-20 December 1995 in Paris 8. Governments need to be able to protect themselves, businesses and citizens against the actions of criminals. 9. Industry recognises that governments need to be able to access information, for law enforcement and national security purposes. These activities must be carried out consistent with applicable national and internationational laws and due process requirements. 18. Cryptographic products that conform to the agreed standards should not be subject to import controls, restrictions on use within the law, or restrictive licensing; furthermore, these products should be exportable to all countries except those which are subject to UN embargo. 21. Governments are encouraged to inspire confidence in cryptography standards by using standardised mechanisms for all purposes other than, perhaps, the most sensitive diplomatic and defence purposes. --- 3. Except as qualified below, businesses and individuals have the right to seek confidentiality of information they send, receive or retain. 6. Principle 3 notwithstanding, law-abiding governments have the right, in the prevention, investigation and prosecution of serious crime, lawfully to intercept and lawfully to seize information for evidential purposes only, where there is no practical alternative. 9. Governments and Law Enforcement Agencies should have right of access to such keys only under due process of law in pursuance of their duties as described in Principle 6. It is the responsibility of governments to ensure that international law or inter-governmental agreements allow such access to keys held outside national jurisdiction. 10. Where Governments and Law Enforcement Agencies do obtain keys under such processes, they must only be available for a specified, limited timeframe and the process of obtaining and using the keys must be auditable. &&&&&&&&&&&&&&&&&&&& Spymaster Meets Webmaster -- Netscape and the NSA ( http://gnn-e2a.gnn.com/wr/ ) The lead from Jan 12-18 WEB REVIEW's cover story, by Senior Editor Steve Pizzo (award-winning investigative writer and author of NYT bestseller, INSIDE JOB): "Getting the government involved in maintaining Internet data privacy may not be popular, but it's going to be necessary. To secure Net communications, the government will need to have access to private data exchanges using what is known as a key escrow security system." -- Netscape Communications Chairman Jim Clark speaking at Internet Expo in Boston last November Clark's Boston speech set off alarm bells throughout the Net community and within days he was taking every opportunity to explain what he really meant. He reassured everyone who would listen that Netscape had not changed its long-standing opposition to government proposals that would allow access to encryption keys by law enforcement and intelligence agencies. Just a month earlier Netscape announced that it had entered into a contract with the National Security Agency, whose job is to intercept and decode international electronic transmissions of all kinds. NSA contracted Netscape to produce a suite of Netscape browser and server software that supports the NSA's pet Fortezza card project. The Fortezza PCMCIA card encrypts data using a secret algorithm, allowing users to communicate their data securely. The NSA wants to make the Fortezza card a standard for all government agencies. The agency is also heavily subsidizing through private companies the development of a commercial version to be sold worldwide. The same week Netscape announced the contract, NSA Deputy Director William Crowell testified before a Congressional Committee about the agency's plans for Fortezza. "We are working with leading information technology corporations," Crowell said, "to ensure that their commercial applications and operating systems will operate with Fortezza." ... [Check it out! --jim] &&&&&&&&&&&&&&&&&&&& Netscape Presented Key-Escrow Policy to Feds ... But This Was Last December [It's obvious that we need some reliable(?) moles inside of Netscape, leaking information to the net about what they are *really* doing -- good or bad. --jim] Date: 13 Dec 1995 09:33:54 -0500 From: "Marc Rotenberg" Subject: Netscape Rejects Key Escrow [???] http://home.netscape.com/newsref/ref/encryption_export.html NETSCAPE PRESENTS POLICY ON ENCRYPTION EXPORT TO KEY MEMBERS OF THE ADMINISTRATION AND CONGRESS This week Netscape representatives attending a government presentation of the administration's proposed Key Escrow Policy for Export detailed the company's firm opposition to the proposed policy. Netscape is opposed to this type of proposal for a number of reasons including its failure to adequately address the issues of acceptability by foreign governments and corporations, significant personal privacy concerns, and the mandatory nature of tying the Exportable Key Size to the Key Escrow Proposal. At present the proposed Key Escrow Policy for Export states that a U.S. Government-approved key escrow process must be used by U.S. software manufacturers if they wish to export commodity encryption products of a key length up to 64 bits. Currently, Netscape can only provide its non-U.S. customers with products containing a 40-bit key. It has been Netscape's experience that non-U.S. customers demand products as cryptographically strong as those that are available to U.S. customers (i.e., at least 128-bit key length). Hence, the current U.S. Government proposal is compelling software companies like Netscape to manufacture two different versions of its products - an inefficient and noncompetitive posture that does not meet the needs of the foreign markets. Netscape believes that this division in the global marketplace is not compatible with the nature, structure, and history of the Internet and its users. In addition, the 64-bit key length size in the U.S. Government proposal is inadequate for security purposes; recent experience in the United States and other countries demonstrates that a 64-bit key can be compromised. Therefore, Netscape believes that the U.S. Government's proposal does not support the needs of industry. In particular: 1.The U.S. Government proposal imposes regulations that will not scale up to the speed at which the information technology/Internet software industry continues to develop. The proposed process represents a regulatory burden that is not consistent with the decentralized and agile nature of the IT/Internet business. The proposal puts at risk significant economic stability not just for U.S.-based IT firms but for the U.S. economy as a whole as every sector's growth is fueled by the increasing availability and innovative use of information products and services. 2.The U.S. Government proposal would in effect result in the mandatory use of these export-grade products within the United States. The proposal includes a non-interoperability criteria that would make it impossible for a non-escrowed software product to talk to an escrowed software product. Thus, consumers inside the United States would be forced to use a government-approved key-escrow product if they value the ability to communicate with others outside the United States. 3.Corporate and individual rights to privacy are placed in question by the current U.S. Government escrow proposal and process. This is so because of the mandatory nature of the proposal resulting from the key escrow requirement itself and the oversight role government proposes to play in the accreditation process and business practices of an escrow agent. Netscape will continue to work with industry organizations, partners, and customers who are in similar opposition to the government's proposal to ensure that the current administration understands the unacceptability of this plan. &&&&&&&&&&&&&&&&&&&& PGP Author Phil Zimmermann Finally [Probably] Freed from Federal Threats Date: Thu, 11 Jan 1996 19:41:53 -0800 (PST) From: Declan McCullagh Subject: US DoJ Press Release on Zimmermann Mike Godwin [mnemonic@eff.org] writes: "This is the Justice Dept. press release, verbatim, announcing the dropping of the investigation of Phil Zimmermann ..." United States Attorney Northern District of California San Jose Office (408) 535-5061 280 South First Street, Suite 371 San Jose, California 95113 FAX: (408) 535-5066 PRESS RELEASE January 11, 1995 Michael J. Yamaguchi, United States Attorney for the Northern District of California, announced today that his office has declined prosectution of any individuals in connection with the posting to USENET in June 1991 of the encryption program known as "Pretty Good Privacy." The investigation has been closed. No further comment will be made by the U.S. Attorney's office on the reasons for declination. Assistant U.S. Attorney William P. Keane of the U.S. Attorney's Office in San Jose at (408) 535-5053 oversaw the government's investigation of the case. [After three years of "investigation" costing U.S. tax-payers at least an estimated several hundred thousand dollars, and wasting perhaps several thousand hours of limited federal law enforcement resources much-needed to pursue *real* crime, the federal enforcers have finally finished delivering their message to anyone who dares to make robust privacy protection available without government permission, to citizens who *used* to be presumed innocent. Seig Heil! --jim] &&&&&&&&&&&&&&&&&&&& Pointer to AppleScripts That Integrate PGP and Eudora on the Mac Date: Tue, 26 Dec 1995 02:45:32 -0800 From: david@sternlight.com (David Sternlight) >If you know explicitly what to get and where - especially "seamlessly >integrated into Eudora" for the Mac, I would *GREATLY* appreciate the >specifics. http://www.deepeddy.com/pgp/ is one good start. It will give you all the info on one such. If you don't like it let me know and I'll give you a pointer to yet another set of AppleScripts for PGP and Eudora. &&&&&&&&&&&&&&&&&&&& [Foreigners Are Not to Read This] Getting PGP outside the US - ftp.ox.ac.uk Date: Sat, 23 Dec 1995 21:10:08 -0800 From: Bill Stewart You can get many different versions of PGP from ftp.ox.ac.uk/pub/crypto, including the non-US versions and the US versions. (If you're in the US, you should use the US versions for patent reasons, since they use RSAREF.) While exporting the software isn't legal, importing it is just fine. &&&&&&&&&&&&&&&&&&&& Novices' Tutorial on Obtaining and Using PGP Crypto for Secure Personal Privacy Date: Fri, 22 Dec 1995 09:37:51 GMT From: octobersdad@crecon.demon.co.uk (T. Bruce Tober) [RE GovAccess.227, in which I whined that *I* really *should* get around to installing PGP, Bruce responded with an excellent tutorial - from which this is its intro and source pointers - that includes several United Kingdom sites from which PGP may be downloaded. --jim] Well, then Jim, here's some help to get you off your duff: T. Bruce Tober 480 Gillott Road Edgbaston, Birmingham B16 9LH 0121-454-4328 2,200 Words First British Print Serial Rights The following is copyright 1995 T Bruce Tober - All rights reserved and is posted for the reference of the recipient only. It is not for republication, in whole or in part without the prior permission of the author except in commonly accepted fair use situations. PGP, Even an Idiot Can Use It by T Bruce Tober "Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." - John Perry Barlow, EFF co-founder So why would any law-abiding person need or even want to encrypt their messages on the Net or anywhere else? Pure and simple. It's a matter of privacy. As the author Ayn Rand said a half century ago, "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men." Everything you send or receive over the Net or the various BBS's is like a postcard, completely open and available for inspection by anyone. System administrators, sysops and anyone capable of hacking into their systems can read anything you send, be it as a public message or a private e-mail. <...> |Bruce Tober - octobersdad@crecon.demon.co.uk - B'ham, Eng | | pgp key ID 0x9E014CE9 | | Publisher/Editor of The Write Byte monthly newsletter | | Visit TWB at http://www.milfac.co.uk/twb.html | | TWB - The computer newsletter specifically for Writers | [ <*heavy* sigh> :-) --jim] &&&&&&&&&&&&&&&&&&&& Excerpts from the Internet's Best-Known Anonymous Remailer's "Help" File [There are a number of anonymous remailers scattered around the net. They operate in several modes, but basically provide users with the ability to email and publicly post comments anonymously. This ability is just as valuable to use as anonymous publication was to *all* of the authors of the FEDERALIST PAPERS -- generally considered to be the third-most important document in U.S. government, behind the Declaration of Independence and Constitution. Just think of what "Deep Throat" of the Nixon/Watergate era could have done, or how much more quickly we could have seen the Pentagon Papers that detailed how our government was systematically lying to us -- if those insiders had had access to the global Internet and its anon remailers. And yes, like almost all powerful technologies, anon remailers can be used for wrong-doing as well as much-needed "right-doing." Sort of like freedom. --jim] From: devnull@anon.penet.fi Date: Wed, 10 Jan 96 05:02:01 +0200 Subject: Your message to daemon@anon.penet.fi Hello, jwarren@well.com! You have sent a message to daemon@anon.penet.fi. This is not very useful, as that address is only for error messages from mail systems. I wonder who you really wanted to reach. Here are some suggestions: - help@anon.penet.fi for the help file - ping@anon.penet.fi to receive an ID - abuse@anon.penet.fi to report somebody misusing the service - an123456@anon.penet.fi to reach anonymous user an123456 - some-newsgroup@anon.penet.fi to post to the newsgroup "some-newsrgoup" From: daemon@anon.penet.fi Date: Tue, 9 Jan 96 02:59:32 +0200 To: jwarren@well.com Subject: Anonymous help. ATTN: Eudora users, please see section 8.7! ATTN: *NO* commercial advertising except to the newsgroups that welcome it. To my knowledge this only means some biz-hierarchy newsgroups. If you say FREE that doesn't mean it's not a commercial posting. ATTN: Personal ad posters, DO MAKE SURE the newsgroup you are posting to wants personal ads. There are *many* personals newsgroups but i.e. alt.sex is not for personal ads. ATTN: If you don't get the complete help file (the last section is 8.8), send a message to admin@anon.penet.fi with the subject: missing sections. The anon.penet.fi Anonymous Server ================================== Please, do not overload the server. The absolute limit of messages [from a single email address] per day is 30. The size limit of the mailings is 48K. Please, keep the traffic below these two limits. Index: 1) Safe Posting! (*Please read this section!*) 2) How to get an anon ID and help 3) Password 3.1) How to set up a password 3.2) How to use a password 3.3) How to change your password 3.4) Typical mistakes made in password usage 4) Mailing anonymously 4.1) recipient@anon.penet.fi 4.2) X-Anon-To: recipient 5) Posting articles to news anonymously 5.1) news.group@anon.penet.fi 5.2) X-Anon-To: news.group 6) Testing how the service works 7) Security 8) Miscellaneous 8.1) Nickname 8.2) Available newsgroups 8.3) Talk of anon servers on newsgroups 8.4) What if your e-mail address changes? 8.5) inews error 8.6) Mailing non-anonymously 8.7) Eudora Users 8.8) Deallocating your anonymous ID from the system <... extensive tutorial and help-file details ommitted ...> Other version of help text available in other languages: - German text available from german@anon.penet.fi (deutsch@anon.penet.fi). - Italian text available from italian@anon.penet.fi (italiano@anon.penet.fi). &&&&&&&&&&&&&&&&&&&& "I used to feel like I was a flea on the back of a Tyrannosaurus Rex. Now I feel I might be a small yapping poodle on the back of a Tyrannosaurus Rex." -- Phil Zimmerman, about releasing "Pretty Good Privacy" (PGP) Mo' as it Is. --jim Jim Warren, GovAccess list-owner/editor (jwarren@well.com) Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc. 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request> To add or drop GovAccess, email to Majordomo@well.com ('Subject' ignored) with message: [un]subscribe GovAccess YourEmailAddress (insert your eaddr) For brief description of GovAccess, send the message: info GovAccess Past postings are at ftp.cpsr.org: /cpsr/states/california/govaccess and by WWW at http://www.cpsr.org/cpsr/states/california/govaccess . Also forwarded to USENET's comp.org.cpsr.talk by CPSR's Al Whaley. May be copied & reposted except for any items that explicitly prohibit it.