home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SysOp's Arsenal
/
SysOp's Arsenal 1 (Arsenal Computer).ISO
/
govwatch
/
effinfo.enc
< prev
next >
Wrap
Text File
|
1994-07-28
|
14KB
|
253 lines
From FidoNews 1130, 25 Jul 94:
----------------------------------------------------------------------
On Electronic Frontier Organizations
Stanton McCandlish, EFF Online Activist/SysOp
mech@eff.org -- 1:109/1108
In FidoNews 11.24, the collective Editor says:
>What is the difference between "place" and "space"? It's wonderful
>to see EFF-type organizations sproinging up with enthusiasm. It
>bothers me a bit that they are arranged according to countries. I
>guess it makes sense to organize legal-aid stuff by country, because
>particular beaurocratic/political situations will have problems
>requiring local resources,
This is indeed the case. EFF would probably like nothing better than
to be able to be of direct legal assistance to non-US citizens, but we
cannot. It is difficult enough to do this job even for one country,
with 5 lawyers on staff, and a paralegal to boot. We'd need a team of
thousands to cover all countries' laws. And that doesn't even begin to
get into politics and legislation.
>but... I hope the limitations of
>boundaries are not imposed upon the net out of historical habits.
>
>Occasionally habits are useful, but if they are not continually
>reviewed and revised to jive with changing reality, they turn into
>rules, which is boring.
Agreed wholeheartedly. However, I think more often than not the problems,
besides legal/bureaucratic ones, stem mainly from national, cultural and
linguistic barriers, which though eroding in these days of international
media and communication, are still strong, and important to many.
One can argue whether or not nationalism and cultural pride are strengths
to preserve, or weaknesses to avoid, but whatever the answer, they are
strong feelings for most people.
>Sure, people can think in terms of borders if they want to, but not
>everyone should *have* to. Also, borders, do not have to be based
>upon history. They could be based upon science fiction, or
>anything at all, if they have to exist.
Agreed again, and I think that networking is likely to play a large role
in redefining our boundaries. Right now, however, the only practical
way to go about online activism is regionally, and I've been working with
the founders of various local and national groups to help get them going
and to put them in touch with likeminded people. There's a strong feeling
of solidarity among the "EF-groups", and we look to the day when enough
critical mass is reached that the efforts can be more closely allied.
I liken this process to the genesis of the Internet - one idea, many
independent nodes in a non-heirachical network. It's the process of
forming a community, rather than a single organization. In time the
individual pieces may come together in a synergistic whole greater than the
sum of it's parts. But due to the number of differing jurisdiction, each
local organization needs to fill a role for the online community in it's
own area; these resources cannot be generated by a hierarchical single
-base group, but they can be pooled over time, to build a sort of
meta-organization.
To that end, I'll be making some alterations to the eff-activists mailing
list [NB: a "mailing list" is the Internet equivalent, roughly, of a BBS-
network echo, or a Usenet newsgroup], and it will become ef-activists,
with international participation between (I anticipate) members of EFF,
CPSR, SEA, EF-Canada, EFF-Austin, EF-Houston, EF-Norway, EF-Ireland,
CommUnity, EF-Australia, and more. To date the list has served as a good
place to pass on items of relevance to online activists (e.g. press
releases, legislative texts, action alerts, etc.), but has yet to become
all it can be.
In time I hope to cross-gate this to Fido and other BBS networks, along with
several other relevant conferences, such as comp.org.eff.news. As it is,
however, I've come up against problems like dupe loops and such which can
be caused by incautious cross-gating, and would like some advice on this
matter from someone(s) experienced with cross-gating between Usenet/Internet
and Fido, and between Fido and OtherNets, so all goes smoothly. Then we
can get all of these disparate and insular virtual communities together for
some serious activism.
For those unaware of what EFF does, the Electronic Frontier Foundation is
a 501(c)(3) non-profit organization devoted to civil liberties in cyberspace.
We offer legal information for sysops and users, have supported courtroom
cases (such as the by-now-legendary Steve Jackson Games v. US Secret Service
case), and engage in direct policywork with the Administration and Congress
to work toward open access to information infrastructure (the "data super-
highway"), to get wider and more affordable deployment of ISDN, to head off
privacy-threatening maneuvers like the FBI's draft Digital Telephony "Wire-
tap Bill", and the NSA Escrowed Encryption Standard (the Clipper Chip, as
many of you may recall from previous articles.) These are all important
issues, and all of them will be affecting you (even those of you that live
in other countries - the FBI is already attempting to get Russia to deploy
it's own DigTel-style surveillance system, and the White House has been
pressuring many European and other governments to adopt the Clipper system.)
The time's come for all of us to get involved, and to get organized. The
opposition on these issues, ranging from telco monopolists to Executive
Branch agenices, have a headstart and vast resources. The wild and wooley
days when the online world was a well-kept secret are drawing to a close,
and if we wish to preserve it's better aspects, we'll need to cooperate,
and to present a strong, united voice.
For more info on EFF, our mission, membership in the organization, and
details about our mailing lists, you can send any message (e.g. via UUCP
gate) to info@eff.org in the Internet, or call our BBS, Outpost, at
+1 202 638 6120 (300-14000bps, V32b, V42b; 8N1) or +1 202 638 6119
(300-14400bps, V32b, V42b; 16800 ZyX; 8N1). The BBS is free and up
continuously except for mail hour.
>I still haven't heard any more about nodes disappearing in Italy,
>despite trying to find information. This makes me curious.
I'll forward what I have on it, and you might find some of it FidoNewsworthy.
----------------------------------------------------------------------
Cryptography and Digital Signatures
A Short Clarification
Stanton McCandlish - Electronic Frontier Foundation Online Activist/SysOp
mech@eff.org - 1:109/1108 - Outpost +1 202 638 6119, +1 202 638 6120
In article "Fido Newsletter Content" in FNews 11.27, Neil Lauritsen
(1:3603/120), like many others, expresses opposition to the use of
encryption and digital signatures in FidoNet. I won't broach the subjects
of censorship (the main topic of Neil's article), or of legal liabilities
and why you should allow cryptography [the interested should read
the sci.crypt FAQ which is available from most BBSs including ours, then
read the ECPA law and associated commentary available from our BBS, and
mentally correlate these pieces of information with eachother. See also
legal articles by Mike Riddle in previous issues of FidoNews], as these are
very large topics which I probably cannot clarify adequately in so short a
space. I'll just focus on the common confusion about what digital
signatures are.
>Dear Ed..I agree
[about the perceived need to censor FidoNews]
>and I run an Adult Oriented BBS. I also strongly object to encripted
>passages or signatures as also appeared in this issue. I do have a right
>to refuse to forward to distribute materials which are encripted (and I
>am a Net Host) as you also have the right to refuse to accept articles
>with unacceptable language as part of your FIDO news. Freedom of speech
>cannot be used as an argument to condone these violations of our trust
>in the editor.
[...]
>Neil - NC3603
[...]
>Dear Editor, Please do not forward for distribution to my net any
>articles which contain any form of encription either in the text or in
>the signature. Nor any articles containing language which you would
>not use in your own house of worship.
Ignoring for now the well-known fact that FNews editors exercise little
if any editorial control, and the issue of what is or is not appropriate
language, let's get to the heart of the matter. Neil appears to conflate
encryption and digital signatures, as if they were the same thing. They
are not.
1) Encryption is the protection of information from anyone other than
the intended recipient(s) by encoding it via a mathematical process
such that a "key" is required for decoding, a key possessed (unless
something has gone wrong) only by the intended recipient(s). In short,
for the purposes of FidoNet, encryption is the process of making the
content of a message private. [Note: Again, I'm not going to go into
any pro or con on this issue, and will not respond to flames on this
topic. It'll come up again eventually as it always does, but right
now let's stick to signatures.]
2) Digital signatures are a by-product of cryptography. They use
the mathematical processes of encryption - the application of
cryptographic algorithms to data - to produce an ideally unforgeable
"signature". Provided the algorithm is strong, the signature serves
as a unique and trustable identifier, and can be used to prove that,
yes, this person or that did in fact write and send this or that message.
The salient points here are: A) Digital signatures do something close to
the opposite of what many perceive cryptography (often wrongly) to be
designed for - rather than hide information or serve to protect someone,
they carve information in virtual stone, and securely identify someone
[Note: This is an oversimplification, as encryption can be used for many
purposes, including the protection of passwords, transactional security,
and confidentiality of records, while digisigs can be used to protect
persons and their assets in numerous ways, not least of which are making
it more difficult to perpetrate forgery, and ensuring that a recipient
of a message is certain that they are in communication with who they think
they are and do not reveal privileged information.] B) Digital signatures
are *NOT* "secret messages". They do not encode any human-readable text,
and are similar to CRCs and checksums. They consist of binary data used
by a program for verification purposes. Again, digital signatures are
not encrypted mail, in any way shape or form, and attempting to censor
the flow of mail on such a mistaken basis is no more logical than banning
all *.MSG mail because it does in fact contain encoded binary data in the
headers, such as the seen-by information. Or perhaps we should ban
the use of archiving, since ZIP, ARC, and other formats use checksums
to validate the integrity of the compressed files? The only difference is
the use of certain type of mathematical algorithm in digisigs, and they are
visible in the text of the message, and readily identified with their own
header.
Not only are digital signatures easily distinguised from encrypted messages
by their headers, it is trivial to scientifically prove that they are not
hidden messages by running them through a copy of the program that created
them (in most cases PGP, though others, such as TISPEM and RIPEM are in
use.) Any copy of PGP will recognize any PGP signature mathematically as
a signature, not as an encrypted message. You can't lie to it, and it can't
lie to you. Not without breaking the mathematical laws of the universe,
at any rate, and I don't think any of us have seen [the] God[s] online
any time lately. If you are paranoid and suspect your PGP has been tampered
with, the source code, like the binaries, is available widely as freeware
for your examination.
Casting aside any misapprehensions then, it should be clear that if you
are obligated to pass on mail from other systems by FidoNet policy, this
includes mail bearing digital signatures (indeed you should feel safer
doing so than passing on messages without them, since in the event of
being held liable for this, that or the other, you'll have definitive proof
of the source), even if not required to carry encrypted messages.
The only other serious objection to digital signatures I've yet to see is
the issue of wasted bandwidth. Most of you can probably see through this
one, but just in case it sounds persuasive, consider that by this reasoning,
we'd also have to ban all use of taglines and origin lines, quoting, and
posting messages that are not of informative value to the majority of
readers, as "wasted bandwidth." The fact is, digital signatures are
small, and infrequently used, and do not contribute to any significant
degree to the amount of traffic. And to many they are in fact informative
and useful.
One final point to consider. The US government has, as a sidelight to it's
"Clipper" chip, proposed it's own Digital Signature Standard, and is already
making noises that its use may become mandatory for certain applications.
You may not use digisigs now, but in the very near future this technology
will be built into a great number of hard- and software applications.
The more senseless opposition there is to private-sector digital signatures
and encryption, the more likely it is that we'll be forced to use digital
signature, crypto, and communications technology devised by the NSA and FBI.
As anyone following the Clipper and Digital Telephony debates knows only too
well, these agencies are far less concerned about your security or privacy
that they are about protecting their own abilities to monitor you at their
convenience.
Note of course that the above applies to US law. The situation may or
may not be analogous in other countries. In any case this is not to
be construed as legal or professional advice or service of any sort.
If you have serious legal questions about this matter you should contact
an attorney in your area who is knowledgeable regarding the apropos privacy,
communications and computer law.
----------------------------------------------------------------------