home *** CD-ROM | disk | FTP | other *** search
-
- Computer underground Digest Sun June 5, 1994 Volume 6 : Issue 49
- ISSN 1004-042X
-
- Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
- Archivist: Brendan Kehoe
- Retiring Shadow Archivist: Stanton McCandlish
- Shadow-Archivists: Dan Carosone / Paul Southworth
- Ralph Sims / Jyrki Kuoppala
- Ian Dickinson
- Copy Dittoer: Etaoian Shrdlu
-
- CONTENTS, #6.49 (June 5, 1994)
-
- File 1--AT&T Lab Scientist Discovers Flaw in Clipper Chip
- File 2--Jacking in from the SNAFU Port (Clipper Snafu update)
- File 3--Jacking in from the "We Knew It All Along" Port (Clipper)
- File 4--Crackdown on Italian BBSes Continues
- File 5--Norwegian BBS Busts / BitPeace
- File 6--BSA: Software Piracy Problem Shows no Sign of Easing
- File 7--Re: "Problems at TCOE" (CuD 6.47)
- File 8--Is there an MIT/NSA link-up for PGP 2.6? Some Info
-
- Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
- available at no cost electronically.
-
- CuD is available as a Usenet newsgroup: comp.society.cu-digest
-
- Or, to subscribe, send a one-line message: SUB CUDIGEST your name
- Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
- The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
- or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
- 60115, USA.
-
- Issues of CuD can also be found in the Usenet comp.society.cu-digest
- news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
- LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
- libraries and in the VIRUS/SECURITY library; from America Online in
- the PC Telecom forum under "computing newsletters;"
- On Delphi in the General Discussion database of the Internet SIG;
- on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
- and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
- CuD is also available via Fidonet File Request from
- 1:11/70; unlisted nodes and points welcome.
-
- EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
- In ITALY: Bits against the Empire BBS: +39-461-980493
-
- UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/
- ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
- aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
- world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
- uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
- wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
- EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
- ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
-
- JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/
-
- COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
- information among computerists and to the presentation and debate of
- diverse views. CuD material may be reprinted for non-profit as long
- as the source is cited. Authors hold a presumptive copyright, and
- they should be contacted for reprint permission. It is assumed that
- non-personal mail to the moderators may be reprinted unless otherwise
- specified. Readers are encouraged to submit reasoned articles
- relating to computer culture and communication. Articles are
- preferred to short responses. Please avoid quoting previous posts
- unless absolutely necessary.
-
- DISCLAIMER: The views represented herein do not necessarily represent
- the views of the moderators. Digest contributors assume all
- responsibility for ensuring that articles submitted do not
- violate copyright protections.
-
- ----------------------------------------------------------------------
-
- Date: Thu, 2 June, 1994 23:54:21 EDT
- From: anon <cudigest@mindvox.phantom.com>
- Subject: File 1--AT&T Lab Scientist Discovers Flaw in Clipper Chip
-
- (The government's proposed encryption technology may not be as
- secure as proponents want us to think. This might be of interest
- to you--anon).
-
- Scientist Insists U.S. Computer Chip has Big Flaw
- By John Markoff
- Extracted from the New York Times, June 2, 1994
-
- Technology that the Clinton administration has been promoting for use
- by law enforcement officials to eavesdrop on electronically scrambled
- telephone and computer conversations is flawed and can be defeated, a
- computer scientist says.
-
- Someone with sufficient computer skills can defeat the government's
- technology by using it to encode messages so that not even the
- government can crack them, according to AT&T Bell Laboratories
- researcher Matthew Blaze.
-
- (The article explains the background to the fight to implement
- Clipper by the Clinton Adminstration as a means to help
- law enforcment, and notes that the technolgoy has been
- widely criticized by communications executives and others)
-
- The industry also fears foreign customers might shun equipment if
- Washington keeps a set of electronic keys. But now Blaze. as a result
- of his independent testing of Clipper, is putting forth perhaps the
- most compelling criticism yet: The technology simply doesn't work as
- advertised.
-
- Blaze spelled out his findings in a draft report that he has been
- ciculat-ing quietly among computer researchers and federal agencies in
- recent weeks.
-
- "The government is fighting an uphill battle," said Martin Hellman. a
- Stanford University computer scientist who has read Blaze's paper and
- who is an expert in data encryption. "People who want to work around
- Clipper will be able to do it."
-
- But the National Security Agency. the government's electronic spying
- agency, said Wednesday that Clipper remained useful, despite the flaw
- uncovered by Blaze.
-
- "Anyone interested in circumventing law enforcement access would most
- likely choose simpler alternatives," Michael Smith, the agency's
- director of policy. said in a written statement.
-
- "More difficult and time consuming efforts. like those discussed in
- the Blaze paper, are very unlikely to be employed."
-
-
- (The article summarizes the government's defense for Clipper)
-
- But industry executives have resisted adopting Clipper. Because the
- underlying mathematics of the technology remain a classified
- government secret, industry officials say there is no way to be
- certain that it is as secure as encoding techniques already on the
- market.
-
- They also fear that Clipper's electronic back door, which is designed
- for legal wiretapping of communications. could make it subject to
- abuse by the government or civilian computer experts. Privacy-rights
- advocates have cited similar concerns.
-
- Industry executives also have worried that making Clipper a fed-eral
- government standard would be a first step toward prescribing the
- technology for private industry or requiring that it be included in
- sophisticated computing and communications devices that are to be
- exported.
-
- Blaze said that the flaw he discovered in the Clipper design would not
- permit a third party to break a coded computer conversation.
-
- But it would enable two people to have a secret conversation that law
- enforcement officials could not unscramble. And that could render
- Clipper no more useful to the government than encryption technology
- already on the market to which it does not hold the mathematical keys.
-
- "Nothing I've found affects the security of the Clipper system from
- the point of view of people who might want to break the system." Blaze
- said. "This does quite the opposite. Somebody can use it to circumvent
- the law enforcement surveillance mechanism."
-
- The article concludes by noting that Blaze said that several
- simple changes to the Clipper design could fix the flow, but that
- this might be difficult because the changes would require the
- government to start over in designing clipper. The governmetn has
- already started ordering telephones containing the Clipper chip
- for federal agencies.
-
- ------------------------------
-
- Date: Thu, Jun 2 1994 17:33:21 PDT
- From: Brock Meeks <brock@well.sf.ca.us>
- Subject: File 2--Jacking in from the SNAFU Port (Clipper Snafu update)
-
- ((Moderators' Note: The following article may not be reprinted or
- reproduced without the explicit consent of the author)).
-
- CyberWire Dispatch // Copyright (c) 1994 //
- Jacking in from the SNAFU Port:
-
- Washington, DC -- Matthew Blaze never intended to make the front page
- of the New York Times. He was just doing his job: Nose around inside
- the government's most secret, most revered encryption code to see if
- he could "break it." Blaze, a researcher for AT&T Bell Labs, was good
- at this particular job. Maybe a bit too good. Although he didn't
- actually "break" the code, he did bend the fuck out of it. That feat
- landed him a front page story in the June 2 issue of the New York
- Times.
-
- What Blaze found -- and quietly distributed among colleagues and
- federal agencies in a draft paper -- was that design bugs in Skipjack,
- the computer code that underlies the Clipper Chip encryption scheme,
- can be jacked around, and re-scrambled so that not even the Feds can
- crack it. This of course defeats the whole purpose of the Clipper
- Chip, which is to allow ONLY the government the ability to eavesdrop
- on Clipper encoded conversations, faxes, data transmissions, etc.
-
- What Blaze's research attacks is something called the LEAF, short for
- "Law Enforcement Access Field." The LEAF contains the secret access
- code needed by law enforcement agents to decode the scrambled
- messages. Blaze discovered that the LEAF uses only a 16- bit
- checksum, which is a kind of self-checking mathematical equation.
- When the checksum equations match up, the code is valid and
- everything's golden. The cops get to unscramble the conversations and
- another kiddie porn ring is brought to justice. (This is what the FBI
- will tell you... again and again and again and... ) But you can
- generate a valid 16-bit checksum in about 20 minutes, according to
- those crypto-rebels that traffic the Internet's Cypherpunks mailing
- list. "A 16-bit checksum is fucking joke," one cryptographic expert
- from the list told Dispatch. "If it weren't so laughable, I'd be
- insulted that all this tax payer money has gone into the R&D of
- something so flawed."
-
- But the New York Times got the story *wrong* or at least it gave only
- part of the story. "What the New York Times story didn't say was that
- the findings... had nothing to do with the Government standard, which
- covers voice, facsimile and low-speed data transmission," said an AT&T
- spokesman. AT&T was the first company to publicly support the Clipper
- Chip. A stance that was essentially bought and paid for by the U.S.
- government with the promise it would get big government contracts to
- sell Clipper equipped phones to Uncle Sam, according to documents
- previously obtained by Dispatch.
-
- The AT&T spokesman said the "frailty" that Blaze discovered doesn't
- actually exist in the Clipper Chip applications. "Our scientists,
- working with National Security Agency (NSA) scientists, were
- conducting research on proposed future extensions of the standard," he
- said.
-
- Those "future extensions" are the so-called Tessera chip, intended to
- be embedded in a PCMCIA credit card sized device that fits into a slot
- in your computer.
-
- When the NSA trotted out its Tessera card, it invited Blaze, among
- others, to review the technology, essentially becoming a beta-tester
- for the NSA. No formal contract was signed, no money changed hands.
- Blaze took on the job in a volunteer role. Using a prototype Tessera
- chip installed on a PCMCIA card, he broke the damn thing.
-
- AT&T claims the whole scenario is different from the Clipper because
- the LEAF generated by Clipper "is a real time application... with
- Tessera it's static," the spokesman said. He said Tessera would be
- used to encrypt stored communications or Email. "And with Tessera,
- the user has the ability to get at the LEAF," he said, "with Clipper,
- you don't."
-
- Blaze will deliver his paper, titled "Protocol Failure in the Escrowed
- Encryption Standard," this fall during the Fairfax Conference. His
- findings "should be helpful" to the government "as it explores future
- applications," of its new encryption technology the AT&T spokesman
- said. In our view, it's better to learn a technology's limitations
- while there's time to make revisions before the Government spends
- large sums to fund development programs."
-
- This is an important, if subtle statement. The Clipper Chip never
- underwent this type of "beta-testing," a fact that's drawn the ire of
- groups such as Computer Professionals for Social Responsibility (CPSR)
- and the Electronic Frontier Foundation (EFF). When the White House
- began to take hits over this ugly situation, it agreed to have an
- independent panel of experts review the classified code to check for
- any trapdoors.
-
- Those experts claim they found nothing fishy, but their report -- alas
- --has also been classified, leading to further demands for openness
- and accountability. The White House is stalling, naturally.
-
- But in an apparent about face, the NSA allowed an "open" beta- testing
- for Tess and -- surprise -- we find out there are bugs in the design.
-
- Okay, Pop Quiz time: Does the existence of "Blaze Bug" make you feel:
- (A) More secure about the government's claim that Clipper will only be
- used to catch criminals and not spy on the citizenry. (B) Less secure
- about everything you've ever been told about privacy and encryption by
- the Clinton Administration. (C) Like this entire episode is really
- an extended "Stupid Pet Tricks" gag being pulled by David Letterman.
-
- If you're still unsure about Clipper, check this quote from the AT&T
- spokesman: "It's worth noting that Clipper Chip wasn't subjected to
- this type of testing." Ah-huh... any questions?
-
- The NSA is trying to downplay the news. "Anyone interested in
- circumventing law enforcement access would most likely choose simpler
- alternatives," said Michael Smith, the agency's planning director, as
- quoted by the New York Times. "More difficult and time-consuming
- efforts, like those discussed in the Blaze paper, are very unlikely to
- be employed."
-
- He's right. Those "simpler alternatives" include everything from
- private encryption methods to not using a Clipper equipped phone or
- fax in the first place. (Of course, the FBI keeps insisting that
- criminals won't use any of this "simpler" knowledge because they are
- "dumb.")
-
- Despite the NSA's attempt to blow off these findings, the agency is
- grinding its gears. One NSA source told Dispatch that the Blaze paper
- is "a major embarrassment for the program." But the situation is
- "containable" he said. "There will be a fix." Dispatch asked if there
- would be a similar review of the Clipper protocols to see if it could
- be jacked around like Tess. "No comment," was all he said.
-
- Meeks out...
-
- ------------------------------
-
- Date: Thu, Jun 2 1994 17:33:21 PDT
- From: Brock Meeks <brock@well.sf.ca.us>
- Subject: File 3--Jacking in from the "We Knew It All Along" Port (Clipper)
-
- ((Moderators' Note: The following article may not be reprinted or
- reproduced without the explicit consent of the author)).
-
- CyberWire Dispatch // Copyright (c) 1994 //
- Jacking in from the "We Knew It All Along" Port:
-
- Washington, DC -- The key technology underlying the Administration's
- Tessera "Crypto Card" was fatally flawed from its inception, Dispatch has
- learned. Government researchers working for the National Security Agency
- have known for months about the flaw, but purposefully withheld that
- information from the public, a government official acknowledged today to
- Dispatch.
-
- Cryptographic researchers at the super-secret NSA have known all along that
- the program used to scramble a key part of the government's Clipper system
- could be thwarted by a computer savvy user with 28 minutes of free time,
- according to an NSA cryptographic expert that spoke to Dispatch under the
- condition he not be identified.
-
- "Everyone here knew that the LEAF (Law Enforcement Access Field) could be
- fucked with if someone knew what they were doing," the NSA expert said.
- "We knew about the flaw well before it became public knowledge. What we
- didn't know is how long it would take an outside source to discover the
- flaw."
-
- In essence, the NSA decided to play a kind of high-tech cat and mouse game
- with a technology being hailed as the most secure in the world. So secure,
- the White House is asking the public to give up a degree of privacy because
- there's no chance it can be abused.
-
- "We figured [the presense of the flaw] was an acceptable risk," the NSA
- expert said. "If no one found out, we probably would have fixed it sooner
- or later," he said. "I can't imagine that we would have let that one slip
- through."
-
- But someone spoiled the end game. A 33-year-old AT&T scientist Matthew
- Blaze discovered the crack in the White House's increasingly crumbling spy
- vs. citizen technology.
-
- Acting as a kind of beta-tester, Blaze found several techniques that could
- be used to successfully thwart the LEAF, the encrypted data stream needed
- by law enforcement officers in order to identify what amounts to a social
- security number for each Clipper or Tessera chip.
-
- Once the LEAF is in hand, law enforcement agents then submit it to the
- "key escrow agents." These escrow agents are two government authorized
- agencies that keep watch over all the keys needed to descramble Clipper
- or Tessera encoded conversations, faxes or data transmissions. Without the
- keys from these two agencies, the law enforcement agents hear nothing but
- static. Without the LEAF, the agencies won't cough up the keys.
-
- Bottom line: If the LEAF is fucked, so is access to the scrambled
- communications.
-
- What Blaze so eloquently discovered is that someone with a modicum of
- knowledge could do was jack around with the LEAF, rendering it unusable.
- What Blaze didn't realize is that he was merely acting as an NSA stooge.
-
- But the methods discovered by Blaze, and outlined in a draft paper he'll
- later present this month during a high brow security shindig known as the
- Fairfax conference, are cumbersome. "The techniques used to implement
- (the work arounds) carry enough of a performance penalty, however, to limit
- their usefulness in real-time voice telephony, which is perhaps the
- government's richest source of wiretap-based intelligence," Blaze writes in
- his paper.
-
- Notice he says "limit" not "completely render useless." Important
- distinction. Are there other, faster, more clever ways to circumvent the
- LEAF? "If there are, I wouldn't tell you," the NSA crypto expert said.
-
- Shut Up and Chill Out
- =====================
-
- The National Institute of Standards and Technology (NIST), the agency
- walking point for the White House on the Clipper issue, takes these
- revelations all in stride. Sort of a "shut up and chill out" attitude.
-
- The techniques described by Blaze "are very unlikely to be used in actual
- communications," a NIST spokeswoman said. Does that mean they could never
- be used? "It's very unlikely."
-
- NIST, when confronted with the fact that NSA researchers knew all along
- that the technology was broken, was unapologetic. "All sound cryptographic
- designs and products consider tradeoffs of one sort or another when design
- complexities, costs, time and risks are assessed," the NIST spokeswoman
- said. The Clipper family of encryption technologies "is no exception,"
- she said.
-
- NIST said that the Tessera card "isn't a standard yet, so the process of
- testing it's integrity is ongoing." The technology in Tess is known as
- the Capstone chip, which, unlike the Clipper Chip, hasn't yet been accepted
- as a standard, NIST said.
-
- Flaws, therefore, are assumably just part of an ongoing game.
-
- The fact that the NSA knew about this flaw when it asked people like Blaze
- to test it was "just part of the ongoing testing procedure," the
- spokeswoman said. And if Blaze or some other idea hamster hadn't
- discovered the flaw? You make the call.
-
- What about Clipper? Are there such flaws in it? NIST says "no" because
- it has already been through "independent testing" and accepted as a
- standard. If there are flaws there, they stay put, or so it seems.
-
- Clipper's My Baby
- =================
-
- Beyond the high risk crypto games the NSA has decided to play, there's
- another disturbing circumstance that could torpedo the Clipper before it's
- given its full sailing orders. This obstacle comes in the form of a patent
- dispute.
-
- Silvio Micali, a scientist at the massachusetts Institute of Technology
- says the Clipper is his baby. He claims to hold two crucial patents that
- make the Clipper tick.
-
- "We are currently in discussions with Mr. Micali," NIST said. "We are
- aware of his patent claims and we're in the process of addressing those
- concerns now," a NIST spokeswoman said.
-
- She wouldn't go into details about as to the extent of the talks, but
- obviously, the government is worried. They haven't flatly denied Micali's
- claims.
-
- If this all sounds like a bad nightmare, you're right. NIST ran into the
- same problems with its Digital Signature Standard, the technology they've
- adopted as a means to "sign" and verify the validly of electronic mail
- messages. Others jumped on the government's DSS standard, claiming they
- were owed royalties because they held patents on the technology. These
- discussions are still "ongoing" despite the government's adoption of the
- standard.
-
- The same situation is now happening with Clipper. One could make a case
- that Yogi Berra is the policy wonk for the Clipper program: "It's like
- deja vu all over again," Berra once said.
-
- So it is, Yogi... so it is.
-
- Meeks out...
-
- ------------------------------
-
- Date: Sat, 4 Jun 1994 00:02:27 -0700
- From: Bernardo Parrella <berny@WELL.SF.CA.US>
- Subject: File 4--Crackdown on Italian BBSes Continues
-
- Twenty-four days after the first major crackdown on Fidonet Italia
- BBSes, on Friday June 3, the Taranto Finance Police visited Taras
- Communications BBS, the main National Peacelink node and data-bank.
- Acting after a warrant issued by the Prosecutor of the same city,
- Giovanni Pugliese and his wife were charged for the possession of
- "illegally copied software and electronic equipment suitable to
- falsification." After searching their apartment for more than 5 hours
- (from 5 pm to 10.30 pm), Finance officials sealed off the PC on which
- the BBS run and seized 174 floppy disks - leaving behind the monitor
- and the only available modem. Because the Taranto node hosts most of
- the network archives and all the email traffic, at the moment the
- entire national Peacelink net is down. Giovanni Pugliese is currently
- working to start again his system as soon as possible - probably in
- the next 48 hours.
-
- With more than 30 nodes throughout the country, several Fidonet
- gateways, and a project currently underway to connect directly to
- Comlink and the other APC Networks, Peacelink is completely dedicated
- to peace, human rights and ecology issues. Founded in1992 as a
- specialized conference of Fidonet Italia network, Peacelink became
- quickly independent and well known even outside Italy. Recently the
- network hosted a national conference on peace-related matters,
- becoming also the only communication link for people in the
- former-Yugoslavia and the outside world.
-
- "Taras Communications BBS has never had anything to do with software
- piracy and is well know for its activities related to humanitarian,
- peace, social issues," Giovanni Pugliese said. "Peacelink and its
- sister Fidonet Italia network had always pursued a very restrictive
- policy against any illegally copied software on their systems. Because
- Taras Communications BBS is the main National node of Peacelink
- network, its forced closure, hopefully very short, will result in a
- great damage for those hundreds of people - including journalists,
- activists, volunteers - that were widely relying upon its everyday
- services."
-
- The first phase of the crackdown (May 11-13) targeted Fidonet Italia
- network in several cities in the northern and cental regions of the
- country. While a still inaccurate number of BBSes (probably from 30 to
- 60) were searched and dozens were closed down, on May 25 an official
- press-release of the Finance Police in Torino claimed a seizure "for a
- value of more than 4 billion of Italian lire (about US $2,5 million),
- including 17 personal computers; 13,690 floppy disks of illegally
- copied software," dozens of modems and electronic devices.14 people
- were charged with "conspiracy with unknown for the crime of software
- piracy" - but no arrests were made.
-
- The new raid hit the online community at the exact moment when sysops,
- users, media and citizens were waiting for a relaxing and clarifier
- signal from investigators, including the first decisions about the
- seized hardware scheduled in these days.
-
- Right now, activists are coordinating a series of quick answers,
- including the foundation of a National association dedicated to the
- protection of civil rights for Electronic Citizens.
-
- - Bernardo Parrella
-
- <berny@well.sf.ca.us>
- <b.parrella@agora.stm.it>
-
- < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
- electronic distribution of this posting is greatly encouraged,
- preserving its original version, including the header and this notice
- < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
-
- ------------------------------
-
- Date: Sat, 4 Jun 1994 00:02:27 -0700
- From: Bernardo Parrella <berny@WELL.SF.CA.US>
- Subject: File 5--Norwegian BBS Busts / BitPeace
-
-
- Norwegian Bust
-
- ==== fwd msg ====
-
- >From svaar@math.uio.no Fri Jun 3 12:40:21 1994
-
- General Briefing from BitPeace - the Norwegian BBS Scene
- --------------------------------------------------------
-
- The Norwegian police acting on initiative from the Ministry of Cultural
- Affairs has been exasperatingly aggressive since May 25th. Since
- Tuesday, 3 bulletin boards have been busted, named Zilent BBS,
- Byte BBS and Scheen BBS.
-
- The operator of Zilent BBS is 12 years old, and got busted for a receipe
- on making your own firecrackers. The police stormed his house, took his
- equipment and left..:-)
-
- Byte BBS got busted for having one (ONE) illegal pornographic picture.
- Rumours go that this was planted there by a Norwegian computer firm that
- collaborates with the Oslo District Attorney - as his "experts". Anyway,
- the SysOp in question was on a 14-day vacation when some luna uploaded
- the illegal picture to his BBS. Then some other luna (or was it the same
- guy??) tipped off the Norwegian police, which waited for the poor SysOp
- when he returned home. He winded up in police custody, and is due to
- appear before a local magistrate in a few weeks time. These legal
- proceedings are going to constitute a case of paramount importance - and
- if the SysOp is acquitted, this law suit would set legal precedence
- and of course be a great victory for us all. A legal success would lay
- down precedence for that a Sysop is not responsible for what the users
- upload, at least not when he's not home, but that the USER has to take
- this responsibility. Currently one takes a great risk putting up a board
- up, you may risk loosing all your equipment, which may or may not be
- returned with or without the whole or parts of the software intact; all
- according to the free discretion of the local police. (That is, if you
- can't afford having someone watching the system 24 hours a day.)
-
- We are trying to organize some kind of association to protect SysOp rights.
- We also produce software to reduce the damage for the sysop if he or she
- gets busted. We are also to organize political protests, and many
- Sysops have requested political asylum in the Italian embassy. (Because
- that was the only embassy that even allowed us to TALK with them.)
-
- Politicians in Norway have moved a law proposal that would make Norwegian
- sysops editorially responsible to the law for whatever software or
- messages happening to be present at his / her board at any time.
-
- Preventing this bill from being passed is our main objective - and we
- have a hard fight ahead if we are to avoid this. That's what we've got
- to do, and I hope that you organize and work against the same type of
- political sencorship and random ransacking and confiscations at the
- free will and discretion of any local police attorney. We would also
- be extremely glad if you helped us - if you're an Italian citizen,
- please address your letter of protest to the Royal Norwegian Embassy
- in Rome. If writing from outside Italy, you may direct your letters
- to the Royal Norwegian Foreign Office in Oslo. The adresses are as
- follows:
-
- Reale Ambasciata di Norvegia
- Via delle Terme Deciane 7
- I-00153 Roma
- ITALY
-
- Royal Norwegian Foreign Office
- Haakon VII's plass
- Oslo 1
- NORWAY
-
- The authors of this briefing is availiable through mail;
- Peter Svaar <svaar@math.uio.no>
- Jac. Aallsgt.21
- 0364 Oslo 3
-
- BBS: +47 22 567 008 (Bulletronics BBS)
- Voice: +47 22 69 59 94 (Between 15:00 and 23:00 CET)
-
- Ingar Holst
- Niels Juelsgt. 41a
- 0257 Oslo
-
- ------------------------------
-
- Date: Thu, 2 Jun 1994 21:18:43 PDT
- From: Anonymous <cudigest@mindvox.phantom.com>
- Subject: File 6--BSA: Software Piracy Problem Shows no Sign of Easing
-
- This came across the nets and should be of interested to CuD
- readers -- anon
- ======================
-
- From: Computer Age
-
- New worldwide piracy estimates just released by the Business Software
- Alliance show that massive global theft of software continues unabated
- with annual losses to publishers and distributors of at least $12
- billion.
-
- Use of pirated software ranges in some Asian countries up to 99
- percent. In Europe, estimates run as high as 86 percent. They are 85
- percent in some parts of Latin America.
-
- To help fight the problem, the Washington, D.C.based trade group has
- just expanded its European Regional Program to offer membership -- at
- no cost for the first year -- to small European software publishers
- with less than $10 million in worldwide revenues.
-
- The new program offers publishers BSA's help through public policy
- proposals to strengthen copyright protection for software, legal
- action to enforce copyright laws against infringers, and market
- projects to promote use of original software.
-
- The following chart provides a country-by-country breakdown of the
- estimated percentage of software in use that is pirated, and the
- dollar losses this represents to software makers:
-
- Percentage Dollar
- Country of Piracy Losses
-
- Australia/New Zealand 45% 160 million
- Benelux 66% 419 million
- France 73% 1.2 billion
- Germany 62% 1 billion
- Italy 86% 550 million
- Japan 92% 3 billion
- Korea 82% 648 million
- Singapore 41% 24 million
- Spain 86% 362 million
- Sweden 60% 171 million
- Taiwan 93% 585 million
- Thailand 99% 181 million
- UK 54% 685 million
- United States 35% 1.9 billion
- Argentina 80% 38 million
- Brazil 80% 91 million
- Chile 75% 28 million
- Colombia 85% 18 million
- Mexico 85% 206 million
- Venezuela 85% 91 million
- Other Latin American
- Countries 72 million
-
- ------------------------------
-
- Date: Thu, 02 Jun 1994 07:07:36 -0700 (MST)
- From: Joel M Snyder <Joel_M_Snyder@OPUS1.COM>
- Subject: File 7--Re: "Problems at TCOE" (CuD 6.47)
-
- I'm writing to respond to the message by Jim Maroon, forwarded by Stanton
- McCandlish (mech@eff.org).
-
- This sort of conjecture and hearsay really does the cause of electronic
- freedom (if there is such a thing) more harm than good. It's obvious that
- there's some sort of problem going on at the Tulare County Office of
- Education, but posting this one-sided diatribe probably won't help the
- situation there or anywhere.
-
- In any case, the larger problem with this post is a dive into "amateur
- lawyer" which seems to happen so often in USENET news. This paragraph
- begins with "TCOE is bound by the First Amendment" (which we know not to be
- true), stomps through a whole series of very complex issues involving use
- of public facilities, with a variety of incorrect statements, ending with
- "The courts have found that publicly funded universities could not remove
- Internet listservs based on objection the content of those listservs..."
- (which we know not to be true) and coming to the conclusion that:
-
- > A BBS is just a bunch of folks sitting around talking. You can't
- > dictate what speech is allowed and what speech is not allowed on a BBS
- > run by a government institution.
-
- This final statement is specifically unsupportable in this context.
-
- My response is simple: this is not a legal issue. It is a political issue.
-
- If you truly believe that the TCOE is obligated to offer an unfettered
- forum (if it offers a forum at all), then the way to fight for your beliefs
- is using exactly the same technique you found objectionable in the first
- place: political pressure. Threatening legal action where none can be
- brought forward will only bring you the jeers and annoyance of the system
- operators. However, using the traditional political weapons of publicity,
- public meetings, and "going over your head" will most likely create one of
- two results:
-
- 1- the system will be shut down, as no one wants to be in such a
- mess, or,
- 2- some obscure set of conditions where the sysop erred will be
- found and he will be appropriately wrist-slapped -- with
- that example serving to draw the line at what is
- appropriate and what is inappropriate behavior.
-
- Without knowing anything about the particulars, I suspect that (1) is the
- most likely candidate.
-
- ------------------------------
-
- Date: Mon, 30 May 1994 18:04:50 -0500 (CDT)
- From: tlawless@WHALE.ST.USM.EDU(Timothy Mark Lawless)
- Subject: File 8--Is there an MIT/NSA link-up for PGP 2.6? Some Info
-
- For the past week our Unix machine has been down (Might have gotten
- some mail bounces) because of a security violation. Durring that week
- i re-discovered bbs's. One peice of info i found (And also got the
- authors's permission to reprint (At the end) relevent to pgp I thought
- i would pass on.
-
- D Area: CypherMail DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
- Msg#: 19 Date: 05-24-94 19:47
- From: Leland Ray Read: Yes Replied: No
- To: All Mark:
- Subj: More on PGP 2.5 & 2.6
- DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
- -----BEGIN PGP SIGNED MESSAGE-----
-
- The following is the complete, unedited plaintext of a message I
- received via CompuServe from Christopher W. Geib, a software developer
- who spent several years as a military intelligence officer. Chris has
- written a very fine Windows interface for PGP which I'll be uploading
- as soon as I get the newest release (with Chris's permission, of
- course). I trust his judgment on this one.
-
- ~~~ =====(Begin plaintext)=====
-
- Leland,
-
- I sent this to Mich Kabay of the NCSA Forum. Thought you might find it of
- interest. Note that 2.5 is also a MIT/NSA concoction.
-
- Chris
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
- Mich,
-
- As I reflected on more and more on this posting, it occurred to me
- that I was smelling a rat. The NCSA Forum members and others who
- visit here should give thought to this issue. A puzzle of sorts seems
- to be developing regarding PGP in general, and private possession of
- crypto in particular. Let me provide some pieces to this puzzle, and
- perhaps you and others may begin to see the bigger picture that seems
- to be unfolding.
-
- Piece #1: As you may already know, MIT is the single largest ($'s)
- outside contractor to the NSA.
-
- Piece #2: MIT is frustrated they feel that they have been somehow
- cheated financially by the proliferation of PGP 2.3a as freeware. (I
- still think that is insane as RSA was developed using public funding)
-
- Piece #3: NSA is frustrated because of the apparent strength of the
- imported Idea(tm) cipher.
-
- Piece #4: NSA is pushing the Clipper crypto technology so that Big
- Brother can have a free and easy backdoor to violate the privacy of
- Americans. Note too, that Clipper technology was assisted along by
- MIT.
-
- Piece #5: PGP 2.6 will *not* be compatible with 2.3a after Sept 1994
- for 2-way encryption. This accomplishes reduced international secure
- traffic by private individuals and businesses. This is exactly the
- same problem that Clipper has.
-
- Have you begun to see the big Puzzle Palace picture yet? Unless my
- eyes deceive me, I would say this, MIT and NSA have teamed up together
- on PGP 2.6! This version, until proven otherwise (through examination
- of the source code, etc.), is likely to contain a backdoor big enough
- to drive a Mack truck through it. The back door is likely similar to
- Clipper and for the same intent. Given how much flak NSA has gotten
- over Clipper, NSA will very likely stay very mum about the whole
- issue. The big winners are NSA and MIT. They both get exactly what
- each has wanted all along. MIT gets royalties they think they
- deserve, NSA gets what they intend to have anyway, a means to continue
- listening into citizens private conversations. NSA also wins on the
- international front by reducing it's workload of analyzing
- international encrypted traffic. Business and the citizens lose
- because it isolates the US from Europe and the international
- marketplace.
-
- I strongly recommend that anyone who acquires PGP 2.6 do so with a
- jaundiced eye. Until the private sector can review, and analyze this
- new MIT/NSA system, one *must* assume that it is as if it contained a
- virus, one you may never know it has. I for one will continue with
- the present version as it's inventors have no reason to capture
- private communications.
-
- If you think appropriate, please upload to Internet Risks with my
- blessings.
-
- Respectfully,
-
- Christopher W. Geib
-
- ~~~ =====(End of plaintext)=====
-
- So you decide, guys. Is it worth the risk? Again, just some
- thoughts, but remember this: if you go to either ver. 2.5 or 2.6,
- you'll probably have to revoke your ver. 2.3 keys and start afresh
- with new ones, which might not be secure in the first place.
-
- LR
-
- ... If the Pope's phones weren't secure, PGP would be a sacrament.
-
- ((Post obtaining reprint permission deleted))
-
- ------------------------------
-
- End of Computer Underground Digest #6.49
- ************************************
-
-
-