home *** CD-ROM | disk | FTP | other *** search
- Computer underground Digest Thu Aug 18, 1994 Volume 6 : Issue 74
- ISSN 1004-042X
-
- Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
- Archivist: Brendan Kehoe
- Retiring Shadow Archivist: Stanton McCandlish
- Shadow-Archivists: Dan Carosone / Paul Southworth
- Ralph Sims / Jyrki Kuoppala
- Ian Dickinson
- Campy Editor: Shrdlu Etaionsky
-
- CONTENTS, #6.74 (Thu, Aug 18, 1994)
-
-
- Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
- available at no cost electronically.
-
- CuD is available as a Usenet newsgroup: comp.society.cu-digest
-
- Or, to subscribe, send a one-line message: SUB CUDIGEST your name
- Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
- The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
- or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
- 60115, USA.
-
- Issues of CuD can also be found in the Usenet comp.society.cu-digest
- news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
- LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
- libraries and in the VIRUS/SECURITY library; from America Online in
- the PC Telecom forum under "computing newsletters;"
- On Delphi in the General Discussion database of the Internet SIG;
- on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
- and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
- CuD is also available via Fidonet File Request from
- 1:11/70; unlisted nodes and points welcome.
-
- EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
- In ITALY: Bits against the Empire BBS: +39-461-980493
- In BELGIUM: Virtual Access BBS: +32.69.45.51.77 (ringdown)
-
- UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/
- ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
- aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
- world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
- uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
- wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
- EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
- ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
-
- JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/
-
- COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
- information among computerists and to the presentation and debate of
- diverse views. CuD material may be reprinted for non-profit as long
- as the source is cited. Authors hold a presumptive copyright, and
- they should be contacted for reprint permission. It is assumed that
- non-personal mail to the moderators may be reprinted unless otherwise
- specified. Readers are encouraged to submit reasoned articles
- relating to computer culture and communication. Articles are
- preferred to short responses. Please avoid quoting previous posts
- unless absolutely necessary.
-
- DISCLAIMER: The views represented herein do not necessarily represent
- the views of the moderators. Digest contributors assume all
- responsibility for ensuring that articles submitted do not
- violate copyright protections.
-
- ----------------------------------------------------------------------
-
- Date: 10 Aug 1994 16:58:23 -0500
- From: mech@eff.org (Stanton McCandlish)
- Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill
-
- EFF SUMMARY OF THE EDWARDS/LEAHY DIGITAL TELEPHONY BILL
- =======================================================
-
-
- OVERVIEW
- --------
-
- The Edwards/Leahy Digital Telephony bill places functional
- requirements on telecommunications carriers in order to enable law
- enforcement to continue to conduct authorized electronic surveillance. It
- allows a court to impose fines on carriers that violate the requirements,
- and mandates that the processes for determining capacity requirements and
- technical standards be open and public. The bill also contains significant
- new privacy protections; including an increased standard for government
- access to transactional data (such as addressing information contained in
- electronic mail logs), a requirement that information acquired through the
- use of pen registers or trap and trace devices not disclose the physical
- location of an individual, and an expansion of current law to protect the
- radio portion of cordless telephone conversations from unauthorized
- surveillance.
-
-
- SCOPE OF THE BILL. WHO IS COVERED?
- -----------------------------------
-
- The requirements of the bill apply to "telecommunications carriers", which
- are defined as any person or entity engaged in the transmission or
- switching of wire or electronic communications as a common carrier for hire
- (as defined by section 3 (h) of the Communications Act of 1934), including
- commercial mobile services (cellular, PCS, etc.). The bill also applies to
- those persons or entities engaged in providing wire or electronic
- communication switching or transmission service to the extent
- that the FCC finds that such service is a replacement for a substantial
- portion of the local telephone exchange.
-
- The bill does not apply to online communication and information services
- such as Internet providers, Compuserve, AOL, Prodigy, and BBS's. It also
- excludes private networks, PBX's, and facilities which only interconnect
- telecommunications carriers or private networks (such as most long
- distance service).
-
-
- REQUIREMENTS IMPOSED ON CARRIERS
- --------------------------------
-
- Telecommunications carriers would be required to ensure that they
- possess sufficient capability and capacity to accommodate law enforcement's
- needs. The bill distinguishes between capability and capacity
- requirements, and ensures that the determination of such requirements occur
- in an open and public process.
-
-
- CAPABILITY REQUIREMENTS
- -----------------------
-
- A telecommunications carrier is required to ensure that, within four years
- from the date of enactment, it has the capability to:
-
- 1. expeditiously isolate the content of a targeted communication
- within its service area;
-
- 2. isolate call-identifying information about the origin and
- destination of a targeted communication;
-
- 3. enable the government to access isolated communications at a point away
- from the carrier's premises and on facilities procured by the
- government, and;
-
- 4. to do so unobtrusively and in such a way that protects the privacy and
- security of communications not authorized to be intercepted (Sec.
- 2601).
-
- However, the bill does not permit law enforcement agencies or officers to
- require the specific design of features or services, nor does it prohibit a
- carrier from deploying any feature or service which does not meet the
- requirements outlined above.
-
-
- CAPACITY REQUIREMENTS
- ---------------------
-
- Within 1 year of enactment of the bill, the Attorney General must
- determine the maximum number of intercepts, pen register, and trap and
- trace devices that law enforcement will require four years from the date of
- enactment. Notices of capacity requirements must be published in the
- Federal Register (Sec. 2603). Carriers have 4 years to comply with
- capacity requirements.
-
-
- PROCESS FOR DETERMINING TECH. STANDARDS TO IMPLEMENT CAPABILITY REQUIREMENTS
- ----------------------------------------------------------------------------
-
- Telecommunications carriers, through trade associations or standards
- setting bodies and in consultation with the Attorney General, must
- determine the technical specifications necessary to implement the
- capability requirements (Sec. 2606).
-
- The bill contains a 'safe harbor' provision, which allows a carrier to meet
- its obligations under the legislation if it is in compliance with publicly
- available standards set through this process. A carrier may deploy a
- feature or service in the absence of technical standards, although in such
- a case the carrier would not be covered by the safe harbor provision and
- may be found in violation.
-
- Furthermore, the legislation allows any one to file a motion at the FCC in
- the event that a standard violates the privacy and security of
- telecommunications networks or does not meet the requirements of the bill
- (Sec. 2606). If petitioned under this section, the FCC may establish
- technical requirements or standards that:
-
- 1) meet the capability requirements (in Sec. 2602);
-
- 2) protect the privacy and security of communications not authorized
- to be intercepted, and;
-
- 3) encourage the provision of new technologies and services to the public.
-
-
- ENFORCEMENT AND PENALTIES
- -------------------------
-
- In the event that a court or the FCC deems a technical standard to be
- insufficient, or if law enforcement finds that it is unable to conduct
- authorized surveillance because a carrier has not met the requirements of
- this legislation, the Attorney General can request that a court issue an
- enforcement order (an order directing a carrier to comply), and/or a fine
- of up to $10,000 per day for each day in violation (Sec. 2607). However, a
- court can issue an enforcement order or fine a carrier only if it can be
- determined that no other reasonable alternatives are available to law
- enforcement. This provision allows carriers to deploy features and
- services which may not meet the requirements of the bill. Furthermore,
- this legislation does not permit the government to block the adoption or
- use of any feature or service by a telecommunications carrier which does
- not meet the requirements.
-
- The bill requires the government to reimburse carriers for all reasonable
- costs associated with complying with the capacity requirements. In other
- words, the government will pay for upgrades of current features or
- services, as well as any future upgrades which may be necessary, pursuant
- to published notices of capacity requirements (Sec. 2608).
-
- There is $500,000,000 authorized for appropriation to cover the costs of
- government reimbursements to carriers. In the event that a smaller sum is
- actually appropriated, the bill allows a court to determine whether a
- carrier must comply (Sec. 2608 (d)). This section recognizes that
- telecommunications carriers may not be responsible for meeting the
- requirements if the government does not cover reasonable costs.
-
- The government is also required to submit a report to congress within four
- years describing all costs paid to carriers for upgrades (Sec. 4).
-
-
- ENHANCED PRIVACY PROTECTIONS
- ----------------------------
-
- The legislation contains enhanced privacy protections for transactional
- information (such as telephone toll records and electronic mail logs)
- generated in the course of completing a communication. Current law permits
- law enforcement to gain access to transactional information through a
- subpoena. The bill establishes a higher standard for law enforcement
- access to transactional data contained electronic mail logs and other
- online records. Telephone toll records would still be available through a
- subpoena. Under the new standard, law enforcement is required to obtain a
- court order by demonstrating specific and articulable facts that electronic
- mail logs and other online transactional records are relevant and material
- to an ongoing criminal investigation (Sec. 10).
-
- Law enforcement is also prohibited from remotely activating any
- surveillance capability. All intercepts must be conducted with the
- affirmative consent of a telecommunications carrier and activated by a
- designated employee of the carrier within the carrier's facilities (Sec.
- 2604).
-
- The bill further requires that, when using pen registers and trap and trace
- devices, law enforcement will use, when reasonably available, devices which
- only provide call set up and dialed number information (Sec. 10). This
- provision will ensure that as law enforcement employs new technologies in
- pen register and trap and trace devices, it will not gain access to
- additional call setup information beyond its current authority.
-
- Finally, the bill extends the Electronic Communications Privacy Act (ECPA)
- protections against interception of wireless communications to cordless
- telephones, making illegal the intentional interception of the radio
- portion of a cordless telephone (the transmission between the handset
- and the base unit).
-
-
- CELLULAR SCANNERS
- -----------------
-
- The bill makes it a crime to possess or use an altered telecommunications
- instrument (such as a cellular telephone or scanning receiver) to obtain
- unauthorized access to telecommunications services (Sec. 9). This
- provision is intended to prevent the illegal use of cellular and other
- wireless communications services. Violations under this section face
- imprisonment for up to 15 years and a fine of up to $50,000.
-
-
- IMPROVEMENTS OF THE EDWARDS/LEAHY BILL OVER PREVIOUS FBI PROPOSALS
- ------------------------------------------------------------------
-
- The Digital Telephony legislative proposal was first offered in 1992 by the
- Bush Administration. The 1992 version of the bill:
-
- * applied to all providers of wire or electronic communications
- services (no exemptions for information services, interexchange
- carriers or private networks);
-
- * gave the government the explicit authority to block or enjoin a
- feature or service that did not meet the requirements;
-
- * contained no privacy protections;
-
- * contained no public process for determining the capacity
- requirements;
-
- * contained no government reimbursement (carriers were responsible
- for meeting all costs);
-
- * would have allowed remote access to communications by law
- enforcement, and;
-
- * granted telecommunications carriers only 18 months to comply.
-
- The Bush Administration proposal was offered on capitol hill for almost a
- year, but did attract any congressional sponsors.
-
- The proposal was again offered under the Clinton Administration's FBI in
- March of 1993. The Clinton Administration's bill was a moderated version
- of the original 1992 proposal:
-
- * It required the government to pay all reasonable costs incurred by
- telecommunications carriers in retrofitting their facilities in
- order to correct existing problems;
-
- * It encouraged (but did not require), the Attorney General to consult
- with telecommunications industry representatives and standards
- bodies to facilitate compliance,
-
- * It narrowed the scope of the legislation to common carriers, rather
- than all providers of electronic communications services.
-
- Although the Clinton Administration version was an improvement
- over the Bush Administration proposal, it did not address the
- larger concerns of public interest organizations or the
- telecommunications industry. The Clinton Administration version:
-
- * did not contain any protections for access to transactional
- information;
-
- * did not contain any public process for determining the capability
- requirements or public notice of law enforcement's capacity needs;
-
- * would have allowed law enforcement to dictate system design and
- bar the introduction of features and services which did not meet
- the requirements, and;
-
- * would have allowed law enforcement to use pen registers and trap and
- trace devices to obtain tracking or physical location information.
-
-
- * * *
-
-
- Locating Relevant Documents
- ===========================
-
- ** Original 1992 Bush-era draft **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
- gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft
- http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel92.old
-
-
- ** 1993/1994 Clinton-era draft **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.dft
-
-
- ** 1994 final draft, as sponsored **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.bil
-
-
- ** EFF Statement on sponsored version **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_statement.eff
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94_statement.eff
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94_statement.eff
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.eff
-
-
-
-
- =========================================================================
- Received: (from NIUCS for <tk0jut1@mp.cs.niu.edu> via BSMTP)
- Received: (from A01MLRV@NIUCS for MAILER@NIU via NJE)
- (UCLA/Mail V1.500 M-RSCS1636-1636-341); Thu, 11 Aug 94 00:35:23 CDT
- Received: from NIUCS by NIUCS (Mailer R2.10 ptf000) with BSMTP id 4395; Thu, 11
- Aug 94 00:35:14 CDT
- Received: from mp.cs.niu.edu by vm.cso.niu.edu (IBM VM SMTP V2R2) with TCP;
- Thu, 11 Aug 94 00:35:11 CDT
- Received: by mp.cs.niu.edu id AA07673
- (5.67a/IDA-1.5 for tk0jut1@niu.bitnet); Thu, 11 Aug 1994 00:34:11 -0500
- Date: Thu, 11 Aug 1994 00:34:11 -0500
- From: jim thomas <tk0jut1@MP.CS.NIU.EDU>
- Message-Id: <199408110534.AA07673@mp.cs.niu.edu>
- To: tk0jut1@MVS.CSO.NIU.EDU
-
- Article 38013 of comp.org.eff.talk:
- Xref: mp.cs.niu.edu comp.org.eff.news:251 comp.org.eff.talk:38013
- Path:
- mp.cs.niu.edu!vixen.cso.uiuc.edu!newsfeed.ksu.ksu.edu!moe.ksu.ksu.edu!hobbes.ph
- ysics.uiowa.edu!math.ohio-state.edu!cs.utexas.edu!not-for-mail
- From: mech@eff.org (Stanton McCandlish)
- Newsgroups:
- alt.activism.d,alt.politics.datahighway,comp.org.eff.news,comp.org.eff.talk
- Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill
- Date: 10 Aug 1994 16:58:23 -0500
- Organization: UTexas Mail-to-News Gateway
- Lines: 303
- Sender: nobody@cs.utexas.edu
- Approved: mech@eff.org
- Distribution: inet
- Message-ID: <199408102158.RAA13003@eff.org>
- NNTP-Posting-Host: news.cs.utexas.edu
-
- EFF SUMMARY OF THE EDWARDS/LEAHY DIGITAL TELEPHONY BILL
- =======================================================
-
-
- OVERVIEW
- --------
-
- The Edwards/Leahy Digital Telephony bill places functional
- requirements on telecommunications carriers in order to enable law
- enforcement to continue to conduct authorized electronic surveillance. It
- allows a court to impose fines on carriers that violate the requirements,
- and mandates that the processes for determining capacity requirements and
- technical standards be open and public. The bill also contains significant
- new privacy protections; including an increased standard for government
- access to transactional data (such as addressing information contained in
- electronic mail logs), a requirement that information acquired through the
- use of pen registers or trap and trace devices not disclose the physical
- location of an individual, and an expansion of current law to protect the
- radio portion of cordless telephone conversations from unauthorized
- surveillance.
-
-
- SCOPE OF THE BILL. WHO IS COVERED?
- -----------------------------------
-
- The requirements of the bill apply to "telecommunications carriers", which
- are defined as any person or entity engaged in the transmission or
- switching of wire or electronic communications as a common carrier for hire
- (as defined by section 3 (h) of the Communications Act of 1934), including
- commercial mobile services (cellular, PCS, etc.). The bill also applies to
- those persons or entities engaged in providing wire or electronic
- communication switching or transmission service to the extent
- that the FCC finds that such service is a replacement for a substantial
- portion of the local telephone exchange.
-
- The bill does not apply to online communication and information services
- such as Internet providers, Compuserve, AOL, Prodigy, and BBS's. It also
- excludes private networks, PBX's, and facilities which only interconnect
- telecommunications carriers or private networks (such as most long
- distance service).
-
-
- REQUIREMENTS IMPOSED ON CARRIERS
- --------------------------------
-
- Telecommunications carriers would be required to ensure that they
- possess sufficient capability and capacity to accommodate law enforcement's
- needs. The bill distinguishes between capability and capacity
- requirements, and ensures that the determination of such requirements occur
- in an open and public process.
-
-
- CAPABILITY REQUIREMENTS
- -----------------------
-
- A telecommunications carrier is required to ensure that, within four years
- from the date of enactment, it has the capability to:
-
- 1. expeditiously isolate the content of a targeted communication
- within its service area;
-
- 2. isolate call-identifying information about the origin and
- destination of a targeted communication;
-
- 3. enable the government to access isolated communications at a point away
- from the carrier's premises and on facilities procured by the
- government, and;
-
- 4. to do so unobtrusively and in such a way that protects the privacy and
- security of communications not authorized to be intercepted (Sec.
- 2601).
-
- However, the bill does not permit law enforcement agencies or officers to
- require the specific design of features or services, nor does it prohibit a
- carrier from deploying any feature or service which does not meet the
- requirements outlined above.
-
-
- CAPACITY REQUIREMENTS
- ---------------------
-
- Within 1 year of enactment of the bill, the Attorney General must
- determine the maximum number of intercepts, pen register, and trap and
- trace devices that law enforcement will require four years from the date of
- enactment. Notices of capacity requirements must be published in the
- Federal Register (Sec. 2603). Carriers have 4 years to comply with
- capacity requirements.
-
-
- PROCESS FOR DETERMINING TECH. STANDARDS TO IMPLEMENT CAPABILITY REQUIREMENTS
- ----------------------------------------------------------------------------
-
- Telecommunications carriers, through trade associations or standards
- setting bodies and in consultation with the Attorney General, must
- determine the technical specifications necessary to implement the
- capability requirements (Sec. 2606).
-
- The bill contains a 'safe harbor' provision, which allows a carrier to meet
- its obligations under the legislation if it is in compliance with publicly
- available standards set through this process. A carrier may deploy a
- feature or service in the absence of technical standards, although in such
- a case the carrier would not be covered by the safe harbor provision and
- may be found in violation.
-
- Furthermore, the legislation allows any one to file a motion at the FCC in
- the event that a standard violates the privacy and security of
- telecommunications networks or does not meet the requirements of the bill
- (Sec. 2606). If petitioned under this section, the FCC may establish
- technical requirements or standards that:
-
- 1) meet the capability requirements (in Sec. 2602);
-
- 2) protect the privacy and security of communications not authorized
- to be intercepted, and;
-
- 3) encourage the provision of new technologies and services to the public.
-
-
- ENFORCEMENT AND PENALTIES
- -------------------------
-
- In the event that a court or the FCC deems a technical standard to be
- insufficient, or if law enforcement finds that it is unable to conduct
- authorized surveillance because a carrier has not met the requirements of
- this legislation, the Attorney General can request that a court issue an
- enforcement order (an order directing a carrier to comply), and/or a fine
- of up to $10,000 per day for each day in violation (Sec. 2607). However, a
- court can issue an enforcement order or fine a carrier only if it can be
- determined that no other reasonable alternatives are available to law
- enforcement. This provision allows carriers to deploy features and
- services which may not meet the requirements of the bill. Furthermore,
- this legislation does not permit the government to block the adoption or
- use of any feature or service by a telecommunications carrier which does
- not meet the requirements.
-
- The bill requires the government to reimburse carriers for all reasonable
- costs associated with complying with the capacity requirements. In other
- words, the government will pay for upgrades of current features or
- services, as well as any future upgrades which may be necessary, pursuant
- to published notices of capacity requirements (Sec. 2608).
-
- There is $500,000,000 authorized for appropriation to cover the costs of
- government reimbursements to carriers. In the event that a smaller sum is
- actually appropriated, the bill allows a court to determine whether a
- carrier must comply (Sec. 2608 (d)). This section recognizes that
- telecommunications carriers may not be responsible for meeting the
- requirements if the government does not cover reasonable costs.
-
- The government is also required to submit a report to congress within four
- years describing all costs paid to carriers for upgrades (Sec. 4).
-
-
- ENHANCED PRIVACY PROTECTIONS
- ----------------------------
-
- The legislation contains enhanced privacy protections for transactional
- information (such as telephone toll records and electronic mail logs)
- generated in the course of completing a communication. Current law permits
- law enforcement to gain access to transactional information through a
- subpoena. The bill establishes a higher standard for law enforcement
- access to transactional data contained electronic mail logs and other
- online records. Telephone toll records would still be available through a
- subpoena. Under the new standard, law enforcement is required to obtain a
- court order by demonstrating specific and articulable facts that electronic
- mail logs and other online transactional records are relevant and material
- to an ongoing criminal investigation (Sec. 10).
-
- Law enforcement is also prohibited from remotely activating any
- surveillance capability. All intercepts must be conducted with the
- affirmative consent of a telecommunications carrier and activated by a
- designated employee of the carrier within the carrier's facilities (Sec.
- 2604).
-
- The bill further requires that, when using pen registers and trap and trace
- devices, law enforcement will use, when reasonably available, devices which
- only provide call set up and dialed number information (Sec. 10). This
- provision will ensure that as law enforcement employs new technologies in
- pen register and trap and trace devices, it will not gain access to
- additional call setup information beyond its current authority.
-
- Finally, the bill extends the Electronic Communications Privacy Act (ECPA)
- protections against interception of wireless communications to cordless
- telephones, making illegal the intentional interception of the radio
- portion of a cordless telephone (the transmission between the handset
- and the base unit).
-
-
- CELLULAR SCANNERS
- -----------------
-
- The bill makes it a crime to possess or use an altered telecommunications
- instrument (such as a cellular telephone or scanning receiver) to obtain
- unauthorized access to telecommunications services (Sec. 9). This
- provision is intended to prevent the illegal use of cellular and other
- wireless communications services. Violations under this section face
- imprisonment for up to 15 years and a fine of up to $50,000.
-
-
- IMPROVEMENTS OF THE EDWARDS/LEAHY BILL OVER PREVIOUS FBI PROPOSALS
- ------------------------------------------------------------------
-
- The Digital Telephony legislative proposal was first offered in 1992 by the
- Bush Administration. The 1992 version of the bill:
-
- * applied to all providers of wire or electronic communications
- services (no exemptions for information services, interexchange
- carriers or private networks);
-
- * gave the government the explicit authority to block or enjoin a
- feature or service that did not meet the requirements;
-
- * contained no privacy protections;
-
- * contained no public process for determining the capacity
- requirements;
-
- * contained no government reimbursement (carriers were responsible
- for meeting all costs);
-
- * would have allowed remote access to communications by law
- enforcement, and;
-
- * granted telecommunications carriers only 18 months to comply.
-
- The Bush Administration proposal was offered on capitol hill for almost a
- year, but did attract any congressional sponsors.
-
- The proposal was again offered under the Clinton Administration's FBI in
- March of 1993. The Clinton Administration's bill was a moderated version
- of the original 1992 proposal:
-
- * It required the government to pay all reasonable costs incurred by
- telecommunications carriers in retrofitting their facilities in
- order to correct existing problems;
-
- * It encouraged (but did not require), the Attorney General to consult
- with telecommunications industry representatives and standards
- bodies to facilitate compliance,
-
- * It narrowed the scope of the legislation to common carriers, rather
- than all providers of electronic communications services.
-
- Although the Clinton Administration version was an improvement
- over the Bush Administration proposal, it did not address the
- larger concerns of public interest organizations or the
- telecommunications industry. The Clinton Administration version:
-
- * did not contain any protections for access to transactional
- information;
-
- * did not contain any public process for determining the capability
- requirements or public notice of law enforcement's capacity needs;
-
- * would have allowed law enforcement to dictate system design and
- bar the introduction of features and services which did not meet
- the requirements, and;
-
- * would have allowed law enforcement to use pen registers and trap and
- trace devices to obtain tracking or physical location information.
-
-
- * * *
-
-
- Locating Relevant Documents
- ===========================
-
- ** Original 1992 Bush-era draft **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
- gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft
- http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel92.old
-
-
- ** 1993/1994 Clinton-era draft **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.dft
-
-
- ** 1994 final draft, as sponsored **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.bil
-
-
- ** EFF Statement on sponsored version **
-
- ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_statement.eff
- gopher.eff.org, 1/EFF/Policy/FBI, digtel94_statement.eff
- http://www.eff.org/pub/EFF/Policy/FBI/digtel94_statement.eff
- bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
- Telephony; file: digtel94.eff
-
- ------------------------------
-
- Date: 10 Aug 1994 13:33:30 -0500
- From: stahlman@radiomail.net (Mark Stahlman (via RadioMail))
- Subject: Re: EFF Statement on Leahy/Edwards Digital Telephony Bill
-
- Jerry, Danny, Stanton, et al:
-
- Well, what a fine kettle of fish you've gotten yourselves into this time.
- EFF "supports" a Digital Telephony (wiretap) bill. Quick, who's got the
- smelling salts?
-
- You've gone from "Jackboots on the InfoBahn" to "substantially less
- intrusive", "significant privacy advances" and "enhanced protection." And,
- just whose picture is that in the dictionary next to the definition of
- "cyberdupes" anyway?
-
- After successfully defeating draconian legislation for years, EFF now helps
- to . . . draft the kinder-gentler wiretap bill. Because Leahy and Edwards
- "concluded that the passage of such a bill was inevitable this year", EFF
- is called upon to perform the one-eyed act in the land of the blind.
-
- What happened from last year to this? Why was any bill "inevitable" in
- this Congress? Did EFF lose it's clout? Did the Information-SuperHypeway
- blitz (that EFF cynically fanned) help tip the balance?
-
- I have no doubt that this bill is "better" than the FBI's proposal. I also
- have no doubt that the FBI knew that it's bill was only the starting point
- for the negotiations. And, if passed, this bill will certainly deliver to
- the FBI everything that it wants. That's the way Washington works. Wake
- up.
-
- As I've said all along, EFF made themselves part of a process far larger,
- more powerful and more professional than they could ever become when they
- scrapped the chapters and moved to DC to become lobbyists. And, since the
- "groups" that EFF "represents" are not particularly powerful, EFF's efforts
- will inevitably be confined to providing language that helps the truly
- powerful groups (like the FBI -- which lest we forget is just the Clinton
- administration) get their way.
-
- But don't be fooled. EFF is not an "opposition" group wrestling with the
- weighty issues of cyberspace politics. Despite the advertisements, EFF is
- not "hacking politics and then fixing it." They have opted to become an
- integral part of the "system". Is that a bad thing? Certainly not. The
- "system" delivers enormous benefits to most of it's citizens. And, it
- needs it's functionaries -- like EFF.
-
- But, as Toffler would have put it, ours is a completely obsolete Second
- Wave "system" which needs to be radically transformed. Reread the
- concluding section of Toffler's "Third Wave" on 21st Century Democracy.
- Published in 1980, this book lays out the issues and predicts the outcomes
- that are still worthy of very serious debate, study and action.
-
- The technologies we are so intimately involved with will inevitably lead to
- profound social and psychological changes which in turn will force the
- development of something akin to Toffler's "Third Wave" government. I
- don't know if it will be 20% or 50% the size of current government but it
- certainly won't tolerate anything like Gore's NII or this administration's
- Information Industrial Policy initiatives. Nor will it support a police
- force bent on wiretaps to catch electronic tax cheats -- a far more
- plausible motivation for this legislation than hunting
- porno-smuggling-kiddie-grabbing-terror-toting hairballs.
-
- We need organizations (and individuals) which are dedicated to working on
- the thorny problems of inventing a new government which will be capable of
- supporting and defending a cyberspace economy. This is a process which is
- probably best conducted *outside* of the current "system". As EFF has
- shown us, the talk-show temptations of being an "insider" are just too
- powerful to be resisted. Principles don't matter when you're on the
- "inside". Clear, careful and even "radical" thinking doesn't help when the
- horse-trading takes over.
-
- Re-read the EFF's founding principles, re-read "Across The Electronic
- Frontier." Then, compare the text with the reality. Take it as an object
- lesson in politics. Disappointed? Well, maybe that's part of growing up.
-
- Hopefully, EFF will take up the case of the Milpitas porn-BBS conviction on
- appeal. Now that's real cyberspace politics! This administration (yes,
- they still run the DoJ) decided to attack cyberspace information rights by
- trying to impose the "community standards" of Memphis on all of cyberspace.
- A non-Internet connected private board with $99 annual fees was convicted
- of 11 counts of delivering porn over the phone (and acquitted of a kiddie
- porn count because the board refused to post the kiddie-GIFs the Feds sent
- them). Yes, there's plenty of important work left for EFF to do.
-
- And, what about you? Start something new, something bold. Have the
- courage to just say no to cyber-crats and digital control freaks. Forget
- mortibund ideologies. Stop trying to summon Jefferson's (or Marx's or
- Rand's) ghost from the grave. Face up to the fact that we already live in
- a networked economy and that millions of people have already entered into
- Toffler's new "psycho-sphere". Pick up the tools at hand and take
- responsibility to invent the future. Your Softbot descendants will honor
- you for your valor.
-
- Mark Stahlman
- New Media Associates
- New York City
- stahlman@radiomail.net
-
- ------------------------------
-
- Date: Thu, 18 Aug 1994 14:25:22 -0600 (MDT)
- From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067"
- Subject: "Secrets of a Super Hacker" by Fiery
-
- BKSCSUHK.RVW 940609
-
- Loompanics Unlimited
- P.O. Box 1197
- Port Townsend, WA 98368 206/385-5087 fax 206/385-7785
- loompanx@pt.olympus.net
- "secrets of a super hacker",
- Fiery, 1994; 1-55950-106-5, U$19.95
-
- Despite Loompanics' reputation as a "dark side" publisher, this may be
- a very good book. It deals primarily with social engineering, despite
- the purported coverage of other topics. It would therefore be
- valuable reading material around corporate lunchrooms, since
- forewarned is just a little bit more paranoid and, therefore,
- forearmed. As those involved with data security in the real world
- well know, cracking is basically a con job. Thus, The Knightmare, if
- he really is "super", is a con artist par excellence--and is pulling
- off a really great con here!
-
- Revealing the secrets of social engineering poses very little threat
- to security. Con men already exist and will continue to exist.
- Cracker wannabes are unlikely to be able to carry off a successful con
- if they need to rely on canned advice like this. On the other hand,
- it is much more likely to shock naive and non-technical users into an
- awareness of the need for suspicion and proper procedures--albeit
- possibly only temporarily. Thus, this information is almost
- inherently of more use in data protection than in data penetration.
-
- As for technical help for the cracker; well, are you really expecting
- great technical revelations from someone who knows there is a
- difference between baud and bits per second--and gets it backwards?
- Or, who thinks 140 and 19,900 baud are standard modem speeds? Who
- thinks Robert Morris' worm found "original" bugs? (And who doesn't
- know the difference between "downgrade" and "denigrate"?) All the
- successful hacks in the book rely on social engineering rather than
- technology. Lots of jargon is thrown in along the lines of, "You need
- X," but without saying what X really is, where to get it, or how to
- use it.
-
- The official definition of a hacker in the book is of the "good side"
- seeker after knowledge. As it is stated early on, a hacker *could* do
- lots of mischief--but doesn't. In the course of the text, though, the
- image is much more convoluted. The book almost seems to be written by
- two people; one who is within the culture and has the standard
- confused cracker viewpoint, and another, sardonically aware of pulling
- the wool over all the wannabes' eyes. The chapter on contacting the
- *true* hacker community is EST-like in its refusal to define when you
- might have made it, or how.
-
- Like I said, buy it for the corporate or institutional lunchroom.
- Make sure that the non-techies get first crack at it. If you'll
- pardon the expression.
-
- copyright Robert M. Slade, 1994 BKSCSUHK.RVW 940609
-
- ======================
- DECUS Canada Communications, Desktop, Education and Security group newsletters
- Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
- DECUS Symposium '95, Toronto, ON, February 13-17, 1995, contact: rulag@decus.ca
-
- ------------------------------
-
- End of Computer Underground Digest #6.74
-