The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / eff / eff1001.txt < prev next >

Wrap

Text File | 2003-06-11 | 53.6 KB | 1,154 lines

========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\________/\ |||||________\ / /////______\ \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// e c t o r ========================================================================= EFFector Vol. 10, No. 01 Jan. 9, 1997 editor@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 If you thought 1996 was interesting, it's only Jan. '97 and there's already a lot of action. Call this "January Net Activism Week" - there are several opportunities for all of us to get in some hopefully meaningful input into a number of government agency reports, rulemakings, and inquiries, plus sit in on a groundbreaking privacy and First Amendment legal case. The rules for submission of comments don't make it easy, but please make the effort. Democracy: use it or lose it! IN THIS ISSUE: Action in Karn Case Against Irrational Crypto Regs (In DC? Attend!) DoC Crypto Export Regulations: YOUR Comments Due! FRB Privacy Study: YOUR Comments Due! IITF NII Policy Overhauled: YOUR Comments Due! 3 FCC Inquiries & Draft Rules: YOUR Comments Due! ISPs Shouldn't Be Charged Long-Distance Carrier Fees By Local Telcos Technological Hurdles of Net Growth to Be Examined Universal Service Reform DHHS Medical Privacy Open Hearing: YOUR Comments Due! FTC Privacy Hearing Report: "Notice, Choice, Security, Access" NACIC & DoD Hint at Tracking Net Users Newsnybbles PTO to Hold Domain Name Trademark & Unfair Competition Hearing Upcoming Events Quote of the Day What YOU Can Do Administrivia * See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more information on current EFF activities and online activism alerts! * ---------------------------------------------------------------------- Subject: Action in Karn Case Against Irrational Crypto Regs (In DC? Attend!) ---------------------------------------------------------------------------- [Friends of crypto freedom should definitely attend. The courtroom holds approximately 50 people, and we'd like to fill it. Show Judges Williams, Ginsburg and Rogers the importance of the case. This is the first time that a crypto export case has hit a Court of Appeals, and your rights are very much at stake here. If you're in the DC metropolitan area, come on out and show Phil Karn your support as he challenges the export control laws!] RESEARCHER KARN APPEALS, SEEKING TO OVERTURN IRRATIONAL ENCRYPTION RULES "Books are OK to publish, floppies are not" policy faces next challenge Washington, January 8 - Laywers for researcher Philip R. Karn, Jr. will argue in court this Friday that Government restrictions on distribution of encryption software violate the First and Fifth Amendments of the Constitution, and are "arbitrary, capricious and invalid" regulations. This week's hearing, on January 10, 1997 at 9:30AM in the US Court of Appeals for the District of Columbia Circuit, is open to the public at 333 Constitution Avenue, Washington DC. The Government will argue that its rules are its own business, which courts should not oversee, and that it is legitimate to regulate free speech and publication when the government is uninterested in suppressing the content thereof. (The government actually has a strong interest in suppressing the public's ability to understand and deploy strong cryptography, but has managed to convince the district court of the opposite.) The lawsuit is complicated by the Government's introduction last month of new encryption regulations. President Clinton ordered on November 15 that the regulations be moved from the State Department to the Commerce Department. Over Christmas, the Clinton Administration published its new Commerce Department regulations, which are effectively identical to the State Department regulations, and put them into immediate effect. Mr. Karn's case only named the State Department. In an unusual switch, the Government is arguing that it should be able to replace the State Department with the Commerce Department as a defendant, in the hope of keeping the case alive. (Most defendants would be happy to have the case disappear. The State Department appears to be hoping they will get a better decision in this case than in related cases.) The State Department regulations at issue were struck down in December by Judge Marilyn Hall Patel in a similar case brought by Professor Daniel Bernstein in San Francisco. Judge Patel called the regulations a "paradigm of standardless discretion" which required Americans to get licenses from the government to publish information and software about encryption. No court has yet ruled on the new Commerce Department regulations, which include the same provisions that were declared unconstitutional. "This case clearly raises an issue of fundamental importance to cryptographers and computer programmers generally," said Kenneth Bass, lead attorney in the case. "The fundamental issue is how the courts will treat computer programs. Books are entitled to the full protection of the First Amendment, but the trial judge in this case decided that source code on a diskette does not enjoy that same protection. Programmers immediately recognize the utter irrationality of this distinction. We now will see whether the appeals courts will also see it that way." "Phil Karn's case illustrates both the irrationality of the encryption rules and the depths of the bureaucratic mazes which protect them," said John Gilmore, co-founder of the Electronic Frontier Foundation, which backed the suit. "The idea that the First Amendment protects the author of a book, but not the author of an identical floppy disk, is ridiculous. All books, magazines, and newspapers are written on computers today before print publication, and many are also published online. Yet here we have Government lawyers not only defending their right to regulate machine-readable publication, but also arguing that the courts are not permitted to re-examine the issue. Their argument amounts to `Trust us with your fundamental liberties'. Unfortunately, a decade of NSA actions have amply demonstrated that they are happy to sacrifice fundamental liberties when it gives them an edge in some classified spy program. Unless there's a clear and present danger to our nation's physical security (which we have seen no evidence of), our citizens' right to speak and publish freely is much more important to American national security than any top-secret program." Civil libertarians have long argued that encryption should be widely deployed on the Internet and throughout society to protect privacy, prove the authenticity of transactions, and improve computer security. Industry has argued that the restrictions hobble them in building secure products, both for U.S. and worldwide use, risking America's current dominant position in computer and communications technology. Government officials in the FBI and NSA argue that the technology is too dangerous to permit citizens to use it, because it provides privacy to criminals as well as ordinary citizens. Background on the case Mr. Philip Karn is an engineer with a wide and varied background in radio and wire communications. He has given many years of volunteer work in the amateur radio service, amateur satellite service, and in the Internet community. He is the author of the freely available "KA9Q" internet software for DOS machines, which forms the basis of many amateur radio experiments as well as several successful commercial products. He has written and given away various cryptographic software, including one of the world's fastest versions of the Data Encryption Standard (DES). Phil also did the initial research into encrypting Internet traffic at the packet level. Mr. Karn's home page is at http://www.qualcomm.com/people/pkarn/ . In 1994, author Bruce Schneier published _Applied Cryptography_, a best-selling encryption textbook which included some fifty pages of encryption source code listings, including very strong algorithms such as "Triple-DES". As a civil libertarian, Mr. Karn asked the State Department whether the book could be exported; they replied that it was in the public domain and could therefore be exported. Mr. Karn then created a floppy disk containing the source code from the book, and asked if the floppy could be exported. The State Department determined in May 1994 that the floppy was a munition. Mr. Karn would need to register as an arms dealer to be able to export the disk. After several administrative appeals, Mr. Karn filed suit in September 1995. The suit asks a court to declare that the decision was invalid because the distinction between publication on paper and publication on floppies has no rational basis, and because the decision violates Mr. Karn's right to publish the floppy. Judge Charles R. Richey dismissed the case in a strongly-worded 36-page opinion. "The plaintiff, in an effort to export a computer diskette for profit, raises administrative law and meritless constitutional claims because he and others have not been able to persuade the Congress and the Executive Branch that the technology at issue does not endanger the national security. This is a "political question" for the two elected branches under Articles I and II of the Constitution." Mr. Karn, whose effort was motivated by concern for civil rights rather than profit, appealed. This week's hearing is the first public hearing in his appeal case. The regulations at issue in the case, which prevent American researchers and companies from exporting cryptographic software and hardware, are a relic of the Cold War. The secretive National Security Agency has built up an arcane web of complex and confusing laws, regulations, standards, and secret interpretations for years. These are used to force, persuade, or confuse individuals, companies, and government departments into making it easy for NSA to wiretap and decode all kinds of communications. Their tendrils reach deep into the White House, into numerous Federal agencies, and into the Congressional Intelligence Committees. In recent years this web is unraveling in the face of increasing visibility, vocal public disagreement with the spy agency's goals, commercial and political pressure, and judicial scrutiny. ABOUT THE ATTORNEYS Lead counsel on the case are Kenneth C. Bass III and Thomas J. Cooper of the Washington law firm of Venable, Baetjer, Howard & Civiletti, who are offering their services pro bono. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a nonprofit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is funding the expenses in Mr. Karn's case. The full text of the lawsuit and other paperwork filed in the case is available from Phil Karn's web site at: http://www.qualcomm.com/people/pkarn/export/index.html SOURCE: Electronic Frontier Foundation CONTACT: Ken Bass, lead attorney, +1 202 962 4890, kbass@venable.com; or Shari Steele, EFF Staff Attorney, +1 301 375 8856, ssteele@eff.org; or John Gilmore, EFF Board Member, +1 415 221 6524, gnu@toad.com ------------------------------ Subject: DoC Crypto Export Regulations: YOUR Comments Due! ---------------------------------------------------------- In an effort to evade a federal judge's finding that software is protected expression on the First Amendment, the Administration is playing a regulatory shellgame, scrapping old State Dept. crypto regs for "new" Commerce Dept. regs that are as bad, and in some cases worse. The Commerce Dept. is seeking input from the people on these regulations. Don't miss this opportunity to provide feedback to government in this vital area. Have a look at the regs, and make your voice heard! See this issue's lead article for some background on what the problems are. The full text of the new regulations (the "Interim Rule") can be found at: http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs What YOU can do: The DoC is requesting comments from the public on this matter. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (on paper, 6 copies) to the DoC. More information on making and filing comments is available at: http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs The docket number for this Interim Rule is "Docket No. 960918265-6366-03, RIN 0694-AB09" (you will need to include this at the top of your comments). DEADLINE: February 13, 1997. ------------------------------ Subject: FRB Privacy Study: YOUR Comments Due! ---------------------------------------------- The US Federal Reserve Board requests public comments on issues to be addressed in a new consumer information study (ironically required by the Economic Growth & Regulatory Paperwork Reduction Act of 1996.) The study will aim to determine the public availability of sensitive identifying information about individuals, such as social security numbers, mother's maiden names, prior addresses, dates of birth, etc. Additionally, the study will look at the "possibility" that such information can be used for fraud, and the effect such fraud may have on FDIC banks. The FRB is to report the findings to Congress, including any suggestions for legislative change. The FRB appears to be rather up-to-speed on the problems inherent in the social security number system, and related issues such as government databases making information of this sort available, leading to "identity theft", credit fraud, and access to private information such as school records. This is probably one of the best opportunities in years to raise Congressional awareness of these increasingly grave problems, and to warn against "solutions" such as electronic national ID cards and other even more privacy invasive ideas being floated by various agencies. The FRB is, however seeking input on some specific questions, so general privacy-related lobbying is best couched in terms of these questions and answers to them. The questions are available in the text of the FRB's Request for Comments: http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223 What YOU can do: The FRB is requesting comments from the public on this matter. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (on paper) to the FRB. Full guidelines for making and filing comments are available at: http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223 toward the end. The docket number for this Request for Comments is "Docket No. R-0953" (you will need to include this at the top of your comments). DEADLINE: January 31, 1997. ------------------------------ Subject: IITF NII Policy Overhauled: YOUR Comments Due! ------------------------------------------------------- The White House's Information Infrastructure Task Force has issues a new iteration of Administration NII/GII policy initiatives. The draft "Framework for Global Electronic Commerce" aims for "a strategy to help accelerate the growth of global commerce across the Internet...The proposed strategy establishes a set of principles to guide policy development, outlines Administration positions on a number of key issues related to electronic commerce, and provides a road map for international negotiations, where appropriate. It also identifies which government agencies will take the lead in implementing this work." The Administration is now seeking comments from public prior to redrafting and formally approving the "strategy". The document touches on many areas of concern to EFF members and Internet users, including taxation, content regulation (i.e., censorship), standards, intellectual property, liability, privacy, security, transactions, uniform law in multiple jurisdictions, contract enforcement, etc. Rather surprisingly, the current draft takes a "non-regulatory, market-oriented", pro-consumer and rather forward-thinking approach, at least on paper. The document calls for: establishment of the Net as a "duty-free zone", no new Net taxes, laissez-faire policy in standards processes and in allowing online payment systems to evolve, encouragement of industry self-regulation "where appropriate", and improved security & privacy. The paper even addresses (to a limited extent) content restrictions and compulsory licensing requirements. Not surprisingly, however, the document toes the standard Administration line on encryption, pulling the doublethink maneuver we have all seen so many times before: IITF simultaneously calls for improved computer security via encryption, but proposes supporting "key recovery" systems that are inherently insecure, backed up with the threat of export denial for actually secure encryption. IITF does however readily admit that "these export controls have limited the worldwide use of strong encryption for electronic commerce and other purposes," an admission many years in coming from the Administration. But, the paper also hypocritically claims that the transfer of crypto export authority from the State Dept. to Commerce is a step that "promotes electronic information security and public safety...electronic commerce and secure communications worldwide," rather than admitting that it is a further attempt to stuff the crypto genie back in the bottle and evade Federal court findings that software is protected expression under the First Amendment. Perhaps most disturbingly, the Administration in this paper reaffirms its vow to "work within the OECD [and EU]...to guide... member governments as they develop national encryption policies," that is, lobby foreign governments to go along with "Clipper 3". The specific policy called for includes government agencies holding citizens' encryption keys directly, and represents a step backward from the very meager progress in getting the government to abandon such dangerous proposals. Summary of, full text of, and already-received comments on the draft paper are available at: http://www.iitf.nist.gov/electronic_commerce.htm What YOU can do: The IITF is requesting comments from the public on these issues. Please contribute your comments so that the next draft preserves the good features, while encouraging a reformation of the Administration's anti-public-interest views on encryption, intellectual property, and online content regulation. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (on paper) to the IITF (c/o Sr. Advisor Ira Magaziner). Full guidelines for making and filing comments (considerably less complicated than the FCC requirements mentioned below) are available at: http://www.iitf.nist.gov/electronic_commerce.htm Though emailed comments are accepted, it is unclear whether these are considered official or not. In the case of the FCC actions mentioned below, they are NOT official, only paper ones are. Better to be safe than sorry. DEADLINE: January 23, 1997. ------------------------------ Subject: 3 FCC Inquiries & Draft Rules: YOUR Comments Due! --------------------------------------------------------- * ISPs Shouldn't Be Charged Long-Distance Carrier Fees By Local Telcos The US Federal Communications Commission has "tentatively concluded that providers of information services (including Internet service providers) should not be subject to the interstate access charges that local telephone companies currently assess on long-distance carriers", as part of a series of proposed new regulations that "provide incentive for investment and innovation" in networking. The full text of this Notice of Proposed Rulemaking is available from: http://www.fcc.gov/Bureaus/Common_Carrier/Notices/fcc96488.txt An analysis of the Proposed Rulemaking by Pepper and Corazzini, L.L.P., is available at: http://www.commlaw.com/pepper/Memos/InfoLaw/access.html What YOU can do: The FCC is requesting comments from the public on this matter. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (on paper, alas) to the FCC. Full guidelines for making and filing comments are available at: http://www.fcc.gov/Bureaus/Miscellaneous/Factsheets/comments.hlp The docket number for this Notice of Proposed Rulemaking is "CC Docket Number 96-263" (you will need to include this at the top of your comments). DEADLINE: January 27, 1997 (reply comments, in case you wish to challenge or support the comments of others, are due by February 13, 1997.) * Technological Hurdles of Net Growth to Be Examined The FCC, in a section of the same document, also seeks "to examine the more fundamental issues about the implications of emerging data services for the public switched telephone network. In the Notice of Inquiry, the Commission sought comment on the effects of increasing Internet usage on the network, alternative technologies to alleviate network congestion and provide higher bandwidth, and how FCC actions could facilitate efficient deployment of such technologies." The full text of this Notice of Inquiry (Section X of a larger Notice of Proposed Rulemaking) is available from: http://www.fcc.gov/Bureaus/Common_Carrier/Notices/fcc96488.txt What YOU can do: The FCC is requesting comments from the public on this matter. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (again, on paper) to the FCC. Full guidelines for making and filing comments are available at: http://www.fcc.gov/Bureaus/Miscellaneous/Factsheets/comments.hlp The docket number for this Notice of Inquiry is "CC Docket Number 96-262" (you will need to include this at the top of your comments). DEADLINE: February 21, 1997 (reply comments, in case you wish to challenge or support the comments of others, are due by March 24, 1997.) * Universal Service Reform Furthermore, the FCC's Federal-State Joint Board issues to the FCC Common Carrier Bureau a Universal Service Recommended Decision, to implement provisions of the Telecommunications Act of 1996. It has many implications for all aspects of US telecommunications. This is a much longer proposal than the previous two, and touches on many issues, including: competitive neutrality, universal service principles; services eligible for support; support mechanisms for rural, insular, and high cost areas; support for low income consumers; affordability; support for schools, libraries, and health care providers; administration of support mechanisms; and common line cost recovery. The full text of this Recommended Decision is available from: http://www.fcc.gov/Bureaus/Common_Carrier/Reports/decision.html The already-received comments on the proceeding, to which you may respond yourself, are available at: http://www.fcc.gov/Bureaus/Common_Carrier/Comments/rdcom.html An analysis of the Recommended Decision provided by People for the American Way, Alliance for Community Media, Alliance for Communications Democracy, Benton Foundation, Center for Media Education, League of United Latin American Citizens, Minority Media and Telecommunications Council, National Council of La Raza, and National Rainbow Coalition, is available at: http://www.benton.org/Library/Recommend/recommendations.html What YOU can do: The FCC has requested comments from the public on this matter, and received some. If you wish to get your word in, reasoned, detailed, but concise comments based on a review of both the Recommended Decision and the already available comments, should be sent (again, on paper) to the FCC. Full guidelines for making and filing comments are available at [NOTE! This is a different URL than above!]: http://www.fcc.gov/Bureaus/Common_Carrier/Public_Notices/da961891.html The docket number for this Notice of Inquiry is "CC Docket Number 96-45" (you will need to include this at the top of your comments). DEADLINE: *January 10, 1997*. The initial comment period is passed. This is the "last chance" deadline for *reply comments*. ------------------------------ Subject: DHHS Medical Privacy Open Hearing: YOUR Comments Due! -------------------------------------------------------------- The US Department of Health and Human Services's National Committee on Vital and Health Statistics (NCVHS), Subcommittee on Privacy and Confidentiality is required to develop recommendations to the DHHS Secretary, who in turn is to submit a report to the Congress containing detailed recommendations on standards with respect to the privacy of individually identifiable health information. The report is due in August 1997. Another indicator of increased privacy-consciousness on the Hill, it is important to pack this meeting with concerned citizens. The medical privacy "playing field" is heavily dominated by medical and insurance industry lobbyists, and little public input ever reaches the ears that matter. Expect, and expect to have to fight, national ID proposals and attempts by ingrained industries to thwart any meaningful new privacy protections. Excerpt from the meeting announcement: "The purpose of the hearings is to explore in detail the options, choices, and trade-offs that must be a part of any health privacy legislation. To the greatest extent possible, the discussion will focus on specific alternatives that have been identified in legislative proposals, on the consequences for patients and institutions of new rules for use and disclosure of health data, and on how legislation will operate in the real world. Issues will cover the full range of fair information practices, patient rights, limitations on use and disclosure of identifiable information, health identification number, preemption of state laws, and privacy-enhancing technology." What YOU Can Do: DHHS is requesting comments from the public on this matter. If you wish to get your word in, reasoned, detailed, but concise comments should be sent (on paper) to DHHS. Comments should be sent to: NCVHS Subcommittee on Privacy and Confidentiality, c/o Division of Data Policy, Office of the Assistant Secretary for Planning and Evaluation, U.S. Department of Health and Human Services, 440D Humphrey Building, 200 Independence Avenue, S.W., Washington, DC 20201. DEADLINE: 5pm ET, February 19, 1997. You can also attend the hearings in person (attendance limited to space available.) At the end of each hearing day, members of the public can present oral testimony, limited to 3 minutes per person (you have to sign up on a list when you arrive to be considered for such a presentation). Times and dates: 9am-5pm, February 3-4, 1997, and 9am-5pm, Feb. 18-19, 1997. Place: Hubert H. Humphrey Building, 200 Independence Avenue, SW, Room 503A, Washington, D.C. 20201. (The Humphrey Building is located one block from Federal Center SW Metrorail station.) Due to security measures, you should arrive at 8:30, or at 12:30 if attending afternoon session only. More information may be obtained from John P. Fanning, Office of the Assistant Secretary for Planning and Evaluation, DHHS, Room 440D Humphrey Building, 200 Independence Avenue S.W., Washington, D.C. 20201, telephone (202) 690-7100, e-mail jfanning@osaspe.dhhs.gov; or Marjorie S. Greenberg, Acting Executive Secretary, NCVHS, NCHS, CDC, Room 1100, Presidential Building, 6525 Belcrest Road, Hyattsville, Maryland 20782, telephone (301) 436-7050. ------------------------------ Subject: FTC Privacy Hearing Report: "Notice, Choice, Security, Access" ----------------------------------------------------------------------- The US Federal Trade Commission - the closest thing to a Privacy Commission the US has - has released it staff report on the FTC Bureau of Consumer Protection's "Consumer Privacy on the Global Information Infrastructure" workshop (June 4-5, 1996). The workshop was part of the Bureau's Consumer Privacy Initiative, "an ongoing effort to bring consumers and businesses together to address consumer privacy issues posed by the emerging online marketplace." A followup workshop on these issues is being planned, but has not yet been scheduled. Participants in the 1996 workshop outlined "four necessary elements of protecting consumer privacy online", detailed in the report: Notice to consumers about how personal information collected online is used; choice for consumers about whether and how their personal information is used; security of personal information, if commerce in cyberspace is to flourish on the Internet; and access for consumers to their own personal information to ensure accuracy. In general, the FTC's findings closely mirror those of EFF's eTRUST project, more information on which is at: http://www.etrust.org However, the FTC report, being based on a hearing many month ago, is not fully up to speed on recent developments like eTRUST, and EFF is pleased to hear of the plans for another session. Hopefully eTRUST and other private sector efforts can hold off attempts at direct regulation in this area, such as last years attempts at legislating online privacy, in ways that were actually detrimental to the public interest. Any public policy process involving the Internet should be in the slow lane, until lawmakers better understand this medium. The report and related documents including transcripts from the workshop are available at: http://www.ftc.gov/bcp/privacy/privacy.htm ------------------------------ Subject: NACIC & DoD Hint at Tracking Net Users ----------------------------------------------- The National Counterintelligence Center (NACIC), in conjunction with most other federal intelleigence and law enforcement agencies, has released a short paper on foreign commercial and government spying on US interests for economic reasons. Though the report is general, it does drift toward focusing on the Internet as source of trouble. In as much as NACIC is pointing out long-standing Internet security problems (many of which could be solved by an overhaul of the intelligence community's cherished but senseless anti-encryption regulations), the report serves a useful end. In other ways, however, it leaves room for concern, being perhaps too alarmist in suggesting that Internet connectitivity is a threat to proprietary information (this is no more true of the Net than of the telephone, unless the companies in question take inadequate security precautions). More disturbingly, the report appears to suggest in vague terms that all Web and other Internet communications and transactions should be monitorable and presumably trackable, noting that "Internet and E-mail networks provide direct methods of exploitation for foreign [intelligence] collection efforts. This is of particular concern in situations where programs to monitor the content of such online communications are lacking." The Dept. of Defense mirrored this sentiment in no uncertain terms. According to a Wall Street Journal article of Jan. 6, a Defense Science Board taskforce report calls for $580,000,000 in funding to not only create a US Information Warfare Center, run by an "Information Warfare Czar", but also to support private and public sector R&D to enable "automatically tracing cracker attacks back to their source", and even legally authorized "electronic countermeasures" right out of cyberpunk novels, such as the facility to infect invaders' systems with debilitating computer viruses via an "electronic immune system" detecting crackers and acting to repel and disable them. All gee-wiz aside, such proposals do not bode well for computer security and user privacy. The full text of the NACIC Annual Report to Congress on Foreign Economic Collection and Industrial Espionage is available at: http://www.nacic.gov/cind/econ96.htm NACIC also put out another, related report, for private and public organizations who deal with sensitive information. This article, "Internet: The Fastest Growing Modus Operandi for Unsolicited Collection", is even more alarmist, yet is also intended for a very security-conscious audience with reason to be "extra-careful". The main thrust of this second report is to warn US companies and agencies to be on the lookout for foreigners asking for information via the Net. Among the advice included in the report is: "All requests for information received via the Internet should be viewed with suspicion. Only respond to people who are personally known and only after verifying their identity and address." This seems rather overblown, as written, but appears to be intended as a warning about queries regarding sensitive information only. The introduction to the newsletter containing the report says this will be it's last hardcopy issue, "So, hook up your computer, modem, and browser . . . and we'll see you on the Web!!!" Mixed messages? This second report is available at: http://www.nacic.gov/cind/cindnov.htm#art2 No online copy of the DoD report has been located yet. ------------------------------ Subject: Newsnybbles -------------------- * PTO to Hold Domain Name Trademark & Unfair Competition Hearing According to a brief Administration statement, the US Patent & Trademark office will hold hearings in early 1997 to "address the trademark and unfair competition issues relating to domain names". No date appears to have been set yet. ------------------------------ Subject: Upcoming Events ------------------------ This schedule lists EFF events, and those we feel might be of interest to our members. EFF events (those sponsored by us or featuring an EFF speaker) are marked with a "*" instead of a "-" after the date. Simlarly, government events (such as deadlines for comments on reports or testimony submission, or conferences at which government representatives are speaking) are marked with "!" in place of the "-" ("!?" means a govt. speaker may appear, but we don't know for certain yet.) And likewise, "+" in place of "-" indicates a non-USA event. If it's a foreign EFF event with govt. people, it'll be "*!+" instead of "-". You get the idea. To let us know about an event, please send details to Dennis Derryberry, dennis@eff.org, with a subject line containing "CALENDAR:" followed by the name of the event. The latest version of the full EFF calendar is available from: ftp: ftp.eff.org, /pub/EFF/calendar.eff gopher: gopher.eff.org, 1/EFF, calendar.eff http://www.eff.org/pub/EFF/calendar.eff See also our new Now-Up-to-Date HTML calendar at: http://events.eff.org 1997 Jan. 10 !* Karn v. US Dept. of State appeal hearing, Washington, DC. Please attend! URL: http://www.eff.org/pub/Legal/Karn_Schneier_export/19970108.pressrel ! Deadline for reply comments on FCC FSJB/CC Recommended Decision on universal service reform. URL: http://www.fcc.gov (look for "Recommended Decision") - PHILADELPHIA - CALL FOR PAPERS!! - SIGIR '97 seeks original contributions (i.e. never before published) in the broad field of information storage and retrieval, covering the handling of all types of information, people's behavior in information systems, and theories, models and implementations of information retrieval systems. Subscribe now to SIGIR '97 mailing list by writing to <sigir97@potomac.ncsl.nist.gov> Information on SIGIR '97 will periodically be sent to the mailing list as well as posted at http://www.acm.org/sigir/conferences/sigir97/index.html The conference will be held at the DoubleTree Hotel in Philadelphia, PA, USA, July 27 -- July 31, 1997 Jan. 13 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on Computer Supported Cooperative Work; deadline for paper submissions is January 13, 1997; papers must contain an abstract of not more than 100 words and not exceed 16 pages in length; full formatting instructions are available from http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/ queries: ecscw97-papers@comp.lancs.ac.uk for more information: snail mail: ECSCW'97 Conference Office Computing Department Lancaster University Lancaster LA1 4YR UK URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/ email: ecscw97@comp.lancs.ac.uk Jan. 15- 17 - WASHINGTON, DC - Universal Service '97: Redefining Universal Telecommunications Service for the Emerging Competitive Environment; for more information contact: tel: +1 800 822 MEET +1 202 842 3022 x317 URL: http://brp.com Jan. 16- 17 - ARLINGTON, VA - NCSA International Virus Prevention Conference '97; event will investigate "the continuing, worrisome, costly problem of computer virus attacks, disasters and recovery; Crystal Gateway Marriott (+1 703 271 5212); more information: tel: +1 717 258 1816 email: ivpc97@ncsa.com Jan. 19- 21 - PALM SPRINGS, CA - Upside Technology Summit; "Managing Digital Mania: An Extreme Sport for Technology Executives"; examining effective business models and strategies in the booming world of e-commerce; Al Franken has been invited to give a closing speech; La Quinta Resort & Club, Palm Springs, CA; for more info contact: URL: http://www.upside.com tel: +1 888 33 UPSIDE Jan. 21 *! CDA unconstitutionaly Supreme Court case: government brief due. Jan. 23 ! Deadline for public comments on IITF GII policy overhaul URL: http://www.iitf.nist.gov/electronic_commerce.htm Jan. 23- 25 - CAMBRIDGE, MA The Economics of Digital Information and Intellectual Property Harvard University symposium to broaden and deepen understanding of emerging economic and business models for global publishing and information access and the attendant transformation of international information markets, institutions, and businesses. First Announcement and Call for Papers; Prospective authors should submit short abstracts for review and comment as soon as possible. Acceptances of abstracts and outlines are conditional pending receipt of a satisfactory draft by December 15, 1996. Sponsored by Harvard Law School. email: iip@harvard.edu regular mail: Tim Leshan, Information Infrastructure Project, John F. Kennedy School of Government, 79 John F. Kennedy St., Cambridge, MA 02138 tel: 617-496-1389 fax: 617-495-5776 Jan. 23 ! Deadline for public comments on FCC draft rules exempting ISPs from long distance fees imposed by local telcos URL: http://www.fcc.gov/isp.html Jan. 28- 31 - RSA Cryptography Conference - Computerworld called last year's event the sine qua non event of the crypto community; at various facilities atop Nob Hill in San Francisco, the luminaries of cryptography will gather; Right now, preparations for this conference are underway. There are many exciting ways for corporations and individuals to participate. Read on for information about presenting, exhibiting, or just attending http://www.rsa.com/conf97/ Jan. 31 ! Deadline for public comments on FRB consumer privacy study. URL: http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223 Feb. 3- 4 ! DHHS medical privacy hearing #2, Washington, DC. Contact: +1 202 690 7100 (John Fanning) Email: jfanning@osaspe.dhhs.gov Feb. 10- 11 - Internet Society Symposium on Network and Distributed System Security; for those interested in the practical aspects of network and distributed system security, focusing on actual system design and implementation, rather than theory. Dates, final call for papers, advance program, and registration information will be available at the URL: http://www.isoc.org/conferences/ndss97 Feb. 13 ! Deadline for public comments of DoC encryption export regualations. URL: http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs ! Deadline for reply comments on FCC draft rules exempting ISPs from long distance fees imposed by local telcos URL: http://www.fcc.gov/isp.html Feb. 18- 19 ! DHHS medical privacy hearing #2, Washington, DC. Contact: +1 202 690 7100 (John Fanning) Email: jfanning@osaspe.dhhs.gov Feb. 18- 20 - SAN JOSE, CA - DCI Internet Expo; the world's largest Internet, Web and email conference and exposition; comprehensive program will cover Web-enabled marketing, best practices for e-commerce and application development; San Jose Convention Center; also will be held April 22-24 at McCormick Place in Chicago, IL; email: ExpoReg@dciexpo.com URL: http://www.dciexpo.com Feb. 19 ! Deadline for public comments for DHHS medical privacy hearing. Contact: +1 202 690 7100 (John Fanning) Email: jfanning@osaspe.dhhs.gov Feb. 20 *! CDA unconstitutionaly Supreme Court case: Appellee (ACLU/ALA/ EFF/CIEC) brief due. Feb. 21 ! Deadline for public comments on FCC inquiry into technological hurdles for Net growth URL: http://www.fcc.gov/isp.html Feb. 24- 28 + ANGUILLA, BRITISH WEST INDIES Financial Cryptography '97 - CALL FOR PAPERS; this is a new conference on the security of digital financial transactions. FC97 aims to bring together persons involved in both the financial and data security fields to foster cooperation and exchange of ideas. Send a cover letter and 9 copies of an extended abstract to be received by November 29, 1996 to the Program Chair at the address given below: Rafael Hirschfeld FC97 Program Chair CWI Kruislaan 413 1098 SJ Amsterdam The Netherlands email: ray@cwi.nl phone: +31 20 592 4169 fax: +31 20 592 4199 URL: http://www.cwi.nl/conferences/FC97 Mar. 1- 5 - ACM97: The Next 50 Years of Computing; San Jose Convention Center, March 1-5, 1997; Registration information: URL: http://www.acm.org/acm97 tel: +1 800 342 6626 Mar. 3- 5 - NEW YORK CITY - Consumer Online Services TV; Jupiter Communications conference featuring Steve Case of AOL and Steve Perlman of WebTV; for more information contact: tel: +1 800 488 4345 URL: http://www.jup.com Mar. 7 *! CDA unconstitutionaly Supreme Court case: govt. reply brief due. Mar. 11- 14 * 7th Conference on Computers, Freedom & Privacy (CFP97), San Francisco Airport Hyatt Regency Hotel in Burlingame, CA. The "cyberliberties" mega-event. Speakers will include EFF staff counsel Mike Godwin, and many others. EFF's annual Pioneer Awards ceremony will be held at CFP97. Early registration is advised (registration will probably open in Jan., and reg. info will appear on the CFP site listed below). Email: cfpinfo@cfp.org. URL: http://www.cfp.org Mar. 24 ! Deadline for reply comments on FCC inquiry into technological hurdles for Net growth URL: http://www.fcc.gov/isp.html Apr. 8- 11 - FRACTAL 97: Fractals in the Natural & Applied Sciences 4th International Working Conference; Denver Colorado. Sponsored by IFIP; paper submissions due by Aug. 5, 1996. Contact: Miroslav Novak, +44 181 547 2000 (voice), +44 181 547 7562 or 7419 (fax) Email: novak@kingston.ac.uk Apr. 22- 24 - CHICAGO, IL - DCI Internet Expo; the world's largest Internet, Web and email conference and exposition; comprehensive program will cover Web-enabled marketing, best practices for e-commerce and application development; San Jose Convention Center; also will be held February 18-20 at the San Jose Convention Center; email: ExpoReg@dciexpo.com URL: http://www.dciexpo.com June 2- 4 - American Society for Information Science 1997 Mid-Year Conference; gathering will focus on privacy and security issues online; Scottsdale Arizona; paper submissions due Nov. 1, 1996. Contacts: Gregory B. Newby, Co-Chair GSLIS/UIUC Tel: (217) 244-7365; Email: gbnewby@uiuc.edu Mark H. Needleman, Co chair UCOP Tel: (510) 987-0530; Email: mhn@stubbs.ucop.edu Karla Petersen, Panel Sessions Tel: (312) 508-2657; Email: kpeter1@luc.edu Richard Hill, Executive Director, ASIS Tel: (301) 495-0900; Email: rhill@cni.org URL: http://www.asis.org June 14- 19 + CALGARY, CANADA ED-MEDIA/ED-TELECOM 97--World Conference on Educational Multimedia and Hypermedia and World Conference on Educational Telecommunications are jointly held international conferences, organized by the Association for the Advancement of Computing in Education (AACE). These annual conferences serve as multi- disciplinary forums for the discussion and dissemination of information on the research, development, and applications on all topics related to multimedia/hypermedia and distance education. We invite you to attend ED-MEDIA/ED-TELECOM 97 and submit proposals for papers, panels, roundtables, tutorials, workshops, demonstrations/posters, and SIG discussions. Proposals may be submitted in either hard copy (send 5 copies or fax 1 copy) or in electronic form. Electronic proposals in the form of URL addresses or ASCII files (uncoded) are preferred. Submission Deadline: Oct. 25, 1996; Send to: Program Chairs ED-MEDIA 97/AACE P.O. Box 2966 Charlottesville, VA 22902, USA E-mail: AACE@virginia.edu; Phone: 804-973-3987; Fax: 804-978-7449 URL: http://www.aace.org/conf/edmedia June 19- 20 - WASHINGTON, DC - CyberPayments '97 Conference will investigate issues of online commerce including electronic cash and checks, credit cards, encryption systems and security products; Sheraton Washington Hotel, Washington, DC For more information contact: email: vinceiaboni@msn.com tel: +1 216 464 2618 x228 +1 800 529 7375 July 13- 17 - ACUTA 26th Annual Conference; Atlanta, Georgia. Contact: +1 606 278 3338 (voice) Sep. 7 - 11 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on Computer Supported Cooperative Work; deadline for paper submissions is January 13, 1997; papers must contain an abstract of not more than 100 words and not exceed 16 pages in length; full formatting instructions are available from http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/ queries: ecscw97-papers@comp.lancs.ac.uk for more information: snail mail: ECSCW'97 Conference Office Computing Department Lancaster University Lancaster LA1 4YR UK URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/ email: ecscw97@comp.lancs.ac.uk Sep. 12- 14 SAN DIEGO - Association of Online Professionals Annual Conference; sysop trade association's yearly gathering to discuss issues of relevance to the industry URL: http://www.aop.org/confrnc.html Oct. 28- 31 - EDUCOM '97; Minneapolis-St. Paul, Minnesota. Contact: +1 202 872 4200 (voice) Email: conf@educom.edu Dec. 1 - Computer Security Day (started by Washington DC chapter of the Assoc. for Computing Machinery, to "draw attention to computer security during the holdiay season when it might otherwise become lax." ------------------------------ Subject: Quote of the Day ------------------------- "...The peculiar evil of silencing the expression of an opinion is that it is robbing the human race; posterity as well as the existing generation; those who dissent from the opinion, still more than those who hold it. If the opinion is right, they are deprived of the opportunity of exchanging error for truth: if wrong, they lose, what is almost as great a benefit, the clearer perception and livelier impression of truth, produced by its collision with error...We have now recognized the necessity to the mental well-being of mankind (on which all their other well-being depends) of freedom of opinion, and freedom of the expression of opinion, on four distinct grounds; which we will now briefly recapitulate. "First, if any opinion is compelled to silence, that opinion may, for aught we can certainly know, be true. To deny this is to assume our own infallibility. "Secondly, though the silenced opinion be an error, it may, and very commonly does, contain a portion of truth; and since the general or prevailing opinion on any subject is rarely or never the whole truth, it is only by the collision of adverse opinions that the remainder of the truth has any chance of being supplied. "Thirdly, even if the received opinion be not only true, but the whole truth; unless it is suffered to be, and actually is, vigorously and earnestly contested, it will, by most of those who receive it, be held in the manner of a prejudice, with little comprehension or feeling of its rational grounds. "And not only this, but fourthly, the meaning of the doctrine itself will be in danger of being lost, or enfeebled, and deprived of its vital effect on the character and conduct: the dogma becoming a mere formal profession, inefficacious for good, but encumbering the ground, and preventing the growth of any real and heartfelt conviction, from reason or personal experience." - John Stuart Mill essay, "On Liberty" Find yourself wondering if your privacy and freedom of speech are safe when bills to censor the Internet are swimming about in a sea of of surveillance legislation and anti-terrorism hysteria? Worried that in the rush to make us secure from ourselves that our government representatives may deprive us of our essential civil liberties? Concerned that legislative efforts nominally to "protect children" will actually censor all communications down to only content suitable for the playground? Alarmed by commercial and religious organizations abusing the judicial and legislative processes to stifle satire, dissent and criticism? Join EFF! http://www.eff.org/join (or send any message to info@eff.org). Even if you don't live in the U.S., the anti-Internet hysteria will soon be visiting a legislative body near you. If it hasn't already. ------------------------------ Subject: What YOU Can Do ------------------------ * Keep and eye on your local legislature/parliament All kinds of wacky censorious legislation is turning up at the US state and non-US national levels. Don't let it sneak by you - or by the online activism community. Without locals on the look out, it's very difficult for the Net civil liberties community to keep track of what's happening locally as well as globally. * Inform your corporate government affairs person or staff counsel if you have one. Keep them up to speed on developments you learn of, and let your company's management know if you spot an issue that warrants your company's involvement. * Find out who your congresspersons are Writing letters to, faxing, and phoning your representatives in Congress is one very important strategy of activism, and an essential way of making sure YOUR voice is heard on vital issues. If you are having difficulty determining who your US legislators are, try contacting your local League of Women Voters, who maintain a great deal of legislator information, or consult the free ZIPPER service that matches Zip Codes to Congressional districts with about 85% accuracy at: http://www.stardot.com/~lukeseem/zip.html Computer Currents Interactive has provided Congress contact info, sorted by who voted for and against the Communications Decency Act: http://www.currents.net/congress.html (NB: Some of these folks have, fortunately, been voted out of office.) * Join EFF! You *know* privacy, freedom of speech and ability to make your voice heard in government are important. You have probably participated in our online campaigns and forums. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! For EFF membership info, send queries to membership@eff.org, or send any message to info@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector is published by: The Electronic Frontier Foundation 1550 Bryant St., Suite 725 San Francisco CA 94103 USA +1 415 436 9333 (voice) +1 415 436 9993 (fax) Membership & donations: membership@eff.org Legal services: ssteele@eff.org General EFF, legal, policy or online resources queries: ask@eff.org Editor: Stanton McCandlish, Program Director/Webmaster (mech@eff.org) This newsletter is printed on 100% recycled electrons. Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will. To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserv@eff.org, which will add you to a subscription list for EFFector. Back issues are available at: ftp.eff.org, /pub/EFF/Newsletters/EFFector/ gopher.eff.org, 1/EFF/Newsletters/EFFector http://www.eff.org/pub/EFF/Newsletters/EFFector/ To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get the file "current" from the EFFector directory at the above sites at any time for a copy of the current issue. HTML editions available at: http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ at EFFweb. ------------------------------ End of EFFector Online v10 #01 Digest ************************************* $$