Computer underground Digest Sun Jan 25, 1998 Volume 10 : Issue 06 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.06 (Sun, Jan 25, 1998) File 1--Update on '96 student who "threatened" Calif Senator File 2--Cyber-Liberties Update, January 17, 1998 File 3--Suit Filed in Navy/AOL Privacy Case; Discharge Delayed File 4--AOL Targets Online Habits File 5--AOL/Steve Case response to "Privacy" criticisms File 6--Fwd: Virtual Intellectual Property newsletter File 7--Re: Cu Digest, #10.04 - More on Microsoft File 8--Calif Spam Bill Raises Commercial Speech, Commerce Concerns File 9--press release from CYBERsitter on "suicide sites" File 10--German Parliament Approves Bugging Bill File 11--New Encryption Rules Could Relax Export Criminalization File 12--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 20 Jan 1998 21:55:08 -0700 From: Jose Saavedra Subject: File 1--Update on '96 student who "threatened" Calif Senator Dear Mr. Thomas About 2 years ago in May of 1996, you posted a article about a student from El Paso, TX being arrested for "threatening" a Senator from California. I happen to be that student and let me give you an update of what happened. In September of 1996, the real culprit came forward and said he was that person who said those awful things about Sen. Leslie. He talked to my lawyer at the time and my lawyer said that I took the blame and that person got upset and called me foolish and immature. My charge was reduced down to a Class A Misdemeanor and eventually was dropped. Now I am a very successful student at University of Texas at El Paso majoring in Music Education with a minor in Music Technology. I want to thank you because that article did not say anything bad about me. Sincerely, Jose Saavedra jsaavedr@mail.utep.edu ------------------------------ Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST) From: owner-cyber-liberties@aclu.org Subject: File 2--Cyber-Liberties Update, January 17, 1998 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Navy Officer Discharged After AOL Disclosure of Private Information The Navy announced that it will delay its plans to formally discharge a highly decorated officer from service until January 21 for allegedly violating the militarys "Dont ask, dont tell" policy by listing his marital status as "gay" on an Internet user profile. The announcement came after Senior Chief Petty Officer Timothy R. McVeigh (no relation to the Okla. City bomber) filed suit against Naval investigators Jan. 15 for obtaining confidential information about him illegally from his Internet Service Provider, America Online (AOL). The Electronic Communications Privacy Act, ("ECPA") prohibits online service providers, such as AOL, from releasing subscriber information to the government without a court order stating that the information is pertinent to a criminal investigation or without the consent of the subscriber. No such order or permission was obtained by the Navy in this case. "Neither the military nor AOL appear to have any respect for online privacy rights manifested under federal law. It is sad to learn that the government is violating the rights of the very people who pledge their lives to defend our democratic liberties," ACLU Staff Attorney Ann Beeson said. The discharge hearings against McVeigh began after a Navy civilian received a message from an AOL address and looked up the senders profile. The profile identified the sender as a Navy officer named "Tim" and listed his marital status as "gay." However, the profile did not include the senders full name. The Navy civilian forwarded this information to Naval investigators. During the discharge hearing held against McVeigh last November, a Naval Investigator testified that he spoke with an AOL representative to obtain the full name of the account holder whose user profile was obtained by the civilian. He was given the identification information without a court order as mandated by law. The information from McVeighs AOL profile is the only evidence that was presented by the Navy to show that McVeigh violated the "Dont ask, Dont tell" policy. AOL has denied any wrongdoing. AOL has a privacy policy that states that personally identifiable information will remain strictly confidential unless it receives express permission, an emergency order or court order. The policy states: Because protecting your privacy is very important to America Online...[w]e will NOT disclose any Individual Information except in limited circumstances..." It is our policy not to disclose to third parties Member Identity information that links a Members screen name(s) with a Members actual name, unless required to do so by law or legal process served on AOL Inc. (e.g., subpoena). AOL Inc. reserves the right to make exceptions to this policy in exceptional circumstances (such as a bomb or suicide threat, or instances of suspected illegal activity) on a case-by-case basis and at AOL Inc's sole discretion. AOL Inc. intends to abide by applicable laws governing the disclosure to governmental entities of Members Individual Information and other records. When responding to legal process served on AOL Inc. by non-government entities, unless otherwise ordered, AOL Inc's current policy is to make reasonable efforts to notify affected Member(s) in advance of releasing the information in order to provide Member(s) an opportunity to pursue any available legal protection. "What this case highlights is just how easy it is to obtain and abuse personal information and the need for Congress to enact strong privacy legislation. The public also needs to be aware of how their personal information can be given away without their knowledge or consent," the ACLU said. The ACLU recently launched a campaign called Take Back Your Data to inform the public about data collection and abuses and plans to present the Congress with a model bill to safeguard online privacy this session. Information about McVeighs case can be found online at: ------------------------------ Date: Thu, 15 Jan 1998 15:10:06 -0500 From: Electronic Privacy Info Center Subject: File 3--Suit Filed in Navy/AOL Privacy Case; Discharge Delayed ELECTRONIC PRIVACY INFORMATION CENTER http://www.epic.org P R E S S R E L E A S E For Immediate Release Contact: Thursday, January 15, 1998 David L. Sobel EPIC Legal Counsel (202) 544-9240 SAILOR SUES NAVY FOR ONLINE PRIVACY VIOLATION; GOVERNMENT AGREES TO DELAY PENDING DISCHARGE Washington, DC -- A highly decorated Navy Senior Chief Petty Officer today filed suit challenging a pending discharge based upon information the Navy illegally obtained from America Online. The lawsuit, filed in U.S. District Court in Washington, charges that Naval investigators violated the federal Electronic Communications Privacy Act (ECPA) when they requested and received confidential subscriber information from AOL, the nation's largest online service. In response to the lawsuit, Government attorneys have agreed to delay the pending discharge until next Wednesday, January 21, to allow time for judicial consideration of McVeigh's claims. Navy officials had ordered the discharge of the sailor, Timothy R. McVeigh (no relation to the convicted Oklahoma City bomber), effective tomorrow morning (Eastern time) on the ground that McVeigh violated the military's "Don't Ask, Don't Tell" policy on homosexuality. The Navy's proposed action is based entirely upon information obtained from AOL linking the sailor to a "screen name" on the system in which the user's marital status was listed as "gay." The information was received from AOL in clear violation of ECPA, which prohibits the government from obtaining "information pertaining to a subscriber" without a court order or subpoena. In addition to the privacy protections contained in ECPA, AOL's contractual "Terms of Service" prohibit the company from disclosing such information to *any* third party "unless required to do so by law or legal process." According to EPIC Legal Counsel David L. Sobel, McVeigh's lawsuit is the first case to challenge governmental access to sensitive subscriber information maintained by an online service. "This case is an important test of federal privacy law," Sobel said. "It will determine whether government agents can violate the law with impunity, or whether they will be held accountable for illegal conduct in cyberspace." He noted that the incident also raises serious questions concerning the adequacy of contractual privacy protections like those contained in the AOL subscriber agreement. In a letter sent to Navy Secretary John Dalton yesterday, the Electronic Privacy Information Center urged a postponement of McVeigh's discharge pending an investigation of the Navy's conduct. EPIC noted that, "Any other result would make a mockery of federal privacy law and subject the American people to intrusive and unlawful governmental surveillance." Senior Chief McVeigh is being represented by the Washington law firm of Proskauer Rose LLP. ------------------------------ Date: Fri, 16 Jan 1998 13:19:31 -0800 (PST) From: "Brock N. Meeks" Subject: File 4--AOL Targets Online Habits Source - fight-censorship@vorlon.mit.edu In light of the flap over the sailor's name being released by AOL to Naval investigators, the following story may be of interest, as well: AOL Targets Online Habits for Profit by Brock N. Meeks MSNBC WASHINGTON-America Online plans to target its subscribers with advertisements based on the areas they visit while connected to the system, MSNBC has learned. The move is a dramatic shift away from how AOL has traditionally used so-called "navigational" data that the company routinely collects on its subscribers. Previously, navigational data has only been used for system enhancements; now it becomes a powerful marketing tool. [snip] According to the memo obtained by MSNBC, key changes include a new marketing scheme called "personalization," and a time limit for marketing preferences to be maintained by AOL. The "personalization" preference "refers to targeting and promoting offers to Members based on the areas they visit online," according to the memo. As an example, AOL says that if someone checks up on a particular sports team every day, "he could be shown a special sports promotion or receive an offer to buy an NFL jersey determined by his past usage of the sports area." Users will have the ability to not be targeted, based on their online usage, the memo says. [snip] The targeted ad campaign is troublesome for David Banisar, a policy analyst for the Electronic Information Privacy Center in Washington, D.C. "What's now happening is that we're seeing a rather substantive increase in the collection of personal information about individuals that's then going to be used to target them for what ever purposes," Banisar said. "AOL has a fairly bad record going back several years now of not even being able to adequately control the data they collect." The full story can be found at: http://www.msnbc.com/news/136984.asp ------------------------------ Date: Sun, 25 Jan 1998 13:34:09 -0600 From: jthomas@VENUS.SOCI.NIU.EDU(Jim Thomas) Subject: File 5--AOL/Steve Case response to "Privacy" criticisms Dear Members, For more than a decade, we have been working hard to build an interactive medium we can all be proud of. We have always recognized that privacy was an absolutely central building block for this medium, so from day one we've taken steps to build a secure environment that our members can trust. We handle over one million calls each week in our customer service centers, and we protect the privacy of our members with great care and with stringent rules. Our member services representatives understand the importance of not disclosing any account information to anyone who is not the verified account holder. The verification process is sophisticated, and our policies are effective, clear and well communicated to all of our employees. So it is with regret that we recently learned about an incident that compromised the privacy of one of our members, a Navy sailor. A member services representative received a call from somebody who later turned out to be a Navy investigator but called himself a friend of the member. The caller asked us to confirm that a screen name that was on something he had received was the AOL member's. Our employee should have refused to do this. Unfortunately, he did confirm the member's identity to the caller. As we've said publicly, this should not have happened, and we deeply regret it. After a thorough review, we've confirmed this was a matter of human error. Our representative understood our privacy policies and procedures, but made a mistake -- a mistake for which we take complete responsibility. In light of this incident, we are taking additional steps to protect the privacy of our members. First, we are reinforcing the existing policies and procedures with additional employee training, including the use of case studies to highlight unusual facts and circumstances that member services representatives should know how to respond to. Second, we'll test our employees on their understanding of these policies and procedures. Third, we have communicated to our member services representatives the importance of not "confirming" a member's personal account information, even to that member's friends and family. Fourth, all representatives will be required to acknowledge in writing that they understand AOL's privacy policies on a regular basis. Finally, we will do everything possible to ensure that government agencies follow the law in seeking information about our members. AOL's commitment to protecting the privacy of our members is stronger than ever. We will keep working to make AOL a service you can rely on, and this medium something we can, indeed, all be proud of. Regards, Steve Case ------------------------------ Date: 01/10 4:14 AM From: Charles C. Mann, ccm@crocker.com Subject: File 6--Fwd: Virtual Intellectual Property newsletter This is part of a posting to the cni-copyright list. It has enough distressing implications that I thought you might be interested. Charles C. Mann <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< V.I.P. (Virtual Intellectual Property) Newsletter U.S. Intellectual Property & New Media Law Update Monday, December 29, 1997 Volume I, Issue XXXIII Bazerman & Drangel, P.C. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< (C) Bazerman & Drangel, P.C. 1997 ********************************************* ********************************************* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NEW YORK'S LIBRARY PRIVILEGE - FREEDOM OF INFORMATION ACT AND EMPLOYEES' INTERNET USE Quad/Graphics Inc. v. Southern Adirondack Library System (N.Y. Sup. Ct. - Decided- September 30, 1997) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a rather interesting case of first impression. Petitioner is a major national commercial printing house headquartered in Wisconsin. It has a thousand employees and uses computers extensively in its business. High long distance bills led Petitioner to suspect that its computers were being misused. Defendant, Southern Adirondack Library Systems, is a cooperative system consisting of 30 member libraries located in four upstate New York counties which, among other things operates an electronic information service known as "Library Without Walls." ("LWW") Once one obtains a valid library card and a personal identification number, access is free for 30 minute periods. Petitioner's employees are prohibited from using company computers for personal purposes. Although these computers do not normally have the capability of directly accessing outside lines, a knowledgeable user can do so through a network connection with the company's mainframe computer. Internet access for personal use from April 1995 to December 1996 cost Petitioner over $23,000 in long distance telephone charges and some 1,770 employee man hours. Petitioner feels a little put upon and, accordingly, desired to sue its web-searching employees but couldn't figure out who they were. Petitioner has been able to decipher nine 13 digit identification numbers which were used to access the LWW from its computer system. In an effort to learn the identities behind the nine identification numbers, it made a New York Freedom Of Information request to the Library. Since the library system is a quasi-municipal agency, Petitioner argues that it is bound by the Freedom Of Information law. This was rejected by the library, which considered such information as confidential and not to be voluntarily disclosed. Plaintiff petitioned to compel pre-litigation disclosure of the names of certain of the employees using the located numbers. The Library, maintained that under New York Civil Procedure Law and Rules Sec. 4509 the identities are required to be kept confidential, since they are library records which contain names of personal identity, and details regarding the users of a library. The Court found that this New York State statute provided protection against the requested disclosure, noting that "for the application to be granted, the door would be open to other similar requests made, for example, by a parent who wishes to learn what a child is reading or viewing on the Internet via LWW or by a spouse to learn what type of information his or her mate is reviewing in the public library." The decision may be seen at: http://www.lcp.com/products/NY/slipops/pay/misc/F9757370.htm VIP is put out by: Bazerman & Drangel, P.C. Intellectual Property and New Media Attorneys 60 East 42nd Street Suite 1158 New York, NY 10165 tel: 212 292 5390 fax: 212 292 5391 e-mail: bdpc@ipcounselors.com The complete set of newsletters can now be viewed at: http://www.ipcounselors.com/ To subscribe, send a message to bdpc@ipcounselors.com with "subscribe update" in the body of the message. ------------------------------ Date: Wed, 21 Jan 1998 14:22:32 -0700 From: Doc Holliday Subject: File 7--Re: Cu Digest, #10.04 - More on Microsoft >begs an obvious question: Do the Ends justify the Means? > >Sure, Microsoft has definately made some major contributions to the >computing industry, albiet it can be argued that those contributions are >wholly self-serving in the end. But despite this, there are numerous >documented incidents where Microsoft overstepped its bounds and gained a >competitve advantage in an unethical and possibly illegal fashion. Yes, >we're all fully aware that Microsoft didn't create the trend, but we're >also not going to go jumping off bridges because everyone else is doing it >too. Yes, Microsoft was not the first to use unethical and, possibly, illegal means to advances its interests. However, that doesn't mean it is acceptable. Prior to WWII German signed a pact referred to as the London Submarine Pact of 1936. The pact said, basically, the signatories would not sink merchant ships until the crew and the ships papers were in a safe place. The United States signed this pact, too. During their trial by the International Military Tribunal in Nuremburg, Admirals Raeder and Doenitz asked for statements of US Policy on sinking Japanese merchant traffic in the Pacific. Adm. Nimitz said that, essentially, he did not comply with the London Submarine Pact of 1936. Defendants Doenitz and Raeder attempted to use this admission as a "tu quoque" defense to the allegations German U-Boats sank allied merchant traffic in the Atlantic without warning. "tu quoque" essentially is an assertion by one party that they are not guilty of anything, if the accusing party or others have done the same thing without being prosecuted. The International Military Tribunal did not accept the admirals "tu quoque" defense. Raeder was sentenced to life in prison and Doenitz to 10 years in prison. I doubt a "tu quoque" defense presented by Microsoft would be any more favorably received than was Raeder and Doenitz's. ------------------------------ Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST) From: owner-cyber-liberties@aclu.org Subject: File 8--Calif Spam Bill Raises Commercial Speech, Commerce Concerns Source - Cyber-Liberties Update, January 17, 1998 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ California Spam Bill Raises Commercial Speech, Commerce Concerns Unsolicited e-mail advertisement, or "spam," has few fans on the net. Court battles have been waged between service providers, such as AOL and Compuserve, and spam advertisers, including Cyber Promotions, over whether the thousands of messages sent to user e-mails can be blocked. During the last session of the Congress several bills to ban or prohibit "spamming" were introduced, but many were fraught with First Amendment problems because they ban commercial speech altogether or are content specific. Now, many states have entered the debate, raising even more constitutional concerns over potential commerce clause violations. California Assemblyman Gary Miller recently introduced a state anti-spam bill (AB 1629) similar to the "Netizen Protection Act," introduced last year in Congress by Rep. Christopher Smith. The bill would prohibit businesses from sending unsolicited commercial e-mail to California residents unless that person has a preexisting business or personal relationship with the recipient, or the recipient has provided express consent to the sender. The bill would also authorize the recipient of unwanted mail received in violation of the statute to bring suit against the sender to enjoin future solicitations and to recover damages and attorneys fees. "This bill may face serious constitutional obstacles given last years decision in ALA v. Pataki, which held that state control or regulation of Internet communications violates the Commerce Clause of the Constitution," said Cassidy Sehgal, ACLU William J. Brennan First Amendment Fellow. "Moreover, commercial speech is entitled to full First Amendment protection and it is unclear that the bill may place an outright ban on commercial messages." In the decision in ALA v. Pataki, which involved a challenge by the ACLU to a New York Internet decency law, federal district Judge Loretta Preska declared that states are prohibited from regulating an interstate communication which merely passes through their borders. Judge Preska warned of the extreme danger that state regulation would pose to the Internet, rejecting the state's argument that the statute would even be effective in preventing so-called "indecency" from reaching minors. Hence, state spam bills will probably not withstand constitutional challenges. The decision in ALA v. Pataki is available at Traditionally, commercial speech restrictions on telemarketing calls and unsolicited fax advertisements have passed First Amendment challenges but direct mail and door-to-door solicitations enjoy much greater protection. Given the Supreme Court decision in ACLU v. Reno, on-line messages should receive the same First Amendment protection given traditional print media, which includes commercial mailings. Thus, while netizens may laud efforts to curb spam, it is unclear whether unsolicited commercial e-mail bills can pass constitutional muster. ------------------------------ Date: Wed, 14 Jan 1998 11:53:31 -0600 (CST) From: Bennett Haselton Subject: File 9--press release from CYBERsitter on "suicide sites" Source -- fight-censorship@vorlon.mit.edu On Sunday, a California teenager killed himself by throwing himself in front of a train. A reporter called me about it and my exact words were, I swear, "In the next couple of days there will probably be a press release from one of the blocking software companies talking about how their program could have prevented this." Solid Oak Software's press release from this morning is below. The exact same thing happened with the Heaven's Gate cult -- Solid Oak Software sent out the same kind of press release, but Declan confirmed that CYBERsitter had not been blocking the Heaven's Gate site before the suicides took place. The suicide FAQ is at: http://www.duke.edu/~economak/suicide.html -Bennett > > SANTA BARBARA, Calif.--(BUSINESS WIRE)--Jan. 14, 1998--CYBERsitter, the >leading Internet filter from Solid Oak Software Inc., blocks Internet sites >providing information on methods of committing suicide. > In light of a recent tragedy involving a teenager's suicide, it is >increasingly important that parents monitor their children's Internet >activity, said Marc Kanter of >Solid Oak Software. A California teenager was found possessing 20 pages of >information on "How to Commit Suicide" that was reportedly retrieved from the >Internet. > Access to any information, whether appropriate for children or not, is >a mouse-click away without filtering software installed on the home computer. > CYBERsitter works by monitoring Internet activity and restricting >access to adult-oriented material and sites not suitable for children. The >fact that CYBERsitter >can maintain a history of all Internet activity for later review especially >provides parents the peace of mind that their children aren't accessing >these sites in the first >place. > This feature has placed CYBERsitter as the filter of choice among >parents, since the leading competition does not offer this option. > CYBERsitter is best known for blocking access to the pornography found >online. The other categories that CYBERsitter filters are also as >important, such as >advocating illegal/radical activities and advocating hate/intolerance. > Parents must take an active role in their children's computer activity >when it involves the Internet. Just as children need to be overseen in >daily life, the same holds >true on the Internet. With a few simple precautions, the use of filtering >software and general good parenting, the Internet can be a safe and >educational environment. > Free trial versions of CYBERsitter are available for download from >Solid Oak Software's Web site at www.cybersitter.com . > CYBERsitter sells for $39.95, offers free filter file updates and is >available directly from Solid Oak Software's Web site. It can be ordered by >calling >800/388-2761 or 805/884-8201. A network version, site licenses and >educational discounts are available. >=============================================== >Brian S. McWilliams >News Radio editor, PC World Online >http://www.pcworld.com/newsradio >Voice: (603) 868-2949 Sound Off! (415) 267-4544 ------------------------------ Date: Fri, 16 Jan 1998 09:56:24 -0800 From: "(--Todd Lappin-->)" Subject: File 10--German Parliament Approves Bugging Bill Source - fight-censorship@vorlon.mit.edu Friday January 16 11:55 AM EST German Parliament Approves Bugging Bill By Mark John BONN (Reuters) - The German parliament Friday narrowly passed a controversial bill allowing police to bug suspected criminals for the first time in post-World War Two Germany, despite protests from civil liberty groups. The vote followed approval by parliament's legal committee this week of a compromise between Chancellor Helmut Kohl's government and the opposition Social Democrats (SPD) to restore eavesdropping powers banned since the Nazi era. In a much tighter vote than expected, the Bundestag, parliament's lower house, passed the measure by 452 votes to 184, thus securing by four votes the two-thirds majority needed for laws which require amendments to the German constitution. Interior Minister Manfred Kanther played down suggestions the bill amounted to a watering down of the strong guarantees of civil liberties and privacy that West Germany set up in reaction to the abuses of Hitler's Gestapo secret police. "This is not a key issue for a constitutional state. It is a measure that will only be used rarely to combat crime," Kanther told parliament. But Manfred Such, a deputy for the environmentalist Greens who opposed the bill, said it was a "black Friday" for Germany's constitution. The bill, if approved by the upper house of parliament, will allow police to eavesdrop over an extended period of time on private homes using high-tech surveillance devices such as directional microphones linked to transmitters. Electronic surveillance is currently only allowed in Germany if there is an overwhelming suspicion that a crime is on the verge of being committed. Police say they need the powers to fight a surge in organized crime, but lawyers, journalists and doctors have condemned the bill, saying it will violate the confidentiality between them and their clients or contacts. "This is a dismal event for the constitution," said human rights group Humanistiche Union in a statement. "We demand that the regional state governments...do their duty to defend the constitution and deny this legal contraption the two-thirds majority it needs in the Bundesrat (upper house of parliament)," it added. Opposition from civil liberties and church groups to the bill led earlier this week to parliament's legal committee exempting church confessionals from surveillance. At least one regional state, Rhineland-Palatinate, has said it is considering opposing the bill when it moves to the upper house unless conversations between criminal suspects and doctors, journalists or lawyers are also exempted. A defeat in the Bundesrat would then send the bill to a mediation committee for amendment. ------------------------------ Date: Sat, 17 Jan 1998 20:26:30 -0500 (EST) From: owner-cyber-liberties@aclu.org Subject: File 11--New Encryption Rules Could Relax Export Criminalization Source - Cyber-Liberties Update, January 17, 1998 New Encryption Rules Could Relax Clinton Administration Export Criminalization The Bureau of Export Administration published a notice of rulemaking this week on encryption export that may relax the current Clinton Administration restrictions which criminalize export of programs from the United States. The "Implementation of the Wassenaar Arrangement List of Dual-Use Items: Revisions to the Commerce Control List and Reporting Under the Wassenaar Arrangement," was published in the January 15 Federal Register. Comments on this rule must be received on or before February 17, 1998. Representatives of thirty-three countries gave final approval July 12-13, 1996 in Vienna, Austria to establish the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. The thirty-three countries agreed to control all items in the List of Dual-Use Goods and Technologies with the objective of preventing unauthorized transfers. They further agreed on a target date of November 1, 1996, for implementation of the Wassenaar Lists. The purpose of this interim rule is to make the changes to the current U.S. commerce controls that are necessary to implement the Wassenaar List. However, the interim rule imposes new reporting requirements on persons that export certain items controlled under the Wassenaar Arrangement to non-member countries. Encryption programs scramble information so that it can only be read with a "key" -- a code the recipient uses to unlock the scrambled electronic data. Currently, there are no laws that prohibit using as strong encryption as possible inside the United States. But, unless keys are made available to the government, the Clinton Administration bans export of encryption equipment and software, treating the products as "munitions." The ACLU, Electronic Privacy Information Center (EPIC) and Electronic Frontier Foundation (EFF) will be participating in this process and we will update you in the coming weeks. The text of the rules are available online at: ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 12--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.06 ************************************