Date: Sat, 13 Feb 93 21:32:29 PST Reply-To: Return-Path: Message-ID: Mime-Version: 1.0 Content-Type: text/plain From: surfpunk@osc.versant.com (gnxr na beqvanel ivehf naq jenc vg) To: surfpunk@osc.versant.com (SURFPUNK Technical Journal) Subject: [surfpunk-0056] CRYPT: Ban scanners; US Info Policy; Viral encryption | "Fuck raves ... I hate raves ..." | -- sf embarcadero skateboarder, 2325 12feb93 | [les enfants sauvages dans la TAZ] Here's three different topics from cypherpunks; the first one includes an action item. Back around 1986 the FCC broke its longstanding "third party" policy, which was that anyone can listen to any transmissions they can receive in their own air, but they cannot forward the reception to any third party. Around 1986 it became illegal to listen to certain frequences. And guess what people did with the list of frequencies they weren't allowed to listen to? Below you can read Congress's next attempt to ensure your privacy on cellular phones. --strick -- [gnu] FCC Proposed Ruling on Scanners That Receive Cellphone Transmissions -- [gnu] Re: Technology Policy and Information Infrastructure -- [gnu] Re: Technology Policy and Information Infrastructure -- [gnu] Re: Technology Policy and Information Infrastructure -- [Murdering Thug] Re: Viral encryption _______________________________________________________________________ ________________________________________________________________________ From: gnu@toad.com (John Gilmore) To: cypherpunks@toad.com, gnu@toad.com Subject: FCC Proposed Ruling on Scanners That Receive Cellphone Transmissions Date: Sat, 13 Feb 93 03:02:21 -0800 Please at least write a one-page letter in response to this proposed ruling. The idiots in Congress decided that banning radios was preferable to allowing (or requiring) decent encryption in cellular phones. Now the FCC is making rules to implement the Congressional ban. They should hear from us, loud and clear, that this is completely backwards and wrong. Your letter should reference Docket Number 93-1 and should clearly state the subject on which you are commenting. *Then* comment... John ------- Forwarded Message Message-Id: <199302111305.AA17580@eff.org> Date: Thu, 11 Feb 1993 08:10:14 -0500 To: gnu@toad.com (John Gilmore), barlow@eff.org, jberman@eff.org, mkapor@eff.org, blau@eff.org, farber@central.cis.upenn.edu From: Daniel J. Weitzner Subject: FCC Proposed Ruling on Scanners That Receive Cellphone Transmissions The file attached here was received today and is too long for inclusion in a regular issue of the Digest. It is submitted for your comments and consideration. You might want to send your comments to the FCC as well. PAT From: raisch@ora.com (Rob Raisch) Subject: FCC Proposed Ruling on Scanners That Receive Cellphone Transmissions Organization: O'Reilly & Associates, Inc. Date: Thu, 11 Feb 1993 05:10:24 GMT 47 CFR Parts 2 and 15 [ET Docket No. 93-1; FCC 93-1] Radio Scanners That Receive Cellular Telephone Transmissions AGENCY: Federal Communications Commission. ACTION: Proposed rule. SUMMARY: This Notice of Proposed Rule Making proposes to deny equipment authorization to radio scanners capable of receiving transmissions in the Domestic Public Cellular Radio Telecommunications Service. This action is taken in response to the Telephone Disclosure and Dispute Resolution Act (Pub. L. 102-556). The intended effect of this action is to help ensure the privacy of cellular telephone conversations. DATES: Comments must be submitted on or before February 22, 1993, and reply comments on or before March 8, 1993. ADDRESSES: Federal Communications Commission, 1919 M Street, NW., Washington, DC 20554. FOR FURTHER INFORMATION CONTACT: David Wilson, Office of Engineering and Technology, (202) 653-8138. SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Notice of Proposed Rule Making in ET Docket No. 93-1, FCC 93- 1, adopted January 4, 1993, and released January 13, 1993. The full text of this decision is available for inspection and copying during normal business hours in the FCC Dockets Branch (room 230), 1919 M Street, NW., Washington, DC. The complete text of this decision also may be purchased from the Commission's duplicating contractor, Downtown Copy Center, at (202) 659-8657 or 1990 M Street, NW., suite 640, Washington, DC 20036. Paperwork Reduction The following collection of information contained in this proposed rule has been submitted to the Office of Management and Budget for review under section 3504(h) of the Paperwork Reduction Act (44 U.S.C. 3504(h)). Copies of this submission may be purchased from the Commission's duplicating contractor, Downtown Copy Center, at (202) 659-8657 or 1990 M Street, NW., suite 640, Washington, DC 20036. Persons wishing to comment on this collection of information should direct their comments to Mr. Jonas Neihardt, Office of Management and Budget, room 3235 NEOB, Washington, DC 20554, (202) 395-4814. A copy of any comments filed with the Office of Management and Budget should also be sent to the following address at the Federal Communications Commission: Federal Communications Commission, Office of the Managing Director, Paperwork Reduction Project, Washington, DC 20554. For further information contact Ms. Judy Boley, (202) 632-7513. OMB Number: None. Title: Scanning Receiver Compliance Exhibit. Respondents: Businesses or other for profit, small businesses/organizations Action: New collection. Frequency of Response: On occasion reporting. Estimated Annual Burden: Number of respondents: 40. Annual hours per respondent: 0.25. Total annual burden: 10. Needs and Uses: An exhibit accompanying a Form 731 Application for Equipment Authorization will determine compliance of applicants requesting authorization to market scanning receivers and frequency converters with Congressionally mandated regulations. The regulations prohibit the marketing of radio scanners capable of intercepting, or being modified to intercept, cellular telephone conversations. Summary of the Notice of Proposed Rule Making: 1. By this action, the Commission proposes to amend 47 CFR parts 2 and 15 to prohibit the manufacture or importation of radio scanners capable of receiving frequencies allocated to the Domestic Public Cellular Radio Telecommunications Service. This action is in response to the Telephone Disclosure and Dispute Resolution Act (Act), Pub. L. 102-556. 2. The Domestic Public Cellular Radio Telecommunications Service ("Cellular Radio Service") provides telephone service to mobile customers. Cellular telephones use frequencies in the bands 824-849 MHz and 869-894 MHz to connect their users to other cellular system users and to the Public Switched Telephone Network. 3. As defined in 47 CFR part 15 scanning receivers, or "scanners," are radio receivers that automatically switch between four or more frequencies anywhere within the 30-960 MHz band. In order to control their potential to cause harmful interference to authorized radio communications, the rules require that scanners receive an equipment authorization (certification) from the Commission prior to marketing. 4. In the past five years, 22 different models of scanning receivers capable of receiving cellular telephone transmissions have been issued grants of equipment authorization. During this same period, ten other models capable of tuning frequencies between 806 and 900 MHz except for the cellular bands have also been authorized. Several publications currently on the market describe relatively simple modifications that users can make to many of the latter scanning receivers to enable that equipment to receive cellular telephone transmissions. 5. The Telephone Disclosure and Dispute Resolution Act requires that the Commission, by April 26, 1993, prescribe and make effective regulations denying equipment authorization for any scanning receiver capable of: Receiving transmissions in the frequencies allocated to the domestic cellular radio service, Readily being altered by the user to receive transmissions in such frequencies, or Being equipped with decoders that convert digital cellular transmissions to analog voice audio. The Act also stipulates that, beginning one year after the effective date of the regulations adopted to satisfy the above requirements, no receiver having the above capabilities shall be manufactured in the United States or imported for use in the United States. 6. In accordance with the Act, we are proposing to deny equipment authorization to scanning receivers that tune frequencies used by cellular telephones. We are also proposing to require applicants for the authorization of scanning receivers to include in their applications a statement declaring that their receivers cannot be tuned to receive cellular telephone transmissions. 7. Also in accordance with the Act, we are proposing to require that scanning receivers be incapable of being readily altered by the user to operate within the cellular bands. To assist us in determining whether a scanner complies with this requirement, we propose to require applicants for scanning receiver equipment authorization to include in their applications a statement pledging that their receivers cannot be readily altered to receive cellular telephone transmissions. We also propose to prohibit the authorization of any scanning receiver for which cellular coverage can be readily restored by the user. We solicit comment on this proposed reporting requirement and on the definition of "readily altered." We also seek comment on whether additional information, such as why the receiver cannot be readily altered, should be required. 8. In further compliance with the Act, we propose to deny equipment authorization to any scanning receiver that can be equipped with decoders that convert digital cellular transmissions to analog voice audio. We invite comment on the potential impact of this requirement on existing models of scanning receivers. 9. There currently are a number of frequency converters on the market that can be used in conjunction with scanners that receive frequencies below 800 MHz to enable the reception of cellular telephone transmissions. We are proposing to deny equipment authorization to converters that tune, or can be readily altered by the user to tune, cellular telephone frequencies. We will require that applicants for FCC equipment authorization of frequency converters used with scanners include in their applications a statement pledging that the converters cannot be easily altered to enable a scanner to receive cellular transmissions. We seek comment on whether this statement should also include evidence indicating why the converter cannot be easily modified. 10. The Initial Regulatory Flexibility Analysis is contained in the text of the Notice. 11. Comment Dates Pursuant to applicable procedures set forth in 47 CFR 1.415 and 1.419, interested parties may file comments on or before February 22, 1993, and reply comments on or before March 8, 1993. In order to comply with the requirement of the Telephone Disclosure and Dispute Resolution Act that FCC rules be promulgated within 180 days of enactment, we will proceed with this Notice without furnishing a prior text as provided by Article 607 of the United States-Canada Free-Trade Implementation Act of 1988 (Pub. L. 100-499, 102 Stat. 1851). To do so would frustrate achievement of a legitimate domestic objective. In addition, the Commission is not likely to be able to accommodate requests for extension of the comment periods. To file formally in this proceeding, you must file an original and five copies of all comments, reply comments, and supporting comments. If you want each Commissioner to receive a copy of your comments, you must file an original plus nine copies. You should send comments and reply comments to Office of the Secretary, Federal Communications Commission, Washington, DC 20554. Comments and reply comments will be available for public inspection during normal business hours in the Dockets Reference Room of the Federal Communications Commission, 1919 M Street, NW., Washington, DC 20554. 12. Ex-Parte Rules-Non-Restricted Proceeding This is a non-restricted notice and comment rule making proceeding. Ex parte presentations are permitted, except during the Sunshine Agenda period, provided they are disclosed as provided in Commission rules. See generally 47 CFR 1.1202, 1.1203 and 1.1206(a). 13. For further information on this proceeding contact David Wilson, Technical Standards Branch, Office of Engineering and Technology, 202-653-8138. List of Subjects in 47 CFR Parts 2 and 15: Communications equipment, Wiretapping and electronic surveillance. Federal Communications Commission. Donna R. Searcy, Secretary. Parts 2 and 15 of title 47 of the Code of Federal Regulations are proposed to be amended as follows: PART 2-FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL RULES AND REGULATIONS 1. The authority citation for part 2 continues to read as follows: Authority: Secs. 4, 302, 303 and 307 of the Communications Act of 1934, as amended, 47 U.S.C. 154, 154(i), 302, 303, 303(r) and 307. 2. Section 2.975 is amended by adding a new paragraph (a)(8) to read as follows: 2.975 Application for notification. (a) * * * (8) Applications for the notification of receivers contained in frequency converters used with scanning receivers shall be accompanied by an exhibit indicating compliance with the provisions of 15.121 of this chapter. * * * * * 3. Section 2.1033 is amended by adding a new paragraph (b)(12) to read as follows: 2.1033 Application for certification. * * * * * (b) * * * (12) Applications for the certification of scanning receivers under part 15 shall be accompanied by an exhibit indicating compliance with the provisions of 15.122 of this chapter. * * * * * PART 15-RADIO FREQUENCY DEVICES 1. The authority citation for part 15 continues to read as follows: Authority: Secs. 4, 302, 303 and 307 of the Communications Act of 1934, as amended, 47 U.S.C. 154, 302, 303 and 307. 2. Section 15.37 is amended by adding a last sentence to paragraph (b), and adding a new paragraph (f), to read as follows: 15.37 Transition provisions for compliance with the rules. * * * * * (b) * * * In addition, receivers are subject to the provisions in paragraph (f) of this section. * * * * * (f) The manufacture or importation of scanning receivers, and frequency converters used with scanning receivers, that do not comply with the provisions of 15.121 shall cease on or before April 26, 1994. Effective April 26, 1993, the Commission will not accept applications for equipment authorization for receivers that do not comply with the provisions of 15.121. This paragraph does not prohibit the sale or use of authorized receivers manufactured in the United States, or imported into the United States, prior to April 26, 1994. 3. Section 15.121 is added to read as follows: 15.121 Scanning receivers and frequency converters used with scanning receivers. Scanning receivers, and frequency converters used with scanning receivers, must be incapable of operating (tuning), or readily being altered by the user to operate, within the frequency bands allocated to the Domestic Public Cellular Radio Telecommunications Service. Receivers capable of "readily being altered by the user" include, but are not limited to, those for which the ability to receive transmissions in the restricted bands can be added by clipping the leads of, or installing, a diode, resistor and/or jumper wire; or replacing a plug-in semiconductor chip. Scanning receivers, and frequency converters used with scanning receivers, must also be incapable of converting digital cellular transmissions to analog voice audio. ------- End of Forwarded Message ________________________________________________________________________ From: gnu@toad.com (John Gilmore) To: cypherpunks@toad.com Subject: ["Vinton G. Cerf": Technology Policy and Information Infrastructure] Date: Sat, 13 Feb 93 02:07:03 -0800 I sent him some sound bites about Internet policy and about crypto policy. I'll send them to Cypherpunks too. John ------- Forwarded Message To: trustees:;@isoc.org, isoc-interest@sgi.com, ietf@CNRI.Reston.VA.US, iab@isi.edu, iesg@CNRI.Reston.VA.US, Members:;@isoc.org Subject: Technology Policy and Information Infrastructure Date: Wed, 10 Feb 93 08:25:06 -0500 From: "Vinton G. Cerf" Message-Id: <9302100825.aa02728@IETF.CNRI.Reston.VA.US> Dear Internauts and friends, I have been invited to testify before the US House Subcommittee on Technology on the subject of technology policy and information intrastructure. To prepare my testimony, it would be helpful to have SHORT (please!) comments, suggestions, "bullets" as input, so that Internet Society ideas and considerations can be represented (or, at the least, offer some national and international perspective on a matter of global importance). If you want to send something on this point, please send it ONLY to: vcerf@cnri.reston.va.us. DO NOT SEND IT TO THE ENTIRE LIST OF ADDRESSEES (or they will do something terrible to me). Many thanks for letting me disturb your busy mailboxes, and thanks in advance for your ideas. Vint p.s. I need any inputs by end of February ------- End of Forwarded Message ________________________________________________________________________ To: "Vinton G. Cerf" , gnu@toad.com Subject: Re: Technology Policy and Information Infrastructure Date: Sat, 13 Feb 93 01:43:31 -0800 From: gnu@toad.com Sound bites for Congress re technology policy and information infrastructure: * Government investment invariably brings government control, which is harmful to the development of a communications medium in a free and open society. * The Government seized control of telegraphy, radio, and television early in their development, and they have never had full First Amendment protection. * Private, interactive electronic media involve Fourth and Fifth Amendment issues as well. * The Executive Branch is already advocating broad wiretapping, and banning of privacy technologies, and they don't even own the network. If the government owned the network, there'd be no stopping them. * The risk of moving society into media where individual rights are regularly abridged is too great. Economics is pushing us into individual electronic communication, regardless. * If Congress truly believes in the Bill of Rights, it should get the hell out of the networking business and stay out of it. John Gilmore (not speaking for) Electronic Frontier Foundation (but ask EFF if they want to say something like this...) ________________________________________________________________________ To: "Vinton G. Cerf" Subject: Re: Technology Policy and Information Infrastructure Date: Sat, 13 Feb 93 01:52:35 -0800 From: gnu@toad.com Vint, if your testimony will touch on "technology policy" as it relates to cryptograpy policy, then here are a few more "sound bits": * Privacy and authenticity technologies are key to reliable and trustworthy social and business interactions over networks. * Current government policies actively prohibit and inhibit the research, design, manufacturing, sale, and use of these technologies. * Taxpayers have been investing many billions of dollars per year in these technologies, in the NSA "black budget", but have seen no return on this investment. * Current "cold war" policy should be turned on its head. Privacy is one of the fundamental rights from which the Bill of Rights was derived. Government policy should encourage privacy technologies. Government controls on cryptography should be completely removed. * The taxpayer investment in privacy technologies should be returned to the taxpayers by declassifying NSA research and encouraging its widespread deployment to protect domestic civilian communications. ________________________________________________________________________ From: thug@phantom.com (Murdering Thug) Subject: Re: Viral encryption To: cypherpunks@toad.com Date: Thu, 11 Feb 93 11:47:43 EST As Mr. Ferguson pointed out, polymorphic viruses are making their way into the DOS world. This is a problem in the short term, but not in the long term because people will be changing to memory-protected & file-permission based operating systems like NT, OS/2 and Unix, where it is very difficult for most kinds of virus to spread. I myself am very familiar with the virus underground, so for those who are not, let me explain the two newest and most deadly virus techniques which are being seen in the DOS world. The first is something called "Stealth" viruses. Stealth viruses imbed themselves into DOS and intercept disk read calls from applications. If those read system calls are reading non .EXE or .COM files, then they are processed normally. However when an application such as virus scanning program is reading in .COM and .EXE files (in order to scan them for virus code), the stealth code in DOS intercepts this and returns to the application what the .EXE or .COM file would look like if it wasn't infected by the stealth virus. Thus, all virus checking programs can be decieved in this manner. There are steps to get around this, like booting off of a write-protected floppy disk (with a clean copy of DOS on it) and running the virus checking program directly from that floppy. But people seldom do that, so the stealth technology is a worthwhile one for virus creators to pursue. The second is called "Polymorphic" viruses. These are viruses which contain a tiny encryption/decryption engine. The great thing about polymorphic viruses is that they encrypt themselves with a different key each time they replicate (make a new copy of themselves). The small amount of virus bootstrap code which is not encrypted is changed in each replication by dispursing random NOP's throughout the virus boostrap code. Thus each sample of polymorphic virus looks completely different to virus checking programs. The virus checking programs cannot use "signature" byte strings to detect polymorphic viruses. I have seen something called D.A.M.E., also known as Dark Avenger Mutation Engine. This is a freeware polymorphic library/kernel/toolkit which allows anyone to take an ordinary virus and wrap it in a polymorphic shell. Thus each new copy of the virus will look completely different as it replicates. D.A.M.E. is a great toolkit for those who want to release new viruses but don't have the skills to write a virus from scratch. DAME works very well with Turbo Assembler and MASM. I believe that DAME II will be coming out sometime this spring. At least that is what the author has promised. Among the new features will be more powerful encryption, stealth capabilities, and compatibility with Stacker and DR DOS compressed file systems. I have read that the author of DAME and DAME II will be coming out with a Virus Construction Set, which will allow point-n-click building of new viruses using object oriented techniques. It works sort of like a Mr. Potatohead, you point and click on the parts/modules you want and it builds it for you. You select the replication method, stealth capability, polymorphism, and payload module (there are several payloads, varying from playing music and showing graphics, to printing a text message on screan, to complete wipe out of the HD). The really wonderful thing is that you will be able to build your own modules and link them into the virus. I am sure a flourishing of third-party modules will occur. With the VCS, a 9 year old can build a competely new virus just by pointing, clicking, and dragging, popping up windows and choosing options. My oh my, aren't we in for fun times ahead... Thug ________________________________________________________________________ ________________________________________________________________________ The SURFPUNK Technical Journal is a dangerous multinational hacker zine originating near BARRNET in the fashionable western arm of the northern California matrix. Quantum Californians appear in one of two states, spin surf or spin punk. Undetected, we are both, or might be neither. ________________________________________________________________________ Send postings to , subscription requests to . MIME encouraged. Xanalogical archive access soon. For those who want to release new viruses. ________________________________________________________________________ ________________________________________________________________________ No question of _writing_to_ Wild Children. They think in images -- prose is for them a code not yet fully digested & ossified, just as for us never fully trusted. You may write _about_ them, so that others who have lost the silver chain may follow. Or write _for_ them, making of STORY & EMBLEM a process of seduction into your own paleolithic memories, a barbaric enticement to liberty (chaos as CHAOS understands it). For this otherworld species or "third sex," _les_enfants_sauvages_, fancy & Imagination are still undifferentiated. Unbridled PLAY: at one & the same time the source of our Art & of all the race's rarest eros.