Computer underground Digest Sun Feb 15, 1998 Volume 11 : Issue 11 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #11.11 (Sun, Feb 15, 1998) File 1--AOL's insecurity complex File 2--Skeeve Faces 10 Years File 3--Policy Post 4.1 -- Digital Wiretap Law at Key Juncture File 4--Solid Oak's mail bomb--a reply from Brain Milburn File 5--Comment on the ever-continuing CyberSitter thread. File 6--CRYPT Additions to the Joseph K Guide to Tech Terminology File 7--Defamation havens File 8--Tokyo municipal office urging teacher to delete web page File 9--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 6 Feb 1998 08:41:14 -0800 From: "James Galasyn" Subject: File 1--AOL's insecurity complex ((CuD Moderators' Note: The following may not be reprinted without permission of Salon)). from http://www.salonmagazine.com/21st/ ---------------------- AOL's insecurity complex THE ONLINE SERVICE CAN'T EVEN KEEP ITS OWN STAFF BULLETIN BOARDS PRIVATE. BY DAVID CASSEL | You've probably heard about the "other" Timothy McVeigh -- the sailor who found himself the target of Navy discharge proceedings for violating its "don't ask, don't tell" policy, after America Online divulged the real-life name behind his online profile. At this point, only a district judge has prevented the Navy from completing the discharge. After a firestorm of press coverage, AOL CEO Steve Case issued a special "Community Update" to try to mollify anger. "We have always recognized that privacy was an absolutely central building block for this medium," Case argued, "so from day one we've taken steps to build a secure environment that our members can trust." But Case's words rang hollow. The McVeigh affair wasn't an isolated incident. In the ensuing coverage, other subscribers also came forward with stories about AOL's loose lips. And only days after that controversy arose came the latest in a long sequence of disturbing AOL security breaches, undermining AOL's claim that it provides a "secure environment." Around midnight Jan. 26, I received a mysterious e-mail message: "Before you miss the whole thing, you should really try and check out keyword: TA." Since I edit a mailing list about AOL, I sometimes receive tips about hacked content. So I dutifully visited AOL's "Traveler's Advantage" area, which normally promotes innocuous travel-related services. ("Win a romantic Getaway for Two OR $5,000 CASH!") It was different that Monday. As with many previous acts of high-tech vandalism, the title of the window had been changed in the middle of the night. Instead of "Welcome to AOL Travelers Advantage!" the page read, "Lithium Node was here." (This wasn't the first time AOL had heard from "Lithium Node": Last June, the same group converted AOL's "Academic Assistance Center" into a kind of hacker resource center, complete with manifesto.) But this attack offered a new twist: Below the substitute title lay a menu linked to dozens of AOL staff bulletin boards. Following the links led to private boards reserved for conversations among AOL's online staff -- including staffers of "The Rosie O'Donnell Show" and AOL's own army of volunteers. Ironically, one area included an essay on the word "confidentiality," saying users should observe confidentiality policies, and "we should take pride in our ability to do so, and set an example for other staffs." Though the material was apparently meant to be off-limits to the public, it wasn't. A week later, one of the boards sported an announcement outlining a pending policy change. Staffers were told that "Beginning February 4, 1998, Keyword TCB will be viewruled." In other words, AOL was going to restrict access to "The Community Building," a gathering place for AOL's online staff. This tactic was "becoming increasingly important," the memo stated, to assure that an area "is limited to its intended audience, and not available for viewing by others." The bulletin boards linked from the giant index that had appeared the week before were soon to be roped off. But the obvious question -- why this no-brainer protection wasn't already in place -- went unaddressed. The announcement stated hopes that the board "remains a safe and secure area." I can't say I was surprised by any of this; AOL has a long history of security and privacy problems. In 1995 hackers accessed the e-mail of CEO Case and other executives. One message -- describing AOL's meeting with the FBI to crack down on hackers -- was even posted to Usenet newsgroups. The hacks continued over the years, and grew more sophisticated. Last April my mailing list uncovered a trick that allowed access to any subscriber's credit card number if they'd revealed their password. AOL had stated this wasn't possible. While there's no information on how many subscribers were affected, an omnipresent population of ill-wishers compounds any AOL security breach. In September 1996 the Washington Post reported that AOL canceled 370,000 accounts in one three-month period for "credit card fraud, hacking, etc." I once counted over 300 troublemakers massing in chat rooms for an en masse demonstration of dissatisfaction. What's making users uneasy is the realization that hackers aren't the only threat to privacy. Last August a parody of AOL's CEO appeared in Mad magazine, addressing concerns about high-tech burglar Kevin Mitnick: "My subscribers' card numbers are accessible to someone far more dangerous than him!" Case's parody doppelgnger commented. "ME!!" In a scramble for profits, AOL itself has resorted to varying degrees of invasiveness. In July, for instance, AOL faced controversy over plans to sell subscribers' home phone numbers to telemarketers. AOL's compromise solution wasn't as well publicized: Users will still receive unsolicited calls, but only from AOL's own stable of telemarketers. In addition, when customers now phone for technical support, staffers try to transfer them to outside telemarketing firms at the end of the call. AOL has faced questions about its privacy policies since 1994, when Rep. Ed Markey, D-Mass., expressed concerns about AOL's plan to sell information about customers to marketers. Three years later, privacy advocates at the Electronic Privacy Information Center remain concerned. AOL recently acknowledged that its current marketing plan includes gathering aggregate information about customers' movement through the service, and then using the information to sell more targeted advertisements. The existence of such a database troubles privacy advocates, whether or not the information is attached to a user's identity. And since a recent industry report calculate s that nearly 60 percent of the time Americans spend online is spent on AOL, the company is in a unique position to compile records on how that time is spent. In the McVeigh incident, AOL originally stated it was confident that its policies had been followed. Later, Case's "Community Update" conceded that "this should not have happened, and we deeply regret it." He closed by telling members that "AOL's commitment to protecting the privacy of our members is stronger than ever." Ironically, Case's apology appeared above an icon reading "Click Here to Keep Your Resolutions." It often seems that AOL is more interested in appearing to honor privacy and security than in actually providing it. In the last 10 months, at least 28 areas of AOL have been altered by hackers. Most fell to human error -- someone with "publishing rights" divulged their password. But AOL's performance in the face of these problems hasn't inspired confidence. Content partners say a memo distributed in October acknowledged that one of AOL's own employees had lost control of a privileged account. Seven areas were modified that night, including Reebok, AOL's Jewish Community Area and even Case's Community Update. (Its second page was retitled "Hey there, Sexy.") The attacks are getting more sophisticated. After vandals left a manifesto criticizing AOL's NetNoir area, its producer dispensed a carefully crafted response to reporters. But the graffiti artists got a second chance -- weeks s later they returned on another purloined account and posted a rebuttal. AOL has a ways to go before it regains my trust. By the morning after I received that mysterious e-mail message, keyword "TA" had been restored to its original travel pitches. But for nine days afterward, most of the staff areas remained accessible to anyone who'd added them to their bookmark file Case needs to work a little harder on his resolutions. COPYRIGHT: SALON | Feb. 6, 1998 (May not be reprinted without permisson) ------------------------------ Date: Tue, 10 Feb 1998 18:12:51 -0500 From: Anonymous Subject: File 2--Skeeve Faces 10 Years Hacker faces 10-year sentence By NICK PAPADOPOULOS A computer hacker who obtained and then circulated the details of 1,200 credit-card holders on to the Internet, after illegally accessing the files from an Internet Service Provider, faces a maximum 10-year jail sentence in the Downing Centre District Court today. Skeeve Stevens, 27, of Sydney, had initially denied that he was the "Optik Surfer" responsible for one of Australia's worst computer security breaches but he later pleaded guilty. The hacking incident is said to have cost the service provider, AUSNet, more than $2 million in lost clients and contracts. At the court yesterday the Crown submitted that Stevens had "maximised the damage" to both the company and the credit card holders by contacting journalists after the break-in and other "publicity-seeking behaviour". In a statement of facts tendered to the court the Australian Federal Police said Stevens hacked into AUSNet's computer network in March 1995, two months after he was refused a job with the company. The court heard how Stevens, using the user account and password details of AUSNet's technical director, altered the company's home page on April 17, 1995, by prominently displaying a message that subscriber credit card details had been captured and distributed on the Internet. This was followed the next day by an e-mail message created by Optik Surfer boasting about "this crime of stupidity by AUSNet" and highlighting the company's lax security. Stevens faces one count of inserting data into a computer, which carries a maximum 10-year jail sentence, and eight counts of unlawful access to computer data. He is likely to be sentenced today. ------------------------------ Date: Fri, 6 Feb 1998 17:56:05 -0500 From: Graeme Browning Subject: File 3--Policy Post 4.1 -- Digital Wiretap Law at Key Juncture ((CuD MODERATORS' NOTE: The following post was edited down for parsimony)) The Center for Democracy and Technology /____/ Volume 4, Number 1 ----------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online --------------------------------------------------------------- CDT POLICY POST Volume 4, Number 1 February 6, 1998 ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of __________________________________________________________ (1) DIGITAL WIRETAP STATUTE AT KEY JUNCTURE What started as a law intended to preserve law enforcement's ability to conduct wiretaps on digital networks is now being used by the FBI in an effort to enhance its surveillance capabilities. The struggle over the scope of the 1994 law is being waged in Congress, at the Federal Communications Commission (FCC) and in negotiations between the telephone industry and the FBI. The status of the debate and its implications for privacy are reviewed in a recent CDT memo posted at http://www.cdt.org/digi_tele/status.html. (2) FBI PURSUES EXPANDED SURVEILLANCE CAPABILITIES Congress enacted the Communications Assistance for Law Enforcement Act (CALEA)--popularly called the 'digital telephony'law--in 1994. The FBI is now trying to use the law to require special surveillance features in the nation's land-based and wireless telephone systems. Telephone companies have yielded to some of the FBI's demands and have resisted others, but now face pressure to compromise further. * Under pressure from the FBI, the wireless phone industry has agreed to provide law enforcement with the capability to track the location of cellular phone users. * The telephone industry has also agreed that carriers using increasingly common 'packet switching' protocols may provide to the government the full content of customer communications even though the government is only legally authorized to intercept the less sensitive addressing data that indicates who is calling whom. Despite these concessions, the FBI remains unsatisfied with the industry's proposed compliance plan. The FBI continues its push for additional surveillance features, including the ability to -- * continue monitoring parties on a conference call after the subject of the wiretap order has dropped off the call; * collect detailed information identifying each party on a call, including parties not the subject of investigation; and * receive instant notification when a customer has a voice mail waiting or makes any changes in service. The FBI also has proposed requiring carriers to install capacity for far more surveillances than ever before. See http://www.cdt.org/digi_tele/970218_comments.html. (3) INDUSTRY - FBI NEGOTIATIONS: GOVERNMENT SEEKS SOMETHING FOR NOTHING Congress set October 25, 1998 as the deadline for complying with CALEA. It has been clear for some time that the deadline can't be met: the FBI's insistence on adding surveillance functions outside the scope of the law snarled the process of drafting technical standards. Congress foresaw that compliance might take longer than expected, so it gave companies the right to seek delays from the FCC or the courts. The FBI, however, is offering carriers special extensions (called 'forbearances') if they agree to develop the additional surveillance capabilities. Since the carriers are *already* entited to an extension of time under CALEA, the FBI's negotiating ploy is seeking something for nothing. Manufacturers or carriers may be tempted to accept the offer to avoid the cost of litigation. They would do so, however, at the expense of privacy and control over network design. (4) CDT WILL URGE FCC TO INTERVENE TO PROTECT PRIVACY CALEA gives the FCC an oversight role in how the law is applied, but the Commission has been reluctant so far to intervene. In August 1997, the cellular industry, CDT and the Electronic Frontier Foundation filed pleadings at the FCC urging it to find that the FBI's demands for additional surveillance capability go beyond the scope of CALEA. The petitions are still pending. See http://www.cdt.org/digi_tele/#fcc. Instead, the FCC in October began considering an FBI proposal to require telephone company employees to undergo background investigations and to sign nondisclosure agreements. The FBI is also urging the Commission to limit the ability of telephone companies to verify the validity of purported wiretap orders. In comments to be filed on February 11, CDT will urge the FCC to balance the interests of law enforcement with the interests of privacy and technological innovation, as Congress intended. The full text of CDT's comments will be posted at http://www.cdt.org. (5) CDT'S PRIVACY RECOMMENDATIONS CDT believes that several steps should be taken to restore CALEA to the spirit of balance it originally incorporated. These steps would preserve law enforcement's basic surveillance capability (without the specific and highly detailed enhancements sought by the FBI), and yet would protect privacy in the face of the increasing surveillance potential of the new technology: * Congress should put an end to the controversy over enhanced surveillance capabilities and reaffirm its narrow intent for CALEA by authorizing the FBI to begin reimbursing carriers and switch manufacturers to implement the industry's interim standard, minus wireless phone tracking and minus any premature treatment of packet switching systems that does not require the separation of call content from addressing information. * Congress should deny the FBI the ability to impose redundant capacity requirements on carriers, by limiting expenditure of the capacity reimbursement funds. * Congress should extend the October 1998 deadline, so that the FBI cannot use the threat of non-compliance sanctions to force industry to capitulate. However, extension of the deadline should not be traded for enhanced capability. * The FCC should assure itself of the security of the networked surveillance administration systems that carriers will be installing to comply with CALEA. * The FCC should drop its proposals for intrusive background investigations of carrier personnel. * The FCC and/or Congress should launch an inquiry into the privacy implications of surveillance in a packet switching environment. * Since developments in technology are already increasing surveillance capabilities, a probable cause standard for government access to location tracking information should be established. * The standard for governmental access to other transactional information (through pen registers and trap and trace devices) should be increased to require an affirmative finding by a judge that the information sought is relevant and material to an on-going investigation. (The current standard reduces the role of the judge to a mere rubber-stamp.) (6) CDT CALEA WEBSITE UPDATED We have recently revamped and updated our CALEA website, at http://www.cdt.org/digi_tele/ __________________________________________________________ (7) SUBSCRIPTION INFORMATION To subscribe to CDT's Policy Post list, send mail to majordomo@cdt.org in the BODY of the message (leave the SUBJECT LINE BLANK), type subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts _____________________________________________________________ (8) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info@cdt.org World Wide Web: http://www.cdt.org/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ------------------------------ Date: Tue, 10 Feb 1998 16:23:35 -0700 From: joepublic@hypertouch.com Subject: File 4--Solid Oak's mail bomb--a reply from Brain Milburn I send a message to Solid Oak's official PR address (pr@solidoak.com) asking about the mail bombing and got the attached reply. My original email message is at the bottom. The noteworthy parts (to me) of the reply were their distinction between a "mail bomb" and this incident and that it was the work of an individual employee and not of the company: "The large number of e-mail messages she was sent (about 446) were actually separate but multiple replies to her original messages, not a mail-bomb, and were made by an obviously frustrated and overworked technical support employee." While I am pleased that Solid Oak does "not encourage or condone this type of behavior" I am disappointed that they did not mention any steps that they were taking to help their employees follow said policy. One obvious step might be to teach their employees about .kill files. Joe --snip-- From--Brian Milburn Subject-- Re--Confirmation of mail bombing story Date--Tue, 10 Feb 1998 12:52:20 -0800 Thank-you for your mail concerning recent events you have read about on-line. The person mentioned is not and was not a potential customer evaluating blocking software. And, as she operates a web site promoting witchcraft and paganism, it is highly unlikely that she will ever purchase or use any any content filtering product. Additionally, she is an admitted member of a group that has been engaged in a campaign of organized harassment against us for over 14 months. During this time, we have received hundreds of e-mail messages from members of this group as well as mail-bombs, "denial of service attacks" and "out of band attacks". We have even received death threats sent via e-mail to private accounts whose addresses are published by this group on their web pages and in their membership newsletters. This group has made their position on filtering software well known over this time. We feel that their concerns have already been adequately expressed. Many of the messages we have received have DEMANDED a response and threaten disastrous consequences it we do not. We are under no obligation whatsoever to respond to these messages, but we do have an obligation to our customers to provide timely technical support and answers to their questions. This person sent 12 messages to these accounts even though she was asked not to. Her ISP was contacted and their assistance was requested in persuading her to cease her e-mail activities to us. They refused to assist. The large number of e-mail messages she was sent (about 446) were actually separate but multiple replies to her original messages, not a mail-bomb, and were made by an obviously frustrated and overworked technical support employee. While we do not encourage or condone this type of behavior, we must recognize the fact that our employees have to endure a great deal of abuse from members of this group and it's supporters. Thank-you Solid Oak Software On 02/10/98 12:19pm you wrote... > >Hello, > I was writing because I was recently forwarded an account claiming >that Solid Oak had mail bombed some woman for emailing a critical letter >to Solid Oak's feedback email address. Since Solid Oak has been the subject >of heated accusations in the past, I didn't want to propagate an erroneous >story without checking its accuracy. Would you be able to tell me what, if >anything happened? I believe the woman's name was something like "Sarah >Salls." > >Thank you, > >Joe --snip-- ------------------------------ Date: Thu, 12 Feb 1998 22:52:20 +0100 (MET) From: DELETED Subject: File 5--Comment on the ever-continuing CyberSitter thread. Hello, I've been a regular reader of CuD for about 8 months now, and so I've seen alot of articles related to Solid Oak and its filtering software. Now, judging from the information contained in those articles, and various other sources on the web, it's rather obvious that Solid Oak has a rather "personal" interpretation of "material unfit for children", and well, after quite a few moments of thinking the matter over, my only reaction is: so what ? What I mean is, no one is forcing anyone to actually use Solid Oak's software. If Solid Oak wants to sell an inferior product, let them (we all know another very large company that's been doing this since 1981). Just like the consumer has a right to choose what he buys or not, so should the merchant have the right to sell crap if he so chooses. Ofcourse, the behaviour that Solid Oak has been displaying lately shows their inferiorness is not only a matter affecting their software... While I'm on the subject, I would also like to add that I really don't understand this problem you Americans seem to have concerning the protection of your children against material deemed unfit for their eyes. I mean, it's not as if a child will 'accidently' stumble upon some hardcore pornography while just browsing the web; if you find your 10-year old downloading material from sites containing sexually explicit material, you can be sure he/she's doing so by his/her own will, or would you argue that those "press here if you are 18 or older"-buttons got pressed all by themselves ? The same applies to IRC, the child still has to make the decision to actually join a channel where such material is being spread. Basically, I feel that if you cannot trust your child to not actively go out and seek such material, then you should not be letting your child wander about the net unattended. (the same applies to any other medium imo) Feel free to comment on this :) PS: for personal reasons i prefer to remain anonymous (ie. not reveal my real name), i hope you can respect this choice. Regards, ------------------------------ Date: Wed, 7 Jan 1998 23:32:22 -0500 From: "George Smith [CRYPTN]" <70743.1711@compuserve.com> Subject: File 6--CRYPT Additions to the Joseph K Guide to Tech Terminology ADDITIONS TO THE JOSEPH K GUIDE TO TECH TERMINOLOGY: Another brief in a very popular Crypt Newsletter continuing feature. consultant: U.S. Department of Defense or civil service free-lancer usually involved in a conflict of interest; or, a recently downsized employee of corporate America. Usage: The _consultant_ from Science Applications International Corporation enjoyed writing policy papers for the Pentagon's Joint Chiefs which always cleverly ensured more DoD business for his firm. Usage: Two years after being downsized by Acme Data Systems, Scroggins' carefree life as an Internet _consultant_ came to an end when he declared bankruptcy, was divorced by his wife and lost visitation rights to his children. cutting edge: hackneyed usage meant to convey a quality of hipness and intellectual excellence but, instead, standing for quite the opposite. Usage: One editor at a stodgy newspaper declared his business and technology section _cutting edge_ even though everyone knew it was only a forum for billionaire hagiography and rewritten press releases issued by corporate America. libertarian: once a handy political label for those who believe in free markets and personal liberty; now a handy marketing tool for those who wish to lower taxes, disarm government employees and spend large amounts of money on anything published by Wired Ventures, Inc. Usage: The mighty publisher of WIRED magazine galvanized a phalanx of Net _libertarians_ into sending a million electronic mails to Congress in protest of Net censorship -- where they were immediately deleted, unread, by college interns. Netizen: formerly, a term meaning citizen of the Net; now, an overused, unintentional pejorative describing a group of annoying computing technology-obsessed, mostly white, mostly male, blowhards. Usage: _Netizen_ Kane stamped his foot in glee as he used his skills in PC automation to send 1,000 e-mail copies of a windy, libertarian rant to Congressmen, the President and the press, where it was subsequently deleted, unread, by college interns. Yes, you can contribute to the Joseph K Guide without fear of professional retribution or stain upon your reputation. Send your suggestions, definitions or usages to Crypt Newsletter! ======================= Editor: George Smith, Ph.D. INTERNET: 70743.1711@compuserve.com crypt@sun.soci.niu.edu http://www.soci.niu.edu/~crypt Mail to: Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 ph: 626-568-1748 ------------------------------ Date: 4 Feb 1998 16:29:25 +1000 From: "Brian Martin" Subject: File 7--Defamation havens Defamation havens Brian Martin brian_martin@uow.edu.au http://www.uow.edu.au/arts/sts/bmartin/ The net could make defamation law obsolete. The best solution to defamatory comments is a timely opportunity to reply, and this is readily available to users through email lists and the web. This is a dramatic difference from the mass media, where the ordinary person can't afford to reply to a defamatory story. Although the net provides a wonderful solution to defamation, that's not the end of the problem. Defamation law is routinely used to suppress free speech, especially speech critical of those with power and wealth. In countries such as Australia and Britain, defamation laws are incredibly harsh and used capriciously. One Australian book reviewer, for example, said in a newspaper "I object to the author's lack of moral concern." The author sued and after two trials finally obtained more than $100,000 from the publisher. In another case, police kept a book off the market for a decade by launching dozens of defamation actions against the author, publisher and retailers. Corrupt politicians have escaped media scrutiny by threatening actions for defamation. Things look better on paper in the US, but in practice defamation law often restrains free speech. After the magazine Rolling Stone published an article about the origin of AIDS from polio vaccines, the scientist who developed the vaccine in question sued. Rolling Stone, having spent half a million dollars on legal fees before even getting to court, decided to settle by publishing a "clarification". It didn't run any further stories on the topic. There are hundreds of cases where US defamation law is used to intimidate citizens who write a letter of complaint to the government or even just sign a petition. These so-called SLAPPs (Strategic Lawsuits Against Public Participation) show how the legal system can be manipulated to squelch free speech. The net cannot solve all these problems at a stroke, but it does offer the potential to get around one major obstacle: how to publish material when the mass media are scared away by the threat of defamation. The answer: put it on the web. But what if the ISP is threatened? Put it on the web in another country! Even this isn't totally safe, since the publisher can be sued in the other country, and the author can be sued there or at home. The answer? Defamation havens. A country could make itself a defamation haven by eliminating all laws against defamation and offering itself as a host for web sites or targeted email. Local writers could offer, for a fee, to be the authors of documents. Alternatively, indigent writers from other countries could be the authors. A defamation haven would be analogous to a tax haven, though less lucrative. Those who wish to suppress speech will not give up without a struggle, however. One battleground is web links. David Rindos, an archaeologist from the US, took a post at the University of Western Australia (UWA) in 1989. He soon became aware of some unsavoury activities in his department and reported them. As a result, he came under fierce attack and was denied tenure. His case generated enormous concern internationally and led to the establishment of a web site of documents about the case, at http://www.acsu.buffalo.edu/~hjarvis/rindos.html, hosted at the State University of New York at Buffalo. In 1996, the web site address was published in The Australian (a national daily newspaper) and Campus Review (a national weekly) and broadcast on ABC (Australian Broadcasting Corporation) radio. UWA threatened defamation actions against each and successfully deterred further publication of the address. It also threatened SUNY, but it became apparent that this was only a bluff. Note that this was a threat to sue for simply publishing a web address, along with the allegation that the web site contained defamatory material. Such as suit would seem to have little chance of success in court, though one never knows in Australia. But in this case the threat was enough to scare the Australian media. The net community has more options. The Rindos site at SUNY has now been mirrored at other locations. Indeed, the best response to threats to web publication is to provide greater access and, to be fair, to offer critics a chance to publish replies. The net provides such ease of publication that the key in the future will not be access but rather credibility. With mounds of defamatory material, of claims and counterclaims, will anyone pay attention? Only if the source is impeccable. In a world with easy publication and no effective defamation law, there will still be a great incentive to be accurate. That may be better protection for reputations than defamation law ever provided. ------------------------------ Date: Thu, 5 Dec 1996 01:19:30 -0500 (EST) From: Declan McCullagh Subject: File 8--Tokyo municipal office urging teacher to delete web page Source - fight-censorship@vorlon.mit.edu Teacher told to delete Web page Asahi Shimbun The municipal office of Tokyo's Setagaya Ward is urging a fifth-grade teacher to delete an Internet home page he created with his pupils, saying it may violate local regulations, Asahi Shimbun learned Monday. Ward officials said the home page, which includes a picture of the 31 children in the class and articles in which they introduce themselves, may violate an ordinance on privacy protection. The ordinance prohibits connecting computers in public facilities to computers outside the ward and bars anyone from providing private information to anyone outside. The ward officials said information on the home page, including the children's names, should be protected under the ordinance. They also said that, under the ordinance, a panel on information disclosure and privacy protection that advises the ward chief had to give the teacher permission to connect the school computer to the Internet. The 44-year-old teacher, however, said he will not follow the ward's instruction. He said while he thinks privacy protection is important, the ordinance restricts the right of people who want to send information through the Internet. The teacher started the classroom home page on Nov. 6. It also includes illustrations and poems by the children. The pupils also communicate with elementary school students in Aichi Prefecture through e-mail. The ward officials late last month urged the teacher to delete the home page. The teacher denied any intention to violate privacy. He said his pupils enjoy the Internet and their parents appreciate their computer communications. According to the Home Affairs Ministry, 1,202 municipalities across the nation had similar ordinances as of April 1. Of those, 895 prohibit or restrict connecting school or public office computers to networks outside the municipalities, the ministry said. ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.11 ************************************