Computer underground Digest Sun Oct 3 1993 Volume 5 : Issue 77 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copie Editor: Etaoin Shrdlu, III CONTENTS, #5.77 (Oct 3 1993) File 1--Grady Ward DOES NOT Encourage Illegality File 2--Response to Jerry Leichter in re Moby Crypto File 3--EFF RESPONDS TO PGP CASE File 4--Summary of BBLISA meeting (CuD 5.75) File 5--E-Jrnl of Virtual Culture--Gender Issue Call For Papers File 6--B. Sterling's Keynote address at EFF/EFF-Austin Crypt Conf File 7--Summary of EFF/EFF-Austin Cryptography Conference Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Fri, 1 Oct 93 06:55:38 -0700 From: grady@NETCOM.COM(Grady Ward) Subject: File 1--Grady Ward DOES NOT Encourage Illegality Jerry Leichter's comments about me in CuD, Volume 5, Issue 76 are flatly wrong. I do not and never have encouraged people to copy or use PGP illegally whatever their jurisdiction. In this country they ought not to "make, use, or sell" RSA without a license from PK Partners of Sunnyvale, CA. Similarly, the IDEA cipher ought not to be used commercially without a specific commercial license from Ascom-Tech AG of Switzerland. If they are non North American nationals then they need to obtain a copy of PGP from one of several foreign sites such as: black.ox.ac.uk (129.67.1.165) ghost.dsi.unimi.it (149.132.2.1) nic.funet.fi (128.214.6.100) Depending, of course, on their local laws. I have been assured by two attorneys that source is NOT an infringing "device" and can be copied or studied as long as its distribution is not simply a ploy to evade patent law. The whole constitutional idea of a patent centers on the wide dissemination of the underlying ideas that can be reduced to practice by a "person of ordinary skill" in the field. Disseminating the ideas underlying a patent is explicitly a patriotic act in the United States. In any event individuals become moral creatures by actively making their own personal choices and not having the ideas that could lead to an informed choice restricted by the State. I support the widespread use of strong crypto in the world for two reasons: It assists physically separate individuals to freely exchange ideas in greater safety from State interference. And it preferentially helps less powerful people since the more powerful dominating group can simply use the raw force of its state apparatus to advance its program. It is an equalizer in the quest for coalition and social justice. Strong crypto creates communities, not conspiracies. ------------------------------ Date: Thu, 30 Sep 93 17:49:12 -0600 From: "L. Detweiler" Subject: File 2--Response to Jerry Leichter in re Moby Crypto Editor: I strongly object to comments by Jerry Leichter on the PGP subpoenas in CuD, Volume 5 : Issue 76. Mr. Leichter appears to be making contradictory points: even though the ITAR may be casting FUD and chilling people's actions based on `poorly drafted regulations whose coverage no one can determine, by threats and insinuations from government spokesmen that some action is illegal', he on the other hand admonishes G. Ward for his actions to date in challenging the law. "Ward is deliberately flaunting it. Stupid, dangerous idea. Being a revolutionary, putting yourself in direct opposition to the power of the state, isn't fun and games. People get hurt that way." Mr. Leichter does not appear to realize that the most egregious laws created tend only to be overturned by the most dramatic challenges. Our own American Revolution is a dramatic instance of this fact. I have praised G. Ward in email previously as a compelling cyberspatial hero for his actions in publicizing over Usenet the NSA and State Department molestations he has been subject to over the past weeks. Very dramatic constitutional issues are at stake. Another major reality lapse in Mr. Leichter's somewhat desultory argument (that appears to have the fundamental message of minimizing the significance of the Zimmermann-Ward affair) is the following. Citizens in a society do not live by the laws -- they live by the *effect* of those laws on their everyday life. Some laws are widely ignored, such as speed limits. Some are revered with the utmost respect, such as the rulings of the Supreme Court and the directives of the President. Even if no case had ever been brought to court on the ITAR, the fundamental issue is that the law has an extraordinary dampening force on certain aspects of current cyberspatial development and enterprise -- in particular, cryptographic technology intrinsic to a wide variety of transforming technologies such as digital cash and signatures -- all critical to future progress. An analogy might be this: even though our judicial system has evolved an elaborate protocol for granting search warrants, that system is meaningless if people voluntarily allow police to search their homes. We do *not* live in a world described by government laws, we live in one that interacts with them in sometimes unpredictable ways. Now, let me abandon these vague platitudes immediately for some cutting specifics relevant to this case. What is the effect on the ITAR on *domestic* cryptographic development? The ITAR supposedly only deals with import and export and in fact that is all the authority granted by its enabling law, the Arms Export Control Act, to cover. But the use of the ITAR in practice by government bureaucrats is apparently to stifle free speech and free press rights of domestic U.S. citizens. This situation is transparently clear from Grady Ward's wretched predicament and other noxious affairs that have escaped the focused attention of many. In particular, I would like to draw attention to an outstanding effort by D. Bernstein to demonstrate the sheer oppressive force of the ITAR as interpreted by the relevant U.S. agencies. In the anonymous FTP file ripem.msu.edu:/pub/crypt/docs/shuffle-export-hassles. is an extraordinary compilation of letters sent between D. Bernstein and the Bureau of Politico-Military affairs regarding the ITAR rules. Mr. Bernstein sought permission to *post* a simple message to the Usenet group sci.crypt describing a cryptographic technique. The sheer obstruction he encountered is absolutely appalling. It approaches the grotesque torture of a totalitarian society in suppressing information. He required the intervention of his California state representative merely to get simple mail responses from the asphyxiating bureaucracy! Moreover, the exchange demonstrates very clearly that the government *applies* the ITAR not as a law regarding import and export of material (as the *law* constrains it) but *in practice* as an instrument to stifle otherwise lawful 1st Amendment scientific publication. From a letter of 14 July 1993 to A. A. Henderson: >Please note that the State Department is engaging in >unconstitutional censorship of material which I privately >developed and which I wish to publish. What you are >witnessing is a battle over the First Amendment. I believe >that the [Office of Defense Trade Controls, Bureau of >Politico-Military Affairs] is acting in violation of the >Bill of Rights. [They] failed to answer this question: >"Does ITAR exert prior restraint on otherwise lawful >publication"? In these paragraphs I seek to emphasize that the debate goes far deeper than the mere obnoxious classification of widespread, public-domain cryptgraphic algorithms and techniques as `munitions'. The debate surrounding the ITAR cuts to the core of many democratic issues. The ITAR is updated with alarming frequency and changed with disturbing ease. Its revision seems to occur in complete defiance of a regular and open legislative process. Even top *experts* on the law cannot keep up with all the modifications. As a frightening example of this, take the case of U.S. vs. Martinez, where Elizabeth Martinez and her fiance were convicted of violating the Arms Export Control Act by exporting `cryptographic hardware' -- a satellite TV video descrambling device, `Videocipher II'. Apparently, by some magic bureaucratic whim, it is now *legal* to export such equipment under the ITAR! I doubt Mrs. Martinez is consoled by this news, after being consumed and rebuffed even on appeal. I consider the ITAR one of the most totalitarian documents our government has ever produced. G. Ward and P. Zimmerman are modern cyberspatial heroes for their bold, direct challenges of it. In classifying `disclosure of information to foreign nationals' as *export* we find the same institutional paranoia and cyberspatial ignorance seen in the Cold-War era Soviet Union in e.g. restricting Xerox machines. The irony is that in both cases, the paranoia is entirely justified, even necessary, within the context of preserving the illegitimate status quo. This oppression forms the basic foundation of support for the two most totalitarian systems of the 20th century -- one defunct, the other with the initials N.S.A. ------------------------------ Date: 30 Sep 1993 14:30:18 -0400 From: mnemonic@eff.org (Mike Godwin) Subject: File 3--EFF RESPONDS TO PGP CASE EFF TO DEFEND CRYPTO RIGHTS LEGALLY Washington, D.C. -- The Electronic Frontier Foundation has committed itself this week to legal defense efforts in response to what is apparently a U.S. government campaign against the use and export of cryptographic technology. EFF's response to the anti-cryptography campaign, which has been directed initially against the "Pretty Good Privacy" (PGP) encryption program written by Phil Zimmermann, is three-fold: o EFF and EFF board members will immediately contribute funds to Phil Zimmermann's current legal expenses as they relate to constitutional issues, and will encourage others to make donations for this legal effort. o EFF will continue to vigorously investigate the facts of the PGP case and other cryptography-related cases that may arise, in order to spotlight the constitutional issues raised by such cases. o EFF is now planning to launch in the near future a First Amendment campaign aimed both at raising funds to support legal work on the Constitutional issues raised by these cases, and at educating policymakers and the general public about need to reform our outmoded export control laws . The basic facts of the PGP case(s) are as follows: The Customs Bureau has interviewed Phil Zimmermann and others involved in PGP. A San Jose gran jury, convened by Assistant US Attorney William Keane, subpoenaed documents relating to PGP from Zimmermann, as well as ViaCrypt and Austin Code Works, two companies who intend to offer commercial products related to PGP. Finally, the State Department has sent a letter to the Austin Code Works requiring them to register as an arms dealer, even if they don't plan to export cryptography. In light of these developments, the Electronic Frontier Foundation Board of Directors met in Austin on Sept 22-23 to plan EFF's respons. EFF's Board of Directors believes that this case may involve fundamental issues in the application of the U.S. Constitution to digital media. At stake is the right of privacy, public access to secure cryptography, the right to publish digital writings, and the right of equal protection under the law. We are resolved to take this matter very seriously. For this reason, EFF will undertake a vigorous investigation of the facts in this and any other PGP related cases which might arise. If the Grand Jury issues indictments that would, in the view of EFF, threaten the future of digital liberty, we are prepared to assist in the case and any others which might have similar adverse effects. We are also prepared to seek to amend the export laws to protect constitutional speech and the right to disseminate and use encryption to protect the citizens' right to privacy and to the security of their communications. In the short run, EFF will assist Phil and others involved with PGP to find criminal defense attorneys, explore ways to get any cases handled pro bono publico, or for expenses only, and contribute funds to Phil and other possible defendants for preindictment constitutional research, and we encourage others to do the same. As of this announcement, several thousand dollars have been pledged by EFF and EFF board members including John Gilmore, Mitchell Kapor, John Perry Barlow. In the near future, EFF will launch a national campaign designed to provide legal and financial support for cases or legislative efforts that would promote the Constitutionally guaranteed rights to develop, discuss, and use cryptographic technology. We urge you to help Phil Zimmermann in preparing his constitutional defense by contacting Phil's lawyer, Philip Dubois (dubois@csn.org, +1 303 444 3885, or 2305 Broadway, Boulder, CO 80304, USA). He is accepting legal defense contributions relating directly to Phil's defense as an individual. Board of Directors Electronic Frontier Foundation ------------------------------ Date: Thu, 30 Sep 1993 11:38:00 -0400 (EDT) From: "Daniel P. Lieber - (617) 642-7697." Subject: File 4--Summary of BBLISA meeting (CuD 5.75) Account of BBLISA Meeting (posted in CuD #5.75) On Wed., Sept. 29, the BBLISA (Back Bay [Boston] Large Installation Systems Administration Group) group had their monthly meeting where they hosted both an FBI agent and a federal prosecutor from the U.S. Attorney General's office. Both speakers were knowledgeable about the subject and tried to answer all of the questions that they could. (I am omitting names as I am not sure of the correct spelling or titles -- both were substitutes for the original speakers.) After a brief welcoming by the leader of the group, the prosecutor spoke extensively on the different types of intruders into systems. Her particular area of expertise in the field of "computer crime" is with kiddie porn. However, she was knowledgeable on the major topic at hand -- intrusions. The most common and least threatening type of break-in artists are the solo hackers and crackers (usually young males) who break into systems for the thrill and to brag about their accomplishment. Usually, they cause little or no damage and no crime is prosecutable (just utilizing resources is not prosecutable). By far, the most serious threat is internal. Disgruntled workers and recently dismissed employees cause the most damage and are usually motivated by revenge and want to inflict injury. The third type of intrusion, for-profit, is growing rapidly. This includes bank and ATM fraud, among other types of information theft. The FBI agent relayed stories about cases he has worked on and the scope of the FBI office in Boston. To be investigatable by the FBI, a monetary or equivalent loss must be $100,000 or the loss must be shared amongst many different parties. He also informed us that there are no agents that just cruise around BBSs looking for crime. The FBI is too busy to do that. From the information discussed at the meeting, there were some conclusions and suggestions that were brought out: * System banners informing all users that unauthorized access is prohibited and that privacy is limited are helpful. * E-mail is usually considered private unless specifically stated otherwise. * System administrators are not obligated to report illegal activities tha they detect on their systems. * Law enforcement does not like to confiscate systems and will usually get the information out of the machine without taking it. * To be prosecuted for a crime utilizing a computer, the defendant must have prior knowledge of the criminal materials or intent. For more information on BBLISA, send a message to majordomo@cs.umb.edu with the subject line: subscribe bblisa. Next month's meeting will discuss large-site Internet services. --Daniel Lieber, Systems Manager- _The Vanguard_ at Bentley College ------------------------------ Date: Sun, 26 Sep 1993 15:38:55 -0400 (EDT) From: Leslie Regan Shade Subject: File 5--E-Jrnl of Virtual Culture--Gender Issue Call For Papers CALL FOR ARTICLES--EJVC: ELECTRONIC JOURNAL OF VIRTUAL CULTURE Special Issue: Gender Issues in Computer Networking Issue Editor: Leslie Regan Shade McGill University Graduate Program in Communications (czsl@musica.mcgill.ca; shade@well.sf.ca.us) EJVC is a new peer-reviewed electronic journal dedicated to scholarly research and discussion of all aspects of computer-mediated human experience, behavior, action, and interaction. This special issue of the EJVC will be devoted to gender issues in networking. Despite the abundance of various private networks and the meteoric growth of the Internet,this rapidly expanding user base does not include an equal proportion of men and women. How can women become equally represented in the new "electronic frontier" of cyberspace? Issues to be discussed can include, but are not limited to, the following: *Access issues--to hardware, software, and training. What barriers do women face? What are some success stories? *How can women be given the technical expertise to become comfortable and versatile with computer networking? *Interface design: can there be a feminist design? *How can networking realize its potential as a feminist tool? *How can woman scholars exploit networking's technology? *What information technology policies could be developed to ensure computer networking equity for women, as well as minorities? *How does one define computer pornography and "offensive" material on the net? Should it be allowed? *How should sexual harassment on the net be treated? *Are women-only groups necessary? *How do women interact on MUDS and MOOs? *What net resources exist for women? Deadlines: December 1, 1993 submission of abstracts April 1, 1994 submission of contributions Abstracts will be reviewed by the issue editor for appropriate- ness of content and overall balance of the issue as a whole. In turn, authors will then be invited to submit full-length contributions, which will be peer-reviewed by the journal's normal editorial process before final acceptance for publication. The issue editor encourages correspondence about proposed contributions even before submission of an abstract. Potential contributors may obtain a more detailed statement about the focus and range of this special issue by sending electronic mail to the issue editor with the Subject line: EJVC Issue or by anonymous ftp to byrd.mu.wvnet.edu, directory /pub/ejvc, get ejvc.shade.call. Further information about EJV may be obtained by sending e-mail to LISTSERV@KENTVM.BITNET or LISTSERV@KENTVM.KENT.EDU with one or more of the following lines in the text: SUBSCRIBE EJVC-L YourFirst LastName GET EJVC WELCOME INDEX EJVC-L Also, the file is available by anonymous ftp to byrd.mu.wvnet.edu in the pub/ejvc directory. ------------------------------ Date: Sun, 3 Oct 1993 15:20:25 -0500 From: Bruce Sterling bruces@well.sf.ca.us> Subject: File 6--B. Sterling's Keynote address at EFF/EFF-Austn Crypt Conf September 22, 1993 Hello everybody. It's quite an honor to be delivering the keynote address -- a *thankfully brief* keynote address -- at this conference. I hope to clear the decks in short order, and let you spend an engrossing afternoon, listening to an intense discussion of complex and important public issues, by highly qualified people, who fully understand what they're talking about. Unlike myself. Before all this begins, though, I do want to establish a context for this conference. Let me briefly put on my professional dunce-hat, as a popular-science writer, and try to make it clear to you exactly what the heck is going on here today. Cryptography. The science and study of secret writing, especially codes and cypher systems. The procedures, processes, measures and algorithms for making and using secret exchanges of information. *Secret* exchanges, done, made and conducted without the knowledge of others, whether those others be governments, competitors, local, state or federal police, private investigators, wiretappers, cellular scanners, corporate security people, marketers, merchandisers, journalists, public health officials, squads for public decency, snoopy neighbors, or even your own spouse, your own parents, or your own children. Cryptography is a way to confine knowledge to the initiated and the privileged in your circle, whatever that circle might be: corporate co-workers, fellow bureaucrats, fellow citizens, fellow modem-users, fellow artists, fellow writers, fellow influence-peddlers, fellow criminals, fellow software pirates, fellow child pornographers. Cryptography is a way to assure the privacy of digital way to help control the ways in which you reveal yourself to the world. It is also a way to turn everything inside a computer, even a computer seized or stolen by experts, into an utterly scrambled Sanskrit that no one but the holder of the key can read. It is a swift, powerful, portable method of high-level computer security. Electronic cryptography is potentially, perhaps, even a new form of information economics. Cryptography is a very hot issue in electronic civil liberties circles at the moment. After years of the deepest, darkest, never-say-anything, military spook obscurity, cryptography is out of the closet and openly flaunting itself in the street. Cryptography is attracting serious press coverage. The federal administration has offered its own cryptographic cure-all, the Clipper Chip. Cryptography is being discussed openly and publicly, and practiced openly and publicly. It is passing from the hands of giant secretive bureaucracies, to the desktop of the individual. Public-key cryptography, in particular, is a strange and novel form of cryptography which has some very powerful collateral applications and possibilities, which can only be described as bizarre, and possibly revolutionary. Cryptography is happening, and happening now. It often seems a truism in science and technology that it takes twenty years for anything really important to happen: well, Whitfield Diffie was publishing about public-key cryptography in 1975. The idea, the theory for much of what will be discussed today was already in place, theoretically, in 1975. This would suggest a target date of 1995 for this issue to break permanently out of the arid world of theory, and into the juicy, down-and-dirty real world of politics, lawsuits, and money. I rather think that this is a likely scenario. Personally, I think the situation's gonna blow a seam. And by choosing to attend this EFF and EFF-Austin conference in September 1993, you are still a handy two years ahead of the curve. You can congratulate yourself! Why do I say blow a seam? Because at this very moment, ladies and gentlemen, today, there is a grand jury meeting in Silicon Valley, under the auspices of two US federal attorneys and the US Customs Service. That grand jury is mulling over possible illegality, possible indictments, possible heaven-knows-what, relating to supposed export-law violations concerning this powerful cryptography technology. A technology so powerful that exporting cryptographic algorithms requires the same license that our government would grant to a professional armaments dealer. We can envision this federal grand jury meeting, in San Jose California, as a kind of dark salute to our conference here in Austin, a dark salute from the forces of the cryptographic status quo. I can guarantee you that whatever you hear at this conference today, is not gonna be the last you hear about this subject. I can also guarantee you that the people you'll be hearing from today are ideal people to tell you about these issues. I wrote a book once, partly about some of these people, so I've come to know some of them personally. I hope you'll forgive me, if I briefly wax all sentimental in public about how wonderful they are. There will be plenty of time for us to get all hardened and dark ad cynical later. I'll be glad to help do that, because I'm pretty good at that when I put my mind to it, but in the meantime, today, we should feel lucky. We are lucky enough to have some people here who can actually tell us something useful about our future. Our real future, the future we can actually have, the future we'll be living in, the future that we can actually do something about. We have among us today the board of directors of the Electronic Frontier Foundation. They are meeting in Austin in order to pursue strategy for their own national organization, but in the meantime, they also have graciously agreed to appear publicly and share their expertise and their opinions with us Austinites. Furthermore, they are not getting a dime out of this; they are doing it, amazingly, out of sheer public-spiritedness. I'm going to introduce each of them and talk about them very briefly. I hope you will reserve your applause until the end. Although these people deserve plenty of applause, we are short on quality applause resources. In fact, today we will be rationing applause care, in order to assure a supply of basic, decent, ego-boosting applause for everyone, including those unable to privately afford top-quality applause care for the health of their own egos. A federal-policy in-joke for the many Washington insiders we have in the room today. Very well, on to the business at hand. Mitch Kapor is a cofounder of the Electronic Frontier Foundation, a software designer, a very prominent software entrepreneur, a philanthropist, a writer and journalist, and a civil liberties activist. In 1990, when Mr. Kapor co-founded EFF, there was very considerable legal and constitutional trouble in the world of cyberspace. Mitch spoke out on these sometimes-arcane, sometimes-obscure issues, and he spoke loudly, repeatedly, publicly, and very effectively. And when Mitch Kapor finished speaking-out, those issues were no longer obscure r arcane. This is a gift Mitch has, it seems. Mitch Kapor has also quietly done many good deeds for the electronic community, despite his full personal knowledge that no good deed goes unpunished. We very likely wouldn't be meeting here today, if it weren't for Mitch, and anything he says will be well worth your attention. Jerry Berman is the President and Director of Electronic Frontier Foundation, which is based in Washington DC. He is a longtime electronic civil liberties activist, formerly the founder and director of the Projects on Privacy and Information Technology for the American Civil Liberties Union. Jerry Berman has published widely on the legal and legislative implications of computer security and electronic communications privacy, and his expertise in networks and the law is widely recognized. He is heading EFF's efforts on the national information infrastructure in the very thick of the Clinton-Gore administration, and Mr Berman, as you might imagine, is a very busy man these days, with a lot of digital irons in the virtual fire. Mr. Kapor and Mr Berman will be taking part in our first panel today, on the topic of EFF's current directions in national public policy. This panel will last from 1:45 to 3PM sharp and should be starting about fifteen minutes after I knock it off and leave this podium. We will allow these well-qualified gentlemen to supply their own panel moderation, and simply tell us whatever is on their minds. And I rather imagine that given the circumstances cryptography is likely to loom large. And, along with the other panels, if they want to throw it open for questions from the floor, that's their decision. There will be a fifteen-minute break between each panel to allow our brains to decompress. Our second panel today, beginning at 3:15, will be on the implications of cryptography for law enforcement and for industry, and the very large and increasingly dangerous areas where police and industry overlap in cyberspace. Our participants will be Esther Dyson and Mike Godwin. Esther Dyson is a prominent computer-industry journalist. Since 1982, she has published a well-known and widely-read industry newsletter called Release 1.0. Her industry symposia are justly famous, and she's also very well-known as an industry-guru in Central and Eastern Europe and the former Soviet Union. Ms Dyson is very knowledgeable, exceptionally well-informed, and always a healthy distance ahead of her time. When it comes to the computer industry, Esther Dyson not only knows where the bodies are buried, she has a chalk outline ready-and-waiting for the bodies that are still upright! She's on the Board of EFF as well as the Santa Fe Institute, the Global Business Network, the Women's Forum, and the Poynter Institute for Media Studies. Mike Godwin is the legal services council for EFF. He is a journalist, writer, attorney, legal theorist, and legal adviser to the electronically distressed. He is a veteran public speaker on these topics, who has conducted many seminars and taken part in many fora all over the United States. He is also a former Austinite, a graduate of the UT School of Law, and a minor character in a William Gibson novel, among his other unique distinctions. Mike Godwin is not only in EFF inside the beltway of Washington, but is on the board of the local group, EFF-Austin. Mike Godwin is a well-known, one might even say beloved, character in the electronic community. Mike Godwin is especially beloved to those among us who have had machinery sucked into the black hole of a federal search-and-seizure process. Our third panel today, beginning at 4:45, will be the uniquely appropriate Cypherpunk Panel. Our three barricade-climbing, torch-waving, veteran manifesto-writers will be John Perry Barlow, John Gilmore and Eric Hughes. Mr Eric Hughes is NOT a member of the EFF Board of Directors. Mr Hughes is the moderator of the well-known, notorious even, Internet cypherpunk mailing list. He is a private citizen and programmer from the Bay Area of California, who has a computer, has a modem, has crypto-code and knows how to use it! Mr Hughes is here today entirely on his own, very considerable, initiative, and we of EFF-Austin are proud to have him here to publicly declare anything and everything that he cares to tell us about this important public issue. Mr John Gilmore *is* a member of the EFF Board. He is a twenty-year veteran programmer, a pioneer in Sun Microsystems and Cygnus Support, a stalwart of the free software movement, and a long-term electronic civil libertarian who is very bold and forthright in his advocacy of privacy, and of private encryption systems. Mr Gilmore is, I must say, remarkable among UNIX and GNU programmers for the elegance and clarity of his prose writings. I believe that even those who may disagree with Mr Gilmore about the complex and important issues of cryptography, will be forced to admit that they actually understand what Mr Gilmore is saying. This alone makes him a national treasure. Furthermore, John Gilmore has never attended college, and has never bought a suit. When John Gilmore speaks his mind in public, people should sit up straight! And our last introductee is the remarkable John Perry Barlow. Journalist, poet, activist, techno-crank, manifesto-writer, WELLbeing, long-time lyricist for the Grateful Dead, co-founder of Electronic Frontier Foundation, member of the Wyoming Republican Party, a man who at last count had at least ten personal phone numbers, including two faxes, two cellulars and a beeper; bon vivant, legend in his own time, a man with whom superlatives fail, art critic, father of three, contributing editor of MONDO 2000, a man and a brother that I am proud to call truly *my kind of guy:* John Perry Barlow. So these are our panelists today, ladies and gentlemen: a fine group of public-spirited American citizens who, coincidentally, happen to have a collective IQ high enough to boil platinum. Let's give them a round of applause. (((frenzied applause))) Thank you. Ladies and gentlemen, EFF-Austin is not the EFF. We are a local group with our own incorporation and our own unique organizational challenges. We are doing things on a local scale, where the National EFF cannot operate. But we know them, and we *like* them, and we are proud to have them here. Furthermore, every time some Austin company, such as Steve Jackson Games Incorporated, or thecurrently unlucky Austin Codeworks, publishers of a program called "Moby Crypto," find themselves in some strange kind of federal hot water, we are not only proud to know the EFF, we are *glad* to know them. Glad, and *grateful!* They have a lot to tell us today, and they are going to tell us things they believe we really need to know. And after these formal panels, this evening from 8 to 10, we are going to indulge in a prolonged informal session of what we Austinites are best at: absorbing alcohol, reminiscing about the Sixties, and making what Mitch Kapor likes to call "valuable personal contacts." We of EFF-Austin are proud and happy to be making information and opinion on important topics and issues available to you, the Austin public, at NO CHARGE!! Of course, it would help us a lot, if you bought some of the unbelievably hip and with-it T-shirts we made up for this gig, plus the other odd and somewhat overpriced, frankly, memorabilia and propaganda items that we of EFF-Austin sell, just like every other not-for-profit organization in the world. Please help yourself to this useful and enlightening stuff, so that the group can make more money and become even more ambitious than we already are. And on a final note, for those of you who are not from Austin, I want to say to you as an Austinite and member of EFF-Austin, welcome to our city. Welcome to the Capital of Texas. The River City. The City of the Violet Crown. Silicon Hills. Berkeley-on-the-Colorado. The Birthplace of Cyberpunk. And the Waterloo of the Chicago Computer Fraud and Abuse Task Force. You are all very welcome here. So today, let's all learn something, and let's all have some fun. Thanks a lot. ------------------------------ Date: Sun, 3 Oct 1993 15:20:43 From: Steve Jackson Subject: File 7--Summary of EFF/EFF-Austin Cryptography Conference Before a standing-room-only audience of over 200, Mitch Kapor, John Gilmore and other technopolicy experts criticized the federal "Clipper Chip" proposal at a cryptography conference held today in Austin. Jointly sponsored by the Electronic Frontier Foundation and EFF-Austin, the one-day conference included three blue-ribbon panels on various aspects of cryptography policy. The issue of public access to cryptography is rapidly heating up, as secure encoding programs become available to private individuals. Meanwhile, the government maintains tight export restrictions on cryptographic products. In fact, a federal grand jury is now examining business records subpoenaed from commercial cryptography providers - including one in Austin - in an apparent investigation of exports. The audience wasn't just computer-literate, but computer-armed-and-dangerous. The rattling of laptop keys sounded from at least 20 spots in the room as Bruce Sterling presented a keynote explanation of cryptography and why it's important: "We all have digital irons in the virtual fire." The conference led off with a discussion between Mitch Kapor (founder of Lotus Development and chairman of the Electronic Frontier Foundation) and Jerry Berman (executive director of the EFF). Most of the commentary had to do with the process by which the Clipper had been presented, and might still be mandated. Berman stated flatly that the Clipper program simply will not do the job its advocates say it will, as long as it's voluntary . . . and if it becomes mandatory, it raises "fundamental Constitutional issues which they don't want to confront . . . they're between a rock and a hard place." Kapor, wearing a Secret Service cap, discussed the Washington policy process. "You would be surprised how little depth of thinking-through there is on these issues of the information superhighway. People are trying to do the right thing . . . you might think that they've got a lot of deep thinkers sitting around and trying to figure out what the right thing to do is. No. It's the `crisis of the day.' And in that sort of atmosphere, reasonable people sometimes feel that what they're doing is the best compromise under the circumstances. There's a lack of commitment to doing the right thing . . . people think they're making creative compromises when in fact they're making stupid mistakes." But he also commented that compromises are sometimes the only option: "There is a role for moral outrage, but in Washington, moral outrage only gets you so far." Quotes: Kapor: "We're very much in favor of the private sector as opposed to the government undertaking construction activities. The government doesn't have the money or the expertise. . . . Common carrier, private sector, universal access." "People don't understand the nature of the problems. The problems keep getting greater and greater, and the solutions get more and more absurd." "Whoever actually owns the data highways shouldn't be able to control what goes across them. That's the principle of common carrier. It should be updated to reflect that fact that we want more competition and fewer regulated monopolies, but the principle still holds." John Gilmore, answering a question about copying the chip: "The idea is that they use a technology to build the chip that makes it hard to reverse-engineer, developed for classified chips, that has not been seen in the real world." He went on to say that the government has so far not responded to requests for sample chips to allow independent experts to test this claim. Following the CFP model, the panels were separated by long breaks for discussion, networking and argument. The crowd was mixed: not just "computer people" and journalists, but also high school and college students, several law enforcement professionals, and one labor union officer, from Houston and San Antonio as well as Austin. The second panel, on law enforcement, was a dialogue between Esther Dyson (long-time industry observer and newsletter editor) and Mike Godwin (Legal Services Counsel for the EFF). The discussion, and most of the audience's questions, focused on the current and probable future legality of various encryption systems. Quotes: Esther Dyson: "If government gives us this weak encryption, and mandates that we use it . . . then what the public thinks about the issue doesn't matter any longer." Mike Godwin: "Sure, cryptography is inconvenient to law enforcement. But we have other things that are inconvenient. Look at that pesky prohibition against forced confessions. You know they did it . . . but the police can't make them confess. Isn't that troubling?" "For so long, technological advances meant decreases in privacy. Now there's a technological advance that empowers privacy . . . not just on a corporate level, but on an individual level." The final panel was entitled simply ``Cypherpunks,'' and included Eric Hughes (founder of the Cypherpunks mailing list), John Gilmore (programmer and free-software activist) and John Perry Barlow (co-founder of the EFF). They talked about just how easy it is, already, to encrypt your communications, using PGP and other systems. They also discussed how quickly some older encoding methods are failing before decryption technology. Quotes: John Gilmore: "How many of you have broken no laws this month?" (No hands appeared.) "That's why we need encryption. There are too many laws, and the wrong things are illegal." "What do we want out of cryptography? You can sum it up in two words: unprecedented mobility. Your friends and co-workers can be scattered in physical space." "Outlawing cryptography is like outlawing pencils because bookies use them to record bets." "We're trying to make people aware of these problems (cryptographically competent crackers) and push out the free software solutions that solve them." John Perry Barlow: "The more I think about what it means to have the Internet everywhere on this planet, combined with widespread use of encryption technology, the more I think this is the biggest development since fire. And if you think that's an exaggeration, think about what's going to go down when these technologies come together." "Huge economies may develop, utterly invisible to everyone not involved in them. The kind of economies that would break most world governments. If taxes become voluntary, there are many government `services' that most people will no longer want to pay for. "The administration . . . is defending a position on cryptography which doesn't make it easy to explain its benefits to society." Eric Hughes: "It's amazing how much publicity we (the cypherpunks) have gotten just in this first year. We hit a hot button. It's the flowering of cryptography." "In order to have a private key, you have to own your own CPU. Most people use dialin services, where mail is being received at someone else's computer. If you put your private key on that system, it's unsafe." "Digital privacy is for the rich. We have to face that. Digital privacy is class-based. But it's getting cheaper." "Cypherpunks want privacy for other people, not just for themselves. Easy-to-use for a programmer is not easy-to-use for other people." Hughes: "I'm surprised that those `secret' e-mail addresses for Congressmen haven't come across the cypherpunks list." Barlow: "They have. Just a couple of days ago." (Applause . . . ) At the close of the conference, EFF-Austin president Jon Lebkowsky summed it up: "What impressed me is that a topic which is still relatively arcane attracted such an active and vocal group, even in Austin, a hotbed of networked computing. This is the next big issue." ------------------------------ End of Computer Underground Digest #5.77