Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11) id ; Thu, 20 May 93 08:54 EDT Received: from uicvm.uic.edu by mv.MV.COM (5.67/1.35) id AA13628; Thu, 20 May 93 08:28:05 -0400 Message-Id: <9305201228.AA13628@mv.MV.COM> Received: from NIU.BITNET by UICVM.UIC.EDU (IBM VM SMTP V2R1) with BSMTP id 4719; Thu, 20 May 93 07:27:51 CDT Date: Thu, 20 May 93 02:56 CDT To: TK0JUT1@NIU.BITNET From: Cu-Digest (tk0jut2@mvs.cso.niu.edu) Subject: Cu Digest, #5.38 Computer underground Digest Wed May 19 1993 Volume 5 : Issue 37 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Editor: Etaoin Shrdlu, Senrio CONTENTS, #5.37 (May 19 1993) File 1--CPSR Brief in 2600 FOIA Case File 2--Response to Russell Brand (Re CuD 5.36) File 3--"Clipper" Chip Redux File 4--UPDATE #4-AB1624: Legislative Info Online File 5--AB1624-Legislation Online - Making SURE it's "right" File 6--CU In The News--Singapore Piracy / Ethics Conf. Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailserver at: server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 18 May 1993 14:01:53 -0500 From: sobel@WASHOFC.CPSR.ORG Subject: File 1--CPSR Brief in 2600 FOIA Case Computer Professionals for Social Responsibility (CPSR) today filed its brief in federal district court in Washington, DC, challenging the Secret Service's withholding of information relating to the break-up of a meeting of individuals affiliated with 2600 Magazine last fall. The brief is re-printed below. All footnotes and certain citations have been omitted. For information concerning CPSR's litigation activities, contact: David Sobel, CPSR Legal Counsel For information concerning CPSR generally, contact: ============================================================ UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA COMPUTER PROFESSIONALS FOR ) SOCIAL RESPONSIBILITY, ) ) Plaintiff, ) ) v. ) C.A. No. 93-0231-LFO ) UNITED STATES SECRET SERVICE ) ) Defendant. ) _______________________________) PLAINTIFF'S MEMORANDUM IN OPPOSITION TO DEFENDANT'S MOTION FOR SUMMARY JUDGMENT AND IN SUPPORT OF PLAINTIFF'S CROSS-MOTION FOR SUMMARY JUDGMENT Plaintiff initiated this action on February 4, 1993, challenging defendant Secret Service's failure to release certain agency records requested under the Freedom of Information Act ("FOIA"), 5 U.S.C. Sec. 552. Specifically, plaintiff seeks disclosure of Secret Service records concerning "the breakup of a meeting of individuals affiliated with '2600 Magazine' at the Pentagon City Mall in Arlington, Virginia on November 6, 1992." The Secret Service filed its motion for summary judgment on April 19, 1993. Plaintiff opposes the agency's motion and cross-moves for summary judgment. Background On November 6, 1992, a group of young people gathered in the food court at Pentagon City Mall in Arlington, Virginia, to socialize and discuss their common hobby -- computer technology. Most of the attendees were readers of "2600 Magazine," a quarterly journal devoted to computer and telecommunications issues. The gathering was a regular, monthly event promoted by the magazine. See "Hackers Allege Harassment at Mall," Washington Post, November 12, 1992. Shortly after the group had gathered, "they were surrounded by a few mall security guards and at least one agent from the Secret Service." Officers of the Arlington County Police were also present. The security guards demanded that the group members produce identification and compiled a list of names. The personal belongings of several attendees were confiscated and the group was evicted from the mall. Several days later, plaintiff submitted a FOIA request to the Secret Service seeking agency records concerning the incident. The agency produced several newspaper articles describing the incident, but withheld two records which, according to the agency, "were provided to the Secret Service by a confidential source, and each consists solely of information identifying individuals." Defendant asserts that these two documents -- apparently lists of names compiled by the mall security guards -- are exempt from disclosure under FOIA Exemptions 7(A), 7(C) and 7(D). Plaintiff disputes the applicability of these exemptions to the withheld material. Argument I. The Withheld Information was not Compiled for a Valid Law Enforcement Purpose Under the facts of this case, defendant has failed to meet its burden of establishing the threshold requirement of Exemption 7 -- that the information was compiled for valid law enforcement purposes. Without elaboration, defendant merely asserts that "[t]he two records being withheld ... are located in investigative files maintained by the Secret Service that pertain to and are compiled in connection with a criminal investigation being conducted pursuant to the Secret Service's statutory authority to investigate allegations of fraud." Def. Mem. at 3. This assertion falls far short of the showing an agency must make in order to invoke the protection of Exemption 7. In Pratt v. Webster, 673 F.2d 408 (D.C. Cir. 1982), the D.C. Circuit established a two-part test for determining whether the Exemption 7 threshold has been met. First, the agency's investigatory activities that give rise to the documents sought must be related to the enforcement of federal laws or to the maintenance of national security. To satisfy this requirement of a "nexus," the agency should be able to identify a particular individual or a particular incident as the object of its investigation and the connection between that individual or incident and a possible security risk or violation of federal law. The possible violation or security risk is necessary to establish that the agency acted within its principal function of law enforcement, rather than merely engaging in a general monitoring of private individuals' activities. ... Second, the nexus between the investigation and one of the agency's law enforcement duties must be based on information sufficient to support at least "a colorable claim" of its rationality. ... Of course, the agency's basis for the claimed connection between the object of the investigation and the asserted law enforcement duty cannot be pretextual or wholly unbelievable. 673 F.2d at 420-421 (emphasis, citations and footnote omitted). Since the passage of the 1986 FOIA amendments, the court of appeals has slightly restated the Pratt test so that the agency must demonstrate a nexus "between [its] activity" (rather than its investigation) "and its law enforcement duties." Keys v. Department of Justice, 830 F.2d 337, 340 (D.C. Cir. 1987). As the court of appeals noted, the reason for requiring the showing of a "nexus" is to ensure that the agency was not "merely engaging in a general monitoring of private individuals' activities." Other courts have also recognized that "[i]f an agency 'was merely monitoring the subject for purposes unrelated to enforcement of federal law,' a threshold showing has not been made." Rosenfeld v. Department of Justice, 761 F. Supp. 1440, 1444 (N.D. Cal. 1991). See also King v. Department of Justice, 830 F. 2d 210, 230 (D.C. Cir. 1987) (court not required "to sanction agency claims that are pretextual or otherwise strain credulity"); Shaw v. Federal Bureau of Investigation, 749 F.2d 58, 63 (D.C. Cir. 1984) ("mere existence of a plausible criminal investigatory reason to investigate would not protect the files of an inquiry explicitly conducted ... for purposes of harassment"). In this case, the agency has not even attempted to make the requisite showing. It has not "identified] a particular individual or a particular incident as the object of its investigation and the connection between that individual or incident and a possible ... violation of federal law," as Pratt requires. Rather, the circumstances strongly suggest that the Secret Service was "merely engaging in a general monitoring of private individuals' activities" (Pratt), or conducting an inquiry "for purposes of harassment" (Shaw). If, as the agency's representations suggest, the Secret Service obtained a listing of individuals lawfully assembled at a shopping mall in order to identify computer "hackers," without benefit of probable cause or even articulable facts justifying such an "investigation," Exemption 7 cannot protect the collected information from disclosure. Indeed, as the Second Circuit has noted, "unauthorized or illegal investigative tactics may not be shielded from the public by use of FOIA exemptions." Kuzma v. Internal Revenue Service, 775 F.2d 66, 69 (2d Cir. 1985), citing Weissman v. Central Intelligence Agency, 565 F.2d 692, 696 (D.C. Cir. 1977) (other citation omitted). The agency has offered no evidence that would rebut the inference that it is improperly collecting the names of individuals engaged in constitutionally protected activity. The Secret Service has not met its burden of establishing the "law enforcement purposes" threshold. Nor has it demonstrated that any of the requisite harms would flow from disclosure, so as to meet the specific provisions of Exemptions 7(A), 7(C) or 7(D). II. Disclosure Would not Interfere with a Pending Law Enforcement Proceeding In support of its 7(A) claim, defendant again asserts, without elaboration, that the disputed records were obtained "in the course of a criminal investigation that is being conducted pursuant to the Secret Service's authority to investigate access device and computer fraud." Defendant further asserts that disclosure of the information "could reasonably be expected to interfere" with that investigation. As plaintiff has shown, the existence of a qualifying "investigation" has not been established. Nor, as we discuss below, could the disclosure of the withheld information be reasonably expected to interfere with defendant's vague inquiry. Given the unique nature of FOIA litigation, plaintiff (and the court, absent ex parte submissions) must draw logical conclusions based upon defendant's representations. Here, defendant represents that 1) the records relate to the incident at Pentagon City Mall; 2) the records were obtained from a "confidential" source; and 3) the records consist "solely of information identifying individuals." Given that a list of names was compiled by mall security guards and that a record consisting "solely of information identifying individuals" is -- by definition -- a list of names, plaintiff and the court logically can assume that the compilation of names is being withheld. The individuals who were required to identify themselves, and whose names were subsequently recorded, obviously know that they were present at the mall and that their names were taken. Under these circumstances, it is patently absurd for the agency to assert that [t]he premature release of the identities of the individual(s) at issue could easily result in interference to the Secret Service's investigation by alerting these individual(s) that they are under investigation and thus allowing the individual(s) to alter their behavior and/or evidence. In Campbell v. Department of Health and Human Services, 682 F.2d 256, 259 (D.C. Cir. 1982), the D.C. Circuit reached the obvious conclusion that Exemption 7(A) does not apply to information that was provided by the subject of an investigation -- it applies only to information "not in the possession of known or potential defendants." See also Grasso v. Internal Revenue Service, 785 F.2d 70, 77 (3d Cir. 1986) (where plaintiff sought disclosure of his own statement to agency, "[t]he concerns to which Exemption 7(A) is addressed are patently inapplicable"). Under the facts of this case, defendant's meager assertion of "interference" defies logic and cannot be sustained. III. The Privacy Protection of Exemption 7(C) is Inapplicable in this Case Defendant next seeks to shield the information from disclosure on the ground that it is seeking to protect the privacy of the individuals named in the records. Applying the balancing test of Exemption 7(C), the agency asserts that there is a substantial privacy interest involved and "no public benefit in the release of the names." As for privacy interests, defendant claims that the disclosure of an individual's name in a "law enforcement file ... carries stigmatizing connotations." As noted, there is substantial question as to whether the withheld material qualifies as a "law enforcement" record. Indeed, the individuals themselves believe that their names were recorded for purposes of harassment, not law enforcement, and they cooperated with the news media to expose what they believe to be improper conduct on the part of the Secret Service. As is set forth in the attached affidavit of counsel, a number of the young people who were detained at the mall have sought plaintiff's assistance in securing the release of relevant Secret Service records. By letter dated November 20, 1992, plaintiff submitted a FOIA request to the agency seeking information concerning eight individuals, and provided privacy releases executed by those individuals. The agency claimed that it possessed no information relating to those individuals. Plaintiff believes it is likely that some, if not all, of those individuals are identified in the material defendant is withholding. Given that plaintiff provided privacy releases to the agency, the invocation of Exemption 7(C) to withhold those names is indefensible. The newspaper articles attached to defendant's motion belie the claim that there is no public interest in the disclosure of the requested information. The front page of the Washington Post reported the allegation that the Secret Service orchestrated the incident at Pentagon City Mall in order to monitor and harass the young people who gathered there. The individuals themselves have attempted to publicize the incident and gain the release of relevant agency records. The balance between privacy interests and public interest clearly weighs in favor of disclosure. IV. The "Confidential Source" Protection of Exemption 7(D) is not Available in this Case Finally, defendants invoke Exemption 7(D), emphasizing that the statutory definition of "confidential source" includes "any private institution." Again, the circumstances of this case render the exemption claim absurd -- the shopping mall was clearly the source of the information maintained by the agency and it has not attempted to conceal its cooperation with the Secret Service. Shortly after the incident, the mall's security director, Allan Johnson, was interviewed by Communications Daily. According to an article that appeared in that publication, Johnson acknowledged that the mall's security staff was working under the direction of the Secret Service. "The Secret Service ... ramrodded this whole thing," according to Johnson. "Secret Service Undercover Hacker Investigation Goes Awry," Communications Daily, November 10, 1992, at 2. This admission belies defendants' suggestion that "[s]ources who provide ... information during the course of a criminal investigation do so under the assumption that their identities and cooperation will remain confidential ...." As defendants concede, promises of confidentiality will be implied, but only "in the absence of evidence to the contrary." In this case, the evidence suggests that the source of the information has sought to deflect responsibility for the incident by asserting that it was, indeed, acting at the request of the Secret Service. The agency appears to be more concerned with protecting itself than with protecting the identity of a source that is in no way "confidential." Exemption 7(D) can not be used for that purpose. CONCLUSION Defendants' motion for summary judgment should be denied; plaintiff's cross-motion for summary judgment should be granted. ------------------------------ Date: Sat, 15 May 93 20:20:07 EDT From: Jerry Leichter Subject: File 2--Response to Russell Brand (Re CuD 5.36) [Well, maybe more than a line. It grew as I edited. -- Jerry] Russell Brand responds to my recent article on the open vetting of crypto- graphic protocols: In CU Digest 5.34, Jerry Leichter attacked Mike Godwin's position on the open design principle. While Leichter is correct that in certain environments, an `open design' is fact neither partical nor appropriate. CLIPPER is doesn't present an instance of this.... thus completely missing the point of what I wrote. I think I made it plain that I was *not* attacking Mike Godwin's position as such. Mr. Godwin is not, and does not claim to be, an expert on cryptography, its history, or its application. He's an expert on law, and that was what the bulk of his article dealt with. What I *did* attack was the often-repeated contention, which Mr. Godwin has simply presented yet another example of, that the Clipper initiative represents something fundamentally new IN THAT IT PROPOSES THE USE OF A SECRET CRYPTOGRAPHIC ALGORITHM. It is certainly true that there ARE several aspects of the initiative that ARE fundamentally new (and hence certainly deserving of debate even if only for that reason), but this is absolutely not one of them. In fact, what IS new and quite "unproven" in the real world is the notion of a cryptographic algorithm that IS public. Mr. Brand continues with the argument that "an open design is important ... so that you don't have to worry what advantage someone can get by stealing it." This is just what it seems: An argument, even a reasonable one. It is NOT an indication that there is anything "abnormal" about a cryptographic algorithm whose details are not public. As an argument, it can be responded to. I submit, for example, that all the evidence available - and there's a fair amount - is that the only advantage one gains from the ability to steal the design is the ability to create one's own Clipper-compatible chips and thus evade key escrow. A claim that something violates "normal procedure" is an attempt to remove it from the domain of debate. Bureaucrats LOVE to claim that something is "just normal procedure" and as such presumably not open to question or modification. Several claims I've seen made about cryptography in general, and Clipper in particular, are of this general nature. The "open design as a normal procedure" claim is, in an academic context in which openness and publication are so central, a particularly compelling one. Unfortunately, it's a claim with little or no basis in law, history, engineering, or much of anything outside of academia. The whole area of cryptography has grown a paranoid mythology around it. Just yesterday, All Things Considered ran an interview with a "computer expert" - he's published a book on Windows programming, thus making him fully qualified to talk about cryptography - who repeated some old and hoary chestnuts, which are KNOWN to be false (or, at best, for which there is absolutely no evidence). For example, he repeated the claim that there is a trap door in DES, and he seems to believe that what is escrowed is a MASTER key for all Clipper chips: Given the two escrowed halves, you can read any Clipper conversation. The interviewer seemed disturbed by this, as well she might be (especially when the "expert" claimed that hackers would soon be able to determine the master key on their on), and made all the right "oh my goodness" noises. What she didn't bother to do was talk to someone who knew something about the issue. It's impossible to have a reasoned debate about cryptographic issues when one side refuses to say much of anything, and the other lives in a paranoid fantasy world. I think is was Edmund Burke who said that the first moral imperative is to make sense. ------------------------------ Date: Mon, 17 May 93 11:54:45 EDT From: soneill@NETAXS.COM(Steve O'Neill) Subject: File 3--"Clipper" Chip Redux My first reaction when I read about the Clipper chip proposed by the Feds was how confused the folks who use Intergraph's RISC chip of the same name were going to be. Same goes for the people using Clipper to compile their dBase programs. But, I digress... I have a couple of basic objections to the way the government is going about this whole business of creating a standard for digital telephone encryption. First of all, unless you've been away on Mars these past 25 or so years, you've got to be aware that the Federal Government is not the most trustworthy organization around. Do the names Hoover, Liddy, Mitchell, North, Poindexter, Watergate, Iran-Contra and BCCI ring a bell? My point is simply this: no judicial process known to man is going to keep somebody working for the Feds from listening in on your conversations if this key escrow business becomes reality. It's immaterial whether the keys are held in 2, 10, or 50 different agencies. The people keeping them are just that:people. They can be bribed, their self-interest can be appealed to, they can be talked into turning over the keys because it's an urgent matter of "national security". For that matter, if some of the people working for an intelligence agency want the keys, I'm sure they'd have no trouble stealing the damned things! "All true", you say, "but if you use some other crypto system and the Feds REALLY want to find out what you're saying, they'll just sick the NSA on you-at that point, it won't make any difference what system you're using, they'll eventually crack it". I say: maybe yes and maybe no. If the NSA is going to be drawn into busting into your encrypted conversations, it's probably going to want a real good reason to do so. If the need to find out what you're saying has reached that stage, then most likely whole departments are alarmed about what you may be up to. At that point, it seems to me that you'll have bigger problems than simply the paranoia of one or two government employees. Even the NSA doesn't have unlimited resources. I'm pretty sure the management of the agency doesn't like diverting its personnel, computers, and eavesdropping equipment from what it considers its primary cryptanalytic mission without good cause and plenty of official authorization. Remember, at the outset of such a project, the people involved can have no way of knowing how long it will take and how many resources it will consume. If cracking your system becomes a big enough pain in the ass, NSA may tell the requestors to just go and bug your house! Therefore, barring the existence of rogue cryptanalysts in the NSA, it doesn't seem reasonable to me to worry about having your totally proprietary and cryptographically secure digital phone system broken into on a whim. This is the main reason I don't want the government to have any EASY means of listening in on my encrypted conversations. Second, the problem I have with the proposed scheme is that it probably won't protect us from the really bad guys. I believe that if, for example, the Mob, Mafia, Cosa Nostra, whatever name you want to give to organized crime, wants to make its telephone conversations private, it possesses the resources and the smarts to do so, regardless of what becomes the "standard method" of commercial encryption. Today, it's no trick to find a programmable, semi-custom chip of almost any kind you'd like. They're not expensive, and there are any number of engineers floating around who can design with them, particularly of the unemployed military kind. It doesn't take much imagination to envision the kind of scenario in which one or more of these people is hired by a "contract" engineering firm fronting for the Mob. His/her/their task is to develop an encryption chip set for an "unnamed" manufacturer who wants to get into the commercial phone encryption business. Or so they are told. Time to market is critical, they're told, so use off-the-shelf programmable arrays and a commonly available microprocessor. A cryptology expert is also hired, and he supplies the alogrithms, mostly ones he's worked on that his former employer, whomever that was, wasn't interested in. And in 6 months, the Organization has a chip set that can give NSA nightmares for a year. Or, even simpler, engineers from the same unemployment pool are hired directly, the same way accountants and lawyers are hired, given their marching orders, and they're off. The pay would be good and, as long as you don't ask too many questions, the working conditions would be fine. Far fetched? Maybe: but if so, then what are all those unemployed nuclear experts from the former Soviet Union doing in places like Iraq? Which brings me to my point: even if the Mob doesn't have an interest in such a chip set, I have no doubt at all that various foreign governments do. I also have no doubt that many of them already have such sets. You and I, on the other hand, will be stuck with the "leaky" Clipper chip, which our friends at the Fed are so thoughtfully providing for us. Finally, many of you are probably wondering why using the Clipper chip should be a problem to you. After all, you're not a criminal, nor are you an agent of a foreign government. You simply want a way to keep your competition away from your trade secrets. The answer lies in the kind of hay the various law-enforcement and intelligence agencies can make with ANY private information they collect about you. If you become a member of a group that someone or some group of someone's in the Fed comes to view with alarm, give a "provocative" speech, or publicly express an opinion that a bureaucrat views as possibly threatening to something he values, you could find yourself the target of surveillance. And remember, your politcal activity of today, which is quite acceptable now, can come back to haunt you(ask any activist from the '30's about what a wonderful time he had in the '50's). Such surveillance will probably not ever result in any kind of criminal indictment. Instead, you may find it difficult to get certain kinds of jobs; your credit rating might suddenly go sour, for reasons you can't fathom; you might discover that your neighbors harbor what seem to be unspoken suspicions about you. All of this, and more, has happened over the past 40 years to all sorts of people, without the help of a supposedly "secure" encryption method that can, in reality, be broken into whenever someone in the government feels like it. If I use encryption, it's to ensure my privacy: I damn' well don't want to be wondering if some government functionary is listening in because he has paranoid delusions about what I may be up to. Before you write all of this off as simply the ravings of someone who is, to say the least, overly suspicious of the Feds, consider this: in the late 70's, the government introduced the Data Encryption Standard, or DES. At the time of its introduction, the rumor was bruted about that the NSA had a hand in weakening the security of the algorithm for reasons of ease of decrypting. This rumor was never confirmed or denied by NSA. IBM who developed it, and NBS, the agency that sponsored it, said no such thing had happened. Unfortunately, the developers had been "helped" by the NSA, in particular, by being provided with some of the constants used in various parts of the algorithm, and may simply have not been in a position to really know. Over the past 15 years, a lot of data has been passed around using the DES, some of it commercial, much of it government. In all that time, no user of DES has ever had any idea whether any part of that data flow has been decrypted surreptitiously by the NSA. If it has, NSA ain't talking, so we, out here in the real world, don't know what they know about us, or, more accurately, what they THINK they know about us. And, all of this uncertainty surrounding an encryption process that has NEVER been acknowledged to have any trap doors. Now, the Feds propose to create a system that they have specifically said can give other, perhaps less scrupulous, agencies easy access to our communications(data, as well as voice, remember). Uh-uh, no thanks. If I need crytographic privacy, I'll look elsewhere, thank you. ------------------------------ Date: Tue, 18 May 1993 20:03:19 -0700 From: Jim Warren Subject: File 4--UPDATE #4-AB1624: Legislative Info Online [For newcomers: Assembly Bill 1624 would mandate that most current, already-computerized, public California legislative information be available, online. *IF* sufficient public pressure continues, it *appears* like it may pass. Send your e-addr to receive updates and panic calls-for-action. :-) AB1624 HEARING RE-SCHEDULED. AGAIN! NOW IT'S MAY 20th The Assembly Rules Committee first heard this bill April 19th. Then we thought the next hearing would be May 3rd. Then May 6th. On May 5th, we were told it'd be May 13th at 7:30 a.m. Upon arriving the afternoon of May 12th to stay overnight, I was told it would be May 20th. It's now in the printed schedule -- which means it will probably happen. PROPOSED AMENDMENTS NOW AVAILABLE FOR REVIEW The amendments to AB1624 that will be proposed when the Rules Committee considers it on 5/20 became public at 3:46 p.m. on 5/18. (I first saw them shortly thereafter.) Key issues: PROPOSED AMENDMENTS MANDATE FREE ACCESS TO THE INFORMATION -- EXCEPT ... Part of the amendments state, "No fee or other charge shall be imposed as a condition to this public access except as provided in subdivision (d)." And that subdivision states, "(d) No individual or entity obtaining access to information under the system established [by AB1624] shall republish or otherwise duplicate that information for a fee or any other consideration except with the authorization of the Legislative Counsel and the approval of the Joint Rules Committee pursuant to a written agreement between the individual or entity and the Legislative Counsel that may provide for payment of a fee or charge for this purpose." And, "Any amounts received by the Legislative Counsel [go to help support] the Legislative Counsel Bureau." Note: The Legislative Counsel runs the $25-million Legislative Information System. Thus, such fees would help to reduce its tax-paid operating costs. It was obvious in the first committee hearing of AB1624, and has been repeatedly reiterated since then, that many of the legislators want companies that profit from distributing these public records to functionally pay royalties. The word I hear is that the is the only way AB1624 has a chance of passage -- not withstanding that the data is public information. PROPOSED AMENDMENTS MAKE NO MENTION OF INTERNET ACCESS, BUT IT APPEARS LIKELY The bill still states only that the information, "shall be made available to the public by means of access by way of computer modem," without specifying through what systems. I was pushing for requiring that the data be made available by direct connection to the largest public networks (i.e., the Internet), however the bill makes no such requirement. On the other hand, I discovered that the Legislative Data Center has just installed a T-1 (1.544Mbits/sec) Internet connection with a Cisco router, and it *seems* likely that they will make the files available via that large data-pipe. PROPOSED AMENDMENTS ADD CALIFORNIA CODES [STATUTES] AND CONSTITUTION As requested by bill-author Debra Bowen, the proposed amendment would add California's codes and Constitution to the information to be available, online. Currently these are available on magtape for $200,044+. A major addition, if adopted. Part of the amendments state that, "The Legislative Counsel shall, with the advice of the Joint Rules Committee, make all of the [information] available to the public in electronic form." All in all, it *looks* like it will truly make the Legislature's public records publicly available across the nets, without cost -- at least to those who don't charge a fee to "republish or otherwise duplicate" them. ------------------------------ Date: Wed, 19 May 1993 07:25:18 -0700 From: Jim Warren Subject: File 5--AB1624-Legislation Online - Making SURE it's "right" AB1624 remains undefined or ambiguous on two points. Faxes and phone calls are needed *NOW* to clarify these points, before the May 20th hearing. Please send [at least] this language (an instance where it's okay for all of us to send exactly the same messages): Assembly Bill 1624 is excellent, but needs two clarifications due to technical issues of how shared computers and computer networks operate: 1. Subdivision (c) of the proposed amendments to AB1624 states that the legislative information, "shall be made available to the public by means of access by way of computer modem." The least expensive, most efficient and most accessible means of modem access is by way of the public computer networks. Therefore, please clarify AB1624 be appending this phrase to the above amendment language: "and by way of the [nonprofit, nonproprietary] public computer networks that are connected to the Legislative Data Center that is operated by the Legislative Counsel." 2. Subdivision (d) of the proposed amendments to AB1624 requires approvals, a written agreement and probably charges for individuals and entities that "republish or otherwise duplicate [legislative] information for a fee or any other consideration ..." Ignoring the issue of whether or not fees should be required of for-profit users of public information, the AB1624 language is ambiguous on an important operational issue: Many operations - including those of schools, universities, libraries, nonprofit organizations, community associations, public-access systems, home-based bulletin board systems (BBSs), etc. -- require an account or nominal fee for using their services or computers, but do not charge for using specific files or information. Please clarify that AB1624 applies only to those that charge for using legislative files, rather than those that charge for using their entire facility, by appending the following sentence to the end of subdivision (d): "However, this subdivision shall not apply to those individuals or entities that charge a fee or other consideration for use of their overall facilities or computer systems but do not account for nor charge for access to or use of specific files of information." Now is the time to *push*! Please keep it to one page. Please fax it BY MAY 20TH to at least (without the brackets :-): fax number: Assembly Member Debra Bowen [D], AB1624 Author ...................916-327-2201 The Honorable John Burton [D], Chair, Assembly Rules Committee....916-324-4899 The Honorable Richard Polanco [D], AB1624 Co-Author [on Rules]....916-324-4657 The Honorable Ross Johnson [R], AB1624 Co-Auth.[Rules Vice-Chair].916-324-6870 Senator Art Torres [D], AB1624 Principal Co-Author................916-444-0581 and - especially if you are in their district - also to: Assembly Member Deirdre "Dede" Alpert [D].........................916-445-4001 Assembly Member Trice Harvey [R]..................................916-324-4696 Assembly Member Barbara Lee [D]......916-327-1941 Assembly Member Richard L. Mountjoy [R].....................voice/916-445-7234 Assembly Member Willard H. Murray, Jr. [D]........................916-447-3079 Assembly Member Patrick Nolan [R].................................916-322-4398 Assembly Member Rusty Areias [D], AB1624 Co-Author................916-327-7105 Assembly Member Julie Bornstein [D], AB1624 Co-Author.............916-323-5190 Assembly Member Jan Goldsmith [R, male], AB1624 Co-Author...voice/916-445-2484 Assembly Member Phillip Isenberg [D], AB1624 Co-Author......voice/916-445-1611 Assembly Member Betty Karnette [D], AB1624 Co-Author..............916-324-6861 Assembly Member Richard Katz [D], AB1624 Co-Author..........voice/916-445-1616 Senator Tom Hayden [D], AB1624 Co-Author..........................916-324-4823 Senator Lucy L. Killea [I], AB1624 Co-Author......................916-327-2188 Senator Becky Morgan [R], AB1624 Co-Author..................voice/916-445-6747 Senator Herschel Rosenthal [D], AB1624 Co-Author............voice/916-445-7928 ------------------------------ Date: 18 May 93 20:27:06 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 6--CU In The News--Singapore Piracy / Ethics Conf. To: >internet:tk0jut2@niu.bitnet Singapore Piracy ============ Lotus and Novell have filed criminal charges against a man and wife in Singapore after they were found guilty in a civil suit for copyright and trademark violations. The companies obtained a court order to freeze nearly one million dollars in assets belonging to the pair, who had sold thousands of illegal software copies in Southeast Asia. (Information Week. May 10, 1993. pg. 8) Computer Ethics Institute Conference =========================== Information Week reports that Congressman Edward Markey (D - Mass.) made the following remarks at the above conference. "Just because personal information can be collected electronically, can be gleaned off the network as people call 800 number or click channels on he television, or can be cross-referenced into sophisticated lists and put on line for sale to others, does not mean that it has been technologically predetermined that privacy and social mores should be bent to that capability. (...) The Constitution is a 200-year-old parchment, simply because we digitize the words should not suggest their meanings change." Later, Markey commented that "Real harm can be done in the virtual world." Refer to "Ethics and Cyberculture" , Information Week, May 10, 1993 pg. 60 for more information on the conference and Markey's speech. ------------------------------ End of Computer Underground Digest #5.37 ************************************