////////////// //////////////// ////////////// //// //// //// _________ /////////________ /////////_______ /////////________________ //// //// //// ////////////////// //// //// ////////////////////////////////////////////////////////////////////// EFFector Online 4.2 12/17/1992 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 -==--==--==-<>-==--==--==- MEGATRENDS OR MEGAMISTAKES? What Ever Happened to the Information Society? (Part 2 of 2 Parts.) Part 1 was published in EFFector Online 4.1) by Tom Forester, Senior Lecturer, School of Computing & Information Technology, Griffith University, Queensland, Australia [Continued from EFFector Online 4.1] UNINTENDED CONSEQUENCES NEW SOCIAL VULNERABILITIES The IT revolution has created a whole new range of problems for society - problems which were largely unexpected. Some arise from the propensity of computers to malfunction, others arise from their misuse by humans. As complex industrial societies become more dependent on computers, they become more vulnerable to technological failure because computers have often proved to be unreliable, insecure and unmanageable. Malfunctioning hardware and software is much more common than many (especially those in the computer industry!) would have us believe. There is little doubt that we put too much faith in these supposedly-infallible machines. Computers are permeating almost every aspect of our lives, but unlike other pervasive technologies such as electricity, television and the motor car, computers are on the whole less reliable and less predictable in their behaviour. This is because they are discrete state digital electronic devices which are prone to total and catastrophic failure. Computer systems, when they are "down," are completely down, unlike analog or mechanical devices which may only be partially down and are thus still partially usable. Popular areas for computer malfunctions include telephone billing and telephone switching software, bank statements and bank teller machines, electronic funds transfer systems and motor vehicle licence databases. Industrial robots have been known to go berserk, while heart pacemakers and automatic garage door openers have been rendered useless by electro-magnetic radiation or "electronic smog" emitted from point-of-sale terminals, personal computers and video games. Although computers have often taken the "blame" on these occasions, the ultimate cause of failure in most cases is, in fact, human error. The cost of all this downtime is huge: for example, it has been reported that British businesses suffer around 30 major mishaps a year, involving losses of millions of pounds. The cost of software failures alone in the UK is conservatively estimated at $900 million per year (Woolnough 1988). In 1989, a British Computer Society committee reported that much software was now so complex that current skills in safety assessment were inadequate and therefore the safety of people could not be guaranteed (Mellor 1989). Computers enable enormous quantities of information to be stored, retrieved and transmitted at great speed on a scale not possible before. This is all very well, but it has serious implications for data security and personal privacy because computer networks are inherently insecure. The recent activities of hackers and data thieves in the US, Germany and Britain have shown how all-too-easy it still is to break into even the most sophisticated financial and military systems. Malicious virus creators have wreaked havoc on important academic and government communication networks. The list of scams perpetrated by the new breed of high-tech criminals, ranging from airline ticket reservation fraud to the reprogramming of the chips inside mobile phones, is growing daily. Some people have had their careers and lives ruined by unauthorized users gaining access to supposedly-confidential databases containing medical, financial and criminal records. Computer systems are often incredibly complex - so complex, in fact, that they are not always understood even by their creators (although few are willing to admit it!). This often makes them completely unmanageable. Unmanageable complexity can result in massive foul-ups or spectacular budget "runaways." For example, Bank of America in 1988 had to abandon a $20 million computer system after spending five years and a further $60 million trying to make it work! Allstate Insurance saw the cost of its new system rise from $8 million to a staggering $100 million and estimated completion delayed from 1987 to 1993! Moreover, the problem seems to be getting worse: in 1988 the American Arbitration Association took on 190 computer disputes, most of which involved defective systems. The claims totalled $200 million - up from only $31 million in 1984. Complexity can also result in disaster: no computer is 100 per cent guaranteed because it is virtually impossible to anticipate all sources of failure. Yet computers are regularly being used for all sorts of critical applications such as saving lives, flying aircraft, running nuclear power stations, transferring vast sums of money and controlling missile systems - and this can sometimes have tragic consequences. For example, between 1982 and 1987, some 22 US servicemen died in five separate crashes of the USAF's sophisticated Blackhawk helicopter before the problem was traced to its computer- based 'fly-by-wire' system (Forester and Morrison 1990). At least two people were killed after receiving overdoses of radiation administered by the computerized Therac 25 X-ray machines, and there are many other examples of computer foul-ups causing death and injury (Forester and Morrison 1990). Just to rub it in, I should also point out that computer systems are equally vulnerable to fires, floods, earthquakes and even quite short power outages or voltage drops caused by "dirty power", as well as attacks by outside hackers and sabotage from inside employees. For example, in Chicago in 1986, a disgruntled employee at Encyclopedia Britannica , angry at having been laid-off, merely tapped into the encyclopedia's database and made a few alterations to the text being prepared for a new edition of the renowned work - like changing references to Jesus Christ to Allah and inserting the names of company executives in odd positions. As one executive commented, "In the computer age, this is exactly what we have nightmares about". A year later, another saboteur shut down the entire National Association of Securities Dealers' automatic quotation service (NASDAQ) for 82 minutes, keeping 20 million shares from being traded. The saboteur in question was an adventurous squirrel, who had caused a short circuit in Trumbull, Connecticut, where NASDAQ's main computer is situated. In Australia, foxes have taken to digging up new optical fibre cables to eat the plastic cover, while sharks have been doing the same to submarine fibre optic telephone cables on the floor of the Pacific ocean. In Denmark, a strike by 600 computer personnel paralysed the government for four months in 1987, causing the ruling party to call an early general election (UPI 1987), while in the same year an Australian saboteur carefully severed 24 cables in a Sydney tunnel and knocked out 35,000 telephone, fax and point- of-sale lines, putting hundreds of businesses in 40 suburbs out of action for up to 48 hours (The Australian, 23 November 1987, page 1). As society becomes more dependent on computers, we also become more vulnerable to the misuse of computers by human beings. The theft of copyright software is widespread, while recent, well-publicized incidents of hacking, virus creation, computer-based fraud and invasion of privacy have been followed by a rising chorus of calls for improved "ethics" in computing and new laws to protect citizens from computerized anarchy. It can be argued that the "information" or "knowledge" society cannot possibly flourish unless better protection is offered to individuals and companies who generate wealth from information. Yet copying of software is allegedly costing US producers alone $10-12 billion a year, according to the Business Software Association (BSA). In Europe, where software piracy is costing producers $4.5 billion a year according to EC figures, the BSA has been forced to mount raids on major users in Italy and France. Even in Germany, "When you compare the number of pcs sold with the amount of legitimate software sold, two-thirds of the computers must be used as expensive doorstops," says a Microsoft spokesman. In Asia, software piracy is rampant. It has been estimated that 7 or 8 copies of well-known packages exist for every legitimate copy sold in Singapore, where the local economy benefits to the tune of millions of dollars a year from the counterfeiting of Western products. In Taiwan, police raids in 1990 netted more than 5,000 counterfeit packages of MS-DOS, 6,000 counterfeit MS-DOS manuals in English, French and German, and 12,500 disks with bogus Microsoft labels on them (Jinman 1991). Hong Kong police busted a software mail order racket, seizing no less than 109,000 disks, manuals and other counterfeit kit from a wooden hut on a remote hillside. They had a street value of $3 million. It is estimated that 97% of all the software in Thailand has been copied, while copying is also rife in Pakistan, Malaysia, South Korea and mainland China. So much for the economic "miracles" of those "little Dragons" of Asia! Unless more is done to curb software copying, we are likely to see, first, a sharp decline in software production. With the erosion of the potential rewards from software development, programmers are likely to move into more lucrative areas of the IT industry. And less software producers will mean less innovative software being produced. Second, continued copying will lead to continued rises in software prices. Already, developers have to recoup the anticipated losses from copying by charging more than would be necessary if people did not copy in the first place. Because copying software is so easy and so widespread, the law - whether it be copyright law, patent law or contract law - is not a lot of use. Copying is hard to prove in court and it is nigh impossible to catch copiers in the act. The best hope for the IT industry is to try to change social attitudes and individual consciences. "Hackers" are another unplanned product of the IT revolution. Mostly young males, these computer enthusiasts specialize in gaining unauthorized access to other peoples' computer systems for fun and for profit. Some like the challenge of computer "cracking", some are little more than electronic vandals who set out to cause damage, while others have ended up betraying their country - like the members of the Chaos Computer Club of West Germany who stole US military secrets which they sold to the KGB in order to fund their expensive drug habits (the charred body of one of their number, Karl Koch, was later found in a forest outside Hannover). In the last couple of years, enormous time and effort has also been spent making good the damage caused by malicious computer anarchists who have let loose "viruses" which have infected thousands of systems and millions of disks around the world. The IT revolution has also made it easier to put people under electronic surveillance and it has increased the likelihood of individuals having their privacy invaded. Burnham (1983) pointed out that IT enables governments and commercial organisations to store vast amounts of "transactional data", such as details of phone calls, financial payments, air travel, and so on. From these, a composite picture of an individual's friendships, spending habits and movements can be built up. New IT gadgetry makes it much easier to spy on people with hidden bugs and other eavesdropping devices, to gather information by, for example, illicit phone taps, and to directly monitor the performance of employees with videos and computers. Electronic databases containing vital medical, financial and criminal records - which are often inaccurate - have been accessed by unauthorized users. As Linowes (1989) and Flaherty (1990) argue, this creates a major problem of how to protect privacy in "information" societies - a problem which the law has been slow to tackle. NEW PSYCHOLOGICAL MALADIES The IT revolution has brought with it a number of psychological problems associated with computer-mediated communication. These have implications for both organisational productivity and human relationships. One major problem is that of "information overload" or so-called "infoglut". This arises because modern society generates so much new information that we are overwhelmed by it all and become unable to distinguish between what is useful and what is not-so-useful. In essence, it is a problem of not being able to see the wood for the trees. For example, 14,000 book publishers in the US release onto the market 50,000 new titles every year. There are now at least 40,000 scientific journals publishing more than 1 million new papers each year - that's nearly 3,000 per day - and the scientific literature is doubling every 10-15 years. Clearly, it is impossible for any one individual to keep up with the literature, except for very small areas. The book and research paper explosion has been assisted by the "publish or perish" ethic in academia, which encourages the production of mediocre, repetitive and largely useless work. It also creates a serious headache for cash-strapped libraries. Improvements in IT enable us to gather, store and transmit information in vast quantity, but not to interpret it. But what are we going to do with all that information? We have plenty of information technology - what is perhaps needed now is more intelligence technology, to help us make sense of the growing volume of information stored in the form of statistical data, documents, messages, and so on. For example, not many people know that the infamous hole in the ozone layer remained undetected for seven years as a result of infoglut. The hole had in fact been identified by a US weather satellite in 1979, but nobody realised this at the time because the information was buried - along with 3 million other unread tapes - in the archives of the National Records Centre in Washington DC. It was only when British scientists were analysing the data much later in 1986 that the hole in the ozone was first "discovered". In commerce and in government, it is alleged that infloglut is affecting decision-making to such an extent that some organisations now suffer from "analysis paralysis." Managers and administrators become overloaded and prevaricate by calling for more studies, reports, etc, instead of actually making a decision. But as someone once said, "waiting for all the facts to come in" can be damn frustrating if the facts never stop coming! In the military sphere, information overload has caused pilots to crash fighter aircraft. It has also played a role in civilian and military disasters such as Bhopal and the downing of an Iranian airbus over the Persian Gulf by the USS Vincennes. The US military is now having to spend large sums of money on "human factors" research - that is, studying how humans can adequately relate to complex, high-tech weapons systems which operate at lightning-fast speeds. There is also serious concern that media infoglut is having a damaging effect on society - in particular the younger generation. As Chesebro and Bonsall (1989) show, the television set is on in the average American household for 7 hours and 7 minutes a day. In addition, recorded video tapes are watched for a further 5 hours 8 minutes a week on average (1987 figures). Young Americans can also tune in to any of 9,300 radio stations in the US, on one of the 5.3 radios in the average American household. In these and other ways, the typical American encounters no less than 1,600 advertisements each day. By the age of 17, the average American child would have seen over one-third of a million ads. It is little wonder that US academics are talking about America "amusing itself to death", its collective mind numbed by video-pulp, 10-second sound bites and 30- second video clips. A recent report by the Times Mirror group concluded that the current under-30s generation in the US - despite the benefits of a higher standard of living, better education, information technology, etc - "knows less, cares less and reads newspapers less than any generation in the past five decades" (Zoglin 1990). A second set of problems concerns the way some people use the new computer-based communication technologies and how they relate to other people as a result. For instance, some managers have been diagnosed "communicaholic" because of their obsessive desire to keep in touch and to constantly communicate using their car phones and fax machines. Some have allegedly become "spreadsheet junkies", playing endless what-if? games on their computers, or "e.mail addicts" spending hours sending and answering trivial e.mail messages. But does this "hyperconnectedness" mean that they are doing their jobs any better and are they making wiser decisions? There is some evidence that too much "in touch" may actually be destructive of work relationships - subordinates usually want to be left alone to get on with the job. Calling people at home for progress reports can increase stress by further blurring the boundaries between work and nonwork. And what of those car phone conversations? Many have long suspected the quality of such communication and now research at Loughborough University in the UK has confirmed that car phones can seriously impair negotiating and decision-making skills. Rather like US president Gerald Ford (about whom it was said that he couldn't think and chew gum at the same time), it seems that 4 out of 5 UK executives cannot think and drive at the same time. For car phone users, both their businesses and their cars were more likely to crash. A further problem is "technobabble". This modern malady has two aspects. The first is the inability of computer personnel to explain in plain English just what they or their systems can do - or the value in business terms of investing more money in IT equipment. In many organisations, top management and IT departments still speak a different language and this has serious consequences for organisational efficiency. Second, Barry (1991) has described the way in which computer terminology and techno-jargon is being applied indiscriminately to areas of life which have nothing at all to do with technology. Thus, people these days do not merely converse with each other, they interface. It is not uncommon to hear people refer to their leisure hours as downtime. In California's Silicon Valley, getting something off ones's chest is even known as core-dumping. Just as some people are coming to think of themselves as computers, so they are also beginning to view computers as "intelligent" or "thinking" people - and yet the analogy between conventional Von Neumann computers and the human brain has long been discredited. PUTTING HUMANS BACK IN THE PICTURE We have seen that many of the predictions made about the impact of computers on society have been wide of the mark, primarily because they have accorded too great a role to technology and too little a role to human needs and abilities. At the same time, there have been a number of unanticipated problems thrown up by the IT revolution, most of which involve the human factor. Perhaps the time has come for a major reassessment of our relationship to technology, especially the new information and communication technologies. After all, haven't manufacturers belatedly discovered that expensive high-tech solutions are not always appropriate for production problems, that robots are more troublesome than people and that the most "flexible manufacturing system" available to them is something called a human operator? Didn't one study of a government department conclude that the only databases worth accessing were those carried around in the heads of long-serving employees? And is it not the case that the most sophisticated communication technology available to us is still something called speaking to each other? One conclusion to be drawn from this is that technological advances in computing seem to have outpaced our ability to make use of them. Computers have also de-humanized many social activities ranging from commercial transactions to hospital care. Human interaction has tended to decline in the computerized workplace. ATMs have de- personalized banking. Even crime has been de-personalized by the computer - pressing a few keys to siphon-off funds is not the same as bashing someone over the head and running-off with the cash! To many, the recent military conflict in the Gulf resembled a giant video game and even became known as the "Nintendo War". There is also little doubt that many computer scientists and other computer enthusiasts have low needs for social interaction and seem to relate better to their machines than they do to other human beings - the so- called "nerd" syndrome. Further, computers have speeded-up the pace of life, leaving little time for calm reflection and contemplation. This can lead to "technostress", fatigue, anxiety and burnout. Most people now know that slow is healthier, but there is little evidence that people are slowing down. Perhaps we should go back to basics and first decide what we really want out of life - a decent home, a satisfying family life, a reasonable standard of living, a clean environment, an interesting job with a healthy workstyle - and then direct technology toward these simple, human ends. It would be nice to think that our schools and colleges are helping make future generations more aware of the choices and the possibilities, rather than fatalistically joining in the uncritical, headlong rush toward an ill-defined and ill-thought- out high-tech future. =========== Opening Address to International Conference on the Information Society, Gottlieb Duttweiler Institute / Green Meadow Foundation, Zurich, Switzerland, 18 November 1991 =========== -==--==--==-<>-==--==--==- THE SECOND ANNUAL INTERNATIONAL EFF PIONEER AWARDS: CALL FOR NOMINATIONS Deadline: December 31,1992 In every field of human endeavor,there are those dedicated to expanding knowledge,freedom,efficiency and utility. Along the electronic frontier, this is especially true. To recognize this,the Electronic Frontier Foundation has established the Pioneer Awards for deserving individuals and organizations. The Pioneer Awards are international and nominations are open to all. In March of 1992, the first EFF Pioneer Awards were given in Washington D.C. The winners were: Douglas C. Engelbart of Fremont, California; Robert Kahn of Reston, Virginia; Jim Warren of Woodside, California; Tom Jennings of San Francisco, California; and Andrzej Smereczynski of Warsaw, Poland. The Second Annual Pioneer Awards will be given in San Francisco, California at the 3rd Conference on Computers, Freedom, and Privacy in March of 1993. All valid nominations will be reviewed by a panel of impartial judges chosen for their knowledge of computer-based communications and the technical, legal, and social issues involved in networking. There are no specific categories for the Pioneer Awards, but the following guidelines apply: 1) The nominees must have made a substantial contribution to the health, growth, accessibility, or freedom of computer-based communications. 2) The contribution may be technical, social, economic or cultural. 3) Nominations may be of individuals, systems, or organizations in the private or public sectors. 4) Nominations are open to all, and you may nominate more than one recipient. You may nominate yourself or your organization. 5) All nominations, to be valid, must contain your reasons, however brief, on why you are nominating the individual or organization, along with a means of contacting the nominee, and your own contact number. No anonymous nominations will be allowed. 6) Every person or organization, with the single exception of EFF staff members, are eligible for Pioneer Awards. 7) Persons or representatives of organizations receiving a Pioneer Award will be invited to attend the ceremony at the Foundation's expense. You may nominate as many as you wish, but please use one form per nomination. You may return the forms to us via email to pioneer@eff.org You may mail them to us at: Pioneer Awards, EFF, 155 Second Street Cambridge MA 02141. You may FAX them to us at: +1 617 864 0866 Just tell us the name of the nominee, the phone number or email address at which the nominee can be reached, and, most important, why you feel the nominee deserves the award. You may attach supporting documentation. Please include your own name, address, and phone number. We're looking for the Pioneers of the Electronic Frontier that have made and are making a difference. Thanks for helping us find them, The Electronic Frontier Foundation -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online, the @eff.org newsletter and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Our memberships are $20.00 per year for students, $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ---------------- EFF MEMBERSHIP FORM --------------- Mail to: The Electronic Frontier Foundation, Inc. 155 Second St. #41 Cambridge, MA 02141 I wish to become a member of the EFF I enclose:$__________ $20.00 (student or low income membership) $40.00 (regular membership) $100.00(Corporate or company membership. This allows any organization to become a member of EFF. It allows such an organization, if it wishes to designate up to five individuals within the organization as members.) I enclose an additional donation of $ Name: Organization: Address: City or Town: State: Zip: Phone:( ) (optional) FAX:( ) (optional) Email address: I enclose a check [ ] . Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ] . Initials: Your membership/donation is fully tax deductible. ===================================================================== EFFector Online is published by The Electronic Frontier Foundation 155 Second Street, Cambridge MA 02141 Phone: +1 617 864 0665 FAX: +1 617 864 0866 Internet Address: eff@eff.org Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. ===================================================================== This newsletter is printed on 100% recycled electrons. ////////////// //////////////// ////////////// //// //// //// _________ /////////________ /////////_______ /////////________________ //// //// //// ////////////////// //// //// ////////////////////////////////////////////////////////////////////// EFFector Online 4.2 12/23/1992 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-424 IN THIS ISSUE: THE NEW, STREAMLINED BILL O' RIGHTS by John Perry Barlow CRACKER BREAKS INTO ATHENA @ MIT: The Security Alert EFF'S LEGISLATIVE WATCH by Shari Steele -==--==--==-<>-==--==--==- The New, Streamlined BILL O' RIGHTS (As amended by the recent federal & state decisions) Amendment 1 Congress shall encourage the practice of Judeo-Christian religion by its own public exercise thereof and shall make no laws abridging the freedom of responsible speech, unless such speech contains material which is copyrighted, sexually arousing, or deeply offensive to non-Europeans, non-males, differently-abled or alternatively preferenced persons; or the right of the people peaceably to assemble, unless such assembly is taking place on corporate or military property or within an electronic environment, or to make petitions to the Government for a redress of grievances, unless those grievances relate to national security. Amendment 2 A well-regulated Militia having become irrelevant to the security of the State, the right of the people to keep and bear Arms against one another shall nevertheless remain uninfringed. Amendment 3 No soldier shall, in time of peace, be quartered in any house, without the consent of the owner, unless that house is thought to have been used for the distribution of illegal substances. Amendment 4 The right of the people to be secure in their persons, houses, papers. and effects against unreasonable searches and seizures, may be suspended to protect public welfare, and no Warrants need be issued, but upon the unsupported suspicion of law enforcement officials, any place or conveyance shall be subject to immediate search and such places or conveyances and any property within them may be permanently confiscated without further judicial proceeding. Amendment 5 Any person may be held to answer for a capital, or otherwise infamous crime involving illicit substances, terrorism, or child pornography, or upon any suspicion whatever; and may be subject for the same offense to be twice put in jeopardy of life or limb, once by the State courts and again by the Federal Judiciary; and may be compelled by various means, including interrogation or the forced submission of breath samples, bodily fluids, or encryption keys, to be a witness against himself, refusal to do so constituting an admission of guilt; and may be deprived of life, liberty, or property without further legal delay; and any property thereby forfeited shall be dedicated to the discretionary use of law enforcement agents. Amendment 6 In all criminal prosecutions, the accused shall enjoy the right to a speedy and private plea bargaining session before pleading guilty. He is entitled to the Assistance of underpaid and incompetent Counsel to negotiate his sentence, except where such sentence falls under federal mandatory sentencing requirements. Amendment 7 In Suits at common law, where the contesting parties have nearly unlimited resources to spend on legal fees, the right of trial by jury shall be preserved. Amendment 8 Sufficient bail may be required to ensure that dangerous criminals will remain in custody, where cruel punishments are usually inflicted. Amendment 9 The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others which may be asserted by the Government as required to preserve public order, family values, or national security. Amendment 10 The powers not delegated to the United States by the Constitution, shall be reserved to the United States Departments of Justice and Treasury, except that the States shall have the right to ban abortions. Derived by J. P .Barlow New York, New York December 21, 1992 -==--==--==-<>-==--==--==- Our Farflung Correspondents From: Roland H. Pesch To: junk@cygnus.com Subject: 20 years of progress in Scotts Valley, CA A front-page story (headlined "High tech, high crimes") in today's Santa Cruz Sentinel features a fascinating quote from the Chief of Police of Scotts Valley: "It's all new", says Scotts Valley Police Chief Steve Walpole. "Twenty years ago, who would have thought you could arrest someone for what's in his head?" -==--==--==-<>-==--==--==- MIT Discovers Athena Security Breech Recently, the MIT Information Systems staff discovered that one of the Institute's Athena dialup servers had been compromised through an unauthorized modification of the machine's system software. If you have used the Athena dialup service during the last two months to telnet to other machines, read on. Your accounts on other machines may have been compromised. Specifically, each time the telnet command was executed on this Athena dialup machine the userid, password, and name of the system to which the Athena user was connecting were evidently captured by an unauthorized user. This individual is now in a position to use the captured information to gain access to other systems. Our official system logs indicate that during the time the modified version of the telnet program was in place, over 4000 individuals used this particular dialup server. Those individuals who executed the telnet command from this machine within the past two months may have had their accounts on other machines compromised. Check your username To determine whether you are among the 4000 individuals most at risk, you can use a command called checkmyid located in the Athena info locker. From your Athena account, at the athena% prompt, type: attach info /mit/info/checkmyid Change your password We recommend that all Athena users change their passwords frequently - once a semester is recommended. If checkmyid verifies that you are one of the 4000 people who used this specific dialup server during the last two months, we STRONGLY recommend that you change your passwords immediately on ALL systems, including Athena, to which you may have telneted. You must assume that all accounts you may have reached using telnet are compromised. Your new Athena password should be at least 6 characters long, and can contain any combination of UPPER- and lower-case letters, numbers, or other symbols that appear on the computer keyboard. For further information on choosing a secure password, see Athena's On-Line Help Service. Alert others In addition please inform the system manager of any machines - including Athena workstations in faculty offices - to which you may have connected, since it is possible that the intruder may have used your account to compromise those machines as well. The individual who compromised our system used a pattern of attack identical to one used by an individual operating from outside the MIT community to attack a number of systems across the country during the past year. In all likelihood, if you are among those whose accounts were compromised, you will probably not find any damage to your files. This individual's mode of operation is believed to be limited to breaking into accounts for the sole purpose of discovering any userids and passwords stored there to enable him to break into additional systems. We sincerely apologize for the inconvenience this causes our user community. We have taken immediate steps to eliminate this particular security threat and we are reviewing and modifying our operational procedures to limit our vulnerability to this and other types of attacks in the future. If you have any questions or comments, please send electronic mail to or contact your Athena cluster manager. -==--==--==-<>-==--==--==- BBS Legislative Watch Legislation from Last Congress that May Affect Your Online Communications by Shari Steele (EFF attorney) For those of us communicating electronically, it is often hard to see how involvement in the bureaucracy of Washington, D.C., could have any positive impact on our lives online. But laws that can have great effect on our online rights are constantly introduced and modified in the United States Congress and local legislatures, and last year was no exception. While the 102nd Congress is now history, here is a sample of the legislation introduced over the past year that will likely affect those of us building communities on the electronic frontier. Threats to Privacy FBI's Wiretapping Proposal Thwarted In a move that worried privacy experts, software manufacturers and telephone companies, the FBI proposed legislation to amend the Communications Act of 1934 to make it easier for the Bureau to perform electronic wiretapping. The proposed legislation, entitled "Digital Telephony," would have required communications service providers and hardware manufacturers to make their systems "tappable" by providing "back doors" through which law enforcement officers could intercept communications. Furthermore, this capability would have to be provided undetectably, while the communication was in progress, exclusive of any communications between other parties, regardless of the mobility of the target of the FBI's investigation, and without degradation of service. The security risks are obvious; if law enforcement officers can "tap" into a conversation, so can others with harmful intent. The privacy implications are also frightening. Today, all sorts of information about who we are and what we do, such as medical records, credit reports and employment data, are held on electronic databases. If these databases have government-mandated "tappability," this private information could potentially be accessed by anyone tapping in. To add insult to injury, the FBI proposal suggests that the cost of providing this wiretapping "service" to the Bureau would have to be bourne by the service provider itself, which ultimately means you and I will be paying higher user fees. The Electronic Frontier Foundation organized a broad coalition of public interest and industry groups, from Computer Professionals for Social Responsibility (CPSR) and the ACLU to AT&T and Sun MicroSystems, to oppose the legislation. A white paper produced by EFF and ratified by the coalition, entitled, "An Analysis of the FBI Digital Telephony Proposal," was widely distributed throughout the Congress. Senator Patrick Leahy (D-Vermont) and Representative Don Edwards (D- California), chairs of two key committees, referred to the EFF paper as they delayed introduction of the FBI's proposal. As Leahy stated before the Senate, "Our goal is to assist law enforcement," but "without jeopardizing privacy rights or frustrating the development of new communications technologies." The Justice Department lobbied hard in the final days to get Congress to take up the bill before Congress adjourned, but the bill never even found a Congressional sponsor (and was therefore never officially introduced). The FBI will almost certainly reintroduce "Digital Telephony" when the 103rd Congress convenes in January. Cellular Scanners Prohibited The wrong solution won out as Congress attempted to protect the privacy of users of cellular telephones. Congress chose to ban scanners as it amended the Communications Act of 1934 with the FCC Authorization Act of 1991. The Authorization Act, among other things, prohibits the U.S. manufacture and importation of scanning receivers capable of: receiving cellular transmissions, being easily altered to receive cellular transmissions, or being equipped with decoders to convert digital cellular transmissions to analog voice audio. While privacy protection is always important, EFF opposed the bill, arguing that technical solutions, such as encryption, are the only way to protect private communications carried over the airwaves. Unable to stop the scanner ban, EFF worked with Representative Edward Markey (D-Massachusetts) and Senator Ernest Hollings (D-South Carolina) to add an amendment to the legislation requiring the FCC to study the impact of this law on privacy. Sometime in 1993, the FCC must also conduct a public inquiry and issue a report on alternative means for protecting cellular telephone conversations with a focus on encryption. Threats to Free Speech Federal Agency to Study Hate Crimes on BBSs Recognizing that electronic media have been used more and more often to spread messages of hate and bigotry, Congress mandated the National Telecommunications and Information Adminstration (NTIA) to conduct a study on "the role of telecommunications in crimes of hate and violent acts against ethnic, religious, and racial minorities." Computer bulletin boards are specifically mentioned as one of the targeted media to be studied under the Telecommunications Authorization Act of 1992. Representative Markey, while supporting the Act in the House, cautioned NTIA to be sensitive to privacy concerns while conducting the study. A report on the results of the study will be presented to the Senate before the end of June, 1993. Congress Regulates Video Transmissions Much has been written about the passage of the Cable Television Consumer Protection and Competition Act of 1992, more commonly known as the "Cable Act." While specifically designed to regulate rates, establish customer service requirements and prevent unfair competition for cable television providers, the Cable Act may have broader implications for those of us communicating online. The communications networks of the future will include video and data transmission, as well as the voice transmission we are now used to using over the telephone lines. The Cable Act is Congress's first attempt to regulate the wire/cable transmissions that will make up our networks of the future. EFF is currently studying the implications of this legislation, specifically as it applies to free speech over the network. Threats to the Public's Right to Government Information Fees Charged for Use of Government BBS In a poorly thought-out move designed to raise federal revenues, Congress passed a law permitting the Federal Maritime Commission to charge user fees on its Automated Tariff Filing and Information System (AFTI). The law requires shippers, freight forwarders, ocean carriers and third-party information vendors to pay 46 cents for every minute they are connected to the government-sponsored electronic database. EFF joined with many other groups, including library groups, the Information Industry Association and The Journal of Commerce, in opposing this legislation. EFF and the others fear that this precedent of allowing the government to charge citizens more than the government's cost for information could be applied to many other federal databases and impinge on the public's access to government data in electronic formats. Federal Employees Denied Copyrights for Government Software EFF joined with several other organizations to successfully stop the Technology Transfer Improvements Act in a Senate committee after it had passed in the House of Representatives. This Act would have allowed the federal government to claim copyright in certain computer software created by federal employees working with non-federal parties. Because so much government information is stored only in computerized formats, EFF and the others, including the Software Publishers Association, American Library Association, and Information Industry Association, were concerned that this legislation would impinge on a citizen's right to obtain and use government information that he or she has the right to obtain and use. Reproducing Copyrighted Software Now a Felony Under the strong lobby of the Software Publishers Association, Congress decided to stiffen penalties for individuals making illegal reproductions of copyrighted software. The amended law makes reproducing copyrighted software a felony if certain conditions are met. According to the statute, any person who makes 1) at least ten copies 2) of one or more copyrighted works 3) that have a retail value of more than $2500, can be imprisoned for up to five years and/or fined $250,000. In order for the infringement to be a criminal violation, however, the copies must be made "willfully and for purposes of commerical advantage or private financial gain." While the term "willfully" is not defined in the statute, previous criminal court cases on copyright law have held that the person making the copies must have known that his or her behavior was illegal. Software backups are not illegal (in fact, they are usually encouraged by software providers), and therefore do not fall under the scope of this statute. Like most of us, EFF is concerned about the ramifications of this legislation. While the statute itself provides safeguards that seem to place heavy restrictions on how the law is applied, we are wary that improper application of the law could result in extreme penalties for software users. We will be monitoring cases brought under this statute and intervening if we see civil liberties violations taking place. Network Access for All Commercial Users Given Internet Access Congress gave the National Science Foundation (NSF), the agency overseeing the Internet, the authority to relax some of its access rules governing certain types of information travelling over the network, including commercial information. The Internet has been an educational and research-oriented network since the 1980s. Over the past few years, however, the Internet has become increasingly open to non- educational and commercial uses. The National Science Foundation Act was amended to encourage an increase in network uses that will ultimately support research and education activities. While the amendment was still being considered by the House Science Subcommittee, chaired by Representative Richard Boucher (D- Virginia), EFF's President, Mitch Kapor, argued for more flexible rules to spur diversity and innovation on the Internet. Relying in part on Kapor's contentions, Representative Boucher sponsored the amendment as it passed in the full House of Representatives; Senator Albert Gore (D- Tennessee) championed it in the Senate. EFF lobbied to convince potential congressional and industry opponents that the legislation would facilitate, not impede, wider access to the Internet. EFF's Open Platform Proposal Introduced This past Fall, Mitch Kapor testified before the House Subcommittee on Telecommunications and Finance about the perceived dangers of regional Bell telephone company entry into the information services market. To combat the fear that the Bells would engage in anticompetitive behavior, EFF proposed an information network for the near future that would be affordable, equitable, and easily-accessible (EFF's Open Platform Proposal). Kapor suggested that ISDN could make such a network possible sooner rather than later and at little expense. Legislation was circulated near the end of Congress which included the Open Platform Proposal. The proposed legislation, entitled the "Telecommunications Competition and Services Act of 1992," was sponsored by House Telecommunications and Finance Subcommitee Chair Markey and would give government support to anyone moving forward to provide digital telecommunications now over existing copper wires. This, in turn, would pave the way for a broadband network requiring telecommunications infrastructure modernization in the future. This piece of legislation laid the groundwork for a major debate in the next Congress, especially since President-elect Clinton and Vice-President- elect Gore have committed themselves to an infrastructure of information highways. As you can see, Congress has been very busy creating legislation that may affect your lives online. Next month, we will make some predictions of areas where the 103rd Congress is likely to concentrate its efforts. Shari Steele is a Staff Attorney with the Washington office of the Electronic Frontier Foundation (EFF). Steele can be reached at ssteele@eff.org. -==--==--==-<>-==--==--==- THE SECOND ANNUAL INTERNATIONAL EFF PIONEER AWARDS: CALL FOR NOMINATIONS Deadline: December 31,1992 In every field of human endeavor,there are those dedicated to expanding knowledge,freedom,efficiency and utility. Along the electronic frontier, this is especially true. To recognize this,the Electronic Frontier Foundation has established the Pioneer Awards for deserving individuals and organizations. The Pioneer Awards are international and nominations are open to all. In March of 1992, the first EFF Pioneer Awards were given in Washington D.C. The winners were: Douglas C. Engelbart of Fremont, California; Robert Kahn of Reston, Virginia; Jim Warren of Woodside, California; Tom Jennings of San Francisco, California; and Andrzej Smereczynski of Warsaw, Poland. The Second Annual Pioneer Awards will be given in San Francisco, California at the 3rd Conference on Computers, Freedom, and Privacy in March of 1993. All valid nominations will be reviewed by a panel of impartial judges chosen for their knowledge of computer-based communications and the technical, legal, and social issues involved in networking. There are no specific categories for the Pioneer Awards, but the following guidelines apply: 1) The nominees must have made a substantial contribution to the health, growth, accessibility, or freedom of computer-based communications. 2) The contribution may be technical, social, economic or cultural. 3) Nominations may be of individuals, systems, or organizations in the private or public sectors. 4) Nominations are open to all, and you may nominate more than one recipient. You may nominate yourself or your organization. 5) All nominations, to be valid, must contain your reasons, however brief, on why you are nominating the individual or organization, along with a means of contacting the nominee, and your own contact number. No anonymous nominations will be allowed. 6) Every person or organization, with the single exception of EFF staff members, are eligible for Pioneer Awards. 7) Persons or representatives of organizations receiving a Pioneer Award will be invited to attend the ceremony at the Foundation's expense. You may nominate as many as you wish, but please use one form per nomination. You may return the forms to us via email to pioneer@eff.org You may mail them to us at: Pioneer Awards, EFF, 155 Second Street Cambridge MA 02141. You may FAX them to us at: +1 617 864 0866 Just tell us the name of the nominee, the phone number or email address at which the nominee can be reached, and, most important, why you feel the nominee deserves the award. You may attach supporting documentation. Please include your own name, address, and phone number. We're looking for the Pioneers of the Electronic Frontier that have made and are making a difference. Thanks for helping us find them, The Electronic Frontier Foundation -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online, the @eff.org newsletter and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Our memberships are $20.00 per year for students, $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ---------------- EFF MEMBERSHIP FORM --------------- Mail to: The Electronic Frontier Foundation, Inc. 155 Second St. #41 Cambridge, MA 02141 I wish to become a member of the EFF I enclose:$__________ $20.00 (student or low income membership) $40.00 (regular membership) $100.00(Corporate or company membership. This allows any organization to become a member of EFF. It allows such an organization, if it wishes to designate up to five individuals within the organization as members.) I enclose an additional donation of $ Name: Organization: Address: City or Town: State: Zip: Phone:( ) (optional) FAX:( ) (optional) Email address: I enclose a check [ ] . Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ] . Initials: Your membership/donation is fully tax deductible. ===================================================================== EFFector Online is published by The Electronic Frontier Foundation 155 Second Street, Cambridge MA 02141 Phone: +1 617 864 0665 FAX: +1 617 864 0866 Internet Address: eff@eff.org Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. ===================================================================== This newsletter is printed on 100% recycled electrons.