****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 6 4/16/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 454 lines -==--==--==-<>-==--==--==- In this issue: Initial EFF Analysis of Clinton Privacy and Security Proposal Society for Electronic Access: A New York City-based grassroots online activist group. Updated Contact List for Regional Online Activist Groups -==--==--==-<>-==--==--==- April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption as well as law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but they chips will be available to any manufacturer for incorporation into their communications products. This proposal raises a number of serious concerns . First, the Administration appears to be adopting a solution before conducting an inquiry. The NSA-developed Clipper chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm can not be trusted unless it can be tested. Yet the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the split-key, dual-escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive individual's fifth amendment rights in subsequent criminal inquiries? In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper chip" solution ought to be considered as part of the inquiry, not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40 bits of each key. Upon presentation of a valid warrant, the two escrow agents would have to turn the key parts over to law enforcement agents. Most likely the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested one non-law enforcement federal agency, perhaps the Federal Reserve, and one non-governmental organization. But, there is no agreement on the identity of the agents yet. Key registration would be done by the manufacturer of the communications device. A key is tied to the device, not to the person using it. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back door means by which the government or others could break the code without securing keys from the escrow agents and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel -==--==--==-<>-==--==--==- [EFFector Online will regularly feature a regional grassroots group of telecommunications activists describing themselves and their activities.-- C.F.] The Society for Electronic Access By Steve Barber The Society for Electronic Access ("SEA") is an organization of people who are concerned with establishing and preserving civil rights in cyberspace and with promoting public access to computer- based information systems. The SEA is a regionally-based group, centered in New York City, though we have members in other parts of New York State and northern New Jersey. We like to think of ourselves as covering the "New York City metropolitan area." The SEA first met in August 1992 in borrowed space somewhere on the New York University campus. We were a group of folks who were vaguely, variously, and intensely interested in the issues posed by the cyberspace/real-world interface, with a strong interest in becoming the New York chapter of the EFF. Over the course of the next six months, the issue of EFF affiliation dominated group discussions. Some might say "paralyzed." Some found loose analogies to Beckett's "Waiting for Godot." Finally, of course, the EFF announced that there would be no chapters. This announcement caused some minor disappointment, but on the whole it was liberating for the group. In short order, we had projects, results, and even a name. The SEA membership has adopted the following statement of purpose, which is an excellent description of what we are, what we are becoming, and what we want to be: The purpose of SEA is to help make our corner of cyberspace a civilized place to live, work, and visit. We believe that the world of computers and the communications links that bind their users together should be open to everyone. Furthermore, if this new medium is to have a chance of fulfilling its great potential, the same civil rights that protect our freedom in the physical world must prevail in cyberspace. Therefore, SEA will work to educate people about computer networks and how to use them to find information and to communicate with one another. We will also reach out to computer users, government officials, legislators and the media to foster better understanding of cyberspace and to ensure that laws are written and enforced to enhance individual rights rather than to curtail them. Finally, we will do our best to bring into cyberspace those who might not otherwise have the opportunity or awareness to make use of it, in the belief that doing so will enrich our lives as well as theirs. The SEA operates in two modes: through a set of mailing lists, and through approximately monthly face-to-face meetings. While a cyberspace activist group ought to be able to meet effectively in cyberspace itself, our experience is that no consensus is achieved via a mailing list discussion, and no decisions get made this way. I'm not sure whether this is because of the asynchronicity of e-mail or merely because of the low bandwidth of e-mail, but the face-to-face gatherings are vital. This necessity for face-to-face interaction is one of the bases for our regional orientation. Even though the SEA just started accepting paid memberships, at present all our meetings and electronic mail lists are open to anyone. We have had various EFF personages drop by, as well as emissaries from other groups with similar interest to ours from around the country. The formal meetings are often followed informal ones in convivial locations throughout Manhattan. As is apparent from our mission statement, the SEA has a number of goals. The interest in civil rights has expressed itself through our legal interest group. Most recently, in what was perhaps SEA's first public action, we submitted a comment to the United States Sentencing Commission opposing the proposed sentencing guidelines on computer fraud and abuse. Other projects covering the legal side of cyberspace include the compilation of data on local government officials, and monitoring state and local regulatory activities that affect networks and BBSs. SEA's goal of encouraging public access to the computer networks and other manifestations of cyberspace is being addressed by promoting ourselves as a clearinghouse for cyberspace resources in the region. Our purpose is to bring people together who are interested in working on access projects. SEA has served as a catalyst for hooking up people interested in, for example, producing educational videos on Internet access and use, and for finding system operators willing to donate resources for an organization called Playing To Win that provides computer access to residents of one of New York City's more disadvantaged neighborhoods. The wonderful thing about the SEA is that so far it is entirely a volunteer operation. We exist in borrowed space, both real and virtual. Our only real resource is the enthusiasm of our members. The greatest advantage to being located in New York City is that the available talent here is varied and seemingly limitless. We are blessed with a number of people who make their living in cyberspace, and to whom the issues the SEA addresses makes a difference in their daily lives. Just to highlight a few of our people, there is Stacy Horn, who runs the ECHO computer conferencing system and has expended great effort into bringing more women into cyberspace. Lance Rose is an attorney who specializes in computer and BBS law and writes a monthly column on legal matters in Boardwatch magazine. Alexis Rosen is co-owner and operator of Panix, a commercial public access Internet host (Panix also donates lots of resources to the SEA). John McMullen is a journalist who is responsible in large part for the NewsBytes electronic computer news service. Bruce Fancher and other founders of the Mindvox system have been active in SEA projects. Clay Shirky, who drafted our sentencing guideline comments, is an experienced activist. Joe King co-hosts a weekly computer radio show on WBAI-FM. Paul Wallich writes for Scientific American. All of these folks and others I don't have room to mention make for an exciting mix of system operators, journalists, lawyers and law students, hackers and even an accused cracker or two, librarians, activists, and other assorted cyberspace denizens that gives the SEA a broad base of experience and expertise. Other current and projected projects include educational seminars, a media watch, a local calendar of events, and more involvement in the legislative and regulatory process. SEA has an effective presence on the Internet via our mailing lists and through the SEA information hierarchy at gopher.panix.com that provides public access to our archives. We are trying to reach out to the BBS community and the vast number of users of the large commercial services. For more information on the SEA or to be added to our mailing lists, please contact us by sending e-mail to sea@panix.com or U.S. Mail to: Society for Electronic Access Post Office Box 3131 Church Street Station New York, NY 10008-3131 -==--==--==-<>-==--==--==- Local and Regional Groups Supporting the Online Community *Updated List* For those readers interested in hooking up with regional groups that are organized to work on projects to improve online communications, feel free to contact any of the folks listed below with your ideas and to learn more about how you can get involved. We are constantly looking to update this list, so if you know of other groups that we should add, or if you are trying to form a group in your local area, please forward the name of the group and contact information to Shari Steele at ssteele@eff.org. NATIONAL Electronic Frontier Foundation Shari Steele Ð ssteele@eff.org Cliff Figallo Ð fig@eff.org ALABAMA Huntsville: Huntsville Group Matt Midboe mmidboe@nyx.cs.du.edu CALIFORNIA San Francisco Bay Area: This!Group Mitch Ratcliffe coyote@well.sf.ca.us or Mitch_Ratcliffe@macweek.ziff.com Glenn Tenney tenney@netcom.com Judi Clark judic@netcom.com DISTRICT OF COLUMBIA Washington, DC, Area: "Group 2600" and some public access operators Bob Stratton strat@intercon.com Mikki Barry ooblick@intercon.com MASSACHUSSETTS Cambridge and Boston area EF128 (Electronic Frontier Route 128). Lars Kaufman lark@ora.com MICHIGAN Ann Arbor: Ann Arbor Computer Society & others Ed Vielmetti emv@msen.com msen gopher gopher.msen.com msen mail list majordomo@mail.msen.com "info aacs" MISSISSIPPI Gulf Coast, Mississippi SotMESC/GCMS PO Box 573 Long Beach, MS 39560 Local chapter with chapters in Alaska, Orlando Florida, Atlanta Georgia, Mobile Alabama, Montgomery Alabama, Oxford Miss, California, Ocean Springs Miss, and other locations. Contact: RJones%USMCP6.BitNet@VM.TCS.Tulane.Edu NEW MEXICO Albuquerque: IndraNet (formerly FreeNet!, a FTN network) and NitV Data Center. contact: Stanton McCandlish Internet: anton@hydra.unm.edu Bitnet: anton@unmb.bitnet FidoNet: 1:301/2 IndraNet: 369:1/1 BBS (1200-14400, v32/v32b/v42/v42b, N-1-8, 24hr) +1-505-246-8515 Voice +1-505-247-3402 Snail: 8020 Central SE #405, Albuquerque, NM 87108 USA Interests: positive networking, pro-BBS and pro-computer- freedom activism; FFFREE BBS serves as a site to obtain EFF and other such material for those without access to Internet, and supports a rapidly expanding library of electronic publications. Live free, compute free! MISSOURI Kansas City: Greater Kansas City Sysop Association Scott Lent slent@vax1.umkc.edu GKCSA P.O. Box 14480 Parkville, MO 64152 Phone: (816)734-2949 (voice) (816)734-4732 (data) NEW YORK New York City: Society for Electronic Access (SEA) Post Office Box 3131 Church Street Station New York, NY, 10008-3131 general sea-mgmt@panix.com Simona Nass simona@panix.com Alexis Rosen alexis@panix.com Western New York State Thomas J. Klotzbach Genesee Community College Batavia, NY 14020 MCI Mail: 375 1365 Internet: 3751365@mcimail.com klotzbtj@snybufva.cs.snybuf.edu Work: (716) 343-0055 x358 TEXAS Austin: EFFÐAustin general eff-austin@tic.com directors eff-austinÐdirectors@tic.com Jon Lebkowsky jonl@tic.com ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff@eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig@eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* ============================================================= MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students and $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. But with us, member privacy is the default. This means that you must actively grant us permission to share your name with other groups. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ============================================================= Mail to: The Electronic Frontier Foundation, Inc. 238 Main St. Cambridge, MA 02142 I wish to become a member of the EFF. I enclose: $_______ $20.00 (student or low income membership) $40.00 (regular membership) [ ] I enclose an additional donation of $_______ Name: Organization: Address: City or Town: State: Zip: Phone: ( ) (optional) FAX: ( ) (optional) Email address: I enclose a check [ ]. Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: ________________________________________________ Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ]. Initials:___________________________