Computer underground Digest Sun Jan 18, 1998 Volume 10 : Issue 04 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.04 (Sun, Jan 18, 1998) File 1--IP: New Internet Regulations Codify PRC Internet Practice File 2--"Underground", Suelette Dreyfus File 3--"MS Sucks...." File 4--Re: More on "Microsoft Evil?" File 5--Contribution In response to "Is Microsoft Evil" File 6--Review - Privacy on the Line. The Politics of Wiretapping... File 7--Another UNICEF/Mitnick story File 8--Eff announces Barry Steinhardt to BoD File 9--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 6 Jan 1998 15:47:06 -0800 From: "(--Todd Lappin-->)" Subject: File 1--IP: New Internet Regulations Codify PRC Internet Practice Source - fight-censorship@vorlon.mit.edu Forwarded from Dave Farber... the full text of the new Chinese regulations are included. My favorites: (5) Making falsehoods or distorting the truth, spreading rumors, destroying the order of society; (6) Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder, (8) Injuring the reputation of state organs; --Todd--> New Regulations Codify PRC Internet Practice On December 30, 1997, the Ministry of Public Security promulgated the Regulations on the Security and Management of Computer Information Networks and the Internet [Jisuanji Xinxi Wangluo Lianwang Anquan Baohu Guanli Banfa]. The State Council approved these new regulations on December 11, 1997. The new regulations appear to be much more a codification of existing practice than an important departure in the management of computer information networks in China. The new regulations are more detailed than the "PRC Temporary Regulations on Computer Information Network and Internet Management" and "Notice on Strengthening the Management of Computer Information Network and Internet Registration Information" both of February 1996 and the "Temporary Regulations on Electronic Publishing" of March 1996. . The new December 1997 regulations as well as earlier PRC regulations on the Internet and electronic puiblishing are to be found in GB-encoded Chinese text listed on the web page at http://www.edu.cn/law The full Chinese text of the new regulations are to be found at http://www.edu.cn/law/glbf.html The new regulations are translated in full below. -------------------------------------------------- Computer Information Network and Internet Security, Protection and Management Regulations (Approved by the State Council on December 11 1997 and promulgated by the Ministry of Public Security on December 30, 1997) Chapter One Comprehensive Regulations Section One -- In order to strengthen the security and the protection of computer information networks and of the Internet, and to preserve the social order and social stability, these regulations have been established on the basis of the "PRC Computer Information Network Protection Regulations", the "PRC Temporary Regulations on Computer Information Networks and the Internet" and other laws and administrative regulations. Section Two -- The security, protection and management of all computer information networks within the borders of the PRC fall under these regulations. Section Three -- The computer management and supervision organization of the Ministry of Public Security is responsible for the security, protection and management of computer information networks and the Internet. The Computer Management and Supervision organization of the Ministry of Public Security should protect the public security of computer information networks and the Internet as well as protect the legal rights of Internet service providing units and individuals as well as the public interest. Section Four -- No unit or individual may use the Internet to harm national security, disclose state secrets, harm the interests of the State, of society or of a group, the legal rights of citizens, or to take part in criminal activities. Section Five -- No unit or individual may use the Internet to create, replicate, retrieve, or transmit the following kinds of information: (1) Inciting to resist or breaking the Constitution or laws or the implementation of administrative regulations; (2) Inciting to overthrow the government or the socialist system; (3) Inciting division of the country, harming national unification; (4) Inciting hatred or discrimination among nationalities or harming the unity of the nationalities; (5) Making falsehoods or distorting the truth, spreading rumors, destroying the order of society; (6) Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder, (7) Terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people; (8) Injuring the reputation of state organs; (9) Other activities against the Constitution, laws or administrative regulations. Section Six No unit or individual may engage in the following activities which harm the security of computer information networks: (1) No-one may use computer networks or network resources without getting proper prior approval (2) No-one may without prior permission may change network functions or to add or delete information (3) No-one may without prior permission add to, delete, or alter materials stored, processed or being transmitted through the network. (4) No-one may deliberately create or transmit viruses. (5) Other activities which harm the network are also prohibited. Section Seven The freedom and privacy of network users is protected by law. No unit or individual may, in violation of these regulations, use the Internet to violate the freedom and privacy of network users. Chapter 2 Responsibility for Security and Protection Section 8 Units and individuals engaged in Internet business must accept the security supervision, inspection, and guidance of the Public Security organization. This includes providing to the Public Security organization information, materials and digital document, and assisting the Public Security organization to discover and properly handle incidents involving law violations and criminal activities involving computer information networks. Section 9 The supervisory section or supervisory units of units which provide service through information network gateways through which information is imported and exported and connecting network units should, according to the law and relevant state regulations assume responsibility for the Internet network gateways as well as the security, protection, and management of the subordinate networks. Section 10 Connecting network units, entry point units and corporations that use computer information networks and the Internet and other organizations must assume the following responsibilities for network security and protection: (1) Assume responsibility for network security, protection and management and establish a thoroughly secure, protected and well managed network. (2) Carry out technical measures for network security and protection. Ensure network operational security and information security. (3) Assume responsibility for the security education and training of network users (4) Register units and individuals to whom information is provided. Provide information according to the stipulations of article five. (5) Establish a system for registering the users of electronic bulletin board systems on the computer information network as well as a system for managing bulletin board information. (6) If a violation of articles four, five, six or seven is discovered than an unaltered record of the violation should be kept and reported to the local Public Security organization. (7) According to the relevant State regulations, remove from the network and address, directory or server which has content in violation of article five. Section 11 The network user should fill out a user application form when applying for network services. The format of this application form is determined by Public Security. Section 12 Connecting network units, entry point units, and corporations that use computer information networks and the Internet and other organizations (including connecting network units that are inter-provincial, autonomous region, municipalities directly under the Central Government or the branch organization of these units) should, within 30 days of the opening of network connection, carry out the proper registration procedures with a unit designated by the Public Security organization of the provincial, autonomous region, or municipality directly under the Central Government peoples' government. The units mentioned above have the responsibility to report for the record to the local public security organization information on the units and individuals which have connections to the network. The units must also report in a timely manner to Public Security organization any changes in the information about units or individuals using the network. Section 13 People who register public accounts should strengthen their management of the account and establish an account registration system. Accounts may not be lent or transferred. Section 14 Whenever units involved in matters such as national affairs, economic construction, building the national defense, and advanced science and technology are registered, evidence of the approval of the chief administrative section should be shown. Appropriate measures should be taken to ensure the security and protection of the computer information network and Internet network links of the units mentioned above. Chapter Three Security and Supervision Section 15 The provincial, autonomous region or municipal Public Security agency or bureau, as well as city and county Public Security organizations should have appropriate organizations to ensure the security, protection and management of the Internet. Section 16 The Public Security organization computer management and supervision organization should have information on the connecting network units, entry point unit, and users, establish a filing system for this information, maintain statistical information on these files and report to higher level units as appropriate. Section 17 The Public Security computer management and supervision organization should have establish a system for ensuring the security, protection and good management of the connecting network units, entry point unit, and users. The Public Security organization should supervise and inspect network security, protection and management and the implementation of security measures. Section 18 If the Public Security computer management and supervision organization discovers an address, directory or server with content in violation of section five, then the appropriate units should be notified to close or delete it. Section 19 The Public Security computer management and supervision organization is responsible for pursuing and dealing with illegal computer information network activities and criminal cases involving computer information networks. Criminal activities in violation of sections four or section seven should according to the relevant State regulations, be handed over to the relevant department or to the legal system for appropriate disposition. Chapter Four Legal Responsibility Section 20 For violations of law, administrative regulations or of section five or section six of these regulations, the Public Security organization gives a warning and if there income from illegal activities, confiscates the illegal earnings. For less serious offenses a fine not to exceed 5000 RMB to individuals and 15,000 RMB to work units may be assessed. For more serious offenses computer and network access can be closed down for six months, and if necessary Public Security can suggest that the business operating license of the concerned unit or the cancellation of its network registration. Management activities that constitute a threat to public order can be punished according to provisions of the public security management penalties articles. Where crimes have occurred, prosecutions for criminal responsibility should be made. Section 21 Where one of the activities listed below has occurred, the Public Security organization should order that remedial action should be taken with a specific period and give a warning; if there has been illegal income, the income should be confiscated; if remedial action is not taken within the specified period, then a fine of not more than 5000 RMB may be assessed against the head of the unit and persons directly under the unit head and a fine of not more than 15,000 RMB against the unit; in the case of more offenses, the network and equipment can be closed for up to six months. In serious cases Public Security may suggest that the business license of the organization be canceled and its network registration canceled. (1) Not setting up a secure system (2) Not implementing security techniques and protection measures (3) Not providing security education and training for network users (4) Not providing information, materials or electronic documentation needed for security, protection and management or providing false information (5) For not inspecting the content of information transmitted on behalf of someone else or not registering the unit or individual on whose behalf the information was transmitted (6) Not establishing a system for registering users and managing the information of electronic bulletin boards. (7) Not removing web addresses and directories or not closing servers according to the relevant state regulations. (8) Not establishing a system for registering users of public accounts (9) Lending or transferring accounts Section 22 Violation of section four or section seven of these regulations shall be punished according to the relevant laws and regulations. Section 23 Violations of section eleven or section twelve of these regulations or not fulfilling the responsibility or registering users shall be punished by a warning from Public Security or suspending network operations for six months. Chapter Five Additional Regulations Section 24 These regulations should be consulted with regards to the implementation of the security, protection and management of computer information networks connecting to networks in the Hong Kong Special Administrative Region as well as with networks in the Taiwan and Macao districts. Section 25 These regulations go into effect on the day of promulgation. ------------------------------ Date: Tue, 13 Jan 1998 10:17:06 -0800 From: Subject: File 2--"Underground", Suelette Dreyfus BKNDRGND.RVW 970723 "Underground", Suelette Dreyfus, 1997, 1-86330-595-5, A$19.95 %A Suelette Dreyfus %C 35 Cotham Road, Kew 3101, Australia %D 1997 %G 1-86330-595-5 %I Reed Books/Mandarin/Random House Australia %O A$19.95 +61-2-9550-9207 fax: +61-2-9560-0334 %O debbie@iaccess.com.au %P 475 %T "Underground" This book is yet another gee-whiz look at teenage mutant wannabe-high- tech-bandits. The stories revolve around a number of individuals with loose links to one particular bulletin board in Melbourne, Australia, all engaged in system intrusions and phone phreaking. An immediate annoyance is the insistence of the author in referring to system breaking as "hacking." ("Cracking" seems to be reserved for breaking copy protection on games and other commercial software.) If any actual hacking takes place--creative, or otherwise sophisticated, use of the technology--it isn't apparent in the book. The descriptions of activities are vague, but generally appear to be simple "cookbook" uses of known security loopholes. This may not accurately reflect the events as they transpired, since the author also betrays no depth of technical knowledge, and seems to be willing to accept boasting as fact. The bibliography is impressively long until you realize that a number of the articles are never used or referenced. At which point, you wonder how much material has even been read. The structure and organization of the book is abrupt and sometimes difficult. Social or psychological observations are arbitrarily plunked into the middle of descriptions of system exploration, and, even though the paucity of dates makes it difficult to be sure, they don't appear to be in any chronological sequence, either. Those who have studied in the security field will recognize some names and even "handles," but the conceit of using only handles for members of the "underground" makes it difficult to know how much of the material to trust. Early chapters foreshadow dire events to overtake "Craig Bowen" and Stuart Gill: Bowen never gets mentioned again, and Gill is only mentioned twice, peripherally. (In combination with frequent allusions to ignorance on the part of law enforcement agencies, one might suspect that a kind of Australian version of "The Hacker Crackdown" [cf. BKHKCRCK.RVW] was planned, but, if so, it didn't come off.) The book's attitude is also oddly inconsistent. In places, the crackers and phreaks are lauded as brilliant, anti-establishment heroes; but, by and large, they are portrayed as unsocialized, paranoid, spineless non-entities, who have no life skills beyond a few pieces of pseudo-technical knowledge used for playing vicious pranks. So thorough is this characterization, that it comes as a total shock to find, in the afterword, that not only do these people survive their court convictions, but also become important contributing members of society. The author seems to feel quite free to point fingers in all directions. The absurdity of giving "look-see" intruders larger prison sentences than thieves or spies is pointed out, but not the difficulty of legally proving intent. After repeatedly hinting at police incompetence, brutality, and even corruption, the book ends with a rather weak statement implying that the situation is getting better. The common cracker assertion that if sysadmins don't want intruders, then they should secure their systems better, is followed up with no discussion of surveys showing only one full-time security person per five thousand employees, and only passing mention, by one of the ex-intruders, of the extreme difficulty in doing so. Poor family situations are used so frequently to justify illegal activities that one feels the need to point out that *most* products of "broken" homes do *not* become obsessive, paranoid loner criminals! It is interesting to see a book written about a non-US scene, and from a non-American perspective. Technically and journalistically, however, it has numerous problems. copyright Robert M. Slade, 1997 BKNDRGND.RVW 970723 ------------------------------ Date: Wed, 14 Jan 1998 08:16:02 -0600 From: "Rosebrock, Lester" Subject: File 3--"MS Sucks...." I take great offense when you sing the "virtues" of Microsoft because they make a cheaper product. How can the Windows platform be cheaper when the Federal government is having to spend millions/billions of dollars to upgrade their computers to overcome the year 2000 thing? If cheaper is better, then why don't all of the restraunts close down so that only McDonald's, Wendy's and Buger King remain. After all, they sell a much cheaper product than a normal restraunt. And since we're at it, let's get rid of Mercedes, BWM, and all other luxury cars. Yugo and the Ford Escort are two cars that have a very attractive price. My point is, just because a product is cheaper it doesn't mean that it is better. Microsoft's products are medicore at best. ------------------------------ From: Dave++ Ljung Subject: File 4--Re: More on "Microsoft Evil?" Date: Mon, 12 Jan 98 11:59:52 MST |From--MRand33609 |Subject--File 8--US vs Microsoft | |Is Microsoft Evil? | |Bill Gates the most productive man in the United States, is actually |being persecuted for being productive That's one heck of an opinion that I think many would disagree with. | To me, this issue should not even be discussed between |rational people. I've never heard of such an issue. If both sides had points, I can't imagine how it shouldn't be discussed. Now, I can see some of your points, I myself am actually philosophically close to your ideas, being *somewhat* of a laissez-faire capitalist myself. However, I can see that you don't believe that there are such things as unfair business practices, and you seem to think that anyone at the top of a business *must* be providing the best products at the best prices. To some it's easy to see that it's not the case with Microsoft, since they are up to a *decade* behind in OS technology, yet a huge majority of computers use their OS. But I don't really care whether you believe this or not, I don't see a point in starting a religious war. But I would like to bring forward the point of 'unfair business practices.' The world of software and hardware has two features which are enormously different than any other business. 1) The rate of change is incredible - approximately 2x improvement on all fronts every 18 months (see Moore's law or history for that). 2) An incredible amount of inertia. It's much harder to change hardware or software platforms when you decide to upgrade because your equipment is obsolete (as compared to say, buying a Chevy after your Ford dies). These factors create a situation ripe for a monopoly takeover. Whoever gets in first can start acting in such a way to get a mojority of market share. Then the market is stuck - and the company can act with only as much competition as required to keep people from getting frustrated enough to overcome point #2 above. If you look at history, this is exactly what has happened - with Microsoft in the world of software and another company in terms of hardware - which I don't need to mention since it's too close the business I work in :) I won't go into a list of the things that Microsoft has done to abuse market share - just look into it's history and talk to some of the people who are opposed to it. Just look at it's original licensing for DOS and Windows. Is Bill Gates evil? I doubt that - he is; however, a very intelligent man who knows how to get a market and take it over, and I would argue that the possibility that Microsoft does NOT provide the best products at the best price. Don't take my word - look into the history - look into how Microsoft deals with competitors, and maybe you'll start to understand why anti-trust legislation exists. Unfortunately the monopoly is (imho) the one example of how the market can't take care of itself unattended. ------------------------------ Date: Mon, 12 Jan 98 17:18:46 EST From: Jonathan Olkowski Subject: File 5--Contribution In response to "Is Microsoft Evil" This laughable essay (US vs Microsoft - MRand33609@aol.com - CUD #10.02 Sun, Jan 11, 1998) begs an obvious question: Do the Ends justify the Means? Sure, Microsoft has definately made some major contributions to the computing industry, albiet it can be argued that those contributions are wholly self-serving in the end. But despite this, there are numerous documented incidents where Microsoft overstepped its bounds and gained a competitve advantage in an unethical and possibly illegal fashion. Yes, we're all fully aware that Microsoft didn't create the trend, but we're also not going to go jumping off bridges because everyone else is doing it too. I'll agree that Microsoft has been helpful in some ways to the computing community but that is no justification for its actions. For all we know, if Hitler had his way the world might have solved some of its problems - but at what price? Balancing methodology with results is a difficult ethical dilemna, but not when it comes down to self-serving individuals trying to make a buck at the expense of others. That is, unless the most important thing to you is money... ------------------------------ Date: Mon, 12 Jan 1998 14:56:58 -0500 (EST) From: Bob Bruen Subject: File 6--Review - Privacy on the Line. The Politics of Wiretapping... Privacy on the Line. The Politics of Wiretapping and Encryption by Whitfield Diffie and Susan Landau. MIT Press 1998. 342 pages. Bibliography, index and endnotes. $25.00 ISBN 0-262-04167-7. LoC KF9670.D54 ============================================================= Book Review. Copyright 1998 Robert Bruen. ============================================================= The issue of encryption use by private citizens was pushed into the public eye after Phil Zimmerman was placed under threat of indictment resulting from the release of Pretty Good Privacy(PGP). The indictment threat was withdrawn and the public stopped paying much attention to it. It was replaced by the threat of the Computer Decency Act (CDA) as the focus of attention. Now that threat has been pushed back, so the focus seems to be somewhat diffused. The underlying problem has not received the attention it deserves. These two events (and a few others) are merely instances of the most serious threat to the American way of life since the Civil War. The threat is to our right to privacy in our communications with one another. The right to privacy is not mentioned explicitly in the Constitution, but it falls within the penumbra (shadow) of the rights that are explicit. There has been a constant and continuing effort by various agencies of the Federal Government, law enforcement and state governments to chip away at this right. These efforts have been resisted by a number of groups through legal challenges and media publicity. The battle is raging, but it does not appear that most of the citizens in America realize the extent of the consequences of this war. It is the difference between a police state such as George Orwell envisioned in his novel 1984 (perhaps as demonstrated in East Germany and the former Soviet Union without quite the high tech capability) and a free society as envisioned by the framers of our Constitution. The very future of our society is at stake, but in order to understand just how serious the threat is, one must understand technical ideas such as encryption, computing and networks. There are many good books available on these topics, but they are not truly accessible to the average citizen because the technical information is difficult and there is not a connection to their everyday lives. Moreover the issues are clouded by struggles over pornography and free speech. The vacuum has been filled by Mr. Diffie and Professor Landau. He is known as the inventor of public-key cryptography and she was primary author of the 1994 Association of Computing Machinery report, "Codes, Keys, and Conflicts: Issues in US Crypto Policy.'" There is no question on their qualifications to speak on this issue. This book is well researched with an extensive bibliography that includes not only the expected books and articles, but also government reports, FBI memos and Congressional testimony. This is straight-forward presentation of just how much of a problem we all have. FBI director Louis Freeh will not like this book, nor will the NSA, but anyone who is concerned about their privacy and freedom will be grateful for the clear detailing of the threat. This loss of our ability to have encrypted communication will be an unrecoverable one. It would be the same as if the South had won the Civil War and slavery was legal today. The major difference would be that all of our citizens will be enslaved instead of just a particular group. There is no other issue today that will have as much of an impact on our future freedom as this one. Using FBI memos, documents and testimony, the authors bring out the fact that the FBI is willing to say just about anything to get a law passed that makes the use of encryption by private citizens illegal. The history of the NSA's dealings with other government agencies shows how they have tried to control the debate and the rules concerning encryption. These agencies have determined that encryption is of major importance and I believe they are correct. Diffie and Landau make this case in such a masterful manner, that you can not read the book and not walk away with this conclusion. I think this is one of the most important books published on privacy because it pulls together all the relevant information in one very readable place. The issues of cryptography, privacy, law enforcement, national security and wiretapping are all brought together in an orderly, coherent work, that is well written enough to be an enjoyable read that shows no signs over-dramatization. But when you are done, the overall effect is powerful. As an example, the value of wiretapping is often used a justification to control the use of encryption. The authors use government reports to demonstrate that the actual value is quite low, limited to a few well publicized cases. In many cases the real tool was the use of bugs, not wiretaps, which of course has little to do with encryption. Wiretaps, new technology and the legal approach to encryption use control are just the building blocks for the surveillance society of tomorrow. One of the most important features of the book is the step by step history of the attempts to pass laws by the NSA and the FBI. Quotes are given by people like National Security Advisor Brent Scowcroft in 1991 where he refers to an attempt "...to seek a legislative fix to the digital telephony problem" and " Success with digital telephony will lock in one major objective; we will have established a beachhead we can exploit for the encryption fix..." This is a clear indication that there is plan to eliminate our rights to private communication. I suggest that this book should be considered urgent reading and should be widely circulated. It could be the one that wakes everybody up. --------------------------------------------------------- Dr. Robert Bruen is the Director of Systems and Operations at the Whitehead Institute/MIT Center for Genome Research. He writes book reviews for Cipher, the Newsletter of the IEEE Computer Society Technical Committee on Privacy and Security, www.itd.nrl.navy.mil/ITD/5540/ieee/cipher. ------------------------------ Date: Thu, 08 Jan 1998 17:22:07 -0500 From: "Evian S. Sim" Subject: File 7--Another UNICEF/Mitnick story Source - http://www.news.com/News/Item/0%2C4%2C17931%2C00.html?nd UNICEF site hacked By Courtney Macavinta January 8, 1998, 12:20 p.m. PT Unknown culprits invaded the home page of the United Nation's Children Fund (UNICEF) last night, threatening a "holocaust" if famed hacker Kevin Mitnick is not released from prison. The hack is reminiscent of a break-in suffered by Yahoo last month in which, for a few moments, hackers were able to post on the site a similar message calling for Mitnick's release. Mitnick is in a federal penitentiary for a series of high-tech crimes. Those who cracked UNICEF's site intertwined a jargon-filled message with the children's rights organization's information about the starvation and exploitation of children around the world. They also posted photographs of women in bathing suits. The page was titled "Starvin' for Kevin." "Drunkz Against Madd Mothers [DAMM] and UNICEF have formed a coalition to put an end to the mistreatment of Kevin Mitnick," stated the translated note. "After all, Kevin is just a big kid, and that's what UNICEF is all about, helping the children." If Mitnick is not released by Groundhog Day (February 2), the hackers said, 100 children per day would be eaten by 20 "starving super-models." The threat is even more far-fetched than the warning posted on Yahoo. The culprits who broke into Yahoo said the site's recent visitors had been infected with "logic bomb/worm" that would detonate on Christmas Day, "wreaking havoc upon the entire planet's networks." The bomb never went off--which was no surprise to computer experts. But the UNICEF site's security was compromised much longer than that of Yahoo, as the nonprofit organization can't monitor its site around the clock. Some Net users told NEWS.COM they stumbled upon the hack last night. The organization said today that it discovered the altered home page around 4 a.m., and fully restored the site by 8:30 a.m. today. ------------------------------ Date: Tue, 13 Jan 1998 12:37:39 -0800 (PST) From: Mike Godwin (mnemonic) Tue 13 Jan 98 10:40 Subject: File 8--Eff announces Barry Steinhardt to BoD eff.43: The EFF in the News eff.43.115: Mike Godwin (mnemonic) Tue 13 Jan 98 10:40 For Immediate Release EFF Announces Appointment of Barry Steinhardt as President and CEO, and Election of Lori Fena as Chairman SAN FRANCISCO, January 12, 1998 -- The Electronic Frontier Foundation (EFF) today announced that its Board of Directors has appointed Barry Steinhardt to President and Chief Executive Officer. Steinhardt is currently the Associate Director of the American Civil Liberties Union. The appointment was made at an EFF Board meeting held today in San Francisco. He replaces Lori Fena, who has been elected Chairman of the Board of EFF. Resigning Chairman Esther Dyson remains an active, enthusiastic member of the Board. "We are very pleased to appoint Barry Steinhardt as our new President," said Esther Dyson, former Chairman of the EFF Board of Directors. "Steinhardt has a wealth of experience with both our issues and the operation of non-profit organizations." "Barry's background is exactly what we were looking for," Dyson continued. "We expect him to be able to help us continue to build EFF as a premier organization that can take on the daunting challenge of defending and defining civil liberties and structures to protect them in the electronic world." As Associate Director of the ACLU, Steinhardt formed and chaired its Cyber- liberties Task Force, which coordinates the ACLU's extensive program on information technology issues. He was a co-founder of the Global Internet Liberty Campaign (GILC), the world's first international coalition of on- line rights groups and one of the originators of the Internet Free Expression Alliance (IFEA), which was recently formed to monitor issues related to Internet content rating and filtering. Steinhardt has spoken and written widely on cyber-liberties issues. Most recently he was the co-author of "Fahrenheit 451.2 - Is Cyberspace Burning?", the ACLU White paper on Internet content rating and blocking. He is currently at work on the ACLU handbook on "The Rights of Persons On-line." In addition to his cyber-liberties work, Steinhardt has coordinated the ACLU policy development process and efforts to strengthen structure and management of the ACLU's 53 state affiliates. He has been with the ACLU for 17 years and previously served as Executive Director of its Pennsylvania and Vermont affiliates. "This is a tremendous opportunity for Barry, who has shown talent and imagination in the cyber-liberties arena," said ACLU Executive Director Ira Glasser. "It is also an opportunity for the ACLU to work even more closely than we have with EFF on many issues where we share common goals and values." Steinhardt succeeds outgoing EFF Executive Director Lori Fena, who will become Chairman of EFF's Board of Directors, and will resume her career in private industry as a venture investment advisor and consultant. "Lori Fena has done a superb job of building EFF over the past two years," Dyson said. "She demonstrated great vision in her stewardship of TRUSTe and a host of other projects and is an excellent choice as incoming Chairman. The Board of Directors is very grateful for her leadership and looks forward to working with Lori in her new capacity," Dyson concluded. - - more - page 2 EFF appointment Fena noted that EFF and ACLU have a long history of cooperative action that has ranged from the successful challenge to the Communications Decency Act in the 1997 Supreme Court decision in Reno v. ACLU, to ongoing efforts to promote the privacy of communications through the use of strong encryption. Most recently, the two organizations joined together to support legislation to remove the restrictions on the use of encryption. They also have cooperated in Bernstein v. Department of State, in which EFF is challenging the constitutionality of the US Government's restrictions on the export of encryption technology. Fena further noted that EFF and ACLU have been regular coalition partners, including common membership in the GILC and IFEA coalitions. "Hiring Barry is a natural step for EFF," Fena said. "It will strengthen the bond between two dedicated civil liberties organizations. We expect the two groups to work together even more closely to leverage our respective strengths to protect free speech and privacy in the information age." Steinhardt said he is "grateful for the opportunity to play a leadership role in the next phase of EFF's development." "EFF was the pioneer defender of the rights of on-line users," he continued. "With the explosive growth of the Internet and other information technologies, the need for a strong and vibrant EFF is greater than ever." Steinhardt said that he expected to concentrate his efforts on expanding EFF's membership and financial resources, maximizing EFF's already strong public presence, organizing grassroots support for cyber rights, enlarging EFF's role in the global movement for on-line rights and providing support for EFF's pioneering work to adapt traditional concepts of civil liberties for new mediums. Steinhardt will formally assume his new role on February 2. The Electronic Frontier Foundation (http://www.eff.org/) is a non-profit civil liberties organization working in the public interest to promote privacy, free expression, and social responsibility in new media. For further information please contact: Barry Steinhardt barrys@aclu.org (212)549-2508 Lori Fena lori@eff.org (415)436-9333 Esther Dyson edyson@edventure.com (212)924-8800 ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.04 ************************************