Computer underground Digest Sun Feb 27, 1994 Volume 6 : Issue 19 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe (He's lurking in the archives now) Acting Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Clipper Editor: Hank O'Haira CONTENTS, #6.19 (Feb 27, 1994) File 1--"Clipper Chip will Block Crime" / D. Denning (Newsday) File 2--Re: "Clipper Chip will Block Crime" (#1) File 3--Re: "Clipper Chip will Block Crime" (#2) File 4--Nat'l Symposium on Proposed Arts & Humanities Policies File 5--Criticism of CuD post on Virus Contest File 6--Media "Hackers" Whack Harding's E-mail File 7--Entrapment Scam? File 8--Letter to Rep. Molinari (R-Brooklyn) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. To subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: ftp.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD ftp.halcyon.com (192.135.191.2) in mirror2/cud KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Mon, 21 Feb 1994 22:45:51 EST From: Moderators Subject: File 1--"Clipper Chip will Block Crime" / D. Denning (Newsday) Newsday, Tuesday, February 22, 1994, Viewpoints The Clipper Chip Will Block Crime By Dorothy E. Denning Hidden among the discussions of the information highway is a fierce debate, with huge implications for everyone. It centers on a tiny computer chip called the Clipper, which uses sophisticated coding to scramble electronic communications transmitted through the phone system. The Clinton administration has adopted the chip, which would allow law enforcement agencies with court warrants to read the Clipper codes and eavesdrop on terrorists and criminals. But opponents say that, if this happens, the privacy of law-abiding individuals will be a risk. They want people to be able to use their own scramblers, which the government would not be able to decode. If the opponents get their way, however, all communications on the information highway would be immune from lawful interception. In a world threatened by international organized crime, terrorism, and rogue governments, this would be folly. In testimony before Congress, Donald Delaney, senior investigator with the New York State Police, warned that if we adopted an encoding standard that did not permit lawful intercepts, we would have havoc in the United States. Moreover, the Clipper coding offers safeguards against casual government intrusion. It requires that one of the two components of a key embedded in the chip be kept with the Treasury Department and the other component with the Commerce Department's National Institute of Standards and Technology. Any law enforcement official wanting to wiretap would need to obtain not only a warrant but the separate components from the two agencies. This, plus the superstrong code and key system would make it virtually impossible for anyone, even corrupt government officials, to spy illegally. But would terrorists use Clipper? The Justice Department has ordered $8 million worth of Clipper scramblers in the hope that they will become so widespread and convenient that everyone will use them. Opponents say that terrorists will not be so foolish as to use encryption to which the government holds the key but will scramble their calls with their own code systems. But then who would have thought that the World Trade Center bombers would have been stupid enough to return a truck that they had rented? Court-authorized interception of communications has been essential for preventing and solving many serious and often violent crimes, including terrorism, organized crime, drugs, kidnaping, and political corruption. The FBI alone has had many spectacular successes that depended on wiretaps. In a Chicago case code-named RUKBOM, they prevented the El Rukn street gang, which was acting on behalf of the Libyan government, from shooting down a commercial airliner using a stolen military weapons system. To protect against abuse of electronic surveillance, federal statutes impose stringent requirements on the approval and execution of wiretaps. Wiretaps are used judiciously (only 846 installed wiretaps in 1992) and are targeted at major criminals. Now, the thought of the FBI wiretapping my communications appeals to me about as much as its searching my home and seizing my papers. But the Constitution does not give us absolute privacy from court-ordered searches and seizures, and for good reason. Lawlessness would prevail. Encoding technologies, which offer privacy, are on a collision course with a major crime-fighting tool: wiretapping. Now the Clipper chip shows that strong encoding can be made available in a way that protects private communications but does not harm society if it gets into the wrong hands. Clipper is a good idea, and it needs support from people who recognize the need for both privacy and effective law enforcement on the information highway. ====================================================== Copyright Newsday. All rights reserved. This article can be freely distributed on the net provided this note is kept intact, but it may not be sold or used for profit without permission of Newsday. ------------------------------ Date: Fri, 25 Feb 1994 22:43:48 EST From: rivest@theory.lcs.mit.edu (Ron Rivest) Subject: File 2--Re: "Clipper Chip will Block Crime" (#1) (Fwd by CPSR) Hi Dorothy -- Thanks for sending me a copy of your editorial. But I find the reasoning you present misleading and unpersuasive. First, you argue that the clipper chip will be a useful law enforcement tool. Given the small number of currently authorized wiretaps per year (under 1000) and the ease of using alternative encryption technology or superencryption, it seems plausible to me that law enforcement could expect at most ten "successful" clipper wiretaps per year. This is a pretty marginal basis for claiming that clipper will "block crime". Second, you seem to believe that anything that will "block crime" must therefore be a "good thing" and should therefore be adopted. This is not true, even if it is not subject to government abuse. For example, a system that could turn any telephone (even when on-hook) into an authorized listening microphone might help law enforcement, but would be unacceptable to almost all Americans. As another example, tattooing a person's social security number on his or her buttocks might help law enforcement, but would also be objectionable. Or, you could require all citizens to wear a bracelet that could be remotely queried (electronically, and only when authorized) to return the location of that citizen. There are all kinds of wonderfully stupid things one could do with modern technology that could "help" law enforcement. But merely being of assistance to law enforcement doesn't make a proposal a good thing; many such ideas are objectionable and unacceptable because of the unreasonably large cost/benefit ratio (real or psychological cost). The clipper proposal, in my opinion, is of exactly this nature. Third, you seem unnecessarily polly-annish about our government and the potential for abuse. The clipper proposal places all trust for its management within the executive branch; a corrupt president could direct that it be used for inappropriate purposes. The unspecified nature of many of the associated procedures leaves much room to speculate that there are "holes" that could be exploited by government officials to abuse the rights of American citizens. Even if the proposal were modified to split the trust among the various branches of government, one might still reasonably worry about possible abuse. Merely because you've met the current set of representatives of various agencies, and feel you can trust them, doesn't mean that such trust can be warranted in their successors. One should build in institutional checks and balances that overcome occasional moral lapses in one or more office holders. Fourth, your discussion of "searching your home and seizing your papers" is misleading. You seem to imply that because law enforcement can be issued a warrant to search your home, that we should adopt clipper. Yet this analogy only makes sense if individuals were required to deposit copies of their front door keys with the government. I can build any kind of house I wish (out of steel, for example), and put any kind of locks on it, and wire up any kind of intrusion detectors on it, etc. The government, armed with a search warrant, is not guaranteed an "easy entry" into my home at all. The appropriate analogical conclusion is that individuals should be able to use any kind of encryption they want, and the government should be allowed (when authorized, of course) to try and break their encryption. Finally, you argue (elsewhere, not in this editorial) that the decision rests in part on "classified" information. Such an argument only makes sense if there is a specific law-enforcement situation that makes such classified information timely and relevant. (E.g., if there was a current investigation as to whether the Department of the Treasury had been infiltrated by organized crime.) The use of "classified information" is otherwise generally inappropriate in discussing communications policy that will last over decades. This hardly covers all of the relevant issues, but it covers the points that came immediately to mind in reading your editorial... Cheers, Ron P.S. Feel free to pass along, quote, or otherwise re-distribute this... ------------------------------ Date: Fri, 25 Feb 1994 18:43:12 PST From: Jim Thomas Subject: File 3--Re: "Clipper Chip will Block Crime" (#2) Dorothy Denning's defense of Clipper as a crime-fighting strategy (as reported in Newsday, 22 Feb--see above file) reflects sincerity and passion. I have considerable intellectual and personal respect for Dorothy. In 1990, she was among the first to challenge media and law enforcement myths of the "dangerous hacker," and she did so while working in the private sector at the peak of the "hacker crackdown," which took considerable courage. She, along with John Nagel, also was instrumental in deflating the Government's case against Craig Neidorf in the Phrack/E911 trial in June, 1990, when she and John flew to Chicago at their own expense to help the defense prepare its case. Her good will, altruism, and integrity are unimpeachable. However, her defense of Clipper on the grounds that it will help fight crime requires some examination. CPSR, EFF and others have addressed some of the issues the Newsday story raises (see past CuDs and the documents in EFF's archives at ftp.eff.org /pub/EFF and browse). There are, however, a few specific examples used in the story to defend Clipper that I find troublesome. Among them: 1) Citing Don Delaney, senior investigator of the New York State Police, inspires little confidence. Dorothy notes that Delaney said that without an encoding standard that would not permit lawful intercepts, "we would have havoc in the United States." The hyperbole makes a dramatic media sound byte, but I can think of no society, none, ever, in which social stability and order were based on a government's ability and legitimate (or even illicit) power to surveil citizens at will. Generally, societies in which government ability to monitor citizens was high historically have been those in which respect for government authority was low, or in which stability was imposed by political repression. Although a minor point, the appeal to fears of undemonstrated social chaos to enact policies that threaten privacy are misdirected. If Delaney's comments before last summer's Congressional hearings are to be adduced as justification for Clipper, then his comments must be placed in the context in which they were made. The context does little to assure those of use concerned with the implications of Clipper for civil liberties. Delaney's comments occurred as critical commentary on 2600 Magazine, which we judged as dangerous to teenagers (emphasis added): Publications, such as "2600," which teach subscribers how to commit telecommunications crime are protected by the First Amendment, but disseminating pornography to minors is illegal. In that many of the phone freaks are juveniles, I BELIEVE LEGISLATION BANNING THE DISSEMINATION TO JUVENILES OF MANUALS ON HOW TO COMMIT CRIME WOULD BE APPROPRIATE. From a law enforcement perspective, I applaud the proposed Clipper chip encryption standard which affords individuals protection of privacy yet enables law enforcement to conduct necessary court-ordered wiretaps, and with respect to what was being said in the previous conversation, last year there were over 900 court-ordered wiretaps in the United States responsible for the seizure of tons of illicit drugs coming into this country, solving homicides, rapes, kidnappings. If we went to an encryption standard without the ability for law enforcement to do something about it, we would have havoc in the United States -- my personal opinion. Delaney expands in his later remarks: Well, the problem is that teenagers do read the "2600" magazine. I have witnessed teenagers being given free copies of the magazine by the editor-in-chief. I have looked at a historical perspective of the articles published in "2600" on how to engage in different types of telecommunications fraud, and I have arrested teenagers that have read that magazine. THE PUBLISHER, OR THE EDITOR-IN-CHIEF, DOES SO WITH IMPUNITY UNDER THE CLOAK OF PROTECTION OF THE FIRST AMENDMENT. However, as I indicated earlier, in that the First Amendment has been abridged for the protection of juveniles from pornography, I also FEEL THAT IT COULD BE ABRIDGED FOR JUVENILES BEING PROTECTED FROM MANUALS ON HOW TO COMMIT CRIME -- children, especially teenagers, who are hackers, and who, whether they be mischievous or intentionally reckless, don't have the wherewithal that an adult does to understand the impact of what he is doing when he gets involved in this and ends up being arrested for it. There is considerable room for disagreement on whether 2600 Magazine is any more a manual for crime than thousands of others examples drawn from movies, television, comic books, magazines, or radio programs are. What I find disturbing is the explicit advocacy that First Amendment protections be so easily abridged on the basis of simplistic opinions and interpretations. Following Delaney's logic for abridging First Amendment rights, one could with equal ease justify banning Bevis and Butthead, "Gangsta rap," and other forms of expression that law enforcement perceived to contribute to potential criminal behavior. Delaney's comments--although certainly well meaning and for a "higher goal"--do little to inspire confidence that some over-zealous law enforcement agents, believing they are acting for some higher purpose, won't abuse their power and authority. Those who remember the systematic abuses of law enforcement agents at all levels, especially the FBI, in the political surveillance excesses of the 1960s have no reason to trust the good faith of law enforcement in following-the-rules. 2) The double escrow systems of the two components of the chip's key do offer considerable protection from abuse, but the potential flaws have not been addressed, as many critics (eg, CPSR, EFF) have noted. The flaws include a) the ease of obtaining warrants, b) the misuse of warrants to justify overly-broad searches, c) the possibility of release of the key to unauthorized persons once obtained, and d) the assumption that collusion between persons to obtain a given set of keys is "impossible." Fully detailed discussion of security problems can be found in the position papers of the groups in the ftp.eff.org archives. 3) It is claimed that terrorists and others would, in fact, use Clipper, and the World Trade Center bombers, who were "stupid enough to return a truck that they had rented," is used as an example. Although a small detail, the bombers did not return the truck--it was destroyed in the blast. They returned for their deposit. Nonetheless, the argument could also be made that, if criminals are stupid, then why would they encrypt at all? Or, if they encrypted, why would they necessarily have an unbreakable code? The fact is that sophisticated criminals concerned with security of communications would likely circumvent Clipper, and Clipper is not the answer to intercepting such communications. 4) Clipper will have no significant impact on crime, and playing on the current "fear of crime" hysteria ignores several points. First, most of "crime" with which the public is concerned, street (or index) crimes, constitutes only a small fraction (under 15 percent by most estimates) of all crime. In dollar costs to society, white collar crime and tax fraud constitute almost two-thirds ($131 billion). Clipper will do absolutely nothing to reduce these offenses. Further, interception of communications is rarely used in apprehending criminals, and therefore would not be a significant factor in fighting crimes at all. Lets take a look at some figures on court-authorized orders granted for intercepts: YEAR STATE FEDERAL 1969 174 0 1974 607 121 1979 466 87 1984 512 289 1989 453 310 1991 500 386 Intercepts are useful for law enforcement, but they are simply not used often enough to justify the claim that Clipper would reduce crime, let alone that without Clipper we'd have social "havoc." What kinds of crimes are intercepts used for? In 1991, the Sourcebook of Criminal Justice Statistics (p. 474) lists the following: OFFENSE TOTAL FEDERAL STATE Narcotics 536 228 308 Racketeering 114 61 53 Gambling 98 19 79 Other 108 48 60 So, about 63 percent of intercepts are for drug dealers, and about another quarter are for racketeering and gambling. Intercepts for homicide (21) and kidnaping (5) were the only violent crimes for which intercepts were listed in 1991. This is hardly sufficient grounds on which to base an argument that Clipper will reduce crime or help stem social havoc. 5) The story alludes to the "success" of FBI wire taps of the El Rukns, a Chicago Street gang: In a Chicago case code-named RUKBOM, they prevented the El Rukn street gang, which was acting on behalf of the Libyan government, from shooting down a commercial airliner using a stolen military weapons system. My recollection of these events is quite different than those described above. The FBI did, in fact, intercept considerable communications between El Rukn members, include Jeff Forte, the group's leader, who led the gang from federal prison. The El Rukns attempted to obtain money from the Libyans for a variety of schemes, and one of the schemes included shooting down an airliner. Nothing ever came of the solicitations, and I recall no evidence that the plan described above was foiled by the FBI through wire taps or any other tactic. Some news accounts described it as a ploy to establish credibility with the Libyans. Others saw it as a fantasy, and some saw it as a potential danger that never went beyond posturing. I recall no evidence that law enforcement intervened to prevent it. Perhaps those with a better memory or with a press release at hand can refresh my memory, but I'm inclined to judge the story as at best a distortion of events and at worst simply false. 6) There's a sidebar to the El Rukn story relevant to Clipper. Federal prosecutors successfully prosecuted and imprisoned the gang's hierarchy. In 1993, it was revealed that the federal prosecutors engaged in illegal behaviors, including providing gang members with sex and drugs while in their custody to obtain testimony of some against the others. The fallout from the incident is still settling, but gross legal violations and other improprieties were commited under "color of law." It is ironic that the El Rukn investigation be used as an example of effective law enforcement when, in fact, it is an example of federal malfeasance and justice at its worst. It is precisely the blatant disregard of the rule of law by federal prosecutors in the El Rukn case that causes some of us to question the blind faith that others invest in it. It's an example of the dangers of law enforcement out of control. None of us like crime. All of us support reasonable ways to fight it, and most of us recognize the need for communications' intercepts on rare occasions. However, most U.S. citizens overwhelmingly oppose wiretapping (70 percent in 1991, down from 80 percent in 1974, according to Department of Justice Statistics). The history of government abuse of surveillance and the continued willingness of government agents to bend the law in pursuit of "justice," as the El Rukn incident above illustrates, suggests that Clipper poses far more risks to the commonweal than it offers protections. The subtext of the Newsday story, which ironically argues for Clipper on the basis of a case of government circumvention of law and a citation that occurred in the context of arguing for abridging Constitutional rights to argue FOR Clipper, in fact provides one of the best arguments against it. ------------------------------ Date: Mon, 21 Feb 1994 17:11:23 -0500 From: tomd@PANIX.COM(Tom Damrauer) Subject: File 4--Nat'l Symposium on Proposed Arts & Humanities Policies CALL FOR PAPERS, PANELS, AND PRESENTATIONS On October 14th, 15th and 16th, the Center for Art Research in Boston will sponsor a National Symposium on Proposed Arts and Humanities Policies for the National Information Infrastructure. Participants will explore the impact of the Clinton Administration's AGENDA FOR ACTION and proposed NII (National Information Infrastructure) legislation on the future of the arts and the humanities in 21st Century America. The symposium, which will be held at the American Academy of Arts and Sciences in Cambridge, Massachusetts, will bring together government officials, academics, artists, writers, representatives of arts and cultural institutions and organizations, and other concerned individuals from many disciplines and areas of interest to discuss specific issues of policy which will effect the cultural life of *all* Americans during the coming decades. To participate, submit a 250-word abstract of your proposal for a paper, panel-discussion or presentation, accompanied by a one-page vitae, by March 15, 1994. Special consideration will be given to those efforts that take a critical perspective of the issues, and are concerned with offering specific alternatives to current administration and congressional agendas. NOTE: PLEASE FORWARD AND/OR RE-POST TO APPROPRIATE NEWSGROUPS AND MAILING LISTS. +------------------------------------------------------------ Jay Jaroslav, Director jaroslav@artdata.win.net CENTER FOR ART RESEARCH 241 A Street Boston, MA 02210-1302 USA voice: (617) 451-8030 fax: (617) 451-1196 ------------------------------ Date: Fri, 25 Feb 1994 13:05:59 -0500 From: skirkham@ERC.CAT.SYR.EDU(Shawn Kirkham) Subject: File 5--Criticism of CuD post on Virus Contest Dear CuD, I find it offensive that you would allow a user to have his application for writing a virus published in CuD Issue 6.18. I think that this world has enough problems without someone trying to show how much grief they can cause on innocent computer users such as myself. I even created a virus or two in my years of computing, but never with the purpose of trying to harm another user's system! I create them only for testing purposes, and when I find one that fails a scanned test, I forward it to the company that created the anti-virus software. My main concern on this issue is will this company (American Eagle) forward all the viruses to all the possible anti-virus companies? If they don't then this is considered an illegal activity. **NOTE: It is ok to write a virus for your own use, but illegal if someone else gets your program and causes damage** I am sure the editors of CuD do not want their publication to say it's O.K. to be a virus distributor. If you disagree with this, then you have not proven to me that you are not out to destroy the world. Sincerely, Shawn Kirkham 02/25/94 ------------------------------ Date: Sat, 26 Feb 1994 15:54:54 CST From: CuD Moderators Subject: File 6--Media "Hackers" Whack Harding's E-mail ((MODERATORS' COMMENT: CuD has periodically reported on the manner in which the media cover hackers. Perhaps we should have been paying more attention to the manner in which the media covers by hacking. Perhaps the lesson of the following story is that "hacking" should be reclassified as a sport?)) NOT EVEN HARDING'S MAIL SAFE REPORTERS BREAK INTO HER ELECTRONIC MAIL SYSTEM Reporter: John Husar, Tribune Staff Writer (From: Chicago Tribune, 26 Feb, 1994 (Sect 3, p. 7)) LILLEHAMMER, Norway--In what was described as a "stupid, foolish mistake," perhaps as many as 100 American journalists peeked into figure skater Tonya Harding's private electronic mailbox at the Olympics. According to the story, no one claimed to have read the story or used the information. One reporter, Michelle Kaufman of the Detroit Free Press, explained that the offense was a "spur-of-the moment" incident that occurred after pizza at 2 a.m. According to Kaufman, the reporters merely attempted to see if a code, reputed to be Tonya's, would work. The story explains that an electronic information system is available to all members of the "Olympic family" of coaches, athletes, journalists, and others. The electronic system provides information (weather, sports, news) and allows for sending or receiving messages. The story explains that a double code is required to access messages: One is the user's Olympic accreditation number, and the other the secret password. The initial password is the user's birthdate. Harding's accreditation number was retrieved from an enlarged photo of her wearing an official Olympic ID tag. Her birthdate is readily available from publicity and other sources. Kaufman said she and a few others found that the code did gain access to Harding's mailbox. A sign reported 68 unread messages for Harding. "But we never opened any messages," Kaufman said. "There were none sent under her name. We made a joke--something about her not being smart enough to figure out how to get her mail--and closed the file and walked away. It couldn't have lasted for more than a minute." The story identifies Ann Killion of the San Jose Mercury News and Jerry Longman of the New York Times as being among the group. Both denied reading Harding's messages. Mike Moran, head of the U.S. Olympic Committee's information section, said he considered the situation an ethical matter for journalists to settle rather than anything that would require any kind of official reaction. ------------------------------ Date: Thu, 24 Feb 1994 12:39:12 CST From: frank232@TAMPA.RELAY.UCM.ORG Subject: File 7--Entrapment Scam? re:Software Evaluation Survey - Entrapment Fraud? I've voluntarily enrolled with a company based in England, which says it's purpose is to recruit shareware evaluators for various shareware software developers. Since processing the enrollment program, I've come to wonder if this could possibly be just an entrapment scam to try and catch users of nonregistered software. I first heard of this offer on a FIDONET announcement. The sender was looking for software evaluators, who would be offered free software in exchange for their evaluations. It sounded like it might be all right, so I e-mailed my name and a private postal box I have. Within about a month, I got a diskette and a cover letter, a copy of which I'll include below. The company is called Scancom. When you process the registration program, called an Electronic Response Card, you are asked to key in your name, address, and phone number, and to provide some info about your PC, as well as an indication of what kinds of software you have. If you choose, you can take the option to have the program scan your hard drive, and it will record software you have. You can de-select some or all of it before registering. I didn't take the option to scan my hard disk. I'm a freelance writer and evaluate a lot of shareware. I wouldn't want shareware authors to think I'm stealing their products. At the end of the program, you have a screen with several numbers generated by the program, allegedly representing your name, address and phone number. You can complete registration by modem (I couldn't get that to work) or by calling a toll free 800 number. You key in responses to a series of recorded queries, and finally get a serial number. Keying that in gives you access to 5 "free" programs. The programs are shareware. Three were games, one was an older version of McAffee's SCAN; I forget the fifth. A windows game, I think. The cover letter also invites you to e-mail one of their reps, on Compuserve. I went ahead and sent in a little note to the address given. I remember in the past couple of years something similar. The program ended up actually being a way to spot unregistered software, and the results were given to the manufacturer's legal department, to press legal action. I think Microsoft may have been involved. Anyway, I was wondering if another entrapment scam was involved here. Maybe you could put this out as a query on CUD, and see what anyone knows. Here is the letter. I may upload this to some local bulletin boards, so added some info for those on FIDONET. o / o / o / o / -----Cut-here----X-----Snip------X---Cut-here----X-----Snip------X---Ouch ! o \ o \ o \ o \ SCANCOM Scancom Distribution P O Box 175 Guildford Surry GU1 1UL UK Telephone: +44 483 450949 FAX: +44 483 452631 **************************************************************************** This section added by me (Please note that this is an international call. You might prefer to write, or try e-mail instructions given below) **************************************************************************** PC USER SURVEY Thank you for participating in the survey. In these files you will find a copy of the Electronic Response Card (ERC) and a file with 5 different high quality shareware/software titles. As you probably know, shareware often requires a payment to the author if you continue to use it after a certain period of time. We will do our est to find the right software and shareware for you, including titles which do not require any payment even if you continue to use them, but we encourage you always to review the license agreement for each separate product. In future surveys you will be able to send the results back to us via CompuServe, but this very first time I encourage you to call the 800 number given in the ERC program and try the touch tone relay as we need to know how acceptable this method is for users without modems. Be sure to key in your name and address, and let us know what you think about the system. I would appreciate comments directly to me on CompuServe (user ID 76116,2214). Also, I would appreciate if you could let me know about as many applications you use as possible (legal only please) and a maximum of 2 categories or types of software which you would prefer to receive with future surveys (such as games, business, Windows, etc.). The survey program automatically scans for many popular applications which you can deselect if you do not wish to include them in the survey. Please also let me know if you do not wish your name and address to be passed on to any third parties, but be aware that this may restrict what future software we can send to you, as some vendors will want to know to whom they contribute free software for direct marketing and research purposes. If you know of other users who might be interested in participating, please pass along this archive. ************************************************************************* This section added by me The ERC program will want to be run from a floppy drive. So, dearchive these files onto a floppy, then place into drive A: or B:. Type START and hit [ENTER]. Now follow the instructions on the screen to install and run the survey. ************************************************************************* Call, fax, e-mail or write if you have any problems. Thank you for your participation. Mads K. Larsen Scancom Distribution Partners: R E Braithwaite, S C Grundy **************************************************************************** This added by me P.S. If you are not on CompuServe, but have access to Internet or FIDONET e-mail, here are the ways to send e-mail to me on Compuserve: Internet: send to - 76116.2214@compuserve.com FIDONET: in the TO portion, use UUCP. In the body of the message, use these as the first two lines: @>1:103/208 to: 76116.2214@compuserve.com Some fidonet hosts will want you to use (1:103/208), instead, for the first line. The parenthesis must be included. If both of these reject, check with your fidonet host sysop. In order to receive e-mail back, use this format for your address: If your FIDONET address is 1:123/456, I should be able to reach you with this address: your.name%p0.f456.n123.z1.fidonet.org@ofa123.fidonet.org If all of this fails, then sending a letter by post will be your only alternative. ------------------------------ Date: Sun, 20 Feb 1994 18:04:32 -0500 (EST) From: "Shabbir J. Safdar" Subject: File 8--Letter to Rep. Molinari (R-Brooklyn) Please find enclosed my letter to Rep. Molinari (R-NY). Rep. Cantwell's bill would liberalize cryptographic exports, encouraging the production of stronger crypto software by US firms. This would result in stronger cryptography in products for ordinary people such as you and I. What can you do? Help get your NY or NJ rep. to cosponsor HR 3627. Commit to writing your rep. It's so easy! You didn't buy that fax modem for nothing! If you don't have a fax modem, you've got a phone or a stamp. Want to help? Send me your rep's name as a commitment that you will write to them. OR, send me your zip code or your nearest city. I will email you with a letter of who your rep is if you don't know it. (I just got a new book with district maps) Alternatively you can just call the League of Women Voters (phone number below) -Shabbir shabbir@panix.com The Honorable Representative Susan Molinari Thirteenth District 123 Cannon Building Washington, D.C. 20515 Dear Representative Molinari, Recently Rep. Maria Cantwell (D-WA) introduced HR 3627. I am writing you to urge you to co-sponsor it. This bill would lift the outdated restrictions on export of cryptographic technology. As you may already know, it is illegal for an American business to produce hardware products, such as software to encrypt electronic mail or hardware to encrypt private telephone conversations, and then ship it to markets outside the United States. Such technology is available outside the United States already. In fact, many US businesses purchase their equipment from companies outside the US because they cannot obtain the equivalent products for their offices worldwide from US distributors. As you can imagine, such regulations hurt the global competitiveness of US technology firms. Furthermore, US citizens cannot easily purchase privacy-enhancing products because they are not available from US firms. This results in a lack of privacy for US citizens and consumers. Instead of developing products that incorporate strong privacy-enhancing cryptographic technology, US firms are forced to either develop two separate products (one for US use, and one for international use), or to simply develop a single product with sub-standard privacy-enhancing cryptographic technology. These products cannot compete in the global marketplace with products produced in other countries that do not have cryptographic export restrictions. Rep. Cantwells bill would allow US firms to compete alongside other international firms in the area of privacy-enhancing technology. Also, by creating a larger market for US firms, better privacy-enhancing products will be available for purchase by US citizens. Products such as encrypting cellular telephones are long overdue; we have seen way too many examples of overheard cellular conversations tape-recorded by radio-voyeurs. As the press publicizes more examples of the security problems on the Internet, it becomes more apparent that US Citizens need to be able to purchase software to encrypt their electronic mail. Wouldn't it be better for Americans to use American-written privacy software? In closing, let me urge you to take a moment to read this analysis that I am enclosing, and join your colleagues (such as Donald Manzullo R-IL) in co-sponsoring HR 3627. Thank you for your time, Shabbir J. Safdar 115 Pacific St, #3 Brooklyn, NY 11201 ------------------------------ End of Computer Underground Digest #6.19 ************************************