Computer underground Digest Sun Jun 9, 1996 Volume 8 : Issue 43 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.43 (Sun, Jun 9, 1996) File 1--Re: CoS Jamming a.r.s. and A.R. v. Reno (CuD 8.42) File 2--Update on CDA, copyright, crypto (5/29/96) File 3--Discuss crypto with Sen. Burns online the night before hearings! File 4--Re: Virtual Magistrate Decision File 5--Re: Gore "against censorship"??? File 6--FW: NSA Monitoring Internet? File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 07 Jun 1996 04:48:30 -0600 From: darryl.davidson@UVM.EDU(Darryl Davidson) Subject: File 1--Re: CoS Jamming a.r.s. and A.R. v. Reno (CuD 8.42) From June 5th's CuD, Mark Mangan's article: >Cherry >wanted to set the record straight and said he was going way back, >back to an early message posted by another that was titled, "What >Size Is Christ". He then lauched into a story about Christ, ... >... with the Lord and Orel Roberts. Some >were shaking with laughter; one lawyer at the plantiff's table >turned his chair and removed his glasses, wiping tears from his >eyes. Fred Cherry, the "connoi-ssewer of porn", summed up his >evidence and thanked the judges for the time to speak. > >It was not clear whether Cherry intended to shock or offend. All at >once, it seemed all too apparent that it didn't matter--such speech >would be found indecent under the CDA, even though it does have >serious literary, artistic, or comedic value. Uh, CDA notwithstanding, can someone point toward this story online? That was a stock teaser, describing the effect it had on those in attendance and then not including the content or a reference for getting to it. In an offshore data haven or not, the story needs to be available online, considering the legal context it now holds. I am concerned also by the long article from J. Noring: Jamming, which is the most apt term I've heard for this 'vertical spam' tactic, is a familiar enough thing... it has been done to e-mail boxes, newsgroups during various raider wars, to mailing lists, although not on this impressive/nefarious level. Heck, I was nearly booted out of UofIdaho my freshman year for _two lines_ of REXX code that did this very sort of thing. Any time the words are free, there's gonna be a lot of noise. As far as Usenet's usability being hampered by this, long after my decade mark online, Usenet Signal-to-Noise ratios are for me like my grandma's arthritis is to her: something unpleasant, unavoidable, and another reason to miss the good-old-days. I bitch, I teach a newbie when the mood hits me, and I find ways around it. Sadly, it's what weaned me off of Usenet after too long as a serious junkie. I hate to say it, but Usenet-at-large has become so cluttered that it is literally one of my last-resort internet tools any more. WinDoze interfaces, as Mr. Noring pointed out, bite the waxed tadpole, and out-of-place spam has become ubiquitous/inescapable. The one hope I have for Usenet is in the development of intranets or some other gonzo recapturing of the old spirit of Usenet the way it used to run (via 2-am phone calls between Linux boxes, hope hope hope!?) I honestly wouldn't be surprised to see an intranet mechanism spring up that allows a subset of the full newsgroup feed with an intensely strangled intake mechanism, with 'elitist' members of the intranet setting the S/N ratio back up where they want it. I do hope Mr. Noring's collection of signatures helps get CoS to stop this tactic, but it can't possibly be any faster a solution than generating a workaround within currently-available means. Ideally, both publicizing CoS's involvement AND working around this via other means should be pursued: - automoderation: a.r.s.moderated with a remailer address that limits all postings to one per day per author. Admittedly, it'll only slow down the flow, if CoS is dedicated enough. - live moderation... even if anonymously moderated. - splitting a.r.s into three subgroups: a.r.s.thetan, a.r.s.reformed and a.r.s.enthetan (if the gods will forgive me this horrid pun of an acronym)-- this permits CoS creation of a warm comfey space for their thetan vibes, another space that is safe haven for those eager to question their thetan teachings in a like-minded forum, and one for the rest of us evil types that sincerely *hope* the CoS is an alien race just so we can distance ourselves that much further from them. - and so on. Heck, several online providers will manage a mailing list for an unlimited audience for $50 a year, web-pages can't be jammed this way (although the web-server can be sucked dry via replicated requests for the page), and software melding IRC or newsgroup features into web-page mechanisms is springing up in beta form. All are valid weapons in the war for rational discourse. As for the growing lack of kill-file wisdom, this is the sort of crap that might finally get non-nix programmers to add the feature back in, user- friendly and spit-polished, to boot.(another unintentional pun, b.t.w.) Most importantly, my libertarian urges make me just as unwilling to see anyone regulate right and wrong when it is against the CoS as I am when they do it against Mr. Cherry and his CDA-questionable literature. As I see it, jamming a newsgroup is just more of the nice patina of CoS's polished public front being rubbed off to reveal the base metal underneath. We pride ourselves on ably exposing less organized gutter-snipes like NeoNazi revisionists and the Spammer-and-Seagull law firm, so it seems we should be just as insistent that we can solve this problem with software and existing laws. ------------------------------ Date: Wed, 29 May 1996 20:31:51 -0700 (PDT) From: Declan McCullagh Subject: File 2--Update on CDA, copyright, crypto (5/29/96) ON THE CDA: Folks involved in the case expect a decision within the next week from the Philadelphia three-judge panel hearing our challenge to the CDA. The DoJ has a few weeks to appeal to the Supreme Court if they lose. -------------------------------------------------------------------------- ON COPYRIGHT: Regarding the online copyright legislation, there's plenty of action on the Hill -- and contrary to what I thought a week ago, there's even a fighting chance that this bill will happen this year. So far, full Senate judiciary and the House judiciary intellectual property subcommittee have held hearings. The House has taken the lead here, and the tentative date for the subcommittee markup of HR2441 is June 5. (It was to have been last week, but was cancelled at the last minute when no agreement was reached.) The Senate seems to be waiting to see what the House does before making any sudden moves. General feeling is that the legislation was on a fast schedule but has been slowed down considerably because of ongoing controvery over OSP liability and (especially) section 1201. The big snarl is over 1201, and some alliances of convenience are breaking down. More to the point, libraries are finally mobilizing grassroots opposition. Brock has a piece about this in last week's Muckraker on HotWired. -------------------------------------------------------------------------- ON CRYPTO: The National Research Council's report on crypto policy will be unveiled tomorrow at the National Press Club at 1 pm in Washington, DC. I'm going to try my best to be there. From their web page at : The Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) has completed a congressionally mandated study of national cryptography policy. The final report, Cryptography's Role in Securing the Information Society, will be released to the public on May 30, 1996 at a public briefing. A large number of the authoring committee members will attend. Thanks to John Young for this pointer to the original September 1994 announcement of the NRC National Cryptography Project at: http://www.wpi.edu/~ryant/ncp.html ------------------------------ Date: Fri, 7 Jun 1996 09:12:09 -0400 (EDT) From: Voters Telecommunications Watch Subject: File 3--Discuss crypto with Sen. Burns online the night before hearings ! CRYPTO HEARINGS (S.1726) SET FOR 6/12/96 IN WASHINGTON D.C. MEET AND SPEAK TO SENATOR BURNS ON HOTWIRED THE NIGHT BEFORE! SEN. CONRAD BURNS (R-MT) SCHEDULED FOR HOTWIRED CHAT 6/11/96 10-11PM EST Date: June 7, 1996 URL:http://www.crypto.com/ crypto-news@panix.com If you redistribute this, please do so in its entirety, with the banner intact. --------------------------------------------------------------- Table of Contents News Press Release on Hearings How to receive crypto-news Press contacts --------------------------------------------------------------- NEWS In what is becoming the newest way for Congress to read the net.community's opinion on issues, Senator Conrad Burns will be on HotWired on June 11th @ 10pm EST to discuss the encryption issue with all attendees. The next day, Senator Burns will be coordinating a day of hearings on the encryption issues with industry luminaries. Never before has the public had this much access to legislators without geographical proximity. Cheaper than teleconferencing, and more direct and unfiltered than the traditional press, online chats allow the public to directly question and hear the answers of Congress. Have a question about encryption policy that you've never been able to find out from the government? Come to the HotWired chat and ask Senator Burns to be your advocate, to press the witnesses and the White House on these issues. The online chat is on June 11 at 10pm EST, the night before the hearings HotWired's WiredSide chat is at (http://www.hotwired.com/wiredside). Information on Senator Burns' legislation is available at http://www.crypto.com ------------------------------------------------------------------ PRESS RELEASE ON HEARINGS Senator Conrad Burns (R-Mont.) WEB SITE http://www.senate.gov/~burns/ For immediate release: Contact: Matt Raymond Thursday, June 6, 1996 (202) 224-8150 Randall Popelka (202) 224-6137 First Pro-CODE Hearing Slated Burns' Subcommittee to Hear High-Profile Executives, Witnesses WASHINGTON, D.C. _ Montana Senator Conrad Burns today announced the first of two Senate hearings on S. 1726, the Promotion of Commerce Online in the Digital Era Act of 1996, or "Pro-CODE." The hearing will take place in the Commerce Subcommittee on Science, Technology and Space, of which Burns is chairman. The hearing is scheduled Wednesday, June 12, at 9:30 a.m. in room 253 of the Russell Senate Office Building. Scheduled to testify are: Michael Zisman, president and CEO of Lotus; Jim Barksdale, president and CEO of Netscape Communications; Jim Bidzos, president and CEO of RSA Data Security; Tim Krauskopf, V.P. and co-founder of Spyglass Inc.; Kenneth Dam, chairman of the National Research Council; Douglas J. McGowan, director of the SmartCard Alliance for Hewlett-Packard; Computer Systems Policy Project representative (invited); Joe Holmes, chief technology officer for EDS; Joel S. Lisker, senior V.P. for security and risk management at MasterCard; Danne Buchanan, president of Zion's Data Services Company; Jack Valenti, executive director of the Motion Picture Association of America; Aharon Friedman, chairman, founder and chief technical officer of Digital Secured Networks Technology Inc.; Steve Case, president and CEO of America Online (invited); and Robert Bigomy, senior V.P. and director of strategic marketing, government and space technology group, for Motorola. Burns said the focus of the hearing is on commerce and business issues. He said a second hearing, which will focus on privacy, law enforcement and national security issues, is scheduled in his subcommittee on June 26. The bipartisan Pro-CODE bill would ease export restrictions on computer security, or "encryption," for software and hardware. It would also prohibit mandatory systems in which users or companies would have to place a code-breaking "key" in the hands of a third party. # # # -------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo@panix.com with "subscribe crypto-news" in the body of the message. ---------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org ------------------------------ Date: Fri, 24 May 1996 13:32:58 -0700 From: Alan Lewine Subject: File 4--Re: Virtual Magistrate Decision I attended the National Association for Automated Information Research conference on Online Disp[ute Resolution at which the Virtual Magistrate decision was announced. I have posted the Virtual Magistrate decision in full text to Declan for posting to this list. Here is a brief summary of the decision as I see it. (Incl. relevant portions of the America Online Terms of Service (TOS) and Rules of the Road (RoR) - part of the contract between AOL and its members. full text of the decision is available at http://vmag/law.vill.edu:8080/ . AOL voluntarily participated in the first arbitration proceding on the Internet through the Virtual Magistrate (VM), which involved a challenge against a spammer, E_mail America, distributing junk mail on the AOL network. Although the VM does not have any legal enforcement power, the establishment of an Internet protocol prohibiting spammingmay provide persuasive authority to cite in future legal procedings. VM released its decision 21 May. The decision along with the complaint and all associated materials are available thru the VM web site. the decision involved three parties: an actor - E-mail America (who never responded to invitations to participate), a complainant - Jim Tierney, a former state Attorney General and AOL subscriber, and a sysop - AOL. It took the form of an "in rem" (involving a thing, rather than person(s)) proceding against a screenname and an associated e-mail advertisement. Perhaps a proceding against such cyberspacial entities would be better termed "in meme" than "in rem." Virtual Magistrate Decision Paragraph 4(a) of the TOS addressing content may be read as addressing content generally, whether or not it originates within AOL. Therefore , because AOL is not a public forum or common carrier, the determinatio n of what is offensive is within the subjective purview of AOL. AOL may appropriately consider system limitations internet custom and practice, and especially customer complaints While AOL does not pre-screen content, blocking of a repetitive message that has been post-screened at least once would not violate the no pre-screening promise in the TOS. See also relevant passages in TOS and RoR: TOS 2.5: Prohibits online conduct by members that inhibit other member use or enjoyment TOS 4.2 AOL Inc. reserves the right to prohibit conduct . . . harmfu l to individual members. RoR 2.C. Online Conduct prohibited or discouraged includes harassment, impersonation and especially, (viii) unsolicited advertising. Fromthe Rules of the Road and Terms of Service, contractual AOL documents: << RULES OF THE ROAD <<2.C. Online Conduct. Please refer to Section 2.5 of the Terms of Service Agreement for AOL Inc. policy on impermissible types of online conduct. Below are some common violations of the Terms of Service. This list is not exhaustive. AOL Inc. reserves the right, but does not assume the responsibility, to restrict communication which AOL Inc. deems in its discretion to be harmful to individual Members, damaging to the communities which make up the AOL Service, or in violation of AOL Inc. or any third-party rights. Please be aware, however, that communication over the AOL Service often occurs in real-time, or is posted on one of the AOL Service thousands of message boards or libraries, and AOL Inc. cannot, and does not intend to, screen communication in advance. (i) Offensive Communication. The AOL Service is a community-oriented service composed of many different communities of people. Our goal is to provide an interesting, stimulating and fun place for all Members. Using vulgar, abusive or hateful language undermines this goal and is not allowed. Please use your best judgment and be respectful of other Members. . . . (ii) Harassment. When a Member targets another specifically to cause him/her distress, embarrassment, unwanted attention, or other discomfort, this is harassment. AOL Inc. does not condone harassment in any form and may suspend or terminate the accounts of any Member who harasses others. You may have a disagreement with someone's point of view -- we encourage lively discussion in our chat rooms and message boards -- but personal attacks, or attacks based on a person race, national origin, ethnicity, religion, gender, sexual orientation or other such affiliation, are prohibited. If you have a disagreement with someone's point of view, address the subject, not the person. (v) Impersonation. This can involve the portrayal of an account in an official capacity, such as AOL Inc. staff or an information provider, authorized Guide or Host, or communication under a false name or a name that you are not authorized to use. Members must avoid the portrayal of AOL personnel or others persons in all forms of online communication, including, but not limited to, screen names, member profiles, chat dialogue and message postings. (viii) Advertising and Solicitation. You may not use the AOL Service to send unsolicited advertising, promotional material, or other forms of solicitation to other Members except in those specified areas that are designated for such a purpose (e.g., the classified area). < Subject: File 5--Re: Gore "against censorship"??? I came across this article earlier this morning and asked some friends at MIT if they had the text of Gore's speech. I didn't see any coverage of this on the Boston Globe's web site. -Declan ---------- Forwarded message begins here ---------- CAMBRIDGE, Mass (Reuter) - Vice President Al Gore said Friday society should not resort to ``unwarranted censorship'' on the Internet as an overreaction to protect children from objectionable material in cyperspace. In a commencement address at the Massachusetts Institute of Technology, Gore said government had to assist parents in protecting their children from exposure to such material. ``But let me also state my clear and unequivocal view that a fear of chaos cannot justify unwarranted censorship of free speech, whether that speech occurs in newspapers, on the broadcast airwaves -- or over the Internet.'' ``Our best reaction to the speech we loathe is to speak out, to reject, to respond, even with emotion and fervor, but to censor -- no. That has not been our way for 200 years, and it must not become our way now,'' he said. [...] In his address at the MIT, Gore stressed the gulf separating society and science, a theme students had suggested in e-mail messages to the vice president. He said new technologies initially break down stable patterns and ``then new ones emerge at a higher degree of complexity. ``Societies are vulnerable to misinterpreting the first stage as a descent into chaos and then overreacting with the imposition of a rigid, stagnating order,'' Gore told the 2,000 graduates in an outdoor ceremony. ------------------------------ From: blackbox@BBOX.COM Subject: File 6--FW: NSA Monitoring Internet? Date: Thu, 30 May 1996 09:29:22 -0700 Date--96-05-27 03:14:00 EDT From--proteios@iuc.org (El Tiburon) =-=_=-=_=-=_=-=_=-=_=-=_=-=_=-=_=-=_=-= NorthStar A Guiding Light on Internet Issues Newsletter of the Internet Users Consortium =_=-=_=-=_=-=_=-=_=-=_=-=_=-=_=-=_=-=_= To heighten the NorthStar experience, subscribe to the HTML Version of NorthStar. NorthStar is a guiding light to help you focus on the primary issues which threaten our Internet Freedom. In this Newsletter we let Internet Users know what the necessary issues and actions are to defend the Internet. We sincerely invite your participation at all levels, from discussion to action. Rethink what Activism means - Isn't it just participation? NorthStar #18 Sunday 5/26/96 Director..........proteios@iuc.org Editor..............wtj@primenet.com Author............proteios@iuc.org Research........peads@nilenet.com +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ NEVER SAY NEVER . . . but . . . We at NorthStar believe so strongly in these principles that we make the following pledge to you, our reader and fellow Internet Activist: NorthStar will NEVER sell/rent/trade/share our mailing list NorthStar will NEVER use Government mandated encryption NorthStar will NEVER represent any commercial interest NorthStar will NEVER cooperate with any Government intrusion +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The National Security Administration is Poised to Control the Internet The oppressive atmosphere of Orwell's 1984 arises from the omnipresence of Big Brother, the symbol of the government's concern for the individual. Big Brother controls the language, outlawing words he dislikes and creating new words for his favorite concepts. He can see and hear nearly everything - public or private. Thus he enforces a rigid code of speech and action that erodes the potential for resistance and reduces the need for force. As Noam Chomsky says, propaganda is to democracy what violence is to totalitarianism. Control thoughts, and you can easily control behavior. U.S. history affords a prime example in the era named after Senator Joseph McCarthy, though he had many supporters in his attack on freedom of thought and speech. Perhaps his most powerful friend was J. Edgar Hoover, who fed him material from FBI files (some of it true) which he used to attack individuals for their supposed political leanings. By the time of Watergate, the CIA had become at least as notorious as the FBI, due largely to its assassinations of foreign leaders and support for military coups around the world. Now its the 90's. A computer revolution seems to be happening and with it a dramatic increase in people using the Internet, as well as people watching what the people use it for. Ever heard of the NSA? This could very well be the NSA decade for the Internet. Conspiracy, power struggles and survellience of the citizenry may be what is remembered about the NSA during this period of time. I used to think democracy meant people keeping a watchful eye on its government, not its government keeping a watchful eye on its people. Today we can now see comparisons being drawn between the FBI of the 50s and the CIA of the 60s, the obvious government corruption in the 70s, Reagan in the 80s (sorry - that was just incompetence), and the emerging role of the NSA in the 90s. Is NSA Sniffing the Internet? Do they have the jurisdiction? Lets take a look back and see what they are all about and make an educated hypothesis. Budgetary authority for the National Security Agency (NSA) apparently comes from the Central Intelligence Act of 1949. This act provides the basis for the secret spending program known as the black budget by allowing any arm of the government to transfer money to the CIA "without regard to any provisions of the law," and allowing the CIA to spend its funds as it sees fit, with no need to account for them. Congress passed the C.I.A. Act despite the fact that only the ranking members of the Senate and House Armed Services Committees knew anything about its contents; the remaining members of Congress were told that open discussion, or even clear explanation, of the bill would be counterproductive. There were complaints about the secrecy; but in the end the bill passed the House by a vote of 348-4, and the Senate by a majority voice vote. Hmmmm, it seems several legislative disasters have occurred by landslides. Anyone remember the Telecommunication Attack of 1996? The NSA's estimated $10 billion annual allocation (as of 1990) is funded entirely through the black budget. Thus Congress appropriates funds for the NSA not only without information on the agency's plans, but without even a clear idea of the amount it appropriates; and it receives no accounting of the uses to which the funds were put. This naturally precludes any debate about the direction or management of such agencies, effectively avoiding public oversight while spending public funds. Weiner notes the analogy to "Taxation without representation." In any respect, it seems to be unconstitutional - a major point that has failed to stop them. "The NSA has also spent a great deal of time and money spying on American citizens. For 21 years after its inception it tracked every telegram and telex in and out of the United States, and monitored the telephone conversations of the politically suspect." (Weiner, Blank Check) Due to its unique ability to monitor communications within the U.S. without a warrant, which the FBI and CIA cannot legally do, NSA becomes the center of attempts to spy on U.S. citizens. Nominally this involves only communications in which at least one terminal is outside the U.S., but in practice target lists have often grown to include communications between U.S. citizens within the country. And political considerations have sometimes become important. Oh yeah, I forgot to mention that in the NSA's Charter they claim to be unable to spy on US citizens. Apparently, the real charter is as elusive as what they do with taxpayer money. The Huston Plan, formally known as "Domestic Intelligence Gathering Plan: Analysis and Strategy," was submitted in July 1970 to President Nixon. The goal of the plan was to relax some restrictions on intelligence gathering, apparently those of NSCID No. 6. Some parts of the intelligence community felt that these relaxations would assist their efforts. Like most intelligence agencies, the NSA uses words such as "interrupt" and "target" in a technical sense with a precise but often classified definition. This specialized language makes it difficult to legislate or oversee the activities involved. For instance, in NSA terms a conversation that is captured, decoded if necessary, and distributed to the requesting agency is not considered to be the product of eavesdropping unless one of the parties to the conversation is explicitly targeted. However, the NSA does not depend on semantic defences; it can also produce some legal arguments for exempting itself from normal requirements. How convenient. For those who feel your lives are too flawless to be affected, or for those of you who actually vote Republican or Democrat thinking the change will come from within (nice try), and for the lowest common denominator - dittoheads, this is not a good thing. Complete control over a secret agency with at least 60,000 direct employees, a $10 billion budget, direct command of some military units, and the ability to read all communications would be an enormous weapon with which to maintain tyranny were it to arise. A President with a Napoleonic or Stalinistic delusion would find the perfect tool for the constant supervision of the individual by the state in the NSA; not unlike scenarios depicted in novels such as Orwell's 1984. ==================================== 1) NSA Homepage http://www.nsa.gov:8080/ 2) NSA Can Break PGP Encryption http://www.quadralay.com/www/Crypt/NSA/break-pgp.html 3) Houston Chronicle Interview http://www.quadralay.com/www/Crypt/NSA/letter.html 4) Original Charter of the National Security Agency http://www.quadralay.com/www/Crypt/NSA/charter.html 5) CFP'92 - Who Holds the Keys? http://www.cpsr.org/dox/conferences/cfp92/denning.html ==================================== Americans would not have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, or in our case email, it doesn't matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny. There would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is, and would continue to be, within the reach of the government to know. Such is the capability of this technology ... I don't want to see this country ever go across the bridge. I know the capability that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return... So, is the NSA 'sniffing' on the Internet? Does their reputation seem worthy of our trust and respect? Lets take a look at some of their recent plans for Internet communication. Then you can decide for yourself if you want to watch the magic act....the "now you see it....now you don't" act starring Freedom, of course. Puzzle Palace co-author Wayne Madsen, in an article written for the June 1995 issue of Computer Fraud & Security Bulletin (Elsevier Advanced Technology Publications), wrote that "according to well-placed sources within the Federal Government and the Internet service provider industry, the National Security Agency (NSA) is actively sniffing several key Internet router and gateway hosts." Madsen says the NSA concentrates its surveillance on destination and origination hosts, as well as "sniffing" for specific key words and phrases. He claims his sources have confirmed that the NSA has contracted with an unnamed private company to develop the software needed to capture Internet data of interest to the agency. According to Madsen, the NSA monitors traffic primarily at two Internet routers controlled by the National Aeronautics and Space Administration (NASA), one in College Park, MD (dubbed "Fix East") and another at NASA Ames Research Center in Sunnyvale, CA ("Fix West"). Other NSA Internet sniffers, he said, operate at busy routers known as Mae East (an East Coast hub), Mae West (a West Coast hub), CIX reportedly based in San Jose), and SWAB (a northern Virginia router operated by Bell Atlantic). Madsen continues on to say the NSA may also be monitoring traffic at network access points (NAPs), the large Internet gateways operated by regional and long-distance service providers. The NAPs allegedly under surveillance are in Pennsauken, NJ (operated by Sprint), Chicago (run by AmeriTech and Bell Communications Research), and San Francisco (Pacific Bell). Madsen claims the NSA has deals with Microsoft, Lotus, and Netscape to prevent anonymous email. "One senior Federal Government source has reported that NSA has been particularly successful in convincing key members of the US software industry to cooperate with it in producing software that makes Internet messages easier for NSA to intercept, and if they are encrypted, to decode," Madsen wrote. "A knowledgeable government source claims that the NSA has concluded agreements with Microsoft, Lotus and Netscape to permit the introduction of the means to prevent the anonymity of Internet electronic mail, the use of cryptographic key-escrow, as well as software industry acceptance of the NSA-developed Digital Signature Standard (DSS)." Similarly, according to reports in several trade magazines, the Defense Messaging System (DMS) developed by the Pentagon is nearly ready for implementation, but prospective users are threatening to shun the universal e-mail platform unless Pentagon officials eliminate cumbersome security procedures designed by the NSA. DOD designed DMS a decade ago to replace the aging AUTODIN message system and to serve as the armed services' global e-mail infrastructure. Officials familiar with DMS' security features, which rely on the National Security Agency's Fortezza encryption card, said the system's slowness is likely to alienate users who send mostly unclassified messages over commercial e-mail systems. Users of wireless systems are also complaining about the high overhead. The DMS adopted the Fortezza card and is expected to implement over 450,000 cards in the next few years. Inside sources note that the NSA is using the DMS as a justification for paying companies such as Microsoft and Netscape to adopt the Fortezza card as a standard for their products. NSA has pushed agencies such as the CIA, NASA, IRS and the Federal Reserve to adopt Fortezza without success. Cost is also a major factor. Fortezza's PCMCIA cards cost nearly $100 each and all computers must be equipped with a card reader that costs an additional $150. (Would you like to have to buy a modem or pre-assembled computer system that would make it easier for the NSA to monitor your communications? Not me!) Is the NSA really snooping on the Net? If they are, would that violate the agency's charter, which specifically prohibits it from spying within the US? "Well, Net traffic is routed from God knows where to God knows where around the world," says George Washington University Professor Lance Hoffman, a professor of Communications and Telecommunications Systems Policy at George Washington University. "So if the NSA is doing this, they could say they are not violating their charter not to spy in the US. That's the thing. Intelligent routers send stuff any which way." What can be done? - you say. There is a solution. Encryption. Next issue will discuss trap doors and your right to encryption as strong as you can make it. ==================================== 6) The Agency That Came in from the Cold http://www.ams.org/committee/profession/shaker.html 7) The Codex Surveillance & Privacy Page http://www.thecodex.com/ 8) Profiles of the U.S. Intelligence Community http://www.kimsoft.com/korea/usintel.txt 9) Intelligence and CounterIntelligence http://www.kimsoft.com/kim-spy.htm 10) The National Security Administration http://hops.cs.jhu.edu/~arvi/nsa.html *** proteios@indirect.com PLEASE send us any other relevant URLs you may find *** ==================================== ---------------------------------------------------------------------------- NorthStar is an Internet Distribution List provided by the Internet Users Consortium a fiercely independent Grass Roots organization founded by Martin Thompson and Kenneth Koldys, Jr, to inform and coordinate Internet Users concerning political and government actions against the complete self-actualization of the Internet and our Constitutional Rights in Cyberspace. ---------------------------------------------------------------------------- Past issues of NorthStar are archived at the NorthStar Archive http://www.iuc.org/www/proteios/northstar.html on the Internet Users Consortium WWW site ---------------------------------------------------------------------------- ***Please feel free to distribute NorthStar to as many people and relevant forums as possible. That is one way to inform, educate and take action. All we ask is that you keep NorthStar intact. It is concise for that very reason. ***If you wish to submit an article to NorthStar, please send your article to proteios@iuc.org ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.43 ************************************