Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11) id ; Sun, 10 Oct 93 22:23 EDT Received: from cmuvm.csv.cmich.edu by mv.MV.COM (5.67/1.35) id AA17684; Sun, 10 Oct 93 19:52:10 -0400 Message-Id: <9310102352.AA17684@mv.MV.COM> Received: from CMUVM.CSV.CMICH.EDU by CMUVM.CSV.CMICH.EDU (IBM VM SMTP V2R1) with BSMTP id 0006; Sun, 10 Oct 93 18:11:28 EDT Received: from CMUVM.CSV.CMICH.EDU (NJE origin LISTSERV@CMUVM) by CMUVM.CSV.CMICH.EDU (LMail V1.1d/1.7f) with BSMTP id 8293; Sun, 10 Oct 1993 18:11:23 -0400 Date: Sun, 10 Oct 1993 16:34:14 CDT From: Cu-Digest Subject: Cu Digest, #5.79 To: Multiple recipients Comment: converted from NETDATA format at NIU Computer underground Digest Sun Oct 10 1993 Volume 5 : Issue 79 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copie Editor: Etaoin Shrdlu, III CONTENTS, #5.79 (Oct 10 1993) File 1--FOIA Releases 10-4-93 File 2--CPSR Key Escrow Comments File 3--Sea Joins the Encryption Game File 4--Re: ITAR and export regulations File 5--Sexual harassment via computers (newspaper article). File 6--The Net and Netizens (Paper) File 7--E-mail Announcements From O'Reilly & Associates File 8--A Few More CuD-Carrying BBSes File 9--Survey: what harassment _is_ there on the Net? Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 5 Oct 1993 15:58-0400 From: The White House <75300.3115@COMPUSERVE.COM> Subject: File 1--FOIA Releases 10-4-93 Clinton Memorandum on Administration of Freedom of Information Act Contact: The White House, Office of the Press Secretary, 202-456-2100 Oct. 4, 1993 MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES SUBJECT: The Freedom of Information Act I am writing to call your attention to a subject that is of great importance to the American public and to all Federal departments and agencies -- the administration of the Freedom of Information Act, as amended (the "Act"). The Act is a vital part of the participatory system of government. I am committed to enhancing its effectiveness in my Administration. For more than a quarter century now, the Freedom of Information Act has played a unique role in strengthening our democratic form of government. The statute was enacted based upon the fundamental principle that an informed citizenry is essential to the democratic process and that the more the American people know about their government the better they will be governed. Openness in government is essential to accountability and the Act has become an integral part of that process. The Freedom of Information Act, moreover, has been one of the primary means by which members of the public inform themselves about their government. As Vice President Gore made clear in the National Performance Review, the American people are the Federal Government's customers. Federal departments and agencies should handle requests for information in a customer-friendly manner. The use of the Act by ordinary citizens is not complicated, nor should it be. The existence of unnecessary bureaucratic hurdles has no place in its implementation. I therefore call upon all Federal departments and agencies to renew their commitment to the Freedom of Information Act, to its underlying principles of government openness, and to its sound administration. This is an appropriate time for all agencies to take a fresh look at their administration of the Act, to reduce backlogs of Freedom of Information Act requests, and to conform agency practice to the new litigation guidance issued by the Attorney General, which is attached. Further, I remind agencies that our commitment to openness requires more than merely responding to requests from the public. Each agency has a responsibility to distribute information on its own initiative, and to enhance public access through the use of electronic information systems. Taking these steps will ensure compliance with both the letter and spirit of the Act. (s) William J. Clinton ------ Oct. 4, 1993 MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES Subject--The Freedom of Information Act President Clinton has asked each Federal department and agency to take steps to ensure it is in compliance with both the letter and the spirit of the Freedom of Information Act (FOIA), 5 U.S.C. 552. The Department of Justice is fully committed to this directive and stands ready to assist all agencies as we implement this new policy. First and foremost, we must ensure that the principle of openness in government is applied in each and every disclosure and nondisclosure decision that is required under the Act. Therefore, I hereby rescind the Department of Justice's 1981 guidelines for the defense of agency action in Freedom of Information Act litigation. The Department will no longer defend an agency's withholding of information merely because there is a "substantial legal basis" for doing so. Rather, in determining whether or not to defend a nondisclosure decision, we will apply a presumption of disclosure. To be sure, the Act accommodates, through its exemption structure, the countervailing interests that can exist in both disclosure and nondisclosure of government information. Yet while the Act's exceptions are designed to guard against harm to governmental and private interests, I firmly believe that these exemptions are best applied with specific reference to such harm, and only after consideration of the reasonably expected consequences of disclosure in each particular case. In short, it shall be the policy of the U.S. Department of Justice to defend the assertion of a FOIA exemption only in those cases where the agency reasonably foresees that disclosure would be harmful to an interest protected by that exemption. Where an item of information might technically or arguably fall within an exemption, it ought not to be withheld from a FOIA requester unless it need be. It is my belief that this change in policy serves the public interest by achieving the Act's primary objective -- maximum responsible disclosure of government information -- while preserving essential confidentiality. Accordingly, I strongly encourage your FOIA officers to make "discretionary disclosures" whenever possible under the Act. Such disclosures are possible under a number of FOIA exemptions, especially when only a governmental interest would be affected. The exemptions and opportunities for "discretionary disclosures" are discussed in the Discretionary Disclosure and Waiver section of the "Justice Department Guide to the Freedom of Information Act." As that discussion points out, agencies can make discretionary FOIA disclosures as a matter of good public policy without concern for future "waiver consequences" for similar information. Such disclosures can also readily satisfy an agency's "reasonable segregation" obligation under the Act in connection with marginally exempt information, see 5 U.S.C. 552(b), and can lessen an agency's administrative burden at all levels of the administrative process and in litigation. I note that this policy is not intended to create any substantive or procedural rights enforceable at law. In connection with the repeal of the 1981 guidelines, I am requesting that the Assistant Attorneys General for the Department's Civil and Tax Divisions, as well as the United States Attorneys, undertake a review of the merits of all pending FOIA cases handled by them, according to the standards set forth above. The Department's litigating attorneys will strive to work closely with your general counsels and their litigation staffs to implement this new policy on a case-by-case basis. The Department's office of Information and Privacy can also be called upon for assistance in this process, as well as for policy guidance to agency FOIA officers. In addition, at the Department of Justice we are undertaking a complete review and revision of our regulations implementing the FOIA, all related regulations pertaining to the Privacy Act of 1974, 5 U.S.C. 552a, as well as the Department's disclosure policies generally. We are also planning to conduct a Department-wide "FOIA Form Review." Envisioned is a comprehensive review of all standard FOIA forms and correspondence utilized by the Justice Department's various components. These items will be reviewed for their correctness, completeness, consistency and particularly for their use of clear language. As we conduct this review, we will be especially mindful that FOIA requesters are users of a government service, participants in an administrative process, and constituents of our democratic society. I encourage you to do likewise at your departments and agencies. Finally, I would like to take this opportunity to raise with you the longstanding problem of administrative backlogs under the Freedom of Information Act. Many Federal departments and agencies are often unable to meet the Act's ten-day time limit for processing FOIA requests, and some agencies -- especially those dealing with high-volume demands for particularly sensitive records -- maintain large FOIA backlogs greatly exceeding the mandated time period. The reasons for this may vary, but principally it appears to be a problem of too few resources in the face of too heavy a workload. This is a serious problem -- one of growing concern and frustration to both FOIA requesters and Congress, and to agency FOIA officers as well. It is my hope that we can work constructively together, with Congress and the FOIA-requester community, to reduce backlogs during the coming year. To ensure that we have a clear and current understanding of the situation, I am requesting that each of you send to the Department's Office of Information and Privacy a copy of your agency's Annual FOIA Report to Congress for 1992. Please include with this report a letter describing the extent of any present FOIA backlog, FOIA staffing difficulties and any other observations in this regard that you believe would be helpful. In closing, I want to reemphasize the importance of our cooperative efforts in this area. The American public's understanding of the workings of its government is a cornerstone of our democracy. The Department of Justice stands prepared to assist all federal agencies as we make government throughout the executive branch more open, more responsive, and more accountable. /s/ Janet Reno ------------------------------ From: David Sobel Date: Tue, 5 Oct 1993 16:51:12 EST Subject: File 2--CPSR Key Escrow Comments CPSR Key Escrow Comments September 27, 1993 Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Re: Request for Comments; Docket No. 930659-3159 This letter constitutes the formal comments of Computer Professionals for Social Responsibility (CPSR) on the proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES), as described in the Federal Register on July 30, 1993 (58 FR 40791). CPSR, a national organization of professionals in the computing field, has a long-standing interest in government policies concerning cryptography and computer security. During the past several years we have pursued an extensive study of cryptography policy in the United States. We have organized several public conferences, conducted litigation under the Freedom of Information Act, and appeared on a number of panels to discuss the importance of cryptography for privacy protection and the need to scrutinize carefully government proposals designed to limit the use of this technology. While we do not represent any particular computer company or trade association, we do speak for a great many people in the computer profession who value privacy and are concerned about the government's key escrow initiative. To properly evaluate the key escrow proposal, it is necessary to consider the Computer Security Act of 1987, which made clear Congress' intent that in the area of unclassified computing systems NIST -- and not the National Security Agency (NSA) -- would be responsible for the development of technical standards. The Act emphasizes public accountability and stresses open decision-making. In the spirit of the Act, NIST set out in 1989 to develop a public key cryptography standard. According to documents obtained by CPSR through the Freedom of Information Act (FOIA), NIST recommended that the algorithm be "public, unclassified, implementable in both hardware or software, usable by federal Agencies and U.S. based multi-national corporations." However, the key escrow proposal and the proposed Clipper and Capstone configurations are quite different: the underlying Skipjack algorithm is classified; public access to the reasons behind the proposal is restricted; Skipjack can be implemented only in tamper-proof hardware; the key escrow system is unlikely to be used by multi-national corporations; and the security of the algorithm remains unproved. The key escrow proposal undermines the central purpose of the Computer Security Act and conflicts with the goals NIST itself articulated in 1989. The most significant deficiencies of the proposal are set forth below. * The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The Federal Register notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." In a recent briefing for Congressional staffers, however, Justice Department representatives indicated that NIST and a "non-law enforcement" component of the Treasury Department will be designated as the escrow agents. Such an arrangement would be cause for serious concern and would not constitute a true "escrow" system. As described in the Federal Register notice, To escrow something (e.g., a document, an encryption key) means that it is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition" (Webster's Seventh New Collegiate Dictionary). A key escrow system is one that entrusts components of a key used to encrypt telecommunications to third persons, called key component escrow agents. It is, we submit, disingenuous to apply the word "escrow" to an arrangement whereby two components of the Executive branch (NIST and Treasury) would be providing cryptographic keys to another component of the Executive branch (a law enforcement agency). By any stretch of the imagination, such a system would lack the "third party" that is an integral part of any true escrow system. Notwithstanding the identity of the escrow agents, the proposed key escrow configuration may also create a dangerous vulnerability in the nation's communications networks. The risks of misuse of this feature greatly outweigh any perceived benefit. * The Federal Register notice states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term leaves open the possibility that court-issued warrants may not be required in some circumstances. Indeed, in NIST's letter of invitation to the five experts who were selected to evaluate the Skipjack algorithm (recently released to CPSR under the FOIA), the agency describes the escrow system and states that the key components will be made available "only to authorized government officials under proper legal authorizations, usually a court order." Network users cannot be expected to embrace a communications security system that -- in the words of the agency proposing the system -- will "usually" require a court order before the privacy of a communication is compromised. Those circumstances in which judicial warrants will not be required must be precisely and unambiguously described before any meaningful public debate of the proposal can proceed. * The classification of the Skipjack algorithm as a "national security" matter is inappropriate for technology that will be used primarily in civilian and commercial applications. Classification of such technical information limits the computing community's ability to evaluate fully the proposal and the general public's right to know about the activities of government in this vitally important area. CPSR has initiated litigation in federal district court challenging NSA's failure to disclose information relevant to the key escrow system. CPSR v. NSA, et al., Civil Action No. 93-1074 (D.D.C.). NSA recently requested a one-year delay in those judicial proceedings. We submit that complete and meaningful public comment on the key escrow proposal is impossible until all relevant documentation has been made available for public review. * The key escrow proposal was not developed in response to a public concern or a request from industry. It was put forward by the National Security Agency and the Federal Bureau of Investigation so that those two agencies could more easily conduct surveillance of electronic communications. It has not been established that such surveillance is necessary for crime prevention. The number of arrests resulting from wiretaps has remained essentially unchanged since the federal wiretap law was enacted in 1968. Likewise, it has not been demonstrated that the use of encryption technology has in any way hampered the ability of law enforcement agencies to execute court-ordered electronic surveillance warrants. * Adoption of the proposed key escrow standard would have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys. The key escrow proposal is the most recent manifestation of the government's outdated and unrealistic attempt to "control" the dissemination of emerging information technologies, often to the detriment of American developers and innovators. In a recent letter to the President, a bi-partisan group of Congressmen (including Majority Leader Gephardt and Minority Whip Gingrich) noted the folly of this course: Encrypted mass market software has been subject to ... outdated controls. Mass market software is available from foreign manufacturers and distributors and is easily transmitted using only a long distance telephone line and a modem. Yet, the United States continues to control this computer software as a Munitions List item. It is difficult to understand the utility of controlling such equipment and technology when it is so easily available to those from whom we are trying to keep it. Yet, by imposing controls, we are limiting the ability of American businesses to export some of their most marketable items. As a result, we are losing our competitive edge in these areas. * * * In summary, we believe the key escrow proposal is an ill- conceived and futile attempt to control the development and wide dissemination of effective, privacy-enhancing encryption technology. The proposal was spawned by highly dubious and unproven "law enforcement" assertions and, if adopted, would create unacceptable vulnerabilities in our information infra- structure. Network users have a right to secure and effective means of communication, uninhibited by law enforcement and intelligence agency attempts to monitor and control telecommuni- cations systems. NIST should abandon the key escrow proposal and, pursuant to its mandate under the Computer Security Act and the Omnibus Trade and Competitiveness Act, encourage the development and use of the strongest possible communications security technologies. Sincerely, Marc Rotenberg David L. Sobel Director, CPSR Washington Office CPSR Legal Counsel ------------------------------ From: ygoland@HURRICANE.SEAS.UCLA.EDU Subject: File 3--Sea Joins the Encryption Game Date: Sun, 3 Oct 1993 05:34:33 -0800 (PDT) To: September 28, 1993 Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 ~From: The Society for Electronic Access P.O. Box 3131 Church Street Station New York, New York 10008-3131 Voice telephone: (212) 592-3801 Internet e-mail: Sea@Sea.org The Society for Electronic Access's response to the call for Public Comment contained in: FEDERAL REGISTER VOL. 58, No. 145 DEPARTMENT OF COMMERCE (DOC) National Institute of Standards and Technology (NIST) Docket No. 930659-3159 RIN 0693-AB19 A Proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES) 58 FR 40791 The Society for Electronic Access would like to register its concern with the proposed implementation of the Clipper Chip/Skipjack Algorithm key escrow scheme. These related protocols will be referred to as a group as "Clipper" in the body of this letter. While we do not object to classification of Federal Information Processing Standards (FIPS) for encrypting information vital to national security, we believe that a system for transferring sensitive but unclassified information used by civilian Government offices, corporations and private citizens should be open to public review. NIST, by calling for public comment, would seem to be inviting just such a review. However, NIST will not let the public examine either the Clipper Chip or the Skipjack algorithm, has not commissioned studies concerning either the cost or impact of the Clipper plan, and will not let the public examine studies undertaken by the NSA on the issue of escrow agency security. Furthermore, since an escrow scheme requires a trusted third party while in the proposed scheme NIST itself is one of the key holders, we feel that NIST will not be able to review public comment as a disinterested party. Under these circumstances we feel a call for public comment is hampered. Our concerns with Clipper fall into four broad categories: it is unnecessary; the present Administration has promoted its "voluntary" use by the public without abjuring the possibility of outlawing competing systems; the key escrow scheme is not a true escrow; and attempts to gather information necessary for a public assessment of Clipper have met obstacles raised by the Government. These concerns are enumerated below. 1) Clipper is unnecessary. Clipper is not a response to any public need. In a reply to questions about Clipper from RSA, NIST states that "[the decisions made about Clipper] offer a balance among the various needs of corporations and citizens for improved security and privacy and of the law enforcement community for continued legal access to the communications of criminals." Corporations and citizens can already obtain "improved security and privacy" from a wide variety of sources, as there are several commercially available encryption standards currently on the market. Since the public already has what NIST says it needs, it follows that the only reason for Clipper to exist is the addition of the Law Enforcement Access Field (LEAF), which allows the government to decrypt all messages encrypted by Clipper. Furthermore, the phrase "legal access to the communications of criminals" is particularly chilling, as it demonstrates a lack of sensitivity to the rule of law. Neither the FBI nor any other agency entrusted with surveillance activities can determine in advance of a trial whether a citizen is a criminal or not. We believe NIST's attitude belies a misunderstanding of the rights of American citizens. 2) The Administration has promoted its "voluntary" use by the public without abjuring the possibility of outlawing competing systems. NIST has consistently maintained that outside Federal use, adoption of Clipper by citizens and individuals will be strictly voluntary. When pressed on this point by RSA, NIST responded "There are no current plans to legislate the use of Clipper. Clipper will be a government standard, which can be - and likely will be - used voluntarily by the private sector. The option for legislation may be examined during the policy review ordered by the President." We are concerned that asking for public approval of Clipper as one of several encryption possibilities open to the public while the possibility of outlawing all other options still exists will prevent legitimate assessment of Clipper's ultimate impact. Furthermore, many organizations from small companies to multi-national corporations have invested in alternative encryption schemes like RSA, Diffie-Hellman and IDEA, many of them based solely on software and therefore incompatible with Clipper even as a retro-fit. To outlaw these schemes would cause them an enormous fiscal burden, as well as mandating a US-only standard incompatible with the protocols chosen by many international standard-setting organizations, thereby reducing the competitiveness of US companies doing business in the international arena. We feel that unless the present administration publicly abjures the possibility of banning alternate methods of encryption, no true analysis of Clipper is possible. 3) The escrow scheme does not use true escrow agencies. This scheme has been publicly promoted as an escrow scheme, but the core of any functioning escrow scheme is the presence of a trusted third party (or in this case two trusted third parties.) We are concerned with the idea that Governmental agencies will hold these positions, as they are not truly third parties. In addition, we are particularly concerned that the same agency is responsible for reviewing Public Comment on the proposed encryption scheme and occupying the position of one of the two key holders. We are not convinced that NIST can fulfill both roles without conflict of interest. 4) Attempts to gain information necessary for public review of Clipper have met obstacles raised by the Government. The National Security Agency has asked for an increased period of time to respond to FOIA requests for information about Clipper, from 10 business days to one year. Ten business days falls within the Public Comment period. One year does not. We feel that if NSA requires this period of time to comply with requests for information that the period for public analysis and comment should also be extended for an equal period of time. Based on these concerns, the Society for Electronic Access feels that NIST should not implement the Clipper plan without commissioning studies on the cost and impact of implementing Clipper, without providing real assurances that Clipper is not a prelude to outlawing other encryption schemes, without an implementation of an escrow scheme in which NIST does not both review and participate in the proposal, and without NSA complying with FOIA requests outstanding from before September 28, 1993. Respectfully submitted, Clay Shirky Board Member, Society for Electronic Access ------------------------------ Date: Mon, 4 Oct 93 04:29:19 PDT From: Fredrick B. Cohen Subject: File 4--Re: ITAR and export regulations Your discussion seems very strange to me. I seem to think I have heard it all before - about 3 years ago - when I got permission from the government to export an RSA cryptosystem with no restriction on key length or anything else. It took a few weeks (6-8 as I recall), but all I did was submit the software to the government (in 12 copies or so), and request a ruling. After a few call-backs, I got permission. I'm not an authorized arms dealer, and of course I can't reimport what I have exported, but then I rarely have a reason to do so. By the way, my understanding is that it is not the concept of modular exponentiation that is covered by the RSA, but rather their particular algorithm for key generation. Am I mistaken? I do key generation with a slightly different algorithm - more efficient at some things, less efficient at others. All of this is not to say that I think it is reasonable to prevent us from doing as we please in this area, and I certainly wish I didn't have to wait so long before distributing new versions overseas, but why not just apply for export and see what happens? Maybe you'll get permission and it will all be no problem. IBM has been exporting DES for quite a few years according to sources I have in EC who have seen IBM chips with DES on them in EC computers. I believe they simply asked for permission and got it. I applaud the EFF for helping defend people in this area, but maybe if they tried to work within the law in the first place, they would have found it was easier to obey the law than break it. Maybe if they apply now, they will end up with a no-case (assuming they get permission). The court is generally pretty lenient under these circumstances, and who would want to prosecute you once they find out that there was no damage caused? ------------------------------ Date: Fri, 8 Oct 1993 05:43:44 GMT From: emr@EE.MU.OZ.AU(Elizabeth Reid) Subject: File 5--Sexual harassment via computers (newspaper article). This article appeared on Page 8 of the Australian newspaper _The Age_ on Tuesday 5 October 1993. Permission has been granted by the author and the newspaper for the article's reproduction in the Computer Underground Digest and the Computers and Academic Freedom electronic digests and Usenet newsgroups. UNI TO LOOK INTO SEXUAL HARASSMENT VIA COMPUTER By JOANNE PAINTER Education reporter Computers have been blamed for many social ills but sexual misconduct was never one of them. Now, however, the University of Melbourne is investigating the link between computers and sexual harassment on campus. A five-member group was formed last month to investigate the extent of sexual harassment occurring via the university's computer networks and electronic mail systems. It follows several cases in which people received sexually explicit and harassing letters. Some of the instances occurred after hackers got into the system. The existence of sexually explicit material in networks and personal attacks carried out through the networks are also believed to have offended people. The university's sexual harassment adviser, Dr Murray Seiffert, said that the university was aware of such sexual harassment. But he said the group was formed to "nip the problem in the bud" rather than respond to an existing pattern of harassment. "We know there has been the odd case come up and in a place like ours that does take place," he said. "We have said we have a problem and (we) want to find out how big it is." The director of the Advanced Computer Graphics Centre at the Royal Melbourne Institute of Technology, Mr Mike Gigante, said the exchange of sexually explicit and harassing material was common on electronic mail systems. He said it was difficult to monitor and police the exchange of such material. "People tend to be far more abusive on bulletin boards or EMAIL than they would face to face.. Some of the exchanges I have seen on these news groups have been outrageous. If they said it face to face, the person saying it would be in court with libel and slander suits." Dr Seiffert said electronic-based sexual harassment was almost inevitable in an organisation with 25,000 staff and students, thousands of computers that was [sic] linked into the global Internet information network. He acknowledged the difficulty of preventing harassment but he said offenders would face disciplinary proceedings, including expulsion. "Potentially it's a fairly big problem here because of the place having a large number of computers," he said. The group will report back to the university's equal opportunity committee next month. ------------------------------ Date: Sun, Oct 4 1993 21:32:32 CDT From: Michael Hauben Subject: File 6--The Net and Netizens (Paper) ((Moderators' Note: The following excerpt is from Michael Hauben's substantial and useful paper: "The Net and Netizen's: The Impact the Net has on People's Lives." The full text, about 80 K, can be obtained from the CuD ftp sites)). ++++ II. INTRODUCTION The world of the Netizen was envisioned some twenty five years ago by J.C.R. Licklider and Robert Taylor in "The Computer as a Communication Device" (Science and Technology, April 1968). Licklider brought to his leadership of the Department of Defense's ARPANET a vision of "the intergalatic computer network." Whenever he would speak of ARPANET, he would mention this vision. J.C.R. Licklider was a prophet of the Net. In his paper, "The Computer as a Communication Device", Licklider establishes several helpful principles as to make the computer play a helpful role in human communication. Licklider clarified his definition of communication as a creative process by writing: "But to communicate is more than to send and to receive. Do two tape recorders communicate when they play to each other and record from each other? Not really - not in our sense. We believe that communicators have to do something nontrivial with the information they send and receive. And to interact with the richness of living information -- not merely in the passive way that we have become accustomed to using books and libraries, but as active participants in an ongoing process, bringing something to it through our interaction with it, and not simply receiving from it by our connection to it...We want to emphasize something beyond its one-way transfer: the increasing significance of the jointly constructive, the mutually reinforcing aspect of communication - the part that transcends 'now we both know a fact that only one of us knew before.' When minds interact, new ideas emerge. We want to talk about the creative aspect of communication." Licklider defines four principles for computers to make a contribution towards human communication. They are: 1) Communication is defined as an interactive creative process. 2) Response times needs to be short to make the "conversation" free and easy. 3) The larger network would form out of smaller regional networks. 4) Communities would form out of affinity and common interests. In this paper I will explore the uses Netizens have discovered for the Net. Licklider's understandings from his 1968 paper have stood the test of time, and do represent the Net today. In a later paper he co-wrote with Albert Vezza, "Applications of Information Networks" (Proceedings of IEEE, Vol 66, No 11, Nov 1978) Licklider explores possible business applications of information networks. Licklider's survey of business applications in 1978 come short of the possibilities he outlaid in his earlier paper, and represent but a tiny fraction of the resources the Net currently embodies. ------------------------------ Date: Fri, 20 Aug 1993 13:19:32 -0700 From: Richard Budrevich Subject: File 7--E-mail Announcements From O'Reilly & Associates SUBSCRIBING TO ORA-NEWS If you would like to receive this service, we now have an easy automated way for you to subscribe to our "ora-news" mailing list. To subscribe, address an e-mail message to: listproc@online.ora.com Put the following information on the first line of your message (not in the Subject:, because commands there are ignored): subscribe ora-news "Your Name" of "Your Company" for example: subscribe ora-news Jane Doe of Bland University Within the next day or so (usually much sooner), you should get a reply message welcoming you to the list. If you don't get a reply, or you have other problems or questions, please send mail to: listown@online.ora.com -- tell us when you sent your message and include your telephone number. (If you have more than one computer account or read e-mail on several different services, be sure to send your subscription request from the place where you want to read "ora-news." Our system automatically reads your e-mail address from your message and registers you at that particular address.) ------------------------------ Date: Sun, 10 Oct 1993 16:35:06 CDT From: CuD Moderators Subject: File 8--A Few More CuD-Carrying BBSes Here are a few more BBSes carrying CuDs, PHRACKs, and other 'Zines. One of these days, perhaps an ambitious reader could compile a substantial BBS directory, organized by area code, of BSSes specializing in text files. From--aphelps%vicstoy%alfred@OSCEOLA.CS.UCF.EDU(Austin Phelps) Subject--CuD BBS Date--Mon, 13 Sep 1993 23:14:43 -0400 (EDT) LIGHTNING STRIKE BBS carries CuDs as well. Lightning Strikes Here 14.4 down to 1200. I have all CuD with the Index. Packed up with PKZIP 2 format. More Info is in the Sig. Thanks. -- \ Austin C. Phelps \ Internet:aphelps@vicstoy.oau.org / Lightning Strikes Here / UUCP: ucf-cs!vicstoy!aphelps \ FutureNet #44 (407) 297-7288 FutureNet: #1@#44 or #2@#10 or #59@#1 / Apple II Forever / \ FidoNet: Austin Phelps@1:363/18 ================================================================= Date--Thu, 09 Sep 93 20:54:35 EDT From--System Operator The Decode BBS in Columbia, Maryland, carries both comp.society.cu-digest and back issues under /public/cud-arch. It also offers a complete set of Phrack issues in /public/phrack. There are also various computer underground documents and programs in the files section. Decode BBS is reachable at +1 410 730 6734. I am available at uunet!anagld!decode!system. system@decode.UUCP (System Operator) Cryptography, Security, Privacy +1 410 730 6734 Data/FAX ==================================================================== From--metal@PNET01.CTS.COM(Conal .) RABBS is officially going to be open 5 October 1993. The number is 612.251.8596 and will (crossing fingers%) be online Internet within a month (er two). RABBS has changed names to "the Alliance BBS"...but will hopefully use RABBS.whatever for mailing. ------------------------------ Date: 10 Oct 1993 17:51:14 +0100 From: mch@DOC.IC.AC.UK(Mike C Holderness) Subject: File 9--Survey: what harassment _is_ there on the Net? ((MODERATORS' NOTE: Mike Holderness's past writings, including some some published in CuD, the Times Higher Education Supplement, and elsewhere, demonstrate that he is competent, non-sensationalistic, and incisive. We trust that he will share some of his findings with CuD readers when the story is finished. The following is reprinted from Carl Kadie's alt.comp.acad-freedom.talk, a Usenet group devoted to issues of net policy and events related to academic freedom)). The Times Higher Education Supplement wants me to do a piece on harassment on the Net. No, I am not about to go all sensationalist. Neither am I about to abstain from the phone system, let alone call for it to be monitored or shut down; in my lifetime I have received one nearly-obscene call, one bomb threat and dozens of silent harassers through that technology, but I find it, like the Net, rather useful. Neither am I at all interested right now in pictures, except for specific reports of their being used to harass an individual. I want to look at this phenomenon as a form of harassment, not as a nasty mysterious technological thang. And I want to look at the _debate_ around it. I hope readers will see this attempt to communicte calmly with largely non-Net-connected academics as a useful use of bandwidth. I'm hoping for answers to the following. I don't expect any one person to answer them all. * How would you say that email harassment is different from other forms of harassment -- by mail, by phone, in person? * Would you comment on a _guess_ I make about the phenomenon, which is this: To senders, a harassing message takes place in the "privacy" of their computer environment and/or may seem impersonal; whereas to recipients the harassing message is as deeply personal as a phone call, is addressed to them individually, and is harder to "put down" than a phone. * Have you experienced any form of harassment on the Net? Are you prepared to (can you bear to?) describe the incident? Do you personally know anyone else who has/can? * Do you know of any statistics and where I can get them? * What do you think is the best way of dealing with harassment? With Net harassment specifically? Is there an appropriate institutional response (e.g. from a harasser's system administrator?) * Why do you think the issue generates such excitement on the Net? * Ironically, in dealing with the some of the preconceptions which I know many Net users to have about journalists dealing with this and similar issues, I have had to set out a pretty thorough pre-agenda for the piece rather than asking open questions. Do you have a comment on this? Please indicate how you would prefer your comments to be used. [ ] With full attribution including where you work [ ] With name and occupation/post only [ ] Anonymously [ ] This is background. It never happened. (Please check one in response and give any relevant info). I look forward to hearing from you! Please reply by email. I will summarise. Replies before Wednesday October 13 are more likely to be used. --- The THES is _the_ weekly publication for people working in higher education in the UK. I also write for New Scientist and (right to left) the Daily Telegraph, the Independent and the Guardian. --- I tried to post this on Monday Oct 5, but it never got back to my site. Apologies for any multiple-posting to individual groups. Mike Holderness mch@doc.ic.ac.uk mikeh@gn.apc.org ------------------------------ End of Computer Underground Digest #5.79 ************************************