Computer underground Digest Wed Sep 21, 1994 Volume 6 : Issue 83 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Urban Legend Editor: E. Greg Shrdlugold CONTENTS, #6.83 (Wed, Sep 21, 1994) File 1--EPIC Letter on Wiretap Bill File 2--EFF Policy Dir. Jerry Berman, 09/13/94 HR Testimony on DigTel bill File 3--Dig Teleph Bill (HR 4922) to be marked up in Sen. Judic. Comm File 4-- For CUD: Pizza by E-mail in Santa Cruz File 5--One Hundred Reasons to Oppose the FBI Wiretap Bill (CPSR) File 6--Cu Digest Header Information (unchanged) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. ---------------------------------------------------------------------- Date: Wed, 21 Sep 1994 16:25:03 EST From: David Sobel Subject: File 1--EPIC Letter on Wiretap Bill EPIC Letter on Wiretap Bill September 13, 1994 Hon. Jack Brooks Chairman Committee on the Judiciary U.S. House of Representatives 2138 Rayburn House Office Bldg. Washington, DC 20515 Dear Chairman Brooks: We are writing with regard to H.R. 4922, the Federal Bureau of Investigation's proposed wiretap legislation now pending before the Judiciary Committee. As you know, the current bill is the most recent version to emerge from a process that began more than two years ago, when the FBI first sought legislation to ensure its ability to conduct electronic surveillance through mandated design changes in the nation's information infrastructure. The Electronic Privacy Information Center (EPIC) has monitored that process closely and has scrutinized the FBI's claims that remedial legislation is necessary. EPIC has sponsored conferences at which the need for such legislation was debated with the participation of the law enforcement community, the telecommunications industry and privacy advocates. We have also sought the disclosure of all relevant information through a series of requests under the Freedom of Information Act. Having thus examined the issue, EPIC remains unconvinced of the necessity or advisability of the pending bill. The Need for the Proposed Legislation As a threshold matter, we do not believe that a compelling case has been made that new communications technologies hamper the ability of law enforcement agencies to execute court orders for electronic surveillance. For more than two years, EPIC has sought the public disclosure of any FBI records that might document the alleged problem. To date, no such documentation has been released. We recently initiated litigation under the FOIA in federal district court seeking disclosure of two internal FBI surveys cited by Director Freeh in support of the proposed legislation. Through earlier litigation we discovered that no FBI field offices had reported technical difficulties in executing court-ordered electronic surveillance. In fact, several field offices reported that they had not encountered such problems. Without public scrutiny of factual information on the nature and extent of the alleged technological impediments to surveillance, the FBI's claims remain anecdotal and speculative. Indeed, representatives of the telecommunications industry have consistently maintained that they are unaware of any instances in which a communications carrier has been unable to comply with law enforcement's requirements. For instance, in Congressional testimony on March 18, 1994, Roy Neel, President of the United States Telephone Association stated that, In the quarter century since the federal government first authorized court ordered wiretaps there have been tens of thousands of requests for assistance from local telephone exchange companies. In virtually every instance the local telephone company provided the appropriate law enforcement authority with the timely assistance it needed to effect the intercept. Under these circumstances, the nation should not embark upon a costly and potentially dangerous re-design of its telecommunica- tions network solely to protect the viability of fewer than 1000 annual surveillances against wholly speculative impediments. Increased Risk of Network Vulnerability Our nation's communications infrastructure has never before been designed with the stated purpose of facilitating the interception of private communications. The proposed legislation would require, for the first time, that the telephone network must have vulnerabilities intentionally built into it. The potential pitfalls of such a course are apparent. As the General Services Administration noted in its analysis of an earlier version of the FBI's proposal (which we obtained under the FOIA), The proposed legislation would assist eavesdropping by law enforcement, but it would also apply to users who acquire the new technology capability and make it easier for criminals, terrorists, foreign intelligence (spies) and computer hackers to electronically penetrate the phone network and pry into areas previously not open to snooping. This situation of easier access due to new technology changes could therefore affect national security. As your report on the Computer Security Act of 1987 noted, "lack of computer security is a serious problem since such systems are the core of every modern organization." H. Rpt. 100-153, Part 2, at 10. With an ever-increasing flow of sensitive commercial and personal information traveling through the communications infrastructure, we should be seeking to strengthen the security of those transmissions. Unfortunately, as the GSA recognized, the pending legislation is likely to have the precise opposite effect on communications security. A Threat to Privacy in the Future We also believe that the proposed legislation would establish a dangerous precedent for the future. While the FBI claims that the legislation would not enhance its surveillance powers beyond those contained in existing law, the pending bill represents a fundamental change in the law's approach to electronic surveillance and police powers generally. The legislation would, for the first time, mandate that our means of communications must be designed to facilitate government interception. While we as a society have always recognized law enforcement's need to obtain investigative information upon presentation of a judicial warrant, we have never accepted the notion that the success of such a search must be guaranteed. By mandating the success of police searches through the re-design of the telephone network, the proposed legislation breaks troubling new ground. The principle underlying the pending bill could easily be applied to all emerging information technologies and be incorporated into the design of the National Information Infrastructure. It could also soon lead to the prohibition of encryption techniques other than government-designed "key escrow" or "Clipper" type systems. In short, EPIC believes that the proposed FBI wiretap bill raises substantial civil liberties and privacy concerns. The present need for the legislation has not been established and its future implications are frightening. In the spring of 1992, you convened hearings on law enforcement's claimed need to restrict the development and use of privacy-enhancing encryption technology. You observed that "the decisions we make in this area could have a profound impact on the future of U.S. industry and our society as a whole." We share your concern and urge you to examine closely both the claimed need for H.R. 4922 and its desirability for our democratic society. Sincerely, ______________________________ ______________________________ Marc Rotenberg David L. Sobel Director Legal Counsel ------------------------------ Date: Wed, 21 Sep 1994 16:22:11 EST From: mech@eff.org (Stanton McCandlish) Subject: File 2--EFF Policy Dir. Jerry Berman, 09/13/94 HR Testimony on DigTel b ill Electronic Frontier Foundation Testimony of Jerry J. Berman, Policy Director Electronic Frontier Foundation before the United States House Of Representatives Committee on Energy and Commerce Subcommittee On Telecommunications and Finance Hearing on Digital Telephony Legislation (H.R. 4922) September 13, 1994 Chairman Markey and Members of the Subcommittee: I want to thank you for the opportunity to testify today on the recently introduced Digital Telephony bill (H.R. 4922, S. 2375). Over the past several years under the leadership of Chairman Markey, Representatives Fields, Boucher, and others, the Subcommittee has demonstrated knowledge, sensitivity, and vision in crafting our nation's telecommunications policy. I am pleased that the Subcommittee has chosen to apply its experience and expertise to the extraordinarily complex issues posed by the Digital Telephony legislation. The Electronic Frontier Foundation (EFF) is a public interest membership organization dedicated to achieving the democratic potential of new communications and computer technology and works to protect civil liberties in new digital environments. EFF also coordinates the Digital Privacy and Security Working Group (DPSWG), a coalition of more than 50 computer, communications, and public interest organizations and associations working on communications privacy issues. I am testifying today, however, only on behalf of EFF. Since 1992, the Electronic Frontier Foundation has opposed a series of FBI Digital Telephony proposals, each of which would have forced communications companies to install wiretap capability into every communications network. However, earlier this year, when it became apparent that some version of the bill would pass the Congress, Senator Patrick Leahy and Representative Don Edwards asked EFF, along with computer and communications industry groups, to participate in a process that would yield a narrow bill that both met law enforcement needs and had strong privacy protections. The result of that process is the bill before us today. EFF remains deeply troubled by the prospect of the federal government requiring communications networks to be made "wiretap ready," but we believe that this legislation is substantially less intrusive that the original FBI proposals. If Congress is going to act in this area, it should work to improve and pass this version of the legislation. As I testified to before a joint hearing of the House Subcommittee on Civil and Constitutional Rights and the Senate Subcommittee on Technology and the Law on August 11, 1994, we have worked diligently on this legislation with all interested parties in an effort to strike a careful balance between law enforcement's ability to conduct electronic surveillance and the more important public good -- the right to privacy guaranteed by the 4th amendment. The bill strikes this balance in a number of critical areas: * Law enforcement gains no additional authority to conduct electronic surveillance. The warrant requirements specified under current law remain unchanged * The standard for law enforcement access to online transactional records is raised to require a court order instead of a mere subpoena * Information gleaned from pen register devices is limited to dialed number information only. Law enforcement may not receive location-specific information * The bill does not preclude a citizen's right to use encryption * Privacy must be maintained in making new technologies conform to the requirements of the bill and privacy groups may intervene in the administrative standard-setting process. However, Mr. Chairman, the effectiveness of these privacy protections, as well as the future of technological innovation and the deployment of advanced telecommunications services to the American public, turn on one critical issue which remains to be addressed: Who assumes the risk and pays the cost of complying with the bill's requirements? The government or industry? EFF believes that allocating the risk and cost to industry will place privacy and security at risk if industry is required to foot the bill for unnecessary or unwarranted surveillance capabilities. Similarly, privacy may be shortchanged if industry takes short cuts to save costs in meeting the legislation's requirements. Industry may also be discouraged from deploying new and innovative technologies because of the costs of law enforcement compliance features. Finally, public accountability is undermined by making potentially significant law enforcement costs without public scrutiny and debate. In our view, the public interest can only be served if government assumes the risk and pays the costs of compliance. While effective law enforcement may be in the public interest, it should not come at the expense of other public goods -- privacy, public accountability, and technological innovation. To resolve this issue, we believe that the legislation should be amended to require government to pay all reasonable costs incurred to meet the statute's requirements on an ongoing basis. A. Linkage of cost to compliance requirements in the first four years -- the FBI gets what it pays for and no more The bill authorizes, but does not appropriate, $500 million to be spent by the government in reimbursing telecommunications carriers for bringing their networks into compliance with the bill within the first four years of enactment. The FBI maintains that this is enough money to cover all reasonable expenses of retrofitting. The industry, however, has consistently maintained that the costs are five to ten times higher. Given the FBI's confidence in their cost estimate, we believe that telecommunications carriers should only be required to comply to the extent that they have been reimbursed. In his testimony before a joint hearing of the House Subcommittee on Civil and Constitutional Rights and the Senate Subcommittee on Technology and the Law on August 11, 1994, the FBI director stated that "I think it would be [...] extremely unlikely for a district court judge in the process which is contemplated by this legislation to force compliance or use of any sanctions when compliance is impossible because of the non-reimbursement which is the predicate in the legislation". Based on the Director's previous testimony and other discussions with the FBI, EFF believes that the bill should include a provision to directly link telecommunications carriers liability with government reimbursement for retrofitting. B. Government reimbursement for compliance costs after four years -- public accountability necessary The problem, Mr. Chairman, is that under the current bill, the government is not responsible for paying the cost of meeting the mandated capability requirements after four years, particularly with respect to new services. The FBI has repeatedly argued that the costs for incorporating surveillance capabilities in new services at the design stage will be de minimis, a contention which most industry representatives and EFF believe may not be correct. As this Subcommittee is aware, it is impossible to estimate compliance costs for technologies which are not even on the drawing boards. The way to resolve the issue is to have the government assume the risks. If costs for compliance after four years are truly de minimis, then the expenses born by the taxpayers will be minimal. If, however, costs are substantial, the government should pay. This will insure that the government, on a case-by-case basis and with an opportunity for public oversight, determines if compliance is significant enough to pay for out of taxpayers' funds. This will also ensure that the government sets law enforcement priorities. As I stated earlier, if the telecommunications industry is responsible for all future compliance costs, it may be forced to accept solutions which short-cut the privacy and security of telecommunications networks, or be forced to leave advanced features on the shelf, slowing technological innovation and the development of the NII. Linking compliance to government reimbursement in the out years also has the added benefit of providing public oversight and accountability for law enforcement surveillance capability. The drafters of this legislation have wisely included public oversight of government surveillance expenditures in the first four years. This same principal should be applied to out year compliance costs. C. Ensure the right to deploy untappable services The enforcement provisions of the bill suggest, but do not state explicitly, that services which are untappable may be deployed. Having worked for many years towards the goal of promoting the development of the NII, the members of this Subcommittee are clearly aware that its promise and potential rest on the deployment of advanced technologies and services. EFF remains deeply concerned that technological innovation and the deployment of advanced telecommunications services to the public may be stifled if telecommunications carriers are forced to incur huge costs for compliance, or if the Government is allowed to prohibit a new feature or service from being deployed. Although EFF believes that the bill intends to allow carriers to deploy untappable features or services, the bill must clearly state that if it is technically and economically unreasonable to make a service tappable, or if the government has failed to reimburse a carrier for compliance costs, then it may be deployed, without interference by a court. Making the government responsible for all reasonable costs of having new services comply with the legislation will go a long way to insuring that this legislation will not be a drag on innovation. D. Additional areas where strengthening is necessary In addition to our concerns about compliance costs, EFF believes that the bill requires strengthening in the following areas before final passage: 1. Strengthened public process In the first four years of the bill's implementation, most of the requests that law enforcement makes to carriers are required to be recorded in the public record. However, additional demands for compliance after that time are only required to be made by written notice to the carrier. To facilitate public scrutiny, the bill should require all compliance requirements, whether initial requests or subsequent modification, must be recorded in the Federal Register. 2. Clarify definition of call identifying information The definition of call identifying information in the bill is too broad. Whether intentionally or not, the term now covers network signaling information of networks which are beyond the scope of the bill. As drafted, the definition would appear to require telecommunications carriers to deliver not only the signaling information generated by their own services, but also the signaling information generated by information services and electronic communication services that travel over the facilities of the telecommunication carrier. In many cases this may be technically impractical. Moreover, it is contrary to the policy adopted by the bill to maintain a narrow scope. 3. Review of minimization requirements in view of commingled communications The bill implicitly contemplates that law enforcement, in some cases, will intercept large bundles of communications, some of which are from subscribers who are not subject of wiretap orders. For example, when tapping a single individual whose calls are handled by a PBX, law enforcement may sweep in calls of other individuals as well. Currently the Constitution and Title III requires "minimization" procedures in all wiretaps, to minimize the intrusion on the privacy of conversations not covered by a court's wiretap order. In the world of 1968, when the original Wiretap Act was passed, most subscribers telecommunications facilities carried single conversations on single lines. But today, many conversations are co-mingled on one broadband communications facility. In order to ensure that constitutionally-mandated minimization is maintained, the bill should recognize that stronger minimization procedures may be required. E. New privacy protections The Digital Telephony legislation before us includes significant recognition that new communication technologies, and new patterns of technology use, require new privacy protections. Thanks to the work of Senator Leahy and Representative Edwards and Senator Biden, the bill contains a number of significant privacy advances, including enhanced protection for the detailed transactional information records generated by online information services, email systems, and the Internet. These protections should remain in the legislation. 1. Expanded protection for transactional records sought by law enforcement Chief among these new protections is an enhanced protection for transactional records from indiscriminate law enforcement access. For purposes of maintenance and billing, most online communication and information systems create detailed records of users' communication activities as well as lists of the information that they have accessed. Provisions in the bill recognize that this transactional information created by new digital communications systems is extremely sensitive and deserves a high degree of protection from casual law enforcement access which is currently possible without any independent judicial supervision. EFF commends the authors of this legislation for recognizing that law enforcement access to transactional records in online communication systems (everything from the Internet to America OnLine to hobbyist BBSs) threatens privacy rights. Indiscriminate access to transactional records implicates privacy interests because: * the records are personally identifiable, * they reveal the content of people's communications, and, * the compilation of such records makes it easy for law enforcement to create a detailed picture of people's lives online. Based on this recognition, the draft bill contains the following provisions: * Court order required for access to transactional records instead of mere subpoena In order to gain access to transactional records, such as a list of to whom a subject sent email, which online discussion group one subscribes to, or which movies a subject requested on a pay-per view channel, law enforcement will have to prove to a court, by the showing of "specific and articulable facts" that the records requested are relevant to an ongoing criminal investigation. This means that the government may not request volumes of transactional records merely to see what it can find through traffic analysis. Rather, law enforcement will have to prove to a court that it has reason to believe that it will find specific information relevant to an ongoing criminal investigation in the records it requests. With these provisions, we have achieved for all online systems a significantly greater level of protection than exists today for records such as email logs, and greater protection than currently exists for telephone toll records. The lists of telephone calls that are kept by local and long distance phone companies are available to law enforcement without any judicial intervention at all. Law enforcement gains access to hundreds of thousands of such telephone records each year, without a warrant and without even notice to the citizens involved. Court order protection will make it much more difficult for law enforcement to go on "fishing expeditions" through online transactional records, hoping to find evidence of a crime by accident. We have also submitted a detailed memorandum on the importance of protection and would ask that this document be included in the record of these proceedings along with this testimony. * Standard of proof much greater than for telephone toll records, but below that for content The most important change that these new provisions offer is that law enforcement will: (a) have to convince a judge that there is reason to look at a particular set of records, and; (b) have to expend the time and energy necessary to have a United States Attorney or District Attorney actually present a case before a court. However, the burden of proof to be met by the government in such a proceeding is lower than required for access to the content of a communication. 2. New protection for location-specific information available in cellular, PCS and other advanced networks Much of the electronic surveillance conducted by law enforcement today involves gathering telephone dialing information through a device known as a pen register. Authority to attach pen registers is obtained merely by asserting that the information would be relevant to a criminal investigation. Under current law, courts must approve pen register requests without any substantive review of the basis for law enforcement's request. This legislation offers significant new limits on the use of pen register data. Under this bill, when law enforcement seeks pen register information from a telecommunications carrier, the carrier is forbidden to deliver to law enforcement any information which would disclose the location or movement of the calling or called party. Cellular phone networks, PCS systems, and so-called "follow-me" services all store location information in their networks. This new limitation is a major safeguard which will prevent law enforcement from casually using mobile and intelligent communications services as nation-wide tracking systems. 3. New limitations on "pen register" authority Contemporary uses of pen registers also involve substantial privacy invasion, even aside from location information. Currently, law enforcement is able to use pen registers to capture not only the telephone number dialed, but also any other touch-tone digits dialed which reflect the user's interaction with an automated information service on the other end of the line, such as an automatic banking system or a voice-mail password. If this bill is enacted, law enforcement would be required to use "technology reasonably available" to limit pen registers to the collection of calling number information only. We are aware that new pen register devices are now on the market which automatically screen out all dialed digits except for the actual telephone numbers. Just as this bill would require telecommunications carriers to deploy technology which facilitates taps, we believe that law enforcement should be required to deploy technology which shields users communications from unauthorized invasion. 4. Bill does not preclude use of encryption Unlike previous Digital Telephony proposals, this bill places no obligation on telecommunication carriers to decipher encrypted messages, unless the carrier actually holds the key to the message as well. 5. Automated remote monitoring precluded Law enforcement is specifically precluded from having automated, remote surveillance capability. Any court-ordered electronic surveillance must be initiated by an employee of the telecommunications carrier, upon request by law enforcement. Maintaining operational separation between law enforcement agents and communication networks is an important privacy safeguard. 6. Privacy considerations essential to development of new technology One of the requirements that telecommunications carriers must meet to be in compliance with the bill is that the wiretap access methods adopted must protect the privacy and security of each user's communication. If this requirement is not met, anyone may petition the FCC to have the wiretap access requirements modified so that network security is maintained. This requirement, just like those designed to serve law enforcement's needs, must be carefully implemented and monitored so that the technology used to conduct wiretaps cannot also jeopardize the security of the network as a whole. If network-wide security problems arise because of wiretapping standards, then the standards should be overturned. F. Improvements over previous Administration proposals In addition to the privacy protections added to this bill, we also note that the surveillance requirements are not as far-reaching as the original FBI version. A number of procedural safeguards are added which seek to minimize the threatens to privacy, security, and innovation. Though the underlying premise of the bill is still cause for concern, these new limitations deserve attention: 1. Narrow Scope The bill explicitly excludes Internet providers, email systems, BBSs, and other online services. Unlike the bills previously proposed by the FBI, this bill is limited to local and long distance telephone companies, cellular and PCS providers, and other common carriers. 2. Open process with public right of intervention The public will have access to information about the implementation of the bill, including open access to all standards adopted in compliance with the bill, the details of how much wiretap capacity the government demands, and a detailed accounting of all federal money paid to carriers for modifications to their networks. Privacy groups, industry interests, and anyone else has a statutory right under this bill to challenge implementation steps taken by law enforcement if they threaten privacy or impede technology advancement. 3. Technical requirements standards developed by industry instead of the Attorney General All surveillance requirements are to be implemented according to standards developed by industry groups. The government is specifically precluded from forcing any particular technical standard, and all requirements are qualified by notions of economic and technical reasonableness. 4. Right to deploy untappable services Unlike the original FBI proposal, this bill recognizes that there may be services which are untappable, even with Herculean effort to accommodate surveillance needs. We understand that the bill intends to allow untappable services to be deployed if redesign is not economically or technically feasible. These provisions, however, should be clarified. G. Conclusion In closing, I would like to thank Chairman Markey and members of the Subcommittee, as well as others who have worked so hard on this legislation. The Electronic Frontier Foundation looks forward to working with all of you as the bill moves through the legislative process. ------------------------------ Date: Thu, 22 Sep 1994 00:27:05 -0400 (EDT) From: "Shabbir J. Safdar" Subject: File 3--Dig Teleph Bill (HR 4922) to be marked up in Sen. Judic. Comm DISTRIBUTE WIDELY (though no later than October 15, 1994) [If you've only got 2 minutes, skip down to the "What You Can Do" section. The place to concentrate grass-roots efforts is now the Senate! The Senate half of this bill is about to be "marked up" in the Judiciary Committee. This is a great time to stop it. Your Senator needs to hear from you!] The FBI's Wiretap bills (also known as the DT - Digital Telephony bills) mandate that *all* communications carriers must provide wiretap-ready equipment so that the FBI can more easily implement their court-ordered wiretaps more easily. The costs of re-engineering all communications equipment will be borne by the government, industry and consumers. The bill is vague and the standards defining "wiretap ready" do not exist. Furthermore, the FBI has yet to make a case which demonstrates that they have been unable to implement a single wiretap. Although we as a society have accepted law enforcement's need to perform wiretaps, it is not reasonable to mandate this functionality as a part of the design. In itself, that would be an important balance. However without any proof that this is indeed a realistic and present problem, it is unacceptable and premature to pass this legislation today. The Voters Telecomm Watch (VTW) does not believe the FBI has made a compelling case to justify that all Americans give up their privacy. Furthermore, the VTW does not believe the case has been made to justify spending 500 million Federal dollars over the next 4 years to re-engineer equipment to compromise privacy, interfere with telecommunications privacy, and fulfill an unproven government need. WHAT YOU CAN DO ======================== You can help stop this legislation before it is too late! Contact your Senators, especially if they're on the Judiciary Committee. Faxes are best, phone calls are second best; email is probably not the greatest method of showing your opposition. Congress just doesn't handle email well yet. Step 1. Figure out which state you're in. :-) Find your two Senators on the lists appended. Step 2. Pick up the phone, or type up your letter. Step 3. Express your opinion. If you're at a loss for words, use our sample communique below: SAMPLE PHONE CALL The FBI's Digital Telephony bill (SB 2375) affects the delicate balance between the public's privacy and law enforcement's need to perform wiretaps. It will require huge unknown amounts of funding, and its need has not yet been justified by the FBI to the public. Please vote against SB 2375. Thank you, ___________________ SAMPLE FAX Dear Honorable Senator _______________, The FBI's Digital Telephony bill (SB 2375) disturbs me greatly. The FBI has not yet made their case to the public that we need to build wiretap functionality into the telephones of 250 million people to justify wiretaps which have not yet been proven to be difficult to implement. Furthermore, no one has yet explained how we as a nation are going to pay for the costs of this bill, which are at least 500 million dollars and likely to be higher. The bill would clearly compromise the privacy of all Americans with no counterbalancing benefit to either law enforcement or the public. The FBI has not yet demonstrated to the public a need for this. I urge you to oppose the Digital Telephony bill (SB 2375). Sincerely, ___________________ Step 4. Feel good about yourself. You've just participated in democracy without leaving your seat. Step 5. [Extra special bonus step for activists :-] Before you hang up, ask your Senator's staff member what their position is on SB 2375. It's not an unreasonable question, they were elected to represent people like you. Mail the answer to vtw@vtw.org. We believe in making legislators accountable for their positions. For more information about the Digital Telephony bills, check the Voters Telecomm Watch gopher site (gopher.panix.com) or contact Steven Cherry, VTW Press Contact at (718) 596-2851 or stc@vtw.org. VTW posts a Digital Telephony FAQ monthly to several Usenet newsgroups including comp.org.cpsr.talk and comp.org.eff.talk. Look for it or contact us at vtw@vtw.org for a copy. List of Senators on the Judiciary Committee: p st name phone fax ======================== D DE Biden Jr., Joseph R. 1-202-224-5042 na Note: Sen. Biden is both the Chairman and a cosponsor of the bill R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331 D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417 R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300 D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519 R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315 D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302 R IA Grassley, Charles E. 1-202-224-3744 na D VT Leahy, Patrick J. 1-202-224-4242 na Note: Sen. Leahy is the bill's sponsor R PA Specter, Arlen 1-202-224-4254 na D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149 R CO Brown, Henry 1-202-224-5941 na D IL Simon, Paul 1-202-224-2152 1-202-224-0868 R ME Cohen, William S. 1-202-224-2523 1-202-224-2693 D WI Kohl, Herbert H. 1-202-224-5653 na R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 D CA Feinstein, Diane 1-202-224-3841 na D IL Moseley-Braun, Carol 1-202-224-2854 na Complete list of Senators: p st name phone fax ======================== R AK Murkowski, Frank H. 1-202-224-6665 1-202-224-5301 R AK Stevens, Ted 1-202-224-3004 1-202-224-1044 D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149 D AL Shelby, Richard C. 1-202-224-5744 1-202-224-3416 D AR Bumpers, Dale 1-202-224-4843 1-202-224-6435 D AR Pryor, David 1-202-224-2353 na D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302 R AZ McCain, John 1-202-224-2235 na D CA Boxer, Barbara 1-202-225-5161 na D CA Feinstein, Diane 1-202-224-3841 na D CO Campbell, Ben N. 1-202-225-4761 1-202-225-0228 R CO Brown, Henry 1-202-224-5941 na D CT Dodd, Christopher J. 1-202-224-2823 na D CT Lieberman, Joseph I. 1-202-224-4041 1-202-224-9750 D DE Biden Jr., Joseph R. 1-202-224-5042 na R DE Roth Jr., William V. 1-202-224-2441 1-202-224-2805 D FL Graham, Robert 1-202-224-3041 na R FL Mack, Connie 1-202-224-5274 1-202-224-8022 D GA Nunn, Samuel 1-202-224-3521 1-202-224-0072 R GA Coverdell, Paul 1-202-224-3643 na D HI Akaka, Daniel K. 1-202-224-6361 1-202-224-2126 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D IA Harkin, Thomas 1-202-224-3254 1-202-224-7431 R IA Grassley, Charles E. 1-202-224-3744 na R ID Craig, Larry E. 1-202-224-2752 1-202-224-2573 R ID Kempthorne, Dirk 1-202-224-6142 1-202-224-5893 D IL Moseley-Braun, Carol 1-202-224-2854 na D IL Simon, Paul 1-202-224-2152 1-202-224-0868 R IN Coats, Daniel R. 1-202-224-5623 1-202-224-8964 R IN Lugar, Richard G. 1-202-224-4814 na R KS Dole, Robert 1-202-224-6521 1-202-224-8952 R KS Kassebaum, Nancy L. 1-202-224-4774 1-202-224-3514 D KY Ford, Wendell H. 1-202-224-4343 na R KY McConnell, Mitch 1-202-224-2541 1-202-224-2499 D LA Breaux, John B. 1-202-224-4623 na D LA Johnston, J. Bennett 1-202-224-5824 na D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417 D MA Kerry, John F. 1-202-224-2742 na D MD Mikulski, Barbara A. 1-202-224-4654 1-202-224-8858 D MD Sarbanes, Paul S. 1-202-224-4524 1-202-224-1651 D ME Mitchell, George J. 1-202-224-5344 na R ME Cohen, William S. 1-202-224-2523 1-202-224-2693 D MI Levin, Carl 1-202-224-6221 na D MI Riegle Jr., Donald 1-202-224-4822 1-202-224-8834 D MN Wellstone, Paul 1-202-224-5641 1-202-224-8438 R MN Durenberger, David 1-202-224-3244 na R MO Bond, Christopher S. 1-202-224-5721 1-202-224-8149 R MO Danforth, John C. 1-202-224-6154 na R MS Cochran, Thad 1-202-224-5054 na R MS Lott, Trent 1-202-224-6253 1-202-224-2262 D MT Baucus, Max 1-202-224-2651 na R MT Burns, Conrad R. 1-202-224-2644 1-202-224-8594 R NC Faircloth, D. M. 1-202-224-3154 1-202-224-7406 R NC Helms, Jesse 1-202-224-6342 na D ND Conrad, Kent 1-202-224-2043 na D ND Dorgan, Byron L. 1-202-225-2611 1-202-225-9436 D NE Exon, J. J. 1-202-224-4224 na D NE Kerrey, Joseph R. 1-202-224-6551 1-202-224-7645 R NH Gregg, Judd 1-202-224-3324 na R NH Smith, Robert 1-202-224-2841 1-202-224-1353 D NJ Bradley, William 1-202-224-3224 1-202-224-8567 D NJ Lautenberg, Frank R. 1-202-224-4744 1-202-224-9707 D NM Bingaman, Jeff 1-202-224-5521 na R NM Domenici, Pete V. 1-202-224-6621 1-202-224-7371 D NV Bryan, Richard H. 1-202-224-6244 na D NV Reid, Harry 1-202-224-3542 1-202-224-7327 D NY Moynihan, Daniel P. 1-202-224-4451 1-202-224-9293 R NY D'Amato, Alfonse M. 1-202-224-6542 1-202-224-5871 D OH Glenn, John 1-202-224-3353 na D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519 D OK Boren, David L. 1-202-224-4721 na R OK Nickles, Donald 1-202-224-5754 1-202-224-6008 R OR Hatfield, Mark O. 1-202-224-3753 na R OR Packwood, Robert 1-202-224-5244 na D PA Wofford, Harris 1-202-224-6324 1-202-224-4161 R PA Specter, Arlen 1-202-224-4254 na D RI Pell, Claiborne 1-202-224-4642 1-202-224-4680 R RI Chafee, John H. 1-202-224-2921 na D SC Hollings, Ernest F. 1-202-224-6121 na R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300 D SD Daschle, Thomas A. 1-202-224-2321 1-202-224-2047 R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 D TN Mathews, Harlan 1-202-224-1036 1-202-228-3679 D TN Sasser, James 1-202-224-3344 na D TX Krueger, Robert 1-202-224-5922 na R TX Gramm, Phil 1-202-224-2934 na R UT Bennett, Robert 1-202-224-5444 na R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331 D VA Robb, Charles S. 1-202-224-4024 1-202-224-8689 R VA Warner, John W. 1-202-224-2023 1-202-224-6295 D VT Leahy, Patrick J. 1-202-224-4242 na R VT Jeffords, James M. 1-202-224-5141 na D WA Murray, Patty 1-202-224-2621 1-202-224-0238 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 D WI Feingold, Russell 1-202-224-5323 na D WI Kohl, Herbert H. 1-202-224-5653 na D WV Byrd, Robert C. 1-202-224-3954 1-202-224-4025 D WV Rockefeller, John D. 1-202-224-6472 1-202-224-1689 R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315 R WY Wallop, Malcolm 1-202-224-6441 1-202-224-3230 ------------------------------ Date: Fri, 16 Sep 1994 18:27 CDT From: Bill Higgins-- Beam Jockey Subject: File 4-- For CUD: Pizza by E-mail in Santa Cruz In Santa Cruz, a Pizza Hut will now accept pizza delivery orders by e-mail. Wow. After a much-forwarded press release landed in my mailbox, I phoned one of the numbers to see if it was a hoax (well, if it is, at least they have the phones covered convincingly), then fired up Mosaic to look at the WWW page. I append some excerpts from the press release and an account of the project snagged (with permission) from one of the PizzaNet Web pages. History has been made. Ordering pizza from your computer. It's the fulfillment of a hacker dream at least as old as computer networking. (Is this indeed the first time such a service has been available?) Bill Higgins Internet: HIGGINS@FNAL.FNAL.GOV Fermi National Accelerator Laboratory Bitnet: HIGGINS@FNAL.BITNET ========= FOR IMMEDIATE RELEASE CONTACT: Rob Doughty Elisheva Steiner Pizza Hut, Inc. The Santa Cruz Operation, Inc. TEL: 316/681-9602 TEL: 408/427-7252 SCO AND PIZZA HUT ANNOUNCE PILOT PROGRAM FOR PIZZA DELIVERY ON THE INTERNET "PizzaNet'' Program Enables Computer Users to Electronically Order Deliveries WICHITA, KS AND SANTA CRUZ, CA, SCO FORUM94 (August 22, 1994) -- (NASDAQ:SCOC) In a revolutionary spin on business use of the Information Superhighway, The Santa Cruz Operation, Inc. (SCO) and Pizza Hut, Inc. today announced "PizzaNet," a pilot program that enables computer users, for the first time, to electronically order pizza delivery from their local Pizza Hut restaurant via the worldwide Internet. Pizza Hut will launch the PizzaNet pilot in the Santa Cruz area on August 22 and use it to study the feasibility of expanding the program to other cities in the U.S. and around the world. Technology for the pilot program includes the SCO Global Access product, an integrated Internet business server solution. The SCO Global Access incorporates advanced NCSA Mosaic software for browsing the Internet, and the custom "PizzaNet" application software developed by SCO's Professional Services organization. [...] To participate in the PizzaNet Pilot, customers in the Santa Cruz area need computers with Internet access and any version of Mosaic, such as Windows, Mac, or UNIX. Customers use the Internet's World Wide Web to access the centralized PizzaNet server at Pizza Hut Headquarters in Wichita, Kansas. This 486 system runs SCO Open Server and SCO Global Access software, using the Mosaic and Hypertext Transfer Protocol to present customers with a customized menu page for ordering pizza deliveries. Mosaic is widely used at many technology companies, government agencies, and universities. It is rapidly being adopted by many business and home users in response to the continuing availability of new and innovative business and information services. The customer uses the menu pages to enter name, address, and phone information, along with orders for pizza and beverages. The order is then transmitted via the Internet back to Wichita, and then relayed via modem and conventional phone lines to the SCO Open Server system at the customer's nearest Pizza Hut restaurant. The local restaurant can then telephone first-time users to verify orders. All money changes hand at the point of delivery. [...] Santa Cruz Internet users can access PizzaNet by entering http://www.pizzahut.com. To obtain more information on SCO via the Internet, enter http://www.sco.com. [End of press release. Text of WWW page with URL http://www.pizzahut.com/team.html begins:] The PizzaNet Team PizzaNet is the brainchild of two cooperating companies: Pizza Hut Inc. (PHI), and The Santa Cruz Operation (SCO). In particular, it was conceived by Jon Payne (PHI), and Doug Michels (SCO) while in a meeting discussing potential uses for the ``Information Super-Highway.'' The idea sort of stewed for a while, until Jon contacted SCO Professional Services, to see if he could get some help implementing this idea. From there, Phil Neuman (SCO's webmaster) and Steph Marr (SCO chief consultant on the project) sat down to figure out if this scheme the bosses had cooked up was really do-able. Apparently, they decided it was. Jon provided some initial screen layouts, while Phil and Steph tried to figure a transaction flow that could be dealt with in HTML forms. Kurt Schmidt (PHI) was trying to figure out a way to interface into the existing SCO-based branch automation system used in Pizza Hut stores. Kurt made this as painless as possible by tying into an existing interface used by Pizza Hut Customer Service Centers. With the initial forms done, Steph left Santa Cruz (phil was replacing SCO's Web Server with a new system at the time), and went to Wichita to work on integration with Kurt and PHOEBE (the Pizza Hut Order Entry Back End) and to help get the 56Kbps Alternet link to the Internet up and running. After a few false starts, a few hundred cups of coffee, and only a couple of weeks, the link was made, and the first pizza was ordered and delivered (to Phil in Santa Cruz) on Friday, 12 August, 1994. The system is now in pilot test within Santa Cruz; given that it is successful there, it will become available for use throughout Cyberspace where ever Pizza Hut stores are within delivery distance. Pizza in Cyberspace. Well, if you're going to have food here, it might as well be Pizza. Sorry, there's no beer. :-) PizzaNet Services / Pizza Hut Inc. / webmaster@PizzaHut.COM ------------------------------ Date: Fri, 16 Sep 1994 14:06:07 EST From: Marc Rotenberg Subject: File 5--One Hundred Reasons to Oppose the FBI Wiretap Bill (CPSR) ((CuD MODERATORS' NOTE: CPSR is compiling a list of reasons to oppose the FBI Wiretap Bill (HR 4922). CuD will reprint them periodically, and we produce the first three here. HR 4922 is opposed by a broad spectrum of organizations and citizens, because it greatly expands the FBI's ability to intercept electronic communications. The complete text of HR 4922 was reprinted in CuD 6.73). 100 Reasons to Oppose the FBI Wiretap Bill REASON 2: The Constitution protects the right of privacy, not the use of wiretap. Privacy is a Constitutional right. The Fourth Amendment protects privacy and the right of individuals to be free from unreasonable search and seizure. Wiretapping is permitted by federal statute only in narrow circumstances. It has no Constitutional basis. Congress could outlaw all wiretapping tomorrow if it chose to do so, but it could not easily repeal the Fourth Amendment. REASON 21: The wiretap bill mandates new technologies for data surveillance The wiretap bill says that "a telecommunications carrier shall ensure that it can enable government access to call-identifying information." This is the first time the U.S. government has required by law that communications networks be designed to facilitate electronic data surveillance. Telecommunications firms, equipment manufacturers, and those who work in the hi-tech industry face a legal obligation to design networks for electronic monitoring. REASON 60: The bill contains no provisions to protect the confidentiality of telephone toll records. Tens of thousands of telephone toll records are obtained each year by subpoena. This process which allows the government to gather private records from the telephone companies by simply signing a statement effectively endruns the Fourth Amendment premise that a judge must first decide if the search is reasonable. Experts on wiretap law believe that stronger protections for telephone toll records should be a top priority if the federal wiretap law is to be amended. This issue is no where addressed in the legislation now pending in Congress. ================== What To Do: Fax Rep. Jack Brooks (202-225-1584). Express your concerns about the FBI Wiretap proposal. ============================ ((100 Reasons is a project of the Electronic Privacy Information Center (EPIC) in Washington, DC. For more information: 100.Reasons@epic.org)) ------------------------------ Date: Thu, 13 Aug 1994 22:51:01 CDT From: CuD Moderators Subject: File 6--Cu Digest Header Information (unchanged) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 In BELGIUM: Virtual Access BBS: +32.69.45.51.77 (ringdown) UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #6.83 ************************************