Computer underground Digest Wed Oct 2, 1996 Volume 8 : Issue 70 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.70 (Wed, Oct 2, 1996) File 1--Mitnick Pleads Innocent File 2--ELEMENTS OF THE NEW CRYPTO PROPOSAL File 3--White House crypto proposal -- too little, too late File 4--White House Statement on Return of Clipper File 5--Press Release in re Cleveland Crypto Challenge File 6--Newsnybble: GPS privacy threat File 7--Corrected URL for Crypt Newsletter Awards File 8--Cu Digest Header Info (unchanged since 7 Apr, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Wed, 2 Oct 1996 06:55:18 -0400 (EDT) From: Noah Subject: File 1--Mitnick Pleads Innocent From -Noah ---------- Forwarded message ---------- Date--Tue, 1 Oct 1996 15:20:37 -0400 (EDT) From--Anthony Williams Computer hacker Mitnick pleads innocent September 30, 1996 Web posted at: 11:45 p.m. EDT LOS ANGELES (AP) -- The notorious computer hacker Kevin Mitnick pleaded innocent Monday to charges he mounted a multimillion-dollar crime wave in cyberspace during 2 1/2 years as a fugitive. Mitnick, 33, held without bail on a fraud conviction, told the judge not to bother reading the indictment, which includes 25 new counts of computer and wire fraud, possessing unlawful access devices, damaging computers and intercepting electronic messages. "Not guilty," Mitnick said. His indictment, handed up Friday by a federal grand jury, follows an investigation by a national task force of FBI, NASA and federal prosecutors with high-tech expertise. It charges Mitnick with using stolen computer passwords, damaging University of Southern California computers and stealing software valued at millions of dollars from technology companies, including Novell, Motorola, Nokia, Fujitsu and NEC. ........... Mitnick pleaded guilty in April to a North Carolina fraud charge of using 15 stolen phone numbers to dial into computer databases. Prosecutors then dropped 22 other fraud charges but warned that new charges could follow. Mitnick also admitted violating probation for a 1988 conviction in Los Angeles where he served a year in jail for breaking into computers at Digital Equipment Corp. At 16, he served six months in a youth center for stealing computer manuals from a Pacific Bell switching center. Mitnick also got a new lawyer Monday, Donald C. Randolph, who represented Charles Keating Jr.'s top aide, Judy J. Wischer, in the Lincoln Savings swindle. ------------------------------ Date: Tue, 1 Oct 1996 02:02:48 -0400 (EDT) From: Voters Telecommunications Watch Subject: File 2--ELEMENTS OF THE NEW CRYPTO PROPOSAL VTW BillWatch #60 VTW BillWatch: A newsletter tracking US Federal legislation affecting civil liberties. BillWatch is published about every week as long as Congress is in session. (Congress is in session) BillWatch is produced and published by the Voters Telecommunications Watch (vtw@vtw.org) Issue #60, Date: Tue Oct 1 01:59:19 EDT 1996 Do not remove this banner. See distribution instructions at the end. ---------------------------------------------- ELEMENTS OF THE NEW CRYPTO PROPOSAL Strap yourself in, friends. The White House is at it again. On Thursday October 3, the White House will unveil it's long-dreaded encryption proposal. The cause of some significant consternation among Administration staffers, the proposal has been so long in coming that Justice officials attending hearings last week on H.R. 3011 were visibly annoyed at being left to twist in the wind. Leaks abound right before a big announcement like this, but this time everyone with a copy of the proposal has kept mum these last few days. However the press has caught bits and pieces of it which we've collected for you here. If you're an absolute crypto-media-hound, this may not be news to you. MOVE OF EXPORT APPROVALS FROM STATE TO COMMERCE, FBI VETO POWER For years, companies have attempted to get their encryption products through an easier, more lenient export process in the Department of Commerce, instead of State. Approval in Commerce goes quickly, and the hurdles are less formidable. Clearly, this should be a good thing. However the deal that's been floating around for several weeks now is that this move will not be this easy. The Department of Justice, (or as Brock Meeks translates, the FBI) wants a seat at the table. In effect, they want veto power over export applications. The assumption is that they feel they can influence the domestic encryption market to integrate Clipper-style key escrow technology by simply refusing the export of any strong encryption products that might have previously been approved in State. This is bad news for companies that have no customer base demanding government-friendly key escrow products. KEY LENGTH RAISED TO 56 OR 64 BITS PROVIDED IT USES KEY ESCROW This aspect of the proposal looks like old news, and to a certain extent, it is. The Clipper II proposal suggested that the industry build hooks into their products so that third parties could hold your keys for you. Of course, that third party cannot be yourself, or anyone you would think of when you think of entities you trust. Thursday's proposal is likely to look a lot like Clipper II, and it will likely cite the new IBM offering, SuperCrypto, as an example of products that employ key escrow to allow export of products that use higher length keys. What isn't certain is the extent to which key lengths will be raised. There have been several conflicting rumors, some of them claiming 56 bits, others claiming 64 bits. More important than the question of key length will be the determination of which companies are allowed to hold their own keys. This author predicts that the only entities that will be allowed to hold keys will be: a gov't agency (such as NIST), the maker of the encryption product itself, or large companies that have the significant resources to run a key recovery center. In all cases, the key recovery centers will still need to be seperate entities that will dole out keys to law enforcement without the knowledge of the key's owner. In other words, you as an individual or small business are still out of luck. PROBABLY NOT IN PLAN: KEY LENGTH RAISED TO 56 BITS WITHOUT KEY ESCROW It has long been rumored that the avalanche of proof provided by the industry experts would eventually force the Administration to raise the key length for which unescrowed encryption products could be exported. Currently, this limit is 40 bits, but several rumors floated and died within the last few weeks suggesting that the Administration would be raising the key length. It now looks like those were indeed just rumors. SUMMARY Most of these measures, if not all of them, can be implemented administratively removing the need for Congress to get involved. However Congress has already staked out its turf on this issue, and isn't likely to cede that any time soon. Keep an eye out for the reactions from sponsors of S.1726 (Pro-CODE) and HR 3011 on the feasibility White House proposal. ------------------------------ Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT) From: Declan McCullagh Subject: File 3--White House crypto proposal -- too little, too late I just got back from the White House, where Gore's office held a roundtable plugging the administration's long-awaited and already widely-derided Return of Clipper proposal. Gore announced that jurisdiction over crypto exports would move to the Commerce Dept; that the export embargo on 56-bit DES would be lifted in part for two years only; that to be approved for export firms must submit a detailed proposal describing how they will move towards key escrow; that the new regulations would go into effect on January 1. The true problem with this plan is that 56-bit DES is woefully inadequate. But much of the media coverage I've read of the plan doesn't even mention that. Take Elizabeth Corcoran's article, which ran above the fold on the front page in today's Washington Post. (It's what almost certainly prompted Gore's office to move the announcement to today rather than hold it later this week.) The thrust of the article is that the administration's new proposal balances the needs of privacy, business, and law enforcement. But it doesn't. The Feds, foreign governments, and determined attackers can crack anything encrypted with 56-bit DES -- the strongest crypto that can be exported under the plan. This vital fact appears nowhere in the Post article. That's why Bruce Schneier, author of Applied Cryptography, recommends against using DES in favor of a more secure algorithm. According to Schneier: "A brute-force DES-cracking machine [designed by Michael Wiener] that can find a key in an average of 3.5 hours cost only $1 million in 1993." More recently, in January 1996 an ad hoc group of renowned cryptographers including Matt Blaze, Whitfield Diffie, Ronald Rivest and Schneier, released a report going even further. They said: "To provide adequate protection against the most serious threats - well-funded commercial enterprises or government intelligence agencies - keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years in the face of expected advances in computing power, keys in newly-deployed systems should be at least 90 bits long." What's even more disturbing is what the administration might do next. After the roundtable broke up, I chatted with Michael Vadis, one of the assistant deputy attorneys general who oversees national security issues. He said an international consensus is forming that terrorists can use crypto; therefore crypto must be controlled. The U.S. is certainly pushing this line at the OECD talks. "But it just takes one country to decide to export strong crypto," I said. "You're missing something," said Vadis. "What?" I asked. "Unless you're talking about import restrictions." "Exactly," he said. -Declan ******* Some background: Linkname: Brock Meeks on White House plan -- 6 Sep 96 Filename: http://www.muckraker.com/muckraker/96/36/index4a.html ******** http://www.washingtonpost.com/wp-srv/WPlate/1996-10/01/041L-100196-idx.html U.S. TO EASE ENCRYPTION RESTRICTIONS Privacy Advocates Wary of Proposal For Software Exports By Elizabeth Corcoran Washington Post Staff Writer Tuesday, October 1 1996; Page A01 The Washington Post The Clinton administration is cutting off an emotional four-year-old debate with the computer industry over the export of information-scrambling technology with a plan that it says will help U.S. companies boost sales overseas and still allow law enforcement agencies to unscramble messages, officials said yesterday. President Clinton has decided to sign an executive order that changes the rules restricting the overseas sale of the technology, the officials said. Although the full details of the plan had yet to be revealed, privacy advocates and some industry executives contended that it would be difficult to put into practice. Under current rules, companies can sell only relatively easy-to-crack scrambling technology. Under the plan, they would get permission to export somewhat more sophisticated versions of the software and hardware, which prevents eavesdroppers from looking at information. The issue has caused enormous friction between the government and computer industry and privacy groups, which contend that keeping any restrictions in place will harm the protection of personal information everywhere and slow the development of on-line commerce, which relies on keeping credit card numbers and other sensitive information secure. The administration counters that it has come a long way in meeting such objections. However, last night some companies and privacy advocates were still worried that the constraints will leave U.S. companies at a disadvantage abroad and will not ensure that individuals will be able to protect their communications. The government's plan preserves what has been its unnegotiable cornerstone since the debate began in the early day of the Clinton administration -- that law enforcement officials must have the means for peeking at encrypted information when they are properly equipped with court authorization. Earlier versions of the plan tightly limited what kinds of technology could be sold abroad. They also called for makers of encryption technology to deposit "keys" with approved third parties so that law enforcement authorities could decode material. The new plan doesn't specify who would have the keys. Last night, several companies, led by International Business Machines Corp., said they have a technical plan that they believe could comply with the new rules on keys. [...] Industry officials say they ultimately want to be able to use the most sophisticated encryption technology available. "It's really critical to doing business around the world," said an IBM source. "But governments exist. It's a balancing act . . . to satisfy the needs of the governments and make sure that markets and individuals trust the integrity of what's being sent over the networks." ------------------------------ Date: Tue, 1 Oct 1996 20:23:46 -0700 (PDT) From: Declan McCullagh Subject: File 4--White House Statement on Return of Clipper [Also at http://www.epic.org/crypto/key_escrow/clipper4_statement.html -Declan] THE WHITE HOUSE Office of the Vice President FOR IMMEDIATE RELEASE CONTACT: 456-7035 TUESDAY, October 1, 1996 STATEMENT OF THE VICE PRESIDENT President Clinton and I are committed to promoting the growth of electronic commerce and robust, secure communications worldwide while protecting the public safety and national security. To that end, this Administration is consulting with Congress, the information technology industry, state and local law enforcement officials, and foreign governments on a major initiative to liberalize export controls for commercial encryption products. The Administration's initiative will make it easier for Americans to use stronger encryption products -- whether at home or abroad -- to protect their privacy, intellectual property and other valuable information. It will support the growth of electronic commerce, increase the security of the global information, and sustain the economic competitiveness of U.S. encryption product manufacturers during the transition to a key management infrastructure. Under this initiative, the export of 56-bit key length encryption products will be permitted under a general license after one-time review, and contingent upon industry commitments to build and market future products that support key recovery. This policy will apply to hardware and software products. The relaxation of controls will last up to two years. The Administration's initiative recognizes that an industry-led technology strategy will expedite market acceptance of key recovery, and that the ultimate solution must be market-driven. Exporters of 56-bit DES or equivalent encryption products would make commitments to develop and sell products that support the key recovery system that I announced in July. That vision presumes that a trusted party (in some cases internal to the user's organization) would recover the user's confidentiality key for the user or for law enforcement officials acting under proper authority. Access to keys would be provided in accordance with destination country policies and bilateral understandings. No key length limits or algorithm restrictions will apply to exported key recovery products. Domestic use of key recovery will be voluntary, and any American will remain free to use any encryption system domestically. The temporary relaxation of controls is one part of a broader encryption policy initiative designed to promote electronic information security and public safety. For export control purposes, commercial encryption products will no longer be treated as munitions. After consultation with Congress, jurisdiction for commercial encryption controls will be transferred from the State Department to the Commerce Department. The Administration also will seek legislation to facilitate commercial key recovery, including providing penalties for improper release of keys, and protecting key recovery agents against liability when they properly release a key. As I announced in July, the Administration will continue to expand the purchase of key recovery products for U.S. government use, promote key recovery arrangements in bilateral and multilateral discussions, develop federal cryptographic and key recovery standards, and stimulate the development of innovative key recovery products and services. Under the relaxation, six-month general export licenses will be issued after one-time review, contingent on commitments from exporters to explicit benchmarks and milestones for developing and incorporating key recovery features into their products and services, and for building the supporting infrastructure internationally. Initial approval will be contingent on firms providing a plan for implementing key recovery. The plan will explain in detail the steps the applicant will take to develop, produce, distribute, and/or market encryption products with key recovery features. The specific commitments will depend on the applicant's line of business. The government will renew the licenses for additional six-month periods if milestones are met. Two years from now, the export of 56-bit products that do not support key recovery will no longer be permitted. Currently exportable 40-bit mass market software products will continue to be exportable. We will continue to support financial institutions in their efforts to assure the recovery of encrypted financial information. Longer key lengths will continue to be approved for products dedicated to the support of financial applications. The Administration will use a formal mechanism to provide industry, users, state and local law enforcement, and other private sector representatives with the opportunity to advise on the future of key recovery. Topics will include: evaluating the developing global key recovery architecture assessing lessons-learned from key recovery implementation advising on technical confidence issues vis-a-vis access to and release of keys addressing interoperability and standards issues identifying other technical, policy, and program issues for governmental action. The Administration's initiative is broadly consistent with the recent recommendations of the National Research Council. It also addresses many of the objectives of pending Congressional legislation. ------------------------------ Date: Mon, 30 Sep 1996 19:22:52 -0400 From: "Peter D. Junger" Subject: File 5--Press Release in re Cleveland Crypto Challenge Press Release Plaintiff Seeks Summary Judgment in Cleveland Case Challenging Licensing of ``Exports'' of Cryptographic Information Government Argues That Law Professor Cannot Challenge Regulation Requiring Him to Get Permission Before Teaching and Publishing Because He Did Not Apply for That Permission Oral Argument in Junger v. Christopher Set for Wednesday, November 20 Cleveland, Ohio, Tuesday, October 1, 1996 For Immediate Release For More Information Contact: Raymond Vasvari (216) 522-1925 Gino Scarselli (216) 291-8601 Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/ Cleveland, Ohio, Oct. 1 -- Lawyers for Professor Peter D. Junger today filed a brief and a motion for summary judgment in Junger v. Christopher, the case challenging the licensing of the communication of ``cryptograhic software'' that is pending before Judge Donald C. Nugent in the Federal District Court here. Junger seeks an injunction against the enforcement of provisions of the International Traffic in Arms Regulations that require him to get the permission of the State Department's Office of Defense Trade Controls (the "ODTC") before he can communicate information about cryptographic software to foreign persons, ``whether in the United States or abroad.'' The penalty for failing to get such permission before disclosing the information can be as great as a fine of one million dollars and imprisonment for ten years. These provisions effectively prevent Junger from admitting foreign students to the course that he teaches about Computers and the Law at Case Western Reserve Law School in Cleveland, Ohio, and keep him from publishing his course materials and articles containing cryptographic software, or explaining what it does, how and where to get it, and how to use it. The challenged licensing scheme threatens the long-run viability of the United States software industry and, according to a blue-ribbon panel of the National Research Council, already costs that industry at least ``a few hundred million dollars per year ..., and all indications are that this figure will only grow in the future.'' The regulations have been extensively criticized by industry and bills to repeal or limit them are now pending in Congress. Junger's legal challenge is not based, however, on the economic damage that the ITAR's cryptographic licensing scheme imposes on the software industry and the nation's economy, but rather on the unconstitutional restraints that it imposes on anyone who wants to speak or write publically about any computer program that has, in the words of the ITAR, the ``capability of maintaining secrecy or confidentiality of information or information systems.'' Junger does not challenge the constitutionality of requiring one to get a license before exporting a physical cryptographic device: ``It isn't unconstitutional for the Office of Defense Trade Controls to damage the computer industry and our economy by requiring export licenses for cryptographic hardware, but information about cryptographic software is, as the National Research Council has pointed out, `pure knowledge that can be transported over national borders inside the heads of people or via letter.' Requiring the permission of the government before one can communicate knowledge is unconstitutional. Such a prior restraint is, in fact, the paradigmatic example of a violation of the First Amendment.'' THE GOVERNMENT ARGUES THAT PLAINTIFF MUST APPLY FOR PERMISSION TO SPEAK BEFORE HE CAN CHALLENGE THE REQUIREMENT THAT HE APPLY FOR SUCH PERMISSION In motions and briefs submitted August 21st, the government has asked the court to dismiss the lawsuit, or in the alternative, to grant the government judgment prior to trial. The government makes the initial argument that Junger lacks standing to claim that the provisions of the ITAR requiring him to get a formal license or other permission from the ODTC before he publically communicates information about cryptographic software, including the contents of the software itself, are unconstitutional. And it also argues that that claim is neither ``ripe'' nor ``colorable'', because Junger has not applied to the ODTC for such permission. Junger takes the position that as a law teacher who venerates the First Amendment it would be as improper for him to request the federal censors for permission to speak and publish as it would be for him openly violate the law. As he puts it: ``My duty is to challenge these unconstitutional regulations, not to give in to them nor to violate them in an act of civil disobedience.'' His lawyers point out in their briefs that few propositions of constitutional law are better established than the rule that a plaintiff does not have to submit to an unconstitutional restraint on speech and on the press before challenging it in court. ``Those arguments by the government are rather strange,'' says Gino J. Scarselli, one of Junger's lawyers, ``they seem to be based on their argument that cryptographic software is actually hardware because it is functional.'' And then he adds, ``Of course, that argument is also rather strange.'' THE GOVERNMENT ARGUES THAT SOME OF THE MATERIAL AT ISSUE IS EXEMPT UNDER THE ITAR The government also contends that some of the information at issue may be exempt from the ITAR's licensing requirements as technical data that is in the ``public domain'' because it is available to the public through ``fundamental research in science and engineering'' or through ``sales at newsstands and bookstores.'' ``That hardly is a defense,'' says Scarselli, ``since it is quite clear that the government will not concede that all of the information that Professor Junger wants to be able publish and discuss is in the public domain. And to make matters worse, the only way that Professor Junger can actually find out whether the government will treat particular information as being exempt from the formal licensing requirements is to apply to the ODTC for it calls a Commodity Jurisdiction Determination, which in reality is just another form of license.'' ``It is not as if I am engaged in fundamental research in science and engineering.'' Junger adds. ``What I want to publish and discuss has to do with the political and legal issues that are raised by computer technology, including, of course, cryptography. ``For just one example, since lawyers have a legal and ethical duty to protect the confidences of their clients, I am convinced that lawyers who use electronic mail or other computer technologies to communicate with their clients, or to store information supplied by their clients, are in some circumstances ethically, and perhaps even legally, required to use cryptography to maintain the confidentiality of that information. And yet I cannot publically explain to law students and lawyers--and lawyers cannot publically explain to their clients--how to obtain and use effective cryptographic software without first getting the government's permission to disclose that information. And, of course, if the cryptographic software really is effective, then there is little or no chance that the government will permit its disclosure.'' THE GOVERNMENT ARGUES THAT CRYPTOGRAPHIC SOFTWARE IS NOT PROTECTED BY THE FIRST AMENDMENT BECAUSE IT IS FUNCTIONAL There is no law in the United States that forbids or regulates the use of cryptography. Yet the government argues that the information in texts containing cryptographic software, including recipes for creating such software, can be used in a computer to preserve secrecy and confidentiality, and concludes that cryptographic software is ``conduct'' and ``functional'' and is thus not a text that is constitutionally protected as speech. Junger's lawyers, on the other hand, say that his claims do not relate to the conduct of running a cryptographic program on a computer--conduct that is not regulated by the ITAR, after all--and that he only challenges the restraints that the ITAR impose on the communication of information about how to carry on such legal conduct. ``Expressive conduct is exactly what is protected by the First Amendment,'' says Raymond Vasvari, another of Junger's lawyers. ``And if that expression were not functional, if it were not effective, there would be no need to protect it. The government's argument turns two hundred years of First Amendment jurisprudence on its head.'' ``The government's arguments about software being conduct and functional are striking examples of the sort of confusion that pervades the whole area of Computers and the Law,'' Junger says. ``Trying to clear up such confusion is my major goal in my course in Computers and the Law. In fact, when I started teaching that course in 1993, I wrote some cryptographic software to assist my students in grasping the distinction between software as a text that can be communicated, and that is protected by copyright law and the First Amendment, and software as a process that runs in a computer's central processor that can be protected by patents, but not by copyrights. If it weren't so frustrating, it would almost be funny that I cannot publish that software because of the prior restraints imposed by the defendants' interpretation of the ITAR, even though it is perfectly legal for me, or for any one else, including `foreign persons,' to actually run such software on a computer. The government's confusion is so extensive that an agent of the ODTC has actually told me that software, cryptographic software, is actually hardware.'' ``It is quite clear to me,'' Junger adds, ``that the State Department and the National Security Agency and other elements in the executive branch of the government are attempting to restrain the communication of information about cryptographic software not only abroad, but also within the United States, because they do not want us actually to be able to use cryptography to preserve the privacy of our thoughts and our communications. It is as if the government required one to get a license before explaining how to make or use an envelope, even though it did not forbid the use of envelopes themselves. After all, all that cryptographic software is is a way of making electronic envelopes.'' ORAL ARGUMENT SCHEDULED Junger v. Christopher has been placed on a fast track by Judge Nugent. On September 5 he established a briefing schedule: the plaintiff's brief was due and was filed today and the government's response is due on Friday, October 18. Oral argument is scheduled for Wednesday, November 20. Judge Nugent's decision is expected before the first of the year. BACKGROUND ON THE LITIGATION Litigation is expensive. Professor Junger and his volunteer lawyers were only able to bring the suit because of a generous gift by an anonymous donor of $5,000 that was used to create the ITAR Legal Attack Fund. Additional donations by Professor Junger and others have increased that fund to more than seven thousand dollars. Scarselli and Vasvari are lawyers in private practice in Cleveland who have dedicated much of their professional lives to the protection of First Amendment freedoms. The third lawyer on the team is Kevin O'Neill, a law professor at Cleveland State University and the former legal director of the Ohio Chapter of the American Civil Liberties Union. --30-- -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu ------------------------------ Date: Tue, 1 Oct 1996 13:04:42 -0700 (PDT) From: Stanton McCandlish Subject: File 6--Newsnybble: GPS privacy threat Excerpt from Innovation (business-oriented version of Edupage): MORE USES FOR GPS TECHNOLOGY Global positioning satellite technology is finding its way into new products that are smarter and more functional than their previous "dumb" counterparts, says the founder of Sirf Technology, which designs tiny GPS chipsets that can go almost anywhere. For instance, by teaming up low-cost GPS with a wireless link, "you could have a watch with a personal tracking system. And because GPS satellites have atomic clocks, these would be very accurate watches. Also you would never have to set it for time zones, because it automatically knows where you are. A GPS device could be provided to visitors at theme parks... to guide them through the park and include information about the rides. And there's no reason why a portable computer can't become a locating device. You could just add the GPS capability as a PCMCIA card or include it on the motherboard. Then you could location-lock your PC. If it's moved from a certain location, it will not work." (Interview with Kanwar Chadha, Investor's Business Daily 26 Sep 96 A8) [The privacy risks here should be immediately apparent, esp. given the FBI's recent attempt to turn all cell phones into surveillance devices.] ------------------------------ Date: 02 Oct 96 15:40:58 EDT From: "George C. Smith" <76711.2631@CompuServe.COM> Subject: File 7--Corrected URL for Crypt Newsletter Awards ((MODERATORS' NOTE: In the last issue, the URL for information on Crypt's "virus hype" contest. Here is the updated announcement with the corrected URL)) ============================================================== Crypt Newsletter and Computer Virus Myths guru Rob Rosenberger have put their heads together to comb the media for computer virus stories that have contributed the most to computer virus misinformation and confusion in 1996. Once they've been compiled, we'll put them on display along with analyses of their impact and faults and throw the nominees open to Netizens for their votes on which are the best, or worst, depending on your point of view. Rob has puckishly named the contest the 1996 John McAfee Awards after the 1992 watershed event of Michelangelo hype that catapulted the anti-virus software developer to fame and fortune -- his former company to a dominant position in the anti-virus industry. But we want this to be an exercise in extending computer literacy and to that end we intend to give away some prizes -- namely books! Here's where you -- authors, publishers, the pure of heart and philanthropic -- come in. Contribute one book on computer security, computer viruses or reality and culture in cyberspace and we'll be forever in your debt. You'll get publicity when we mention your philanthropy and book during the nominations, voting and awards ceremony. Plus you'll have the satisfaction of knowing your book is going to be placed directly into the hands of someone in the media who needs it the most! To contribute a book, contact me or Rob Rosenberger. George Smith: crypt@sun.soci.niu.edu Rob Rosenberger: us@kumite.com In late October we'll publicize the nominees and the prizes so the voting can begin. Watch this space for further details. Computer Virus Myths http://www.kumite.com/myths Crypt Newsletter http://www.soci.niu.edu/~crypt Postscript: Already in the prize pot are "Bandits on the Information Superhighway" by Dan Barrett, "Masters of Deception: The Gang That Ruled Cyberspace" by Michelle Slatalla & Joshua Quittner and "The NCSA Guide to PC and LAN Security" by Stephen Cobb. Profuse thanks to the parties involved. ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 8--Cu Digest Header Info (unchanged since 7 Apr, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.70 ************************************